From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 12 Aug 2024 15:51:11 +0000 (+0200)
Subject: 6.10-stable patches
X-Git-Tag: v6.1.105~26
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f450d1e9d2b7d3855421e976b54a6b533e3609a8;p=thirdparty%2Fkernel%2Fstable-queue.git

6.10-stable patches

added patches:
	btrfs-fix-double-inode-unlock-for-direct-io-sync-writes.patch
---

diff --git a/queue-6.10/btrfs-fix-double-inode-unlock-for-direct-io-sync-writes.patch b/queue-6.10/btrfs-fix-double-inode-unlock-for-direct-io-sync-writes.patch
new file mode 100644
index 00000000000..4546f6d7361
--- /dev/null
+++ b/queue-6.10/btrfs-fix-double-inode-unlock-for-direct-io-sync-writes.patch
@@ -0,0 +1,42 @@
+From e0391e92f9ab4fb3dbdeb139c967dcfa7ac4b115 Mon Sep 17 00:00:00 2001
+From: Filipe Manana <fdmanana@suse.com>
+Date: Fri, 2 Aug 2024 09:38:51 +0100
+Subject: btrfs: fix double inode unlock for direct IO sync writes
+
+From: Filipe Manana <fdmanana@suse.com>
+
+commit e0391e92f9ab4fb3dbdeb139c967dcfa7ac4b115 upstream.
+
+If we do a direct IO sync write, at btrfs_sync_file(), and we need to skip
+inode logging or we get an error starting a transaction or an error when
+flushing delalloc, we end up unlocking the inode when we shouldn't under
+the 'out_release_extents' label, and then unlock it again at
+btrfs_direct_write().
+
+Fix that by checking if we have to skip inode unlocking under that label.
+
+Reported-by: syzbot+7dbbb74af6291b5a5a8b@syzkaller.appspotmail.com
+Link: https://lore.kernel.org/linux-btrfs/000000000000dfd631061eaeb4bc@google.com/
+Fixes: 939b656bc8ab ("btrfs: fix corruption after buffer fault in during direct IO append write")
+Reviewed-by: Josef Bacik <josef@toxicpanda.com>
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/file.c |    5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/fs/btrfs/file.c
++++ b/fs/btrfs/file.c
+@@ -2080,7 +2080,10 @@ out:
+ 
+ out_release_extents:
+ 	btrfs_release_log_ctx_extents(&ctx);
+-	btrfs_inode_unlock(BTRFS_I(inode), BTRFS_ILOCK_MMAP);
++	if (skip_ilock)
++		up_write(&BTRFS_I(inode)->i_mmap_lock);
++	else
++		btrfs_inode_unlock(BTRFS_I(inode), BTRFS_ILOCK_MMAP);
+ 	goto out;
+ }
+ 
diff --git a/queue-6.10/series b/queue-6.10/series
index b888337e9fd..f8728d44ad1 100644
--- a/queue-6.10/series
+++ b/queue-6.10/series
@@ -260,3 +260,4 @@ mptcp-pm-don-t-try-to-create-sf-if-alloc-failed.patch
 mptcp-pm-do-not-ignore-subflow-if-signal-flag-is-also-set.patch
 selftests-mptcp-join-ability-to-invert-add_addr-check.patch
 selftests-mptcp-join-test-both-signal-subflow.patch
+btrfs-fix-double-inode-unlock-for-direct-io-sync-writes.patch