android_kernel_motorola_sm6225/fs/nilfs2
Ryusuke Konishi d95e403588 nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
commit cdaac8e7e5a059f9b5e816cda257f08d0abffacd upstream.

A syzbot stress test using a corrupted disk image reported that
mark_buffer_dirty() called from __nilfs_mark_inode_dirty() or
nilfs_palloc_commit_alloc_entry() may output a kernel warning, and can
panic if the kernel is booted with panic_on_warn.

This is because nilfs2 keeps buffer pointers in local structures for some
metadata and reuses them, but such buffers may be forcibly discarded by
nilfs_clear_dirty_page() in some critical situations.

This issue is reported to appear after commit 28a65b49eb53 ("nilfs2: do
not write dirty data after degenerating to read-only"), but the issue has
potentially existed before.

Fix this issue by checking the uptodate flag when attempting to reuse an
internally held buffer, and reloading the metadata instead of reusing the
buffer if the flag was lost.

Link: https://lkml.kernel.org/r/20230818131804.7758-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+cdfcae656bac88ba0e2d@syzkaller.appspotmail.com
Closes: https://lkml.kernel.org/r/0000000000003da75f05fdeffd12@google.com
Fixes: 8c26c4e269 ("nilfs2: fix issue with flush kernel thread after remount in RO mode because of driver's internal error or metadata corruption")
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org> # 3.10+
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-09-23 10:47:57 +02:00
..
alloc.c nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse 2023-09-23 10:47:57 +02:00
alloc.h nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
bmap.c nilfs2: fix infinite loop in nilfs_mdt_get_block() 2023-05-17 11:13:20 +02:00
bmap.h nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
btnode.c nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() 2023-06-21 15:39:57 +02:00
btnode.h nilfs2: fix lockdep warnings in page operations for btree nodes 2022-05-25 09:10:37 +02:00
btree.c nilfs2: fix general protection fault in nilfs_btree_insert() 2023-01-24 07:11:49 +01:00
btree.h nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
cpfile.c nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
cpfile.h nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
dat.c nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() 2022-12-08 11:18:33 +01:00
dat.h nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
dir.c nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
direct.c nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
direct.h nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
export.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
file.c nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
gcinode.c nilfs2: fix lockdep warnings in page operations for btree nodes 2022-05-25 09:10:37 +02:00
ifile.c nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
ifile.h nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
inode.c nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse 2023-09-23 10:47:57 +02:00
ioctl.c nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() 2023-04-05 11:15:37 +02:00
Kconfig
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mdt.c nilfs2: fix lockdep warnings during disk space reclamation 2022-05-25 09:10:37 +02:00
mdt.h nilfs2: fix lockdep warnings during disk space reclamation 2022-05-25 09:10:37 +02:00
namei.c nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
nilfs.h nilfs2: fix incorrect masking of permission flags for symlinks 2022-07-21 21:09:26 +02:00
page.c nilfs2: prevent general protection fault in nilfs_clear_dirty_page() 2023-06-28 10:15:28 +02:00
page.h nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
recovery.c nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
segbuf.c nilfs2: fix buffer corruption due to concurrent device reads 2023-06-28 10:15:28 +02:00
segbuf.h nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
segment.c nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() 2023-09-23 10:47:57 +02:00
segment.h nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
sufile.c nilfs2: fix possible out-of-bounds segment allocation in resize ioctl 2023-06-21 15:39:57 +02:00
sufile.h nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
super.c nilfs2: fix buffer corruption due to concurrent device reads 2023-06-28 10:15:28 +02:00
sysfs.c nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group 2021-09-26 13:39:49 +02:00
sysfs.h nilfs2: convert to SPDX license tags 2018-09-04 16:45:02 -07:00
the_nilfs.c nilfs2: reject devices with insufficient block count 2023-06-28 10:15:27 +02:00
the_nilfs.h nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput 2023-08-16 18:13:00 +02:00