From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 27 Feb 2024 09:22:58 +0000 (+0100)
Subject: 5.4-stable patches
X-Git-Tag: v4.19.308~21
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2f6d60d6d496cebdc7d7a53ce51db4c10c59b5a0;p=thirdparty%2Fkernel%2Fstable-queue.git

5.4-stable patches

added patches:
	fs-aio-restrict-kiocb_set_cancel_fn-to-i-o-submitted-via-libaio.patch
---

diff --git a/queue-5.4/fs-aio-restrict-kiocb_set_cancel_fn-to-i-o-submitted-via-libaio.patch b/queue-5.4/fs-aio-restrict-kiocb_set_cancel_fn-to-i-o-submitted-via-libaio.patch
new file mode 100644
index 00000000000..631c6daaeea
--- /dev/null
+++ b/queue-5.4/fs-aio-restrict-kiocb_set_cancel_fn-to-i-o-submitted-via-libaio.patch
@@ -0,0 +1,84 @@
+From b820de741ae48ccf50dd95e297889c286ff4f760 Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Thu, 15 Feb 2024 12:47:38 -0800
+Subject: fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
+
+From: Bart Van Assche <bvanassche@acm.org>
+
+commit b820de741ae48ccf50dd95e297889c286ff4f760 upstream.
+
+If kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the
+following kernel warning appears:
+
+WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8
+Call trace:
+ kiocb_set_cancel_fn+0x9c/0xa8
+ ffs_epfile_read_iter+0x144/0x1d0
+ io_read+0x19c/0x498
+ io_issue_sqe+0x118/0x27c
+ io_submit_sqes+0x25c/0x5fc
+ __arm64_sys_io_uring_enter+0x104/0xab0
+ invoke_syscall+0x58/0x11c
+ el0_svc_common+0xb4/0xf4
+ do_el0_svc+0x2c/0xb0
+ el0_svc+0x2c/0xa4
+ el0t_64_sync_handler+0x68/0xb4
+ el0t_64_sync+0x1a4/0x1a8
+
+Fix this by setting the IOCB_AIO_RW flag for read and write I/O that is
+submitted by libaio.
+
+Suggested-by: Jens Axboe <axboe@kernel.dk>
+Cc: Christoph Hellwig <hch@lst.de>
+Cc: Avi Kivity <avi@scylladb.com>
+Cc: Sandeep Dhavale <dhavale@google.com>
+Cc: Jens Axboe <axboe@kernel.dk>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Kent Overstreet <kent.overstreet@linux.dev>
+Cc: stable@vger.kernel.org
+Signed-off-by: Bart Van Assche <bvanassche@acm.org>
+Link: https://lore.kernel.org/r/20240215204739.2677806-2-bvanassche@acm.org
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Bart Van Assche <bvanassche@acm.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/aio.c           |    9 ++++++++-
+ include/linux/fs.h |    2 ++
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+--- a/fs/aio.c
++++ b/fs/aio.c
+@@ -570,6 +570,13 @@ void kiocb_set_cancel_fn(struct kiocb *i
+ 	struct kioctx *ctx = req->ki_ctx;
+ 	unsigned long flags;
+ 
++	/*
++	 * kiocb didn't come from aio or is neither a read nor a write, hence
++	 * ignore it.
++	 */
++	if (!(iocb->ki_flags & IOCB_AIO_RW))
++		return;
++
+ 	if (WARN_ON_ONCE(!list_empty(&req->ki_list)))
+ 		return;
+ 
+@@ -1455,7 +1462,7 @@ static int aio_prep_rw(struct kiocb *req
+ 	req->ki_complete = aio_complete_rw;
+ 	req->private = NULL;
+ 	req->ki_pos = iocb->aio_offset;
+-	req->ki_flags = iocb_flags(req->ki_filp);
++	req->ki_flags = iocb_flags(req->ki_filp) | IOCB_AIO_RW;
+ 	if (iocb->aio_flags & IOCB_FLAG_RESFD)
+ 		req->ki_flags |= IOCB_EVENTFD;
+ 	req->ki_hint = ki_hint_validate(file_write_hint(req->ki_filp));
+--- a/include/linux/fs.h
++++ b/include/linux/fs.h
+@@ -314,6 +314,8 @@ enum rw_hint {
+ #define IOCB_SYNC		(1 << 5)
+ #define IOCB_WRITE		(1 << 6)
+ #define IOCB_NOWAIT		(1 << 7)
++/* kiocb is a read or write operation submitted by fs/aio.c. */
++#define IOCB_AIO_RW		(1 << 23)
+ 
+ struct kiocb {
+ 	struct file		*ki_filp;
diff --git a/queue-5.4/series b/queue-5.4/series
index c506bc1b8c8..b3e6a460a4b 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -80,3 +80,4 @@ tls-stop-recv-if-initial-process_rx_list-gave-us-non.patch
 netfilter-nf_tables-set-dormant-flag-on-hook-registe.patch
 drm-syncobj-make-lockdep-complain-on-wait_for_submit.patch
 drm-syncobj-call-drm_syncobj_fence_add_wait-when-wai.patch
+fs-aio-restrict-kiocb_set_cancel_fn-to-i-o-submitted-via-libaio.patch