This is a note to let you know that I've just added the patch titled block: Hold invalidate_lock in BLKRESETZONE ioctl to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: block-hold-invalidate_lock-in-blkresetzone-ioctl.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 86399ea071099ec8ee0a83ac9ad67f7df96a50ad Mon Sep 17 00:00:00 2001 From: Shin'ichiro Kawasaki <shinichiro.kawasaki@xxxxxxx> Date: Thu, 11 Nov 2021 17:52:38 +0900 Subject: block: Hold invalidate_lock in BLKRESETZONE ioctl From: Shin'ichiro Kawasaki <shinichiro.kawasaki@xxxxxxx> commit 86399ea071099ec8ee0a83ac9ad67f7df96a50ad upstream. When BLKRESETZONE ioctl and data read race, the data read leaves stale page cache. The commit e5113505904e ("block: Discard page cache of zone reset target range") added page cache truncation to avoid stale page cache after the ioctl. However, the stale page cache still can be read during the reset zone operation for the ioctl. To avoid the stale page cache completely, hold invalidate_lock of the block device file mapping. Fixes: e5113505904e ("block: Discard page cache of zone reset target range") Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@xxxxxxx> Cc: stable@xxxxxxxxxxxxxxx # v5.15 Reviewed-by: Jan Kara <jack@xxxxxxx> Reviewed-by: Ming Lei <ming.lei@xxxxxxxxxx> Link: https://lore.kernel.org/r/20211111085238.942492-1-shinichiro.kawasaki@xxxxxxx Signed-off-by: Jens Axboe <axboe@xxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- block/blk-zoned.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) --- a/block/blk-zoned.c +++ b/block/blk-zoned.c @@ -365,9 +365,10 @@ int blkdev_zone_mgmt_ioctl(struct block_ op = REQ_OP_ZONE_RESET; /* Invalidate the page cache, including dirty pages. */ + filemap_invalidate_lock(bdev->bd_inode->i_mapping); ret = blkdev_truncate_zone_range(bdev, mode, &zrange); if (ret) - return ret; + goto fail; break; case BLKOPENZONE: op = REQ_OP_ZONE_OPEN; @@ -385,15 +386,9 @@ int blkdev_zone_mgmt_ioctl(struct block_ ret = blkdev_zone_mgmt(bdev, op, zrange.sector, zrange.nr_sectors, GFP_KERNEL); - /* - * Invalidate the page cache again for zone reset: writes can only be - * direct for zoned devices so concurrent writes would not add any page - * to the page cache after/during reset. The page cache may be filled - * again due to concurrent reads though and dropping the pages for - * these is fine. - */ - if (!ret && cmd == BLKRESETZONE) - ret = blkdev_truncate_zone_range(bdev, mode, &zrange); +fail: + if (cmd == BLKRESETZONE) + filemap_invalidate_unlock(bdev->bd_inode->i_mapping); return ret; } Patches currently in stable-queue which might be from shinichiro.kawasaki@xxxxxxx are queue-5.10/block-hold-invalidate_lock-in-blkresetzone-ioctl.patch queue-5.10/block-hold-invalidate_lock-in-blkzeroout-ioctl.patch queue-5.10/block-hold-invalidate_lock-in-blkdiscard-ioctl.patch