CVE-2024-53220

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to account dirty data in __get_secs_required()<br /> <br /> It will trigger system panic w/ testcase in [1]:<br /> <br /> ------------[ cut here ]------------<br /> kernel BUG at fs/f2fs/segment.c:2752!<br /> RIP: 0010:new_curseg+0xc81/0x2110<br /> Call Trace:<br /> f2fs_allocate_data_block+0x1c91/0x4540<br /> do_write_page+0x163/0xdf0<br /> f2fs_outplace_write_data+0x1aa/0x340<br /> f2fs_do_write_data_page+0x797/0x2280<br /> f2fs_write_single_data_page+0x16cd/0x2190<br /> f2fs_write_cache_pages+0x994/0x1c80<br /> f2fs_write_data_pages+0x9cc/0xea0<br /> do_writepages+0x194/0x7a0<br /> filemap_fdatawrite_wbc+0x12b/0x1a0<br /> __filemap_fdatawrite_range+0xbb/0xf0<br /> file_write_and_wait_range+0xa1/0x110<br /> f2fs_do_sync_file+0x26f/0x1c50<br /> f2fs_sync_file+0x12b/0x1d0<br /> vfs_fsync_range+0xfa/0x230<br /> do_fsync+0x3d/0x80<br /> __x64_sys_fsync+0x37/0x50<br /> x64_sys_call+0x1e88/0x20d0<br /> do_syscall_64+0x4b/0x110<br /> entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> <br /> The root cause is if checkpoint_disabling and lfs_mode are both on,<br /> it will trigger OPU for all overwritten data, it may cost more free<br /> segment than expected, so f2fs must account those data correctly to<br /> calculate cosumed free segments later, and return ENOSPC earlier to<br /> avoid run out of free segment during block allocation.<br /> <br /> [1] https://lore.kernel.org/fstests/20241015025106.3203676-1-chao@kernel.org/