From: Greg Kroah-Hartman Date: Thu, 21 Apr 2022 10:36:53 +0000 (+0200) Subject: 5.10-stable patches X-Git-Tag: v4.9.312~74 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e2c0b0b7df53663ce7c77b6b4adeff96cdd7058c;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: gfs2-assign-rgrp-glock-before-compute_bitstructs.patch --- diff --git a/queue-5.10/gfs2-assign-rgrp-glock-before-compute_bitstructs.patch b/queue-5.10/gfs2-assign-rgrp-glock-before-compute_bitstructs.patch new file mode 100644 index 00000000000..92e28fe9db3 --- /dev/null +++ b/queue-5.10/gfs2-assign-rgrp-glock-before-compute_bitstructs.patch @@ -0,0 +1,62 @@ +From 428f651cb80b227af47fc302e4931791f2fb4741 Mon Sep 17 00:00:00 2001 +From: Bob Peterson +Date: Mon, 17 Jan 2022 10:25:07 -0500 +Subject: gfs2: assign rgrp glock before compute_bitstructs + +From: Bob Peterson + +commit 428f651cb80b227af47fc302e4931791f2fb4741 upstream. + +Before this patch, function read_rindex_entry called compute_bitstructs +before it allocated a glock for the rgrp. But if compute_bitstructs found +a problem with the rgrp, it called gfs2_consist_rgrpd, and that called +gfs2_dump_glock for rgd->rd_gl which had not yet been assigned. + +read_rindex_entry + compute_bitstructs + gfs2_consist_rgrpd + gfs2_dump_glock <---------rgd->rd_gl was not set. + +This patch changes read_rindex_entry so it assigns an rgrp glock before +calling compute_bitstructs so gfs2_dump_glock does not reference an +unassigned pointer. If an error is discovered, the glock must also be +put, so a new goto and label were added. + +Reported-by: syzbot+c6fd14145e2f62ca0784@syzkaller.appspotmail.com +Signed-off-by: Bob Peterson +Signed-off-by: Andreas Gruenbacher +Signed-off-by: Greg Kroah-Hartman +--- + fs/gfs2/rgrp.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +--- a/fs/gfs2/rgrp.c ++++ b/fs/gfs2/rgrp.c +@@ -906,15 +906,15 @@ static int read_rindex_entry(struct gfs2 + rgd->rd_bitbytes = be32_to_cpu(buf.ri_bitbytes); + spin_lock_init(&rgd->rd_rsspin); + +- error = compute_bitstructs(rgd); +- if (error) +- goto fail; +- + error = gfs2_glock_get(sdp, rgd->rd_addr, + &gfs2_rgrp_glops, CREATE, &rgd->rd_gl); + if (error) + goto fail; + ++ error = compute_bitstructs(rgd); ++ if (error) ++ goto fail_glock; ++ + rgd->rd_rgl = (struct gfs2_rgrp_lvb *)rgd->rd_gl->gl_lksb.sb_lvbptr; + rgd->rd_flags &= ~(GFS2_RDF_UPTODATE | GFS2_RDF_PREFERRED); + if (rgd->rd_data > sdp->sd_max_rg_data) +@@ -928,6 +928,7 @@ static int read_rindex_entry(struct gfs2 + } + + error = 0; /* someone else read in the rgrp; free it and ignore it */ ++fail_glock: + gfs2_glock_put(rgd->rd_gl); + + fail: diff --git a/queue-5.10/series b/queue-5.10/series index 3155bbd1dfd..d2e6c3cf8fa 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -2,3 +2,4 @@ etherdevice-adjust-ether_addr-prototypes-to-silence-wstringop-overead.patch mm-page_alloc-fix-building-error-on-werror-array-compare.patch tracing-dump-stacktrace-trigger-to-the-corresponding-instance.patch perf-tools-fix-segfault-accessing-sample_id-xyarray.patch +gfs2-assign-rgrp-glock-before-compute_bitstructs.patch