From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 25 Apr 2022 11:58:02 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v4.9.312~31
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=39a1a183433f32830ca4c9f5e71d329a214ce9b7;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	ext4-fix-overhead-calculation-to-account-for-the-reserved-gdt-blocks.patch
	ext4-force-overhead-calculation-if-the-s_overhead_cluster-makes-no-sense.patch
	ext4-limit-length-to-bitmap_maxbytes-blocksize-in-punch_hole.patch
---

diff --git a/queue-4.9/ext4-fix-overhead-calculation-to-account-for-the-reserved-gdt-blocks.patch b/queue-4.9/ext4-fix-overhead-calculation-to-account-for-the-reserved-gdt-blocks.patch
new file mode 100644
index 00000000000..553f5fb52ca
--- /dev/null
+++ b/queue-4.9/ext4-fix-overhead-calculation-to-account-for-the-reserved-gdt-blocks.patch
@@ -0,0 +1,35 @@
+From 10b01ee92df52c8d7200afead4d5e5f55a5c58b1 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 14 Apr 2022 21:31:27 -0400
+Subject: ext4: fix overhead calculation to account for the reserved gdt blocks
+
+From: Theodore Ts'o <tytso@mit.edu>
+
+commit 10b01ee92df52c8d7200afead4d5e5f55a5c58b1 upstream.
+
+The kernel calculation was underestimating the overhead by not taking
+into account the reserved gdt blocks.  With this change, the overhead
+calculated by the kernel matches the overhead calculation in mke2fs.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Cc: stable@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ext4/super.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -3241,9 +3241,11 @@ static int count_overhead(struct super_b
+ 	ext4_fsblk_t		first_block, last_block, b;
+ 	ext4_group_t		i, ngroups = ext4_get_groups_count(sb);
+ 	int			s, j, count = 0;
++	int			has_super = ext4_bg_has_super(sb, grp);
+ 
+ 	if (!ext4_has_feature_bigalloc(sb))
+-		return (ext4_bg_has_super(sb, grp) + ext4_bg_num_gdb(sb, grp) +
++		return (has_super + ext4_bg_num_gdb(sb, grp) +
++			(has_super ? le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks) : 0) +
+ 			sbi->s_itb_per_group + 2);
+ 
+ 	first_block = le32_to_cpu(sbi->s_es->s_first_data_block) +
diff --git a/queue-4.9/ext4-force-overhead-calculation-if-the-s_overhead_cluster-makes-no-sense.patch b/queue-4.9/ext4-force-overhead-calculation-if-the-s_overhead_cluster-makes-no-sense.patch
new file mode 100644
index 00000000000..e6682c41a13
--- /dev/null
+++ b/queue-4.9/ext4-force-overhead-calculation-if-the-s_overhead_cluster-makes-no-sense.patch
@@ -0,0 +1,44 @@
+From 85d825dbf4899a69407338bae462a59aa9a37326 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 14 Apr 2022 21:57:49 -0400
+Subject: ext4: force overhead calculation if the s_overhead_cluster makes no sense
+
+From: Theodore Ts'o <tytso@mit.edu>
+
+commit 85d825dbf4899a69407338bae462a59aa9a37326 upstream.
+
+If the file system does not use bigalloc, calculating the overhead is
+cheap, so force the recalculation of the overhead so we don't have to
+trust the precalculated overhead in the superblock.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Cc: stable@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ext4/super.c |   15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -4164,9 +4164,18 @@ no_journal:
+ 	 * Get the # of file system overhead blocks from the
+ 	 * superblock if present.
+ 	 */
+-	if (es->s_overhead_clusters)
+-		sbi->s_overhead = le32_to_cpu(es->s_overhead_clusters);
+-	else {
++	sbi->s_overhead = le32_to_cpu(es->s_overhead_clusters);
++	/* ignore the precalculated value if it is ridiculous */
++	if (sbi->s_overhead > ext4_blocks_count(es))
++		sbi->s_overhead = 0;
++	/*
++	 * If the bigalloc feature is not enabled recalculating the
++	 * overhead doesn't take long, so we might as well just redo
++	 * it to make sure we are using the correct value.
++	 */
++	if (!ext4_has_feature_bigalloc(sb))
++		sbi->s_overhead = 0;
++	if (sbi->s_overhead == 0) {
+ 		err = ext4_calculate_overhead(sb);
+ 		if (err)
+ 			goto failed_mount_wq;
diff --git a/queue-4.9/ext4-limit-length-to-bitmap_maxbytes-blocksize-in-punch_hole.patch b/queue-4.9/ext4-limit-length-to-bitmap_maxbytes-blocksize-in-punch_hole.patch
new file mode 100644
index 00000000000..d5d6bb1bf0d
--- /dev/null
+++ b/queue-4.9/ext4-limit-length-to-bitmap_maxbytes-blocksize-in-punch_hole.patch
@@ -0,0 +1,60 @@
+From 2da376228a2427501feb9d15815a45dbdbdd753e Mon Sep 17 00:00:00 2001
+From: Tadeusz Struk <tadeusz.struk@linaro.org>
+Date: Thu, 31 Mar 2022 13:05:15 -0700
+Subject: ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
+
+From: Tadeusz Struk <tadeusz.struk@linaro.org>
+
+commit 2da376228a2427501feb9d15815a45dbdbdd753e upstream.
+
+Syzbot found an issue [1] in ext4_fallocate().
+The C reproducer [2] calls fallocate(), passing size 0xffeffeff000ul,
+and offset 0x1000000ul, which, when added together exceed the
+bitmap_maxbytes for the inode. This triggers a BUG in
+ext4_ind_remove_space(). According to the comments in this function
+the 'end' parameter needs to be one block after the last block to be
+removed. In the case when the BUG is triggered it points to the last
+block. Modify the ext4_punch_hole() function and add constraint that
+caps the length to satisfy the one before laster block requirement.
+
+LINK: [1] https://syzkaller.appspot.com/bug?id=b80bd9cf348aac724a4f4dff251800106d721331
+LINK: [2] https://syzkaller.appspot.com/text?tag=ReproC&x=14ba0238700000
+
+Fixes: a4bb6b64e39a ("ext4: enable "punch hole" functionality")
+Reported-by: syzbot+7a806094edd5d07ba029@syzkaller.appspotmail.com
+Signed-off-by: Tadeusz Struk <tadeusz.struk@linaro.org>
+Link: https://lore.kernel.org/r/20220331200515.153214-1-tadeusz.struk@linaro.org
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Cc: stable@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ext4/inode.c |   11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/fs/ext4/inode.c
++++ b/fs/ext4/inode.c
+@@ -3980,7 +3980,8 @@ int ext4_punch_hole(struct inode *inode,
+ 	struct super_block *sb = inode->i_sb;
+ 	ext4_lblk_t first_block, stop_block;
+ 	struct address_space *mapping = inode->i_mapping;
+-	loff_t first_block_offset, last_block_offset;
++	loff_t first_block_offset, last_block_offset, max_length;
++	struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
+ 	handle_t *handle;
+ 	unsigned int credits;
+ 	int ret = 0;
+@@ -4026,6 +4027,14 @@ int ext4_punch_hole(struct inode *inode,
+ 		   offset;
+ 	}
+ 
++	/*
++	 * For punch hole the length + offset needs to be within one block
++	 * before last range. Adjust the length if it goes beyond that limit.
++	 */
++	max_length = sbi->s_bitmap_maxbytes - inode->i_sb->s_blocksize;
++	if (offset + length > max_length)
++		length = max_length - offset;
++
+ 	if (offset & (sb->s_blocksize - 1) ||
+ 	    (offset + length) & (sb->s_blocksize - 1)) {
+ 		/*
diff --git a/queue-4.9/series b/queue-4.9/series
index cd96e883789..c50b6699605 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -18,3 +18,6 @@ openvswitch-fix-oob-access-in-reserve_sfa_size.patch
 asoc-soc-dapm-fix-two-incorrect-uses-of-list-iterator.patch
 e1000e-fix-possible-overflow-in-ltr-decoding.patch
 arc-entry-fix-syscall_trace_exit-argument.patch
+ext4-limit-length-to-bitmap_maxbytes-blocksize-in-punch_hole.patch
+ext4-fix-overhead-calculation-to-account-for-the-reserved-gdt-blocks.patch
+ext4-force-overhead-calculation-if-the-s_overhead_cluster-makes-no-sense.patch