CVE-2024-47740

In the Linux kernel, the following vulnerability has been resolved:

f2fs: Require FMODE_WRITE for atomic write ioctls

The F2FS ioctls for starting and committing atomic writes check for inodeownerorcapable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inodeownerorcapable() immediately returns true.

There are scenarios where LSMs want to deny a process the ability to write particular files, even files that the FSUID of the process owns; but this can currently partially be bypassed using atomic write ioctls in two ways:

• F2FSIOCSTARTATOMICREPLACE + F2FSIOCCOMMITATOMICWRITE can truncate an inode to size 0
• F2FSIOCSTARTATOMICWRITE + F2FSIOCABORTATOMICWRITE can revert changes another process concurrently made to a file

Fix it by requiring FMODEWRITE for these operations, just like for F2FSIOCMOVERANGE. Since any legitimate caller should only be using these ioctls when intending to write into the file, that seems unlikely to break anything.