CVE-2023-54124

Summary

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to drop all dirty pages during umount() if cp_error is set

xfstest generic/361 reports a bug as below:

f2fs_bug_on(sbi, sbi->fsync_node_num);

kernel BUG at fs/f2fs/super.c:1627! RIP: 0010:f2fs_put_super+0x3a8/0x3b0 Call Trace: generic_shutdown_super+0x8c/0x1b0 kill_block_super+0x2b/0x60 kill_f2fs_super+0x87/0x110 deactivate_locked_super+0x39/0x80 deactivate_super+0x46/0x50 cleanup_mnt+0x109/0x170 __cleanup_mnt+0x16/0x20 task_work_run+0x65/0xa0 exit_to_user_mode_prepare+0x175/0x190 syscall_exit_to_user_mode+0x25/0x50 do_syscall_64+0x4c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc

During umount(), if cp_error is set, f2fs_wait_on_all_pages() should not stop waiting all F2FS_WB_CP_DATA pages to be writebacked, otherwise, fsync_node_num can be non-zero after f2fs_wait_on_all_pages() causing this bug.

In this case, to avoid deadloop in f2fs_wait_on_all_pages(), it needs to drop all dirty pages rather than redirtying them.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxaf697c0f5c5b8798832e651baf23460d588393de < 92575f05a32dafb16348bfa5e62478118a9be069affected
LinuxLinuxaf697c0f5c5b8798832e651baf23460d588393de < 4ceedc2f8bdffb82e40b7d1bb912304f8e157cb1affected
LinuxLinuxaf697c0f5c5b8798832e651baf23460d588393de < ad87bd313f70b51e48019d5ce2d02d73152356b3affected
LinuxLinuxaf697c0f5c5b8798832e651baf23460d588393de < d8f4ad5f3979dbd8e6251259562f12472717883aaffected
LinuxLinuxaf697c0f5c5b8798832e651baf23460d588393de < 7741ddc882a0c806a6508ba8203c55a779db7a21affected
LinuxLinuxaf697c0f5c5b8798832e651baf23460d588393de < 82c3d6e9db41cbd3af1d4f90bdb441740b5fad10affected
LinuxLinuxaf697c0f5c5b8798832e651baf23460d588393de < c9b3649a934d131151111354bcbb638076f03a30affected
LinuxLinux4.19affected
LinuxLinux0 < 4.19unaffected
LinuxLinux4.19.284 <= 4.19.*unaffected
LinuxLinux5.4.244 <= 5.4.*unaffected
LinuxLinux5.10.181 <= 5.10.*unaffected
LinuxLinux5.15.113 <= 5.15.*unaffected
LinuxLinux6.1.30 <= 6.1.*unaffected
LinuxLinux6.3.4 <= 6.3.*unaffected
LinuxLinux6.4 <= *unaffected

Weaknesses

References