CVE-2022-49360

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to do sanity check on totaldatablocks

As Yanming reported in bugzilla:

https://bugzilla.kernel.org/show_bug.cgi?id=215916

The kernel message is shown below:

kernel BUG at fs/f2fs/segment.c:2560! Call Trace: allocatesegmentbydefault+0x228/0x440 f2fsallocatedatablock+0x13d1/0x31f0 dowritepage+0x18d/0x710 f2fsoutplacewritedata+0x151/0x250 f2fsdowritedatapage+0xef9/0x1980 movedatapage+0x6af/0xbc0 dogarbagecollect+0x312f/0x46f0 f2fsgc+0x6b0/0x3bc0 f2fsbalancefs+0x921/0x2260 f2fswritesingledatapage+0x16be/0x2370 f2fswritecachepages+0x428/0xd00 f2fswritedatapages+0x96e/0xd50 do_writepages+0x168/0x550 __writebacksingleinode+0x9f/0x870 writebacksbinodes+0x47d/0xb20 __writebackinodeswb+0xb2/0x200 wbwriteback+0x4bd/0x660 wbworkfn+0x5f3/0xab0 processonework+0x79f/0x13e0 workerthread+0x89/0xf60 kthread+0x26a/0x300 retfromfork+0x22/0x30 RIP: 0010:newcurseg+0xe8d/0x15f0

The root cause is: ckpt.validblockcount is inconsistent with SIT table, stat info indicates filesystem has free blocks, but SIT table indicates filesystem has no free segment.

So that during garbage colloection, it triggers panic when LFS allocator fails to find free segment.

This patch tries to fix this issue by checking consistency in between ckpt.validblockcount and block accounted from SIT.