From 1a5d6584a9be7dc3ec05d844bbd24769e55f6bf3 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 25 Apr 2022 13:58:13 +0200 Subject: [PATCH] 4.14-stable patches added patches: ext4-fix-overhead-calculation-to-account-for-the-reserved-gdt-blocks.patch ext4-fix-symlink-file-size-not-match-to-file-content.patch ext4-force-overhead-calculation-if-the-s_overhead_cluster-makes-no-sense.patch ext4-limit-length-to-bitmap_maxbytes-blocksize-in-punch_hole.patch --- ...-account-for-the-reserved-gdt-blocks.patch | 35 +++++++++++ ...-file-size-not-match-to-file-content.patch | 51 ++++++++++++++++ ...he-s_overhead_cluster-makes-no-sense.patch | 44 ++++++++++++++ ...map_maxbytes-blocksize-in-punch_hole.patch | 60 +++++++++++++++++++ queue-4.14/series | 4 ++ 5 files changed, 194 insertions(+) create mode 100644 queue-4.14/ext4-fix-overhead-calculation-to-account-for-the-reserved-gdt-blocks.patch create mode 100644 queue-4.14/ext4-fix-symlink-file-size-not-match-to-file-content.patch create mode 100644 queue-4.14/ext4-force-overhead-calculation-if-the-s_overhead_cluster-makes-no-sense.patch create mode 100644 queue-4.14/ext4-limit-length-to-bitmap_maxbytes-blocksize-in-punch_hole.patch diff --git a/queue-4.14/ext4-fix-overhead-calculation-to-account-for-the-reserved-gdt-blocks.patch b/queue-4.14/ext4-fix-overhead-calculation-to-account-for-the-reserved-gdt-blocks.patch new file mode 100644 index 00000000000..ca542bb7f40 --- /dev/null +++ b/queue-4.14/ext4-fix-overhead-calculation-to-account-for-the-reserved-gdt-blocks.patch @@ -0,0 +1,35 @@ +From 10b01ee92df52c8d7200afead4d5e5f55a5c58b1 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Thu, 14 Apr 2022 21:31:27 -0400 +Subject: ext4: fix overhead calculation to account for the reserved gdt blocks + +From: Theodore Ts'o + +commit 10b01ee92df52c8d7200afead4d5e5f55a5c58b1 upstream. + +The kernel calculation was underestimating the overhead by not taking +into account the reserved gdt blocks. With this change, the overhead +calculated by the kernel matches the overhead calculation in mke2fs. + +Signed-off-by: Theodore Ts'o +Cc: stable@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/super.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -3366,9 +3366,11 @@ static int count_overhead(struct super_b + ext4_fsblk_t first_block, last_block, b; + ext4_group_t i, ngroups = ext4_get_groups_count(sb); + int s, j, count = 0; ++ int has_super = ext4_bg_has_super(sb, grp); + + if (!ext4_has_feature_bigalloc(sb)) +- return (ext4_bg_has_super(sb, grp) + ext4_bg_num_gdb(sb, grp) + ++ return (has_super + ext4_bg_num_gdb(sb, grp) + ++ (has_super ? le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks) : 0) + + sbi->s_itb_per_group + 2); + + first_block = le32_to_cpu(sbi->s_es->s_first_data_block) + diff --git a/queue-4.14/ext4-fix-symlink-file-size-not-match-to-file-content.patch b/queue-4.14/ext4-fix-symlink-file-size-not-match-to-file-content.patch new file mode 100644 index 00000000000..a8b96bbbd27 --- /dev/null +++ b/queue-4.14/ext4-fix-symlink-file-size-not-match-to-file-content.patch @@ -0,0 +1,51 @@ +From a2b0b205d125f27cddfb4f7280e39affdaf46686 Mon Sep 17 00:00:00 2001 +From: Ye Bin +Date: Mon, 21 Mar 2022 22:44:38 +0800 +Subject: ext4: fix symlink file size not match to file content + +From: Ye Bin + +commit a2b0b205d125f27cddfb4f7280e39affdaf46686 upstream. + +We got issue as follows: +[home]# fsck.ext4 -fn ram0yb +e2fsck 1.45.6 (20-Mar-2020) +Pass 1: Checking inodes, blocks, and sizes +Pass 2: Checking directory structure +Symlink /p3/d14/d1a/l3d (inode #3494) is invalid. +Clear? no +Entry 'l3d' in /p3/d14/d1a (3383) has an incorrect filetype (was 7, should be 0). +Fix? no + +As the symlink file size does not match the file content. If the writeback +of the symlink data block failed, ext4_finish_bio() handles the end of IO. +However this function fails to mark the buffer with BH_write_io_error and +so when unmount does journal checkpoint it cannot detect the writeback +error and will cleanup the journal. Thus we've lost the correct data in the +journal area. To solve this issue, mark the buffer as BH_write_io_error in +ext4_finish_bio(). + +Cc: stable@kernel.org +Signed-off-by: Ye Bin +Reviewed-by: Jan Kara +Link: https://lore.kernel.org/r/20220321144438.201685-1-yebin10@huawei.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/page-io.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/fs/ext4/page-io.c ++++ b/fs/ext4/page-io.c +@@ -105,8 +105,10 @@ static void ext4_finish_bio(struct bio * + continue; + } + clear_buffer_async_write(bh); +- if (bio->bi_status) ++ if (bio->bi_status) { ++ set_buffer_write_io_error(bh); + buffer_io_error(bh); ++ } + } while ((bh = bh->b_this_page) != head); + bit_spin_unlock(BH_Uptodate_Lock, &head->b_state); + local_irq_restore(flags); diff --git a/queue-4.14/ext4-force-overhead-calculation-if-the-s_overhead_cluster-makes-no-sense.patch b/queue-4.14/ext4-force-overhead-calculation-if-the-s_overhead_cluster-makes-no-sense.patch new file mode 100644 index 00000000000..24ecb41a3e1 --- /dev/null +++ b/queue-4.14/ext4-force-overhead-calculation-if-the-s_overhead_cluster-makes-no-sense.patch @@ -0,0 +1,44 @@ +From 85d825dbf4899a69407338bae462a59aa9a37326 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Thu, 14 Apr 2022 21:57:49 -0400 +Subject: ext4: force overhead calculation if the s_overhead_cluster makes no sense + +From: Theodore Ts'o + +commit 85d825dbf4899a69407338bae462a59aa9a37326 upstream. + +If the file system does not use bigalloc, calculating the overhead is +cheap, so force the recalculation of the overhead so we don't have to +trust the precalculated overhead in the superblock. + +Signed-off-by: Theodore Ts'o +Cc: stable@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/super.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -4345,9 +4345,18 @@ no_journal: + * Get the # of file system overhead blocks from the + * superblock if present. + */ +- if (es->s_overhead_clusters) +- sbi->s_overhead = le32_to_cpu(es->s_overhead_clusters); +- else { ++ sbi->s_overhead = le32_to_cpu(es->s_overhead_clusters); ++ /* ignore the precalculated value if it is ridiculous */ ++ if (sbi->s_overhead > ext4_blocks_count(es)) ++ sbi->s_overhead = 0; ++ /* ++ * If the bigalloc feature is not enabled recalculating the ++ * overhead doesn't take long, so we might as well just redo ++ * it to make sure we are using the correct value. ++ */ ++ if (!ext4_has_feature_bigalloc(sb)) ++ sbi->s_overhead = 0; ++ if (sbi->s_overhead == 0) { + err = ext4_calculate_overhead(sb); + if (err) + goto failed_mount_wq; diff --git a/queue-4.14/ext4-limit-length-to-bitmap_maxbytes-blocksize-in-punch_hole.patch b/queue-4.14/ext4-limit-length-to-bitmap_maxbytes-blocksize-in-punch_hole.patch new file mode 100644 index 00000000000..4f1e125e196 --- /dev/null +++ b/queue-4.14/ext4-limit-length-to-bitmap_maxbytes-blocksize-in-punch_hole.patch @@ -0,0 +1,60 @@ +From 2da376228a2427501feb9d15815a45dbdbdd753e Mon Sep 17 00:00:00 2001 +From: Tadeusz Struk +Date: Thu, 31 Mar 2022 13:05:15 -0700 +Subject: ext4: limit length to bitmap_maxbytes - blocksize in punch_hole + +From: Tadeusz Struk + +commit 2da376228a2427501feb9d15815a45dbdbdd753e upstream. + +Syzbot found an issue [1] in ext4_fallocate(). +The C reproducer [2] calls fallocate(), passing size 0xffeffeff000ul, +and offset 0x1000000ul, which, when added together exceed the +bitmap_maxbytes for the inode. This triggers a BUG in +ext4_ind_remove_space(). According to the comments in this function +the 'end' parameter needs to be one block after the last block to be +removed. In the case when the BUG is triggered it points to the last +block. Modify the ext4_punch_hole() function and add constraint that +caps the length to satisfy the one before laster block requirement. + +LINK: [1] https://syzkaller.appspot.com/bug?id=b80bd9cf348aac724a4f4dff251800106d721331 +LINK: [2] https://syzkaller.appspot.com/text?tag=ReproC&x=14ba0238700000 + +Fixes: a4bb6b64e39a ("ext4: enable "punch hole" functionality") +Reported-by: syzbot+7a806094edd5d07ba029@syzkaller.appspotmail.com +Signed-off-by: Tadeusz Struk +Link: https://lore.kernel.org/r/20220331200515.153214-1-tadeusz.struk@linaro.org +Signed-off-by: Theodore Ts'o +Cc: stable@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/inode.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -4224,7 +4224,8 @@ int ext4_punch_hole(struct inode *inode, + struct super_block *sb = inode->i_sb; + ext4_lblk_t first_block, stop_block; + struct address_space *mapping = inode->i_mapping; +- loff_t first_block_offset, last_block_offset; ++ loff_t first_block_offset, last_block_offset, max_length; ++ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); + handle_t *handle; + unsigned int credits; + int ret = 0; +@@ -4270,6 +4271,14 @@ int ext4_punch_hole(struct inode *inode, + offset; + } + ++ /* ++ * For punch hole the length + offset needs to be within one block ++ * before last range. Adjust the length if it goes beyond that limit. ++ */ ++ max_length = sbi->s_bitmap_maxbytes - inode->i_sb->s_blocksize; ++ if (offset + length > max_length) ++ length = max_length - offset; ++ + if (offset & (sb->s_blocksize - 1) || + (offset + length) & (sb->s_blocksize - 1)) { + /* diff --git a/queue-4.14/series b/queue-4.14/series index f67f3ef10b2..c81f440785e 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -26,3 +26,7 @@ openvswitch-fix-oob-access-in-reserve_sfa_size.patch asoc-soc-dapm-fix-two-incorrect-uses-of-list-iterator.patch e1000e-fix-possible-overflow-in-ltr-decoding.patch arc-entry-fix-syscall_trace_exit-argument.patch +ext4-fix-symlink-file-size-not-match-to-file-content.patch +ext4-limit-length-to-bitmap_maxbytes-blocksize-in-punch_hole.patch +ext4-fix-overhead-calculation-to-account-for-the-reserved-gdt-blocks.patch +ext4-force-overhead-calculation-if-the-s_overhead_cluster-makes-no-sense.patch -- 2.47.3