From 8cd440fa59261c8b30f0ea04bb0413c6854b3d01 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 12 Oct 2022 22:37:11 +0200
Subject: [PATCH] drop nilfs2 patch from 5.4 4.14 and 4.19

---
 ...-after-free-bug-of-struct-nilfs_root.patch | 68 -------------------
 queue-4.14/series                             |  1 -
 ...-after-free-bug-of-struct-nilfs_root.patch | 68 -------------------
 queue-4.19/series                             |  1 -
 ...-after-free-bug-of-struct-nilfs_root.patch | 68 -------------------
 queue-5.4/series                              |  1 -
 6 files changed, 207 deletions(-)
 delete mode 100644 queue-4.14/nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch
 delete mode 100644 queue-4.19/nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch
 delete mode 100644 queue-5.4/nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch

diff --git a/queue-4.14/nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch b/queue-4.14/nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch
deleted file mode 100644
index bb50f39638a..00000000000
--- a/queue-4.14/nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From d325dc6eb763c10f591c239550b8c7e5466a5d09 Mon Sep 17 00:00:00 2001
-From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
-Date: Tue, 4 Oct 2022 00:05:19 +0900
-Subject: nilfs2: fix use-after-free bug of struct nilfs_root
-
-From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
-
-commit d325dc6eb763c10f591c239550b8c7e5466a5d09 upstream.
-
-If the beginning of the inode bitmap area is corrupted on disk, an inode
-with the same inode number as the root inode can be allocated and fail
-soon after.  In this case, the subsequent call to nilfs_clear_inode() on
-that bogus root inode will wrongly decrement the reference counter of
-struct nilfs_root, and this will erroneously free struct nilfs_root,
-causing kernel oopses.
-
-This fixes the problem by changing nilfs_new_inode() to skip reserved
-inode numbers while repairing the inode bitmap.
-
-Link: https://lkml.kernel.org/r/20221003150519.39789-1-konishi.ryusuke@gmail.com
-Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
-Reported-by: syzbot+b8c672b0e22615c80fe0@syzkaller.appspotmail.com
-Reported-by: Khalid Masum <khalid.masum.92@gmail.com>
-Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
-Cc: <stable@vger.kernel.org>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/nilfs2/inode.c |   17 ++++++++++++++++-
- 1 file changed, 16 insertions(+), 1 deletion(-)
-
---- a/fs/nilfs2/inode.c
-+++ b/fs/nilfs2/inode.c
-@@ -344,6 +344,7 @@ struct inode *nilfs_new_inode(struct ino
- 	struct inode *inode;
- 	struct nilfs_inode_info *ii;
- 	struct nilfs_root *root;
-+	struct buffer_head *bh;
- 	int err = -ENOMEM;
- 	ino_t ino;
- 
-@@ -359,11 +360,25 @@ struct inode *nilfs_new_inode(struct ino
- 	ii->i_state = BIT(NILFS_I_NEW);
- 	ii->i_root = root;
- 
--	err = nilfs_ifile_create_inode(root->ifile, &ino, &ii->i_bh);
-+	err = nilfs_ifile_create_inode(root->ifile, &ino, &bh);
- 	if (unlikely(err))
- 		goto failed_ifile_create_inode;
- 	/* reference count of i_bh inherits from nilfs_mdt_read_block() */
- 
-+	if (unlikely(ino < NILFS_USER_INO)) {
-+		nilfs_warn(sb,
-+			   "inode bitmap is inconsistent for reserved inodes");
-+		do {
-+			brelse(bh);
-+			err = nilfs_ifile_create_inode(root->ifile, &ino, &bh);
-+			if (unlikely(err))
-+				goto failed_ifile_create_inode;
-+		} while (ino < NILFS_USER_INO);
-+
-+		nilfs_info(sb, "repaired inode bitmap for reserved inodes");
-+	}
-+	ii->i_bh = bh;
-+
- 	atomic64_inc(&root->inodes_count);
- 	inode_init_owner(inode, dir, mode);
- 	inode->i_ino = ino;
diff --git a/queue-4.14/series b/queue-4.14/series
index a39649cd240..20f45a12b7d 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -34,6 +34,5 @@ mmc-core-terminate-infinite-loop-in-sd-uhs-voltage-switch.patch
 rpmsg-qcom-glink-replace-strncpy-with-strscpy_pad.patch
 netfilter-nf_queue-fix-socket-leak.patch
 nilfs2-fix-null-pointer-dereference-at-nilfs_bmap_lookup_at_level.patch
-nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch
 nilfs2-fix-leak-of-nilfs_root-in-case-of-writer-thread-creation-failure.patch
 nilfs2-replace-warn_ons-by-nilfs_error-for-checkpoint-acquisition-failure.patch
diff --git a/queue-4.19/nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch b/queue-4.19/nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch
deleted file mode 100644
index 0e3e921221b..00000000000
--- a/queue-4.19/nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From d325dc6eb763c10f591c239550b8c7e5466a5d09 Mon Sep 17 00:00:00 2001
-From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
-Date: Tue, 4 Oct 2022 00:05:19 +0900
-Subject: nilfs2: fix use-after-free bug of struct nilfs_root
-
-From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
-
-commit d325dc6eb763c10f591c239550b8c7e5466a5d09 upstream.
-
-If the beginning of the inode bitmap area is corrupted on disk, an inode
-with the same inode number as the root inode can be allocated and fail
-soon after.  In this case, the subsequent call to nilfs_clear_inode() on
-that bogus root inode will wrongly decrement the reference counter of
-struct nilfs_root, and this will erroneously free struct nilfs_root,
-causing kernel oopses.
-
-This fixes the problem by changing nilfs_new_inode() to skip reserved
-inode numbers while repairing the inode bitmap.
-
-Link: https://lkml.kernel.org/r/20221003150519.39789-1-konishi.ryusuke@gmail.com
-Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
-Reported-by: syzbot+b8c672b0e22615c80fe0@syzkaller.appspotmail.com
-Reported-by: Khalid Masum <khalid.masum.92@gmail.com>
-Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
-Cc: <stable@vger.kernel.org>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/nilfs2/inode.c |   17 ++++++++++++++++-
- 1 file changed, 16 insertions(+), 1 deletion(-)
-
---- a/fs/nilfs2/inode.c
-+++ b/fs/nilfs2/inode.c
-@@ -340,6 +340,7 @@ struct inode *nilfs_new_inode(struct ino
- 	struct inode *inode;
- 	struct nilfs_inode_info *ii;
- 	struct nilfs_root *root;
-+	struct buffer_head *bh;
- 	int err = -ENOMEM;
- 	ino_t ino;
- 
-@@ -355,11 +356,25 @@ struct inode *nilfs_new_inode(struct ino
- 	ii->i_state = BIT(NILFS_I_NEW);
- 	ii->i_root = root;
- 
--	err = nilfs_ifile_create_inode(root->ifile, &ino, &ii->i_bh);
-+	err = nilfs_ifile_create_inode(root->ifile, &ino, &bh);
- 	if (unlikely(err))
- 		goto failed_ifile_create_inode;
- 	/* reference count of i_bh inherits from nilfs_mdt_read_block() */
- 
-+	if (unlikely(ino < NILFS_USER_INO)) {
-+		nilfs_warn(sb,
-+			   "inode bitmap is inconsistent for reserved inodes");
-+		do {
-+			brelse(bh);
-+			err = nilfs_ifile_create_inode(root->ifile, &ino, &bh);
-+			if (unlikely(err))
-+				goto failed_ifile_create_inode;
-+		} while (ino < NILFS_USER_INO);
-+
-+		nilfs_info(sb, "repaired inode bitmap for reserved inodes");
-+	}
-+	ii->i_bh = bh;
-+
- 	atomic64_inc(&root->inodes_count);
- 	inode_init_owner(inode, dir, mode);
- 	inode->i_ino = ino;
diff --git a/queue-4.19/series b/queue-4.19/series
index 763e4a29277..f405ff7f1a8 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -16,6 +16,5 @@ mmc-core-replace-with-already-defined-values-for-readability.patch
 mmc-core-terminate-infinite-loop-in-sd-uhs-voltage-switch.patch
 rpmsg-qcom-glink-replace-strncpy-with-strscpy_pad.patch
 nilfs2-fix-null-pointer-dereference-at-nilfs_bmap_lookup_at_level.patch
-nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch
 nilfs2-fix-leak-of-nilfs_root-in-case-of-writer-thread-creation-failure.patch
 nilfs2-replace-warn_ons-by-nilfs_error-for-checkpoint-acquisition-failure.patch
diff --git a/queue-5.4/nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch b/queue-5.4/nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch
deleted file mode 100644
index 0e3e921221b..00000000000
--- a/queue-5.4/nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From d325dc6eb763c10f591c239550b8c7e5466a5d09 Mon Sep 17 00:00:00 2001
-From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
-Date: Tue, 4 Oct 2022 00:05:19 +0900
-Subject: nilfs2: fix use-after-free bug of struct nilfs_root
-
-From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
-
-commit d325dc6eb763c10f591c239550b8c7e5466a5d09 upstream.
-
-If the beginning of the inode bitmap area is corrupted on disk, an inode
-with the same inode number as the root inode can be allocated and fail
-soon after.  In this case, the subsequent call to nilfs_clear_inode() on
-that bogus root inode will wrongly decrement the reference counter of
-struct nilfs_root, and this will erroneously free struct nilfs_root,
-causing kernel oopses.
-
-This fixes the problem by changing nilfs_new_inode() to skip reserved
-inode numbers while repairing the inode bitmap.
-
-Link: https://lkml.kernel.org/r/20221003150519.39789-1-konishi.ryusuke@gmail.com
-Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
-Reported-by: syzbot+b8c672b0e22615c80fe0@syzkaller.appspotmail.com
-Reported-by: Khalid Masum <khalid.masum.92@gmail.com>
-Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
-Cc: <stable@vger.kernel.org>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/nilfs2/inode.c |   17 ++++++++++++++++-
- 1 file changed, 16 insertions(+), 1 deletion(-)
-
---- a/fs/nilfs2/inode.c
-+++ b/fs/nilfs2/inode.c
-@@ -340,6 +340,7 @@ struct inode *nilfs_new_inode(struct ino
- 	struct inode *inode;
- 	struct nilfs_inode_info *ii;
- 	struct nilfs_root *root;
-+	struct buffer_head *bh;
- 	int err = -ENOMEM;
- 	ino_t ino;
- 
-@@ -355,11 +356,25 @@ struct inode *nilfs_new_inode(struct ino
- 	ii->i_state = BIT(NILFS_I_NEW);
- 	ii->i_root = root;
- 
--	err = nilfs_ifile_create_inode(root->ifile, &ino, &ii->i_bh);
-+	err = nilfs_ifile_create_inode(root->ifile, &ino, &bh);
- 	if (unlikely(err))
- 		goto failed_ifile_create_inode;
- 	/* reference count of i_bh inherits from nilfs_mdt_read_block() */
- 
-+	if (unlikely(ino < NILFS_USER_INO)) {
-+		nilfs_warn(sb,
-+			   "inode bitmap is inconsistent for reserved inodes");
-+		do {
-+			brelse(bh);
-+			err = nilfs_ifile_create_inode(root->ifile, &ino, &bh);
-+			if (unlikely(err))
-+				goto failed_ifile_create_inode;
-+		} while (ino < NILFS_USER_INO);
-+
-+		nilfs_info(sb, "repaired inode bitmap for reserved inodes");
-+	}
-+	ii->i_bh = bh;
-+
- 	atomic64_inc(&root->inodes_count);
- 	inode_init_owner(inode, dir, mode);
- 	inode->i_ino = ino;
diff --git a/queue-5.4/series b/queue-5.4/series
index c8693c8ee36..5bdcedfd17d 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -16,6 +16,5 @@ mmc-core-replace-with-already-defined-values-for-readability.patch
 mmc-core-terminate-infinite-loop-in-sd-uhs-voltage-switch.patch
 rpmsg-qcom-glink-replace-strncpy-with-strscpy_pad.patch
 nilfs2-fix-null-pointer-dereference-at-nilfs_bmap_lookup_at_level.patch
-nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch
 nilfs2-fix-leak-of-nilfs_root-in-case-of-writer-thread-creation-failure.patch
 nilfs2-replace-warn_ons-by-nilfs_error-for-checkpoint-acquisition-failure.patch
-- 
2.47.3