Star64_linux/fs
Ryusuke Konishi 0390d606e2 nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
commit cdaac8e7e5 upstream.

A syzbot stress test using a corrupted disk image reported that
mark_buffer_dirty() called from __nilfs_mark_inode_dirty() or
nilfs_palloc_commit_alloc_entry() may output a kernel warning, and can
panic if the kernel is booted with panic_on_warn.

This is because nilfs2 keeps buffer pointers in local structures for some
metadata and reuses them, but such buffers may be forcibly discarded by
nilfs_clear_dirty_page() in some critical situations.

This issue is reported to appear after commit 28a65b49eb ("nilfs2: do
not write dirty data after degenerating to read-only"), but the issue has
potentially existed before.

Fix this issue by checking the uptodate flag when attempting to reuse an
internally held buffer, and reloading the metadata instead of reusing the
buffer if the flag was lost.

Link: https://lkml.kernel.org/r/20230818131804.7758-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+cdfcae656bac88ba0e2d@syzkaller.appspotmail.com
Closes: https://lkml.kernel.org/r/0000000000003da75f05fdeffd12@google.com
Fixes: 8c26c4e269 ("nilfs2: fix issue with flush kernel thread after remount in RO mode because of driver's internal error or metadata corruption")
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org> # 3.10+
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-09-19 13:37:17 +08:00
..
9p 9p: fix a bunch of checkpatch warnings 2023-04-19 17:52:44 +08:00
adfs mm: require ->set_page_dirty to be explicitly wired up 2021-06-29 10:53:48 -07:00
affs affs: initialize fsdata in affs_truncate() 2023-04-19 17:58:51 +08:00
afs afs: Fix vlserver probe RTT handling 2023-08-20 15:23:47 +08:00
autofs autofs: fix wait name hash calculation in autofs_wait() 2021-10-20 21:09:02 -04:00
befs isystem: ship and use stdarg.h 2021-08-19 09:02:55 +09:00
bfs mm: require ->set_page_dirty to be explicitly wired up 2021-06-29 10:53:48 -07:00
btrfs btrfs: fix BUG_ON condition in btrfs_cancel_balance 2023-08-28 23:27:01 +08:00
cachefiles fs: add is_idmapped_mnt() helper 2023-04-19 17:50:49 +08:00
ceph ceph: defer stopping mdsc delayed_work 2023-08-20 16:01:35 +08:00
cifs cifs: Release folio lock on fscache read hit. 2023-08-28 23:27:04 +08:00
coda coda: Avoid partial allocation of sig_inputArgs 2023-04-19 18:00:10 +08:00
configfs configfs: fix possible memory leak in configfs_create_dir() 2023-04-19 17:57:29 +08:00
cramfs cramfs: use %pD instead of messing with file_dentry()->d_name 2021-01-05 23:02:47 -05:00
crypto fscrypt: fix keyring memory leak on mount failure 2023-04-19 17:56:02 +08:00
debugfs debugfs: fix error when writing negative value to atomic_t debugfs file 2023-04-19 17:57:15 +08:00
devpts fsnotify: fix fsnotify hooks in pseudo filesystems 2023-04-19 17:44:48 +08:00
dlm fs: dlm: fix mismatch of plock results from userspace 2023-09-05 01:25:03 +08:00
ecryptfs fs: add is_idmapped_mnt() helper 2023-04-19 17:50:49 +08:00
efivarfs efivars: convert to fileattr 2021-04-12 15:04:29 +02:00
efs [PATCH] reduce boilerplate in fsid handling 2020-09-18 16:45:50 -04:00
erofs erofs: ensure that the post-EOF tails are all zeroed 2023-09-19 13:37:14 +08:00
exfat exfat: check if filename entries exceeds max filename length 2023-08-28 23:27:05 +08:00
exportfs exportfs: support idmapped mounts 2023-04-19 17:50:08 +08:00
ext2 ext2: Drop fragment support 2023-08-20 16:01:37 +08:00
ext4 ext4: correct inline offset when handling xattrs in inode body 2023-08-20 16:01:10 +08:00
f2fs f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io() 2023-08-20 15:24:57 +08:00
fat fat: add ratelimit to fat*_ent_bread() 2023-04-19 17:49:30 +08:00
freevxfs fs: Fill in max and min timestamps in superblock 2019-08-30 07:27:17 -07:00
fscache fscache: Remove an unused static variable 2021-10-04 22:13:12 +01:00
fuse fuse: ioctl: translate ENOSYS in outarg 2023-08-20 16:01:08 +08:00
gfs2 gfs2: Fix possible data races in gfs2_show_options() 2023-08-28 23:26:56 +08:00
hfs hfs: fix missing hfs_bnode_get() in __hfs_bnode_create 2023-04-19 18:00:15 +08:00
hfsplus fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() 2023-06-06 18:39:27 +08:00
hostfs hostfs: support splice_write 2021-08-26 22:28:02 +02:00
hpfs hpfs: use iomap_fiemap to implement ->fiemap 2021-07-27 11:00:36 +02:00
hugetlbfs hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() 2023-04-19 17:58:02 +08:00
iomap iomap: iomap_write_failed fix 2023-04-19 17:49:40 +08:00
isofs isofs: Fix out of bound access for corrupted isofs image 2023-04-19 16:56:47 +08:00
jbd2 jbd2: fix a race when checking checkpoint buffer busy 2023-09-05 01:25:04 +08:00
jffs2 jffs2: reduce stack usage in jffs2_build_xattr_subsystem() 2023-08-20 15:24:49 +08:00
jfs FS: JFS: Check for read-only mounted filesystem in txBegin 2023-08-20 16:01:10 +08:00
kernfs kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR 2023-08-20 15:24:42 +08:00
ksmbd ksmbd: replace one-element array with flex-array member in struct smb2_ea_info 2023-09-19 13:37:15 +08:00
lockd lockd: set file_lock start and end when decoding nlm4 testargs 2023-04-19 18:01:06 +08:00
minix minix: fix bug when opening a file with O_DIRECT 2023-04-19 17:47:40 +08:00
netfs netfs: fix parameter of cleanup() 2023-04-19 17:43:27 +08:00
nfs nfs: use vfs setgid helper 2023-09-05 01:25:09 +08:00
nfs_common nfs: Fix kerneldoc warning shown up by W=1 2021-10-04 22:02:17 +01:00
nfsd nfsd: use vfs setgid helper 2023-09-05 01:25:10 +08:00
nilfs2 nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse 2023-09-19 13:37:17 +08:00
nls
notify fanotify: disallow mount/sb marks on kernel internal pseudo fs 2023-08-20 15:24:51 +08:00
ntfs ntfs: check overflow when iterating ATTR_RECORDs 2023-04-19 17:56:30 +08:00
ntfs3 fs/ntfs3: Mark ntfs dirty when on-disk struct is corrupted 2023-08-28 23:26:57 +08:00
ocfs2 ocfs2: check new file size on fallocate call 2023-08-20 15:23:41 +08:00
omfs mm: require ->set_page_dirty to be explicitly wired up 2021-06-29 10:53:48 -07:00
openpromfs openpromfs: don't do unlock_new_inode() until the new inode is set up 2021-03-12 22:15:22 -05:00
orangefs orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() 2023-04-19 17:58:03 +08:00
overlayfs ovl: check type and offset of struct vfsmount in ovl_entry 2023-08-28 23:26:55 +08:00
proc mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps 2023-04-19 17:59:15 +08:00
pstore pstore/ram: Add check for kstrdup 2023-08-20 15:24:18 +08:00
qnx4 qnx4: work around gcc false positive warning bug 2021-09-21 08:36:48 -07:00
qnx6 [PATCH] reduce boilerplate in fsid handling 2020-09-18 16:45:50 -04:00
quota quota: fix warning in dqgrab() 2023-08-20 16:01:10 +08:00
ramfs shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs 2023-08-20 15:24:49 +08:00
reiserfs reiserfs: Add security prefix to xattr name in reiserfs_security_write() 2023-06-06 18:34:52 +08:00
romfs Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-10-24 12:26:05 -07:00
smbfs_common cifs: Fix crash on unload of cifs_arc4.ko 2023-04-19 17:42:56 +08:00
squashfs revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" 2023-04-19 17:59:28 +08:00
sysfs sysfs: Allow deferred execution of iomem_get_mapping() 2021-08-06 13:05:28 +02:00
sysv fs/sysv: Null check to prevent null-ptr-deref bug 2023-08-20 16:01:36 +08:00
tracefs tracefs: Only clobber mode/uid/gid on remount if asked 2023-04-19 17:53:51 +08:00
ubifs ubifs: Fix memory leak in do_rename 2023-06-06 18:37:42 +08:00
udf udf: Fix uninitialized array access for some pathnames 2023-08-20 16:01:10 +08:00
ufs isystem: ship and use stdarg.h 2021-08-19 09:02:55 +09:00
unicode .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
vboxsf vboxfs: fix broken legacy mount signature checking 2021-09-27 11:26:21 -07:00
verity fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY 2023-04-19 18:01:09 +08:00
xfs xfs: verify buffer contents when we skip log replay 2023-08-20 15:21:30 +08:00
zonefs zonefs: Fix error message in zonefs_file_dio_append() 2023-04-19 18:01:16 +08:00
aio.c aio: fix mremap after fork null-deref 2023-04-19 17:59:26 +08:00
anon_inodes.c fs: anon_inodes: rephrase to appropriate kernel-doc 2021-01-15 12:17:25 -05:00
attr.c nfs: use vfs setgid helper 2023-09-05 01:25:09 +08:00
bad_inode.c vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
binfmt_aout.c binfmt: a.out: Fix bogus semicolon 2021-09-05 10:15:05 -07:00
binfmt_elf.c fs/binfmt_elf: Fix memory leak in load_elf_binary() 2023-04-19 17:55:46 +08:00
binfmt_elf_fdpic.c binfmt: Fix error return code in load_elf_fdpic_binary() 2023-04-19 17:58:10 +08:00
binfmt_flat.c binfmt_flat: do not stop relocating GOT entries prematurely on riscv 2023-04-19 17:49:18 +08:00
binfmt_misc.c binfmt_misc: fix shift-out-of-bounds in check_special_flags 2023-04-19 17:57:57 +08:00
binfmt_script.c Merge branch 'akpm' (patches from Andrew) 2020-06-04 19:18:29 -07:00
buffer.c mm: fs: initialize fsdata passed to write_begin/write_end interface 2023-04-19 17:56:29 +08:00
char_dev.c chardev: fix error handling in cdev_device_add() 2023-04-19 17:57:45 +08:00
compat_binfmt_elf.c get rid of COMPAT_ELF_EXEC_PAGESIZE 2021-01-06 08:42:51 -05:00
coredump.c coredump: Use the vma snapshot in fill_files_note 2023-04-19 17:47:32 +08:00
d_path.c d_path: make 'prepend()' fill up the buffer exactly on overflow 2021-09-02 10:07:29 -07:00
dax.c fsdax: Fix infinite loop in dax_iomap_rw() 2023-04-19 17:54:06 +08:00
dcache.c useful constants: struct qstr for ".." 2021-04-15 22:36:45 -04:00
direct-io.c fs: direct-io: fix missing sdio->boundary 2021-04-09 14:54:23 -07:00
drop_caches.c fs: drop_caches: fix skipping over shadow cache inodes 2021-09-03 09:58:10 -07:00
eventfd.c eventfd: provide a eventfd_signal_mask() helper 2023-04-19 17:58:41 +08:00
eventpoll.c epoll: ep_autoremove_wake_function should use list_del_init_careful 2023-08-20 15:23:41 +08:00
exec.c exec: Copy oldsighand->action under spin-lock 2023-04-19 17:55:47 +08:00
fcntl.c Merge branch 'akpm' (patches from Andrew) 2021-09-03 10:08:28 -07:00
fhandle.c switch file_open_root() to struct path 2021-04-07 13:56:43 -04:00
file.c file: reinstate f_pos locking optimization for regular files 2023-08-20 16:01:36 +08:00
file_table.c locks: fix TOCTOU race when granting write lease 2023-04-19 17:55:17 +08:00
filesystems.c fs: simplify get_filesystem_list / get_all_fs_names 2021-08-23 01:25:40 -04:00
fs-writeback.c writeback: fix call of incorrect macro 2023-06-06 18:37:44 +08:00
fs_context.c fs: avoid empty option when generating legacy mount string 2023-08-20 15:24:49 +08:00
fs_parser.c namei: Standardize callers of filename_lookup() 2021-09-07 16:07:47 -04:00
fs_pin.c switch the remnants of releasing the mountpoint away from fs_pin 2019-07-16 22:52:37 -04:00
fs_struct.c vfs: Use sequence counter with associated spinlock 2020-07-29 16:14:27 +02:00
fs_types.c fs: common implementation of file type 2019-01-21 17:48:13 +01:00
fsopen.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
init.c init: handle idmapped mounts 2021-01-24 14:27:19 +01:00
inode.c fs: Establish locking order for unrelated directories 2023-08-20 15:24:49 +08:00
internal.h nfs: use vfs setgid helper 2023-09-05 01:25:09 +08:00
ioctl.c fs: fix an infinite loop in iomap_fiemap 2023-04-19 17:48:55 +08:00
Kconfig 4 cifs/smb3 fixes, one for DFS reconnect, and one to begin creating common headers for server and client and the other two to rename the cifs_common directory to smbfs_common to be more consistent ie change use of the name cifs to smb which is more accurate 2021-09-12 10:10:21 -07:00
Kconfig.binfmt binfmt: remove support for em86 (alpha only) 2021-07-25 22:33:03 -07:00
kernel_read_file.c vfs: check fd has read access in kernel_read_file_from_fd() 2021-10-18 20:22:03 -10:00
libfs.c libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value 2023-04-19 17:57:15 +08:00
locks.c filelocks: use mount idmapping for setlease permission check 2023-04-19 18:00:46 +08:00
Makefile io_uring: move to separate directory 2023-04-19 17:57:04 +08:00
mbcache.c mbcache: Avoid nesting of cache->c_list_lock under bit locks 2023-04-19 17:58:30 +08:00
mount.h mount: make {lock,unlock}_mount_hash() static 2021-01-24 14:29:34 +01:00
mpage.c block: rename BIO_MAX_PAGES to BIO_MAX_VECS 2021-03-11 07:47:48 -07:00
namei.c fs: no need to check source 2023-08-20 15:24:50 +08:00
namespace.c fs: drop peer group ids under namespace lock 2023-04-19 18:01:23 +08:00
no-block.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
nsfs.c nsproxy: attach to namespaces via pidfds 2020-05-13 11:41:22 +02:00
open.c open: make RESOLVE_CACHED correctly test for O_TMPFILE 2023-08-20 16:01:36 +08:00
pipe.c pipe: Fix missing lock in pipe_resize_ring() 2023-04-19 17:49:14 +08:00
pnode.c pnode: terminate at peers of source 2023-04-19 17:58:10 +08:00
pnode.h mount: fix mounting of detached mounts onto targets that reside on shared mounts 2021-03-08 15:18:43 +01:00
posix_acl.c fs: fix acl translation 2023-04-19 17:50:49 +08:00
proc_namespace.c fs: add is_idmapped_mnt() helper 2023-04-19 17:50:49 +08:00
read_write.c vfs: fix copy_file_range() averts filesystem freeze protection 2023-04-19 17:57:04 +08:00
readdir.c readdir: make sure to verify directory entry for legacy interfaces too 2021-04-17 11:39:49 -07:00
remap_range.c fs/remap: constrain dedupe of EOF blocks 2023-04-19 17:51:16 +08:00
select.c select: Fix indefinitely sleeping task in poll_schedule_timeout() 2023-04-19 17:44:46 +08:00
seq_file.c rxrpc: Fix locking issue 2023-04-19 17:51:09 +08:00
signalfd.c signalfd: use wake_up_pollfree() 2023-04-19 17:42:58 +08:00
splice.c Revert "fs: check FMODE_LSEEK to control internal pipe splicing" 2023-04-19 17:54:18 +08:00
stack.c sched/rt, fs: Use CONFIG_PREEMPTION 2019-12-08 14:37:36 +01:00
stat.c stat: fix inconsistency between struct stat and struct compat_stat 2023-04-19 17:48:13 +08:00
statfs.c statfs: enforce statfs[64] structure initialization 2023-06-06 18:43:09 +08:00
super.c fs: Protect reconfiguration of sb read-write from racing writes 2023-08-20 16:01:37 +08:00
sync.c vfs: make sync_filesystem return errors from ->sync_fs 2023-04-19 17:48:08 +08:00
timerfd.c timerfd: Provide timerfd_resume() 2021-08-10 17:57:22 +02:00
userfaultfd.c userfaultfd: open userfaultfds with O_RDONLY 2023-04-19 17:55:08 +08:00
utimes.c utimes: handle idmapped mounts 2021-01-24 14:27:18 +01:00
xattr.c fs: don't audit the capability check in simple_xattr_list() 2023-04-19 17:57:13 +08:00