From: Greg Kroah-Hartman Date: Thu, 3 Oct 2024 07:20:09 +0000 (+0200) Subject: 6.10-stable patches X-Git-Tag: v6.6.54~2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=639b43ad8e2f8baf2a80d5970d0077cc4476c6d0;p=thirdparty%2Fkernel%2Fstable-queue.git 6.10-stable patches added patches: revert-dm-verity-restart-or-panic-on-an-i-o-error.patch --- diff --git a/queue-6.10/revert-dm-verity-restart-or-panic-on-an-i-o-error.patch b/queue-6.10/revert-dm-verity-restart-or-panic-on-an-i-o-error.patch new file mode 100644 index 00000000000..4b64aa92808 --- /dev/null +++ b/queue-6.10/revert-dm-verity-restart-or-panic-on-an-i-o-error.patch @@ -0,0 +1,72 @@ +From 462763212dd71c41f092b48eaa352bc1f5ed5d66 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Wed, 2 Oct 2024 15:56:18 +0200 +Subject: Revert: "dm-verity: restart or panic on an I/O error" + +From: Mikulas Patocka + +commit 462763212dd71c41f092b48eaa352bc1f5ed5d66 upstream. + +This reverts commit e6a3531dd542cb127c8de32ab1e54a48ae19962b. + +The problem that the commit e6a3531dd542cb127c8de32ab1e54a48ae19962b +fixes was reported as a security bug, but Google engineers working on +Android and ChromeOS didn't want to change the default behavior, they +want to get -EIO rather than restarting the system, so I am reverting +that commit. + +Note also that calling machine_restart from the I/O handling code is +potentially unsafe (the reboot notifiers may wait for the bio that +triggered the restart), but Android uses the reboot notifiers to store +the reboot reason into the PMU microcontroller, so machine_restart must +be used. + +Signed-off-by: Mikulas Patocka +Cc: stable@vger.kernel.org +Fixes: e6a3531dd542 ("dm-verity: restart or panic on an I/O error") +Suggested-by: Sami Tolvanen +Suggested-by: Will Drewry +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-verity-target.c | 23 ++--------------------- + 1 file changed, 2 insertions(+), 21 deletions(-) + +--- a/drivers/md/dm-verity-target.c ++++ b/drivers/md/dm-verity-target.c +@@ -265,10 +265,8 @@ out: + if (v->mode == DM_VERITY_MODE_LOGGING) + return 0; + +- if (v->mode == DM_VERITY_MODE_RESTART) { +- pr_emerg("dm-verity device corrupted\n"); +- emergency_restart(); +- } ++ if (v->mode == DM_VERITY_MODE_RESTART) ++ kernel_restart("dm-verity device corrupted"); + + if (v->mode == DM_VERITY_MODE_PANIC) + panic("dm-verity device corrupted"); +@@ -693,23 +691,6 @@ static void verity_finish_io(struct dm_v + if (!static_branch_unlikely(&use_bh_wq_enabled) || !io->in_bh) + verity_fec_finish_io(io); + +- if (unlikely(status != BLK_STS_OK) && +- unlikely(!(bio->bi_opf & REQ_RAHEAD)) && +- !verity_is_system_shutting_down()) { +- if (v->mode == DM_VERITY_MODE_RESTART || +- v->mode == DM_VERITY_MODE_PANIC) +- DMERR_LIMIT("%s has error: %s", v->data_dev->name, +- blk_status_to_str(status)); +- +- if (v->mode == DM_VERITY_MODE_RESTART) { +- pr_emerg("dm-verity device corrupted\n"); +- emergency_restart(); +- } +- +- if (v->mode == DM_VERITY_MODE_PANIC) +- panic("dm-verity device corrupted"); +- } +- + bio_endio(bio); + } + diff --git a/queue-6.10/series b/queue-6.10/series index ca7a5e69117..c4434bec1e8 100644 --- a/queue-6.10/series +++ b/queue-6.10/series @@ -632,3 +632,4 @@ i2c-isch-add-missed-else.patch documentation-kvm-fix-warning-in-make-htmldocs.patch bpf-fix-use-after-free-in-bpf_uprobe_multi_link_attach.patch spi-atmel-quadspi-fix-wrong-register-value-written-to-mr.patch +revert-dm-verity-restart-or-panic-on-an-i-o-error.patch