--- /dev/null
+From 41e192ad2779cae0102879612dfe46726e4396aa Mon Sep 17 00:00:00 2001
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Date: Fri, 18 Oct 2024 04:33:10 +0900
+Subject: nilfs2: fix kernel bug due to missing clearing of checked flag
+
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+
+commit 41e192ad2779cae0102879612dfe46726e4396aa upstream.
+
+Syzbot reported that in directory operations after nilfs2 detects
+filesystem corruption and degrades to read-only,
+__block_write_begin_int(), which is called to prepare block writes, may
+fail the BUG_ON check for accesses exceeding the folio/page size,
+triggering a kernel bug.
+
+This was found to be because the "checked" flag of a page/folio was not
+cleared when it was discarded by nilfs2's own routine, which causes the
+sanity check of directory entries to be skipped when the directory
+page/folio is reloaded. So, fix that.
+
+This was necessary when the use of nilfs2's own page discard routine was
+applied to more than just metadata files.
+
+Link: https://lkml.kernel.org/r/20241017193359.5051-1-konishi.ryusuke@gmail.com
+Fixes: 8c26c4e2694a ("nilfs2: fix issue with flush kernel thread after remount in RO mode because of driver's internal error or metadata corruption")
+Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Reported-by: syzbot+d6ca2daf692c7a82f959@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=d6ca2daf692c7a82f959
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nilfs2/page.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/nilfs2/page.c
++++ b/fs/nilfs2/page.c
+@@ -405,6 +405,7 @@ void nilfs_clear_dirty_page(struct page
+
+ ClearPageUptodate(page);
+ ClearPageMappedToDisk(page);
++ ClearPageChecked(page);
+
+ if (page_has_buffers(page)) {
+ struct buffer_head *bh, *head;
projects / thirdparty / kernel / stable-queue.git / commitdiff
