From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E92BC71153 for ; Sun, 3 Sep 2023 13:12:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232420AbjICNMb (ORCPT ); Sun, 3 Sep 2023 09:12:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237446AbjICNMb (ORCPT ); Sun, 3 Sep 2023 09:12:31 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D873D12A for ; Sun, 3 Sep 2023 06:12:25 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 3F94BCE0ABC for ; Sun, 3 Sep 2023 13:12:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2493AC433C9; Sun, 3 Sep 2023 13:12:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1693746742; bh=3T/Vq+P7C37rdn8gay3+642xll2VcZkRZrcmNXNNxlQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=dy28Hhx0XiFkgqNctU6EmpOKe5g89wc+XgK9lDkOGK3S0iequ9djFMEOO/uJRMSKf rcmBbAbKcLDPqgN/z4aROP0zKVK6NmrvAFMyUgw+8KMYDtHX6NLcjrOY1P4NTPdc8M winYgSAC2h6spqedN6li6gnHvS3nmrlV8ULwhPAc= Date: Sun, 3 Sep 2023 14:50:41 +0200 From: Greg Kroah-Hartman To: Ryusuke Konishi Cc: stable@vger.kernel.org, Andrew Morton Subject: Re: [PATCH 4.19 5.4 5.10 5.15 6.1] nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() Message-ID: <2023090333-crouch-caucus-fb22@gregkh> References: <20230902151000.3817-1-konishi.ryusuke@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230902151000.3817-1-konishi.ryusuke@gmail.com> Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org On Sun, Sep 03, 2023 at 12:10:00AM +0900, Ryusuke Konishi wrote: > commit f83913f8c5b882a312e72b7669762f8a5c9385e4 upstream. > > A syzbot stress test reported that create_empty_buffers() called from > nilfs_lookup_dirty_data_buffers() can cause a general protection fault. > > Analysis using its reproducer revealed that the back reference "mapping" > from a page/folio has been changed to NULL after dirty page/folio gang > lookup in nilfs_lookup_dirty_data_buffers(). > > Fix this issue by excluding pages/folios from being collected if, after > acquiring a lock on each page/folio, its back reference "mapping" differs > from the pointer to the address space struct that held the page/folio. > > Link: https://lkml.kernel.org/r/20230805132038.6435-1-konishi.ryusuke@gmail.com > Signed-off-by: Ryusuke Konishi > Reported-by: syzbot+0ad741797f4565e7e2d2@syzkaller.appspotmail.com > Closes: https://lkml.kernel.org/r/0000000000002930a705fc32b231@google.com > Tested-by: Ryusuke Konishi > Cc: > Signed-off-by: Andrew Morton > Signed-off-by: Ryusuke Konishi > --- > Please apply this patch to the above stable trees instead of the patch > that could not be applied to them. This patch resolves the conflict > caused by the recent page to folio conversion applied in > nilfs_lookup_dirty_data_buffers(). The general protection fault reported > by syzbot reproduces on these stable kernels before the page/folio > conversion is applied. This fixes it. > > With this tweak, this patch is applicable from v4.15 to v6.2. Also, > this patch has been tested against the -stable trees of each version in > the subject prefix. Now queued up, thanks. greg k-h