Changes since last update:

- Fix a kernel crash related to unaligned zstd extents - Fix metabuf reference leak in shared xattr initialization -----BEGIN PGP SIGNATURE----- iQJFBAABCgAvFiEEQ0A6bDUS9Y+83NPFUXZn5Zlu5qoFAmoN+HoRHHhpYW5nQGtl cm5lbC5vcmcACgkQUXZn5Zlu5qpChw//Y09808eXfvBFS6r6ZFctMC0dEqPUFfFG KlJlQDEHgZEW+eaUYmn8ogFrhpaNsIzlzggvWNZy4QdJhFEyHQDAWhidIo3GZZ0H HMwUbjdLhEUOU1rpNk0bEwU9hak9g75Q0GLlhMA++zVsYmvNXaR0Ul1m3sSAe4Pc y7gHSHX66CC9khNTj2oXne7QgdjX/5knPXXd/8AwsVbX6JxczR0x4YBS75DhcSIa kncJlyHtZOqY8FYLwc8f3Y6sK9mYwDVcezz7XBeEAfsLMN0wfJVPi5eQ1eSy3/zT VtxbkXycKcGbkvDcaSNUdEOIIXCOLNEqwnhd0aogtAkSOSxG8ErbmRriwMKYHMVD 0BFc3t9odG/e8a3d2IVuBgXJhrl3ouuXwv2qS2hcuOZjMXEi1CYNu0NSrTNjbUeY y32DEc1jwkYOqB49sUxLIZjdWmqO9oyx6uktGXpfYKhfnTvBKL95VV4Krpo6Uj1L GAOsz4482g7yXuDG3lv+2Q60hcN0e5/lEFi+/t/8aWOfawU1NQC+rPxtWGds7JOc CvZ4ywvGLSkvBHkLnmocbwJF5npZxcI5A6uVktcM7PPEKDelHQhXTaV5IuApy5Wd SD5trL7OT6N66HETkpAccZhnasD4gnmQO+T0VXIOMHC5MQO0CeyLxy4XlqGDFxuk pK2hll9swAs= =iLng -----END PGP SIGNATURE----- Merge tag 'erofs-for-7.1-rc5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs Pull erofs fixes from Gao Xiang: - Fix a kernel crash related to unaligned zstd extents - Fix metabuf reference leak in shared xattr initialization * tag 'erofs-for-7.1-rc5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs: erofs: fix metabuf leak in inode xattr initialization erofs: fix managed cache race for unaligned extents
2026-05-24 23:22:31 +02:00 · 2026-05-20 13:19:58 -05:00 · 2026-05-20 13:19:58 -05:00 · 8bc67e4db6
commit 8bc67e4db6
parent df685633c3 79b09c54c6
2 changed files with 9 additions and 10 deletions
--- a/fs/erofs/xattr.c
+++ b/fs/erofs/xattr.c
@ -89,13 +89,11 @@ static int erofs_init_inode_xattrs(struct inode *inode)
 	    vi->xattr_isize - sizeof(struct erofs_xattr_ibody_header)) {
 		erofs_err(sb, "invalid h_shared_count %u @ nid %llu",
 			  vi->xattr_shared_count, vi->nid);
-		erofs_put_metabuf(&buf);
 		ret = -EFSCORRUPTED;
 		goto out_unlock;
 	}
 	vi->xattr_shared_xattrs = kmalloc_objs(uint, vi->xattr_shared_count);
 	if (!vi->xattr_shared_xattrs) {
-		erofs_put_metabuf(&buf);
 		ret = -ENOMEM;
 		goto out_unlock;
 	}
@ -112,12 +110,12 @@ static int erofs_init_inode_xattrs(struct inode *inode)
 		}
 		vi->xattr_shared_xattrs[i] = le32_to_cpu(*xattr_id);
 	}
-	erofs_put_metabuf(&buf);

 	/* paired with smp_mb() at the beginning of the function. */
 	smp_mb();
 	set_bit(EROFS_I_EA_INITED_BIT, &vi->flags);
 out_unlock:
+	erofs_put_metabuf(&buf);
 	clear_and_wake_up_bit(EROFS_I_BL_XATTR_BIT, &vi->flags);
 	return ret;
 }
--- a/fs/erofs/zdata.c
+++ b/fs/erofs/zdata.c
@ -1509,8 +1509,15 @@ static void z_erofs_fill_bio_vec(struct bio_vec *bvec,
 	DBG_BUGON(z_erofs_is_shortlived_page(bvec->bv_page));

 	folio = page_folio(zbv.page);
-	/* For preallocated managed folios, add them to page cache here */
+	/*
+	 * Preallocated folios are added to the managed cache here rather than
+	 * in z_erofs_bind_cache() in order to keep these folios locked in
+	 * increasing (physical) address order.
+	 * Clear folio->private before these folios become visible to others in
+	 * the managed cache to avoid duplicate additions for unaligned extents.
+	 */
 	if (folio->private == Z_EROFS_PREALLOCATED_FOLIO) {
+		folio->private = NULL;
 		tocache = true;
 		goto out_tocache;
 	}
@ -1546,14 +1553,8 @@ static void z_erofs_fill_bio_vec(struct bio_vec *bvec,
 			}
 			return;
 		}
-		/*
-		 * Already linked with another pcluster, which only appears in
-		 * crafted images by fuzzers for now.  But handle this anyway.
-		 */
-		tocache = false;	/* use temporary short-lived pages */
 	} else {
 		DBG_BUGON(1); /* referenced managed folios can't be truncated */
-		tocache = true;
 	}
 	folio_unlock(folio);
 	folio_put(folio);