The patch titled
Subject: tmpfs: fix data loss from failed fallocate
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
tmpfs-fix-data-loss-from-failed-fallocate.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Hugh Dickins <hughd(a)google.com>
Subject: tmpfs: fix data loss from failed fallocate
Date: Sun, 4 Dec 2022 16:51:50 -0800 (PST)
Fix tmpfs data loss when the fallocate system call is interrupted by a
signal, or fails for some other reason. The partial folio handling in
shmem_undo_range() forgot to consider this unfalloc case, and was liable
to erase or truncate out data which had already been committed earlier.
It turns out that none of the partial folio handling there is appropriate
for the unfalloc case, which just wants to proceed to removal of whole
folios: which find_get_entries() provides, even when partially covered.
Original patch by Rui Wang.
Link: https://lore.kernel.org/linux-mm/33b85d82.7764.1842e9ab207.Coremail.chenguo…
Link: https://lkml.kernel.org/r/a5dac112-cf4b-7af-a33-f386e347fd38@google.com
Fixes: b9a8a4195c7d ("truncate,shmem: Handle truncates that split large folios")
Signed-off-by: Hugh Dickins <hughd(a)google.com>
Reported-by: Guoqi Chen <chenguoqic(a)163.com>
Link: https://lore.kernel.org/all/20221101032248.819360-1-kernel@hev.cc/
Cc: Rui Wang <kernel(a)hev.cc>
Cc: Huacai Chen <chenhuacai(a)loongson.cn>
Cc: Matthew Wilcox <willy(a)infradead.org>
Cc: Vishal Moola (Oracle) <vishal.moola(a)gmail.com>
Cc: <stable(a)vger.kernel.org> [5.17+]
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/shmem.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/mm/shmem.c~tmpfs-fix-data-loss-from-failed-fallocate
+++ a/mm/shmem.c
@@ -948,6 +948,15 @@ static void shmem_undo_range(struct inod
index++;
}
+ /*
+ * When undoing a failed fallocate, we want none of the partial folio
+ * zeroing and splitting below, but shall want to truncate the whole
+ * folio when !uptodate indicates that it was added by this fallocate,
+ * even when [lstart, lend] covers only a part of the folio.
+ */
+ if (unfalloc)
+ goto whole_folios;
+
same_folio = (lstart >> PAGE_SHIFT) == (lend >> PAGE_SHIFT);
folio = shmem_get_partial_folio(inode, lstart >> PAGE_SHIFT);
if (folio) {
@@ -973,6 +982,8 @@ static void shmem_undo_range(struct inod
folio_put(folio);
}
+whole_folios:
+
index = start;
while (index < end) {
cond_resched();
_
Patches currently in -mm which might be from hughd(a)google.com are
tmpfs-fix-data-loss-from-failed-fallocate.patch
Here's a backported version of upstream commit ID
4dbd6a3e90e03130973688fd79e19425f720d999 that will work with
5.4, 4.19, 4.14, and 4.9.
Michael
-------------------------------------------------------------------------------------------
6f2e8eba629d29ffae0fc71c0cfd6b694ac4a5ec Mon Sep 17 00:00:00 2001
From: Michael Kelley <mikelley(a)microsoft.com>
Date: Sun, 4 Dec 2022 13:52:01 -0800
Subject: [PATCH v4 1/1] x86/ioremap: Fix page aligned size calculation in
__ioremap_caller()
Current code re-calculates the size after aligning the starting and
ending physical addresses on a page boundary. But the re-calculation
also embeds the masking of high order bits that exceed the size of
the physical address space (via PHYSICAL_PAGE_MASK). If the masking
removes any high order bits, the size calculation results in a huge
value that is likely to immediately fail.
Fix this by re-calculating the page-aligned size first. Then mask any
high order bits using PHYSICAL_PAGE_MASK.
Fixes: ffa71f33a820 ("x86, ioremap: Fix incorrect physical address handling in PAE mode")
Acked-by: Dave Hansen <dave.hansen(a)linux.intel.com>
Signed-off-by: Michael Kelley <mikelley(a)microsoft.com>
---
arch/x86/mm/ioremap.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
index ecae9ac..696fd6f 100644
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
@@ -126,9 +126,15 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
* Mappings have to be page-aligned
*/
offset = phys_addr & ~PAGE_MASK;
- phys_addr &= PHYSICAL_PAGE_MASK;
+ phys_addr &= PAGE_MASK;
size = PAGE_ALIGN(last_addr+1) - phys_addr;
+ /*
+ * Mask out any bits not part of the actual physical
+ * address, like memory encryption bits.
+ */
+ phys_addr &= PHYSICAL_PAGE_MASK;
+
retval = reserve_memtype(phys_addr, (u64)phys_addr + size,
pcm, &new_pcm);
if (retval) {
--
1.8.3.1
Hello,
commit 711f8c3fb3db ("Bluetooth: L2CAP: Fix accepting connection request for
invalid SPSM") did not apply to 5.4-stable tree previously.
One of the notable dependencies is commit 15f02b910562 ("Bluetooth: L2CAP:
Add initial code for Enhanced Credit Based Mode") and that doesn't apply to
5.4-stable either due to a mismatch on `l2cap_sock_setsockopt_old` in
l2cap_sock.c.
After doing a comparison between upstream and older revisions, I merged the
changes and backported 15f02b910562 to 5.4-stable.
During compilation, I discovered another dependency commit 145720963b6c
("Bluetooth: L2CAP: Add definitions for Enhanced Credit Based Mode") and
added that to patchset.
All those combined will hopefully allow us to have the fix for CVE-2022-42896
in 5.4-stable.
Thank you.
Luiz Augusto von Dentz (3):
Bluetooth: L2CAP: Add initial code for Enhanced Credit Based Mode
Bluetooth: L2CAP: Add definitions for Enhanced Credit Based Mode
Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
include/net/bluetooth/l2cap.h | 43 +++
net/bluetooth/l2cap_core.c | 570 +++++++++++++++++++++++++++++++++-
net/bluetooth/l2cap_sock.c | 24 +-
3 files changed, 617 insertions(+), 20 deletions(-)
--
2.37.2