From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 29 Jul 2024 12:28:26 +0000 (+0200)
Subject: 4.19-stable patches
X-Git-Tag: v6.1.103~57
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=926beeca7b7f8337b49d1d0e3e0bd08736a7dbec;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	f2fs-fix-to-don-t-dirty-inode-for-readonly-filesystem.patch
	scsi-qla2xxx-return-enobufs-if-sg_cnt-is-more-than-one-for-els-cmds.patch
---

diff --git a/queue-4.19/f2fs-fix-to-don-t-dirty-inode-for-readonly-filesystem.patch b/queue-4.19/f2fs-fix-to-don-t-dirty-inode-for-readonly-filesystem.patch
new file mode 100644
index 00000000000..18bf6b360cc
--- /dev/null
+++ b/queue-4.19/f2fs-fix-to-don-t-dirty-inode-for-readonly-filesystem.patch
@@ -0,0 +1,79 @@
+From 192b8fb8d1c8ca3c87366ebbef599fa80bb626b8 Mon Sep 17 00:00:00 2001
+From: Chao Yu <chao@kernel.org>
+Date: Tue, 4 Jun 2024 15:56:36 +0800
+Subject: f2fs: fix to don't dirty inode for readonly filesystem
+
+From: Chao Yu <chao@kernel.org>
+
+commit 192b8fb8d1c8ca3c87366ebbef599fa80bb626b8 upstream.
+
+syzbot reports f2fs bug as below:
+
+kernel BUG at fs/f2fs/inode.c:933!
+RIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933
+Call Trace:
+ evict+0x2a4/0x620 fs/inode.c:664
+ dispose_list fs/inode.c:697 [inline]
+ evict_inodes+0x5f8/0x690 fs/inode.c:747
+ generic_shutdown_super+0x9d/0x2c0 fs/super.c:675
+ kill_block_super+0x44/0x90 fs/super.c:1667
+ kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894
+ deactivate_locked_super+0xc1/0x130 fs/super.c:484
+ cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256
+ task_work_run+0x24a/0x300 kernel/task_work.c:180
+ ptrace_notify+0x2cd/0x380 kernel/signal.c:2399
+ ptrace_report_syscall include/linux/ptrace.h:411 [inline]
+ ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]
+ syscall_exit_work kernel/entry/common.c:251 [inline]
+ syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [inline]
+ __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
+ syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296
+ do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88
+ entry_SYSCALL_64_after_hwframe+0x63/0x6b
+
+The root cause is:
+- do_sys_open
+ - f2fs_lookup
+  - __f2fs_find_entry
+   - f2fs_i_depth_write
+    - f2fs_mark_inode_dirty_sync
+     - f2fs_dirty_inode
+      - set_inode_flag(inode, FI_DIRTY_INODE)
+
+- umount
+ - kill_f2fs_super
+  - kill_block_super
+   - generic_shutdown_super
+    - sync_filesystem
+    : sb is readonly, skip sync_filesystem()
+    - evict_inodes
+     - iput
+      - f2fs_evict_inode
+       - f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE))
+       : trigger kernel panic
+
+When we try to repair i_current_depth in readonly filesystem, let's
+skip dirty inode to avoid panic in later f2fs_evict_inode().
+
+Cc: stable@vger.kernel.org
+Reported-by: syzbot+31e4659a3fe953aec2f4@syzkaller.appspotmail.com
+Closes: https://lore.kernel.org/linux-f2fs-devel/000000000000e890bc0609a55cff@google.com
+Signed-off-by: Chao Yu <chao@kernel.org>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/f2fs/inode.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/fs/f2fs/inode.c
++++ b/fs/f2fs/inode.c
+@@ -25,6 +25,9 @@ void f2fs_mark_inode_dirty_sync(struct i
+ 	if (is_inode_flag_set(inode, FI_NEW_INODE))
+ 		return;
+ 
++	if (f2fs_readonly(F2FS_I_SB(inode)->sb))
++		return;
++
+ 	if (f2fs_inode_dirtied(inode, sync))
+ 		return;
+ 
diff --git a/queue-4.19/scsi-qla2xxx-return-enobufs-if-sg_cnt-is-more-than-one-for-els-cmds.patch b/queue-4.19/scsi-qla2xxx-return-enobufs-if-sg_cnt-is-more-than-one-for-els-cmds.patch
new file mode 100644
index 00000000000..bdae8702c3d
--- /dev/null
+++ b/queue-4.19/scsi-qla2xxx-return-enobufs-if-sg_cnt-is-more-than-one-for-els-cmds.patch
@@ -0,0 +1,39 @@
+From ce2065c4cc4f05635413f63f6dc038d7d4842e31 Mon Sep 17 00:00:00 2001
+From: Saurav Kashyap <skashyap@marvell.com>
+Date: Wed, 10 Jul 2024 22:40:50 +0530
+Subject: scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds
+
+From: Saurav Kashyap <skashyap@marvell.com>
+
+commit ce2065c4cc4f05635413f63f6dc038d7d4842e31 upstream.
+
+Firmware only supports single DSDs in ELS Pass-through IOCB (0x53h), sg cnt
+is decided by the SCSI ML. User is not aware of the cause of an acutal
+error.
+
+Return the appropriate return code that will be decoded by API and
+application and proper error message will be displayed to user.
+
+Fixes: 6e98016ca077 ("[SCSI] qla2xxx: Re-organized BSG interface specific code.")
+Cc: stable@vger.kernel.org
+Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
+Signed-off-by: Nilesh Javali <njavali@marvell.com>
+Link: https://lore.kernel.org/r/20240710171057.35066-5-njavali@marvell.com
+Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/qla2xxx/qla_bsg.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/scsi/qla2xxx/qla_bsg.c
++++ b/drivers/scsi/qla2xxx/qla_bsg.c
+@@ -302,7 +302,7 @@ qla2x00_process_els(struct bsg_job *bsg_
+ 		    "request_sg_cnt=%x reply_sg_cnt=%x.\n",
+ 		    bsg_job->request_payload.sg_cnt,
+ 		    bsg_job->reply_payload.sg_cnt);
+-		rval = -EPERM;
++		rval = -ENOBUFS;
+ 		goto done;
+ 	}
+ 
diff --git a/queue-4.19/series b/queue-4.19/series
index aa9e8e9a0c5..777cd7a2568 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -77,3 +77,5 @@ tools-memory-model-fix-bug-in-lock.cat.patch
 hwrng-amd-convert-pcibios_-return-codes-to-errnos.patch
 pci-hv-return-zero-not-garbage-when-reading-pci_interrupt_pin.patch
 binder-fix-hang-of-unregistered-readers.patch
+scsi-qla2xxx-return-enobufs-if-sg_cnt-is-more-than-one-for-els-cmds.patch
+f2fs-fix-to-don-t-dirty-inode-for-readonly-filesystem.patch