Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to drop all dirty pages during umount() if cp_error is set xfstest generic/361 reports a bug as below: f2fs_bug_on(sbi, sbi->fsync_node_num); kernel BUG at fs/f2fs/super.c:1627! RIP: 0010:f2fs_put_super+0x3a8/0x3b0 Call Trace: generic_shutdown_super+0x8c/0x1b0 kill_block_super+0x2b/0x60 kill_f2fs_super+0x87/0x110 deactivate_locked_super+0x39/0x80 deactivate_super+0x46/0x50 cleanup_mnt+0x109/0x170 __cleanup_mnt+0x16/0x20 task_work_run+0x65/0xa0 exit_to_user_mode_prepare+0x175/0x190 syscall_exit_to_user_mode+0x25/0x50 do_syscall_64+0x4c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc During umount(), if cp_error is set, f2fs_wait_on_all_pages() should not stop waiting all F2FS_WB_CP_DATA pages to be writebacked, otherwise, fsync_node_num can be non-zero after f2fs_wait_on_all_pages() causing this bug. In this case, to avoid deadloop in f2fs_wait_on_all_pages(), it needs to drop all dirty pages rather than redirtying them.

References 7

• git.kernel.org https://git.kernel.org/stable/c/4ceedc2f8bdffb82e40b7d1bb912304f8e157cb1
• git.kernel.org https://git.kernel.org/stable/c/7741ddc882a0c806a6508ba8203c55a779db7a21
• git.kernel.org https://git.kernel.org/stable/c/82c3d6e9db41cbd3af1d4f90bdb441740b5fad10
• git.kernel.org https://git.kernel.org/stable/c/92575f05a32dafb16348bfa5e62478118a9be069
• git.kernel.org https://git.kernel.org/stable/c/ad87bd313f70b51e48019d5ce2d02d73152356b3
• git.kernel.org https://git.kernel.org/stable/c/c9b3649a934d131151111354bcbb638076f03a30
• git.kernel.org https://git.kernel.org/stable/c/d8f4ad5f3979dbd8e6251259562f12472717883a

Remediation