From 02049dfa06ff836d7a6357835f3a072b225ff3e0 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sun, 3 Sep 2023 15:01:48 +0200 Subject: [PATCH] 5.4-stable patches added patches: nilfs2-fix-warning-in-mark_buffer_dirty-due-to-discarded-buffer-reuse.patch --- ..._dirty-due-to-discarded-buffer-reuse.patch | 75 +++++++++++++++++++ queue-5.4/series | 1 + 2 files changed, 76 insertions(+) create mode 100644 queue-5.4/nilfs2-fix-warning-in-mark_buffer_dirty-due-to-discarded-buffer-reuse.patch diff --git a/queue-5.4/nilfs2-fix-warning-in-mark_buffer_dirty-due-to-discarded-buffer-reuse.patch b/queue-5.4/nilfs2-fix-warning-in-mark_buffer_dirty-due-to-discarded-buffer-reuse.patch new file mode 100644 index 00000000000..cf8a2653b1e --- /dev/null +++ b/queue-5.4/nilfs2-fix-warning-in-mark_buffer_dirty-due-to-discarded-buffer-reuse.patch @@ -0,0 +1,75 @@ +From cdaac8e7e5a059f9b5e816cda257f08d0abffacd Mon Sep 17 00:00:00 2001 +From: Ryusuke Konishi +Date: Fri, 18 Aug 2023 22:18:04 +0900 +Subject: nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse + +From: Ryusuke Konishi + +commit cdaac8e7e5a059f9b5e816cda257f08d0abffacd upstream. + +A syzbot stress test using a corrupted disk image reported that +mark_buffer_dirty() called from __nilfs_mark_inode_dirty() or +nilfs_palloc_commit_alloc_entry() may output a kernel warning, and can +panic if the kernel is booted with panic_on_warn. + +This is because nilfs2 keeps buffer pointers in local structures for some +metadata and reuses them, but such buffers may be forcibly discarded by +nilfs_clear_dirty_page() in some critical situations. + +This issue is reported to appear after commit 28a65b49eb53 ("nilfs2: do +not write dirty data after degenerating to read-only"), but the issue has +potentially existed before. + +Fix this issue by checking the uptodate flag when attempting to reuse an +internally held buffer, and reloading the metadata instead of reusing the +buffer if the flag was lost. + +Link: https://lkml.kernel.org/r/20230818131804.7758-1-konishi.ryusuke@gmail.com +Signed-off-by: Ryusuke Konishi +Reported-by: syzbot+cdfcae656bac88ba0e2d@syzkaller.appspotmail.com +Closes: https://lkml.kernel.org/r/0000000000003da75f05fdeffd12@google.com +Fixes: 8c26c4e2694a ("nilfs2: fix issue with flush kernel thread after remount in RO mode because of driver's internal error or metadata corruption") +Tested-by: Ryusuke Konishi +Cc: # 3.10+ +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + fs/nilfs2/alloc.c | 3 ++- + fs/nilfs2/inode.c | 7 +++++-- + 2 files changed, 7 insertions(+), 3 deletions(-) + +--- a/fs/nilfs2/alloc.c ++++ b/fs/nilfs2/alloc.c +@@ -205,7 +205,8 @@ static int nilfs_palloc_get_block(struct + int ret; + + spin_lock(lock); +- if (prev->bh && blkoff == prev->blkoff) { ++ if (prev->bh && blkoff == prev->blkoff && ++ likely(buffer_uptodate(prev->bh))) { + get_bh(prev->bh); + *bhp = prev->bh; + spin_unlock(lock); +--- a/fs/nilfs2/inode.c ++++ b/fs/nilfs2/inode.c +@@ -1036,7 +1036,7 @@ int nilfs_load_inode_block(struct inode + int err; + + spin_lock(&nilfs->ns_inode_lock); +- if (ii->i_bh == NULL) { ++ if (ii->i_bh == NULL || unlikely(!buffer_uptodate(ii->i_bh))) { + spin_unlock(&nilfs->ns_inode_lock); + err = nilfs_ifile_get_inode_block(ii->i_root->ifile, + inode->i_ino, pbh); +@@ -1045,7 +1045,10 @@ int nilfs_load_inode_block(struct inode + spin_lock(&nilfs->ns_inode_lock); + if (ii->i_bh == NULL) + ii->i_bh = *pbh; +- else { ++ else if (unlikely(!buffer_uptodate(ii->i_bh))) { ++ __brelse(ii->i_bh); ++ ii->i_bh = *pbh; ++ } else { + brelse(*pbh); + *pbh = ii->i_bh; + } diff --git a/queue-5.4/series b/queue-5.4/series index fc39457f4e2..b1881ef69f5 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -13,3 +13,4 @@ serial-sc16is7xx-fix-bug-when-first-setting-gpio-direction.patch firmware-stratix10-svc-fix-an-null-vs-is_err-bug-in-probe.patch fsi-master-ast-cf-add-module_firmware-macro.patch nilfs2-fix-general-protection-fault-in-nilfs_lookup_dirty_data_buffers.patch +nilfs2-fix-warning-in-mark_buffer_dirty-due-to-discarded-buffer-reuse.patch -- 2.47.3