FKIE_CVE-2023-54068

Vulnerability from fkie_nvd - Published: 2025-12-24 13:16 - Updated: 2025-12-24 13:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages() BUG_ON() will be triggered when writing files concurrently, because the same page is writtenback multiple times. 1597 void folio_end_writeback(struct folio *folio) 1598 { ...... 1618 if (!__folio_end_writeback(folio)) 1619 BUG(); ...... 1625 } kernel BUG at mm/filemap.c:1619! Call Trace: <TASK> f2fs_write_end_io+0x1a0/0x370 blk_update_request+0x6c/0x410 blk_mq_end_request+0x15/0x130 blk_complete_reqs+0x3c/0x50 __do_softirq+0xb8/0x29b ? sort_range+0x20/0x20 run_ksoftirqd+0x19/0x20 smpboot_thread_fn+0x10b/0x1d0 kthread+0xde/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 </TASK> Below is the concurrency scenario: [Process A] [Process B] [Process C] f2fs_write_raw_pages() - redirty_page_for_writepage() - unlock page() f2fs_do_write_data_page() - lock_page() - clear_page_dirty_for_io() - set_page_writeback() [1st writeback] ..... - unlock page() generic_perform_write() - f2fs_write_begin() - wait_for_stable_page() - f2fs_write_end() - set_page_dirty() - lock_page() - f2fs_do_write_data_page() - set_page_writeback() [2st writeback] This problem was introduced by the previous commit 7377e853967b ("f2fs: compress: fix potential deadlock of compress file"). All pagelocks were released in f2fs_write_raw_pages(), but whether the page was in the writeback state was ignored in the subsequent writing process. Let's fix it by waiting for the page to writeback before writing.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/169134da419cb8ffbe3b0743bc24573e16952ea9
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6604df2a9d07ba8f8fb1ac14046c2c83776faa4f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9940877c4fe752923a53f0f7372f2f152b6eccf0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a8226a45b2a9ce83ba7a167a387a00fecc319e71
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ad31eed06c3b4d63b2d38322a271d4009aee4bb3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/babedcbac164cec970872b8097401ca913a80e61
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()\n\nBUG_ON() will be triggered when writing files concurrently,\nbecause the same page is writtenback multiple times.\n\n1597 void folio_end_writeback(struct folio *folio)\n1598 {\n\t\t......\n1618     if (!__folio_end_writeback(folio))\n1619         BUG();\n\t\t......\n1625 }\n\nkernel BUG at mm/filemap.c:1619!\nCall Trace:\n \u003cTASK\u003e\n f2fs_write_end_io+0x1a0/0x370\n blk_update_request+0x6c/0x410\n blk_mq_end_request+0x15/0x130\n blk_complete_reqs+0x3c/0x50\n __do_softirq+0xb8/0x29b\n ? sort_range+0x20/0x20\n run_ksoftirqd+0x19/0x20\n smpboot_thread_fn+0x10b/0x1d0\n kthread+0xde/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\nBelow is the concurrency scenario:\n\n[Process A]\t\t[Process B]\t\t[Process C]\nf2fs_write_raw_pages()\n  - redirty_page_for_writepage()\n  - unlock page()\n\t\t\tf2fs_do_write_data_page()\n\t\t\t  - lock_page()\n\t\t\t  - clear_page_dirty_for_io()\n\t\t\t  - set_page_writeback() [1st writeback]\n\t\t\t    .....\n\t\t\t    - unlock page()\n\n\t\t\t\t\t\tgeneric_perform_write()\n\t\t\t\t\t\t  - f2fs_write_begin()\n\t\t\t\t\t\t    - wait_for_stable_page()\n\n\t\t\t\t\t\t  - f2fs_write_end()\n\t\t\t\t\t\t    - set_page_dirty()\n\n  - lock_page()\n    - f2fs_do_write_data_page()\n      - set_page_writeback() [2st writeback]\n\nThis problem was introduced by the previous commit 7377e853967b (\"f2fs:\ncompress: fix potential deadlock of compress file\"). All pagelocks were\nreleased in f2fs_write_raw_pages(), but whether the page was\nin the writeback state was ignored in the subsequent writing process.\nLet\u0027s fix it by waiting for the page to writeback before writing."
    }
  ],
  "id": "CVE-2023-54068",
  "lastModified": "2025-12-24T13:16:08.640",
  "metrics": {},
  "published": "2025-12-24T13:16:08.640",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/169134da419cb8ffbe3b0743bc24573e16952ea9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6604df2a9d07ba8f8fb1ac14046c2c83776faa4f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9940877c4fe752923a53f0f7372f2f152b6eccf0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a8226a45b2a9ce83ba7a167a387a00fecc319e71"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ad31eed06c3b4d63b2d38322a271d4009aee4bb3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/babedcbac164cec970872b8097401ca913a80e61"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Received"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.