On Sat, Jun 24, 2023 at 01:18:02PM +0900, Ryusuke Konishi wrote: > commit 782e53d0c14420858dbf0f8f797973c150d3b6d7 upstream. > > In a syzbot stress test that deliberately causes file system errors on > nilfs2 with a corrupted disk image, it has been reported that > nilfs_clear_dirty_page() called from nilfs_clear_dirty_pages() can cause a > general protection fault. > > In nilfs_clear_dirty_pages(), when looking up dirty pages from the page > cache and calling nilfs_clear_dirty_page() for each dirty page/folio > retrieved, the back reference from the argument page to "mapping" may have > been changed to NULL (and possibly others). It is necessary to check this > after locking the page/folio. > > So, fix this issue by not calling nilfs_clear_dirty_page() on a page/folio > after locking it in nilfs_clear_dirty_pages() if the back reference > "mapping" from the page/folio is different from the "mapping" that held > the page/folio just before. > > Link: https://lkml.kernel.org/r/20230612021456.3682-1-konishi.ryusuke@xxxxxxxxx > Signed-off-by: Ryusuke Konishi <konishi.ryusuke@xxxxxxxxx> > Reported-by: syzbot+53369d11851d8f26735c@xxxxxxxxxxxxxxxxxxxxxxxxx > Closes: https://lkml.kernel.org/r/000000000000da4f6b05eb9bf593@xxxxxxxxxx > Tested-by: Ryusuke Konishi <konishi.ryusuke@xxxxxxxxx> > Cc: <stable@xxxxxxxxxxxxxxx> > Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Ryusuke Konishi <konishi.ryusuke@xxxxxxxxx> > --- > Please apply this patch to the above stable trees instead of the patch > that could not be applied to them. This patch resolves the conflict > caused by the recent page to folio conversion applied in > nilfs_clear_dirty_pages(). The general protection fault reported by > syzbot reproduces on these stable kernels before the page/folio > conversion is applied. This fixes it. > > With this tweak, this patch is applicable from v3.10 to v6.2. Also, > this patch has been tested against the -stable trees of each version in > the subject prefix. Now queued up, thanks. greg k-h
