android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f74be44246
android_kernel_xiaomi_sm8450/fs
History
Ye Bin d55931c1cc UPSTREAM: ext4: fix kernel BUG in 'ext4_write_inline_data_end()' 
commit 5c099c4fdc438014d5893629e70a8ba934433ee8 upstream.

Syzbot report follow issue:
------------[ cut here ]------------
kernel BUG at fs/ext4/inline.c:227!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 3629 Comm: syz-executor212 Not tainted 6.1.0-rc5-syzkaller-00018-g59d0d52c30d4 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:ext4_write_inline_data+0x344/0x3e0 fs/ext4/inline.c:227
RSP: 0018:ffffc90003b3f368 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff8880704e16c0 RCX: 0000000000000000
RDX: ffff888021763a80 RSI: ffffffff821e31a4 RDI: 0000000000000006
RBP: 000000000006818e R08: 0000000000000006 R09: 0000000000068199
R10: 0000000000000079 R11: 0000000000000000 R12: 000000000000000b
R13: 0000000000068199 R14: ffffc90003b3f408 R15: ffff8880704e1c82
FS:  000055555723e3c0(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fffe8ac9080 CR3: 0000000079f81000 CR4: 0000000000350ee0
Call Trace:
 <TASK>
 ext4_write_inline_data_end+0x2a3/0x12f0 fs/ext4/inline.c:768
 ext4_write_end+0x242/0xdd0 fs/ext4/inode.c:1313
 ext4_da_write_end+0x3ed/0xa30 fs/ext4/inode.c:3063
 generic_perform_write+0x316/0x570 mm/filemap.c:3764
 ext4_buffered_write_iter+0x15b/0x460 fs/ext4/file.c:285
 ext4_file_write_iter+0x8bc/0x16e0 fs/ext4/file.c:700
 call_write_iter include/linux/fs.h:2191 [inline]
 do_iter_readv_writev+0x20b/0x3b0 fs/read_write.c:735
 do_iter_write+0x182/0x700 fs/read_write.c:861
 vfs_iter_write+0x74/0xa0 fs/read_write.c:902
 iter_file_splice_write+0x745/0xc90 fs/splice.c:686
 do_splice_from fs/splice.c:764 [inline]
 direct_splice_actor+0x114/0x180 fs/splice.c:931
 splice_direct_to_actor+0x335/0x8a0 fs/splice.c:886
 do_splice_direct+0x1ab/0x280 fs/splice.c:974
 do_sendfile+0xb19/0x1270 fs/read_write.c:1255
 __do_sys_sendfile64 fs/read_write.c:1323 [inline]
 __se_sys_sendfile64 fs/read_write.c:1309 [inline]
 __x64_sys_sendfile64+0x1d0/0x210 fs/read_write.c:1309
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
---[ end trace 0000000000000000 ]---

Above issue may happens as follows:
ext4_da_write_begin
  ext4_da_write_inline_data_begin
    ext4_da_convert_inline_data_to_extent
      ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
ext4_da_write_end

ext4_run_li_request
  ext4_mb_prefetch
    ext4_read_block_bitmap_nowait
      ext4_validate_block_bitmap
        ext4_mark_group_bitmap_corrupted(sb, block_group, EXT4_GROUP_INFO_BBITMAP_CORRUPT)
	 percpu_counter_sub(&sbi->s_freeclusters_counter,grp->bb_free);
	  -> sbi->s_freeclusters_counter become zero
ext4_da_write_begin
  if (ext4_nonda_switch(inode->i_sb)) -> As freeclusters_counter is zero will return true
    *fsdata = (void *)FALL_BACK_TO_NONDELALLOC;
    ext4_write_begin
ext4_da_write_end
  if (write_mode == FALL_BACK_TO_NONDELALLOC)
    ext4_write_end
      if (inline_data)
        ext4_write_inline_data_end
	  ext4_write_inline_data
	    BUG_ON(pos + len > EXT4_I(inode)->i_inline_size);
           -> As inode is already convert to extent, so 'pos + len' > inline_size
	   -> then trigger BUG.

To solve this issue, instead of checking ext4_has_inline_data() which
is only cleared after data has been written back, check the
EXT4_STATE_MAY_INLINE_DATA flag in ext4_write_end().

Fixes: f19d5870cb ("ext4: add normal write support for inline data")
Reported-by: syzbot+4faa160fa96bfba639f8@syzkaller.appspotmail.com
Reported-by: Jun Nie <jun.nie@linaro.org>
Signed-off-by: Ye Bin <yebin10@huawei.com>
Link: https://lore.kernel.org/r/20221206144134.1919987-1-yebin@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
[ta: Fix conflict in if expression and use the local variable inline_data
as it is initialized with ext4_has_inline_data(inode) anyway.]
Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 257756238
Change-Id: Ifc77db2f12db2270a2f7100e548e113dee3ee492
Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org>
2023-04-05 12:46:44 +00:00
..
9p This is the 5.10.124 stable release 2022-07-28 15:53:46 +02:00
adfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
affs Merge 5.10.166 into android12-5.10-lts 2023-02-17 12:18:56 +00:00
afs This is the 5.10.163 stable release 2023-02-06 12:30:05 +00:00
autofs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
befs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
bfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
btrfs Merge 5.10.168 into android12-5.10-lts 2023-02-17 15:23:41 +00:00
cachefiles ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
ceph Merge 5.10.168 into android12-5.10-lts 2023-02-17 15:23:41 +00:00
cifs Merge 5.10.168 into android12-5.10-lts 2023-02-17 15:23:41 +00:00
coda ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
configfs This is the 5.10.163 stable release 2023-02-06 12:30:05 +00:00
cramfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
crypto ANDROID: abi preservation for fscrypt change in 5.10.154 2022-12-01 16:47:19 +00:00
debugfs debugfs: fix error when writing negative value to atomic_t debugfs file 2023-01-14 10:15:19 +01:00
devpts fsnotify: fix fsnotify hooks in pseudo filesystems 2022-02-01 17:25:39 +01:00
dlm fs: dlm: handle -EBUSY first in lock arg validation 2022-10-26 13:25:08 +02:00
ecryptfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
efivarfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
efs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
erofs Merge branch 'android12-5.10' into branch 'android12-5.10-lts' 2022-10-01 14:58:20 +02:00
exfat Merge branch 'android12-5.10' into branch 'android12-5.10-lts' 2022-08-16 14:34:54 +02:00
exportfs
ext2 This is the 5.10.137 stable release 2022-08-29 16:53:14 +02:00
ext4 UPSTREAM: ext4: fix kernel BUG in 'ext4_write_inline_data_end()' 2023-04-05 12:46:44 +00:00
f2fs Merge tag 'android12-5.10.168_r00' into android12-5.10 2023-03-23 11:09:43 +00:00
fat This is the 5.10.121 stable release 2022-07-23 16:10:22 +02:00
freevxfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
fscache ANDROID: GKI: set more vfs-only exports into their own namespace 2022-04-07 20:52:29 +02:00
fuse Merge tag 'android12-5.10.160_r00' into android12-5.10 2023-01-21 12:06:54 +00:00
gfs2 This is the 5.10.156 stable release 2022-12-02 08:42:05 +00:00
hfs This is the 5.10.163 stable release 2023-02-06 12:30:05 +00:00
hfsplus This is the 5.10.163 stable release 2023-02-06 12:30:05 +00:00
hostfs hostfs: fix memory handling in follow_link() 2021-04-14 08:42:06 +02:00
hpfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
hugetlbfs hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() 2023-01-14 10:16:20 +01:00
incfs ANDROID: incremental fs: Evict inodes before freeing mount data 2023-04-04 15:48:57 +00:00
iomap This is the 5.10.129 stable release 2022-07-28 16:55:29 +02:00
isofs Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
jbd2 This is the 5.10.150 stable release 2022-11-15 19:14:08 +00:00
jffs2 This is the 5.10.122 stable release 2022-07-28 15:05:26 +02:00
jfs This is the 5.10.163 stable release 2023-02-06 12:30:05 +00:00
kernfs This is the 5.10.153 stable release 2022-11-21 15:47:06 +00:00
lockd lockd: lockd server-side shouldn't set fl_ops 2021-09-18 13:40:30 +02:00
minix This is the 5.10.111 stable release 2022-04-21 14:27:41 +02:00
nfs Merge 5.10.165 into android12-5.10-lts 2023-02-16 16:43:59 +00:00
nfs_common nfs_common: need lock during iterate through the list 2020-12-30 11:53:45 +01:00
nfsd Merge 5.10.166 into android12-5.10-lts 2023-02-17 12:18:56 +00:00
nilfs2 Merge 5.10.165 into android12-5.10-lts 2023-02-16 16:43:59 +00:00
nls ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
notify This is the 5.10.121 stable release 2022-07-23 16:10:22 +02:00
ntfs This is the 5.10.156 stable release 2022-12-02 08:42:05 +00:00
ocfs2 This is the 5.10.163 stable release 2023-02-06 12:30:05 +00:00
omfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
openpromfs
orangefs This is the 5.10.163 stable release 2023-02-06 12:30:05 +00:00
overlayfs This is the 5.10.163 stable release 2023-02-06 12:30:05 +00:00
proc Merge 5.10.168 into android12-5.10-lts 2023-02-17 15:23:41 +00:00
pstore This is the 5.10.163 stable release 2023-02-06 12:30:05 +00:00
qnx4 Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
qnx6 ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
quota ext4: fix bug_on in __es_tree_search caused by bad quota inode 2023-01-14 10:16:38 +01:00
ramfs ramfs: fix nommu mmap with gaps in the page cache 2020-10-16 11:11:22 -07:00
reiserfs Merge 5.10.166 into android12-5.10-lts 2023-02-17 12:18:56 +00:00
romfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
squashfs Merge 5.10.168 into android12-5.10-lts 2023-02-17 15:23:41 +00:00
sysfs sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output 2020-10-02 12:02:30 +02:00
sysv This is the 5.10.163 stable release 2023-02-06 12:30:05 +00:00
tracefs This is the 5.10.144 stable release 2022-09-22 14:50:45 +02:00
ubifs This is the 5.10.111 stable release 2022-04-21 14:27:41 +02:00
udf This is the 5.10.163 stable release 2023-02-06 12:30:05 +00:00
ufs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
unicode ANDROID: sync generic casefolding code with patches going upstream 2020-09-27 21:56:06 +00:00
vboxsf Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
verity ANDROID: GKI: set more vfs-only exports into their own namespace 2022-04-07 20:52:29 +02:00
xfs This is the 5.10.146 stable release 2022-09-29 17:06:30 +02:00
zonefs Merge 5.10.165 into android12-5.10-lts 2023-02-16 16:43:59 +00:00
aio.c UPSTREAM: aio: fix use-after-free due to missing POLLFREE handling 2021-12-14 13:54:22 +01:00
anon_inodes.c UPSTREAM: fs: anon_inodes: rephrase to appropriate kernel-doc 2021-03-03 16:18:33 +00:00
attr.c This is the 5.10.137 stable release 2022-08-29 16:53:14 +02:00
bad_inode.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
binfmt_aout.c
binfmt_elf_fdpic.c This is the 5.10.163 stable release 2023-02-06 12:30:05 +00:00
binfmt_elf.c This is the 5.10.153 stable release 2022-11-21 15:47:06 +00:00
binfmt_em86.c
binfmt_flat.c binfmt_flat: do not stop relocating GOT entries prematurely on riscv 2022-06-09 10:20:47 +02:00
binfmt_misc.c This is the 5.10.163 stable release 2023-02-06 12:30:05 +00:00
binfmt_script.c
block_dev.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
buffer.c This is the 5.10.156 stable release 2022-12-02 08:42:05 +00:00
char_dev.c chardev: fix error handling in cdev_device_add() 2023-01-14 10:15:59 +01:00
compat_binfmt_elf.c
coredump.c UPSTREAM: coredump: Limit what can interrupt coredumps 2023-02-07 13:38:13 +00:00
d_path.c fs: fix NULL dereference due to data race in prepend_path() 2020-10-14 14:54:45 -07:00
dax.c dax: fix cache flush on PMD-mapped pages 2022-06-09 10:21:16 +02:00
dcache.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
dcookies.c
direct-io.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
drop_caches.c
eventfd.c UPSTREAM: eventfd: provide a eventfd_signal_mask() helper 2023-02-07 13:38:16 +00:00
eventpoll.c UPSTREAM: eventpoll: add EPOLL_URING_WAKE poll wakeup flag 2023-02-07 13:38:16 +00:00
exec.c This is the 5.10.153 stable release 2022-11-21 15:47:06 +00:00
fcntl.c fcntl: fix potential deadlocks for &fown_struct.lock 2022-10-30 09:41:18 +01:00
fhandle.c
file_table.c SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() 2022-05-18 10:23:48 +02:00
file.c UPSTREAM: fs: provide locked helper variant of close_fd_get_file() 2023-02-07 13:38:09 +00:00
filesystems.c
fs_context.c memcg: charge fs_context and legacy_fs_context 2022-02-08 18:30:36 +01:00
fs_parser.c fs_parse: mark fs_param_bad_value() as static 2020-10-13 18:38:27 -07:00
fs_pin.c
fs_struct.c
fs_types.c ANDROID: GKI: set more vfs-only exports into their own namespace 2022-04-07 20:52:29 +02:00
fs-writeback.c This is the 5.10.121 stable release 2022-07-23 16:10:22 +02:00
fsopen.c
init.c
inode.c This is the 5.10.148 stable release 2022-10-15 08:33:43 +02:00
internal.h UPSTREAM: fs: provide locked helper variant of close_fd_get_file() 2023-02-07 13:38:09 +00:00
ioctl.c This is the 5.10.118 stable release 2022-06-06 16:37:12 +02:00
Kconfig Merge 5.10.17 into android12-5.10 2021-02-18 11:21:01 +01:00
Kconfig.binfmt
kernel_read_file.c vfs: check fd has read access in kernel_read_file_from_fd() 2021-10-27 09:56:51 +02:00
libfs.c This is the 5.10.163 stable release 2023-02-06 12:30:05 +00:00
locks.c filelock: new helper: vfs_inode_has_locks 2023-01-14 10:16:47 +01:00
Makefile UPSTREAM: io_uring: import 5.15-stable io_uring 2023-02-07 13:38:15 +00:00
mbcache.c mbcache: Avoid nesting of cache->c_list_lock under bit locks 2023-01-14 10:16:50 +01:00
mount.h
mpage.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
namei.c UPSTREAM: fs: make do_renameat2() take struct filename 2023-02-07 13:38:09 +00:00
namespace.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
no-block.c
nsfs.c
open.c UPSTREAM: fs: expose LOOKUP_CACHED through openat2() RESOLVE_CACHED 2023-02-07 13:38:08 +00:00
pipe.c BACKPORT: pipe: Fix missing lock in pipe_resize_ring() 2022-09-12 22:52:59 +00:00
pnode.c pnode: terminate at peers of source 2023-01-14 10:16:27 +01:00
pnode.h mount: fix mounting of detached mounts onto targets that reside on shared mounts 2021-03-17 17:06:13 +01:00
posix_acl.c
proc_namespace.c proc mountinfo: make splice available again 2020-12-30 11:54:02 +01:00
read_write.c This is the 5.10.160 stable release 2022-12-20 12:38:28 +00:00
readdir.c readdir: make sure to verify directory entry for legacy interfaces too 2021-04-21 13:00:54 +02:00
remap_range.c fs/remap: constrain dedupe of EOF blocks 2022-07-21 21:20:01 +02:00
select.c select: Fix indefinitely sleeping task in poll_schedule_timeout() 2022-01-29 10:26:11 +01:00
seq_file.c seq_file: disallow extremely large seq buffer allocations 2021-07-20 16:05:59 +02:00
signalfd.c Revert "io_uring: disable polling pollfree files" 2022-09-22 13:22:53 +02:00
splice.c This is the 5.10.149 stable release 2022-10-19 11:11:59 +02:00
stack.c
stat.c This is the 5.10.113 stable release 2022-05-12 11:23:35 +02:00
statfs.c
super.c This is the 5.10.154 stable release 2022-11-29 23:38:14 +00:00
sync.c This is the 5.10.140 stable release 2022-08-31 18:52:48 +02:00
timerfd.c ANDROID: fs: Add vendor hooks for ep_create_wakeup_source & timerfd_create 2021-03-24 17:57:22 +00:00
userfaultfd.c This is the 5.10.150 stable release 2022-11-15 19:14:08 +00:00
utimes.c
xattr.c This is the 5.10.163 stable release 2023-02-06 12:30:05 +00:00