From: Greg Kroah-Hartman Date: Sun, 7 May 2023 13:13:08 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v5.15.111~69 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c090ea5f3131143a3bb5098300249f7ec6801715;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: btrfs-scrub-reject-unsupported-scrub-flags.patch dm-flakey-fix-a-crash-with-invalid-table-line.patch dm-integrity-call-kmem_cache_destroy-in-dm_integrity_init-error-path.patch dm-ioctl-fix-nested-locking-in-table_clear-to-remove-deadlock-concern.patch dm-verity-fix-error-handling-for-check_at_most_once-on-fec.patch s390-dasd-fix-hanging-blockdevice-after-request-requeue.patch --- diff --git a/queue-4.19/btrfs-scrub-reject-unsupported-scrub-flags.patch b/queue-4.19/btrfs-scrub-reject-unsupported-scrub-flags.patch new file mode 100644 index 00000000000..e7236a50fc9 --- /dev/null +++ b/queue-4.19/btrfs-scrub-reject-unsupported-scrub-flags.patch @@ -0,0 +1,57 @@ +From 604e6681e114d05a2e384c4d1e8ef81918037ef5 Mon Sep 17 00:00:00 2001 +From: Qu Wenruo +Date: Thu, 6 Apr 2023 13:00:34 +0800 +Subject: btrfs: scrub: reject unsupported scrub flags + +From: Qu Wenruo + +commit 604e6681e114d05a2e384c4d1e8ef81918037ef5 upstream. + +Since the introduction of scrub interface, the only flag that we support +is BTRFS_SCRUB_READONLY. Thus there is no sanity checks, if there are +some undefined flags passed in, we just ignore them. + +This is problematic if we want to introduce new scrub flags, as we have +no way to determine if such flags are supported. + +Address the problem by introducing a check for the flags, and if +unsupported flags are set, return -EOPNOTSUPP to inform the user space. + +This check should be backported for all supported kernels before any new +scrub flags are introduced. + +CC: stable@vger.kernel.org # 4.14+ +Reviewed-by: Anand Jain +Signed-off-by: Qu Wenruo +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/ioctl.c | 5 +++++ + include/uapi/linux/btrfs.h | 1 + + 2 files changed, 6 insertions(+) + +--- a/fs/btrfs/ioctl.c ++++ b/fs/btrfs/ioctl.c +@@ -4722,6 +4722,11 @@ static long btrfs_ioctl_scrub(struct fil + if (IS_ERR(sa)) + return PTR_ERR(sa); + ++ if (sa->flags & ~BTRFS_SCRUB_SUPPORTED_FLAGS) { ++ ret = -EOPNOTSUPP; ++ goto out; ++ } ++ + if (!(sa->flags & BTRFS_SCRUB_READONLY)) { + ret = mnt_want_write_file(file); + if (ret) +--- a/include/uapi/linux/btrfs.h ++++ b/include/uapi/linux/btrfs.h +@@ -162,6 +162,7 @@ struct btrfs_scrub_progress { + }; + + #define BTRFS_SCRUB_READONLY 1 ++#define BTRFS_SCRUB_SUPPORTED_FLAGS (BTRFS_SCRUB_READONLY) + struct btrfs_ioctl_scrub_args { + __u64 devid; /* in */ + __u64 start; /* in */ diff --git a/queue-4.19/dm-flakey-fix-a-crash-with-invalid-table-line.patch b/queue-4.19/dm-flakey-fix-a-crash-with-invalid-table-line.patch new file mode 100644 index 00000000000..dc28c69f4f3 --- /dev/null +++ b/queue-4.19/dm-flakey-fix-a-crash-with-invalid-table-line.patch @@ -0,0 +1,37 @@ +From 98dba02d9a93eec11bffbb93c7c51624290702d2 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Tue, 18 Apr 2023 15:57:47 -0400 +Subject: dm flakey: fix a crash with invalid table line + +From: Mikulas Patocka + +commit 98dba02d9a93eec11bffbb93c7c51624290702d2 upstream. + +This command will crash with NULL pointer dereference: + dmsetup create flakey --table \ + "0 `blockdev --getsize /dev/ram0` flakey /dev/ram0 0 0 1 2 corrupt_bio_byte 512" + +Fix the crash by checking if arg_name is non-NULL before comparing it. + +Cc: stable@vger.kernel.org +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-flakey.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/md/dm-flakey.c ++++ b/drivers/md/dm-flakey.c +@@ -124,9 +124,9 @@ static int parse_features(struct dm_arg_ + * Direction r or w? + */ + arg_name = dm_shift_arg(as); +- if (!strcasecmp(arg_name, "w")) ++ if (arg_name && !strcasecmp(arg_name, "w")) + fc->corrupt_bio_rw = WRITE; +- else if (!strcasecmp(arg_name, "r")) ++ else if (arg_name && !strcasecmp(arg_name, "r")) + fc->corrupt_bio_rw = READ; + else { + ti->error = "Invalid corrupt bio direction (r or w)"; diff --git a/queue-4.19/dm-integrity-call-kmem_cache_destroy-in-dm_integrity_init-error-path.patch b/queue-4.19/dm-integrity-call-kmem_cache_destroy-in-dm_integrity_init-error-path.patch new file mode 100644 index 00000000000..9f96ac72dad --- /dev/null +++ b/queue-4.19/dm-integrity-call-kmem_cache_destroy-in-dm_integrity_init-error-path.patch @@ -0,0 +1,37 @@ +From 6b79a428c02769f2a11f8ae76bf866226d134887 Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Tue, 4 Apr 2023 13:34:28 -0400 +Subject: dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path + +From: Mike Snitzer + +commit 6b79a428c02769f2a11f8ae76bf866226d134887 upstream. + +Otherwise the journal_io_cache will leak if dm_register_target() fails. + +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-integrity.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/drivers/md/dm-integrity.c ++++ b/drivers/md/dm-integrity.c +@@ -3689,11 +3689,13 @@ int __init dm_integrity_init(void) + } + + r = dm_register_target(&integrity_target); +- +- if (r < 0) ++ if (r < 0) { + DMERR("register failed %d", r); ++ kmem_cache_destroy(journal_io_cache); ++ return r; ++ } + +- return r; ++ return 0; + } + + void dm_integrity_exit(void) diff --git a/queue-4.19/dm-ioctl-fix-nested-locking-in-table_clear-to-remove-deadlock-concern.patch b/queue-4.19/dm-ioctl-fix-nested-locking-in-table_clear-to-remove-deadlock-concern.patch new file mode 100644 index 00000000000..669a9dbc4da --- /dev/null +++ b/queue-4.19/dm-ioctl-fix-nested-locking-in-table_clear-to-remove-deadlock-concern.patch @@ -0,0 +1,58 @@ +From 3d32aaa7e66d5c1479a3c31d6c2c5d45dd0d3b89 Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Mon, 17 Apr 2023 11:59:56 -0400 +Subject: dm ioctl: fix nested locking in table_clear() to remove deadlock concern + +From: Mike Snitzer + +commit 3d32aaa7e66d5c1479a3c31d6c2c5d45dd0d3b89 upstream. + +syzkaller found the following problematic rwsem locking (with write +lock already held): + + down_read+0x9d/0x450 kernel/locking/rwsem.c:1509 + dm_get_inactive_table+0x2b/0xc0 drivers/md/dm-ioctl.c:773 + __dev_status+0x4fd/0x7c0 drivers/md/dm-ioctl.c:844 + table_clear+0x197/0x280 drivers/md/dm-ioctl.c:1537 + +In table_clear, it first acquires a write lock +https://elixir.bootlin.com/linux/v6.2/source/drivers/md/dm-ioctl.c#L1520 +down_write(&_hash_lock); + +Then before the lock is released at L1539, there is a path shown above: +table_clear -> __dev_status -> dm_get_inactive_table -> down_read +https://elixir.bootlin.com/linux/v6.2/source/drivers/md/dm-ioctl.c#L773 +down_read(&_hash_lock); + +It tries to acquire the same read lock again, resulting in the deadlock +problem. + +Fix this by moving table_clear()'s __dev_status() call to after its +up_write(&_hash_lock); + +Cc: stable@vger.kernel.org +Reported-by: Zheng Zhang +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-ioctl.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/drivers/md/dm-ioctl.c ++++ b/drivers/md/dm-ioctl.c +@@ -1410,11 +1410,12 @@ static int table_clear(struct file *filp + hc->new_map = NULL; + } + +- param->flags &= ~DM_INACTIVE_PRESENT_FLAG; +- +- __dev_status(hc->md, param); + md = hc->md; + up_write(&_hash_lock); ++ ++ param->flags &= ~DM_INACTIVE_PRESENT_FLAG; ++ __dev_status(md, param); ++ + if (old_map) { + dm_sync_table(md); + dm_table_destroy(old_map); diff --git a/queue-4.19/dm-verity-fix-error-handling-for-check_at_most_once-on-fec.patch b/queue-4.19/dm-verity-fix-error-handling-for-check_at_most_once-on-fec.patch new file mode 100644 index 00000000000..0c24f2e20db --- /dev/null +++ b/queue-4.19/dm-verity-fix-error-handling-for-check_at_most_once-on-fec.patch @@ -0,0 +1,44 @@ +From e8c5d45f82ce0c238a4817739892fe8897a3dcc3 Mon Sep 17 00:00:00 2001 +From: Yeongjin Gil +Date: Mon, 20 Mar 2023 15:59:32 +0900 +Subject: dm verity: fix error handling for check_at_most_once on FEC + +From: Yeongjin Gil + +commit e8c5d45f82ce0c238a4817739892fe8897a3dcc3 upstream. + +In verity_end_io(), if bi_status is not BLK_STS_OK, it can be return +directly. But if FEC configured, it is desired to correct the data page +through verity_verify_io. And the return value will be converted to +blk_status and passed to verity_finish_io(). + +BTW, when a bit is set in v->validated_blocks, verity_verify_io() skips +verification regardless of I/O error for the corresponding bio. In this +case, the I/O error could not be returned properly, and as a result, +there is a problem that abnormal data could be read for the +corresponding block. + +To fix this problem, when an I/O error occurs, do not skip verification +even if the bit related is set in v->validated_blocks. + +Fixes: 843f38d382b1 ("dm verity: add 'check_at_most_once' option to only validate hashes once") +Cc: stable@vger.kernel.org +Reviewed-by: Sungjong Seo +Signed-off-by: Yeongjin Gil +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-verity-target.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/md/dm-verity-target.c ++++ b/drivers/md/dm-verity-target.c +@@ -477,7 +477,7 @@ static int verity_verify_io(struct dm_ve + sector_t cur_block = io->block + b; + struct ahash_request *req = verity_io_hash_req(v, io); + +- if (v->validated_blocks && ++ if (v->validated_blocks && bio->bi_status == BLK_STS_OK && + likely(test_bit(cur_block, v->validated_blocks))) { + verity_bv_skip_block(v, io, &io->iter); + continue; diff --git a/queue-4.19/s390-dasd-fix-hanging-blockdevice-after-request-requeue.patch b/queue-4.19/s390-dasd-fix-hanging-blockdevice-after-request-requeue.patch new file mode 100644 index 00000000000..80a5dc91a0f --- /dev/null +++ b/queue-4.19/s390-dasd-fix-hanging-blockdevice-after-request-requeue.patch @@ -0,0 +1,39 @@ +From d8898ee50edecacdf0141f26fd90acf43d7e9cd7 Mon Sep 17 00:00:00 2001 +From: Stefan Haberland +Date: Wed, 5 Apr 2023 16:20:17 +0200 +Subject: s390/dasd: fix hanging blockdevice after request requeue + +From: Stefan Haberland + +commit d8898ee50edecacdf0141f26fd90acf43d7e9cd7 upstream. + +The DASD driver does not kick the requeue list when requeuing IO requests +to the blocklayer. This might lead to hanging blockdevice when there is +no other trigger for this. + +Fix by automatically kick the requeue list when requeuing DASD requests +to the blocklayer. + +Fixes: e443343e509a ("s390/dasd: blk-mq conversion") +CC: stable@vger.kernel.org # 4.14+ +Signed-off-by: Stefan Haberland +Reviewed-by: Jan Hoeppner +Reviewed-by: Halil Pasic +Link: https://lore.kernel.org/r/20230405142017.2446986-8-sth@linux.ibm.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + drivers/s390/block/dasd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/s390/block/dasd.c ++++ b/drivers/s390/block/dasd.c +@@ -2841,7 +2841,7 @@ static int _dasd_requeue_request(struct + return 0; + spin_lock_irq(&cqr->dq->lock); + req = (struct request *) cqr->callback_data; +- blk_mq_requeue_request(req, false); ++ blk_mq_requeue_request(req, true); + spin_unlock_irq(&cqr->dq->lock); + + return 0; diff --git a/queue-4.19/series b/queue-4.19/series index 6dd1f2e7dd1..0addd670bbd 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -129,3 +129,9 @@ nilfs2-fix-infinite-loop-in-nilfs_mdt_get_block.patch md-raid10-fix-null-ptr-deref-in-raid10_sync_request.patch wifi-rtl8xxxu-rtl8192eu-always-needs-full-init.patch clk-rockchip-rk3399-allow-clk_cifout-to-force-clk_cifout_src-to-reparent.patch +btrfs-scrub-reject-unsupported-scrub-flags.patch +s390-dasd-fix-hanging-blockdevice-after-request-requeue.patch +dm-verity-fix-error-handling-for-check_at_most_once-on-fec.patch +dm-integrity-call-kmem_cache_destroy-in-dm_integrity_init-error-path.patch +dm-flakey-fix-a-crash-with-invalid-table-line.patch +dm-ioctl-fix-nested-locking-in-table_clear-to-remove-deadlock-concern.patch