January 2024 - Linux-stable-mirror

[RESEND PATCH 1/2] PM / devfreq: Fix buffer overflow in trans_stat_show

by Christian Marangi

Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled. Return -EFBIG in the case where we don't have enough space to write the full transition table. Also document in the ABI that this function can return -EFBIG error. Cc: stable(a)vger.kernel.org Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218041 Fixes: e552bbaf5b98 ("PM / devfreq: Add sysfs node for representing frequency transition information.") Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- Documentation/ABI/testing/sysfs-class-devfreq | 3 + drivers/devfreq/devfreq.c | 57 +++++++++++++------ 2 files changed, 42 insertions(+), 18 deletions(-) diff --git a/Documentation/ABI/testing/sysfs-class-devfreq b/Documentation/ABI/testing/sysfs-class-devfreq index 5e6b74f30406..1e7e0bb4c14e 100644 --- a/Documentation/ABI/testing/sysfs-class-devfreq +++ b/Documentation/ABI/testing/sysfs-class-devfreq @@ -52,6 +52,9 @@ Description: echo 0 > /sys/class/devfreq/.../trans_stat + If the transition table is bigger than PAGE_SIZE, reading + this will return an -EFBIG error. + What: /sys/class/devfreq/.../available_frequencies Date: October 2012 Contact: Nishanth Menon <nm(a)ti.com> diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c index 63347a5ae599..8459512d9b07 100644 --- a/drivers/devfreq/devfreq.c +++ b/drivers/devfreq/devfreq.c @@ -1688,7 +1688,7 @@ static ssize_t trans_stat_show(struct device *dev, struct device_attribute *attr, char *buf) { struct devfreq *df = to_devfreq(dev); - ssize_t len; + ssize_t len = 0; int i, j; unsigned int max_state; @@ -1697,7 +1697,7 @@ static ssize_t trans_stat_show(struct device *dev, max_state = df->max_state; if (max_state == 0) - return sprintf(buf, "Not Supported.\n"); + return scnprintf(buf, PAGE_SIZE, "Not Supported.\n"); mutex_lock(&df->lock); if (!df->stop_polling && @@ -1707,31 +1707,52 @@ static ssize_t trans_stat_show(struct device *dev, } mutex_unlock(&df->lock); - len = sprintf(buf, " From : To\n"); - len += sprintf(buf + len, " :"); - for (i = 0; i < max_state; i++) - len += sprintf(buf + len, "%10lu", - df->freq_table[i]); + len += scnprintf(buf + len, PAGE_SIZE - len, " From : To\n"); + len += scnprintf(buf + len, PAGE_SIZE - len, " :"); + for (i = 0; i < max_state; i++) { + if (len >= PAGE_SIZE - 1) + break; + len += scnprintf(buf + len, PAGE_SIZE - len, "%10lu", + df->freq_table[i]); + } + if (len >= PAGE_SIZE - 1) + return PAGE_SIZE - 1; - len += sprintf(buf + len, " time(ms)\n"); + len += scnprintf(buf + len, PAGE_SIZE - len, " time(ms)\n"); for (i = 0; i < max_state; i++) { + if (len >= PAGE_SIZE - 1) + break; if (df->freq_table[i] == df->previous_freq) - len += sprintf(buf + len, "*"); + len += scnprintf(buf + len, PAGE_SIZE - len, "*"); else - len += sprintf(buf + len, " "); + len += scnprintf(buf + len, PAGE_SIZE - len, " "); + if (len >= PAGE_SIZE - 1) + break; + + len += scnprintf(buf + len, PAGE_SIZE - len, "%10lu:", + df->freq_table[i]); + for (j = 0; j < max_state; j++) { + if (len >= PAGE_SIZE - 1) + break; + len += scnprintf(buf + len, PAGE_SIZE - len, "%10u", + df->stats.trans_table[(i * max_state) + j]); + } + if (len >= PAGE_SIZE - 1) + break; + len += scnprintf(buf + len, PAGE_SIZE - len, "%10llu\n", (u64) + jiffies64_to_msecs(df->stats.time_in_state[i])); + } - len += sprintf(buf + len, "%10lu:", df->freq_table[i]); - for (j = 0; j < max_state; j++) - len += sprintf(buf + len, "%10u", - df->stats.trans_table[(i * max_state) + j]); + if (len < PAGE_SIZE - 1) + len += scnprintf(buf + len, PAGE_SIZE - len, "Total transition : %u\n", + df->stats.total_trans); - len += sprintf(buf + len, "%10llu\n", (u64) - jiffies64_to_msecs(df->stats.time_in_state[i])); + if (len >= PAGE_SIZE - 1) { + pr_warn_once("devfreq transition table exceeds PAGE_SIZE. Disabling\n"); + return -EFBIG; } - len += sprintf(buf + len, "Total transition : %u\n", - df->stats.total_trans); return len; } -- 2.43.0

1 year, 9 months

3
4
0 0

[PATCH v2] usb: mon: Fix atomicity violation in mon_bin_vma_fault

by Gui-Dong Han

In mon_bin_vma_fault(): offset = vmf->pgoff << PAGE_SHIFT; if (offset >= rp->b_size) return VM_FAULT_SIGBUS; chunk_idx = offset / CHUNK_SIZE; pageptr = rp->b_vec[chunk_idx].pg; The code is executed without holding any lock. In mon_bin_vma_close(): spin_lock_irqsave(&rp->b_lock, flags); rp->mmap_active--; spin_unlock_irqrestore(&rp->b_lock, flags); In mon_bin_ioctl(): spin_lock_irqsave(&rp->b_lock, flags); if (rp->mmap_active) { ... } else { ... kfree(rp->b_vec); rp->b_vec = vec; rp->b_size = size; ... } spin_unlock_irqrestore(&rp->b_lock, flags); Concurrent execution of mon_bin_vma_fault() with mon_bin_vma_close() and mon_bin_ioctl() could lead to atomicity violations. mon_bin_vma_fault() accesses rp->b_size and rp->b_vec without locking, risking array out-of-bounds access or use-after-free bugs due to possible modifications in mon_bin_ioctl(). This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 6.2. To address this issue, it is proposed to add a spin lock pair in mon_bin_vma_fault() to ensure atomicity. With this patch applied, our tool never reports the possible bug, with the kernel configuration allyesconfig for x86_64. Due to the lack of associated hardware, we cannot test the patch in runtime testing, and just verify it according to the code logic. [1] https://sites.google.com/view/basscheck/ Fixes: 19e6317d24c25 ("usb: mon: Fix a deadlock in usbmon between ...") Cc: stable(a)vger.kernel.org Reported-by: BassCheck <bass(a)buaa.edu.cn> Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> --- v2: * In this patch v2, we've added some information of the static analysis tool used, as per the researcher guidelines. Also, we've added a cc in the signed-off-by area, according to the stable-kernel-rules. Thank Greg KH for helpful advice. --- drivers/usb/mon/mon_bin.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/usb/mon/mon_bin.c b/drivers/usb/mon/mon_bin.c index 9ca9305243fe..509cd1b8ff13 100644 --- a/drivers/usb/mon/mon_bin.c +++ b/drivers/usb/mon/mon_bin.c @@ -1250,12 +1250,16 @@ static vm_fault_t mon_bin_vma_fault(struct vm_fault *vmf) struct mon_reader_bin *rp = vmf->vma->vm_private_data; unsigned long offset, chunk_idx; struct page *pageptr; - + unsigned long flags; + spin_lock_irqsave(&rp->b_lock, flags); offset = vmf->pgoff << PAGE_SHIFT; - if (offset >= rp->b_size) + if (offset >= rp->b_size) { + spin_unlock_irqrestore(&rp->b_lock, flags); return VM_FAULT_SIGBUS; + } chunk_idx = offset / CHUNK_SIZE; pageptr = rp->b_vec[chunk_idx].pg; + spin_unlock_irqrestore(&rp->b_lock, flags); get_page(pageptr); vmf->page = pageptr; return 0; -- 2.34.1

1 year, 9 months

2
2
0 0

[PATCH v3] usb: mon: Fix atomicity violation in mon_bin_vma_fault

by Gui-Dong Han

In mon_bin_vma_fault(): offset = vmf->pgoff << PAGE_SHIFT; if (offset >= rp->b_size) return VM_FAULT_SIGBUS; chunk_idx = offset / CHUNK_SIZE; pageptr = rp->b_vec[chunk_idx].pg; The code is executed without holding any lock. In mon_bin_vma_close(): spin_lock_irqsave(&rp->b_lock, flags); rp->mmap_active--; spin_unlock_irqrestore(&rp->b_lock, flags); In mon_bin_ioctl(): spin_lock_irqsave(&rp->b_lock, flags); if (rp->mmap_active) { ... } else { ... kfree(rp->b_vec); rp->b_vec = vec; rp->b_size = size; ... } spin_unlock_irqrestore(&rp->b_lock, flags); Concurrent execution of mon_bin_vma_fault() with mon_bin_vma_close() and mon_bin_ioctl() could lead to atomicity violations. mon_bin_vma_fault() accesses rp->b_size and rp->b_vec without locking, risking array out-of-bounds access or use-after-free bugs due to possible modifications in mon_bin_ioctl(). This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 6.2. To address this issue, it is proposed to add a spin lock pair in mon_bin_vma_fault() to ensure atomicity. With this patch applied, our tool never reports the possible bug, with the kernel configuration allyesconfig for x86_64. Due to the lack of associated hardware, we cannot test the patch in runtime testing, and just verify it according to the code logic. [1] https://sites.google.com/view/basscheck/ Fixes: 19e6317d24c2 ("usb: mon: Fix a deadlock in usbmon between ...") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> --- v2: * In this patch v2, we've added some information of the static analysis tool used, as per the researcher guidelines. Also, we've added a cc in the signed-off-by area, according to the stable-kernel-rules. Thank Greg KH for helpful advice. --- v3: * In this patch v3, we've added a necessary blank line and adjusted the position of spin_unlock_irqrestore() following Greg KH's suggestions. Thank Greg KH for helpful advice. --- drivers/usb/mon/mon_bin.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/usb/mon/mon_bin.c b/drivers/usb/mon/mon_bin.c index 9ca9305243fe..fbc1a9c0b345 100644 --- a/drivers/usb/mon/mon_bin.c +++ b/drivers/usb/mon/mon_bin.c @@ -1250,14 +1250,19 @@ static vm_fault_t mon_bin_vma_fault(struct vm_fault *vmf) struct mon_reader_bin *rp = vmf->vma->vm_private_data; unsigned long offset, chunk_idx; struct page *pageptr; - + unsigned long flags; + + spin_lock_irqsave(&rp->b_lock, flags); offset = vmf->pgoff << PAGE_SHIFT; - if (offset >= rp->b_size) + if (offset >= rp->b_size) { + spin_unlock_irqrestore(&rp->b_lock, flags); return VM_FAULT_SIGBUS; + } chunk_idx = offset / CHUNK_SIZE; pageptr = rp->b_vec[chunk_idx].pg; get_page(pageptr); vmf->page = pageptr; + spin_unlock_irqrestore(&rp->b_lock, flags); return 0; } -- 2.34.1

1 year, 9 months

1
0
0 0

[PATCH 6.6 00/49] 6.6.10-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.10 release. There are 49 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Jan 2024 16:47:49 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.10-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.10-rc1 Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip set commit for deleted/destroyed sets Léo Lam <leo(a)leolam.fr> wifi: nl80211: fix deadlock in nl80211_set_cqm_rssi (6.6.x) Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix CQM for non-range use Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix blocked reader of snapshot buffer Steven Rostedt (Google) <rostedt(a)goodmis.org> ftrace: Fix modification of direct_function hash while in use Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix wake ups when buffer_percent is set to 100 Keith Busch <kbusch(a)kernel.org> Revert "nvme-fc: fix race between error recovery and creating association" Matthew Wilcox (Oracle) <willy(a)infradead.org> mm/memory-failure: check the mapcount of the precise page Matthew Wilcox (Oracle) <willy(a)infradead.org> mm/memory-failure: cast index to loff_t before shifting it Charan Teja Kalla <quic_charante(a)quicinc.com> mm: migrate high-order folios in swap cache correctly Baokun Li <libaokun1(a)huawei.com> mm/filemap: avoid buffered read/write race to read inconsistent data Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests: secretmem: floor the memory size to the multiple of page_size Sidhartha Kumar <sidhartha.kumar(a)oracle.com> maple_tree: do not preallocate nodes for slot stores Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() David E. Box <david.e.box(a)linux.intel.com> platform/x86/intel/pmc: Move GBE LTR ignore to suspend callback David E. Box <david.e.box(a)linux.intel.com> platform/x86/intel/pmc: Allow reenabling LTRs David E. Box <david.e.box(a)linux.intel.com> platform/x86/intel/pmc: Add suspend callback Christoph Hellwig <hch(a)lst.de> block: renumber QUEUE_FLAG_HW_WC Paolo Abeni <pabeni(a)redhat.com> mptcp: fix inconsistent state on fastopen race Paolo Abeni <pabeni(a)redhat.com> mptcp: fix possible NULL pointer dereference on close Paolo Abeni <pabeni(a)redhat.com> mptcp: refactor sndbuf auto-tuning Helge Deller <deller(a)gmx.de> linux/export: Ensure natural alignment of kcrctab array Helge Deller <deller(a)gmx.de> linux/export: Fix alignment for 64-bit ksymtab entries Arnd Bergmann <arnd(a)arndb.de> kexec: select CRYPTO from KEXEC_FILE instead of depending on it Arnd Bergmann <arnd(a)arndb.de> kexec: fix KEXEC_FILE dependencies Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> virtio_ring: fix syncs DMA memory with different direction Zizhi Wo <wozizhi(a)huawei.com> fs: cifs: Fix atime update check Jeff Layton <jlayton(a)kernel.org> client: convert to new timestamp accessors Jeff Layton <jlayton(a)kernel.org> fs: new accessor methods for atime and mtime Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid duplicate opinfo_put() call on error of smb21_lease_break_ack() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: lazy v2 lease break on smb2_write() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: send v2 lease break notification for directory Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: downgrade RWH lease caching state to RH for directory Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: set v2 lease capability Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: set epoch in create context v2 lease Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: release interim response after sending status pending response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: move oplock handling after unlock parent dir Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: separately allocate ci per dentry Zongmin Zhou <zhouzongmin(a)kylinos.cn> ksmbd: prevent memory leak on error return Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: no need to wait for binded connection termination at logoff Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add support for surrogate pair conversion Kangjing Huang <huangkangjing(a)gmail.com> ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: reorganize ksmbd_iov_pin_rsp() Cheng-Han Wu <hank20010209(a)gmail.com> ksmbd: Remove unused field in ksmbd_user struct ------------- Diffstat: Makefile | 4 +- arch/powerpc/Kconfig | 4 +- arch/riscv/Kconfig | 4 +- arch/s390/Kconfig | 4 +- arch/x86/Kconfig | 4 +- drivers/nvme/host/fc.c | 21 +-- drivers/platform/x86/intel/pmc/adl.c | 9 +- drivers/platform/x86/intel/pmc/cnp.c | 26 ++- drivers/platform/x86/intel/pmc/core.c | 12 +- drivers/platform/x86/intel/pmc/core.h | 7 +- drivers/platform/x86/intel/pmc/mtl.c | 9 +- drivers/platform/x86/intel/pmc/tgl.c | 9 +- drivers/platform/x86/p2sb.c | 178 ++++++++++++++++----- drivers/virtio/virtio_ring.c | 6 +- fs/libfs.c | 41 +++-- fs/smb/client/file.c | 18 ++- fs/smb/client/fscache.h | 6 +- fs/smb/client/inode.c | 17 +- fs/smb/client/smb2ops.c | 6 +- fs/smb/common/smb2pdu.h | 1 + fs/smb/server/connection.c | 16 -- fs/smb/server/ksmbd_work.c | 51 +++--- fs/smb/server/mgmt/user_config.h | 1 - fs/smb/server/oplock.c | 118 ++++++++++++-- fs/smb/server/oplock.h | 8 +- fs/smb/server/smb2misc.c | 15 +- fs/smb/server/smb2ops.c | 9 +- fs/smb/server/smb2pdu.c | 258 ++++++++++++++++-------------- fs/smb/server/transport_rdma.c | 40 +++-- fs/smb/server/unicode.c | 187 ++++++++++++++++------ fs/smb/server/vfs.c | 14 +- fs/smb/server/vfs_cache.c | 30 ++-- fs/smb/server/vfs_cache.h | 9 +- include/linux/blkdev.h | 2 +- include/linux/export-internal.h | 6 +- include/linux/fs.h | 85 ++++++++-- kernel/Kconfig.kexec | 2 + kernel/trace/ftrace.c | 100 ++++++------ kernel/trace/ring_buffer.c | 12 +- kernel/trace/trace.c | 20 ++- lib/maple_tree.c | 11 ++ mm/filemap.c | 9 ++ mm/memory-failure.c | 8 +- mm/migrate.c | 9 +- net/mptcp/protocol.c | 27 +++- net/mptcp/protocol.h | 63 +++++++- net/mptcp/sockopt.c | 5 +- net/mptcp/subflow.c | 29 ++-- net/netfilter/nf_tables_api.c | 2 +- net/wireless/core.h | 1 + net/wireless/nl80211.c | 56 ++++--- tools/testing/radix-tree/maple.c | 2 +- tools/testing/selftests/mm/memfd_secret.c | 3 + 53 files changed, 1070 insertions(+), 524 deletions(-)

1 year, 9 months

19
71
0 0

FAILED: patch "[PATCH] block: Don't invalidate pagecache for invalid falloc modes" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1364a3c391aedfeb32aa025303ead3d7c91cdf9d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023101511-outpost-crucial-c477@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 1364a3c391ae ("block: Don't invalidate pagecache for invalid falloc modes") 05bdb9965305 ("block: replace fmode_t with a block-specific type for block open flags") 5e4ea834676e ("block: remove unused fmode_t arguments from ioctl handlers") cfb425761c79 ("block: move a few internal definitions out of blkdev.h") 99b07780814e ("rnbd-srv: replace sess->open_flags with a "bool readonly"") 658afed19cee ("mtd: block: use a simple bool to track open for write") 7d9d7d59d44b ("nvme: replace the fmode_t argument to the nvme ioctl handlers with a simple bool") 2e80089c1824 ("scsi: replace the fmode_t argument to scsi_ioctl with a simple bool") 5f4eb9d5413f ("scsi: replace the fmode_t argument to scsi_cmd_allowed with a simple bool") 81b1fb7d17c0 ("fs: remove sb->s_mode") 3f0b3e785e8b ("block: add a sb_open_mode helper") 2736e8eeb0cc ("block: use the holder as indication for exclusive opens") 2ef789288afd ("btrfs: don't pass a holder for non-exclusive blkdev_get_by_path") 29499ab060fe ("bcache: don't pass a stack address to blkdev_get_by_path") c889d0793d9d ("swsusp: don't pass a stack address to blkdev_get_by_path") ae220766d87c ("block: remove the unused mode argument to ->release") d32e2bf83791 ("block: pass a gendisk to ->open") 444aa2c58cb3 ("block: pass a gendisk on bdev_check_media_change") 7ae24fcee992 ("cdrom: remove the unused mode argument to cdrom_release") 473399b50de1 ("cdrom: remove the unused mode argument to cdrom_ioctl") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1364a3c391aedfeb32aa025303ead3d7c91cdf9d Mon Sep 17 00:00:00 2001 From: Sarthak Kukreti <sarthakkukreti(a)chromium.org> Date: Wed, 11 Oct 2023 13:12:30 -0700 Subject: [PATCH] block: Don't invalidate pagecache for invalid falloc modes Only call truncate_bdev_range() if the fallocate mode is supported. This fixes a bug where data in the pagecache could be invalidated if the fallocate() was called on the block device with an invalid mode. Fixes: 25f4c41415e5 ("block: implement (some of) fallocate for block devices") Cc: stable(a)vger.kernel.org Reported-by: "Darrick J. Wong" <djwong(a)kernel.org> Signed-off-by: Sarthak Kukreti <sarthakkukreti(a)chromium.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: "Darrick J. Wong" <djwong(a)kernel.org> Signed-off-by: Mike Snitzer <snitzer(a)kernel.org> Fixes: line? I've never seen those wrapped. Link: https://lore.kernel.org/r/20231011201230.750105-1-sarthakkukreti@chromium.o… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/fops.c b/block/fops.c index acff3d5d22d4..73e42742543f 100644 --- a/block/fops.c +++ b/block/fops.c @@ -772,24 +772,35 @@ static long blkdev_fallocate(struct file *file, int mode, loff_t start, filemap_invalidate_lock(inode->i_mapping); - /* Invalidate the page cache, including dirty pages. */ - error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); - if (error) - goto fail; - + /* + * Invalidate the page cache, including dirty pages, for valid + * de-allocate mode calls to fallocate(). + */ switch (mode) { case FALLOC_FL_ZERO_RANGE: case FALLOC_FL_ZERO_RANGE | FALLOC_FL_KEEP_SIZE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_zeroout(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL, BLKDEV_ZERO_NOUNMAP); break; case FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_zeroout(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL, BLKDEV_ZERO_NOFALLBACK); break; case FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE | FALLOC_FL_NO_HIDE_STALE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_discard(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL); break;

1 year, 10 months

2
1
0 0

[PATCH] input/vmmouse: Fix device name copies

by Zack Rusin

From: Zack Rusin <zackr(a)vmware.com> Make sure vmmouse_data::phys can hold serio::phys (which is 32 bytes) plus an extra string, extend it to 64. Fixes gcc13 warnings: drivers/input/mouse/vmmouse.c: In function ‘vmmouse_init’: drivers/input/mouse/vmmouse.c:455:53: warning: ‘/input1’ directive output may be truncated writing 7 bytes into a region of size between 1 and 32 [-Wformat-truncation=] 455 | snprintf(priv->phys, sizeof(priv->phys), "%s/input1", | ^~~~~~~ drivers/input/mouse/vmmouse.c:455:9: note: ‘snprintf’ output between 8 and 39 bytes into a destination of size 32 455 | snprintf(priv->phys, sizeof(priv->phys), "%s/input1", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 456 | psmouse->ps2dev.serio->phys); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Zack Rusin <zackr(a)vmware.com> Fixes: 8b8be51b4fd3 ("Input: add vmmouse driver") Cc: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Cc: VMware Graphics Reviewers <linux-graphics-maintainer(a)vmware.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Robert Jarzmik <robert.jarzmik(a)free.fr> Cc: Raul Rangel <rrangel(a)chromium.org> Cc: linux-input(a)vger.kernel.org Cc: <stable(a)vger.kernel.org> # v4.1+ --- drivers/input/mouse/vmmouse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/input/mouse/vmmouse.c b/drivers/input/mouse/vmmouse.c index ea9eff7c8099..7248cada4c8c 100644 --- a/drivers/input/mouse/vmmouse.c +++ b/drivers/input/mouse/vmmouse.c @@ -72,7 +72,7 @@ */ struct vmmouse_data { struct input_dev *abs_dev; - char phys[32]; + char phys[64]; char dev_name[128]; }; -- 2.39.2

1 year, 10 months

6
11
0 0

FAILED: patch "[PATCH] block: Don't invalidate pagecache for invalid falloc modes" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1364a3c391aedfeb32aa025303ead3d7c91cdf9d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023101512-hurt-guise-534b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 1364a3c391ae ("block: Don't invalidate pagecache for invalid falloc modes") 05bdb9965305 ("block: replace fmode_t with a block-specific type for block open flags") 5e4ea834676e ("block: remove unused fmode_t arguments from ioctl handlers") cfb425761c79 ("block: move a few internal definitions out of blkdev.h") 99b07780814e ("rnbd-srv: replace sess->open_flags with a "bool readonly"") 658afed19cee ("mtd: block: use a simple bool to track open for write") 7d9d7d59d44b ("nvme: replace the fmode_t argument to the nvme ioctl handlers with a simple bool") 2e80089c1824 ("scsi: replace the fmode_t argument to scsi_ioctl with a simple bool") 5f4eb9d5413f ("scsi: replace the fmode_t argument to scsi_cmd_allowed with a simple bool") 81b1fb7d17c0 ("fs: remove sb->s_mode") 3f0b3e785e8b ("block: add a sb_open_mode helper") 2736e8eeb0cc ("block: use the holder as indication for exclusive opens") 2ef789288afd ("btrfs: don't pass a holder for non-exclusive blkdev_get_by_path") 29499ab060fe ("bcache: don't pass a stack address to blkdev_get_by_path") c889d0793d9d ("swsusp: don't pass a stack address to blkdev_get_by_path") ae220766d87c ("block: remove the unused mode argument to ->release") d32e2bf83791 ("block: pass a gendisk to ->open") 444aa2c58cb3 ("block: pass a gendisk on bdev_check_media_change") 7ae24fcee992 ("cdrom: remove the unused mode argument to cdrom_release") 473399b50de1 ("cdrom: remove the unused mode argument to cdrom_ioctl") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1364a3c391aedfeb32aa025303ead3d7c91cdf9d Mon Sep 17 00:00:00 2001 From: Sarthak Kukreti <sarthakkukreti(a)chromium.org> Date: Wed, 11 Oct 2023 13:12:30 -0700 Subject: [PATCH] block: Don't invalidate pagecache for invalid falloc modes Only call truncate_bdev_range() if the fallocate mode is supported. This fixes a bug where data in the pagecache could be invalidated if the fallocate() was called on the block device with an invalid mode. Fixes: 25f4c41415e5 ("block: implement (some of) fallocate for block devices") Cc: stable(a)vger.kernel.org Reported-by: "Darrick J. Wong" <djwong(a)kernel.org> Signed-off-by: Sarthak Kukreti <sarthakkukreti(a)chromium.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: "Darrick J. Wong" <djwong(a)kernel.org> Signed-off-by: Mike Snitzer <snitzer(a)kernel.org> Fixes: line? I've never seen those wrapped. Link: https://lore.kernel.org/r/20231011201230.750105-1-sarthakkukreti@chromium.o… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/fops.c b/block/fops.c index acff3d5d22d4..73e42742543f 100644 --- a/block/fops.c +++ b/block/fops.c @@ -772,24 +772,35 @@ static long blkdev_fallocate(struct file *file, int mode, loff_t start, filemap_invalidate_lock(inode->i_mapping); - /* Invalidate the page cache, including dirty pages. */ - error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); - if (error) - goto fail; - + /* + * Invalidate the page cache, including dirty pages, for valid + * de-allocate mode calls to fallocate(). + */ switch (mode) { case FALLOC_FL_ZERO_RANGE: case FALLOC_FL_ZERO_RANGE | FALLOC_FL_KEEP_SIZE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_zeroout(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL, BLKDEV_ZERO_NOUNMAP); break; case FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_zeroout(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL, BLKDEV_ZERO_NOFALLBACK); break; case FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE | FALLOC_FL_NO_HIDE_STALE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_discard(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL); break;

1 year, 10 months

2
1
0 0

FAILED: patch "[PATCH] block: Don't invalidate pagecache for invalid falloc modes" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1364a3c391aedfeb32aa025303ead3d7c91cdf9d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023101513-depraved-ecosphere-6b50@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 1364a3c391ae ("block: Don't invalidate pagecache for invalid falloc modes") 05bdb9965305 ("block: replace fmode_t with a block-specific type for block open flags") 5e4ea834676e ("block: remove unused fmode_t arguments from ioctl handlers") cfb425761c79 ("block: move a few internal definitions out of blkdev.h") 99b07780814e ("rnbd-srv: replace sess->open_flags with a "bool readonly"") 658afed19cee ("mtd: block: use a simple bool to track open for write") 7d9d7d59d44b ("nvme: replace the fmode_t argument to the nvme ioctl handlers with a simple bool") 2e80089c1824 ("scsi: replace the fmode_t argument to scsi_ioctl with a simple bool") 5f4eb9d5413f ("scsi: replace the fmode_t argument to scsi_cmd_allowed with a simple bool") 81b1fb7d17c0 ("fs: remove sb->s_mode") 3f0b3e785e8b ("block: add a sb_open_mode helper") 2736e8eeb0cc ("block: use the holder as indication for exclusive opens") 2ef789288afd ("btrfs: don't pass a holder for non-exclusive blkdev_get_by_path") 29499ab060fe ("bcache: don't pass a stack address to blkdev_get_by_path") c889d0793d9d ("swsusp: don't pass a stack address to blkdev_get_by_path") ae220766d87c ("block: remove the unused mode argument to ->release") d32e2bf83791 ("block: pass a gendisk to ->open") 444aa2c58cb3 ("block: pass a gendisk on bdev_check_media_change") 7ae24fcee992 ("cdrom: remove the unused mode argument to cdrom_release") 473399b50de1 ("cdrom: remove the unused mode argument to cdrom_ioctl") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1364a3c391aedfeb32aa025303ead3d7c91cdf9d Mon Sep 17 00:00:00 2001 From: Sarthak Kukreti <sarthakkukreti(a)chromium.org> Date: Wed, 11 Oct 2023 13:12:30 -0700 Subject: [PATCH] block: Don't invalidate pagecache for invalid falloc modes Only call truncate_bdev_range() if the fallocate mode is supported. This fixes a bug where data in the pagecache could be invalidated if the fallocate() was called on the block device with an invalid mode. Fixes: 25f4c41415e5 ("block: implement (some of) fallocate for block devices") Cc: stable(a)vger.kernel.org Reported-by: "Darrick J. Wong" <djwong(a)kernel.org> Signed-off-by: Sarthak Kukreti <sarthakkukreti(a)chromium.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: "Darrick J. Wong" <djwong(a)kernel.org> Signed-off-by: Mike Snitzer <snitzer(a)kernel.org> Fixes: line? I've never seen those wrapped. Link: https://lore.kernel.org/r/20231011201230.750105-1-sarthakkukreti@chromium.o… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/fops.c b/block/fops.c index acff3d5d22d4..73e42742543f 100644 --- a/block/fops.c +++ b/block/fops.c @@ -772,24 +772,35 @@ static long blkdev_fallocate(struct file *file, int mode, loff_t start, filemap_invalidate_lock(inode->i_mapping); - /* Invalidate the page cache, including dirty pages. */ - error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); - if (error) - goto fail; - + /* + * Invalidate the page cache, including dirty pages, for valid + * de-allocate mode calls to fallocate(). + */ switch (mode) { case FALLOC_FL_ZERO_RANGE: case FALLOC_FL_ZERO_RANGE | FALLOC_FL_KEEP_SIZE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_zeroout(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL, BLKDEV_ZERO_NOUNMAP); break; case FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_zeroout(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL, BLKDEV_ZERO_NOFALLBACK); break; case FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE | FALLOC_FL_NO_HIDE_STALE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_discard(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL); break;

1 year, 10 months

2
1
0 0

FAILED: patch "[PATCH] block: Don't invalidate pagecache for invalid falloc modes" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1364a3c391aedfeb32aa025303ead3d7c91cdf9d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023101515-buffing-copy-1686@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 1364a3c391ae ("block: Don't invalidate pagecache for invalid falloc modes") 05bdb9965305 ("block: replace fmode_t with a block-specific type for block open flags") 5e4ea834676e ("block: remove unused fmode_t arguments from ioctl handlers") cfb425761c79 ("block: move a few internal definitions out of blkdev.h") 99b07780814e ("rnbd-srv: replace sess->open_flags with a "bool readonly"") 658afed19cee ("mtd: block: use a simple bool to track open for write") 7d9d7d59d44b ("nvme: replace the fmode_t argument to the nvme ioctl handlers with a simple bool") 2e80089c1824 ("scsi: replace the fmode_t argument to scsi_ioctl with a simple bool") 5f4eb9d5413f ("scsi: replace the fmode_t argument to scsi_cmd_allowed with a simple bool") 81b1fb7d17c0 ("fs: remove sb->s_mode") 3f0b3e785e8b ("block: add a sb_open_mode helper") 2736e8eeb0cc ("block: use the holder as indication for exclusive opens") 2ef789288afd ("btrfs: don't pass a holder for non-exclusive blkdev_get_by_path") 29499ab060fe ("bcache: don't pass a stack address to blkdev_get_by_path") c889d0793d9d ("swsusp: don't pass a stack address to blkdev_get_by_path") ae220766d87c ("block: remove the unused mode argument to ->release") d32e2bf83791 ("block: pass a gendisk to ->open") 444aa2c58cb3 ("block: pass a gendisk on bdev_check_media_change") 7ae24fcee992 ("cdrom: remove the unused mode argument to cdrom_release") 473399b50de1 ("cdrom: remove the unused mode argument to cdrom_ioctl") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1364a3c391aedfeb32aa025303ead3d7c91cdf9d Mon Sep 17 00:00:00 2001 From: Sarthak Kukreti <sarthakkukreti(a)chromium.org> Date: Wed, 11 Oct 2023 13:12:30 -0700 Subject: [PATCH] block: Don't invalidate pagecache for invalid falloc modes Only call truncate_bdev_range() if the fallocate mode is supported. This fixes a bug where data in the pagecache could be invalidated if the fallocate() was called on the block device with an invalid mode. Fixes: 25f4c41415e5 ("block: implement (some of) fallocate for block devices") Cc: stable(a)vger.kernel.org Reported-by: "Darrick J. Wong" <djwong(a)kernel.org> Signed-off-by: Sarthak Kukreti <sarthakkukreti(a)chromium.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: "Darrick J. Wong" <djwong(a)kernel.org> Signed-off-by: Mike Snitzer <snitzer(a)kernel.org> Fixes: line? I've never seen those wrapped. Link: https://lore.kernel.org/r/20231011201230.750105-1-sarthakkukreti@chromium.o… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/fops.c b/block/fops.c index acff3d5d22d4..73e42742543f 100644 --- a/block/fops.c +++ b/block/fops.c @@ -772,24 +772,35 @@ static long blkdev_fallocate(struct file *file, int mode, loff_t start, filemap_invalidate_lock(inode->i_mapping); - /* Invalidate the page cache, including dirty pages. */ - error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); - if (error) - goto fail; - + /* + * Invalidate the page cache, including dirty pages, for valid + * de-allocate mode calls to fallocate(). + */ switch (mode) { case FALLOC_FL_ZERO_RANGE: case FALLOC_FL_ZERO_RANGE | FALLOC_FL_KEEP_SIZE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_zeroout(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL, BLKDEV_ZERO_NOUNMAP); break; case FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_zeroout(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL, BLKDEV_ZERO_NOFALLBACK); break; case FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE | FALLOC_FL_NO_HIDE_STALE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_discard(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL); break;

1 year, 10 months

2
1
0 0

FAILED: patch "[PATCH] block: Don't invalidate pagecache for invalid falloc modes" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 1364a3c391aedfeb32aa025303ead3d7c91cdf9d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023101516-genetics-gratify-225c@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 1364a3c391ae ("block: Don't invalidate pagecache for invalid falloc modes") 05bdb9965305 ("block: replace fmode_t with a block-specific type for block open flags") 5e4ea834676e ("block: remove unused fmode_t arguments from ioctl handlers") cfb425761c79 ("block: move a few internal definitions out of blkdev.h") 99b07780814e ("rnbd-srv: replace sess->open_flags with a "bool readonly"") 658afed19cee ("mtd: block: use a simple bool to track open for write") 7d9d7d59d44b ("nvme: replace the fmode_t argument to the nvme ioctl handlers with a simple bool") 2e80089c1824 ("scsi: replace the fmode_t argument to scsi_ioctl with a simple bool") 5f4eb9d5413f ("scsi: replace the fmode_t argument to scsi_cmd_allowed with a simple bool") 81b1fb7d17c0 ("fs: remove sb->s_mode") 3f0b3e785e8b ("block: add a sb_open_mode helper") 2736e8eeb0cc ("block: use the holder as indication for exclusive opens") 2ef789288afd ("btrfs: don't pass a holder for non-exclusive blkdev_get_by_path") 29499ab060fe ("bcache: don't pass a stack address to blkdev_get_by_path") c889d0793d9d ("swsusp: don't pass a stack address to blkdev_get_by_path") ae220766d87c ("block: remove the unused mode argument to ->release") d32e2bf83791 ("block: pass a gendisk to ->open") 444aa2c58cb3 ("block: pass a gendisk on bdev_check_media_change") 7ae24fcee992 ("cdrom: remove the unused mode argument to cdrom_release") 473399b50de1 ("cdrom: remove the unused mode argument to cdrom_ioctl") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1364a3c391aedfeb32aa025303ead3d7c91cdf9d Mon Sep 17 00:00:00 2001 From: Sarthak Kukreti <sarthakkukreti(a)chromium.org> Date: Wed, 11 Oct 2023 13:12:30 -0700 Subject: [PATCH] block: Don't invalidate pagecache for invalid falloc modes Only call truncate_bdev_range() if the fallocate mode is supported. This fixes a bug where data in the pagecache could be invalidated if the fallocate() was called on the block device with an invalid mode. Fixes: 25f4c41415e5 ("block: implement (some of) fallocate for block devices") Cc: stable(a)vger.kernel.org Reported-by: "Darrick J. Wong" <djwong(a)kernel.org> Signed-off-by: Sarthak Kukreti <sarthakkukreti(a)chromium.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: "Darrick J. Wong" <djwong(a)kernel.org> Signed-off-by: Mike Snitzer <snitzer(a)kernel.org> Fixes: line? I've never seen those wrapped. Link: https://lore.kernel.org/r/20231011201230.750105-1-sarthakkukreti@chromium.o… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/fops.c b/block/fops.c index acff3d5d22d4..73e42742543f 100644 --- a/block/fops.c +++ b/block/fops.c @@ -772,24 +772,35 @@ static long blkdev_fallocate(struct file *file, int mode, loff_t start, filemap_invalidate_lock(inode->i_mapping); - /* Invalidate the page cache, including dirty pages. */ - error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); - if (error) - goto fail; - + /* + * Invalidate the page cache, including dirty pages, for valid + * de-allocate mode calls to fallocate(). + */ switch (mode) { case FALLOC_FL_ZERO_RANGE: case FALLOC_FL_ZERO_RANGE | FALLOC_FL_KEEP_SIZE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_zeroout(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL, BLKDEV_ZERO_NOUNMAP); break; case FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_zeroout(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL, BLKDEV_ZERO_NOFALLBACK); break; case FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE | FALLOC_FL_NO_HIDE_STALE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_discard(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL); break;

1 year, 10 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror January 2024