From: Greg Kroah-Hartman Date: Sat, 21 Jan 2023 10:34:01 +0000 (+0100) Subject: 5.10-stable patches X-Git-Tag: v4.14.304~53 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=221710fac4f4d75ac326aac821c7270abdb565d6;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: add-exception-protection-processing-for-vd-in-axi_chan_handle_err-function.patch nilfs2-fix-general-protection-fault-in-nilfs_btree_insert.patch wifi-brcmfmac-fix-regression-for-broadcom-pcie-wifi-devices.patch wifi-mac80211-sdata-can-be-null-during-ampdu-start.patch zonefs-detect-append-writes-at-invalid-locations.patch --- diff --git a/queue-5.10/add-exception-protection-processing-for-vd-in-axi_chan_handle_err-function.patch b/queue-5.10/add-exception-protection-processing-for-vd-in-axi_chan_handle_err-function.patch new file mode 100644 index 00000000000..6015c56862a --- /dev/null +++ b/queue-5.10/add-exception-protection-processing-for-vd-in-axi_chan_handle_err-function.patch @@ -0,0 +1,99 @@ +From 57054fe516d59d03a7bcf1888e82479ccc244f87 Mon Sep 17 00:00:00 2001 +From: "Shawn.Shao" +Date: Thu, 12 Jan 2023 13:58:02 +0800 +Subject: Add exception protection processing for vd in axi_chan_handle_err function + +From: Shawn.Shao + +commit 57054fe516d59d03a7bcf1888e82479ccc244f87 upstream. + +Since there is no protection for vd, a kernel panic will be +triggered here in exceptional cases. + +You can refer to the processing of axi_chan_block_xfer_complete function + +The triggered kernel panic is as follows: + +[ 67.848444] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060 +[ 67.848447] Mem abort info: +[ 67.848449] ESR = 0x96000004 +[ 67.848451] EC = 0x25: DABT (current EL), IL = 32 bits +[ 67.848454] SET = 0, FnV = 0 +[ 67.848456] EA = 0, S1PTW = 0 +[ 67.848458] Data abort info: +[ 67.848460] ISV = 0, ISS = 0x00000004 +[ 67.848462] CM = 0, WnR = 0 +[ 67.848465] user pgtable: 4k pages, 48-bit VAs, pgdp=00000800c4c0b000 +[ 67.848468] [0000000000000060] pgd=0000000000000000, p4d=0000000000000000 +[ 67.848472] Internal error: Oops: 96000004 [#1] SMP +[ 67.848475] Modules linked in: dmatest +[ 67.848479] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.100-emu_x2rc+ #11 +[ 67.848483] pstate: 62000085 (nZCv daIf -PAN -UAO +TCO BTYPE=--) +[ 67.848487] pc : axi_chan_handle_err+0xc4/0x230 +[ 67.848491] lr : axi_chan_handle_err+0x30/0x230 +[ 67.848493] sp : ffff0803fe55ae50 +[ 67.848495] x29: ffff0803fe55ae50 x28: ffff800011212200 +[ 67.848500] x27: ffff0800c42c0080 x26: ffff0800c097c080 +[ 67.848504] x25: ffff800010d33880 x24: ffff80001139d850 +[ 67.848508] x23: ffff0800c097c168 x22: 0000000000000000 +[ 67.848512] x21: 0000000000000080 x20: 0000000000002000 +[ 67.848517] x19: ffff0800c097c080 x18: 0000000000000000 +[ 67.848521] x17: 0000000000000000 x16: 0000000000000000 +[ 67.848525] x15: 0000000000000000 x14: 0000000000000000 +[ 67.848529] x13: 0000000000000000 x12: 0000000000000040 +[ 67.848533] x11: ffff0800c0400248 x10: ffff0800c040024a +[ 67.848538] x9 : ffff800010576cd4 x8 : ffff0800c0400270 +[ 67.848542] x7 : 0000000000000000 x6 : ffff0800c04003e0 +[ 67.848546] x5 : ffff0800c0400248 x4 : ffff0800c4294480 +[ 67.848550] x3 : dead000000000100 x2 : dead000000000122 +[ 67.848555] x1 : 0000000000000100 x0 : ffff0800c097c168 +[ 67.848559] Call trace: +[ 67.848562] axi_chan_handle_err+0xc4/0x230 +[ 67.848566] dw_axi_dma_interrupt+0xf4/0x590 +[ 67.848569] __handle_irq_event_percpu+0x60/0x220 +[ 67.848573] handle_irq_event+0x64/0x120 +[ 67.848576] handle_fasteoi_irq+0xc4/0x220 +[ 67.848580] __handle_domain_irq+0x80/0xe0 +[ 67.848583] gic_handle_irq+0xc0/0x138 +[ 67.848585] el1_irq+0xc8/0x180 +[ 67.848588] arch_cpu_idle+0x14/0x2c +[ 67.848591] default_idle_call+0x40/0x16c +[ 67.848594] do_idle+0x1f0/0x250 +[ 67.848597] cpu_startup_entry+0x2c/0x60 +[ 67.848600] rest_init+0xc0/0xcc +[ 67.848603] arch_call_rest_init+0x14/0x1c +[ 67.848606] start_kernel+0x4cc/0x500 +[ 67.848610] Code: eb0002ff 9a9f12d6 f2fbd5a2 f2fbd5a3 (a94602c1) +[ 67.848613] ---[ end trace 585a97036f88203a ]--- + +Signed-off-by: Shawn.Shao +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230112055802.1764-1-shawn.shao@jaguarmicro.com +Signed-off-by: Vinod Koul +Signed-off-by: Greg Kroah-Hartman +--- + drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c ++++ b/drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c +@@ -551,6 +551,11 @@ static noinline void axi_chan_handle_err + + /* The bad descriptor currently is in the head of vc list */ + vd = vchan_next_desc(&chan->vc); ++ if (!vd) { ++ dev_err(chan2dev(chan), "BUG: %s, IRQ with no descriptors\n", ++ axi_chan_name(chan)); ++ goto out; ++ } + /* Remove the completed descriptor from issued list */ + list_del(&vd->node); + +@@ -565,6 +570,7 @@ static noinline void axi_chan_handle_err + /* Try to restart the controller */ + axi_chan_start_first_queued(chan); + ++out: + spin_unlock_irqrestore(&chan->vc.lock, flags); + } + diff --git a/queue-5.10/nilfs2-fix-general-protection-fault-in-nilfs_btree_insert.patch b/queue-5.10/nilfs2-fix-general-protection-fault-in-nilfs_btree_insert.patch new file mode 100644 index 00000000000..b0645fc0d4d --- /dev/null +++ b/queue-5.10/nilfs2-fix-general-protection-fault-in-nilfs_btree_insert.patch @@ -0,0 +1,102 @@ +From 7633355e5c7f29c049a9048e461427d1d8ed3051 Mon Sep 17 00:00:00 2001 +From: Ryusuke Konishi +Date: Thu, 5 Jan 2023 14:53:56 +0900 +Subject: nilfs2: fix general protection fault in nilfs_btree_insert() + +From: Ryusuke Konishi + +commit 7633355e5c7f29c049a9048e461427d1d8ed3051 upstream. + +If nilfs2 reads a corrupted disk image and tries to reads a b-tree node +block by calling __nilfs_btree_get_block() against an invalid virtual +block address, it returns -ENOENT because conversion of the virtual block +address to a disk block address fails. However, this return value is the +same as the internal code that b-tree lookup routines return to indicate +that the block being searched does not exist, so functions that operate on +that b-tree may misbehave. + +When nilfs_btree_insert() receives this spurious 'not found' code from +nilfs_btree_do_lookup(), it misunderstands that the 'not found' check was +successful and continues the insert operation using incomplete lookup path +data, causing the following crash: + + general protection fault, probably for non-canonical address + 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN + KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] + ... + RIP: 0010:nilfs_btree_get_nonroot_node fs/nilfs2/btree.c:418 [inline] + RIP: 0010:nilfs_btree_prepare_insert fs/nilfs2/btree.c:1077 [inline] + RIP: 0010:nilfs_btree_insert+0x6d3/0x1c10 fs/nilfs2/btree.c:1238 + Code: bc 24 80 00 00 00 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 + ff e8 4b 02 92 fe 4d 8b 3f 49 83 c7 28 4c 89 f8 48 c1 e8 03 <42> 80 3c + 28 00 74 08 4c 89 ff e8 2e 02 92 fe 4d 8b 3f 49 83 c7 02 + ... + Call Trace: + + nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [inline] + nilfs_bmap_insert+0x20d/0x360 fs/nilfs2/bmap.c:147 + nilfs_get_block+0x414/0x8d0 fs/nilfs2/inode.c:101 + __block_write_begin_int+0x54c/0x1a80 fs/buffer.c:1991 + __block_write_begin fs/buffer.c:2041 [inline] + block_write_begin+0x93/0x1e0 fs/buffer.c:2102 + nilfs_write_begin+0x9c/0x110 fs/nilfs2/inode.c:261 + generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772 + __generic_file_write_iter+0x176/0x400 mm/filemap.c:3900 + generic_file_write_iter+0xab/0x310 mm/filemap.c:3932 + call_write_iter include/linux/fs.h:2186 [inline] + new_sync_write fs/read_write.c:491 [inline] + vfs_write+0x7dc/0xc50 fs/read_write.c:584 + ksys_write+0x177/0x2a0 fs/read_write.c:637 + do_syscall_x64 arch/x86/entry/common.c:50 [inline] + do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 + entry_SYSCALL_64_after_hwframe+0x63/0xcd + ... + + +This patch fixes the root cause of this problem by replacing the error +code that __nilfs_btree_get_block() returns on block address conversion +failure from -ENOENT to another internal code -EINVAL which means that the +b-tree metadata is corrupted. + +By returning -EINVAL, it propagates without glitches, and for all relevant +b-tree operations, functions in the upper bmap layer output an error +message indicating corrupted b-tree metadata via +nilfs_bmap_convert_error(), and code -EIO will be eventually returned as +it should be. + +Link: https://lkml.kernel.org/r/000000000000bd89e205f0e38355@google.com +Link: https://lkml.kernel.org/r/20230105055356.8811-1-konishi.ryusuke@gmail.com +Signed-off-by: Ryusuke Konishi +Reported-by: syzbot+ede796cecd5296353515@syzkaller.appspotmail.com +Tested-by: Ryusuke Konishi +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + fs/nilfs2/btree.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +--- a/fs/nilfs2/btree.c ++++ b/fs/nilfs2/btree.c +@@ -480,9 +480,18 @@ static int __nilfs_btree_get_block(const + ret = nilfs_btnode_submit_block(btnc, ptr, 0, REQ_OP_READ, 0, &bh, + &submit_ptr); + if (ret) { +- if (ret != -EEXIST) +- return ret; +- goto out_check; ++ if (likely(ret == -EEXIST)) ++ goto out_check; ++ if (ret == -ENOENT) { ++ /* ++ * Block address translation failed due to invalid ++ * value of 'ptr'. In this case, return internal code ++ * -EINVAL (broken bmap) to notify bmap layer of fatal ++ * metadata corruption. ++ */ ++ ret = -EINVAL; ++ } ++ return ret; + } + + if (ra) { diff --git a/queue-5.10/series b/queue-5.10/series index ae3d7118aaf..fe23331850e 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -7,3 +7,8 @@ rdma-srp-move-large-values-to-a-new-enum-for-gcc13.patch btrfs-always-report-error-in-run_one_delayed_ref.patch x86-asm-fix-an-assembler-warning-with-current-binuti.patch f2fs-let-s-avoid-panic-if-extent_tree-is-not-created.patch +wifi-brcmfmac-fix-regression-for-broadcom-pcie-wifi-devices.patch +wifi-mac80211-sdata-can-be-null-during-ampdu-start.patch +add-exception-protection-processing-for-vd-in-axi_chan_handle_err-function.patch +zonefs-detect-append-writes-at-invalid-locations.patch +nilfs2-fix-general-protection-fault-in-nilfs_btree_insert.patch diff --git a/queue-5.10/wifi-brcmfmac-fix-regression-for-broadcom-pcie-wifi-devices.patch b/queue-5.10/wifi-brcmfmac-fix-regression-for-broadcom-pcie-wifi-devices.patch new file mode 100644 index 00000000000..ed2e37df767 --- /dev/null +++ b/queue-5.10/wifi-brcmfmac-fix-regression-for-broadcom-pcie-wifi-devices.patch @@ -0,0 +1,39 @@ +From ed05cb177ae5cd7f02f1d6e7706ba627d30f1696 Mon Sep 17 00:00:00 2001 +From: Arend van Spriel +Date: Wed, 11 Jan 2023 12:24:19 +0100 +Subject: wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices + +From: Arend van Spriel + +commit ed05cb177ae5cd7f02f1d6e7706ba627d30f1696 upstream. + +A sanity check was introduced considering maximum flowrings above +256 as insane and effectively aborting the device probe. This +resulted in regression for number of users as the value turns out +to be sane after all. + +Fixes: 2aca4f3734bd ("brcmfmac: return error when getting invalid max_flowrings from dongle") +Reported-by: chainofflowers +Link: https://lore.kernel.org/all/4781984.GXAFRqVoOG@luna/ +Reported-by: Christian Marillat +Link: https://bugzilla.kernel.org/show_bug.cgi?id=216894 +Cc: stable@vger.kernel.org +Signed-off-by: Arend van Spriel +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20230111112419.24185-1-arend.vanspriel@broadcom.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c +@@ -1109,7 +1109,7 @@ static int brcmf_pcie_init_ringbuffers(s + BRCMF_NROF_H2D_COMMON_MSGRINGS; + max_completionrings = BRCMF_NROF_D2H_COMMON_MSGRINGS; + } +- if (max_flowrings > 256) { ++ if (max_flowrings > 512) { + brcmf_err(bus, "invalid max_flowrings(%d)\n", max_flowrings); + return -EIO; + } diff --git a/queue-5.10/wifi-mac80211-sdata-can-be-null-during-ampdu-start.patch b/queue-5.10/wifi-mac80211-sdata-can-be-null-during-ampdu-start.patch new file mode 100644 index 00000000000..7d60d67accc --- /dev/null +++ b/queue-5.10/wifi-mac80211-sdata-can-be-null-during-ampdu-start.patch @@ -0,0 +1,117 @@ +From 69403bad97aa0162e3d7911b27e25abe774093df Mon Sep 17 00:00:00 2001 +From: Alexander Wetzel +Date: Fri, 30 Dec 2022 13:18:50 +0100 +Subject: wifi: mac80211: sdata can be NULL during AMPDU start + +From: Alexander Wetzel + +commit 69403bad97aa0162e3d7911b27e25abe774093df upstream. + +ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a +deauthentication is ongoing. + +Here a trace triggering the race with the hostapd test +multi_ap_fronthaul_on_ap: + +(gdb) list *drv_ampdu_action+0x46 +0x8b16 is in drv_ampdu_action (net/mac80211/driver-ops.c:396). +391 int ret = -EOPNOTSUPP; +392 +393 might_sleep(); +394 +395 sdata = get_bss_sdata(sdata); +396 if (!check_sdata_in_driver(sdata)) +397 return -EIO; +398 +399 trace_drv_ampdu_action(local, sdata, params); +400 + +wlan0: moving STA 02:00:00:00:03:00 to state 3 +wlan0: associated +wlan0: deauthenticating from 02:00:00:00:03:00 by local choice (Reason: 3=DEAUTH_LEAVING) +wlan3.sta1: Open BA session requested for 02:00:00:00:00:00 tid 0 +wlan3.sta1: dropped frame to 02:00:00:00:00:00 (unauthorized port) +wlan0: moving STA 02:00:00:00:03:00 to state 2 +wlan0: moving STA 02:00:00:00:03:00 to state 1 +wlan0: Removed STA 02:00:00:00:03:00 +wlan0: Destroyed STA 02:00:00:00:03:00 +BUG: unable to handle page fault for address: fffffffffffffb48 +PGD 11814067 P4D 11814067 PUD 11816067 PMD 0 +Oops: 0000 [#1] PREEMPT SMP PTI +CPU: 2 PID: 133397 Comm: kworker/u16:1 Tainted: G W 6.1.0-rc8-wt+ #59 +Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 +Workqueue: phy3 ieee80211_ba_session_work [mac80211] +RIP: 0010:drv_ampdu_action+0x46/0x280 [mac80211] +Code: 53 48 89 f3 be 89 01 00 00 e8 d6 43 bf ef e8 21 46 81 f0 83 bb a0 1b 00 00 04 75 0e 48 8b 9b 28 0d 00 00 48 81 eb 10 0e 00 00 <8b> 93 58 09 00 00 f6 c2 20 0f 84 3b 01 00 00 8b 05 dd 1c 0f 00 85 +RSP: 0018:ffffc900025ebd20 EFLAGS: 00010287 +RAX: 0000000000000000 RBX: fffffffffffff1f0 RCX: ffff888102228240 +RDX: 0000000080000000 RSI: ffffffff918c5de0 RDI: ffff888102228b40 +RBP: ffffc900025ebd40 R08: 0000000000000001 R09: 0000000000000001 +R10: 0000000000000001 R11: 0000000000000000 R12: ffff888118c18ec0 +R13: 0000000000000000 R14: ffffc900025ebd60 R15: ffff888018b7efb8 +FS: 0000000000000000(0000) GS:ffff88817a600000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: fffffffffffffb48 CR3: 0000000105228006 CR4: 0000000000170ee0 +Call Trace: + + ieee80211_tx_ba_session_handle_start+0xd0/0x190 [mac80211] + ieee80211_ba_session_work+0xff/0x2e0 [mac80211] + process_one_work+0x29f/0x620 + worker_thread+0x4d/0x3d0 + ? process_one_work+0x620/0x620 + kthread+0xfb/0x120 + ? kthread_complete_and_exit+0x20/0x20 + ret_from_fork+0x22/0x30 + + +Signed-off-by: Alexander Wetzel +Link: https://lore.kernel.org/r/20221230121850.218810-2-alexander@wetzel-home.de +Cc: stable@vger.kernel.org +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman +--- + net/mac80211/agg-tx.c | 6 +++++- + net/mac80211/driver-ops.c | 3 +++ + 2 files changed, 8 insertions(+), 1 deletion(-) + +--- a/net/mac80211/agg-tx.c ++++ b/net/mac80211/agg-tx.c +@@ -491,7 +491,7 @@ void ieee80211_tx_ba_session_handle_star + { + struct tid_ampdu_tx *tid_tx; + struct ieee80211_local *local = sta->local; +- struct ieee80211_sub_if_data *sdata = sta->sdata; ++ struct ieee80211_sub_if_data *sdata; + struct ieee80211_ampdu_params params = { + .sta = &sta->sta, + .action = IEEE80211_AMPDU_TX_START, +@@ -521,6 +521,7 @@ void ieee80211_tx_ba_session_handle_star + */ + synchronize_net(); + ++ sdata = sta->sdata; + params.ssn = sta->tid_seq[tid] >> 4; + ret = drv_ampdu_action(local, sdata, ¶ms); + tid_tx->ssn = params.ssn; +@@ -534,6 +535,9 @@ void ieee80211_tx_ba_session_handle_star + */ + set_bit(HT_AGG_STATE_DRV_READY, &tid_tx->state); + } else if (ret) { ++ if (!sdata) ++ return; ++ + ht_dbg(sdata, + "BA request denied - HW unavailable for %pM tid %d\n", + sta->sta.addr, tid); +--- a/net/mac80211/driver-ops.c ++++ b/net/mac80211/driver-ops.c +@@ -331,6 +331,9 @@ int drv_ampdu_action(struct ieee80211_lo + + might_sleep(); + ++ if (!sdata) ++ return -EIO; ++ + sdata = get_bss_sdata(sdata); + if (!check_sdata_in_driver(sdata)) + return -EIO; diff --git a/queue-5.10/zonefs-detect-append-writes-at-invalid-locations.patch b/queue-5.10/zonefs-detect-append-writes-at-invalid-locations.patch new file mode 100644 index 00000000000..23cf2392791 --- /dev/null +++ b/queue-5.10/zonefs-detect-append-writes-at-invalid-locations.patch @@ -0,0 +1,72 @@ +From a608da3bd730d718f2d3ebec1c26f9865f8f17ce Mon Sep 17 00:00:00 2001 +From: Damien Le Moal +Date: Fri, 6 Jan 2023 17:43:06 +0900 +Subject: zonefs: Detect append writes at invalid locations + +From: Damien Le Moal + +commit a608da3bd730d718f2d3ebec1c26f9865f8f17ce upstream. + +Using REQ_OP_ZONE_APPEND operations for synchronous writes to sequential +files succeeds regardless of the zone write pointer position, as long as +the target zone is not full. This means that if an external (buggy) +application writes to the zone of a sequential file underneath the file +system, subsequent file write() operation will succeed but the file size +will not be correct and the file will contain invalid data written by +another application. + +Modify zonefs_file_dio_append() to check the written sector of an append +write (returned in bio->bi_iter.bi_sector) and return -EIO if there is a +mismatch with the file zone wp offset field. This change triggers a call +to zonefs_io_error() and a zone check. Modify zonefs_io_error_cb() to +not expose the unexpected data after the current inode size when the +errors=remount-ro mode is used. Other error modes are correctly handled +already. + +Fixes: 02ef12a663c7 ("zonefs: use REQ_OP_ZONE_APPEND for sync DIO") +Cc: stable@vger.kernel.org +Signed-off-by: Damien Le Moal +Reviewed-by: Johannes Thumshirn +Signed-off-by: Greg Kroah-Hartman +--- + fs/zonefs/super.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +--- a/fs/zonefs/super.c ++++ b/fs/zonefs/super.c +@@ -394,6 +394,10 @@ static int zonefs_io_error_cb(struct blk + data_size = zonefs_check_zone_condition(inode, zone, + false, false); + } ++ } else if (sbi->s_mount_opts & ZONEFS_MNTOPT_ERRORS_RO && ++ data_size > isize) { ++ /* Do not expose garbage data */ ++ data_size = isize; + } + + /* +@@ -772,6 +776,24 @@ static ssize_t zonefs_file_dio_append(st + + ret = submit_bio_wait(bio); + ++ /* ++ * If the file zone was written underneath the file system, the zone ++ * write pointer may not be where we expect it to be, but the zone ++ * append write can still succeed. So check manually that we wrote where ++ * we intended to, that is, at zi->i_wpoffset. ++ */ ++ if (!ret) { ++ sector_t wpsector = ++ zi->i_zsector + (zi->i_wpoffset >> SECTOR_SHIFT); ++ ++ if (bio->bi_iter.bi_sector != wpsector) { ++ zonefs_warn(inode->i_sb, ++ "Corrupted write pointer %llu for zone at %llu\n", ++ wpsector, zi->i_zsector); ++ ret = -EIO; ++ } ++ } ++ + zonefs_file_write_dio_end_io(iocb, size, ret, 0); + + out_release: