Hi Christian,
Here are some more miscellaneous fixes for netfslib, found by Sashiko.dev's
AI review[1] in response to the previous miscellaneous fix posting[2], plus
a repeat of another patch you haven't picked up yet:
(1) Fix an early put of the sink page used in netfs_read_gaps(), before
the request has completed.
(2) Fix request leak in netfs_write_begin() error handling.
(3) Fix a potential UAF in netfs_unlock_abandoned_read_pages() due to
trying to check index of each folio we're abandoning to see if that
folio is actually owned by the caller (in which case, we're not
actually allowed to dereference it).
(4) Fix a potentially uninitialised error value in
netfs_extract_user_iter().
(5) Fix incorrect adjustment of dirty region when partially invalidating a
streaming write folio.
(6) Fix the trace displayed by the total overwrite of a streaming-write
folio.
(7) Fix the handling of folio->private in netfs_perform_write() and the
attached netfs_folio and/or group when a streaming write folio is
modified.
(8) Fix the handling of a group attached to the netfs_folio attached to
folio->private when netfs_read_gaps() fills out the folio.
(9) Fix the potential for 64-bit tearing on a 32-bit machine when reading
netfs_inode->remote_i_size and ->zero_point by using much the same
mechanism as is used for ->i_size.
(10) Fix a comment about avoiding streaming write on O_RDWR files as that
bit of code is removed in vfs.fixes. This could be folded down, but
makes no change of behaviour.
(11) Fix netfs_read_folio() to wait on writeback first (it holds the folio
lock) otherwise we aren't allowed to look at the netfs_folio struct as
that could be modified at any time by the writeback collector.
These are applied on top of your vfs.fixes branch. Patch 6 fixes a commit
in vfs.fixes, but would need moving before that patch rather than simply
folding down - and as it just changes the trace output, it's probably not
worth moving. Patch 8 fixes a bug in one of the commits in vfs.fixes.
Patch 10 just tidies up a comment in one of the vfs.fixes commits.
The patches can also be found here:
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=netfs-fixes
Thanks,
David
[1] https://sashiko.dev/#/patchset/20260414082004.3756080-1-dhowells%40redhat.com
[2] https://lore.kernel.org/r/20260414082004.3756080-1-dhowells@redhat.com/
David Howells (11):
netfs: Fix early put of sink folio in netfs_read_gaps()
netfs: Fix leak of request in netfs_write_begin() error handling
netfs: Fix potential UAF in netfs_unlock_abandoned_read_pages()
netfs: Fix potential uninitialised var in netfs_extract_user_iter()
netfs: Fix partial invalidation of streaming-write folio
netfs: Fix the trace displayed for the total overwrite of a streamed
write
netfs: Fix folio->private handling in netfs_perform_write()
netfs: Fix group handling in netfs_read_gaps()
netfs: Fix potential for tearing in ->remote_i_size and ->zero_point
netfs: Fix comment about write-streaming avoidance
netfs: Fix netfs_read_folio() to wait on writeback
fs/9p/vfs_inode.c | 2 +-
fs/9p/vfs_inode_dotl.c | 4 +-
fs/afs/inode.c | 8 +-
fs/afs/write.c | 2 +-
fs/netfs/buffered_read.c | 25 +--
fs/netfs/buffered_write.c | 100 +++++++-----
fs/netfs/direct_write.c | 4 +-
fs/netfs/iterator.c | 2 +-
fs/netfs/misc.c | 15 +-
fs/netfs/read_collect.c | 2 +-
fs/netfs/read_retry.c | 2 +-
fs/netfs/write_collect.c | 3 +-
fs/smb/client/cifsfs.c | 24 +--
fs/smb/client/cifssmb.c | 2 +-
fs/smb/client/file.c | 9 +-
fs/smb/client/inode.c | 9 +-
fs/smb/client/readdir.c | 3 +-
fs/smb/client/smb2ops.c | 16 +-
fs/smb/client/smb2pdu.c | 2 +-
include/linux/netfs.h | 301 +++++++++++++++++++++++++++++++++--
include/trace/events/netfs.h | 3 +
21 files changed, 426 insertions(+), 112 deletions(-)