From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 21 Jan 2025 07:58:26 +0000 (+0100)
Subject: 6.6-stable patches
X-Git-Tag: v6.6.73~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1c50be1ef91817faea347e32823f4d356ec1abc6;p=thirdparty%2Fkernel%2Fstable-queue.git

6.6-stable patches

added patches:
	ocfs2-fix-deadlock-in-ocfs2_get_system_file_inode.patch
---

diff --git a/queue-6.6/ocfs2-fix-deadlock-in-ocfs2_get_system_file_inode.patch b/queue-6.6/ocfs2-fix-deadlock-in-ocfs2_get_system_file_inode.patch
new file mode 100644
index 0000000000..8ec9c7507e
--- /dev/null
+++ b/queue-6.6/ocfs2-fix-deadlock-in-ocfs2_get_system_file_inode.patch
@@ -0,0 +1,78 @@
+From 7bf1823e010e8db2fb649c790bd1b449a75f52d8 Mon Sep 17 00:00:00 2001
+From: Mohammed Anees <pvmohammedanees2003@gmail.com>
+Date: Tue, 24 Sep 2024 09:32:57 +0000
+Subject: ocfs2: fix deadlock in ocfs2_get_system_file_inode
+
+From: Mohammed Anees <pvmohammedanees2003@gmail.com>
+
+commit 7bf1823e010e8db2fb649c790bd1b449a75f52d8 upstream.
+
+syzbot has found a possible deadlock in ocfs2_get_system_file_inode [1].
+
+The scenario is depicted here,
+
+	CPU0					CPU1
+lock(&ocfs2_file_ip_alloc_sem_key);
+                               lock(&osb->system_file_mutex);
+                               lock(&ocfs2_file_ip_alloc_sem_key);
+lock(&osb->system_file_mutex);
+
+The function calls which could lead to this are:
+
+CPU0
+ocfs2_mknod - lock(&ocfs2_file_ip_alloc_sem_key);
+.
+.
+.
+ocfs2_get_system_file_inode - lock(&osb->system_file_mutex);
+
+CPU1 -
+ocfs2_fill_super - lock(&osb->system_file_mutex);
+.
+.
+.
+ocfs2_read_virt_blocks - lock(&ocfs2_file_ip_alloc_sem_key);
+
+This issue can be resolved by making the down_read -> down_read_try
+in the ocfs2_read_virt_blocks.
+
+[1] https://syzkaller.appspot.com/bug?extid=e0055ea09f1f5e6fabdd
+
+Link: https://lkml.kernel.org/r/20240924093257.7181-1-pvmohammedanees2003@gmail.com
+Signed-off-by: Mohammed Anees <pvmohammedanees2003@gmail.com>
+Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
+Reported-by: <syzbot+e0055ea09f1f5e6fabdd@syzkaller.appspotmail.com>
+Closes: https://syzkaller.appspot.com/bug?extid=e0055ea09f1f5e6fabdd
+Tested-by: syzbot+e0055ea09f1f5e6fabdd@syzkaller.appspotmail.com
+Cc: Mark Fasheh <mark@fasheh.com>
+Cc: Joel Becker <jlbec@evilplan.org>
+Cc: Junxiao Bi <junxiao.bi@oracle.com>
+Cc: Changwei Ge <gechangwei@live.cn>
+Cc: Gang He <ghe@suse.com>
+Cc: Jun Piao <piaojun@huawei.com>
+Cc:  <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Cc: Xingyu Li <xli399@ucr.edu>
+Cc: Zheng Zhang <zzhan173@ucr.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ocfs2/extent_map.c |    8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/fs/ocfs2/extent_map.c
++++ b/fs/ocfs2/extent_map.c
+@@ -973,7 +973,13 @@ int ocfs2_read_virt_blocks(struct inode
+ 	}
+ 
+ 	while (done < nr) {
+-		down_read(&OCFS2_I(inode)->ip_alloc_sem);
++		if (!down_read_trylock(&OCFS2_I(inode)->ip_alloc_sem)) {
++			rc = -EAGAIN;
++			mlog(ML_ERROR,
++				 "Inode #%llu ip_alloc_sem is temporarily unavailable\n",
++				 (unsigned long long)OCFS2_I(inode)->ip_blkno);
++			break;
++		}
+ 		rc = ocfs2_extent_map_get_blocks(inode, v_block + done,
+ 						 &p_block, &p_count, NULL);
+ 		up_read(&OCFS2_I(inode)->ip_alloc_sem);
diff --git a/queue-6.6/series b/queue-6.6/series
index b3d9ef9b09..2e39acf5e2 100644
--- a/queue-6.6/series
+++ b/queue-6.6/series
@@ -62,3 +62,4 @@ revert-pci-use-preserve_config-in-place-of-pci_flags.patch
 iio-imu-inv_icm42600-fix-spi-burst-write-not-supported.patch
 drm-amd-display-fix-out-of-bounds-access-in-dcn21_link_encoder_create.patch
 block-fix-uaf-for-flush-rq-while-iterating-tags.patch
+ocfs2-fix-deadlock-in-ocfs2_get_system_file_inode.patch