CVE-2023-54124

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to drop all dirty pages during umount() if cp_error is set<br /> <br /> xfstest generic/361 reports a bug as below:<br /> <br /> f2fs_bug_on(sbi, sbi-&gt;fsync_node_num);<br /> <br /> kernel BUG at fs/f2fs/super.c:1627!<br /> RIP: 0010:f2fs_put_super+0x3a8/0x3b0<br /> Call Trace:<br /> generic_shutdown_super+0x8c/0x1b0<br /> kill_block_super+0x2b/0x60<br /> kill_f2fs_super+0x87/0x110<br /> deactivate_locked_super+0x39/0x80<br /> deactivate_super+0x46/0x50<br /> cleanup_mnt+0x109/0x170<br /> __cleanup_mnt+0x16/0x20<br /> task_work_run+0x65/0xa0<br /> exit_to_user_mode_prepare+0x175/0x190<br /> syscall_exit_to_user_mode+0x25/0x50<br /> do_syscall_64+0x4c/0x90<br /> entry_SYSCALL_64_after_hwframe+0x72/0xdc<br /> <br /> During umount(), if cp_error is set, f2fs_wait_on_all_pages() should<br /> not stop waiting all F2FS_WB_CP_DATA pages to be writebacked, otherwise,<br /> fsync_node_num can be non-zero after f2fs_wait_on_all_pages() causing<br /> this bug.<br /> <br /> In this case, to avoid deadloop in f2fs_wait_on_all_pages(), it needs<br /> to drop all dirty pages rather than redirtying them.