From: Greg Kroah-Hartman Date: Mon, 12 Aug 2024 15:50:14 +0000 (+0200) Subject: 5.15-stable patches X-Git-Tag: v6.1.105~29 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d4fc7ce48ffa48a66f013944281566e938100237;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: btrfs-fix-double-inode-unlock-for-direct-io-sync-writes.patch --- diff --git a/queue-5.15/btrfs-fix-double-inode-unlock-for-direct-io-sync-writes.patch b/queue-5.15/btrfs-fix-double-inode-unlock-for-direct-io-sync-writes.patch new file mode 100644 index 00000000000..5cef7726ee1 --- /dev/null +++ b/queue-5.15/btrfs-fix-double-inode-unlock-for-direct-io-sync-writes.patch @@ -0,0 +1,42 @@ +From e0391e92f9ab4fb3dbdeb139c967dcfa7ac4b115 Mon Sep 17 00:00:00 2001 +From: Filipe Manana +Date: Fri, 2 Aug 2024 09:38:51 +0100 +Subject: btrfs: fix double inode unlock for direct IO sync writes + +From: Filipe Manana + +commit e0391e92f9ab4fb3dbdeb139c967dcfa7ac4b115 upstream. + +If we do a direct IO sync write, at btrfs_sync_file(), and we need to skip +inode logging or we get an error starting a transaction or an error when +flushing delalloc, we end up unlocking the inode when we shouldn't under +the 'out_release_extents' label, and then unlock it again at +btrfs_direct_write(). + +Fix that by checking if we have to skip inode unlocking under that label. + +Reported-by: syzbot+7dbbb74af6291b5a5a8b@syzkaller.appspotmail.com +Link: https://lore.kernel.org/linux-btrfs/000000000000dfd631061eaeb4bc@google.com/ +Fixes: 939b656bc8ab ("btrfs: fix corruption after buffer fault in during direct IO append write") +Reviewed-by: Josef Bacik +Signed-off-by: Filipe Manana +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/file.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/fs/btrfs/file.c ++++ b/fs/btrfs/file.c +@@ -2433,7 +2433,10 @@ out: + + out_release_extents: + btrfs_release_log_ctx_extents(&ctx); +- btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); ++ if (skip_ilock) ++ up_write(&BTRFS_I(inode)->i_mmap_lock); ++ else ++ btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); + goto out; + } + diff --git a/queue-5.15/series b/queue-5.15/series index a7b140eb8d9..778f977f9c0 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -485,3 +485,4 @@ selftests-mptcp-join-check-backup-support-in-signal-endp.patch btrfs-fix-corruption-after-buffer-fault-in-during-direct-io-append-write.patch ipv6-fix-source-address-selection-with-route-leak.patch xfs-fix-log-recovery-buffer-allocation-for-the-legacy-h_size-fixup.patch +btrfs-fix-double-inode-unlock-for-direct-io-sync-writes.patch