[merged mm-hotfixes-stable] squashfs-fix-buffer-release-race-condition-in-readahead-code.patch removed from -mm tree
The quilt patch titled Subject: squashfs: fix buffer release race condition in readahead code has been removed from the -mm tree. Its filename was squashfs-fix-buffer-release-race-condition-in-readahead-code.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------ From: Phillip Lougher phillip@squashfs.org.uk Subject: squashfs: fix buffer release race condition in readahead code Date: Thu, 20 Oct 2022 23:36:16 +0100
Fix a buffer release race condition, where the error value was used after release.
Link: https://lkml.kernel.org/r/20221020223616.7571-4-phillip@squashfs.org.uk Fixes: b09a7a036d20 ("squashfs: support reading fragments in readahead call") Signed-off-by: Phillip Lougher phillip@squashfs.org.uk Tested-by: Bagas Sanjaya bagasdotme@gmail.com Reported-by: Marc Miltenberger marcmiltenberger@gmail.com Cc: Dimitri John Ledkov dimitri.ledkov@canonical.com Cc: Hsin-Yi Wang hsinyi@chromium.org Cc: Mirsad Goran Todorovac mirsad.todorovac@alu.unizg.hr Cc: Slade Watkins srw@sladewatkins.net Cc: Thorsten Leemhuis regressions@leemhuis.info Cc: stable@vger.kernel.org Signed-off-by: Andrew Morton akpm@linux-foundation.org ---
--- a/fs/squashfs/file.c~squashfs-fix-buffer-release-race-condition-in-readahead-code +++ a/fs/squashfs/file.c @@ -506,8 +506,9 @@ static int squashfs_readahead_fragment(s squashfs_i(inode)->fragment_size); struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info; unsigned int n, mask = (1 << (msblk->block_log - PAGE_SHIFT)) - 1; + int error = buffer->error;
- if (buffer->error) + if (error) goto out;
expected += squashfs_i(inode)->fragment_offset; @@ -529,7 +530,7 @@ static int squashfs_readahead_fragment(s
out: squashfs_cache_put(buffer); - return buffer->error; + return error; }
static void squashfs_readahead(struct readahead_control *ractl) _
Patches currently in -mm which might be from phillip@squashfs.org.uk are
On 28. 10. 2022. 23:07, Andrew Morton wrote:
The quilt patch titled Subject: squashfs: fix buffer release race condition in readahead code has been removed from the -mm tree. Its filename was squashfs-fix-buffer-release-race-condition-in-readahead-code.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
From: Phillip Lougher phillip@squashfs.org.uk Subject: squashfs: fix buffer release race condition in readahead code Date: Thu, 20 Oct 2022 23:36:16 +0100
Fix a buffer release race condition, where the error value was used after release.
Link: https://lkml.kernel.org/r/20221020223616.7571-4-phillip@squashfs.org.uk Fixes: b09a7a036d20 ("squashfs: support reading fragments in readahead call") Signed-off-by: Phillip Lougher phillip@squashfs.org.uk Tested-by: Bagas Sanjaya bagasdotme@gmail.com Reported-by: Marc Miltenberger marcmiltenberger@gmail.com Cc: Dimitri John Ledkov dimitri.ledkov@canonical.com Cc: Hsin-Yi Wang hsinyi@chromium.org Cc: Mirsad Goran Todorovac mirsad.todorovac@alu.unizg.hr Cc: Slade Watkins srw@sladewatkins.net Cc: Thorsten Leemhuis regressions@leemhuis.info Cc: stable@vger.kernel.org Signed-off-by: Andrew Morton akpm@linux-foundation.org
Dear Mr. Andrew Morton,
For correctness sake, as you can witness yourself from the archive, it is Mirsad Goran Todorovac mirsad.todorovac@alu.unizg.hr, who was the initial reporter of the bug.
Reference: https://lore.kernel.org/all/2f0ddb46-d197-558d-4be7-d40506e0a64f@alu.unizg.h...
Mr. Miltenberger's credit is also important, for he was the first person to reproduce the bug.
Actually, the LKML archives already represent the correct state, however someone might want to reproduce additional hypothetical errors in this segment of code, and probably correct the person(s) who helped bisect the bug.
I am looking forward to your reply.
The first patch in the series has correct references:
From: Phillip Lougherphillip@squashfs.org.uk Subject: squashfs: fix read regression introduced in readahead code Date: Thu, 20 Oct 2022 23:36:14 +0100
[...]
Link:https://lkml.kernel.org/r/20221020223616.7571-1-phillip@squashfs.org.uk Link:https://lkml.kernel.org/r/20221020223616.7571-2-phillip@squashfs.org.uk Fixes: 8fc78b6fe24c ("squashfs: implement readahead") Link:https://lore.kernel.org/lkml/b0c258c3-6dcf-aade-efc4-d62a8b3a1ce2@alu.unizg.... Signed-off-by: Phillip Lougherphillip@squashfs.org.uk Reported-by: Mirsad Goran Todorovacmirsad.todorovac@alu.unizg.hr Tested-by: Mirsad Goran Todorovacmirsad.todorovac@alu.unizg.hr Tested-by: Slade Watkinssrw@sladewatkins.net Tested-by: Bagas Sanjayabagasdotme@gmail.com Reported-by: Marc Miltenbergermarcmiltenberger@gmail.com Cc: Dimitri John Ledkovdimitri.ledkov@canonical.com Cc: Hsin-Yi Wanghsinyi@chromium.org Cc: Thorsten Leemhuisregressions@leemhuis.info Cc:stable@vger.kernel.org Signed-off-by: Andrew Mortonakpm@linux-foundation.org
Thank you very much. Mirsad
--- a/fs/squashfs/file.c~squashfs-fix-buffer-release-race-condition-in-readahead-code +++ a/fs/squashfs/file.c @@ -506,8 +506,9 @@ static int squashfs_readahead_fragment(s squashfs_i(inode)->fragment_size); struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info; unsigned int n, mask = (1 << (msblk->block_log - PAGE_SHIFT)) - 1;
- int error = buffer->error;
- if (buffer->error)
- if (error) goto out;
expected += squashfs_i(inode)->fragment_offset; @@ -529,7 +530,7 @@ static int squashfs_readahead_fragment(s out: squashfs_cache_put(buffer);
- return buffer->error;
- return error; }
static void squashfs_readahead(struct readahead_control *ractl) _
Patches currently in -mm which might be from phillip@squashfs.org.uk are
-- Mirsad Goran Todorovac Sistem inženjer Grafički fakultet | Akademija likovnih umjetnosti Sveučilište u Zagrebu
linux-stable-mirror@lists.linaro.org
-
Andrew Morton -
Mirsad Goran Todorovac