From: Greg Kroah-Hartman Date: Sun, 20 Aug 2023 18:13:20 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v6.4.12~82 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=40b619ae8c8d042c9f8a19a586e91d41b21d82b5;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: btrfs-fix-bug_on-condition-in-btrfs_cancel_balance.patch --- diff --git a/queue-4.19/btrfs-fix-bug_on-condition-in-btrfs_cancel_balance.patch b/queue-4.19/btrfs-fix-bug_on-condition-in-btrfs_cancel_balance.patch new file mode 100644 index 00000000000..a40486d1746 --- /dev/null +++ b/queue-4.19/btrfs-fix-bug_on-condition-in-btrfs_cancel_balance.patch @@ -0,0 +1,64 @@ +From 29eefa6d0d07e185f7bfe9576f91e6dba98189c2 Mon Sep 17 00:00:00 2001 +From: xiaoshoukui +Date: Tue, 15 Aug 2023 02:55:59 -0400 +Subject: btrfs: fix BUG_ON condition in btrfs_cancel_balance + +From: xiaoshoukui + +commit 29eefa6d0d07e185f7bfe9576f91e6dba98189c2 upstream. + +Pausing and canceling balance can race to interrupt balance lead to BUG_ON +panic in btrfs_cancel_balance. The BUG_ON condition in btrfs_cancel_balance +does not take this race scenario into account. + +However, the race condition has no other side effects. We can fix that. + +Reproducing it with panic trace like this: + + kernel BUG at fs/btrfs/volumes.c:4618! + RIP: 0010:btrfs_cancel_balance+0x5cf/0x6a0 + Call Trace: + + ? do_nanosleep+0x60/0x120 + ? hrtimer_nanosleep+0xb7/0x1a0 + ? sched_core_clone_cookie+0x70/0x70 + btrfs_ioctl_balance_ctl+0x55/0x70 + btrfs_ioctl+0xa46/0xd20 + __x64_sys_ioctl+0x7d/0xa0 + do_syscall_64+0x38/0x80 + entry_SYSCALL_64_after_hwframe+0x63/0xcd + + Race scenario as follows: + > mutex_unlock(&fs_info->balance_mutex); + > -------------------- + > .......issue pause and cancel req in another thread + > -------------------- + > ret = __btrfs_balance(fs_info); + > + > mutex_lock(&fs_info->balance_mutex); + > if (ret == -ECANCELED && atomic_read(&fs_info->balance_pause_req)) { + > btrfs_info(fs_info, "balance: paused"); + > btrfs_exclop_balance(fs_info, BTRFS_EXCLOP_BALANCE_PAUSED); + > } + +CC: stable@vger.kernel.org # 4.19+ +Signed-off-by: xiaoshoukui +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/volumes.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/fs/btrfs/volumes.c ++++ b/fs/btrfs/volumes.c +@@ -4106,8 +4106,7 @@ int btrfs_cancel_balance(struct btrfs_fs + } + } + +- BUG_ON(fs_info->balance_ctl || +- test_bit(BTRFS_FS_BALANCE_RUNNING, &fs_info->flags)); ++ ASSERT(!test_bit(BTRFS_FS_BALANCE_RUNNING, &fs_info->flags)); + atomic_dec(&fs_info->balance_cancel_req); + mutex_unlock(&fs_info->balance_mutex); + return 0; diff --git a/queue-4.19/series b/queue-4.19/series index e046c8a22b2..14797ff17e4 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -56,3 +56,4 @@ virtio-mmio-use-to_virtio_mmio_device-to-simply-code.patch virtio-mmio-don-t-break-lifecycle-of-vm_dev.patch fbdev-mmp-fix-value-check-in-mmphw_probe.patch powerpc-rtas_flash-allow-user-copy-to-flash-block-cache-objects.patch +btrfs-fix-bug_on-condition-in-btrfs_cancel_balance.patch