From b13cbf9ca866890fa0fe4c02c6934f35956bff18 Mon Sep 17 00:00:00 2001
From: Andreas Gruenbacher <agruenba@redhat.com>
Date: Sat, 22 Feb 2025 03:19:30 +0000
Subject: [PATCH] gfs2: Truncate address space when flipping GFS2_DIF_JDATA
 flag

stable inclusion
from stable-v6.6.75
commit 4dd57d1f0e9844311c635a7fb39abce4f2ac5a61
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IBM4S5
CVE: CVE-2025-21699

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=4dd57d1f0e9844311c635a7fb39abce4f2ac5a61

--------------------------------

commit 7c9d9223802fbed4dee1ae301661bf346964c9d2 upstream.

Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag:
depending on that flag, the pages in the address space will either use
buffer heads or iomap_folio_state structs, and we cannot mix the two.

Reported-by: Kun Hu <huk23@m.fudan.edu.cn>, Jiaji Qin <jjtan24@m.fudan.edu.cn>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: He Yujie <coka.heyujie@huawei.com>
---
 fs/gfs2/file.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/gfs2/file.c b/fs/gfs2/file.c
index 9296e0e282bc..2adaffa58e88 100644
--- a/fs/gfs2/file.c
+++ b/fs/gfs2/file.c
@@ -251,6 +251,7 @@ static int do_gfs2_set_flags(struct inode *inode, u32 reqflags, u32 mask)
 		error = filemap_fdatawait(inode->i_mapping);
 		if (error)
 			goto out;
+		truncate_inode_pages(inode->i_mapping, 0);
 		if (new_flags & GFS2_DIF_JDATA)
 			gfs2_ordered_del_inode(ip);
 	}
-- 
Gitee