5.10-stable patches

added patches:
	gfs2-assign-rgrp-glock-before-compute_bitstructs.patch

diff --git a/queue-5.10/gfs2-assign-rgrp-glock-before-compute_bitstructs.patch b/queue-5.10/gfs2-assign-rgrp-glock-before-compute_bitstructs.patch
new file mode 100644 (file)
index 0000000..92e28fe
--- /dev/null
+++ b/queue-5.10/gfs2-assign-rgrp-glock-before-compute_bitstructs.patch
@@ -0,0 +1,62 @@
+From 428f651cb80b227af47fc302e4931791f2fb4741 Mon Sep 17 00:00:00 2001
+From: Bob Peterson <rpeterso@redhat.com>
+Date: Mon, 17 Jan 2022 10:25:07 -0500
+Subject: gfs2: assign rgrp glock before compute_bitstructs
+
+From: Bob Peterson <rpeterso@redhat.com>
+
+commit 428f651cb80b227af47fc302e4931791f2fb4741 upstream.
+
+Before this patch, function read_rindex_entry called compute_bitstructs
+before it allocated a glock for the rgrp. But if compute_bitstructs found
+a problem with the rgrp, it called gfs2_consist_rgrpd, and that called
+gfs2_dump_glock for rgd->rd_gl which had not yet been assigned.
+
+read_rindex_entry
+   compute_bitstructs
+      gfs2_consist_rgrpd
+         gfs2_dump_glock <---------rgd->rd_gl was not set.
+
+This patch changes read_rindex_entry so it assigns an rgrp glock before
+calling compute_bitstructs so gfs2_dump_glock does not reference an
+unassigned pointer. If an error is discovered, the glock must also be
+put, so a new goto and label were added.
+
+Reported-by: syzbot+c6fd14145e2f62ca0784@syzkaller.appspotmail.com
+Signed-off-by: Bob Peterson <rpeterso@redhat.com>
+Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/gfs2/rgrp.c |    9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/fs/gfs2/rgrp.c
++++ b/fs/gfs2/rgrp.c
+@@ -906,15 +906,15 @@ static int read_rindex_entry(struct gfs2
+       rgd->rd_bitbytes = be32_to_cpu(buf.ri_bitbytes);
+       spin_lock_init(&rgd->rd_rsspin);
+ 
+-      error = compute_bitstructs(rgd);
+-      if (error)
+-              goto fail;
+-
+       error = gfs2_glock_get(sdp, rgd->rd_addr,
+                              &gfs2_rgrp_glops, CREATE, &rgd->rd_gl);
+       if (error)
+               goto fail;
+ 
++      error = compute_bitstructs(rgd);
++      if (error)
++              goto fail_glock;
++
+       rgd->rd_rgl = (struct gfs2_rgrp_lvb *)rgd->rd_gl->gl_lksb.sb_lvbptr;
+       rgd->rd_flags &= ~(GFS2_RDF_UPTODATE | GFS2_RDF_PREFERRED);
+       if (rgd->rd_data > sdp->sd_max_rg_data)
+@@ -928,6 +928,7 @@ static int read_rindex_entry(struct gfs2
+       }
+ 
+       error = 0; /* someone else read in the rgrp; free it and ignore it */
++fail_glock:
+       gfs2_glock_put(rgd->rd_gl);
+ 
+ fail:

diff --git a/queue-5.10/series b/queue-5.10/series
index 3155bbd1dfd5a4c7c35fb3aebac244b3ed250895..d2e6c3cf8fa3c630e69b56a03d2693dfd4741285 100644 (file)
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -2,3 +2,4 @@ etherdevice-adjust-ether_addr-prototypes-to-silence-wstringop-overead.patch
 mm-page_alloc-fix-building-error-on-werror-array-compare.patch
 tracing-dump-stacktrace-trigger-to-the-corresponding-instance.patch
 perf-tools-fix-segfault-accessing-sample_id-xyarray.patch
+gfs2-assign-rgrp-glock-before-compute_bitstructs.patch