// CVE-2021-4155 - kernel: xfs: raw block device data leak in ioctl(XFS_IOC_ALLOCSP // Approach: intercept the xfs_alloc_file_space function. Replace // the 0 unsafe alloc_type parameter. probe module("xfs").function("xfs_alloc_file_space") { if ($alloc_type == 0) $alloc_type = 0x8; # XFS_BMAPI_PREALLOC }