Patch "erofs: fix kvcalloc() misuse with __GFP_NOFAIL" has been added to the 6.1-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Tue, 24 Jan 2023 06:24:22 -0500

This is a note to let you know that I've just added the patch titled

    erofs: fix kvcalloc() misuse with __GFP_NOFAIL

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     erofs-fix-kvcalloc-misuse-with-__gfp_nofail.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit f7bb977d25583ebdbe297d9c88ef902ff6ddca97
Author: Gao Xiang <xiang@xxxxxxxxxx>
Date:   Tue Jan 10 15:49:27 2023 +0800

    erofs: fix kvcalloc() misuse with __GFP_NOFAIL
    
    [ Upstream commit 12724ba38992bd045e92a9a88a868a530f89d13e ]
    
    As reported by syzbot [1], kvcalloc() cannot work with  __GFP_NOFAIL.
    Let's use kcalloc() instead.
    
    [1] https://lore.kernel.org/r/0000000000007796bd05f1852ec2@xxxxxxxxxx
    
    Reported-by: syzbot+c3729cda01706a04fb98@xxxxxxxxxxxxxxxxxxxxxxxxx
    Fixes: fe3e5914e6dc ("erofs: try to leave (de)compressed_pages on stack if possible")
    Fixes: 4f05687fd703 ("erofs: introduce struct z_erofs_decompress_backend")
    Reviewed-by: Chao Yu <chao@xxxxxxxxxx>
    Signed-off-by: Gao Xiang <hsiangkao@xxxxxxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20230110074927.41651-1-hsiangkao@xxxxxxxxxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/erofs/zdata.c b/fs/erofs/zdata.c
index cf4871834ebb..ee7c88c9b5af 100644
--- a/fs/erofs/zdata.c
+++ b/fs/erofs/zdata.c
@@ -1047,12 +1047,12 @@ static int z_erofs_decompress_pcluster(struct z_erofs_decompress_backend *be,
 
 	if (!be->decompressed_pages)
 		be->decompressed_pages =
-			kvcalloc(be->nr_pages, sizeof(struct page *),
-				 GFP_KERNEL | __GFP_NOFAIL);
+			kcalloc(be->nr_pages, sizeof(struct page *),
+				GFP_KERNEL | __GFP_NOFAIL);
 	if (!be->compressed_pages)
 		be->compressed_pages =
-			kvcalloc(pclusterpages, sizeof(struct page *),
-				 GFP_KERNEL | __GFP_NOFAIL);
+			kcalloc(pclusterpages, sizeof(struct page *),
+				GFP_KERNEL | __GFP_NOFAIL);
 
 	z_erofs_parse_out_bvecs(be);
 	err2 = z_erofs_parse_in_bvecs(be, &overlapped);
@@ -1100,7 +1100,7 @@ static int z_erofs_decompress_pcluster(struct z_erofs_decompress_backend *be,
 	}
 	if (be->compressed_pages < be->onstack_pages ||
 	    be->compressed_pages >= be->onstack_pages + Z_EROFS_ONSTACK_PAGES)
-		kvfree(be->compressed_pages);
+		kfree(be->compressed_pages);
 	z_erofs_fill_other_copies(be, err);
 
 	for (i = 0; i < be->nr_pages; ++i) {
@@ -1119,7 +1119,7 @@ static int z_erofs_decompress_pcluster(struct z_erofs_decompress_backend *be,
 	}
 
 	if (be->decompressed_pages != be->onstack_pages)
-		kvfree(be->decompressed_pages);
+		kfree(be->decompressed_pages);
 
 	pcl->length = 0;
 	pcl->partial = true;






