Patch "erofs: fix missing xas_retry() in fscache mode" has been added to the 6.0-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 21 Nov 2022 00:07:44 -0500

This is a note to let you know that I've just added the patch titled

    erofs: fix missing xas_retry() in fscache mode

to the 6.0-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     erofs-fix-missing-xas_retry-in-fscache-mode.patch
and it can be found in the queue-6.0 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit c250e490c04c28e9b939ca25d327056ff94500d3
Author: Jingbo Xu <jefflexu@xxxxxxxxxxxxxxxxx>
Date:   Mon Nov 14 20:19:43 2022 +0800

    erofs: fix missing xas_retry() in fscache mode
    
    [ Upstream commit 37020bbb71d911431e16c2c940b97cf86ae4f2f6 ]
    
    The xarray iteration only holds the RCU read lock and thus may encounter
    XA_RETRY_ENTRY if there's process modifying the xarray concurrently.
    This will cause oops when referring to the invalid entry.
    
    Fix this by adding the missing xas_retry(), which will make the
    iteration wind back to the root node if XA_RETRY_ENTRY is encountered.
    
    Fixes: d435d53228dd ("erofs: change to use asynchronous io for fscache readpage/readahead")
    Suggested-by: David Howells <dhowells@xxxxxxxxxx>
    Reviewed-by: Gao Xiang <hsiangkao@xxxxxxxxxxxxxxxxx>
    Reviewed-by: Jia Zhu <zhujia.zj@xxxxxxxxxxxxx>
    Signed-off-by: Jingbo Xu <jefflexu@xxxxxxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20221114121943.29987-1-jefflexu@xxxxxxxxxxxxxxxxx
    Signed-off-by: Gao Xiang <hsiangkao@xxxxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/erofs/fscache.c b/fs/erofs/fscache.c
index 79af25f0a56c..46ab2b3f9a3c 100644
--- a/fs/erofs/fscache.c
+++ b/fs/erofs/fscache.c
@@ -69,11 +69,15 @@ static void erofs_fscache_rreq_unlock_folios(struct netfs_io_request *rreq)
 
 	rcu_read_lock();
 	xas_for_each(&xas, folio, last_page) {
-		unsigned int pgpos =
-			(folio_index(folio) - start_page) * PAGE_SIZE;
-		unsigned int pgend = pgpos + folio_size(folio);
+		unsigned int pgpos, pgend;
 		bool pg_failed = false;
 
+		if (xas_retry(&xas, folio))
+			continue;
+
+		pgpos = (folio_index(folio) - start_page) * PAGE_SIZE;
+		pgend = pgpos + folio_size(folio);
+
 		for (;;) {
 			if (!subreq) {
 				pg_failed = true;






