In the Linux kernel, the following vulnerability has been resolved:
f2fs: quota: fix to avoid warning in dquotwritebackdquots()
F2FS-fs (dm-59): checkpoint=enable has some unwritten data.
------------[ cut here ]------------ WARNING: CPU: 6 PID: 8013 at fs/quota/dquot.c:691 dquotwritebackdquots+0x2fc/0x308 pc : dquotwritebackdquots+0x2fc/0x308 lr : f2fsquotasync+0xcc/0x1c4 Call trace: dquotwritebackdquots+0x2fc/0x308 f2fsquotasync+0xcc/0x1c4 f2fswritecheckpoint+0x3d4/0x9b0 f2fsissuecheckpoint+0x1bc/0x2c0 f2fssyncfs+0x54/0x150 f2fsdosyncfile+0x2f8/0x814 _f2fsioctl+0x1960/0x3244 f2fsioctl+0x54/0xe0 _arm64sysioctl+0xa8/0xe4 invokesyscall+0x58/0x114
checkpoint and f2fsremount may race as below, resulting triggering warning in dquotwriteback_dquots().
atomic write remount - doremount - downwrite(&sb->sumount); - f2fsremount - ioctl - f2fsdosyncfile - f2fssyncfs - f2fswritecheckpoint - blockoperations - locked = downreadtrylock(&sbi->sb->sumount) : fail to lock due to the write lock was held by remount - upwrite(&sb->sumount); - f2fsquotasync - dquotwritebackdquots - WARNONONCE(!rwsemislocked(&sb->sumount)) : trigger warning because s_umount lock was unlocked by remount
If checkpoint comes from mount/umount/remount/freeze/quotactl, caller of checkpoint has already held sumount lock, calling dquotwriteback_dquots() in the context should be safe.
So let's record task to sbi->umountlockholder, so that checkpoint can know whether the lock has held in the context or not by checking current w/ it.
In addition, in order to not misrepresent caller of checkpoint, we should not allow to trigger async checkpoint for those callers: mount/umount/remount/ freeze/quotactl.