From: Greg Kroah-Hartman Date: Mon, 12 Aug 2024 15:50:48 +0000 (+0200) Subject: 6.1-stable patches X-Git-Tag: v6.1.105~28 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=77ff183d8894ea024796ef0cbd910d2b7c065bf1;p=thirdparty%2Fkernel%2Fstable-queue.git 6.1-stable patches added patches: btrfs-fix-double-inode-unlock-for-direct-io-sync-writes.patch --- diff --git a/queue-6.1/btrfs-fix-double-inode-unlock-for-direct-io-sync-writes.patch b/queue-6.1/btrfs-fix-double-inode-unlock-for-direct-io-sync-writes.patch new file mode 100644 index 00000000000..61eff3f05f6 --- /dev/null +++ b/queue-6.1/btrfs-fix-double-inode-unlock-for-direct-io-sync-writes.patch @@ -0,0 +1,42 @@ +From e0391e92f9ab4fb3dbdeb139c967dcfa7ac4b115 Mon Sep 17 00:00:00 2001 +From: Filipe Manana +Date: Fri, 2 Aug 2024 09:38:51 +0100 +Subject: btrfs: fix double inode unlock for direct IO sync writes + +From: Filipe Manana + +commit e0391e92f9ab4fb3dbdeb139c967dcfa7ac4b115 upstream. + +If we do a direct IO sync write, at btrfs_sync_file(), and we need to skip +inode logging or we get an error starting a transaction or an error when +flushing delalloc, we end up unlocking the inode when we shouldn't under +the 'out_release_extents' label, and then unlock it again at +btrfs_direct_write(). + +Fix that by checking if we have to skip inode unlocking under that label. + +Reported-by: syzbot+7dbbb74af6291b5a5a8b@syzkaller.appspotmail.com +Link: https://lore.kernel.org/linux-btrfs/000000000000dfd631061eaeb4bc@google.com/ +Fixes: 939b656bc8ab ("btrfs: fix corruption after buffer fault in during direct IO append write") +Reviewed-by: Josef Bacik +Signed-off-by: Filipe Manana +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/file.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/fs/btrfs/file.c ++++ b/fs/btrfs/file.c +@@ -2037,7 +2037,10 @@ out: + + out_release_extents: + btrfs_release_log_ctx_extents(&ctx); +- btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); ++ if (skip_ilock) ++ up_write(&BTRFS_I(inode)->i_mmap_lock); ++ else ++ btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); + goto out; + } + diff --git a/queue-6.1/series b/queue-6.1/series index 36788169a17..5478f9f7ab4 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -147,3 +147,4 @@ netfilter-nf_tables-bail-out-if-stateful-expression-provides-no-.clone.patch netfilter-nf_tables-allow-clone-callbacks-to-sleep.patch netfilter-nf_tables-prefer-nft_chain_validate.patch i2c-qcom-geni-fix-missing-clk_disable_unprepare-and-geni_se_resources_off.patch +btrfs-fix-double-inode-unlock-for-direct-io-sync-writes.patch