--- /dev/null
+From 08604f6b9f73f5a7704e856a61c1593b43305acd Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 11 Aug 2024 19:03:20 +0900
+Subject: nilfs2: protect references to superblock parameters exposed in sysfs
+
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+
+[ Upstream commit 683408258917541bdb294cd717c210a04381931e ]
+
+The superblock buffers of nilfs2 can not only be overwritten at runtime
+for modifications/repairs, but they are also regularly swapped, replaced
+during resizing, and even abandoned when degrading to one side due to
+backing device issues. So, accessing them requires mutual exclusion using
+the reader/writer semaphore "nilfs->ns_sem".
+
+Some sysfs attribute show methods read this superblock buffer without the
+necessary mutual exclusion, which can cause problems with pointer
+dereferencing and memory access, so fix it.
+
+Link: https://lkml.kernel.org/r/20240811100320.9913-1-konishi.ryusuke@gmail.com
+Fixes: da7141fb78db ("nilfs2: add /sys/fs/nilfs2/<device> group")
+Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nilfs2/sysfs.c | 43 +++++++++++++++++++++++++++++++++----------
+ 1 file changed, 33 insertions(+), 10 deletions(-)
+
+diff --git a/fs/nilfs2/sysfs.c b/fs/nilfs2/sysfs.c
+index 63ab8f9e6db3..64ea44be0a64 100644
+--- a/fs/nilfs2/sysfs.c
++++ b/fs/nilfs2/sysfs.c
+@@ -843,9 +843,15 @@ ssize_t nilfs_dev_revision_show(struct nilfs_dev_attr *attr,
+ struct the_nilfs *nilfs,
+ char *buf)
+ {
+- struct nilfs_super_block **sbp = nilfs->ns_sbp;
+- u32 major = le32_to_cpu(sbp[0]->s_rev_level);
+- u16 minor = le16_to_cpu(sbp[0]->s_minor_rev_level);
++ struct nilfs_super_block *raw_sb;
++ u32 major;
++ u16 minor;
++
++ down_read(&nilfs->ns_sem);
++ raw_sb = nilfs->ns_sbp[0];
++ major = le32_to_cpu(raw_sb->s_rev_level);
++ minor = le16_to_cpu(raw_sb->s_minor_rev_level);
++ up_read(&nilfs->ns_sem);
+
+ return sysfs_emit(buf, "%d.%d\n", major, minor);
+ }
+@@ -863,8 +869,13 @@ ssize_t nilfs_dev_device_size_show(struct nilfs_dev_attr *attr,
+ struct the_nilfs *nilfs,
+ char *buf)
+ {
+- struct nilfs_super_block **sbp = nilfs->ns_sbp;
+- u64 dev_size = le64_to_cpu(sbp[0]->s_dev_size);
++ struct nilfs_super_block *raw_sb;
++ u64 dev_size;
++
++ down_read(&nilfs->ns_sem);
++ raw_sb = nilfs->ns_sbp[0];
++ dev_size = le64_to_cpu(raw_sb->s_dev_size);
++ up_read(&nilfs->ns_sem);
+
+ return sysfs_emit(buf, "%llu\n", dev_size);
+ }
+@@ -886,9 +897,15 @@ ssize_t nilfs_dev_uuid_show(struct nilfs_dev_attr *attr,
+ struct the_nilfs *nilfs,
+ char *buf)
+ {
+- struct nilfs_super_block **sbp = nilfs->ns_sbp;
++ struct nilfs_super_block *raw_sb;
++ ssize_t len;
+
+- return sysfs_emit(buf, "%pUb\n", sbp[0]->s_uuid);
++ down_read(&nilfs->ns_sem);
++ raw_sb = nilfs->ns_sbp[0];
++ len = sysfs_emit(buf, "%pUb\n", raw_sb->s_uuid);
++ up_read(&nilfs->ns_sem);
++
++ return len;
+ }
+
+ static
+@@ -896,10 +913,16 @@ ssize_t nilfs_dev_volume_name_show(struct nilfs_dev_attr *attr,
+ struct the_nilfs *nilfs,
+ char *buf)
+ {
+- struct nilfs_super_block **sbp = nilfs->ns_sbp;
++ struct nilfs_super_block *raw_sb;
++ ssize_t len;
++
++ down_read(&nilfs->ns_sem);
++ raw_sb = nilfs->ns_sbp[0];
++ len = scnprintf(buf, sizeof(raw_sb->s_volume_name), "%s\n",
++ raw_sb->s_volume_name);
++ up_read(&nilfs->ns_sem);
+
+- return scnprintf(buf, sizeof(sbp[0]->s_volume_name), "%s\n",
+- sbp[0]->s_volume_name);
++ return len;
+ }
+
+ static const char dev_readme_str[] =
+--
+2.43.0
+
--- /dev/null
+From 54aef1abe7e009635961c1e7644b38ee6ca426f2 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 8 Nov 2021 18:34:58 -0800
+Subject: nilfs2: replace snprintf in show functions with sysfs_emit
+
+From: Qing Wang <wangqing@vivo.com>
+
+[ Upstream commit 3bcd6c5bd483287f4a09d3d59a012d47677b6edc ]
+
+Patch series "nilfs2 updates".
+
+This patch (of 2):
+
+coccicheck complains about the use of snprintf() in sysfs show functions.
+
+Fix the coccicheck warning:
+
+ WARNING: use scnprintf or sprintf.
+
+Use sysfs_emit instead of scnprintf or sprintf makes more sense.
+
+Link: https://lkml.kernel.org/r/1635151862-11547-1-git-send-email-konishi.ryusuke@gmail.com
+Link: https://lkml.kernel.org/r/1634095759-4625-1-git-send-email-wangqing@vivo.com
+Link: https://lkml.kernel.org/r/1635151862-11547-2-git-send-email-konishi.ryusuke@gmail.com
+Signed-off-by: Qing Wang <wangqing@vivo.com>
+Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Stable-dep-of: 683408258917 ("nilfs2: protect references to superblock parameters exposed in sysfs")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nilfs2/sysfs.c | 76 +++++++++++++++++++++++------------------------
+ 1 file changed, 38 insertions(+), 38 deletions(-)
+
+diff --git a/fs/nilfs2/sysfs.c b/fs/nilfs2/sysfs.c
+index 57afd06db62d..63ab8f9e6db3 100644
+--- a/fs/nilfs2/sysfs.c
++++ b/fs/nilfs2/sysfs.c
+@@ -108,7 +108,7 @@ static ssize_t
+ nilfs_snapshot_inodes_count_show(struct nilfs_snapshot_attr *attr,
+ struct nilfs_root *root, char *buf)
+ {
+- return snprintf(buf, PAGE_SIZE, "%llu\n",
++ return sysfs_emit(buf, "%llu\n",
+ (unsigned long long)atomic64_read(&root->inodes_count));
+ }
+
+@@ -116,7 +116,7 @@ static ssize_t
+ nilfs_snapshot_blocks_count_show(struct nilfs_snapshot_attr *attr,
+ struct nilfs_root *root, char *buf)
+ {
+- return snprintf(buf, PAGE_SIZE, "%llu\n",
++ return sysfs_emit(buf, "%llu\n",
+ (unsigned long long)atomic64_read(&root->blocks_count));
+ }
+
+@@ -129,7 +129,7 @@ static ssize_t
+ nilfs_snapshot_README_show(struct nilfs_snapshot_attr *attr,
+ struct nilfs_root *root, char *buf)
+ {
+- return snprintf(buf, PAGE_SIZE, snapshot_readme_str);
++ return sysfs_emit(buf, snapshot_readme_str);
+ }
+
+ NILFS_SNAPSHOT_RO_ATTR(inodes_count);
+@@ -230,7 +230,7 @@ static ssize_t
+ nilfs_mounted_snapshots_README_show(struct nilfs_mounted_snapshots_attr *attr,
+ struct the_nilfs *nilfs, char *buf)
+ {
+- return snprintf(buf, PAGE_SIZE, mounted_snapshots_readme_str);
++ return sysfs_emit(buf, mounted_snapshots_readme_str);
+ }
+
+ NILFS_MOUNTED_SNAPSHOTS_RO_ATTR(README);
+@@ -268,7 +268,7 @@ nilfs_checkpoints_checkpoints_number_show(struct nilfs_checkpoints_attr *attr,
+
+ ncheckpoints = cpstat.cs_ncps;
+
+- return snprintf(buf, PAGE_SIZE, "%llu\n", ncheckpoints);
++ return sysfs_emit(buf, "%llu\n", ncheckpoints);
+ }
+
+ static ssize_t
+@@ -291,7 +291,7 @@ nilfs_checkpoints_snapshots_number_show(struct nilfs_checkpoints_attr *attr,
+
+ nsnapshots = cpstat.cs_nsss;
+
+- return snprintf(buf, PAGE_SIZE, "%llu\n", nsnapshots);
++ return sysfs_emit(buf, "%llu\n", nsnapshots);
+ }
+
+ static ssize_t
+@@ -305,7 +305,7 @@ nilfs_checkpoints_last_seg_checkpoint_show(struct nilfs_checkpoints_attr *attr,
+ last_cno = nilfs->ns_last_cno;
+ spin_unlock(&nilfs->ns_last_segment_lock);
+
+- return snprintf(buf, PAGE_SIZE, "%llu\n", last_cno);
++ return sysfs_emit(buf, "%llu\n", last_cno);
+ }
+
+ static ssize_t
+@@ -319,7 +319,7 @@ nilfs_checkpoints_next_checkpoint_show(struct nilfs_checkpoints_attr *attr,
+ cno = nilfs->ns_cno;
+ up_read(&nilfs->ns_segctor_sem);
+
+- return snprintf(buf, PAGE_SIZE, "%llu\n", cno);
++ return sysfs_emit(buf, "%llu\n", cno);
+ }
+
+ static const char checkpoints_readme_str[] =
+@@ -335,7 +335,7 @@ static ssize_t
+ nilfs_checkpoints_README_show(struct nilfs_checkpoints_attr *attr,
+ struct the_nilfs *nilfs, char *buf)
+ {
+- return snprintf(buf, PAGE_SIZE, checkpoints_readme_str);
++ return sysfs_emit(buf, checkpoints_readme_str);
+ }
+
+ NILFS_CHECKPOINTS_RO_ATTR(checkpoints_number);
+@@ -366,7 +366,7 @@ nilfs_segments_segments_number_show(struct nilfs_segments_attr *attr,
+ struct the_nilfs *nilfs,
+ char *buf)
+ {
+- return snprintf(buf, PAGE_SIZE, "%lu\n", nilfs->ns_nsegments);
++ return sysfs_emit(buf, "%lu\n", nilfs->ns_nsegments);
+ }
+
+ static ssize_t
+@@ -374,7 +374,7 @@ nilfs_segments_blocks_per_segment_show(struct nilfs_segments_attr *attr,
+ struct the_nilfs *nilfs,
+ char *buf)
+ {
+- return snprintf(buf, PAGE_SIZE, "%lu\n", nilfs->ns_blocks_per_segment);
++ return sysfs_emit(buf, "%lu\n", nilfs->ns_blocks_per_segment);
+ }
+
+ static ssize_t
+@@ -388,7 +388,7 @@ nilfs_segments_clean_segments_show(struct nilfs_segments_attr *attr,
+ ncleansegs = nilfs_sufile_get_ncleansegs(nilfs->ns_sufile);
+ up_read(&NILFS_MDT(nilfs->ns_dat)->mi_sem);
+
+- return snprintf(buf, PAGE_SIZE, "%lu\n", ncleansegs);
++ return sysfs_emit(buf, "%lu\n", ncleansegs);
+ }
+
+ static ssize_t
+@@ -408,7 +408,7 @@ nilfs_segments_dirty_segments_show(struct nilfs_segments_attr *attr,
+ return err;
+ }
+
+- return snprintf(buf, PAGE_SIZE, "%llu\n", sustat.ss_ndirtysegs);
++ return sysfs_emit(buf, "%llu\n", sustat.ss_ndirtysegs);
+ }
+
+ static const char segments_readme_str[] =
+@@ -424,7 +424,7 @@ nilfs_segments_README_show(struct nilfs_segments_attr *attr,
+ struct the_nilfs *nilfs,
+ char *buf)
+ {
+- return snprintf(buf, PAGE_SIZE, segments_readme_str);
++ return sysfs_emit(buf, segments_readme_str);
+ }
+
+ NILFS_SEGMENTS_RO_ATTR(segments_number);
+@@ -461,7 +461,7 @@ nilfs_segctor_last_pseg_block_show(struct nilfs_segctor_attr *attr,
+ last_pseg = nilfs->ns_last_pseg;
+ spin_unlock(&nilfs->ns_last_segment_lock);
+
+- return snprintf(buf, PAGE_SIZE, "%llu\n",
++ return sysfs_emit(buf, "%llu\n",
+ (unsigned long long)last_pseg);
+ }
+
+@@ -476,7 +476,7 @@ nilfs_segctor_last_seg_sequence_show(struct nilfs_segctor_attr *attr,
+ last_seq = nilfs->ns_last_seq;
+ spin_unlock(&nilfs->ns_last_segment_lock);
+
+- return snprintf(buf, PAGE_SIZE, "%llu\n", last_seq);
++ return sysfs_emit(buf, "%llu\n", last_seq);
+ }
+
+ static ssize_t
+@@ -490,7 +490,7 @@ nilfs_segctor_last_seg_checkpoint_show(struct nilfs_segctor_attr *attr,
+ last_cno = nilfs->ns_last_cno;
+ spin_unlock(&nilfs->ns_last_segment_lock);
+
+- return snprintf(buf, PAGE_SIZE, "%llu\n", last_cno);
++ return sysfs_emit(buf, "%llu\n", last_cno);
+ }
+
+ static ssize_t
+@@ -504,7 +504,7 @@ nilfs_segctor_current_seg_sequence_show(struct nilfs_segctor_attr *attr,
+ seg_seq = nilfs->ns_seg_seq;
+ up_read(&nilfs->ns_segctor_sem);
+
+- return snprintf(buf, PAGE_SIZE, "%llu\n", seg_seq);
++ return sysfs_emit(buf, "%llu\n", seg_seq);
+ }
+
+ static ssize_t
+@@ -518,7 +518,7 @@ nilfs_segctor_current_last_full_seg_show(struct nilfs_segctor_attr *attr,
+ segnum = nilfs->ns_segnum;
+ up_read(&nilfs->ns_segctor_sem);
+
+- return snprintf(buf, PAGE_SIZE, "%llu\n", segnum);
++ return sysfs_emit(buf, "%llu\n", segnum);
+ }
+
+ static ssize_t
+@@ -532,7 +532,7 @@ nilfs_segctor_next_full_seg_show(struct nilfs_segctor_attr *attr,
+ nextnum = nilfs->ns_nextnum;
+ up_read(&nilfs->ns_segctor_sem);
+
+- return snprintf(buf, PAGE_SIZE, "%llu\n", nextnum);
++ return sysfs_emit(buf, "%llu\n", nextnum);
+ }
+
+ static ssize_t
+@@ -546,7 +546,7 @@ nilfs_segctor_next_pseg_offset_show(struct nilfs_segctor_attr *attr,
+ pseg_offset = nilfs->ns_pseg_offset;
+ up_read(&nilfs->ns_segctor_sem);
+
+- return snprintf(buf, PAGE_SIZE, "%lu\n", pseg_offset);
++ return sysfs_emit(buf, "%lu\n", pseg_offset);
+ }
+
+ static ssize_t
+@@ -560,7 +560,7 @@ nilfs_segctor_next_checkpoint_show(struct nilfs_segctor_attr *attr,
+ cno = nilfs->ns_cno;
+ up_read(&nilfs->ns_segctor_sem);
+
+- return snprintf(buf, PAGE_SIZE, "%llu\n", cno);
++ return sysfs_emit(buf, "%llu\n", cno);
+ }
+
+ static ssize_t
+@@ -588,7 +588,7 @@ nilfs_segctor_last_seg_write_time_secs_show(struct nilfs_segctor_attr *attr,
+ ctime = nilfs->ns_ctime;
+ up_read(&nilfs->ns_segctor_sem);
+
+- return snprintf(buf, PAGE_SIZE, "%llu\n", ctime);
++ return sysfs_emit(buf, "%llu\n", ctime);
+ }
+
+ static ssize_t
+@@ -616,7 +616,7 @@ nilfs_segctor_last_nongc_write_time_secs_show(struct nilfs_segctor_attr *attr,
+ nongc_ctime = nilfs->ns_nongc_ctime;
+ up_read(&nilfs->ns_segctor_sem);
+
+- return snprintf(buf, PAGE_SIZE, "%llu\n", nongc_ctime);
++ return sysfs_emit(buf, "%llu\n", nongc_ctime);
+ }
+
+ static ssize_t
+@@ -630,7 +630,7 @@ nilfs_segctor_dirty_data_blocks_count_show(struct nilfs_segctor_attr *attr,
+ ndirtyblks = atomic_read(&nilfs->ns_ndirtyblks);
+ up_read(&nilfs->ns_segctor_sem);
+
+- return snprintf(buf, PAGE_SIZE, "%u\n", ndirtyblks);
++ return sysfs_emit(buf, "%u\n", ndirtyblks);
+ }
+
+ static const char segctor_readme_str[] =
+@@ -667,7 +667,7 @@ static ssize_t
+ nilfs_segctor_README_show(struct nilfs_segctor_attr *attr,
+ struct the_nilfs *nilfs, char *buf)
+ {
+- return snprintf(buf, PAGE_SIZE, segctor_readme_str);
++ return sysfs_emit(buf, segctor_readme_str);
+ }
+
+ NILFS_SEGCTOR_RO_ATTR(last_pseg_block);
+@@ -736,7 +736,7 @@ nilfs_superblock_sb_write_time_secs_show(struct nilfs_superblock_attr *attr,
+ sbwtime = nilfs->ns_sbwtime;
+ up_read(&nilfs->ns_sem);
+
+- return snprintf(buf, PAGE_SIZE, "%llu\n", sbwtime);
++ return sysfs_emit(buf, "%llu\n", sbwtime);
+ }
+
+ static ssize_t
+@@ -750,7 +750,7 @@ nilfs_superblock_sb_write_count_show(struct nilfs_superblock_attr *attr,
+ sbwcount = nilfs->ns_sbwcount;
+ up_read(&nilfs->ns_sem);
+
+- return snprintf(buf, PAGE_SIZE, "%u\n", sbwcount);
++ return sysfs_emit(buf, "%u\n", sbwcount);
+ }
+
+ static ssize_t
+@@ -764,7 +764,7 @@ nilfs_superblock_sb_update_frequency_show(struct nilfs_superblock_attr *attr,
+ sb_update_freq = nilfs->ns_sb_update_freq;
+ up_read(&nilfs->ns_sem);
+
+- return snprintf(buf, PAGE_SIZE, "%u\n", sb_update_freq);
++ return sysfs_emit(buf, "%u\n", sb_update_freq);
+ }
+
+ static ssize_t
+@@ -812,7 +812,7 @@ static ssize_t
+ nilfs_superblock_README_show(struct nilfs_superblock_attr *attr,
+ struct the_nilfs *nilfs, char *buf)
+ {
+- return snprintf(buf, PAGE_SIZE, sb_readme_str);
++ return sysfs_emit(buf, sb_readme_str);
+ }
+
+ NILFS_SUPERBLOCK_RO_ATTR(sb_write_time);
+@@ -847,7 +847,7 @@ ssize_t nilfs_dev_revision_show(struct nilfs_dev_attr *attr,
+ u32 major = le32_to_cpu(sbp[0]->s_rev_level);
+ u16 minor = le16_to_cpu(sbp[0]->s_minor_rev_level);
+
+- return snprintf(buf, PAGE_SIZE, "%d.%d\n", major, minor);
++ return sysfs_emit(buf, "%d.%d\n", major, minor);
+ }
+
+ static
+@@ -855,7 +855,7 @@ ssize_t nilfs_dev_blocksize_show(struct nilfs_dev_attr *attr,
+ struct the_nilfs *nilfs,
+ char *buf)
+ {
+- return snprintf(buf, PAGE_SIZE, "%u\n", nilfs->ns_blocksize);
++ return sysfs_emit(buf, "%u\n", nilfs->ns_blocksize);
+ }
+
+ static
+@@ -866,7 +866,7 @@ ssize_t nilfs_dev_device_size_show(struct nilfs_dev_attr *attr,
+ struct nilfs_super_block **sbp = nilfs->ns_sbp;
+ u64 dev_size = le64_to_cpu(sbp[0]->s_dev_size);
+
+- return snprintf(buf, PAGE_SIZE, "%llu\n", dev_size);
++ return sysfs_emit(buf, "%llu\n", dev_size);
+ }
+
+ static
+@@ -877,7 +877,7 @@ ssize_t nilfs_dev_free_blocks_show(struct nilfs_dev_attr *attr,
+ sector_t free_blocks = 0;
+
+ nilfs_count_free_blocks(nilfs, &free_blocks);
+- return snprintf(buf, PAGE_SIZE, "%llu\n",
++ return sysfs_emit(buf, "%llu\n",
+ (unsigned long long)free_blocks);
+ }
+
+@@ -888,7 +888,7 @@ ssize_t nilfs_dev_uuid_show(struct nilfs_dev_attr *attr,
+ {
+ struct nilfs_super_block **sbp = nilfs->ns_sbp;
+
+- return snprintf(buf, PAGE_SIZE, "%pUb\n", sbp[0]->s_uuid);
++ return sysfs_emit(buf, "%pUb\n", sbp[0]->s_uuid);
+ }
+
+ static
+@@ -916,7 +916,7 @@ static ssize_t nilfs_dev_README_show(struct nilfs_dev_attr *attr,
+ struct the_nilfs *nilfs,
+ char *buf)
+ {
+- return snprintf(buf, PAGE_SIZE, dev_readme_str);
++ return sysfs_emit(buf, dev_readme_str);
+ }
+
+ NILFS_DEV_RO_ATTR(revision);
+@@ -1060,7 +1060,7 @@ void nilfs_sysfs_delete_device_group(struct the_nilfs *nilfs)
+ static ssize_t nilfs_feature_revision_show(struct kobject *kobj,
+ struct attribute *attr, char *buf)
+ {
+- return snprintf(buf, PAGE_SIZE, "%d.%d\n",
++ return sysfs_emit(buf, "%d.%d\n",
+ NILFS_CURRENT_REV, NILFS_MINOR_REV);
+ }
+
+@@ -1073,7 +1073,7 @@ static ssize_t nilfs_feature_README_show(struct kobject *kobj,
+ struct attribute *attr,
+ char *buf)
+ {
+- return snprintf(buf, PAGE_SIZE, features_readme_str);
++ return sysfs_emit(buf, features_readme_str);
+ }
+
+ NILFS_FEATURE_RO_ATTR(revision);
+--
+2.43.0
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
