FAILED: patch "[PATCH] fuse: fix readdir cache race" failed to apply to 5.4-stable tree

[<gregkh@linuxfoundation.org>]

The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

Possible dependencies:

9fa248c65bdb ("fuse: fix readdir cache race")
5fe0fc9f1de6 ("fuse: use kmap_local_page()")
9ac29fd3f87f ("fuse: move ioctl to separate source file")
5d069dbe8aaf ("fuse: fix bad inode")
fcee216beb9c ("fuse: split fuse_mount off of fuse_conn")
8f622e9497bb ("fuse: drop fuse_conn parameter where possible")
24754db2728a ("fuse: store fuse_conn in fuse_req")
9a752d18c85a ("virtiofs: add logic to free up a memory range")
d0cfb9dcbca6 ("virtiofs: maintain a list of busy elements")
6ae330cad6ef ("virtiofs: serialize truncate/punch_hole and dax fault path")
2a9a609a0c4a ("virtiofs: add DAX mmap support")
c2d0ad00d948 ("virtiofs: implement dax read/write operations")
ceec02d4354a ("virtiofs: introduce setupmapping/removemapping commands")
fd1a1dc6f5aa ("virtiofs: implement FUSE_INIT map_alignment field")
45f2348eceb6 ("virtiofs: keep a list of free dax memory ranges")
1dd539577c42 ("virtiofs: add a mount option to enable dax")
f4fd4ae354ba ("virtiofs: get rid of no_mount_options")
31070f6ccec0 ("fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS")
69a6487ac0ea ("fuse: move rb_erase() before tree_insert()")
5b14671be58d ("Merge tag 'fuse-update-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse")

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

From 9fa248c65bdbf5af0a2f74dd38575acfc8dfd2bf Mon Sep 17 00:00:00 2001
From: Miklos Szeredi <mszeredi@redhat.com>
Date: Thu, 20 Oct 2022 17:18:58 +0200
Subject: [PATCH] fuse: fix readdir cache race

There's a race in fuse's readdir cache that can result in an uninitilized
page being read.  The page lock is supposed to prevent this from happening
but in the following case it doesn't:

Two fuse_add_dirent_to_cache() start out and get the same parameters
(size=0,offset=0).  One of them wins the race to create and lock the page,
after which it fills in data, sets rdc.size and unlocks the page.

In the meantime the page gets evicted from the cache before the other
instance gets to run.  That one also creates the page, but finds the
size to be mismatched, bails out and leaves the uninitialized page in the
cache.

Fix by marking a filled page uptodate and ignoring non-uptodate pages.

Reported-by: Frank Sorenson <fsorenso@redhat.com>
Fixes: 5d7bc7e8680c ("fuse: allow using readdir cache")
Cc: <stable@vger.kernel.org> # v4.20
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

diff --git a/fs/fuse/readdir.c b/fs/fuse/readdir.c
index b4e565711045..e8deaacf1832 100644
--- a/fs/fuse/readdir.c
+++ b/fs/fuse/readdir.c
@@ -77,8 +77,10 @@ static void fuse_add_dirent_to_cache(struct file *file,
 		goto unlock;
 
 	addr = kmap_local_page(page);
-	if (!offset)
+	if (!offset) {
 		clear_page(addr);
+		SetPageUptodate(page);
+	}
 	memcpy(addr + offset, dirent, reclen);
 	kunmap_local(addr);
 	fi->rdc.size = (index << PAGE_SHIFT) + offset + reclen;
@@ -516,6 +518,12 @@ static int fuse_readdir_cached(struct file *file, struct dir_context *ctx)
 
 	page = find_get_page_flags(file->f_mapping, index,
 				   FGP_ACCESSED | FGP_LOCK);
+	/* Page gone missing, then re-added to cache, but not initialized? */
+	if (page && !PageUptodate(page)) {
+		unlock_page(page);
+		put_page(page);
+		page = NULL;
+	}
 	spin_lock(&fi->rdc.lock);
 	if (!page) {
 		/*