foo

18 files changed, 85 insertions, 12 deletions

diff --git a/patches/nilfs2-fix-oob-in-nilfs_set_de_type.patch b/patches/nilfs2-fix-oob-in-nilfs_set_de_type.patch
new file mode 100644
index 000000000..f82c263ce
--- /dev/null
+++ b/patches/nilfs2-fix-oob-in-nilfs_set_de_type.patch
@@ -0,0 +1,49 @@
+From: Jeongjun Park <aha310510@gmail.com>
+Subject: nilfs2: fix OOB in nilfs_set_de_type
+Date: Tue, 16 Apr 2024 03:20:48 +0900
+
+The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is
+defined as "S_IFMT >> S_SHIFT", but the nilfs_set_de_type() function,
+which uses this array, specifies the index to read from the array in the
+same way as "(mode & S_IFMT) >> S_SHIFT".
+
+static void nilfs_set_de_type(struct nilfs_dir_entry *de, struct inode
+ *inode)
+{
+	umode_t mode = inode->i_mode;
+
+	de->file_type = nilfs_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; // oob
+}
+
+However, when the index is determined this way, an out-of-bounds (OOB)
+error occurs by referring to an index that is 1 larger than the array size
+when the condition "mode & S_IFMT == S_IFMT" is satisfied.  Therefore, a
+patch to resize the nilfs_type_by_mode array should be applied to prevent
+OOB errors.
+
+Link: https://lkml.kernel.org/r/20240415182048.7144-1-konishi.ryusuke@gmail.com
+Reported-by: syzbot+2e22057de05b9f3b30d8@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=2e22057de05b9f3b30d8
+Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations")
+Signed-off-by: Jeongjun Park <aha310510@gmail.com>
+Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+---
+
+ fs/nilfs2/dir.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nilfs2/dir.c~nilfs2-fix-oob-in-nilfs_set_de_type
++++ a/fs/nilfs2/dir.c
+@@ -240,7 +240,7 @@ nilfs_filetype_table[NILFS_FT_MAX] = {
+ 
+ #define S_SHIFT 12
+ static unsigned char
+-nilfs_type_by_mode[S_IFMT >> S_SHIFT] = {
++nilfs_type_by_mode[(S_IFMT >> S_SHIFT) + 1] = {
+ 	[S_IFREG >> S_SHIFT]	= NILFS_FT_REG_FILE,
+ 	[S_IFDIR >> S_SHIFT]	= NILFS_FT_DIR,
+ 	[S_IFCHR >> S_SHIFT]	= NILFS_FT_CHRDEV,
+_
diff --git a/patches/lib-xarray-introduce-a-new-helper-xas_get_order.patch b/patches/old/lib-xarray-introduce-a-new-helper-xas_get_order.patch
index 685fa66cd..685fa66cd 100644
--- a/patches/lib-xarray-introduce-a-new-helper-xas_get_order.patch
+++ b/patches/old/lib-xarray-introduce-a-new-helper-xas_get_order.patch
diff --git a/patches/mm-filemap-clean-up-hugetlb-exclusion-code.patch b/patches/old/mm-filemap-clean-up-hugetlb-exclusion-code.patch
index dcb31ff3b..dcb31ff3b 100644
--- a/patches/mm-filemap-clean-up-hugetlb-exclusion-code.patch
+++ b/patches/old/mm-filemap-clean-up-hugetlb-exclusion-code.patch
diff --git a/patches/mm-filemap-optimize-filemap-folio-adding.patch b/patches/old/mm-filemap-optimize-filemap-folio-adding.patch
index 798a02c0b..798a02c0b 100644
--- a/patches/mm-filemap-optimize-filemap-folio-adding.patch
+++ b/patches/old/mm-filemap-optimize-filemap-folio-adding.patch
diff --git a/patches/mm-filemap-return-early-if-failed-to-allocate-memory-for-split.patch b/patches/old/mm-filemap-return-early-if-failed-to-allocate-memory-for-split.patch
index c438b42b1..c438b42b1 100644
--- a/patches/mm-filemap-return-early-if-failed-to-allocate-memory-for-split.patch
+++ b/patches/old/mm-filemap-return-early-if-failed-to-allocate-memory-for-split.patch
diff --git a/pc/devel-series b/pc/devel-series
index f9c7ca01f..51e73808b 100644
--- a/pc/devel-series
+++ b/pc/devel-series
@@ -103,6 +103,8 @@ selftests-harness-remove-use-of-line_max-fix.patch
 #
 maintainers-update-naoya-horiguchis-email-address.patch
 #
+nilfs2-fix-oob-in-nilfs_set_de_type.patch
+#
 ### hfe
 #
 #ENDBRANCH mm-hotfixes-unstable
@@ -299,11 +301,6 @@ mm-migrate-split-source-folio-if-it-is-on-deferred-split-list-fix.patch
 mm-convert-folio_estimated_sharers-to-folio_likely_mapped_shared.patch
 mm-convert-folio_estimated_sharers-to-folio_likely_mapped_shared-fix.patch
 #
-mm-filemap-return-early-if-failed-to-allocate-memory-for-split.patch
-mm-filemap-clean-up-hugetlb-exclusion-code.patch
-#lib-xarray-introduce-a-new-helper-xas_get_order.patch: https://lkml.kernel.org/r/202404021026.f28e44bb-lkp@intel.com
-lib-xarray-introduce-a-new-helper-xas_get_order.patch
-mm-filemap-optimize-filemap-folio-adding.patch
 #
 x86-remove-unneeded-memblock_find_dma_reserve.patch
 mm-mm_initc-remove-the-useless-dma_reserve.patch
diff --git a/pc/lib-xarray-introduce-a-new-helper-xas_get_order.pc b/pc/lib-xarray-introduce-a-new-helper-xas_get_order.pc
deleted file mode 100644
index cff8b6a9c..000000000
--- a/pc/lib-xarray-introduce-a-new-helper-xas_get_order.pc
+++ /dev/null
@@ -1,3 +0,0 @@
-include/linux/xarray.h
-lib/test_xarray.c
-lib/xarray.c
diff --git a/pc/mm-filemap-clean-up-hugetlb-exclusion-code.pc b/pc/mm-filemap-clean-up-hugetlb-exclusion-code.pc
deleted file mode 100644
index cc4355cce..000000000
--- a/pc/mm-filemap-clean-up-hugetlb-exclusion-code.pc
+++ /dev/null
@@ -1 +0,0 @@
-mm/filemap.c
diff --git a/pc/mm-filemap-optimize-filemap-folio-adding.pc b/pc/mm-filemap-optimize-filemap-folio-adding.pc
deleted file mode 100644
index 4100d61c2..000000000
--- a/pc/mm-filemap-optimize-filemap-folio-adding.pc
+++ /dev/null
@@ -1,2 +0,0 @@
-lib/test_xarray.c
-mm/filemap.c
diff --git a/pc/mm-filemap-return-early-if-failed-to-allocate-memory-for-split.pc b/pc/mm-filemap-return-early-if-failed-to-allocate-memory-for-split.pc
deleted file mode 100644
index cc4355cce..000000000
--- a/pc/mm-filemap-return-early-if-failed-to-allocate-memory-for-split.pc
+++ /dev/null
@@ -1 +0,0 @@
-mm/filemap.c
diff --git a/pc/nilfs2-fix-oob-in-nilfs_set_de_type.pc b/pc/nilfs2-fix-oob-in-nilfs_set_de_type.pc
new file mode 100644
index 000000000..3b1e7e424
--- /dev/null
+++ b/pc/nilfs2-fix-oob-in-nilfs_set_de_type.pc
@@ -0,0 +1 @@
+fs/nilfs2/dir.c
diff --git a/txt/mm-hugetlb-convert-dissolve_free_huge_pages-to-folios.txt b/txt/mm-hugetlb-convert-dissolve_free_huge_pages-to-folios.txt
index 86b3b44f8..cb826d982 100644
--- a/txt/mm-hugetlb-convert-dissolve_free_huge_pages-to-folios.txt
+++ b/txt/mm-hugetlb-convert-dissolve_free_huge_pages-to-folios.txt
@@ -9,6 +9,7 @@ directly and use page_folio() to convert the caller in mm/memory-failure.
 Link: https://lkml.kernel.org/r/20240411164756.261178-1-sidhartha.kumar@oracle.com
 Signed-off-by: Sidhartha Kumar <sidhartha.kumar@oracle.com>
 Reviewed-by: Oscar Salvador <osalvador@suse.de>
+Reviewed-by: Vishal Moola (Oracle) <vishal.moola@gmail.com>
 Cc: Jane Chu <jane.chu@oracle.com>
 Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
 Cc: Miaohe Lin <linmiaohe@huawei.com>
diff --git a/txt/mm-hugetlb-rename-dissolve_free_huge_pages-to-dissolve_free_hugetlb_folios.txt b/txt/mm-hugetlb-rename-dissolve_free_huge_pages-to-dissolve_free_hugetlb_folios.txt
index 61db81ec1..85ab42447 100644
--- a/txt/mm-hugetlb-rename-dissolve_free_huge_pages-to-dissolve_free_hugetlb_folios.txt
+++ b/txt/mm-hugetlb-rename-dissolve_free_huge_pages-to-dissolve_free_hugetlb_folios.txt
@@ -7,6 +7,7 @@ dissolve_free_hugetlb_folios() and change the comments which reference it.
 
 Link: https://lkml.kernel.org/r/20240412182139.120871-2-sidhartha.kumar@oracle.com
 Signed-off-by: Sidhartha Kumar <sidhartha.kumar@oracle.com>
+Reviewed-by: Vishal Moola (Oracle) <vishal.moola@gmail.com>
 Cc: Jane Chu <jane.chu@oracle.com>
 Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
 Cc: Miaohe Lin <linmiaohe@huawei.com>
diff --git a/txt/nilfs2-fix-oob-in-nilfs_set_de_type.txt b/txt/nilfs2-fix-oob-in-nilfs_set_de_type.txt
new file mode 100644
index 000000000..5580a4f63
--- /dev/null
+++ b/txt/nilfs2-fix-oob-in-nilfs_set_de_type.txt
@@ -0,0 +1,31 @@
+From: Jeongjun Park <aha310510@gmail.com>
+Subject: nilfs2: fix OOB in nilfs_set_de_type
+Date: Tue, 16 Apr 2024 03:20:48 +0900
+
+The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is
+defined as "S_IFMT >> S_SHIFT", but the nilfs_set_de_type() function,
+which uses this array, specifies the index to read from the array in the
+same way as "(mode & S_IFMT) >> S_SHIFT".
+
+static void nilfs_set_de_type(struct nilfs_dir_entry *de, struct inode
+ *inode)
+{
+	umode_t mode = inode->i_mode;
+
+	de->file_type = nilfs_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; // oob
+}
+
+However, when the index is determined this way, an out-of-bounds (OOB)
+error occurs by referring to an index that is 1 larger than the array size
+when the condition "mode & S_IFMT == S_IFMT" is satisfied.  Therefore, a
+patch to resize the nilfs_type_by_mode array should be applied to prevent
+OOB errors.
+
+Link: https://lkml.kernel.org/r/20240415182048.7144-1-konishi.ryusuke@gmail.com
+Reported-by: syzbot+2e22057de05b9f3b30d8@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=2e22057de05b9f3b30d8
+Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations")
+Signed-off-by: Jeongjun Park <aha310510@gmail.com>
+Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Cc: <stable@vger.kernel.org>
diff --git a/txt/lib-xarray-introduce-a-new-helper-xas_get_order.txt b/txt/old/lib-xarray-introduce-a-new-helper-xas_get_order.txt
index 274c730dd..274c730dd 100644
--- a/txt/lib-xarray-introduce-a-new-helper-xas_get_order.txt
+++ b/txt/old/lib-xarray-introduce-a-new-helper-xas_get_order.txt
diff --git a/txt/mm-filemap-clean-up-hugetlb-exclusion-code.txt b/txt/old/mm-filemap-clean-up-hugetlb-exclusion-code.txt
index f7e45c9ce..f7e45c9ce 100644
--- a/txt/mm-filemap-clean-up-hugetlb-exclusion-code.txt
+++ b/txt/old/mm-filemap-clean-up-hugetlb-exclusion-code.txt
diff --git a/txt/mm-filemap-optimize-filemap-folio-adding.txt b/txt/old/mm-filemap-optimize-filemap-folio-adding.txt
index df93b3892..df93b3892 100644
--- a/txt/mm-filemap-optimize-filemap-folio-adding.txt
+++ b/txt/old/mm-filemap-optimize-filemap-folio-adding.txt
diff --git a/txt/mm-filemap-return-early-if-failed-to-allocate-memory-for-split.txt b/txt/old/mm-filemap-return-early-if-failed-to-allocate-memory-for-split.txt
index 72c07c9ff..72c07c9ff 100644
--- a/txt/mm-filemap-return-early-if-failed-to-allocate-memory-for-split.txt
+++ b/txt/old/mm-filemap-return-early-if-failed-to-allocate-memory-for-split.txt