From 743fa9067a129dc0d861cf5efe4232b39cfc57bc Mon Sep 17 00:00:00 2001 From: Yousaf Kaukab Date: Apr 05 2023 13:56:25 +0000 Subject: Merge remote-tracking branch 'origin/users/colyli/SLE15-SP5-GA/for-next' into SLE15-SP5-GA Pull bcache fixes from Coly Li --- diff --git a/patches.suse/bcache-Revert-bcache-use-bvec_virt-2878.patch b/patches.suse/bcache-Revert-bcache-use-bvec_virt-2878.patch new file mode 100644 index 0000000..6de5379 --- /dev/null +++ b/patches.suse/bcache-Revert-bcache-use-bvec_virt-2878.patch @@ -0,0 +1,47 @@ +From 2878feaed543c35f9dbbe6d8ce36fb67ac803eef Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Wed, 3 Nov 2021 23:10:41 +0800 +Subject: [PATCH] bcache: Revert "bcache: use bvec_virt" +Git-commit: 2878feaed543c35f9dbbe6d8ce36fb67ac803eef +Patch-mainline: v5.16-rc1 +References: git-fixes, bsc#1205493 + +This reverts commit 2fd3e5efe791946be0957c8e1eed9560b541fe46. + +The above commit replaces page_address(bv->bv_page) by bvec_virt(bv) to +avoid directly access to bv->bv_page, but in situation bv->bv_offset is +not zero and page_address(bv->bv_page) is not equal to bvec_virt(bv). In +such case a memory corruption may happen because memory in next page is +tainted by following line in do_btree_node_write(), + memcpy(bvec_virt(bv), addr, PAGE_SIZE); + +This patch reverts the mentioned commit to avoid the memory corruption. + +Fixes: 2fd3e5efe791 ("bcache: use bvec_virt") +Signed-off-by: Coly Li +Cc: Christoph Hellwig +Cc: stable@vger.kernel.org # 5.15 +Signed-off-by: Christoph Hellwig +Link: https://lore.kernel.org/r/20211103151041.70516-1-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/btree.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c +index 93b67b8d31c3..88c573eeb598 100644 +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -378,7 +378,7 @@ static void do_btree_node_write(struct btree *b) + struct bvec_iter_all iter_all; + + bio_for_each_segment_all(bv, b->bio, iter_all) { +- memcpy(bvec_virt(bv), addr, PAGE_SIZE); ++ memcpy(page_address(bv->bv_page), addr, PAGE_SIZE); + addr += PAGE_SIZE; + } + +-- +2.39.2 + diff --git a/patches.suse/bcache-fix-wrong-bdev-parameter-when-calling-bio_alloc_clone-in-do_bio_hook-9dca.patch b/patches.suse/bcache-fix-wrong-bdev-parameter-when-calling-bio_alloc_clone-in-do_bio_hook-9dca.patch new file mode 100644 index 0000000..b52449d --- /dev/null +++ b/patches.suse/bcache-fix-wrong-bdev-parameter-when-calling-bio_alloc_clone-in-do_bio_hook-9dca.patch @@ -0,0 +1,46 @@ +From 9dca4168a37c9cfe182f077f0d2289292e9e3656 Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Wed, 20 Apr 2022 00:04:25 +0800 +Subject: [PATCH] bcache: fix wrong bdev parameter when calling + bio_alloc_clone() in do_bio_hook() +Git-commit: 9dca4168a37c9cfe182f077f0d2289292e9e3656 +Patch-mainline: v5.18-rc4 +References: git-fixes, bsc#1205493 + +Commit abfc426d1b2f ("block: pass a block_device to bio_clone_fast") +calls the modified bio_alloc_clone() in bcache code as: + bio_init_clone(bio->bi_bdev, bio, orig_bio, GFP_NOIO); + +But the first parameter is wrong, where bio->bi_bdev should be +orig_bio->bi_bdev. The wrong bi_bdev panics the kernel when submitting +cache bio. + +This patch fixes the wrong bdev parameter usage and avoid the panic. + +Fixes: abfc426d1b2f ("block: pass a block_device to bio_clone_fast") +Signed-off-by: Coly Li +Cc: Christoph Hellwig +Cc: Mike Snitzer +Link: https://lore.kernel.org/r/20220419160425.4148-3-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/request.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c +index fdd0194f84dd..320fcdfef48e 100644 +--- a/drivers/md/bcache/request.c ++++ b/drivers/md/bcache/request.c +@@ -685,7 +685,7 @@ static void do_bio_hook(struct search *s, + { + struct bio *bio = &s->bio.bio; + +- bio_init_clone(bio->bi_bdev, bio, orig_bio, GFP_NOIO); ++ bio_init_clone(orig_bio->bi_bdev, bio, orig_bio, GFP_NOIO); + /* + * bi_end_io can be set separately somewhere else, e.g. the + * variants in, +-- +2.39.2 + diff --git a/patches.suse/bcache-put-bch_bio_map-back-to-correct-location-in-journal_write_unlocked-ff26.patch b/patches.suse/bcache-put-bch_bio_map-back-to-correct-location-in-journal_write_unlocked-ff26.patch new file mode 100644 index 0000000..a682edb --- /dev/null +++ b/patches.suse/bcache-put-bch_bio_map-back-to-correct-location-in-journal_write_unlocked-ff26.patch @@ -0,0 +1,52 @@ +From ff2695e52c9936febf65aa36a1769881da71bec5 Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Wed, 20 Apr 2022 00:04:24 +0800 +Subject: [PATCH] bcache: put bch_bio_map() back to correct location in + journal_write_unlocked() +Git-commit: ff2695e52c9936febf65aa36a1769881da71bec5 +Patch-mainline: v5.18-rc4 +References: git-fixes, bsc#1205493 + +Commit a7c50c940477 ("block: pass a block_device and opf to bio_reset") +moves bch_bio_map() inside journal_write_unlocked() next to the location +where the modified bio_reset() was called. + +This change is wrong because calling bch_bio_map() immediately after +bio_reset(), a BUG_ON(!bio->bi_iter.bi_size) inside bch_bio_map() will +be triggered and panic the kernel. + +This patch puts bch_bio_map() back to its original correct location in +journal_write_unlocked() and avoid the BUG_ON(). + +Fixes: a7c50c940477 ("block: pass a block_device and opf to bio_reset") +Signed-off-by: Coly Li +Cc: Christoph Hellwig +Cc: Chaitanya Kulkarni +Link: https://lore.kernel.org/r/20220419160425.4148-2-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/journal.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c +index 7c2ca52ca3e4..df5347ea450b 100644 +--- a/drivers/md/bcache/journal.c ++++ b/drivers/md/bcache/journal.c +@@ -771,12 +771,12 @@ static void journal_write_unlocked(struct closure *cl) + + bio_reset(bio, ca->bdev, REQ_OP_WRITE | + REQ_SYNC | REQ_META | REQ_PREFLUSH | REQ_FUA); +- bch_bio_map(bio, w->data); + bio->bi_iter.bi_sector = PTR_OFFSET(k, i); + bio->bi_iter.bi_size = sectors << 9; + + bio->bi_end_io = journal_write_endio; + bio->bi_private = w; ++ bch_bio_map(bio, w->data); + + trace_bcache_journal_write(bio, w->data->keys); + bio_list_add(&list, bio); +-- +2.39.2 + diff --git a/series.conf b/series.conf index 12d40d7..0f3f072 100644 --- a/series.conf +++ b/series.conf @@ -11295,6 +11295,7 @@ patches.suse/ataflop-address-add_disk-error-handling-on-probe.patch patches.suse/floppy-address-add_disk-error-handling-on-probe.patch patches.suse/ataflop-Add-missing-semicolon-to-return-statement.patch + patches.suse/bcache-Revert-bcache-use-bvec_virt-2878.patch patches.suse/rpmsg-Fix-rpmsg_create_ept-return-when-RPMSG-config-.patch patches.suse/remoteproc-elf_loader-Fix-loading-segment-when-is_io.patch patches.suse/remoteproc-Fix-the-wrong-default-value-of-is_iomem.patch @@ -23396,6 +23397,8 @@ patches.suse/ext4-force-overhead-calculation-if-the-s_overhead_cl.patch patches.suse/io_uring-free-iovec-if-file-assignment-fails.patch patches.suse/io_uring-fix-leaks-on-IOPOLL-and-CQE_SKIP.patch + patches.suse/bcache-put-bch_bio_map-back-to-correct-location-in-journal_write_unlocked-ff26.patch + patches.suse/bcache-fix-wrong-bdev-parameter-when-calling-bio_alloc_clone-in-do_bio_hook-9dca.patch patches.suse/Input-omap4-keypad-fix-pm_runtime_get_sync-error-che.patch patches.suse/1576-drm-radeon-fix-logic-inversion-in-radeon_sync_resv.patch patches.suse/drm-panel-raspberrypi-touchscreen-Avoid-NULL-deref-i.patch