Wind River Support Network

HomeDefectsLIN1021-19020
Acknowledged

LIN1021-19020 : Security Advisory - linux - CVE-2023-53564

Created: Oct 10, 2025    Updated: Oct 17, 2025
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]ocfs2: fix defrag path triggering jbd2 ASSERT[EOL][EOL]code path:[EOL][EOL]ocfs2_ioctl_move_extents[EOL] ocfs2_move_extents[EOL]  ocfs2_defrag_extent[EOL]   __ocfs2_move_extent[EOL]    + ocfs2_journal_access_di[EOL]    + ocfs2_split_extent  //sub-paths call jbd2_journal_restart[EOL]    + ocfs2_journal_dirty //crash by jbs2 ASSERT[EOL][EOL]crash stacks:[EOL][EOL]PID: 11297  TASK: ffff974a676dcd00  CPU: 67  COMMAND: "defragfs.ocfs2"[EOL] #0 [ffffb25d8dad3900] machine_kexec at ffffffff8386fe01[EOL] #1 [ffffb25d8dad3958] __crash_kexec at ffffffff8395959d[EOL] #2 [ffffb25d8dad3a20] crash_kexec at ffffffff8395a45d[EOL] #3 [ffffb25d8dad3a38] oops_end at ffffffff83836d3f[EOL] #4 [ffffb25d8dad3a58] do_trap at ffffffff83833205[EOL] #5 [ffffb25d8dad3aa0] do_invalid_op at ffffffff83833aa6[EOL] #6 [ffffb25d8dad3ac0] invalid_op at ffffffff84200d18[EOL]    [exception RIP: jbd2_journal_dirty_metadata+0x2ba][EOL]    RIP: ffffffffc09ca54a  RSP: ffffb25d8dad3b70  RFLAGS: 00010207[EOL]    RAX: 0000000000000000  RBX: ffff9706eedc5248  RCX: 0000000000000000[EOL]    RDX: 0000000000000001  RSI: ffff97337029ea28  RDI: ffff9706eedc5250[EOL]    RBP: ffff9703c3520200   R8: 000000000f46b0b2   R9: 0000000000000000[EOL]    R10: 0000000000000001  R11: 00000001000000fe  R12: ffff97337029ea28[EOL]    R13: 0000000000000000  R14: ffff9703de59bf60  R15: ffff9706eedc5250[EOL]    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018[EOL] #7 [ffffb25d8dad3ba8] ocfs2_journal_dirty at ffffffffc137fb95 [ocfs2][EOL] #8 [ffffb25d8dad3be8] __ocfs2_move_extent at ffffffffc139a950 [ocfs2][EOL] #9 [ffffb25d8dad3c80] ocfs2_defrag_extent at ffffffffc139b2d2 [ocfs2][EOL][EOL]Analysis[EOL][EOL]This bug has the same root cause of 'commit 7f27ec978b0e ("ocfs2: call[EOL]ocfs2_journal_access_di() before ocfs2_journal_dirty() in[EOL]ocfs2_write_end_nolock()")'.  For this bug, jbd2_journal_restart() is[EOL]called by ocfs2_split_extent() during defragmenting.[EOL][EOL]How to fix[EOL][EOL]For ocfs2_split_extent() can handle journal operations totally by itself. [EOL]Caller doesn't need to call journal access/dirty pair, and caller only[EOL]needs to call journal start/stop pair.  The fix method is to remove[EOL]journal access/dirty from __ocfs2_move_extent().[EOL][EOL]The discussion for this patch:[EOL]https://oss.oracle.com/pipermail/ocfs2-devel/2023-February/000647.html
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube