--- /dev/null
+From 9af503d91298c3f2945e73703f0e00995be08c30 Mon Sep 17 00:00:00 2001
+From: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Date: Fri, 19 Apr 2024 11:22:48 +0900
+Subject: btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()
+
+From: Dominique Martinet <dominique.martinet@atmark-techno.com>
+
+commit 9af503d91298c3f2945e73703f0e00995be08c30 upstream.
+
+The previous patch that replaced BUG_ON by error handling forgot to
+unlock the mutex in the error path.
+
+Link: https://lore.kernel.org/all/Zh%2fHpAGFqa7YAFuM@duo.ucw.cz
+Reported-by: Pavel Machek <pavel@denx.de>
+Fixes: 7411055db5ce ("btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()")
+CC: stable@vger.kernel.org
+Reviewed-by: Pavel Machek <pavel@denx.de>
+Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/volumes.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/btrfs/volumes.c
++++ b/fs/btrfs/volumes.c
+@@ -3368,6 +3368,7 @@ again:
+ * alignment and size).
+ */
+ ret = -EUCLEAN;
++ mutex_unlock(&fs_info->reclaim_bgs_lock);
+ goto error;
+ }
+
--- /dev/null
+From 63a6ce5a1a6261e4c70bad2b55c4e0de8da4762e Mon Sep 17 00:00:00 2001
+From: Qu Wenruo <wqu@suse.com>
+Date: Tue, 16 Apr 2024 08:07:00 +0930
+Subject: btrfs: set correct ram_bytes when splitting ordered extent
+
+From: Qu Wenruo <wqu@suse.com>
+
+commit 63a6ce5a1a6261e4c70bad2b55c4e0de8da4762e upstream.
+
+[BUG]
+When running generic/287, the following file extent items can be
+generated:
+
+ item 16 key (258 EXTENT_DATA 2682880) itemoff 15305 itemsize 53
+ generation 9 type 1 (regular)
+ extent data disk byte 1378414592 nr 462848
+ extent data offset 0 nr 462848 ram 2097152
+ extent compression 0 (none)
+
+Note that file extent item is not a compressed one, but its ram_bytes is
+way larger than its disk_num_bytes.
+
+According to btrfs on-disk scheme, ram_bytes should match disk_num_bytes
+if it's not a compressed one.
+
+[CAUSE]
+Since commit b73a6fd1b1ef ("btrfs: split partial dio bios before
+submit"), for partial dio writes, we would split the ordered extent.
+
+However the function btrfs_split_ordered_extent() doesn't update the
+ram_bytes even it has already shrunk the disk_num_bytes.
+
+Originally the function btrfs_split_ordered_extent() is only introduced
+for zoned devices in commit d22002fd37bd ("btrfs: zoned: split ordered
+extent when bio is sent"), but later commit b73a6fd1b1ef ("btrfs: split
+partial dio bios before submit") makes non-zoned btrfs affected.
+
+Thankfully for un-compressed file extent, we do not really utilize the
+ram_bytes member, thus it won't cause any real problem.
+
+[FIX]
+Also update btrfs_ordered_extent::ram_bytes inside
+btrfs_split_ordered_extent().
+
+Fixes: d22002fd37bd ("btrfs: zoned: split ordered extent when bio is sent")
+CC: stable@vger.kernel.org # 5.15+
+Reviewed-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: Qu Wenruo <wqu@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/ordered-data.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/btrfs/ordered-data.c
++++ b/fs/btrfs/ordered-data.c
+@@ -1202,6 +1202,7 @@ struct btrfs_ordered_extent *btrfs_split
+ ordered->disk_bytenr += len;
+ ordered->num_bytes -= len;
+ ordered->disk_num_bytes -= len;
++ ordered->ram_bytes -= len;
+
+ if (test_bit(BTRFS_ORDERED_IO_DONE, &ordered->flags)) {
+ ASSERT(ordered->bytes_left == 0);
--- /dev/null
+From 955a923d2809803980ff574270f81510112be9cf Mon Sep 17 00:00:00 2001
+From: "Liam R. Howlett" <Liam.Howlett@oracle.com>
+Date: Mon, 22 Apr 2024 16:33:49 -0400
+Subject: maple_tree: fix mas_empty_area_rev() null pointer dereference
+
+From: Liam R. Howlett <Liam.Howlett@oracle.com>
+
+commit 955a923d2809803980ff574270f81510112be9cf upstream.
+
+Currently the code calls mas_start() followed by mas_data_end() if the
+maple state is MA_START, but mas_start() may return with the maple state
+node == NULL. This will lead to a null pointer dereference when checking
+information in the NULL node, which is done in mas_data_end().
+
+Avoid setting the offset if there is no node by waiting until after the
+maple state is checked for an empty or single entry state.
+
+A user could trigger the events to cause a kernel oops by unmapping all
+vmas to produce an empty maple tree, then mapping a vma that would cause
+the scenario described above.
+
+Link: https://lkml.kernel.org/r/20240422203349.2418465-1-Liam.Howlett@oracle.com
+Fixes: 54a611b60590 ("Maple Tree: add new data structure")
+Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
+Reported-by: Marius Fleischer <fleischermarius@gmail.com>
+Closes: https://lore.kernel.org/lkml/CAJg=8jyuSxDL6XvqEXY_66M20psRK2J53oBTP+fjV5xpW2-R6w@mail.gmail.com/
+Link: https://lore.kernel.org/lkml/CAJg=8jyuSxDL6XvqEXY_66M20psRK2J53oBTP+fjV5xpW2-R6w@mail.gmail.com/
+Tested-by: Marius Fleischer <fleischermarius@gmail.com>
+Tested-by: Sidhartha Kumar <sidhartha.kumar@oracle.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ lib/maple_tree.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+--- a/lib/maple_tree.c
++++ b/lib/maple_tree.c
+@@ -5085,18 +5085,18 @@ int mas_empty_area_rev(struct ma_state *
+ if (size == 0 || max - min < size - 1)
+ return -EINVAL;
+
+- if (mas_is_start(mas)) {
++ if (mas_is_start(mas))
+ mas_start(mas);
+- mas->offset = mas_data_end(mas);
+- } else if (mas->offset >= 2) {
+- mas->offset -= 2;
+- } else if (!mas_rewind_node(mas)) {
++ else if ((mas->offset < 2) && (!mas_rewind_node(mas)))
+ return -EBUSY;
+- }
+
+- /* Empty set. */
+- if (mas_is_none(mas) || mas_is_ptr(mas))
++ if (unlikely(mas_is_none(mas) || mas_is_ptr(mas)))
+ return mas_sparse_area(mas, min, max, size, false);
++ else if (mas->offset >= 2)
++ mas->offset -= 2;
++ else
++ mas->offset = mas_data_end(mas);
++
+
+ /* The start of the window can only be within these values. */
+ mas->index = min;
usb-typec-tcpm-check-for-port-partner-validity-before-consuming-it.patch
alsa-hda-realtek-fix-mute-led-of-hp-laptop-15-da3001tu.patch
firewire-ohci-fulfill-timestamp-for-some-local-asynchronous-transaction.patch
+btrfs-add-missing-mutex_unlock-in-btrfs_relocate_sys_chunks.patch
+btrfs-set-correct-ram_bytes-when-splitting-ordered-extent.patch
+maple_tree-fix-mas_empty_area_rev-null-pointer-dereference.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
