--- /dev/null
+From 2cf3f8133bda2a0945cc4c70e681ecb25b52b913 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Mon, 1 Nov 2021 12:46:47 -0700
+Subject: btrfs: fix lzo_decompress_bio() kmap leakage
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit 2cf3f8133bda2a0945cc4c70e681ecb25b52b913 upstream.
+
+Commit ccaa66c8dd27 reinstated the kmap/kunmap that had been dropped in
+commit 8c945d32e604 ("btrfs: compression: drop kmap/kunmap from lzo").
+
+However, it seems to have done so incorrectly due to the change not
+reverting cleanly, and lzo_decompress_bio() ended up not having a
+matching "kunmap()" to the "kmap()" that was put back.
+
+Also, any assert that the page pointer is not NULL should be before the
+kmap() of said pointer, since otherwise you'd just oops in the kmap()
+before the assert would even trigger.
+
+I noticed this when trying to verify my btrfs merge, and things not
+adding up. I'm doing this fixup before re-doing my merge, because this
+commit needs to also be backported to 5.15 (after verification from the
+btrfs people).
+
+Fixes: ccaa66c8dd27 ("Revert 'btrfs: compression: drop kmap/kunmap from lzo'")
+Cc: David Sterba <dsterba@suse.com>
+Cc: stable@kernel.org
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/lzo.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/btrfs/lzo.c
++++ b/fs/btrfs/lzo.c
+@@ -357,9 +357,10 @@ int lzo_decompress_bio(struct list_head
+ ASSERT(cur_in / sectorsize ==
+ (cur_in + LZO_LEN - 1) / sectorsize);
+ cur_page = cb->compressed_pages[cur_in / PAGE_SIZE];
+- kaddr = kmap(cur_page);
+ ASSERT(cur_page);
++ kaddr = kmap(cur_page);
+ seg_len = read_compress_length(kaddr + offset_in_page(cur_in));
++ kunmap(cur_page);
+ cur_in += LZO_LEN;
+
+ /* Copy the compressed segment payload into workspace */
projects / thirdparty / kernel / stable-queue.git / commitdiff
