Commit 499b88de authored by Andreas Gruenbacher's avatar Andreas Gruenbacher Committed by He Yujie
Browse files

gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag 

stable inclusion
from stable-v6.6.75
commit 4dd57d1f0e9844311c635a7fb39abce4f2ac5a61
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBLWTC
CVE: CVE-2025-21699

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=4dd57d1f0e9844311c635a7fb39abce4f2ac5a61



--------------------------------

commit 7c9d9223802fbed4dee1ae301661bf346964c9d2 upstream.

Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag:
depending on that flag, the pages in the address space will either use
buffer heads or iomap_folio_state structs, and we cannot mix the two.

Reported-by: default avatarKun Hu &lt;huk23@m.fudan.edu.cn&gt;, Jiaji Qin <jjtan24@m.fudan.edu.cn>
Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarHe Yujie <coka.heyujie@huawei.com>
parent 97a32f07

fs/gfs2/file.c

+1 −0
Original line number Diff line number Diff line
@@ -251,6 +251,7 @@ static int do_gfs2_set_flags(struct inode *inode, u32 reqflags, u32 mask) 
		error = filemap_fdatawait(inode->i_mapping);

		if (error)

			goto out;

		truncate_inode_pages(inode->i_mapping, 0);

		if (new_flags & GFS2_DIF_JDATA)

			gfs2_ordered_del_inode(ip);

	}