4.9-stable patches

added patches:
	btrfs-dev-replace-go-back-to-suspended-state-if-target-device-is-missing.patch
	btrfs-fix-error-handling-in-btrfs_dev_replace_start.patch
	f2fs-read-page-index-before-freeing.patch

diff --git a/queue-4.9/btrfs-dev-replace-go-back-to-suspended-state-if-target-device-is-missing.patch b/queue-4.9/btrfs-dev-replace-go-back-to-suspended-state-if-target-device-is-missing.patch
new file mode 100644 (file)
index 0000000..02c6366
--- /dev/null
+++ b/queue-4.9/btrfs-dev-replace-go-back-to-suspended-state-if-target-device-is-missing.patch
@@ -0,0 +1,40 @@
+From 0d228ece59a35a9b9e8ff0d40653234a6d90f61e Mon Sep 17 00:00:00 2001
+From: Anand Jain <anand.jain@oracle.com>
+Date: Sun, 11 Nov 2018 22:22:17 +0800
+Subject: btrfs: dev-replace: go back to suspended state if target device is missing
+
+From: Anand Jain <anand.jain@oracle.com>
+
+commit 0d228ece59a35a9b9e8ff0d40653234a6d90f61e upstream.
+
+At the time of forced unmount we place the running replace to
+BTRFS_IOCTL_DEV_REPLACE_STATE_SUSPENDED state, so when the system comes
+back and expect the target device is missing.
+
+Then let the replace state continue to be in
+BTRFS_IOCTL_DEV_REPLACE_STATE_SUSPENDED state instead of
+BTRFS_IOCTL_DEV_REPLACE_STATE_STARTED as there isn't any matching scrub
+running as part of replace.
+
+Fixes: e93c89c1aaaa ("Btrfs: add new sources for device replace code")
+CC: stable@vger.kernel.org # 4.4+
+Signed-off-by: Anand Jain <anand.jain@oracle.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/dev-replace.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/btrfs/dev-replace.c
++++ b/fs/btrfs/dev-replace.c
+@@ -787,6 +787,8 @@ int btrfs_resume_dev_replace_async(struc
+                          "cannot continue dev_replace, tgtdev is missing");
+               btrfs_info(fs_info,
+                          "you may cancel the operation after 'mount -o degraded'");
++              dev_replace->replace_state =
++                                      BTRFS_IOCTL_DEV_REPLACE_STATE_SUSPENDED;
+               btrfs_dev_replace_unlock(dev_replace, 1);
+               return 0;
+       }

diff --git a/queue-4.9/btrfs-fix-error-handling-in-btrfs_dev_replace_start.patch b/queue-4.9/btrfs-fix-error-handling-in-btrfs_dev_replace_start.patch
new file mode 100644 (file)
index 0000000..ee138a1
--- /dev/null
+++ b/queue-4.9/btrfs-fix-error-handling-in-btrfs_dev_replace_start.patch
@@ -0,0 +1,62 @@
+From 5c06147128fbbdf7a84232c5f0d808f53153defe Mon Sep 17 00:00:00 2001
+From: Jeff Mahoney <jeffm@suse.com>
+Date: Thu, 6 Sep 2018 15:52:17 -0400
+Subject: btrfs: fix error handling in btrfs_dev_replace_start
+
+From: Jeff Mahoney <jeffm@suse.com>
+
+commit 5c06147128fbbdf7a84232c5f0d808f53153defe upstream.
+
+When we fail to start a transaction in btrfs_dev_replace_start, we leave
+dev_replace->replace_start set to STARTED but clear ->srcdev and
+->tgtdev.  Later, that can result in an Oops in
+btrfs_dev_replace_progress when having state set to STARTED or SUSPENDED
+implies that ->srcdev is valid.
+
+Also fix error handling when the state is already STARTED or SUSPENDED
+while starting.  That, too, will clear ->srcdev and ->tgtdev even though
+it doesn't own them.  This should be an impossible case to hit since we
+should be protected by the BTRFS_FS_EXCL_OP bit being set.  Let's add an
+ASSERT there while we're at it.
+
+Fixes: e93c89c1aaaaa (Btrfs: add new sources for device replace code)
+CC: stable@vger.kernel.org # 4.4+
+Signed-off-by: Jeff Mahoney <jeffm@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/dev-replace.c |    7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/fs/btrfs/dev-replace.c
++++ b/fs/btrfs/dev-replace.c
+@@ -350,6 +350,7 @@ int btrfs_dev_replace_start(struct btrfs
+               break;
+       case BTRFS_IOCTL_DEV_REPLACE_STATE_STARTED:
+       case BTRFS_IOCTL_DEV_REPLACE_STATE_SUSPENDED:
++              ASSERT(0);
+               ret = BTRFS_IOCTL_DEV_REPLACE_RESULT_ALREADY_STARTED;
+               goto leave;
+       }
+@@ -394,6 +395,10 @@ int btrfs_dev_replace_start(struct btrfs
+       if (IS_ERR(trans)) {
+               ret = PTR_ERR(trans);
+               btrfs_dev_replace_lock(dev_replace, 1);
++              dev_replace->replace_state =
++                      BTRFS_IOCTL_DEV_REPLACE_STATE_NEVER_STARTED;
++              dev_replace->srcdev = NULL;
++              dev_replace->tgtdev = NULL;
+               goto leave;
+       }
+ 
+@@ -415,8 +420,6 @@ int btrfs_dev_replace_start(struct btrfs
+       return ret;
+ 
+ leave:
+-      dev_replace->srcdev = NULL;
+-      dev_replace->tgtdev = NULL;
+       btrfs_dev_replace_unlock(dev_replace, 1);
+       btrfs_destroy_dev_replace_tgtdev(fs_info, tgt_device);
+       return ret;

diff --git a/queue-4.9/f2fs-read-page-index-before-freeing.patch b/queue-4.9/f2fs-read-page-index-before-freeing.patch
new file mode 100644 (file)
index 0000000..977db12
--- /dev/null
+++ b/queue-4.9/f2fs-read-page-index-before-freeing.patch
@@ -0,0 +1,47 @@
+From 0ea295dd853e0879a9a30ab61f923c26be35b902 Mon Sep 17 00:00:00 2001
+From: Pan Bian <bianpan2016@163.com>
+Date: Thu, 22 Nov 2018 18:58:46 +0800
+Subject: f2fs: read page index before freeing
+
+From: Pan Bian <bianpan2016@163.com>
+
+commit 0ea295dd853e0879a9a30ab61f923c26be35b902 upstream.
+
+The function truncate_node frees the page with f2fs_put_page. However,
+the page index is read after that. So, the patch reads the index before
+freeing the page.
+
+Fixes: bf39c00a9a7f ("f2fs: drop obsolete node page when it is truncated")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Pan Bian <bianpan2016@163.com>
+Reviewed-by: Chao Yu <yuchao0@huawei.com>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/f2fs/node.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/f2fs/node.c
++++ b/fs/f2fs/node.c
+@@ -656,6 +656,7 @@ static void truncate_node(struct dnode_o
+ {
+       struct f2fs_sb_info *sbi = F2FS_I_SB(dn->inode);
+       struct node_info ni;
++      pgoff_t index;
+ 
+       get_node_info(sbi, dn->nid, &ni);
+       if (dn->inode->i_blocks == 0) {
+@@ -678,10 +679,11 @@ invalidate:
+       clear_node_page_dirty(dn->node_page);
+       set_sbi_flag(sbi, SBI_IS_DIRTY);
+ 
++      index = dn->node_page->index;
+       f2fs_put_page(dn->node_page, 1);
+ 
+       invalidate_mapping_pages(NODE_MAPPING(sbi),
+-                      dn->node_page->index, dn->node_page->index);
++                      index, index);
+ 
+       dn->node_page = NULL;
+       trace_f2fs_truncate_node(dn->inode, dn->nid, ni.blk_addr);

diff --git a/queue-4.9/series b/queue-4.9/series
index 13a7abb2a0bd1dd9b646cbd1a5f23bc849c99411..d99cae05017189afa08456b79edd56bad1e7b162 100644 (file)
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -39,3 +39,6 @@ irqchip-gic-v3-its-align-pci-multi-msi-allocation-on-their-size.patch
 s390-smp-fix-calling-smp_call_ipl_cpu-from-ipl-cpu.patch
 nvmet-rdma-add-unlikely-for-response-allocated-check.patch
 nvmet-rdma-fix-null-dereference-under-heavy-load.patch
+f2fs-read-page-index-before-freeing.patch
+btrfs-fix-error-handling-in-btrfs_dev_replace_start.patch
+btrfs-dev-replace-go-back-to-suspended-state-if-target-device-is-missing.patch