CVE-2023-53537

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to avoid use-after-free for cached IPU bio

xfstest generic/019 reports a bug:

kernel BUG at mm/filemap.c:1619! RIP: 0010:folioendwriteback+0x8a/0x90 Call Trace: endpagewriteback+0x1c/0x60 f2fswriteendio+0x199/0x420 bioendio+0x104/0x180 submitbionoacct+0xa5/0x510 submitbio+0x48/0x80 f2fssubmitwritebio+0x35/0x300 f2fssubmitmergedipuwrite+0x2a0/0x2b0 f2fswritesingledatapage+0x838/0x8b0 f2fswritecachepages+0x379/0xa30 f2fswritedatapages+0x30c/0x340 do_writepages+0xd8/0x1b0 __writebacksingleinode+0x44/0x370 writebacksbinodes+0x233/0x4d0 _writebackinodeswb+0x56/0xf0 wbwriteback+0x1dd/0x2d0 wbworkfn+0x367/0x4a0 processonework+0x21d/0x430 workerthread+0x4e/0x3c0 kthread+0x103/0x130 retfromfork+0x2c/0x50

The root cause is: after cperror is set, f2fssubmitmergedipuwrite() in f2fswritesingledatapage() tries to flush IPU bio in cache, however f2fssubmitmergedipu_write() missed to check validity of @bio parameter, result in submitting random cached bio which belong to other IO context, then it will cause use-after-free issue, fix it by adding additional validity check.