[PATCH 00/11] netfs: Further miscellaneous fixes

[David Howells <dhowells@redhat.com>]

Hi Christian,

Here are some more miscellaneous fixes for netfslib, found by Sashiko.dev's
AI review[1] in response to the previous miscellaneous fix posting[2], plus
a repeat of another patch you haven't picked up yet:

 (1) Fix an early put of the sink page used in netfs_read_gaps(), before
     the request has completed.

 (2) Fix request leak in netfs_write_begin() error handling.

 (3) Fix a potential UAF in netfs_unlock_abandoned_read_pages() due to
     trying to check index of each folio we're abandoning to see if that
     folio is actually owned by the caller (in which case, we're not
     actually allowed to dereference it).

 (4) Fix a potentially uninitialised error value in
     netfs_extract_user_iter().

 (5) Fix incorrect adjustment of dirty region when partially invalidating a
     streaming write folio.

 (6) Fix the trace displayed by the total overwrite of a streaming-write
     folio.

 (7) Fix the handling of folio->private in netfs_perform_write() and the
     attached netfs_folio and/or group when a streaming write folio is
     modified.

 (8) Fix the handling of a group attached to the netfs_folio attached to
     folio->private when netfs_read_gaps() fills out the folio.

 (9) Fix the potential for 64-bit tearing on a 32-bit machine when reading
     netfs_inode->remote_i_size and ->zero_point by using much the same
     mechanism as is used for ->i_size.

(10) Fix a comment about avoiding streaming write on O_RDWR files as that
     bit of code is removed in vfs.fixes.  This could be folded down, but
     makes no change of behaviour.

(11) Fix netfs_read_folio() to wait on writeback first (it holds the folio
     lock) otherwise we aren't allowed to look at the netfs_folio struct as
     that could be modified at any time by the writeback collector.

These are applied on top of your vfs.fixes branch.  Patch 6 fixes a commit
in vfs.fixes, but would need moving before that patch rather than simply
folding down - and as it just changes the trace output, it's probably not
worth moving.  Patch 8 fixes a bug in one of the commits in vfs.fixes.
Patch 10 just tidies up a comment in one of the vfs.fixes commits.

The patches can also be found here:

	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=netfs-fixes

Thanks,
David

[1] https://sashiko.dev/#/patchset/20260414082004.3756080-1-dhowells%40redhat.com

[2] https://lore.kernel.org/r/20260414082004.3756080-1-dhowells@redhat.com/

David Howells (11):
  netfs: Fix early put of sink folio in netfs_read_gaps()
  netfs: Fix leak of request in netfs_write_begin() error handling
  netfs: Fix potential UAF in netfs_unlock_abandoned_read_pages()
  netfs: Fix potential uninitialised var in netfs_extract_user_iter()
  netfs: Fix partial invalidation of streaming-write folio
  netfs: Fix the trace displayed for the total overwrite of a streamed
    write
  netfs: Fix folio->private handling in netfs_perform_write()
  netfs: Fix group handling in netfs_read_gaps()
  netfs: Fix potential for tearing in ->remote_i_size and ->zero_point
  netfs: Fix comment about write-streaming avoidance
  netfs: Fix netfs_read_folio() to wait on writeback

 fs/9p/vfs_inode.c            |   2 +-
 fs/9p/vfs_inode_dotl.c       |   4 +-
 fs/afs/inode.c               |   8 +-
 fs/afs/write.c               |   2 +-
 fs/netfs/buffered_read.c     |  25 +--
 fs/netfs/buffered_write.c    | 100 +++++++-----
 fs/netfs/direct_write.c      |   4 +-
 fs/netfs/iterator.c          |   2 +-
 fs/netfs/misc.c              |  15 +-
 fs/netfs/read_collect.c      |   2 +-
 fs/netfs/read_retry.c        |   2 +-
 fs/netfs/write_collect.c     |   3 +-
 fs/smb/client/cifsfs.c       |  24 +--
 fs/smb/client/cifssmb.c      |   2 +-
 fs/smb/client/file.c         |   9 +-
 fs/smb/client/inode.c        |   9 +-
 fs/smb/client/readdir.c      |   3 +-
 fs/smb/client/smb2ops.c      |  16 +-
 fs/smb/client/smb2pdu.c      |   2 +-
 include/linux/netfs.h        | 301 +++++++++++++++++++++++++++++++++--
 include/trace/events/netfs.h |   3 +
 21 files changed, 426 insertions(+), 112 deletions(-)