Commit f63c8e2d authored by Matthew Wilcox (Oracle)'s avatar Matthew Wilcox (Oracle) Committed by Yu Liao
Browse files

nilfs2: return the mapped address from nilfs_get_page() 

stable inclusion
from stable-v6.6.35
commit 8394dce135733329c143097351e1893ade6a69cd
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IA8AIS
CVE: CVE-2024-39469

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8394dce135733329c143097351e1893ade6a69cd

--------------------------------

[ Upstream commit 09a46acb3697e50548bb265afa1d79163659dd85 ]

In prepartion for switching from kmap() to kmap_local(), return the kmap
address from nilfs_get_page() instead of having the caller look up
page_address().

[konishi.ryusuke: fixed a missing blank line after declaration]
Link: https://lkml.kernel.org/r/20231127143036.2425-7-konishi.ryusuke@gmail.com


Signed-off-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: default avatarRyusuke Konishi <konishi.ryusuke@gmail.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Stable-dep-of: 7373a51e7998 ("nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors")
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Conflicts:
	fs/nilfs2/dir.c
[79ea6556(nilfs2: Remove check for PageError is not
applied) not merged, which lead to the conflict]
Signed-off-by: default avatarYu Liao <liaoyu15@huawei.com>
parent 7e550774

fs/nilfs2/dir.c

+27 −30
Original line number Diff line number Diff line
@@ -186,19 +186,24 @@ static bool nilfs_check_page(struct page *page) 
	return false;

}



static struct page *nilfs_get_page(struct inode *dir, unsigned long n)

static void *nilfs_get_page(struct inode *dir, unsigned long n,

		struct page **pagep)

{

	struct address_space *mapping = dir->i_mapping;

	struct page *page = read_mapping_page(mapping, n, NULL);

	void *kaddr;



	if (IS_ERR(page))

		return page;



	if (!IS_ERR(page)) {

		kmap(page);

	kaddr = kmap(page);

	if (unlikely(!PageChecked(page))) {

		if (PageError(page) || !nilfs_check_page(page))

			goto fail;

	}

	}

	return page;



	*pagep = page;

	return kaddr;



fail:

	nilfs_put_page(page);
@@ -275,14 +280,14 @@ static int nilfs_readdir(struct file *file, struct dir_context *ctx) 
	for ( ; n < npages; n++, offset = 0) {

		char *kaddr, *limit;

		struct nilfs_dir_entry *de;

		struct page *page = nilfs_get_page(inode, n);

		struct page *page;



		if (IS_ERR(page)) {

		kaddr = nilfs_get_page(inode, n, &page);

		if (IS_ERR(kaddr)) {

			nilfs_error(sb, "bad page in #%lu", inode->i_ino);

			ctx->pos += PAGE_SIZE - offset;

			return -EIO;

		}

		kaddr = page_address(page);

		de = (struct nilfs_dir_entry *)(kaddr + offset);

		limit = kaddr + nilfs_last_byte(inode, n) -

			NILFS_DIR_REC_LEN(1);
@@ -345,11 +350,9 @@ nilfs_find_entry(struct inode *dir, const struct qstr *qstr, 
		start = 0;

	n = start;

	do {

		char *kaddr;

		char *kaddr = nilfs_get_page(dir, n, &page);



		page = nilfs_get_page(dir, n);

		if (!IS_ERR(page)) {

			kaddr = page_address(page);

		if (!IS_ERR(kaddr)) {

			de = (struct nilfs_dir_entry *)kaddr;

			kaddr += nilfs_last_byte(dir, n) - reclen;

			while ((char *) de <= kaddr) {
@@ -387,15 +390,11 @@ nilfs_find_entry(struct inode *dir, const struct qstr *qstr, 


struct nilfs_dir_entry *nilfs_dotdot(struct inode *dir, struct page **p)

{

	struct page *page = nilfs_get_page(dir, 0);

	struct nilfs_dir_entry *de = NULL;

	struct nilfs_dir_entry *de = nilfs_get_page(dir, 0, p);



	if (!IS_ERR(page)) {

		de = nilfs_next_entry(

			(struct nilfs_dir_entry *)page_address(page));

		*p = page;

	}

	return de;

	if (IS_ERR(de))

		return NULL;

	return nilfs_next_entry(de);

}



ino_t nilfs_inode_by_name(struct inode *dir, const struct qstr *qstr)
@@ -459,12 +458,11 @@ int nilfs_add_link(struct dentry *dentry, struct inode *inode) 
	for (n = 0; n <= npages; n++) {

		char *dir_end;



		page = nilfs_get_page(dir, n);

		err = PTR_ERR(page);

		if (IS_ERR(page))

		kaddr = nilfs_get_page(dir, n, &page);

		err = PTR_ERR(kaddr);

		if (IS_ERR(kaddr))

			goto out;

		lock_page(page);

		kaddr = page_address(page);

		dir_end = kaddr + nilfs_last_byte(dir, n);

		de = (struct nilfs_dir_entry *)kaddr;

		kaddr += PAGE_SIZE - reclen;
@@ -627,11 +625,10 @@ int nilfs_empty_dir(struct inode *inode) 
		char *kaddr;

		struct nilfs_dir_entry *de;



		page = nilfs_get_page(inode, i);

		if (IS_ERR(page))

		kaddr = nilfs_get_page(inode, i, &page);

		if (IS_ERR(kaddr))

			continue;



		kaddr = page_address(page);

		de = (struct nilfs_dir_entry *)kaddr;

		kaddr += nilfs_last_byte(inode, i) - NILFS_DIR_REC_LEN(1);