CVE-2024-47690

In the Linux kernel, the following vulnerability has been resolved:

f2fs: get rid of online repaire on corrupted directory

syzbot reports a f2fs bug as below:

kernel BUG at fs/f2fs/inode.c:896! RIP: 0010:f2fsevictinode+0x1598/0x15c0 fs/f2fs/inode.c:896 Call Trace: evict+0x532/0x950 fs/inode.c:704 disposelist fs/inode.c:747 [inline] evictinodes+0x5f9/0x690 fs/inode.c:797 genericshutdownsuper+0x9d/0x2d0 fs/super.c:627 killblocksuper+0x44/0x90 fs/super.c:1696 killf2fssuper+0x344/0x690 fs/f2fs/super.c:4898 deactivatelockedsuper+0xc4/0x130 fs/super.c:473 cleanupmnt+0x41f/0x4b0 fs/namespace.c:1373 taskworkrun+0x24f/0x310 kernel/taskwork.c:228 ptracenotify+0x2d2/0x380 kernel/signal.c:2402 ptracereportsyscall include/linux/ptrace.h:415 [inline] ptracereportsyscallexit include/linux/ptrace.h:477 [inline] syscallexitwork+0xc6/0x190 kernel/entry/common.c:173 syscallexittousermodeprepare kernel/entry/common.c:200 [inline] _syscallexittousermodework kernel/entry/common.c:205 [inline] syscallexittousermode+0x279/0x370 kernel/entry/common.c:218 dosyscall64+0x100/0x230 arch/x86/entry/common.c:89 entrySYSCALL64afterhwframe+0x77/0x7f RIP: 0010:f2fsevict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896

Online repaire on corrupted directory in f2fs_lookup() can generate dirty data/meta while racing w/ readonly remount, it may leave dirty inode after filesystem becomes readonly, however, checkpoint() will skips flushing dirty inode in a state of readonly mode, result in above panic.

Let's get rid of online repaire in f2fs_lookup(), and leave the work to fsck.f2fs.