CVE-2021-47007

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix panic during f2fs_resize_fs()<br /> <br /> f2fs_resize_fs() hangs in below callstack with testcase:<br /> - mkfs 16GB image &amp; mount image<br /> - dd 8GB fileA<br /> - dd 8GB fileB<br /> - sync<br /> - rm fileA<br /> - sync<br /> - resize filesystem to 8GB<br /> <br /> kernel BUG at segment.c:2484!<br /> Call Trace:<br /> allocate_segment_by_default+0x92/0xf0 [f2fs]<br /> f2fs_allocate_data_block+0x44b/0x7e0 [f2fs]<br /> do_write_page+0x5a/0x110 [f2fs]<br /> f2fs_outplace_write_data+0x55/0x100 [f2fs]<br /> f2fs_do_write_data_page+0x392/0x850 [f2fs]<br /> move_data_page+0x233/0x320 [f2fs]<br /> do_garbage_collect+0x14d9/0x1660 [f2fs]<br /> free_segment_range+0x1f7/0x310 [f2fs]<br /> f2fs_resize_fs+0x118/0x330 [f2fs]<br /> __f2fs_ioctl+0x487/0x3680 [f2fs]<br /> __x64_sys_ioctl+0x8e/0xd0<br /> do_syscall_64+0x33/0x80<br /> entry_SYSCALL_64_after_hwframe+0x44/0xa9<br /> <br /> The root cause is we forgot to check that whether we have enough space<br /> in resized filesystem to store all valid blocks in before-resizing<br /> filesystem, then allocator will run out-of-space during block migration<br /> in free_segment_range().