CVE-2023-54124
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to drop all dirty pages during umount() if cp_error is set
xfstest generic/361 reports a bug as below:
f2fs_bug_on(sbi, sbi->fsync_node_num);
kernel BUG at fs/f2fs/super.c:1627! RIP: 0010:f2fs_put_super+0x3a8/0x3b0 Call Trace: generic_shutdown_super+0x8c/0x1b0 kill_block_super+0x2b/0x60 kill_f2fs_super+0x87/0x110 deactivate_locked_super+0x39/0x80 deactivate_super+0x46/0x50 cleanup_mnt+0x109/0x170 __cleanup_mnt+0x16/0x20 task_work_run+0x65/0xa0 exit_to_user_mode_prepare+0x175/0x190 syscall_exit_to_user_mode+0x25/0x50 do_syscall_64+0x4c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc
During umount(), if cp_error is set, f2fs_wait_on_all_pages() should not stop waiting all F2FS_WB_CP_DATA pages to be writebacked, otherwise, fsync_node_num can be non-zero after f2fs_wait_on_all_pages() causing this bug.
In this case, to avoid deadloop in f2fs_wait_on_all_pages(), it needs to drop all dirty pages rather than redirtying them.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | af697c0f5c5b8798832e651baf23460d588393de < 92575f05a32dafb16348bfa5e62478118a9be069 | affected |
| Linux | Linux | af697c0f5c5b8798832e651baf23460d588393de < 4ceedc2f8bdffb82e40b7d1bb912304f8e157cb1 | affected |
| Linux | Linux | af697c0f5c5b8798832e651baf23460d588393de < ad87bd313f70b51e48019d5ce2d02d73152356b3 | affected |
| Linux | Linux | af697c0f5c5b8798832e651baf23460d588393de < d8f4ad5f3979dbd8e6251259562f12472717883a | affected |
| Linux | Linux | af697c0f5c5b8798832e651baf23460d588393de < 7741ddc882a0c806a6508ba8203c55a779db7a21 | affected |
| Linux | Linux | af697c0f5c5b8798832e651baf23460d588393de < 82c3d6e9db41cbd3af1d4f90bdb441740b5fad10 | affected |
| Linux | Linux | af697c0f5c5b8798832e651baf23460d588393de < c9b3649a934d131151111354bcbb638076f03a30 | affected |
| Linux | Linux | 4.19 | affected |
| Linux | Linux | 0 < 4.19 | unaffected |
| Linux | Linux | 4.19.284 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.244 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.181 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.113 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.30 <= 6.1.* | unaffected |
| Linux | Linux | 6.3.4 <= 6.3.* | unaffected |
| Linux | Linux | 6.4 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/92575f05a32dafb16348bfa5e62478118a9be069
- https://git.kernel.org/stable/c/4ceedc2f8bdffb82e40b7d1bb912304f8e157cb1
- https://git.kernel.org/stable/c/ad87bd313f70b51e48019d5ce2d02d73152356b3
- https://git.kernel.org/stable/c/d8f4ad5f3979dbd8e6251259562f12472717883a
- https://git.kernel.org/stable/c/7741ddc882a0c806a6508ba8203c55a779db7a21
- https://git.kernel.org/stable/c/82c3d6e9db41cbd3af1d4f90bdb441740b5fad10
- https://git.kernel.org/stable/c/c9b3649a934d131151111354bcbb638076f03a30
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.