From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E5A5C7EE2E for ; Wed, 7 Jun 2023 20:00:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232101AbjFGT77 (ORCPT ); Wed, 7 Jun 2023 15:59:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34074 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229614AbjFGT75 (ORCPT ); Wed, 7 Jun 2023 15:59:57 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 31F3911A; Wed, 7 Jun 2023 12:59:56 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C0C3C63446; Wed, 7 Jun 2023 19:59:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 170B1C433EF; Wed, 7 Jun 2023 19:59:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1686167995; bh=3cHSfqz5v73r1gxVwTYTxD+h7U+eXJc+UvgDsdBub0k=; h=Date:To:From:Subject:From; b=p8xCZdiRtT6+r7Z1QAH2MWW2/CgDT86V+vrzz5iw7nGkgaFIJvbKdYHHBY4Tkgr2N abMFjehA2XErT3RNM7IRIW1H8sZU8fbaP1er8Xvpv7UrysBfSX/WnyQhc90GdTRgIU zu+adjHcL7f4PdsvNOtJZi/mPoY2Iu1xN3mX4r5Y= Date: Wed, 07 Jun 2023 12:59:54 -0700 To: mm-commits@vger.kernel.org, stable@vger.kernel.org, konishi.ryusuke@gmail.com, akpm@linux-foundation.org From: Andrew Morton Subject: [merged mm-hotfixes-stable] nilfs2-fix-incomplete-buffer-cleanup-in-nilfs_btnode_abort_change_key.patch removed from -mm tree Message-Id: <20230607195955.170B1C433EF@smtp.kernel.org> Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org The quilt patch titled Subject: nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() has been removed from the -mm tree. Its filename was nilfs2-fix-incomplete-buffer-cleanup-in-nilfs_btnode_abort_change_key.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryusuke Konishi Subject: nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() Date: Sat, 13 May 2023 19:24:28 +0900 A syzbot fault injection test reported that nilfs_btnode_create_block, a helper function that allocates a new node block for b-trees, causes a kernel BUG for disk images where the file system block size is smaller than the page size. This was due to unexpected flags on the newly allocated buffer head, and it turned out to be because the buffer flags were not cleared by nilfs_btnode_abort_change_key() after an error occurred during a b-tree update operation and the buffer was later reused in that state. Fix this issue by using nilfs_btnode_delete() to abandon the unused preallocated buffer in nilfs_btnode_abort_change_key(). Link: https://lkml.kernel.org/r/20230513102428.10223-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi Reported-by: syzbot+b0a35a5c1f7e846d3b09@syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/000000000000d1d6c205ebc4d512@google.com Tested-by: Ryusuke Konishi Cc: Signed-off-by: Andrew Morton --- fs/nilfs2/btnode.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) --- a/fs/nilfs2/btnode.c~nilfs2-fix-incomplete-buffer-cleanup-in-nilfs_btnode_abort_change_key +++ a/fs/nilfs2/btnode.c @@ -285,6 +285,14 @@ void nilfs_btnode_abort_change_key(struc if (nbh == NULL) { /* blocksize == pagesize */ xa_erase_irq(&btnc->i_pages, newkey); unlock_page(ctxt->bh->b_page); - } else - brelse(nbh); + } else { + /* + * When canceling a buffer that a prepare operation has + * allocated to copy a node block to another location, use + * nilfs_btnode_delete() to initialize and release the buffer + * so that the buffer flags will not be in an inconsistent + * state when it is reallocated. + */ + nilfs_btnode_delete(nbh); + } } _ Patches currently in -mm which might be from konishi.ryusuke@gmail.com are