From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 15 Dec 2024 09:31:47 +0000 (+0100)
Subject: 5.15-stable patches
X-Git-Tag: v5.4.288~44
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3507110298e9c500fb422d1437d2d7c6b94e7e2d;p=thirdparty%2Fkernel%2Fstable-queue.git

5.15-stable patches

added patches:
	exfat-fix-potential-deadlock-on-__exfat_get_dentry_set.patch
---

diff --git a/queue-5.15/exfat-fix-potential-deadlock-on-__exfat_get_dentry_set.patch b/queue-5.15/exfat-fix-potential-deadlock-on-__exfat_get_dentry_set.patch
new file mode 100644
index 00000000000..d5e6477c2ab
--- /dev/null
+++ b/queue-5.15/exfat-fix-potential-deadlock-on-__exfat_get_dentry_set.patch
@@ -0,0 +1,59 @@
+From 89fc548767a2155231128cb98726d6d2ea1256c9 Mon Sep 17 00:00:00 2001
+From: Sungjong Seo <sj1557.seo@samsung.com>
+Date: Fri, 31 May 2024 19:14:44 +0900
+Subject: exfat: fix potential deadlock on __exfat_get_dentry_set
+
+From: Sungjong Seo <sj1557.seo@samsung.com>
+
+commit 89fc548767a2155231128cb98726d6d2ea1256c9 upstream.
+
+When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array
+is allocated in __exfat_get_entry_set. The problem is that the bh-array is
+allocated with GFP_KERNEL. It does not make sense. In the following cases,
+a deadlock for sbi->s_lock between the two processes may occur.
+
+       CPU0                CPU1
+       ----                ----
+  kswapd
+   balance_pgdat
+    lock(fs_reclaim)
+                      exfat_iterate
+                       lock(&sbi->s_lock)
+                       exfat_readdir
+                        exfat_get_uniname_from_ext_entry
+                         exfat_get_dentry_set
+                          __exfat_get_dentry_set
+                           kmalloc_array
+                            ...
+                            lock(fs_reclaim)
+    ...
+    evict
+     exfat_evict_inode
+      lock(&sbi->s_lock)
+
+To fix this, let's allocate bh-array with GFP_NOFS.
+
+Fixes: a3ff29a95fde ("exfat: support dynamic allocate bh for exfat_entry_set_cache")
+Cc: stable@vger.kernel.org # v6.2+
+Reported-by: syzbot+412a392a2cd4a65e71db@syzkaller.appspotmail.com
+Closes: https://lore.kernel.org/lkml/000000000000fef47e0618c0327f@google.com
+Signed-off-by: Sungjong Seo <sj1557.seo@samsung.com>
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+[Sherry: The problematic commit was backported to 5.15.y and 5.10.y, thus backport this fix]
+Signed-off-by: Sherry Yang <sherry.yang@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/exfat/dir.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/exfat/dir.c
++++ b/fs/exfat/dir.c
+@@ -878,7 +878,7 @@ struct exfat_entry_set_cache *exfat_get_
+ 
+ 	num_bh = EXFAT_B_TO_BLK_ROUND_UP(off + num_entries * DENTRY_SIZE, sb);
+ 	if (num_bh > ARRAY_SIZE(es->__bh)) {
+-		es->bh = kmalloc_array(num_bh, sizeof(*es->bh), GFP_KERNEL);
++		es->bh = kmalloc_array(num_bh, sizeof(*es->bh), GFP_NOFS);
+ 		if (!es->bh) {
+ 			brelse(bh);
+ 			kfree(es);
diff --git a/queue-5.15/series b/queue-5.15/series
index b617a696397..fcb0d982254 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -15,3 +15,4 @@ xfs-return-from-xfs_symlink_verify-early-on-v4-filesystems.patch
 xfs-fix-scrub-tracepoints-when-inode-rooted-btrees-are-involved.patch
 bpf-sockmap-fix-update-element-with-same.patch
 virtio-vsock-fix-accept_queue-memory-leak.patch
+exfat-fix-potential-deadlock-on-__exfat_get_dentry_set.patch