* Sasha Levin sashal@kernel.org:

This is a note to let you know that I've just added the patch titled

ext4: enforce buffer head state assertion in ext4_da_map_blocks

to the 5.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...

The filename of the patch is: ext4-enforce-buffer-head-state-assertion-in-ext4_da_.patch and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.

commit dd19180ca7482668952b8c51499e0676f825189b Author: Eric Whitney enwlinux@gmail.com Date: Thu Aug 19 10:49:27 2021 -0400

ext4: enforce buffer head state assertion in ext4_da_map_blocks

[ Upstream commit 948ca5f30e1df0c11eb5b0f410b9ceb97fa77ad9 ] Remove the code that re-initializes a buffer head with an invalid block number and BH_New and BH_Delay bits when a matching delayed and unwritten block has been found in the extent status cache. Replace it with assertions that verify the buffer head already has this state correctly set. The current code masked an inline data truncation bug that left stale entries in the extent status cache. With this change, generic/130 can be used to reproduce and detect that bug. Signed-off-by: Eric Whitney enwlinux@gmail.com Signed-off-by: Theodore Ts'o tytso@mit.edu Link: https://lore.kernel.org/r/20210819144927.25163-3-enwlinux@gmail.com Signed-off-by: Theodore Ts'o tytso@mit.edu Signed-off-by: Sasha Levin sashal@kernel.org

diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index dcbd8ac8d471..af594b5e4f9f 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1869,13 +1869,16 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, } /*

•  * Delayed extent could be allocated by fallocate.
  

•  * So we need to check it.
  

•  * the buffer head associated with a delayed and not unwritten
  

•  * block found in the extent status cache must contain an
  

•  * invalid block number and have its BH_New and BH_Delay bits
  

•  * set, reflecting the state assigned when the block was
  

•  * initially delayed allocated
  

  */

• if (ext4_es_is_delayed(&es) && !ext4_es_is_unwritten(&es)) {
  

• 	map_bh(bh, inode->i_sb, invalid_block);
  

• 	set_buffer_new(bh);
  

• 	set_buffer_delay(bh);
  

• if (ext4_es_is_delonly(&es)) {
  

• 	BUG_ON(bh->b_blocknr != invalid_block);
  

• 	BUG_ON(!buffer_new(bh));
  

• 	BUG_ON(!buffer_delay(bh));
  return 0;
  

  }

This patch should not be added to the stable tree, as it will be reverted in 5.15.

There have been two reports of unexpected kernel panics triggered by this code in kernels derived from 5.15-rc4, and the code will be removed for the time being until the root cause can be determined and corrected in a future release.

Thanks, Eric