Commit 1440f576 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'mm-hotfixes-stable-2022-10-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm 

Pull misc hotfixes from Andrew Morton:
 "Five hotfixes - three for nilfs2, two for MM. For are cc:stable, one
  is not"

* tag 'mm-hotfixes-stable-2022-10-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
  nilfs2: fix leak of nilfs_root in case of writer thread creation failure
  nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
  nilfs2: fix use-after-free bug of struct nilfs_root
  mm/damon/core: initialize damon_target->list in damon_new_target()
  mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
parents 676cb495 d0d51a97

fs/nilfs2/inode.c

+18 −1
Original line number Diff line number Diff line
@@ -328,6 +328,7 @@ struct inode *nilfs_new_inode(struct inode *dir, umode_t mode) 
	struct inode *inode;

	struct nilfs_inode_info *ii;

	struct nilfs_root *root;

	struct buffer_head *bh;

	int err = -ENOMEM;

	ino_t ino;
@@ -343,11 +344,25 @@ struct inode *nilfs_new_inode(struct inode *dir, umode_t mode) 
	ii->i_state = BIT(NILFS_I_NEW);

	ii->i_root = root;



	err = nilfs_ifile_create_inode(root->ifile, &ino, &ii->i_bh);

	err = nilfs_ifile_create_inode(root->ifile, &ino, &bh);

	if (unlikely(err))

		goto failed_ifile_create_inode;

	/* reference count of i_bh inherits from nilfs_mdt_read_block() */



	if (unlikely(ino < NILFS_USER_INO)) {

		nilfs_warn(sb,

			   "inode bitmap is inconsistent for reserved inodes");

		do {

			brelse(bh);

			err = nilfs_ifile_create_inode(root->ifile, &ino, &bh);

			if (unlikely(err))

				goto failed_ifile_create_inode;

		} while (ino < NILFS_USER_INO);



		nilfs_info(sb, "repaired inode bitmap for reserved inodes");

	}

	ii->i_bh = bh;



	atomic64_inc(&root->inodes_count);

	inode_init_owner(&init_user_ns, inode, dir, mode);

	inode->i_ino = ino;
@@ -440,6 +455,8 @@ int nilfs_read_inode_common(struct inode *inode, 
	inode->i_atime.tv_nsec = le32_to_cpu(raw_inode->i_mtime_nsec);

	inode->i_ctime.tv_nsec = le32_to_cpu(raw_inode->i_ctime_nsec);

	inode->i_mtime.tv_nsec = le32_to_cpu(raw_inode->i_mtime_nsec);

	if (nilfs_is_metadata_file_inode(inode) && !S_ISREG(inode->i_mode))

		return -EIO; /* this inode is for metadata and corrupted */

	if (inode->i_nlink == 0)

		return -ESTALE; /* this inode is deleted */

fs/nilfs2/segment.c

+3 −4
Original line number Diff line number Diff line
@@ -2790,10 +2790,9 @@ int nilfs_attach_log_writer(struct super_block *sb, struct nilfs_root *root) 
	inode_attach_wb(nilfs->ns_bdev->bd_inode, NULL);



	err = nilfs_segctor_start_thread(nilfs->ns_writer);

	if (err) {

		kfree(nilfs->ns_writer);

		nilfs->ns_writer = NULL;

	}

	if (unlikely(err))

		nilfs_detach_log_writer(sb);



	return err;

}

include/linux/hugetlb.h

+4 −4
Original line number Diff line number Diff line
@@ -214,8 +214,8 @@ struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address, 
struct page *follow_huge_pd(struct vm_area_struct *vma,

			    unsigned long address, hugepd_t hpd,

			    int flags, int pdshift);

struct page *follow_huge_pmd(struct mm_struct *mm, unsigned long address,

				pmd_t *pmd, int flags);

struct page *follow_huge_pmd_pte(struct vm_area_struct *vma, unsigned long address,

				 int flags);

struct page *follow_huge_pud(struct mm_struct *mm, unsigned long address,

				pud_t *pud, int flags);

struct page *follow_huge_pgd(struct mm_struct *mm, unsigned long address,
@@ -327,8 +327,8 @@ static inline struct page *follow_huge_pd(struct vm_area_struct *vma, 
	return NULL;

}



static inline struct page *follow_huge_pmd(struct mm_struct *mm,

				unsigned long address, pmd_t *pmd, int flags)

static inline struct page *follow_huge_pmd_pte(struct vm_area_struct *vma,

				unsigned long address, int flags)

{

	return NULL;

}

mm/damon/core.c

+1 −0
Original line number Diff line number Diff line
@@ -335,6 +335,7 @@ struct damon_target *damon_new_target(void) 
	t->pid = NULL;

	t->nr_regions = 0;

	INIT_LIST_HEAD(&t->regions_list);

	INIT_LIST_HEAD(&t->list);



	return t;

}

mm/gup.c

+13 −1
Original line number Diff line number Diff line
@@ -537,6 +537,18 @@ static struct page *follow_page_pte(struct vm_area_struct *vma, 
	if (WARN_ON_ONCE((flags & (FOLL_PIN | FOLL_GET)) ==

			 (FOLL_PIN | FOLL_GET)))

		return ERR_PTR(-EINVAL);



	/*

	 * Considering PTE level hugetlb, like continuous-PTE hugetlb on

	 * ARM64 architecture.

	 */

	if (is_vm_hugetlb_page(vma)) {

		page = follow_huge_pmd_pte(vma, address, flags);

		if (page)

			return page;

		return no_page_table(vma, flags);

	}



retry:

	if (unlikely(pmd_bad(*pmd)))

		return no_page_table(vma, flags);
@@ -669,7 +681,7 @@ static struct page *follow_pmd_mask(struct vm_area_struct *vma, 
	if (pmd_none(pmdval))

		return no_page_table(vma, flags);

	if (pmd_huge(pmdval) && is_vm_hugetlb_page(vma)) {

		page = follow_huge_pmd(mm, address, pmd, flags);

		page = follow_huge_pmd_pte(vma, address, flags);

		if (page)

			return page;

		return no_page_table(vma, flags);