From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: stable@vger.kernel.org, Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH 4.19 5.4 5.10 5.15 6.1] nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
Date: Sun, 3 Sep 2023 14:50:41 +0200 [thread overview]
Message-ID: <2023090333-crouch-caucus-fb22@gregkh> (raw)
In-Reply-To: <20230902151000.3817-1-konishi.ryusuke@gmail.com>
On Sun, Sep 03, 2023 at 12:10:00AM +0900, Ryusuke Konishi wrote:
> commit f83913f8c5b882a312e72b7669762f8a5c9385e4 upstream.
>
> A syzbot stress test reported that create_empty_buffers() called from
> nilfs_lookup_dirty_data_buffers() can cause a general protection fault.
>
> Analysis using its reproducer revealed that the back reference "mapping"
> from a page/folio has been changed to NULL after dirty page/folio gang
> lookup in nilfs_lookup_dirty_data_buffers().
>
> Fix this issue by excluding pages/folios from being collected if, after
> acquiring a lock on each page/folio, its back reference "mapping" differs
> from the pointer to the address space struct that held the page/folio.
>
> Link: https://lkml.kernel.org/r/20230805132038.6435-1-konishi.ryusuke@gmail.com
> Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
> Reported-by: syzbot+0ad741797f4565e7e2d2@syzkaller.appspotmail.com
> Closes: https://lkml.kernel.org/r/0000000000002930a705fc32b231@google.com
> Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
> ---
> Please apply this patch to the above stable trees instead of the patch
> that could not be applied to them. This patch resolves the conflict
> caused by the recent page to folio conversion applied in
> nilfs_lookup_dirty_data_buffers(). The general protection fault reported
> by syzbot reproduces on these stable kernels before the page/folio
> conversion is applied. This fixes it.
>
> With this tweak, this patch is applicable from v4.15 to v6.2. Also,
> this patch has been tested against the -stable trees of each version in
> the subject prefix.
Now queued up, thanks.
greg k-h
prev parent reply other threads:[~2023-09-03 13:12 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-02 15:10 [PATCH 4.19 5.4 5.10 5.15 6.1] nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() Ryusuke Konishi
2023-09-03 12:50 ` Greg Kroah-Hartman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2023090333-crouch-caucus-fb22@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=konishi.ryusuke@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.