From: Greg Kroah-Hartman Date: Mon, 29 Jul 2024 12:29:12 +0000 (+0200) Subject: 5.15-stable patches X-Git-Tag: v6.1.103~54 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=47eae4cb3cd8e2e7beec5a5b12fb4c083f698767;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: f2fs-fix-return-value-of-f2fs_convert_inline_inode.patch f2fs-fix-to-don-t-dirty-inode-for-readonly-filesystem.patch fs-ntfs3-update-log-page_-mask-bits-if-log-page_size-changed.patch scsi-qla2xxx-return-enobufs-if-sg_cnt-is-more-than-one-for-els-cmds.patch --- diff --git a/queue-5.15/f2fs-fix-return-value-of-f2fs_convert_inline_inode.patch b/queue-5.15/f2fs-fix-return-value-of-f2fs_convert_inline_inode.patch new file mode 100644 index 00000000000..cdb828bbceb --- /dev/null +++ b/queue-5.15/f2fs-fix-return-value-of-f2fs_convert_inline_inode.patch @@ -0,0 +1,58 @@ +From a8eb3de28e7a365690c61161e7a07a4fc7c60bbf Mon Sep 17 00:00:00 2001 +From: Chao Yu +Date: Mon, 3 Jun 2024 09:07:45 +0800 +Subject: f2fs: fix return value of f2fs_convert_inline_inode() + +From: Chao Yu + +commit a8eb3de28e7a365690c61161e7a07a4fc7c60bbf upstream. + +If device is readonly, make f2fs_convert_inline_inode() +return EROFS instead of zero, otherwise it may trigger +panic during writeback of inline inode's dirty page as +below: + + f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888 + f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline] + __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline] + f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3369 + do_writepages+0x359/0x870 mm/page-writeback.c:2634 + filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397 + __filemap_fdatawrite_range mm/filemap.c:430 [inline] + file_write_and_wait_range+0x1aa/0x290 mm/filemap.c:788 + f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276 + generic_write_sync include/linux/fs.h:2806 [inline] + f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977 + call_write_iter include/linux/fs.h:2114 [inline] + new_sync_write fs/read_write.c:497 [inline] + vfs_write+0xa72/0xc90 fs/read_write.c:590 + ksys_write+0x1a0/0x2c0 fs/read_write.c:643 + do_syscall_x64 arch/x86/entry/common.c:52 [inline] + do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 + entry_SYSCALL_64_after_hwframe+0x77/0x7f + +Cc: stable@vger.kernel.org +Reported-by: syzbot+848062ba19c8782ca5c8@syzkaller.appspotmail.com +Closes: https://lore.kernel.org/linux-f2fs-devel/000000000000d103ce06174d7ec3@google.com +Signed-off-by: Chao Yu +Signed-off-by: Jaegeuk Kim +Signed-off-by: Greg Kroah-Hartman +--- + fs/f2fs/inline.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/fs/f2fs/inline.c ++++ b/fs/f2fs/inline.c +@@ -203,8 +203,10 @@ int f2fs_convert_inline_inode(struct ino + struct page *ipage, *page; + int err = 0; + +- if (!f2fs_has_inline_data(inode) || +- f2fs_hw_is_readonly(sbi) || f2fs_readonly(sbi->sb)) ++ if (f2fs_hw_is_readonly(sbi) || f2fs_readonly(sbi->sb)) ++ return -EROFS; ++ ++ if (!f2fs_has_inline_data(inode)) + return 0; + + err = f2fs_dquot_initialize(inode); diff --git a/queue-5.15/f2fs-fix-to-don-t-dirty-inode-for-readonly-filesystem.patch b/queue-5.15/f2fs-fix-to-don-t-dirty-inode-for-readonly-filesystem.patch new file mode 100644 index 00000000000..56c1b2c4307 --- /dev/null +++ b/queue-5.15/f2fs-fix-to-don-t-dirty-inode-for-readonly-filesystem.patch @@ -0,0 +1,79 @@ +From 192b8fb8d1c8ca3c87366ebbef599fa80bb626b8 Mon Sep 17 00:00:00 2001 +From: Chao Yu +Date: Tue, 4 Jun 2024 15:56:36 +0800 +Subject: f2fs: fix to don't dirty inode for readonly filesystem + +From: Chao Yu + +commit 192b8fb8d1c8ca3c87366ebbef599fa80bb626b8 upstream. + +syzbot reports f2fs bug as below: + +kernel BUG at fs/f2fs/inode.c:933! +RIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933 +Call Trace: + evict+0x2a4/0x620 fs/inode.c:664 + dispose_list fs/inode.c:697 [inline] + evict_inodes+0x5f8/0x690 fs/inode.c:747 + generic_shutdown_super+0x9d/0x2c0 fs/super.c:675 + kill_block_super+0x44/0x90 fs/super.c:1667 + kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894 + deactivate_locked_super+0xc1/0x130 fs/super.c:484 + cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256 + task_work_run+0x24a/0x300 kernel/task_work.c:180 + ptrace_notify+0x2cd/0x380 kernel/signal.c:2399 + ptrace_report_syscall include/linux/ptrace.h:411 [inline] + ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline] + syscall_exit_work kernel/entry/common.c:251 [inline] + syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [inline] + __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline] + syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296 + do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88 + entry_SYSCALL_64_after_hwframe+0x63/0x6b + +The root cause is: +- do_sys_open + - f2fs_lookup + - __f2fs_find_entry + - f2fs_i_depth_write + - f2fs_mark_inode_dirty_sync + - f2fs_dirty_inode + - set_inode_flag(inode, FI_DIRTY_INODE) + +- umount + - kill_f2fs_super + - kill_block_super + - generic_shutdown_super + - sync_filesystem + : sb is readonly, skip sync_filesystem() + - evict_inodes + - iput + - f2fs_evict_inode + - f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE)) + : trigger kernel panic + +When we try to repair i_current_depth in readonly filesystem, let's +skip dirty inode to avoid panic in later f2fs_evict_inode(). + +Cc: stable@vger.kernel.org +Reported-by: syzbot+31e4659a3fe953aec2f4@syzkaller.appspotmail.com +Closes: https://lore.kernel.org/linux-f2fs-devel/000000000000e890bc0609a55cff@google.com +Signed-off-by: Chao Yu +Signed-off-by: Jaegeuk Kim +Signed-off-by: Greg Kroah-Hartman +--- + fs/f2fs/inode.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/fs/f2fs/inode.c ++++ b/fs/f2fs/inode.c +@@ -27,6 +27,9 @@ void f2fs_mark_inode_dirty_sync(struct i + if (is_inode_flag_set(inode, FI_NEW_INODE)) + return; + ++ if (f2fs_readonly(F2FS_I_SB(inode)->sb)) ++ return; ++ + if (f2fs_inode_dirtied(inode, sync)) + return; + diff --git a/queue-5.15/fs-ntfs3-update-log-page_-mask-bits-if-log-page_size-changed.patch b/queue-5.15/fs-ntfs3-update-log-page_-mask-bits-if-log-page_size-changed.patch new file mode 100644 index 00000000000..569890537ef --- /dev/null +++ b/queue-5.15/fs-ntfs3-update-log-page_-mask-bits-if-log-page_size-changed.patch @@ -0,0 +1,36 @@ +From 2fef55d8f78383c8e6d6d4c014b9597375132696 Mon Sep 17 00:00:00 2001 +From: Huacai Chen +Date: Wed, 29 May 2024 14:40:52 +0800 +Subject: fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed + +From: Huacai Chen + +commit 2fef55d8f78383c8e6d6d4c014b9597375132696 upstream. + +If an NTFS file system is mounted to another system with different +PAGE_SIZE from the original system, log->page_size will change in +log_replay(), but log->page_{mask,bits} don't change correspondingly. +This will cause a panic because "u32 bytes = log->page_size - page_off" +will get a negative value in the later read_log_page(). + +Cc: stable@vger.kernel.org +Fixes: b46acd6a6a627d876898e ("fs/ntfs3: Add NTFS journal") +Signed-off-by: Huacai Chen +Signed-off-by: Konstantin Komarov +Signed-off-by: Greg Kroah-Hartman +--- + fs/ntfs3/fslog.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/fs/ntfs3/fslog.c ++++ b/fs/ntfs3/fslog.c +@@ -3935,6 +3935,9 @@ init_log_instance: + goto out; + } + ++ log->page_mask = log->page_size - 1; ++ log->page_bits = blksize_bits(log->page_size); ++ + /* If the file size has shrunk then we won't mount it. */ + if (l_size < le64_to_cpu(ra2->l_size)) { + err = -EINVAL; diff --git a/queue-5.15/scsi-qla2xxx-return-enobufs-if-sg_cnt-is-more-than-one-for-els-cmds.patch b/queue-5.15/scsi-qla2xxx-return-enobufs-if-sg_cnt-is-more-than-one-for-els-cmds.patch new file mode 100644 index 00000000000..8915780ac4c --- /dev/null +++ b/queue-5.15/scsi-qla2xxx-return-enobufs-if-sg_cnt-is-more-than-one-for-els-cmds.patch @@ -0,0 +1,39 @@ +From ce2065c4cc4f05635413f63f6dc038d7d4842e31 Mon Sep 17 00:00:00 2001 +From: Saurav Kashyap +Date: Wed, 10 Jul 2024 22:40:50 +0530 +Subject: scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds + +From: Saurav Kashyap + +commit ce2065c4cc4f05635413f63f6dc038d7d4842e31 upstream. + +Firmware only supports single DSDs in ELS Pass-through IOCB (0x53h), sg cnt +is decided by the SCSI ML. User is not aware of the cause of an acutal +error. + +Return the appropriate return code that will be decoded by API and +application and proper error message will be displayed to user. + +Fixes: 6e98016ca077 ("[SCSI] qla2xxx: Re-organized BSG interface specific code.") +Cc: stable@vger.kernel.org +Signed-off-by: Saurav Kashyap +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20240710171057.35066-5-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_bsg.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/qla2xxx/qla_bsg.c ++++ b/drivers/scsi/qla2xxx/qla_bsg.c +@@ -324,7 +324,7 @@ qla2x00_process_els(struct bsg_job *bsg_ + "request_sg_cnt=%x reply_sg_cnt=%x.\n", + bsg_job->request_payload.sg_cnt, + bsg_job->reply_payload.sg_cnt); +- rval = -EPERM; ++ rval = -ENOBUFS; + goto done; + } + diff --git a/queue-5.15/series b/queue-5.15/series index fd3a1b022bf..714ae244c5f 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -207,3 +207,7 @@ pci-dw-rockchip-fix-initial-perst-gpio-value.patch pci-rockchip-use-gpiod_out_low-flag-while-requesting-ep_gpio.patch binder-fix-hang-of-unregistered-readers.patch dev-parport-fix-the-array-out-of-bounds-risk.patch +fs-ntfs3-update-log-page_-mask-bits-if-log-page_size-changed.patch +scsi-qla2xxx-return-enobufs-if-sg_cnt-is-more-than-one-for-els-cmds.patch +f2fs-fix-to-don-t-dirty-inode-for-readonly-filesystem.patch +f2fs-fix-return-value-of-f2fs_convert_inline_inode.patch