--- /dev/null
+From 604e6681e114d05a2e384c4d1e8ef81918037ef5 Mon Sep 17 00:00:00 2001
+From: Qu Wenruo <wqu@suse.com>
+Date: Thu, 6 Apr 2023 13:00:34 +0800
+Subject: btrfs: scrub: reject unsupported scrub flags
+
+From: Qu Wenruo <wqu@suse.com>
+
+commit 604e6681e114d05a2e384c4d1e8ef81918037ef5 upstream.
+
+Since the introduction of scrub interface, the only flag that we support
+is BTRFS_SCRUB_READONLY. Thus there is no sanity checks, if there are
+some undefined flags passed in, we just ignore them.
+
+This is problematic if we want to introduce new scrub flags, as we have
+no way to determine if such flags are supported.
+
+Address the problem by introducing a check for the flags, and if
+unsupported flags are set, return -EOPNOTSUPP to inform the user space.
+
+This check should be backported for all supported kernels before any new
+scrub flags are introduced.
+
+CC: stable@vger.kernel.org # 4.14+
+Reviewed-by: Anand Jain <anand.jain@oracle.com>
+Signed-off-by: Qu Wenruo <wqu@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/ioctl.c | 5 +++++
+ include/uapi/linux/btrfs.h | 1 +
+ 2 files changed, 6 insertions(+)
+
+--- a/fs/btrfs/ioctl.c
++++ b/fs/btrfs/ioctl.c
+@@ -4722,6 +4722,11 @@ static long btrfs_ioctl_scrub(struct fil
+ if (IS_ERR(sa))
+ return PTR_ERR(sa);
+
++ if (sa->flags & ~BTRFS_SCRUB_SUPPORTED_FLAGS) {
++ ret = -EOPNOTSUPP;
++ goto out;
++ }
++
+ if (!(sa->flags & BTRFS_SCRUB_READONLY)) {
+ ret = mnt_want_write_file(file);
+ if (ret)
+--- a/include/uapi/linux/btrfs.h
++++ b/include/uapi/linux/btrfs.h
+@@ -162,6 +162,7 @@ struct btrfs_scrub_progress {
+ };
+
+ #define BTRFS_SCRUB_READONLY 1
++#define BTRFS_SCRUB_SUPPORTED_FLAGS (BTRFS_SCRUB_READONLY)
+ struct btrfs_ioctl_scrub_args {
+ __u64 devid; /* in */
+ __u64 start; /* in */
--- /dev/null
+From 98dba02d9a93eec11bffbb93c7c51624290702d2 Mon Sep 17 00:00:00 2001
+From: Mikulas Patocka <mpatocka@redhat.com>
+Date: Tue, 18 Apr 2023 15:57:47 -0400
+Subject: dm flakey: fix a crash with invalid table line
+
+From: Mikulas Patocka <mpatocka@redhat.com>
+
+commit 98dba02d9a93eec11bffbb93c7c51624290702d2 upstream.
+
+This command will crash with NULL pointer dereference:
+ dmsetup create flakey --table \
+ "0 `blockdev --getsize /dev/ram0` flakey /dev/ram0 0 0 1 2 corrupt_bio_byte 512"
+
+Fix the crash by checking if arg_name is non-NULL before comparing it.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Signed-off-by: Mike Snitzer <snitzer@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/md/dm-flakey.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/md/dm-flakey.c
++++ b/drivers/md/dm-flakey.c
+@@ -124,9 +124,9 @@ static int parse_features(struct dm_arg_
+ * Direction r or w?
+ */
+ arg_name = dm_shift_arg(as);
+- if (!strcasecmp(arg_name, "w"))
++ if (arg_name && !strcasecmp(arg_name, "w"))
+ fc->corrupt_bio_rw = WRITE;
+- else if (!strcasecmp(arg_name, "r"))
++ else if (arg_name && !strcasecmp(arg_name, "r"))
+ fc->corrupt_bio_rw = READ;
+ else {
+ ti->error = "Invalid corrupt bio direction (r or w)";
--- /dev/null
+From 6b79a428c02769f2a11f8ae76bf866226d134887 Mon Sep 17 00:00:00 2001
+From: Mike Snitzer <snitzer@kernel.org>
+Date: Tue, 4 Apr 2023 13:34:28 -0400
+Subject: dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
+
+From: Mike Snitzer <snitzer@kernel.org>
+
+commit 6b79a428c02769f2a11f8ae76bf866226d134887 upstream.
+
+Otherwise the journal_io_cache will leak if dm_register_target() fails.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Mike Snitzer <snitzer@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/md/dm-integrity.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/drivers/md/dm-integrity.c
++++ b/drivers/md/dm-integrity.c
+@@ -3689,11 +3689,13 @@ int __init dm_integrity_init(void)
+ }
+
+ r = dm_register_target(&integrity_target);
+-
+- if (r < 0)
++ if (r < 0) {
+ DMERR("register failed %d", r);
++ kmem_cache_destroy(journal_io_cache);
++ return r;
++ }
+
+- return r;
++ return 0;
+ }
+
+ void dm_integrity_exit(void)
--- /dev/null
+From 3d32aaa7e66d5c1479a3c31d6c2c5d45dd0d3b89 Mon Sep 17 00:00:00 2001
+From: Mike Snitzer <snitzer@kernel.org>
+Date: Mon, 17 Apr 2023 11:59:56 -0400
+Subject: dm ioctl: fix nested locking in table_clear() to remove deadlock concern
+
+From: Mike Snitzer <snitzer@kernel.org>
+
+commit 3d32aaa7e66d5c1479a3c31d6c2c5d45dd0d3b89 upstream.
+
+syzkaller found the following problematic rwsem locking (with write
+lock already held):
+
+ down_read+0x9d/0x450 kernel/locking/rwsem.c:1509
+ dm_get_inactive_table+0x2b/0xc0 drivers/md/dm-ioctl.c:773
+ __dev_status+0x4fd/0x7c0 drivers/md/dm-ioctl.c:844
+ table_clear+0x197/0x280 drivers/md/dm-ioctl.c:1537
+
+In table_clear, it first acquires a write lock
+https://elixir.bootlin.com/linux/v6.2/source/drivers/md/dm-ioctl.c#L1520
+down_write(&_hash_lock);
+
+Then before the lock is released at L1539, there is a path shown above:
+table_clear -> __dev_status -> dm_get_inactive_table -> down_read
+https://elixir.bootlin.com/linux/v6.2/source/drivers/md/dm-ioctl.c#L773
+down_read(&_hash_lock);
+
+It tries to acquire the same read lock again, resulting in the deadlock
+problem.
+
+Fix this by moving table_clear()'s __dev_status() call to after its
+up_write(&_hash_lock);
+
+Cc: stable@vger.kernel.org
+Reported-by: Zheng Zhang <zheng.zhang@email.ucr.edu>
+Signed-off-by: Mike Snitzer <snitzer@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/md/dm-ioctl.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/drivers/md/dm-ioctl.c
++++ b/drivers/md/dm-ioctl.c
+@@ -1410,11 +1410,12 @@ static int table_clear(struct file *filp
+ hc->new_map = NULL;
+ }
+
+- param->flags &= ~DM_INACTIVE_PRESENT_FLAG;
+-
+- __dev_status(hc->md, param);
+ md = hc->md;
+ up_write(&_hash_lock);
++
++ param->flags &= ~DM_INACTIVE_PRESENT_FLAG;
++ __dev_status(md, param);
++
+ if (old_map) {
+ dm_sync_table(md);
+ dm_table_destroy(old_map);
--- /dev/null
+From e8c5d45f82ce0c238a4817739892fe8897a3dcc3 Mon Sep 17 00:00:00 2001
+From: Yeongjin Gil <youngjin.gil@samsung.com>
+Date: Mon, 20 Mar 2023 15:59:32 +0900
+Subject: dm verity: fix error handling for check_at_most_once on FEC
+
+From: Yeongjin Gil <youngjin.gil@samsung.com>
+
+commit e8c5d45f82ce0c238a4817739892fe8897a3dcc3 upstream.
+
+In verity_end_io(), if bi_status is not BLK_STS_OK, it can be return
+directly. But if FEC configured, it is desired to correct the data page
+through verity_verify_io. And the return value will be converted to
+blk_status and passed to verity_finish_io().
+
+BTW, when a bit is set in v->validated_blocks, verity_verify_io() skips
+verification regardless of I/O error for the corresponding bio. In this
+case, the I/O error could not be returned properly, and as a result,
+there is a problem that abnormal data could be read for the
+corresponding block.
+
+To fix this problem, when an I/O error occurs, do not skip verification
+even if the bit related is set in v->validated_blocks.
+
+Fixes: 843f38d382b1 ("dm verity: add 'check_at_most_once' option to only validate hashes once")
+Cc: stable@vger.kernel.org
+Reviewed-by: Sungjong Seo <sj1557.seo@samsung.com>
+Signed-off-by: Yeongjin Gil <youngjin.gil@samsung.com>
+Signed-off-by: Mike Snitzer <snitzer@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/md/dm-verity-target.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/md/dm-verity-target.c
++++ b/drivers/md/dm-verity-target.c
+@@ -477,7 +477,7 @@ static int verity_verify_io(struct dm_ve
+ sector_t cur_block = io->block + b;
+ struct ahash_request *req = verity_io_hash_req(v, io);
+
+- if (v->validated_blocks &&
++ if (v->validated_blocks && bio->bi_status == BLK_STS_OK &&
+ likely(test_bit(cur_block, v->validated_blocks))) {
+ verity_bv_skip_block(v, io, &io->iter);
+ continue;
--- /dev/null
+From d8898ee50edecacdf0141f26fd90acf43d7e9cd7 Mon Sep 17 00:00:00 2001
+From: Stefan Haberland <sth@linux.ibm.com>
+Date: Wed, 5 Apr 2023 16:20:17 +0200
+Subject: s390/dasd: fix hanging blockdevice after request requeue
+
+From: Stefan Haberland <sth@linux.ibm.com>
+
+commit d8898ee50edecacdf0141f26fd90acf43d7e9cd7 upstream.
+
+The DASD driver does not kick the requeue list when requeuing IO requests
+to the blocklayer. This might lead to hanging blockdevice when there is
+no other trigger for this.
+
+Fix by automatically kick the requeue list when requeuing DASD requests
+to the blocklayer.
+
+Fixes: e443343e509a ("s390/dasd: blk-mq conversion")
+CC: stable@vger.kernel.org # 4.14+
+Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
+Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
+Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
+Link: https://lore.kernel.org/r/20230405142017.2446986-8-sth@linux.ibm.com
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/s390/block/dasd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/s390/block/dasd.c
++++ b/drivers/s390/block/dasd.c
+@@ -2841,7 +2841,7 @@ static int _dasd_requeue_request(struct
+ return 0;
+ spin_lock_irq(&cqr->dq->lock);
+ req = (struct request *) cqr->callback_data;
+- blk_mq_requeue_request(req, false);
++ blk_mq_requeue_request(req, true);
+ spin_unlock_irq(&cqr->dq->lock);
+
+ return 0;
md-raid10-fix-null-ptr-deref-in-raid10_sync_request.patch
wifi-rtl8xxxu-rtl8192eu-always-needs-full-init.patch
clk-rockchip-rk3399-allow-clk_cifout-to-force-clk_cifout_src-to-reparent.patch
+btrfs-scrub-reject-unsupported-scrub-flags.patch
+s390-dasd-fix-hanging-blockdevice-after-request-requeue.patch
+dm-verity-fix-error-handling-for-check_at_most_once-on-fec.patch
+dm-integrity-call-kmem_cache_destroy-in-dm_integrity_init-error-path.patch
+dm-flakey-fix-a-crash-with-invalid-table-line.patch
+dm-ioctl-fix-nested-locking-in-table_clear-to-remove-deadlock-concern.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
