From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 6 Nov 2024 07:01:17 +0000 (+0100)
Subject: 5.15-stable patches
X-Git-Tag: v4.19.323~42
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=551c921bf8eaeda6682d23688722f1ac59d4a96d;p=thirdparty%2Fkernel%2Fstable-queue.git

5.15-stable patches

added patches:
	nilfs2-fix-kernel-bug-due-to-missing-clearing-of-checked-flag.patch
---

diff --git a/queue-5.15/nilfs2-fix-kernel-bug-due-to-missing-clearing-of-checked-flag.patch b/queue-5.15/nilfs2-fix-kernel-bug-due-to-missing-clearing-of-checked-flag.patch
new file mode 100644
index 00000000000..b8f9b04e340
--- /dev/null
+++ b/queue-5.15/nilfs2-fix-kernel-bug-due-to-missing-clearing-of-checked-flag.patch
@@ -0,0 +1,45 @@
+From 41e192ad2779cae0102879612dfe46726e4396aa Mon Sep 17 00:00:00 2001
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Date: Fri, 18 Oct 2024 04:33:10 +0900
+Subject: nilfs2: fix kernel bug due to missing clearing of checked flag
+
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+
+commit 41e192ad2779cae0102879612dfe46726e4396aa upstream.
+
+Syzbot reported that in directory operations after nilfs2 detects
+filesystem corruption and degrades to read-only,
+__block_write_begin_int(), which is called to prepare block writes, may
+fail the BUG_ON check for accesses exceeding the folio/page size,
+triggering a kernel bug.
+
+This was found to be because the "checked" flag of a page/folio was not
+cleared when it was discarded by nilfs2's own routine, which causes the
+sanity check of directory entries to be skipped when the directory
+page/folio is reloaded.  So, fix that.
+
+This was necessary when the use of nilfs2's own page discard routine was
+applied to more than just metadata files.
+
+Link: https://lkml.kernel.org/r/20241017193359.5051-1-konishi.ryusuke@gmail.com
+Fixes: 8c26c4e2694a ("nilfs2: fix issue with flush kernel thread after remount in RO mode because of driver's internal error or metadata corruption")
+Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Reported-by: syzbot+d6ca2daf692c7a82f959@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=d6ca2daf692c7a82f959
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nilfs2/page.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/nilfs2/page.c
++++ b/fs/nilfs2/page.c
+@@ -404,6 +404,7 @@ void nilfs_clear_dirty_page(struct page
+ 
+ 	ClearPageUptodate(page);
+ 	ClearPageMappedToDisk(page);
++	ClearPageChecked(page);
+ 
+ 	if (page_has_buffers(page)) {
+ 		struct buffer_head *bh, *head;
diff --git a/queue-5.15/series b/queue-5.15/series
index b83d4de6aba..7d8477863c0 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -64,3 +64,4 @@ mm-page_alloc-explicitly-define-how-__gfp_high-non-b.patch
 mm-page_alloc-let-gfp_atomic-order-0-allocs-access-h.patch
 ocfs2-pass-u64-to-ocfs2_truncate_inline-maybe-overfl.patch
 x86-bugs-use-code-segment-selector-for-verw-operand.patch
+nilfs2-fix-kernel-bug-due-to-missing-clearing-of-checked-flag.patch