From: Jaegeuk Kim jaegeuk@kernel.org
stable inclusion from stable-v6.6.36 commit 1036d3ea7a32cb7cee00885c73a1f2ba7fbc499a category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IACSWZ CVE: CVE-2024-40969
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
[ Upstream commit 3bdb7f161697e2d5123b89fe1778ef17a44858e7 ]
Shutdown does not check the error of thaw_super due to readonly, which causes a deadlock like below.
f2fs_ioc_shutdown(F2FS_GOING_DOWN_FULLSYNC) issue_discard_thread - bdev_freeze - freeze_super - f2fs_stop_checkpoint() - f2fs_handle_critical_error - sb_start_write - set RO - waiting - bdev_thaw - thaw_super_locked - return -EINVAL, if sb_rdonly() - f2fs_stop_discard_thread -> wait for kthread_stop(discard_thread);
Reported-by: "Light Hsieh (謝明燈)" Light.Hsieh@mediatek.com Reviewed-by: Daeho Jeong daehojeong@google.com Reviewed-by: Chao Yu chao@kernel.org Signed-off-by: Jaegeuk Kim jaegeuk@kernel.org Signed-off-by: Sasha Levin sashal@kernel.org Signed-off-by: Wang Zhaolong wangzhaolong1@huawei.com --- fs/f2fs/super.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 534d8bb1f26c..5d7bba259d51 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -4178,9 +4178,15 @@ void f2fs_handle_critical_error(struct f2fs_sb_info *sbi, unsigned char reason, if (shutdown) set_sbi_flag(sbi, SBI_IS_SHUTDOWN);
- /* continue filesystem operators if errors=continue */ - if (continue_fs || f2fs_readonly(sb)) + /* + * Continue filesystem operators if errors=continue. Should not set + * RO by shutdown, since RO bypasses thaw_super which can hang the + * system. + */ + if (continue_fs || f2fs_readonly(sb) || shutdown) { + f2fs_warn(sbi, "Stopped filesystem due to reason: %d", reason); return; + }
f2fs_warn(sbi, "Remounting filesystem read-only"); /*