From: Greg Kroah-Hartman Date: Tue, 28 Mar 2023 13:54:41 +0000 (+0200) Subject: 5.15-stable patches X-Git-Tag: v5.15.105~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f924ca6b03e43f31dbb6294fb5858d8ec87b3a06;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: mm-kfence-fix-using-kfence_metadata-without-initialization-in-show_object.patch ocfs2-fix-data-corruption-after-failed-write.patch --- diff --git a/queue-5.15/mm-kfence-fix-using-kfence_metadata-without-initialization-in-show_object.patch b/queue-5.15/mm-kfence-fix-using-kfence_metadata-without-initialization-in-show_object.patch new file mode 100644 index 00000000000..1cef7710c09 --- /dev/null +++ b/queue-5.15/mm-kfence-fix-using-kfence_metadata-without-initialization-in-show_object.patch @@ -0,0 +1,51 @@ +From 1c86a188e03156223a34d09ce290b49bd4dd0403 Mon Sep 17 00:00:00 2001 +From: Muchun Song +Date: Wed, 15 Mar 2023 11:44:41 +0800 +Subject: mm: kfence: fix using kfence_metadata without initialization in show_object() + +From: Muchun Song + +commit 1c86a188e03156223a34d09ce290b49bd4dd0403 upstream. + +The variable kfence_metadata is initialized in kfence_init_pool(), then, +it is not initialized if kfence is disabled after booting. In this case, +kfence_metadata will be used (e.g. ->lock and ->state fields) without +initialization when reading /sys/kernel/debug/kfence/objects. There will +be a warning if you enable CONFIG_DEBUG_SPINLOCK. Fix it by creating +debugfs files when necessary. + +Link: https://lkml.kernel.org/r/20230315034441.44321-1-songmuchun@bytedance.com +Fixes: 0ce20dd84089 ("mm: add Kernel Electric-Fence infrastructure") +Signed-off-by: Muchun Song +Tested-by: Marco Elver +Reviewed-by: Marco Elver +Cc: Alexander Potapenko +Cc: Dmitry Vyukov +Cc: Jann Horn +Cc: SeongJae Park +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/kfence/core.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/mm/kfence/core.c ++++ b/mm/kfence/core.c +@@ -678,10 +678,14 @@ static const struct file_operations obje + .release = seq_release, + }; + +-static int __init kfence_debugfs_init(void) ++static int kfence_debugfs_init(void) + { +- struct dentry *kfence_dir = debugfs_create_dir("kfence", NULL); ++ struct dentry *kfence_dir; + ++ if (!READ_ONCE(kfence_enabled)) ++ return 0; ++ ++ kfence_dir = debugfs_create_dir("kfence", NULL); + debugfs_create_file("stats", 0444, kfence_dir, NULL, &stats_fops); + debugfs_create_file("objects", 0400, kfence_dir, NULL, &objects_fops); + return 0; diff --git a/queue-5.15/ocfs2-fix-data-corruption-after-failed-write.patch b/queue-5.15/ocfs2-fix-data-corruption-after-failed-write.patch new file mode 100644 index 00000000000..85d972b2925 --- /dev/null +++ b/queue-5.15/ocfs2-fix-data-corruption-after-failed-write.patch @@ -0,0 +1,67 @@ +From 90410bcf873cf05f54a32183afff0161f44f9715 Mon Sep 17 00:00:00 2001 +From: Jan Kara via Ocfs2-devel +Date: Thu, 2 Mar 2023 16:38:43 +0100 +Subject: ocfs2: fix data corruption after failed write + +From: Jan Kara via Ocfs2-devel + +commit 90410bcf873cf05f54a32183afff0161f44f9715 upstream. + +When buffered write fails to copy data into underlying page cache page, +ocfs2_write_end_nolock() just zeroes out and dirties the page. This can +leave dirty page beyond EOF and if page writeback tries to write this page +before write succeeds and expands i_size, page gets into inconsistent +state where page dirty bit is clear but buffer dirty bits stay set +resulting in page data never getting written and so data copied to the +page is lost. Fix the problem by invalidating page beyond EOF after +failed write. + +Link: https://lkml.kernel.org/r/20230302153843.18499-1-jack@suse.cz +Fixes: 6dbf7bb55598 ("fs: Don't invalidate page buffers in block_write_full_page()") +Signed-off-by: Jan Kara +Reviewed-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Cc: Gang He +Cc: Jun Piao +Cc: +Signed-off-by: Andrew Morton +[ replace block_invalidate_folio to block_invalidatepage ] +Signed-off-by: Joseph Qi +Signed-off-by: Greg Kroah-Hartman +--- + fs/ocfs2/aops.c | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) + +--- a/fs/ocfs2/aops.c ++++ b/fs/ocfs2/aops.c +@@ -1978,11 +1978,25 @@ int ocfs2_write_end_nolock(struct addres + } + + if (unlikely(copied < len) && wc->w_target_page) { ++ loff_t new_isize; ++ + if (!PageUptodate(wc->w_target_page)) + copied = 0; + +- ocfs2_zero_new_buffers(wc->w_target_page, start+copied, +- start+len); ++ new_isize = max_t(loff_t, i_size_read(inode), pos + copied); ++ if (new_isize > page_offset(wc->w_target_page)) ++ ocfs2_zero_new_buffers(wc->w_target_page, start+copied, ++ start+len); ++ else { ++ /* ++ * When page is fully beyond new isize (data copy ++ * failed), do not bother zeroing the page. Invalidate ++ * it instead so that writeback does not get confused ++ * put page & buffer dirty bits into inconsistent ++ * state. ++ */ ++ block_invalidatepage(wc->w_target_page, 0, PAGE_SIZE); ++ } + } + if (wc->w_target_page) + flush_dcache_page(wc->w_target_page); diff --git a/queue-5.15/series b/queue-5.15/series index 97d68871802..9ccf5530aaa 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -141,3 +141,5 @@ dm-crypt-add-cond_resched-to-dmcrypt_write.patch dm-crypt-avoid-accessing-uninitialized-tasklet.patch sched-fair-sanitize-vruntime-of-entity-being-placed.patch sched-fair-sanitize-vruntime-of-entity-being-migrated.patch +mm-kfence-fix-using-kfence_metadata-without-initialization-in-show_object.patch +ocfs2-fix-data-corruption-after-failed-write.patch