5.17-stable patches

added patches:
	gfs2-assign-rgrp-glock-before-compute_bitstructs.patch

diff --git a/queue-5.17/gfs2-assign-rgrp-glock-before-compute_bitstructs.patch b/queue-5.17/gfs2-assign-rgrp-glock-before-compute_bitstructs.patch
new file mode 100644 (file)
index 0000000..88f45cb
--- /dev/null
+++ b/queue-5.17/gfs2-assign-rgrp-glock-before-compute_bitstructs.patch
@@ -0,0 +1,62 @@
+From 428f651cb80b227af47fc302e4931791f2fb4741 Mon Sep 17 00:00:00 2001
+From: Bob Peterson <rpeterso@redhat.com>
+Date: Mon, 17 Jan 2022 10:25:07 -0500
+Subject: gfs2: assign rgrp glock before compute_bitstructs
+
+From: Bob Peterson <rpeterso@redhat.com>
+
+commit 428f651cb80b227af47fc302e4931791f2fb4741 upstream.
+
+Before this patch, function read_rindex_entry called compute_bitstructs
+before it allocated a glock for the rgrp. But if compute_bitstructs found
+a problem with the rgrp, it called gfs2_consist_rgrpd, and that called
+gfs2_dump_glock for rgd->rd_gl which had not yet been assigned.
+
+read_rindex_entry
+   compute_bitstructs
+      gfs2_consist_rgrpd
+         gfs2_dump_glock <---------rgd->rd_gl was not set.
+
+This patch changes read_rindex_entry so it assigns an rgrp glock before
+calling compute_bitstructs so gfs2_dump_glock does not reference an
+unassigned pointer. If an error is discovered, the glock must also be
+put, so a new goto and label were added.
+
+Reported-by: syzbot+c6fd14145e2f62ca0784@syzkaller.appspotmail.com
+Signed-off-by: Bob Peterson <rpeterso@redhat.com>
+Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/gfs2/rgrp.c |    9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/fs/gfs2/rgrp.c
++++ b/fs/gfs2/rgrp.c
+@@ -923,15 +923,15 @@ static int read_rindex_entry(struct gfs2
+       spin_lock_init(&rgd->rd_rsspin);
+       mutex_init(&rgd->rd_mutex);
+ 
+-      error = compute_bitstructs(rgd);
+-      if (error)
+-              goto fail;
+-
+       error = gfs2_glock_get(sdp, rgd->rd_addr,
+                              &gfs2_rgrp_glops, CREATE, &rgd->rd_gl);
+       if (error)
+               goto fail;
+ 
++      error = compute_bitstructs(rgd);
++      if (error)
++              goto fail_glock;
++
+       rgd->rd_rgl = (struct gfs2_rgrp_lvb *)rgd->rd_gl->gl_lksb.sb_lvbptr;
+       rgd->rd_flags &= ~GFS2_RDF_PREFERRED;
+       if (rgd->rd_data > sdp->sd_max_rg_data)
+@@ -945,6 +945,7 @@ static int read_rindex_entry(struct gfs2
+       }
+ 
+       error = 0; /* someone else read in the rgrp; free it and ignore it */
++fail_glock:
+       gfs2_glock_put(rgd->rd_gl);
+ 
+ fail:

diff --git a/queue-5.17/series b/queue-5.17/series
index 319cf709ff9963edce9e39728c8b0ad2f38e8deb..b8ba712d02ff5ba358e82894128f4a0721a376e5 100644 (file)
--- a/queue-5.17/series
+++ b/queue-5.17/series
@@ -2,3 +2,4 @@ etherdevice-adjust-ether_addr-prototypes-to-silence-wstringop-overead.patch
 perf-tools-fix-segfault-accessing-sample_id-xyarray.patch
 drm-amd-display-only-set-psr-version-when-valid.patch
 block-compat_ioctl-fix-range-check-in-blkgetsize.patch
+gfs2-assign-rgrp-glock-before-compute_bitstructs.patch