--- /dev/null
+From foo@baz Thu Aug 25 02:06:37 PM CEST 2022
+From: Amir Goldstein <amir73il@gmail.com>
+Date: Tue, 23 Aug 2022 15:11:33 +0300
+Subject: fs: remove __sync_filesystem
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Sasha Levin <sashal@kernel.org>, "Darrick J . Wong" <djwong@kernel.org>, Leah Rumancik <leah.rumancik@gmail.com>, Chandan Babu R <chandan.babu@oracle.com>, Luis Chamberlain <mcgrof@kernel.org>, Adam Manzanares <a.manzanares@samsung.com>, linux-xfs@vger.kernel.org, stable@vger.kernel.org, Christoph Hellwig <hch@lst.de>, Chaitanya Kulkarni <kch@nvidia.com>, Jens Axboe <axboe@kernel.dk>
+Message-ID: <20220823121136.1806820-4-amir73il@gmail.com>
+
+From: Amir Goldstein <amir73il@gmail.com>
+
+From: Christoph Hellwig <hch@lst.de>
+
+commit 9a208ba5c9afa62c7b1e9c6f5e783066e84e2d3c upstream.
+
+[backported for dependency]
+
+There is no clear benefit in having this helper vs just open coding it.
+
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
+Link: https://lore.kernel.org/r/20211019062530.2174626-2-hch@lst.de
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Acked-by: Darrick J. Wong <djwong@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/sync.c | 38 +++++++++++++++++---------------------
+ 1 file changed, 17 insertions(+), 21 deletions(-)
+
+--- a/fs/sync.c
++++ b/fs/sync.c
+@@ -22,25 +22,6 @@
+ SYNC_FILE_RANGE_WAIT_AFTER)
+
+ /*
+- * Do the filesystem syncing work. For simple filesystems
+- * writeback_inodes_sb(sb) just dirties buffers with inodes so we have to
+- * submit IO for these buffers via __sync_blockdev(). This also speeds up the
+- * wait == 1 case since in that case write_inode() functions do
+- * sync_dirty_buffer() and thus effectively write one block at a time.
+- */
+-static int __sync_filesystem(struct super_block *sb, int wait)
+-{
+- if (wait)
+- sync_inodes_sb(sb);
+- else
+- writeback_inodes_sb(sb, WB_REASON_SYNC);
+-
+- if (sb->s_op->sync_fs)
+- sb->s_op->sync_fs(sb, wait);
+- return __sync_blockdev(sb->s_bdev, wait);
+-}
+-
+-/*
+ * Write out and wait upon all dirty data associated with this
+ * superblock. Filesystem data as well as the underlying block
+ * device. Takes the superblock lock.
+@@ -61,10 +42,25 @@ int sync_filesystem(struct super_block *
+ if (sb_rdonly(sb))
+ return 0;
+
+- ret = __sync_filesystem(sb, 0);
++ /*
++ * Do the filesystem syncing work. For simple filesystems
++ * writeback_inodes_sb(sb) just dirties buffers with inodes so we have
++ * to submit I/O for these buffers via __sync_blockdev(). This also
++ * speeds up the wait == 1 case since in that case write_inode()
++ * methods call sync_dirty_buffer() and thus effectively write one block
++ * at a time.
++ */
++ writeback_inodes_sb(sb, WB_REASON_SYNC);
++ if (sb->s_op->sync_fs)
++ sb->s_op->sync_fs(sb, 0);
++ ret = __sync_blockdev(sb->s_bdev, 0);
+ if (ret < 0)
+ return ret;
+- return __sync_filesystem(sb, 1);
++
++ sync_inodes_sb(sb);
++ if (sb->s_op->sync_fs)
++ sb->s_op->sync_fs(sb, 1);
++ return __sync_blockdev(sb->s_bdev, 1);
+ }
+ EXPORT_SYMBOL(sync_filesystem);
+
parisc-fix-exception-handler-for-fldw-and-fstw-instructions.patch
kernel-sys_ni-add-compat-entry-for-fadvise64_64.patch
pinctrl-amd-don-t-save-restore-interrupt-status-and-wake-status-bits.patch
+xfs-prevent-a-warn_once-in-xfs_ioc_attr_list.patch
+xfs-reject-crazy-array-sizes-being-fed-to-xfs_ioc_getbmap.patch
+fs-remove-__sync_filesystem.patch
+vfs-make-sync_filesystem-return-errors-from-sync_fs.patch
+xfs-return-errors-in-xfs_fs_sync_fs.patch
+xfs-only-bother-with-sync_filesystem-during-readonly-remount.patch
--- /dev/null
+From foo@baz Thu Aug 25 02:06:37 PM CEST 2022
+From: Amir Goldstein <amir73il@gmail.com>
+Date: Tue, 23 Aug 2022 15:11:34 +0300
+Subject: vfs: make sync_filesystem return errors from ->sync_fs
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Sasha Levin <sashal@kernel.org>, "Darrick J . Wong" <djwong@kernel.org>, Leah Rumancik <leah.rumancik@gmail.com>, Chandan Babu R <chandan.babu@oracle.com>, Luis Chamberlain <mcgrof@kernel.org>, Adam Manzanares <a.manzanares@samsung.com>, linux-xfs@vger.kernel.org, stable@vger.kernel.org, Jan Kara <jack@suse.cz>, Christoph Hellwig <hch@lst.de>, Christian Brauner <brauner@kernel.org>
+Message-ID: <20220823121136.1806820-5-amir73il@gmail.com>
+
+From: Amir Goldstein <amir73il@gmail.com>
+
+From: "Darrick J. Wong" <djwong@kernel.org>
+
+commit 5679897eb104cec9e99609c3f045a0c20603da4c upstream.
+
+[backport to 5.10 only differs in __sync_blockdev helper]
+
+Strangely, sync_filesystem ignores the return code from the ->sync_fs
+call, which means that syscalls like syncfs(2) never see the error.
+This doesn't seem right, so fix that.
+
+Signed-off-by: Darrick J. Wong <djwong@kernel.org>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Acked-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Acked-by: Darrick J. Wong <djwong@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/sync.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+--- a/fs/sync.c
++++ b/fs/sync.c
+@@ -28,7 +28,7 @@
+ */
+ int sync_filesystem(struct super_block *sb)
+ {
+- int ret;
++ int ret = 0;
+
+ /*
+ * We need to be protected against the filesystem going from
+@@ -51,15 +51,21 @@ int sync_filesystem(struct super_block *
+ * at a time.
+ */
+ writeback_inodes_sb(sb, WB_REASON_SYNC);
+- if (sb->s_op->sync_fs)
+- sb->s_op->sync_fs(sb, 0);
++ if (sb->s_op->sync_fs) {
++ ret = sb->s_op->sync_fs(sb, 0);
++ if (ret)
++ return ret;
++ }
+ ret = __sync_blockdev(sb->s_bdev, 0);
+- if (ret < 0)
++ if (ret)
+ return ret;
+
+ sync_inodes_sb(sb);
+- if (sb->s_op->sync_fs)
+- sb->s_op->sync_fs(sb, 1);
++ if (sb->s_op->sync_fs) {
++ ret = sb->s_op->sync_fs(sb, 1);
++ if (ret)
++ return ret;
++ }
+ return __sync_blockdev(sb->s_bdev, 1);
+ }
+ EXPORT_SYMBOL(sync_filesystem);
--- /dev/null
+From foo@baz Thu Aug 25 02:06:37 PM CEST 2022
+From: Amir Goldstein <amir73il@gmail.com>
+Date: Tue, 23 Aug 2022 15:11:36 +0300
+Subject: xfs: only bother with sync_filesystem during readonly remount
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Sasha Levin <sashal@kernel.org>, "Darrick J . Wong" <djwong@kernel.org>, Leah Rumancik <leah.rumancik@gmail.com>, Chandan Babu R <chandan.babu@oracle.com>, Luis Chamberlain <mcgrof@kernel.org>, Adam Manzanares <a.manzanares@samsung.com>, linux-xfs@vger.kernel.org, stable@vger.kernel.org, Dave Chinner <dchinner@redhat.com>
+Message-ID: <20220823121136.1806820-7-amir73il@gmail.com>
+
+From: Amir Goldstein <amir73il@gmail.com>
+
+From: "Darrick J. Wong" <djwong@kernel.org>
+
+commit b97cca3ba9098522e5a1c3388764ead42640c1a5 upstream.
+
+In commit 02b9984d6408, we pushed a sync_filesystem() call from the VFS
+into xfs_fs_remount. The only time that we ever need to push dirty file
+data or metadata to disk for a remount is if we're remounting the
+filesystem read only, so this really could be moved to xfs_remount_ro.
+
+Once we've moved the call site, actually check the return value from
+sync_filesystem.
+
+Fixes: 02b9984d6408 ("fs: push sync_filesystem() down to the file system's remount_fs()")
+Signed-off-by: Darrick J. Wong <djwong@kernel.org>
+Reviewed-by: Dave Chinner <dchinner@redhat.com>
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Acked-by: Darrick J. Wong <djwong@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/xfs/xfs_super.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/fs/xfs/xfs_super.c
++++ b/fs/xfs/xfs_super.c
+@@ -1720,6 +1720,11 @@ xfs_remount_ro(
+ };
+ int error;
+
++ /* Flush all the dirty data to disk. */
++ error = sync_filesystem(mp->m_super);
++ if (error)
++ return error;
++
+ /*
+ * Cancel background eofb scanning so it cannot race with the final
+ * log force+buftarg wait and deadlock the remount.
+@@ -1790,8 +1795,6 @@ xfs_fc_reconfigure(
+ if (error)
+ return error;
+
+- sync_filesystem(mp->m_super);
+-
+ /* inode32 -> inode64 */
+ if ((mp->m_flags & XFS_MOUNT_SMALL_INUMS) &&
+ !(new_mp->m_flags & XFS_MOUNT_SMALL_INUMS)) {
--- /dev/null
+From foo@baz Thu Aug 25 02:06:37 PM CEST 2022
+From: Amir Goldstein <amir73il@gmail.com>
+Date: Tue, 23 Aug 2022 15:11:31 +0300
+Subject: xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list()
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Sasha Levin <sashal@kernel.org>, "Darrick J . Wong" <djwong@kernel.org>, Leah Rumancik <leah.rumancik@gmail.com>, Chandan Babu R <chandan.babu@oracle.com>, Luis Chamberlain <mcgrof@kernel.org>, Adam Manzanares <a.manzanares@samsung.com>, linux-xfs@vger.kernel.org, stable@vger.kernel.org, Dan Carpenter <dan.carpenter@oracle.com>
+Message-ID: <20220823121136.1806820-2-amir73il@gmail.com>
+
+From: Amir Goldstein <amir73il@gmail.com>
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 6ed6356b07714e0198be3bc3ecccc8b40a212de4 upstream.
+
+The "bufsize" comes from the root user. If "bufsize" is negative then,
+because of type promotion, neither of the validation checks at the start
+of the function are able to catch it:
+
+ if (bufsize < sizeof(struct xfs_attrlist) ||
+ bufsize > XFS_XATTR_LIST_MAX)
+ return -EINVAL;
+
+This means "bufsize" will trigger (WARN_ON_ONCE(size > INT_MAX)) in
+kvmalloc_node(). Fix this by changing the type from int to size_t.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Reviewed-by: Darrick J. Wong <djwong@kernel.org>
+Signed-off-by: Darrick J. Wong <djwong@kernel.org>
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Acked-by: Darrick J. Wong <djwong@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/xfs/xfs_ioctl.c | 2 +-
+ fs/xfs/xfs_ioctl.h | 5 +++--
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+--- a/fs/xfs/xfs_ioctl.c
++++ b/fs/xfs/xfs_ioctl.c
+@@ -371,7 +371,7 @@ int
+ xfs_ioc_attr_list(
+ struct xfs_inode *dp,
+ void __user *ubuf,
+- int bufsize,
++ size_t bufsize,
+ int flags,
+ struct xfs_attrlist_cursor __user *ucursor)
+ {
+--- a/fs/xfs/xfs_ioctl.h
++++ b/fs/xfs/xfs_ioctl.h
+@@ -38,8 +38,9 @@ xfs_readlink_by_handle(
+ int xfs_ioc_attrmulti_one(struct file *parfilp, struct inode *inode,
+ uint32_t opcode, void __user *uname, void __user *value,
+ uint32_t *len, uint32_t flags);
+-int xfs_ioc_attr_list(struct xfs_inode *dp, void __user *ubuf, int bufsize,
+- int flags, struct xfs_attrlist_cursor __user *ucursor);
++int xfs_ioc_attr_list(struct xfs_inode *dp, void __user *ubuf,
++ size_t bufsize, int flags,
++ struct xfs_attrlist_cursor __user *ucursor);
+
+ extern struct dentry *
+ xfs_handle_to_dentry(
--- /dev/null
+From foo@baz Thu Aug 25 02:06:37 PM CEST 2022
+From: Amir Goldstein <amir73il@gmail.com>
+Date: Tue, 23 Aug 2022 15:11:32 +0300
+Subject: xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP*
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Sasha Levin <sashal@kernel.org>, "Darrick J . Wong" <djwong@kernel.org>, Leah Rumancik <leah.rumancik@gmail.com>, Chandan Babu R <chandan.babu@oracle.com>, Luis Chamberlain <mcgrof@kernel.org>, Adam Manzanares <a.manzanares@samsung.com>, linux-xfs@vger.kernel.org, stable@vger.kernel.org, Allison Henderson <allison.henderson@oracle.com>, Catherine Hoang <catherine.hoang@oracle.com>
+Message-ID: <20220823121136.1806820-3-amir73il@gmail.com>
+
+From: Amir Goldstein <amir73il@gmail.com>
+
+From: "Darrick J. Wong" <djwong@kernel.org>
+
+commit 29d650f7e3ab55283b89c9f5883d0c256ce478b5 upstream.
+
+Syzbot tripped over the following complaint from the kernel:
+
+WARNING: CPU: 2 PID: 15402 at mm/util.c:597 kvmalloc_node+0x11e/0x125 mm/util.c:597
+
+While trying to run XFS_IOC_GETBMAP against the following structure:
+
+struct getbmap fubar = {
+ .bmv_count = 0x22dae649,
+};
+
+Obviously, this is a crazy huge value since the next thing that the
+ioctl would do is allocate 37GB of memory. This is enough to make
+kvmalloc mad, but isn't large enough to trip the validation functions.
+In other words, I'm fussing with checks that were **already sufficient**
+because that's easier than dealing with 644 internal bug reports. Yes,
+that's right, six hundred and forty-four.
+
+Signed-off-by: Darrick J. Wong <djwong@kernel.org>
+Reviewed-by: Allison Henderson <allison.henderson@oracle.com>
+Reviewed-by: Catherine Hoang <catherine.hoang@oracle.com>
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Acked-by: Darrick J. Wong <djwong@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/xfs/xfs_ioctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/xfs/xfs_ioctl.c
++++ b/fs/xfs/xfs_ioctl.c
+@@ -1689,7 +1689,7 @@ xfs_ioc_getbmap(
+
+ if (bmx.bmv_count < 2)
+ return -EINVAL;
+- if (bmx.bmv_count > ULONG_MAX / recsize)
++ if (bmx.bmv_count >= INT_MAX / recsize)
+ return -ENOMEM;
+
+ buf = kvzalloc(bmx.bmv_count * sizeof(*buf), GFP_KERNEL);
--- /dev/null
+From foo@baz Thu Aug 25 02:06:37 PM CEST 2022
+From: Amir Goldstein <amir73il@gmail.com>
+Date: Tue, 23 Aug 2022 15:11:35 +0300
+Subject: xfs: return errors in xfs_fs_sync_fs
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Sasha Levin <sashal@kernel.org>, "Darrick J . Wong" <djwong@kernel.org>, Leah Rumancik <leah.rumancik@gmail.com>, Chandan Babu R <chandan.babu@oracle.com>, Luis Chamberlain <mcgrof@kernel.org>, Adam Manzanares <a.manzanares@samsung.com>, linux-xfs@vger.kernel.org, stable@vger.kernel.org, Jan Kara <jack@suse.cz>, Christoph Hellwig <hch@lst.de>, Christian Brauner <brauner@kernel.org>
+Message-ID: <20220823121136.1806820-6-amir73il@gmail.com>
+
+From: Amir Goldstein <amir73il@gmail.com>
+
+From: "Darrick J. Wong" <djwong@kernel.org>
+
+commit 2d86293c70750e4331e9616aded33ab6b47c299d upstream.
+
+Now that the VFS will do something with the return values from
+->sync_fs, make ours pass on error codes.
+
+Signed-off-by: Darrick J. Wong <djwong@kernel.org>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Acked-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Acked-by: Darrick J. Wong <djwong@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/xfs/xfs_super.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/fs/xfs/xfs_super.c
++++ b/fs/xfs/xfs_super.c
+@@ -757,6 +757,7 @@ xfs_fs_sync_fs(
+ int wait)
+ {
+ struct xfs_mount *mp = XFS_M(sb);
++ int error;
+
+ /*
+ * Doing anything during the async pass would be counterproductive.
+@@ -764,7 +765,10 @@ xfs_fs_sync_fs(
+ if (!wait)
+ return 0;
+
+- xfs_log_force(mp, XFS_LOG_SYNC);
++ error = xfs_log_force(mp, XFS_LOG_SYNC);
++ if (error)
++ return error;
++
+ if (laptop_mode) {
+ /*
+ * The disk must be active because we're syncing.
projects / thirdparty / kernel / stable-queue.git / commitdiff
