CVE-2023-52848

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to drop meta_inode&amp;#39;s page cache in f2fs_put_super()<br /> <br /> syzbot reports a kernel bug as below:<br /> <br /> F2FS-fs (loop1): detect filesystem reference count leak during umount, type: 10, count: 1<br /> kernel BUG at fs/f2fs/super.c:1639!<br /> CPU: 0 PID: 15451 Comm: syz-executor.1 Not tainted 6.5.0-syzkaller-09338-ge0152e7481c6 #0<br /> RIP: 0010:f2fs_put_super+0xce1/0xed0 fs/f2fs/super.c:1639<br /> Call Trace:<br /> generic_shutdown_super+0x161/0x3c0 fs/super.c:693<br /> kill_block_super+0x3b/0x70 fs/super.c:1646<br /> kill_f2fs_super+0x2b7/0x3d0 fs/f2fs/super.c:4879<br /> deactivate_locked_super+0x9a/0x170 fs/super.c:481<br /> deactivate_super+0xde/0x100 fs/super.c:514<br /> cleanup_mnt+0x222/0x3d0 fs/namespace.c:1254<br /> task_work_run+0x14d/0x240 kernel/task_work.c:179<br /> resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]<br /> exit_to_user_mode_loop kernel/entry/common.c:171 [inline]<br /> exit_to_user_mode_prepare+0x210/0x240 kernel/entry/common.c:204<br /> __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]<br /> syscall_exit_to_user_mode+0x1d/0x60 kernel/entry/common.c:296<br /> do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> In f2fs_put_super(), it tries to do sanity check on dirty and IO<br /> reference count of f2fs, once there is any reference count leak,<br /> it will trigger panic.<br /> <br /> The root case is, during f2fs_put_super(), if there is any IO error<br /> in f2fs_wait_on_all_pages(), we missed to truncate meta_inode&amp;#39;s page<br /> cache later, result in panic, fix this case.