From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 29 Nov 2021 16:13:33 +0000 (+0100)
Subject: 4.19-stable patches
X-Git-Tag: v5.15.6~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2f2541bb720da3aa050274ed64014b768d848693;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	fuse-release-pipe-buf-after-last-use.patch
---

diff --git a/queue-4.19/fuse-release-pipe-buf-after-last-use.patch b/queue-4.19/fuse-release-pipe-buf-after-last-use.patch
new file mode 100644
index 00000000000..17b53f9fab9
--- /dev/null
+++ b/queue-4.19/fuse-release-pipe-buf-after-last-use.patch
@@ -0,0 +1,51 @@
+From 473441720c8616dfaf4451f9c7ea14f0eb5e5d65 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Thu, 25 Nov 2021 14:05:18 +0100
+Subject: fuse: release pipe buf after last use
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit 473441720c8616dfaf4451f9c7ea14f0eb5e5d65 upstream.
+
+Checking buf->flags should be done before the pipe_buf_release() is called
+on the pipe buffer, since releasing the buffer might modify the flags.
+
+This is exactly what page_cache_pipe_buf_release() does, and which results
+in the same VM_BUG_ON_PAGE(PageLRU(page)) that the original patch was
+trying to fix.
+
+Reported-by: Justin Forbes <jmforbes@linuxtx.org>
+Fixes: 712a951025c0 ("fuse: fix page stealing")
+Cc: <stable@vger.kernel.org> # v2.6.35
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/fuse/dev.c |   10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/fs/fuse/dev.c
++++ b/fs/fuse/dev.c
+@@ -905,17 +905,17 @@ static int fuse_try_move_page(struct fus
+ 		goto out_put_old;
+ 	}
+ 
++	get_page(newpage);
++
++	if (!(buf->flags & PIPE_BUF_FLAG_LRU))
++		lru_cache_add_file(newpage);
++
+ 	/*
+ 	 * Release while we have extra ref on stolen page.  Otherwise
+ 	 * anon_pipe_buf_release() might think the page can be reused.
+ 	 */
+ 	pipe_buf_release(cs->pipe, buf);
+ 
+-	get_page(newpage);
+-
+-	if (!(buf->flags & PIPE_BUF_FLAG_LRU))
+-		lru_cache_add_file(newpage);
+-
+ 	err = 0;
+ 	spin_lock(&cs->req->waitq.lock);
+ 	if (test_bit(FR_ABORTED, &cs->req->flags))
diff --git a/queue-4.19/series b/queue-4.19/series
index db8bef5c1d2..f03066e49e7 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -57,3 +57,4 @@ tracing-check-pid-filtering-when-creating-events.patch
 s390-mm-validate-vma-in-pgste-manipulation-functions.patch
 hugetlbfs-flush-tlbs-correctly-after-huge_pmd_unshare.patch
 nfc-add-nci_unreg-flag-to-eliminate-the-race.patch
+fuse-release-pipe-buf-after-last-use.patch