From: Greg Kroah-Hartman Date: Thu, 25 Aug 2022 12:07:06 +0000 (+0200) Subject: 5.10-stable patches X-Git-Tag: v5.10.140~41 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fbfecac264d6c2a12c96f121b943b6f0c6c1e741;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: fs-remove-__sync_filesystem.patch vfs-make-sync_filesystem-return-errors-from-sync_fs.patch xfs-only-bother-with-sync_filesystem-during-readonly-remount.patch xfs-prevent-a-warn_once-in-xfs_ioc_attr_list.patch xfs-reject-crazy-array-sizes-being-fed-to-xfs_ioc_getbmap.patch xfs-return-errors-in-xfs_fs_sync_fs.patch --- diff --git a/queue-5.10/fs-remove-__sync_filesystem.patch b/queue-5.10/fs-remove-__sync_filesystem.patch new file mode 100644 index 00000000000..74b2edd20fd --- /dev/null +++ b/queue-5.10/fs-remove-__sync_filesystem.patch @@ -0,0 +1,85 @@ +From foo@baz Thu Aug 25 02:06:37 PM CEST 2022 +From: Amir Goldstein +Date: Tue, 23 Aug 2022 15:11:33 +0300 +Subject: fs: remove __sync_filesystem +To: Greg Kroah-Hartman +Cc: Sasha Levin , "Darrick J . Wong" , Leah Rumancik , Chandan Babu R , Luis Chamberlain , Adam Manzanares , linux-xfs@vger.kernel.org, stable@vger.kernel.org, Christoph Hellwig , Chaitanya Kulkarni , Jens Axboe +Message-ID: <20220823121136.1806820-4-amir73il@gmail.com> + +From: Amir Goldstein + +From: Christoph Hellwig + +commit 9a208ba5c9afa62c7b1e9c6f5e783066e84e2d3c upstream. + +[backported for dependency] + +There is no clear benefit in having this helper vs just open coding it. + +Signed-off-by: Christoph Hellwig +Reviewed-by: Chaitanya Kulkarni +Link: https://lore.kernel.org/r/20211019062530.2174626-2-hch@lst.de +Signed-off-by: Jens Axboe +Signed-off-by: Amir Goldstein +Acked-by: Darrick J. Wong +Signed-off-by: Greg Kroah-Hartman +--- + fs/sync.c | 38 +++++++++++++++++--------------------- + 1 file changed, 17 insertions(+), 21 deletions(-) + +--- a/fs/sync.c ++++ b/fs/sync.c +@@ -22,25 +22,6 @@ + SYNC_FILE_RANGE_WAIT_AFTER) + + /* +- * Do the filesystem syncing work. For simple filesystems +- * writeback_inodes_sb(sb) just dirties buffers with inodes so we have to +- * submit IO for these buffers via __sync_blockdev(). This also speeds up the +- * wait == 1 case since in that case write_inode() functions do +- * sync_dirty_buffer() and thus effectively write one block at a time. +- */ +-static int __sync_filesystem(struct super_block *sb, int wait) +-{ +- if (wait) +- sync_inodes_sb(sb); +- else +- writeback_inodes_sb(sb, WB_REASON_SYNC); +- +- if (sb->s_op->sync_fs) +- sb->s_op->sync_fs(sb, wait); +- return __sync_blockdev(sb->s_bdev, wait); +-} +- +-/* + * Write out and wait upon all dirty data associated with this + * superblock. Filesystem data as well as the underlying block + * device. Takes the superblock lock. +@@ -61,10 +42,25 @@ int sync_filesystem(struct super_block * + if (sb_rdonly(sb)) + return 0; + +- ret = __sync_filesystem(sb, 0); ++ /* ++ * Do the filesystem syncing work. For simple filesystems ++ * writeback_inodes_sb(sb) just dirties buffers with inodes so we have ++ * to submit I/O for these buffers via __sync_blockdev(). This also ++ * speeds up the wait == 1 case since in that case write_inode() ++ * methods call sync_dirty_buffer() and thus effectively write one block ++ * at a time. ++ */ ++ writeback_inodes_sb(sb, WB_REASON_SYNC); ++ if (sb->s_op->sync_fs) ++ sb->s_op->sync_fs(sb, 0); ++ ret = __sync_blockdev(sb->s_bdev, 0); + if (ret < 0) + return ret; +- return __sync_filesystem(sb, 1); ++ ++ sync_inodes_sb(sb); ++ if (sb->s_op->sync_fs) ++ sb->s_op->sync_fs(sb, 1); ++ return __sync_blockdev(sb->s_bdev, 1); + } + EXPORT_SYMBOL(sync_filesystem); + diff --git a/queue-5.10/series b/queue-5.10/series index 6446938975d..b2c459ed545 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -2,3 +2,9 @@ audit-fix-potential-double-free-on-error-path-from-fsnotify_add_inode_mark.patch parisc-fix-exception-handler-for-fldw-and-fstw-instructions.patch kernel-sys_ni-add-compat-entry-for-fadvise64_64.patch pinctrl-amd-don-t-save-restore-interrupt-status-and-wake-status-bits.patch +xfs-prevent-a-warn_once-in-xfs_ioc_attr_list.patch +xfs-reject-crazy-array-sizes-being-fed-to-xfs_ioc_getbmap.patch +fs-remove-__sync_filesystem.patch +vfs-make-sync_filesystem-return-errors-from-sync_fs.patch +xfs-return-errors-in-xfs_fs_sync_fs.patch +xfs-only-bother-with-sync_filesystem-during-readonly-remount.patch diff --git a/queue-5.10/vfs-make-sync_filesystem-return-errors-from-sync_fs.patch b/queue-5.10/vfs-make-sync_filesystem-return-errors-from-sync_fs.patch new file mode 100644 index 00000000000..b2dae3aec05 --- /dev/null +++ b/queue-5.10/vfs-make-sync_filesystem-return-errors-from-sync_fs.patch @@ -0,0 +1,69 @@ +From foo@baz Thu Aug 25 02:06:37 PM CEST 2022 +From: Amir Goldstein +Date: Tue, 23 Aug 2022 15:11:34 +0300 +Subject: vfs: make sync_filesystem return errors from ->sync_fs +To: Greg Kroah-Hartman +Cc: Sasha Levin , "Darrick J . Wong" , Leah Rumancik , Chandan Babu R , Luis Chamberlain , Adam Manzanares , linux-xfs@vger.kernel.org, stable@vger.kernel.org, Jan Kara , Christoph Hellwig , Christian Brauner +Message-ID: <20220823121136.1806820-5-amir73il@gmail.com> + +From: Amir Goldstein + +From: "Darrick J. Wong" + +commit 5679897eb104cec9e99609c3f045a0c20603da4c upstream. + +[backport to 5.10 only differs in __sync_blockdev helper] + +Strangely, sync_filesystem ignores the return code from the ->sync_fs +call, which means that syscalls like syncfs(2) never see the error. +This doesn't seem right, so fix that. + +Signed-off-by: Darrick J. Wong +Reviewed-by: Jan Kara +Reviewed-by: Christoph Hellwig +Acked-by: Christian Brauner +Signed-off-by: Amir Goldstein +Acked-by: Darrick J. Wong +Signed-off-by: Greg Kroah-Hartman +--- + fs/sync.c | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +--- a/fs/sync.c ++++ b/fs/sync.c +@@ -28,7 +28,7 @@ + */ + int sync_filesystem(struct super_block *sb) + { +- int ret; ++ int ret = 0; + + /* + * We need to be protected against the filesystem going from +@@ -51,15 +51,21 @@ int sync_filesystem(struct super_block * + * at a time. + */ + writeback_inodes_sb(sb, WB_REASON_SYNC); +- if (sb->s_op->sync_fs) +- sb->s_op->sync_fs(sb, 0); ++ if (sb->s_op->sync_fs) { ++ ret = sb->s_op->sync_fs(sb, 0); ++ if (ret) ++ return ret; ++ } + ret = __sync_blockdev(sb->s_bdev, 0); +- if (ret < 0) ++ if (ret) + return ret; + + sync_inodes_sb(sb); +- if (sb->s_op->sync_fs) +- sb->s_op->sync_fs(sb, 1); ++ if (sb->s_op->sync_fs) { ++ ret = sb->s_op->sync_fs(sb, 1); ++ if (ret) ++ return ret; ++ } + return __sync_blockdev(sb->s_bdev, 1); + } + EXPORT_SYMBOL(sync_filesystem); diff --git a/queue-5.10/xfs-only-bother-with-sync_filesystem-during-readonly-remount.patch b/queue-5.10/xfs-only-bother-with-sync_filesystem-during-readonly-remount.patch new file mode 100644 index 00000000000..0beeec3ca36 --- /dev/null +++ b/queue-5.10/xfs-only-bother-with-sync_filesystem-during-readonly-remount.patch @@ -0,0 +1,55 @@ +From foo@baz Thu Aug 25 02:06:37 PM CEST 2022 +From: Amir Goldstein +Date: Tue, 23 Aug 2022 15:11:36 +0300 +Subject: xfs: only bother with sync_filesystem during readonly remount +To: Greg Kroah-Hartman +Cc: Sasha Levin , "Darrick J . Wong" , Leah Rumancik , Chandan Babu R , Luis Chamberlain , Adam Manzanares , linux-xfs@vger.kernel.org, stable@vger.kernel.org, Dave Chinner +Message-ID: <20220823121136.1806820-7-amir73il@gmail.com> + +From: Amir Goldstein + +From: "Darrick J. Wong" + +commit b97cca3ba9098522e5a1c3388764ead42640c1a5 upstream. + +In commit 02b9984d6408, we pushed a sync_filesystem() call from the VFS +into xfs_fs_remount. The only time that we ever need to push dirty file +data or metadata to disk for a remount is if we're remounting the +filesystem read only, so this really could be moved to xfs_remount_ro. + +Once we've moved the call site, actually check the return value from +sync_filesystem. + +Fixes: 02b9984d6408 ("fs: push sync_filesystem() down to the file system's remount_fs()") +Signed-off-by: Darrick J. Wong +Reviewed-by: Dave Chinner +Signed-off-by: Amir Goldstein +Acked-by: Darrick J. Wong +Signed-off-by: Greg Kroah-Hartman +--- + fs/xfs/xfs_super.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/fs/xfs/xfs_super.c ++++ b/fs/xfs/xfs_super.c +@@ -1720,6 +1720,11 @@ xfs_remount_ro( + }; + int error; + ++ /* Flush all the dirty data to disk. */ ++ error = sync_filesystem(mp->m_super); ++ if (error) ++ return error; ++ + /* + * Cancel background eofb scanning so it cannot race with the final + * log force+buftarg wait and deadlock the remount. +@@ -1790,8 +1795,6 @@ xfs_fc_reconfigure( + if (error) + return error; + +- sync_filesystem(mp->m_super); +- + /* inode32 -> inode64 */ + if ((mp->m_flags & XFS_MOUNT_SMALL_INUMS) && + !(new_mp->m_flags & XFS_MOUNT_SMALL_INUMS)) { diff --git a/queue-5.10/xfs-prevent-a-warn_once-in-xfs_ioc_attr_list.patch b/queue-5.10/xfs-prevent-a-warn_once-in-xfs_ioc_attr_list.patch new file mode 100644 index 00000000000..1114019c958 --- /dev/null +++ b/queue-5.10/xfs-prevent-a-warn_once-in-xfs_ioc_attr_list.patch @@ -0,0 +1,61 @@ +From foo@baz Thu Aug 25 02:06:37 PM CEST 2022 +From: Amir Goldstein +Date: Tue, 23 Aug 2022 15:11:31 +0300 +Subject: xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() +To: Greg Kroah-Hartman +Cc: Sasha Levin , "Darrick J . Wong" , Leah Rumancik , Chandan Babu R , Luis Chamberlain , Adam Manzanares , linux-xfs@vger.kernel.org, stable@vger.kernel.org, Dan Carpenter +Message-ID: <20220823121136.1806820-2-amir73il@gmail.com> + +From: Amir Goldstein + +From: Dan Carpenter + +commit 6ed6356b07714e0198be3bc3ecccc8b40a212de4 upstream. + +The "bufsize" comes from the root user. If "bufsize" is negative then, +because of type promotion, neither of the validation checks at the start +of the function are able to catch it: + + if (bufsize < sizeof(struct xfs_attrlist) || + bufsize > XFS_XATTR_LIST_MAX) + return -EINVAL; + +This means "bufsize" will trigger (WARN_ON_ONCE(size > INT_MAX)) in +kvmalloc_node(). Fix this by changing the type from int to size_t. + +Signed-off-by: Dan Carpenter +Reviewed-by: Darrick J. Wong +Signed-off-by: Darrick J. Wong +Signed-off-by: Amir Goldstein +Acked-by: Darrick J. Wong +Signed-off-by: Greg Kroah-Hartman +--- + fs/xfs/xfs_ioctl.c | 2 +- + fs/xfs/xfs_ioctl.h | 5 +++-- + 2 files changed, 4 insertions(+), 3 deletions(-) + +--- a/fs/xfs/xfs_ioctl.c ++++ b/fs/xfs/xfs_ioctl.c +@@ -371,7 +371,7 @@ int + xfs_ioc_attr_list( + struct xfs_inode *dp, + void __user *ubuf, +- int bufsize, ++ size_t bufsize, + int flags, + struct xfs_attrlist_cursor __user *ucursor) + { +--- a/fs/xfs/xfs_ioctl.h ++++ b/fs/xfs/xfs_ioctl.h +@@ -38,8 +38,9 @@ xfs_readlink_by_handle( + int xfs_ioc_attrmulti_one(struct file *parfilp, struct inode *inode, + uint32_t opcode, void __user *uname, void __user *value, + uint32_t *len, uint32_t flags); +-int xfs_ioc_attr_list(struct xfs_inode *dp, void __user *ubuf, int bufsize, +- int flags, struct xfs_attrlist_cursor __user *ucursor); ++int xfs_ioc_attr_list(struct xfs_inode *dp, void __user *ubuf, ++ size_t bufsize, int flags, ++ struct xfs_attrlist_cursor __user *ucursor); + + extern struct dentry * + xfs_handle_to_dentry( diff --git a/queue-5.10/xfs-reject-crazy-array-sizes-being-fed-to-xfs_ioc_getbmap.patch b/queue-5.10/xfs-reject-crazy-array-sizes-being-fed-to-xfs_ioc_getbmap.patch new file mode 100644 index 00000000000..f34ed4f952c --- /dev/null +++ b/queue-5.10/xfs-reject-crazy-array-sizes-being-fed-to-xfs_ioc_getbmap.patch @@ -0,0 +1,52 @@ +From foo@baz Thu Aug 25 02:06:37 PM CEST 2022 +From: Amir Goldstein +Date: Tue, 23 Aug 2022 15:11:32 +0300 +Subject: xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* +To: Greg Kroah-Hartman +Cc: Sasha Levin , "Darrick J . Wong" , Leah Rumancik , Chandan Babu R , Luis Chamberlain , Adam Manzanares , linux-xfs@vger.kernel.org, stable@vger.kernel.org, Allison Henderson , Catherine Hoang +Message-ID: <20220823121136.1806820-3-amir73il@gmail.com> + +From: Amir Goldstein + +From: "Darrick J. Wong" + +commit 29d650f7e3ab55283b89c9f5883d0c256ce478b5 upstream. + +Syzbot tripped over the following complaint from the kernel: + +WARNING: CPU: 2 PID: 15402 at mm/util.c:597 kvmalloc_node+0x11e/0x125 mm/util.c:597 + +While trying to run XFS_IOC_GETBMAP against the following structure: + +struct getbmap fubar = { + .bmv_count = 0x22dae649, +}; + +Obviously, this is a crazy huge value since the next thing that the +ioctl would do is allocate 37GB of memory. This is enough to make +kvmalloc mad, but isn't large enough to trip the validation functions. +In other words, I'm fussing with checks that were **already sufficient** +because that's easier than dealing with 644 internal bug reports. Yes, +that's right, six hundred and forty-four. + +Signed-off-by: Darrick J. Wong +Reviewed-by: Allison Henderson +Reviewed-by: Catherine Hoang +Signed-off-by: Amir Goldstein +Acked-by: Darrick J. Wong +Signed-off-by: Greg Kroah-Hartman +--- + fs/xfs/xfs_ioctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/xfs/xfs_ioctl.c ++++ b/fs/xfs/xfs_ioctl.c +@@ -1689,7 +1689,7 @@ xfs_ioc_getbmap( + + if (bmx.bmv_count < 2) + return -EINVAL; +- if (bmx.bmv_count > ULONG_MAX / recsize) ++ if (bmx.bmv_count >= INT_MAX / recsize) + return -ENOMEM; + + buf = kvzalloc(bmx.bmv_count * sizeof(*buf), GFP_KERNEL); diff --git a/queue-5.10/xfs-return-errors-in-xfs_fs_sync_fs.patch b/queue-5.10/xfs-return-errors-in-xfs_fs_sync_fs.patch new file mode 100644 index 00000000000..5dc35d329c7 --- /dev/null +++ b/queue-5.10/xfs-return-errors-in-xfs_fs_sync_fs.patch @@ -0,0 +1,50 @@ +From foo@baz Thu Aug 25 02:06:37 PM CEST 2022 +From: Amir Goldstein +Date: Tue, 23 Aug 2022 15:11:35 +0300 +Subject: xfs: return errors in xfs_fs_sync_fs +To: Greg Kroah-Hartman +Cc: Sasha Levin , "Darrick J . Wong" , Leah Rumancik , Chandan Babu R , Luis Chamberlain , Adam Manzanares , linux-xfs@vger.kernel.org, stable@vger.kernel.org, Jan Kara , Christoph Hellwig , Christian Brauner +Message-ID: <20220823121136.1806820-6-amir73il@gmail.com> + +From: Amir Goldstein + +From: "Darrick J. Wong" + +commit 2d86293c70750e4331e9616aded33ab6b47c299d upstream. + +Now that the VFS will do something with the return values from +->sync_fs, make ours pass on error codes. + +Signed-off-by: Darrick J. Wong +Reviewed-by: Jan Kara +Reviewed-by: Christoph Hellwig +Acked-by: Christian Brauner +Signed-off-by: Amir Goldstein +Acked-by: Darrick J. Wong +Signed-off-by: Greg Kroah-Hartman +--- + fs/xfs/xfs_super.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/fs/xfs/xfs_super.c ++++ b/fs/xfs/xfs_super.c +@@ -757,6 +757,7 @@ xfs_fs_sync_fs( + int wait) + { + struct xfs_mount *mp = XFS_M(sb); ++ int error; + + /* + * Doing anything during the async pass would be counterproductive. +@@ -764,7 +765,10 @@ xfs_fs_sync_fs( + if (!wait) + return 0; + +- xfs_log_force(mp, XFS_LOG_SYNC); ++ error = xfs_log_force(mp, XFS_LOG_SYNC); ++ if (error) ++ return error; ++ + if (laptop_mode) { + /* + * The disk must be active because we're syncing.