From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 6 Nov 2024 07:01:33 +0000 (+0100)
Subject: 6.6-stable patches
X-Git-Tag: v4.19.323~40
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=253110d18d363cfb3b8821df251621e5c2003d6d;p=thirdparty%2Fkernel%2Fstable-queue.git

6.6-stable patches

added patches:
	nilfs2-fix-kernel-bug-due-to-missing-clearing-of-checked-flag.patch
---

diff --git a/queue-6.6/nilfs2-fix-kernel-bug-due-to-missing-clearing-of-checked-flag.patch b/queue-6.6/nilfs2-fix-kernel-bug-due-to-missing-clearing-of-checked-flag.patch
new file mode 100644
index 00000000000..134d43b7645
--- /dev/null
+++ b/queue-6.6/nilfs2-fix-kernel-bug-due-to-missing-clearing-of-checked-flag.patch
@@ -0,0 +1,45 @@
+From 41e192ad2779cae0102879612dfe46726e4396aa Mon Sep 17 00:00:00 2001
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Date: Fri, 18 Oct 2024 04:33:10 +0900
+Subject: nilfs2: fix kernel bug due to missing clearing of checked flag
+
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+
+commit 41e192ad2779cae0102879612dfe46726e4396aa upstream.
+
+Syzbot reported that in directory operations after nilfs2 detects
+filesystem corruption and degrades to read-only,
+__block_write_begin_int(), which is called to prepare block writes, may
+fail the BUG_ON check for accesses exceeding the folio/page size,
+triggering a kernel bug.
+
+This was found to be because the "checked" flag of a page/folio was not
+cleared when it was discarded by nilfs2's own routine, which causes the
+sanity check of directory entries to be skipped when the directory
+page/folio is reloaded.  So, fix that.
+
+This was necessary when the use of nilfs2's own page discard routine was
+applied to more than just metadata files.
+
+Link: https://lkml.kernel.org/r/20241017193359.5051-1-konishi.ryusuke@gmail.com
+Fixes: 8c26c4e2694a ("nilfs2: fix issue with flush kernel thread after remount in RO mode because of driver's internal error or metadata corruption")
+Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Reported-by: syzbot+d6ca2daf692c7a82f959@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=d6ca2daf692c7a82f959
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nilfs2/page.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/nilfs2/page.c
++++ b/fs/nilfs2/page.c
+@@ -405,6 +405,7 @@ void nilfs_clear_dirty_page(struct page
+ 
+ 	ClearPageUptodate(page);
+ 	ClearPageMappedToDisk(page);
++	ClearPageChecked(page);
+ 
+ 	if (page_has_buffers(page)) {
+ 		struct buffer_head *bh, *head;
diff --git a/queue-6.6/series b/queue-6.6/series
index 6dc471f5f75..82a1302df86 100644
--- a/queue-6.6/series
+++ b/queue-6.6/series
@@ -138,3 +138,4 @@ vmscan-migrate-fix-page-count-imbalance-on-node-stat.patch
 arm64-dts-imx8ulp-correct-the-flexspi-compatible-string.patch
 io_uring-always-lock-__io_cqring_overflow_flush.patch
 wifi-mac80211-fix-null-dereference-at-band-check-in-starting-tx-ba-session.patch
+nilfs2-fix-kernel-bug-due-to-missing-clearing-of-checked-flag.patch