--- /dev/null
+From f4bb2981024fc91b23b4d09a8817c415396dbabb Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Sun, 5 Oct 2014 22:56:00 -0400
+Subject: ext4: add ext4_iget_normal() which is to be used for dir tree lookups
+
+From: Theodore Ts'o <tytso@mit.edu>
+
+commit f4bb2981024fc91b23b4d09a8817c415396dbabb upstream.
+
+If there is a corrupted file system which has directory entries that
+point at reserved, metadata inodes, prohibit them from being used by
+treating them the same way we treat Boot Loader inodes --- that is,
+mark them to be bad inodes. This prohibits them from being opened,
+deleted, or modified via chmod, chown, utimes, etc.
+
+In particular, this prevents a corrupted file system which has a
+directory entry which points at the journal inode from being deleted
+and its blocks released, after which point Much Hilarity Ensues.
+
+Reported-by: Sami Liedes <sami.liedes@iki.fi>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/ext4.h | 1 +
+ fs/ext4/inode.c | 7 +++++++
+ fs/ext4/namei.c | 4 ++--
+ fs/ext4/super.c | 2 +-
+ 4 files changed, 11 insertions(+), 3 deletions(-)
+
+--- a/fs/ext4/ext4.h
++++ b/fs/ext4/ext4.h
+@@ -2110,6 +2110,7 @@ int do_journal_get_write_access(handle_t
+ #define CONVERT_INLINE_DATA 2
+
+ extern struct inode *ext4_iget(struct super_block *, unsigned long);
++extern struct inode *ext4_iget_normal(struct super_block *, unsigned long);
+ extern int ext4_write_inode(struct inode *, struct writeback_control *);
+ extern int ext4_setattr(struct dentry *, struct iattr *);
+ extern int ext4_getattr(struct vfsmount *mnt, struct dentry *dentry,
+--- a/fs/ext4/inode.c
++++ b/fs/ext4/inode.c
+@@ -4250,6 +4250,13 @@ bad_inode:
+ return ERR_PTR(ret);
+ }
+
++struct inode *ext4_iget_normal(struct super_block *sb, unsigned long ino)
++{
++ if (ino < EXT4_FIRST_INO(sb) && ino != EXT4_ROOT_INO)
++ return ERR_PTR(-EIO);
++ return ext4_iget(sb, ino);
++}
++
+ static int ext4_inode_blocks_set(handle_t *handle,
+ struct ext4_inode *raw_inode,
+ struct ext4_inode_info *ei)
+--- a/fs/ext4/namei.c
++++ b/fs/ext4/namei.c
+@@ -1429,7 +1429,7 @@ static struct dentry *ext4_lookup(struct
+ dentry);
+ return ERR_PTR(-EIO);
+ }
+- inode = ext4_iget(dir->i_sb, ino);
++ inode = ext4_iget_normal(dir->i_sb, ino);
+ if (inode == ERR_PTR(-ESTALE)) {
+ EXT4_ERROR_INODE(dir,
+ "deleted inode referenced: %u",
+@@ -1460,7 +1460,7 @@ struct dentry *ext4_get_parent(struct de
+ return ERR_PTR(-EIO);
+ }
+
+- return d_obtain_alias(ext4_iget(child->d_inode->i_sb, ino));
++ return d_obtain_alias(ext4_iget_normal(child->d_inode->i_sb, ino));
+ }
+
+ /*
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -996,7 +996,7 @@ static struct inode *ext4_nfs_get_inode(
+ * Currently we don't know the generation for parent directory, so
+ * a generation of 0 means "accept any"
+ */
+- inode = ext4_iget(sb, ino);
++ inode = ext4_iget_normal(sb, ino);
+ if (IS_ERR(inode))
+ return ERR_CAST(inode);
+ if (generation && inode->i_generation != generation) {
--- /dev/null
+From a0626e75954078cfacddb00a4545dde821170bc5 Mon Sep 17 00:00:00 2001
+From: "Darrick J. Wong" <darrick.wong@oracle.com>
+Date: Tue, 16 Sep 2014 14:34:59 -0400
+Subject: ext4: check EA value offset when loading
+
+From: "Darrick J. Wong" <darrick.wong@oracle.com>
+
+commit a0626e75954078cfacddb00a4545dde821170bc5 upstream.
+
+When loading extended attributes, check each entry's value offset to
+make sure it doesn't collide with the entries.
+
+Without this check it is easy to crash the kernel by mounting a
+malicious FS containing a file with an EA wherein e_value_offs = 0 and
+e_value_size > 0 and then deleting the EA, which corrupts the name
+list.
+
+(See the f_ea_value_crash test's FS image in e2fsprogs for an example.)
+
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/xattr.c | 32 ++++++++++++++++++++++++--------
+ 1 file changed, 24 insertions(+), 8 deletions(-)
+
+--- a/fs/ext4/xattr.c
++++ b/fs/ext4/xattr.c
+@@ -189,14 +189,28 @@ ext4_listxattr(struct dentry *dentry, ch
+ }
+
+ static int
+-ext4_xattr_check_names(struct ext4_xattr_entry *entry, void *end)
++ext4_xattr_check_names(struct ext4_xattr_entry *entry, void *end,
++ void *value_start)
+ {
+- while (!IS_LAST_ENTRY(entry)) {
+- struct ext4_xattr_entry *next = EXT4_XATTR_NEXT(entry);
++ struct ext4_xattr_entry *e = entry;
++
++ while (!IS_LAST_ENTRY(e)) {
++ struct ext4_xattr_entry *next = EXT4_XATTR_NEXT(e);
+ if ((void *)next >= end)
+ return -EIO;
+- entry = next;
++ e = next;
+ }
++
++ while (!IS_LAST_ENTRY(entry)) {
++ if (entry->e_value_size != 0 &&
++ (value_start + le16_to_cpu(entry->e_value_offs) <
++ (void *)e + sizeof(__u32) ||
++ value_start + le16_to_cpu(entry->e_value_offs) +
++ le32_to_cpu(entry->e_value_size) > end))
++ return -EIO;
++ entry = EXT4_XATTR_NEXT(entry);
++ }
++
+ return 0;
+ }
+
+@@ -213,7 +227,8 @@ ext4_xattr_check_block(struct inode *ino
+ return -EIO;
+ if (!ext4_xattr_block_csum_verify(inode, bh->b_blocknr, BHDR(bh)))
+ return -EIO;
+- error = ext4_xattr_check_names(BFIRST(bh), bh->b_data + bh->b_size);
++ error = ext4_xattr_check_names(BFIRST(bh), bh->b_data + bh->b_size,
++ bh->b_data);
+ if (!error)
+ set_buffer_verified(bh);
+ return error;
+@@ -329,7 +344,7 @@ ext4_xattr_ibody_get(struct inode *inode
+ header = IHDR(inode, raw_inode);
+ entry = IFIRST(header);
+ end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size;
+- error = ext4_xattr_check_names(entry, end);
++ error = ext4_xattr_check_names(entry, end, entry);
+ if (error)
+ goto cleanup;
+ error = ext4_xattr_find_entry(&entry, name_index, name,
+@@ -457,7 +472,7 @@ ext4_xattr_ibody_list(struct dentry *den
+ raw_inode = ext4_raw_inode(&iloc);
+ header = IHDR(inode, raw_inode);
+ end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size;
+- error = ext4_xattr_check_names(IFIRST(header), end);
++ error = ext4_xattr_check_names(IFIRST(header), end, IFIRST(header));
+ if (error)
+ goto cleanup;
+ error = ext4_xattr_list_entries(dentry, IFIRST(header),
+@@ -972,7 +987,8 @@ int ext4_xattr_ibody_find(struct inode *
+ is->s.here = is->s.first;
+ is->s.end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size;
+ if (ext4_test_inode_state(inode, EXT4_STATE_XATTR)) {
+- error = ext4_xattr_check_names(IFIRST(header), is->s.end);
++ error = ext4_xattr_check_names(IFIRST(header), is->s.end,
++ IFIRST(header));
+ if (error)
+ return error;
+ /* Find the named attribute. */
--- /dev/null
+From 813d32f91333e4c33d5a19b67167c4bae42dae75 Mon Sep 17 00:00:00 2001
+From: "Darrick J. Wong" <darrick.wong@oracle.com>
+Date: Tue, 14 Oct 2014 02:35:49 -0400
+Subject: ext4: check s_chksum_driver when looking for bg csum presence
+
+From: "Darrick J. Wong" <darrick.wong@oracle.com>
+
+commit 813d32f91333e4c33d5a19b67167c4bae42dae75 upstream.
+
+Convert the ext4_has_group_desc_csum predicate to look for a checksum
+driver instead of the metadata_csum flag and change the bg checksum
+calculation function to look for GDT_CSUM before taking the crc16
+path.
+
+Without this patch, if we mount with ^uninit_bg,^metadata_csum and
+later metadata_csum gets turned on by accident, the block group
+checksum functions will incorrectly assume that checksumming is
+enabled (metadata_csum) but that crc16 should be used
+(!s_chksum_driver). This is totally wrong, so fix the predicate
+and the checksum formula selection.
+
+(Granted, if the metadata_csum feature bit gets enabled on a live FS
+then something underhanded is going on, but we could at least avoid
+writing garbage into the on-disk fields.)
+
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Reviewed-by: Dmitry Monakhov <dmonakhov@openvz.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/ext4.h | 4 ++--
+ fs/ext4/super.c | 4 ++++
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+--- a/fs/ext4/ext4.h
++++ b/fs/ext4/ext4.h
+@@ -2341,8 +2341,8 @@ extern int ext4_register_li_request(stru
+ static inline int ext4_has_group_desc_csum(struct super_block *sb)
+ {
+ return EXT4_HAS_RO_COMPAT_FEATURE(sb,
+- EXT4_FEATURE_RO_COMPAT_GDT_CSUM |
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM);
++ EXT4_FEATURE_RO_COMPAT_GDT_CSUM) ||
++ (EXT4_SB(sb)->s_chksum_driver != NULL);
+ }
+
+ static inline int ext4_has_metadata_csum(struct super_block *sb)
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -2019,6 +2019,10 @@ static __le16 ext4_group_desc_csum(struc
+ }
+
+ /* old crc16 code */
++ if (!(sbi->s_es->s_feature_ro_compat &
++ cpu_to_le32(EXT4_FEATURE_RO_COMPAT_GDT_CSUM)))
++ return 0;
++
+ offset = offsetof(struct ext4_group_desc, bg_checksum);
+
+ crc = crc16(~0, sbi->s_es->s_uuid, sizeof(sbi->s_es->s_uuid));
--- /dev/null
+From 279bf6d390933d5353ab298fcc306c391a961469 Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Thu, 18 Sep 2014 01:12:15 -0400
+Subject: ext4: don't check quota format when there are no quota files
+
+From: Jan Kara <jack@suse.cz>
+
+commit 279bf6d390933d5353ab298fcc306c391a961469 upstream.
+
+The check whether quota format is set even though there are no
+quota files with journalled quota is pointless and it actually
+makes it impossible to turn off journalled quotas (as there's
+no way to unset journalled quota format). Just remove the check.
+
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/super.c | 7 -------
+ 1 file changed, 7 deletions(-)
+
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -1706,13 +1706,6 @@ static int parse_options(char *options,
+ "not specified");
+ return 0;
+ }
+- } else {
+- if (sbi->s_jquota_fmt) {
+- ext4_msg(sb, KERN_ERR, "journaled quota format "
+- "specified with no journaling "
+- "enabled");
+- return 0;
+- }
+ }
+ #endif
+ if (test_opt(sb, DIOREAD_NOLOCK)) {
--- /dev/null
+From 98c1a7593fa355fda7f5a5940c8bf5326ca964ba Mon Sep 17 00:00:00 2001
+From: "Darrick J. Wong" <darrick.wong@oracle.com>
+Date: Thu, 30 Oct 2014 10:53:16 -0400
+Subject: ext4: enable journal checksum when metadata checksum feature enabled
+
+From: "Darrick J. Wong" <darrick.wong@oracle.com>
+
+commit 98c1a7593fa355fda7f5a5940c8bf5326ca964ba upstream.
+
+If metadata checksumming is turned on for the FS, we need to tell the
+journal to use checksumming too.
+
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/super.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -3486,6 +3486,10 @@ static int ext4_fill_super(struct super_
+ #ifdef CONFIG_EXT4_FS_POSIX_ACL
+ set_opt(sb, POSIX_ACL);
+ #endif
++ /* don't forget to enable journal_csum when metadata_csum is enabled. */
++ if (ext4_has_metadata_csum(sb))
++ set_opt(sb, JOURNAL_CHECKSUM);
++
+ if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_DATA)
+ set_opt(sb, JOURNAL_DATA);
+ else if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_ORDERED)
--- /dev/null
+From d6320cbfc92910a3e5f10c42d98c231c98db4f60 Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Wed, 1 Oct 2014 21:49:46 -0400
+Subject: ext4: fix mmap data corruption when blocksize < pagesize
+
+From: Jan Kara <jack@suse.cz>
+
+commit d6320cbfc92910a3e5f10c42d98c231c98db4f60 upstream.
+
+Use truncate_isize_extended() when hole is being created in a file so that
+->page_mkwrite() will get called for the partial tail page if it is
+mmaped (see the first patch in the series for details).
+
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/inode.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/fs/ext4/inode.c
++++ b/fs/ext4/inode.c
+@@ -4645,8 +4645,12 @@ int ext4_setattr(struct dentry *dentry,
+ ext4_orphan_del(NULL, inode);
+ goto err_out;
+ }
+- } else
++ } else {
++ loff_t oldsize = inode->i_size;
++
+ i_size_write(inode, attr->ia_size);
++ pagecache_isize_extended(inode, oldsize, inode->i_size);
++ }
+
+ /*
+ * Blocks are going to be removed from the inode. Wait
--- /dev/null
+From 599a9b77ab289d85c2d5c8607624efbe1f552b0f Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Thu, 30 Oct 2014 10:53:16 -0400
+Subject: ext4: fix oops when loading block bitmap failed
+
+From: Jan Kara <jack@suse.cz>
+
+commit 599a9b77ab289d85c2d5c8607624efbe1f552b0f upstream.
+
+When we fail to load block bitmap in __ext4_new_inode() we will
+dereference NULL pointer in ext4_journal_get_write_access(). So check
+for error from ext4_read_block_bitmap().
+
+Coverity-id: 989065
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/ialloc.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/fs/ext4/ialloc.c
++++ b/fs/ext4/ialloc.c
+@@ -864,6 +864,10 @@ got:
+ struct buffer_head *block_bitmap_bh;
+
+ block_bitmap_bh = ext4_read_block_bitmap(sb, group);
++ if (!block_bitmap_bh) {
++ err = -EIO;
++ goto out;
++ }
+ BUFFER_TRACE(block_bitmap_bh, "get block bitmap access");
+ err = ext4_journal_get_write_access(handle, block_bitmap_bh);
+ if (err) {
--- /dev/null
+From 9378c6768e4fca48971e7b6a9075bc006eda981d Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Thu, 30 Oct 2014 10:52:57 -0400
+Subject: ext4: fix overflow when updating superblock backups after resize
+
+From: Jan Kara <jack@suse.cz>
+
+commit 9378c6768e4fca48971e7b6a9075bc006eda981d upstream.
+
+When there are no meta block groups update_backups() will compute the
+backup block in 32-bit arithmetics thus possibly overflowing the block
+number and corrupting the filesystem. OTOH filesystems without meta
+block groups larger than 16 TB should be rare. Fix the problem by doing
+the counting in 64-bit arithmetics.
+
+Coverity-id: 741252
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Reviewed-by: Lukas Czerner <lczerner@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/resize.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/ext4/resize.c
++++ b/fs/ext4/resize.c
+@@ -1071,7 +1071,7 @@ static void update_backups(struct super_
+ break;
+
+ if (meta_bg == 0)
+- backup_block = group * bpg + blk_off;
++ backup_block = ((ext4_fsblk_t)group) * bpg + blk_off;
+ else
+ backup_block = (ext4_group_first_block_no(sb, group) +
+ ext4_bg_has_super(sb, group));
--- /dev/null
+From 0ff8947fc5f700172b37cbca811a38eb9cb81e08 Mon Sep 17 00:00:00 2001
+From: Eric Sandeen <sandeen@redhat.com>
+Date: Sat, 11 Oct 2014 19:51:17 -0400
+Subject: ext4: fix reservation overflow in ext4_da_write_begin
+
+From: Eric Sandeen <sandeen@redhat.com>
+
+commit 0ff8947fc5f700172b37cbca811a38eb9cb81e08 upstream.
+
+Delalloc write journal reservations only reserve 1 credit,
+to update the inode if necessary. However, it may happen
+once in a filesystem's lifetime that a file will cross
+the 2G threshold, and require the LARGE_FILE feature to
+be set in the superblock as well, if it was not set already.
+
+This overruns the transaction reservation, and can be
+demonstrated simply on any ext4 filesystem without the LARGE_FILE
+feature already set:
+
+dd if=/dev/zero of=testfile bs=1 seek=2147483646 count=1 \
+ conv=notrunc of=testfile
+sync
+dd if=/dev/zero of=testfile bs=1 seek=2147483647 count=1 \
+ conv=notrunc of=testfile
+
+leads to:
+
+EXT4-fs: ext4_do_update_inode:4296: aborting transaction: error 28 in __ext4_handle_dirty_super
+EXT4-fs error (device loop0) in ext4_do_update_inode:4301: error 28
+EXT4-fs error (device loop0) in ext4_reserve_inode_write:4757: Readonly filesystem
+EXT4-fs error (device loop0) in ext4_dirty_inode:4876: error 28
+EXT4-fs error (device loop0) in ext4_da_write_end:2685: error 28
+
+Adjust the number of credits based on whether the flag is
+already set, and whether the current write may extend past the
+LARGE_FILE limit.
+
+Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Reviewed-by: Andreas Dilger <adilger@dilger.ca>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/inode.c | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+--- a/fs/ext4/inode.c
++++ b/fs/ext4/inode.c
+@@ -2633,6 +2633,20 @@ static int ext4_nonda_switch(struct supe
+ return 0;
+ }
+
++/* We always reserve for an inode update; the superblock could be there too */
++static int ext4_da_write_credits(struct inode *inode, loff_t pos, unsigned len)
++{
++ if (likely(EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
++ EXT4_FEATURE_RO_COMPAT_LARGE_FILE)))
++ return 1;
++
++ if (pos + len <= 0x7fffffffULL)
++ return 1;
++
++ /* We might need to update the superblock to set LARGE_FILE */
++ return 2;
++}
++
+ static int ext4_da_write_begin(struct file *file, struct address_space *mapping,
+ loff_t pos, unsigned len, unsigned flags,
+ struct page **pagep, void **fsdata)
+@@ -2683,7 +2697,8 @@ retry_grab:
+ * of file which has an already mapped buffer.
+ */
+ retry_journal:
+- handle = ext4_journal_start(inode, EXT4_HT_WRITE_PAGE, 1);
++ handle = ext4_journal_start(inode, EXT4_HT_WRITE_PAGE,
++ ext4_da_write_credits(inode, pos, len));
+ if (IS_ERR(handle)) {
+ page_cache_release(page);
+ return PTR_ERR(handle);
--- /dev/null
+From 3e67cfad22230ebed85c56cbe413876f33fea82b Mon Sep 17 00:00:00 2001
+From: Dmitry Monakhov <dmonakhov@openvz.org>
+Date: Fri, 3 Oct 2014 12:47:23 -0400
+Subject: ext4: grab missed write_count for EXT4_IOC_SWAP_BOOT
+
+From: Dmitry Monakhov <dmonakhov@openvz.org>
+
+commit 3e67cfad22230ebed85c56cbe413876f33fea82b upstream.
+
+Otherwise this provokes complain like follows:
+WARNING: CPU: 12 PID: 5795 at fs/ext4/ext4_jbd2.c:48 ext4_journal_check_start+0x4e/0xa0()
+Modules linked in: brd iTCO_wdt lpc_ich mfd_core igb ptp dm_mirror dm_region_hash dm_log dm_mod
+CPU: 12 PID: 5795 Comm: python Not tainted 3.17.0-rc2-00175-gae5344f #158
+Hardware name: Intel Corporation W2600CR/W2600CR, BIOS SE5C600.86B.99.99.x028.061320111235 06/13/2011
+ 0000000000000030 ffff8808116cfd28 ffffffff815c7dfc 0000000000000030
+ 0000000000000000 ffff8808116cfd68 ffffffff8106ce8c ffff8808116cfdc8
+ ffff880813b16000 ffff880806ad6ae8 ffffffff81202008 0000000000000000
+Call Trace:
+ [<ffffffff815c7dfc>] dump_stack+0x51/0x6d
+ [<ffffffff8106ce8c>] warn_slowpath_common+0x8c/0xc0
+ [<ffffffff81202008>] ? ext4_ioctl+0x9e8/0xeb0
+ [<ffffffff8106ceda>] warn_slowpath_null+0x1a/0x20
+ [<ffffffff8122867e>] ext4_journal_check_start+0x4e/0xa0
+ [<ffffffff81228c10>] __ext4_journal_start_sb+0x90/0x110
+ [<ffffffff81202008>] ext4_ioctl+0x9e8/0xeb0
+ [<ffffffff8107b0bd>] ? ptrace_stop+0x24d/0x2f0
+ [<ffffffff81088530>] ? alloc_pid+0x480/0x480
+ [<ffffffff8107b1f2>] ? ptrace_do_notify+0x92/0xb0
+ [<ffffffff81186545>] do_vfs_ioctl+0x4e5/0x550
+ [<ffffffff815cdbcb>] ? _raw_spin_unlock_irq+0x2b/0x40
+ [<ffffffff81186603>] SyS_ioctl+0x53/0x80
+ [<ffffffff815ce2ce>] tracesys+0xd0/0xd5
+
+Reviewed-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/ioctl.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+--- a/fs/ext4/ioctl.c
++++ b/fs/ext4/ioctl.c
+@@ -544,9 +544,17 @@ group_add_out:
+ }
+
+ case EXT4_IOC_SWAP_BOOT:
++ {
++ int err;
+ if (!(filp->f_mode & FMODE_WRITE))
+ return -EBADF;
+- return swap_inode_boot_loader(sb, inode);
++ err = mnt_want_write_file(filp);
++ if (err)
++ return err;
++ err = swap_inode_boot_loader(sb, inode);
++ mnt_drop_write_file(filp);
++ return err;
++ }
+
+ case EXT4_IOC_RESIZE_FS: {
+ ext4_fsblk_t n_blocks_count;
--- /dev/null
+From 9aa5d32ba269bec0e7eaba2697a986a7b0bc8528 Mon Sep 17 00:00:00 2001
+From: Dmitry Monakhov <dmonakhov@openvz.org>
+Date: Mon, 13 Oct 2014 03:36:16 -0400
+Subject: ext4: Replace open coded mdata csum feature to helper function
+
+From: Dmitry Monakhov <dmonakhov@openvz.org>
+
+commit 9aa5d32ba269bec0e7eaba2697a986a7b0bc8528 upstream.
+
+Besides the fact that this replacement improves code readability
+it also protects from errors caused direct EXT4_S(sb)->s_es manipulation
+which may result attempt to use uninitialized csum machinery.
+
+#Testcase_BEGIN
+IMG=/dev/ram0
+MNT=/mnt
+mkfs.ext4 $IMG
+mount $IMG $MNT
+#Enable feature directly on disk, on mounted fs
+tune2fs -O metadata_csum $IMG
+# Provoke metadata update, likey result in OOPS
+touch $MNT/test
+umount $MNT
+#Testcase_END
+
+# Replacement script
+@@
+expression E;
+@@
+- EXT4_HAS_RO_COMPAT_FEATURE(E, EXT4_FEATURE_RO_COMPAT_METADATA_CSUM)
++ ext4_has_metadata_csum(E)
+
+https://bugzilla.kernel.org/show_bug.cgi?id=82201
+
+Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/bitmap.c | 12 ++++--------
+ fs/ext4/ext4.h | 8 ++++++++
+ fs/ext4/extents.c | 6 ++----
+ fs/ext4/ialloc.c | 3 +--
+ fs/ext4/inline.c | 3 +--
+ fs/ext4/inode.c | 9 +++------
+ fs/ext4/ioctl.c | 3 +--
+ fs/ext4/mmp.c | 6 ++----
+ fs/ext4/namei.c | 39 +++++++++++++--------------------------
+ fs/ext4/resize.c | 3 +--
+ fs/ext4/super.c | 15 +++++----------
+ fs/ext4/xattr.c | 6 ++----
+ 12 files changed, 43 insertions(+), 70 deletions(-)
+
+--- a/fs/ext4/bitmap.c
++++ b/fs/ext4/bitmap.c
+@@ -24,8 +24,7 @@ int ext4_inode_bitmap_csum_verify(struct
+ __u32 provided, calculated;
+ struct ext4_sb_info *sbi = EXT4_SB(sb);
+
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (!ext4_has_metadata_csum(sb))
+ return 1;
+
+ provided = le16_to_cpu(gdp->bg_inode_bitmap_csum_lo);
+@@ -46,8 +45,7 @@ void ext4_inode_bitmap_csum_set(struct s
+ __u32 csum;
+ struct ext4_sb_info *sbi = EXT4_SB(sb);
+
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (!ext4_has_metadata_csum(sb))
+ return;
+
+ csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)bh->b_data, sz);
+@@ -65,8 +63,7 @@ int ext4_block_bitmap_csum_verify(struct
+ struct ext4_sb_info *sbi = EXT4_SB(sb);
+ int sz = EXT4_CLUSTERS_PER_GROUP(sb) / 8;
+
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (!ext4_has_metadata_csum(sb))
+ return 1;
+
+ provided = le16_to_cpu(gdp->bg_block_bitmap_csum_lo);
+@@ -91,8 +88,7 @@ void ext4_block_bitmap_csum_set(struct s
+ __u32 csum;
+ struct ext4_sb_info *sbi = EXT4_SB(sb);
+
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (!ext4_has_metadata_csum(sb))
+ return;
+
+ csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)bh->b_data, sz);
+--- a/fs/ext4/ext4.h
++++ b/fs/ext4/ext4.h
+@@ -2345,6 +2345,14 @@ static inline int ext4_has_group_desc_cs
+ EXT4_FEATURE_RO_COMPAT_METADATA_CSUM);
+ }
+
++static inline int ext4_has_metadata_csum(struct super_block *sb)
++{
++ WARN_ON_ONCE(EXT4_HAS_RO_COMPAT_FEATURE(sb,
++ EXT4_FEATURE_RO_COMPAT_METADATA_CSUM) &&
++ !EXT4_SB(sb)->s_chksum_driver);
++
++ return (EXT4_SB(sb)->s_chksum_driver != NULL);
++}
+ static inline ext4_fsblk_t ext4_blocks_count(struct ext4_super_block *es)
+ {
+ return ((ext4_fsblk_t)le32_to_cpu(es->s_blocks_count_hi) << 32) |
+--- a/fs/ext4/extents.c
++++ b/fs/ext4/extents.c
+@@ -74,8 +74,7 @@ static int ext4_extent_block_csum_verify
+ {
+ struct ext4_extent_tail *et;
+
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (!ext4_has_metadata_csum(inode->i_sb))
+ return 1;
+
+ et = find_ext4_extent_tail(eh);
+@@ -89,8 +88,7 @@ static void ext4_extent_block_csum_set(s
+ {
+ struct ext4_extent_tail *et;
+
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (!ext4_has_metadata_csum(inode->i_sb))
+ return;
+
+ et = find_ext4_extent_tail(eh);
+--- a/fs/ext4/ialloc.c
++++ b/fs/ext4/ialloc.c
+@@ -988,8 +988,7 @@ got:
+ spin_unlock(&sbi->s_next_gen_lock);
+
+ /* Precompute checksum seed for inode metadata */
+- if (EXT4_HAS_RO_COMPAT_FEATURE(sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM)) {
++ if (ext4_has_metadata_csum(sb)) {
+ __u32 csum;
+ __le32 inum = cpu_to_le32(inode->i_ino);
+ __le32 gen = cpu_to_le32(inode->i_generation);
+--- a/fs/ext4/inline.c
++++ b/fs/ext4/inline.c
+@@ -1128,8 +1128,7 @@ static int ext4_finish_convert_inline_di
+ memcpy((void *)de, buf + EXT4_INLINE_DOTDOT_SIZE,
+ inline_size - EXT4_INLINE_DOTDOT_SIZE);
+
+- if (EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (ext4_has_metadata_csum(inode->i_sb))
+ csum_size = sizeof(struct ext4_dir_entry_tail);
+
+ inode->i_size = inode->i_sb->s_blocksize;
+--- a/fs/ext4/inode.c
++++ b/fs/ext4/inode.c
+@@ -83,8 +83,7 @@ static int ext4_inode_csum_verify(struct
+
+ if (EXT4_SB(inode->i_sb)->s_es->s_creator_os !=
+ cpu_to_le32(EXT4_OS_LINUX) ||
+- !EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ !ext4_has_metadata_csum(inode->i_sb))
+ return 1;
+
+ provided = le16_to_cpu(raw->i_checksum_lo);
+@@ -105,8 +104,7 @@ static void ext4_inode_csum_set(struct i
+
+ if (EXT4_SB(inode->i_sb)->s_es->s_creator_os !=
+ cpu_to_le32(EXT4_OS_LINUX) ||
+- !EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ !ext4_has_metadata_csum(inode->i_sb))
+ return;
+
+ csum = ext4_inode_csum(inode, raw, ei);
+@@ -4076,8 +4074,7 @@ struct inode *ext4_iget(struct super_blo
+ ei->i_extra_isize = 0;
+
+ /* Precompute checksum seed for inode metadata */
+- if (EXT4_HAS_RO_COMPAT_FEATURE(sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM)) {
++ if (ext4_has_metadata_csum(sb)) {
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
+ __u32 csum;
+ __le32 inum = cpu_to_le32(inode->i_ino);
+--- a/fs/ext4/ioctl.c
++++ b/fs/ext4/ioctl.c
+@@ -343,8 +343,7 @@ flags_out:
+ if (!inode_owner_or_capable(inode))
+ return -EPERM;
+
+- if (EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM)) {
++ if (ext4_has_metadata_csum(inode->i_sb)) {
+ ext4_warning(sb, "Setting inode version is not "
+ "supported with metadata_csum enabled.");
+ return -ENOTTY;
+--- a/fs/ext4/mmp.c
++++ b/fs/ext4/mmp.c
+@@ -20,8 +20,7 @@ static __le32 ext4_mmp_csum(struct super
+
+ int ext4_mmp_csum_verify(struct super_block *sb, struct mmp_struct *mmp)
+ {
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (!ext4_has_metadata_csum(sb))
+ return 1;
+
+ return mmp->mmp_checksum == ext4_mmp_csum(sb, mmp);
+@@ -29,8 +28,7 @@ int ext4_mmp_csum_verify(struct super_bl
+
+ void ext4_mmp_csum_set(struct super_block *sb, struct mmp_struct *mmp)
+ {
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (!ext4_has_metadata_csum(sb))
+ return;
+
+ mmp->mmp_checksum = ext4_mmp_csum(sb, mmp);
+--- a/fs/ext4/namei.c
++++ b/fs/ext4/namei.c
+@@ -123,8 +123,7 @@ static struct buffer_head *__ext4_read_d
+ "directory leaf block found instead of index block");
+ return ERR_PTR(-EIO);
+ }
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM) ||
++ if (!ext4_has_metadata_csum(inode->i_sb) ||
+ buffer_verified(bh))
+ return bh;
+
+@@ -339,8 +338,7 @@ int ext4_dirent_csum_verify(struct inode
+ {
+ struct ext4_dir_entry_tail *t;
+
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (!ext4_has_metadata_csum(inode->i_sb))
+ return 1;
+
+ t = get_dirent_tail(inode, dirent);
+@@ -361,8 +359,7 @@ static void ext4_dirent_csum_set(struct
+ {
+ struct ext4_dir_entry_tail *t;
+
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (!ext4_has_metadata_csum(inode->i_sb))
+ return;
+
+ t = get_dirent_tail(inode, dirent);
+@@ -437,8 +434,7 @@ static int ext4_dx_csum_verify(struct in
+ struct dx_tail *t;
+ int count_offset, limit, count;
+
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (!ext4_has_metadata_csum(inode->i_sb))
+ return 1;
+
+ c = get_dx_countlimit(inode, dirent, &count_offset);
+@@ -467,8 +463,7 @@ static void ext4_dx_csum_set(struct inod
+ struct dx_tail *t;
+ int count_offset, limit, count;
+
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (!ext4_has_metadata_csum(inode->i_sb))
+ return;
+
+ c = get_dx_countlimit(inode, dirent, &count_offset);
+@@ -556,8 +551,7 @@ static inline unsigned dx_root_limit(str
+ unsigned entry_space = dir->i_sb->s_blocksize - EXT4_DIR_REC_LEN(1) -
+ EXT4_DIR_REC_LEN(2) - infosize;
+
+- if (EXT4_HAS_RO_COMPAT_FEATURE(dir->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (ext4_has_metadata_csum(dir->i_sb))
+ entry_space -= sizeof(struct dx_tail);
+ return entry_space / sizeof(struct dx_entry);
+ }
+@@ -566,8 +560,7 @@ static inline unsigned dx_node_limit(str
+ {
+ unsigned entry_space = dir->i_sb->s_blocksize - EXT4_DIR_REC_LEN(0);
+
+- if (EXT4_HAS_RO_COMPAT_FEATURE(dir->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (ext4_has_metadata_csum(dir->i_sb))
+ entry_space -= sizeof(struct dx_tail);
+ return entry_space / sizeof(struct dx_entry);
+ }
+@@ -1534,8 +1527,7 @@ static struct ext4_dir_entry_2 *do_split
+ int csum_size = 0;
+ int err = 0, i;
+
+- if (EXT4_HAS_RO_COMPAT_FEATURE(dir->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (ext4_has_metadata_csum(dir->i_sb))
+ csum_size = sizeof(struct ext4_dir_entry_tail);
+
+ bh2 = ext4_append(handle, dir, &newblock);
+@@ -1704,8 +1696,7 @@ static int add_dirent_to_buf(handle_t *h
+ int csum_size = 0;
+ int err;
+
+- if (EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (ext4_has_metadata_csum(inode->i_sb))
+ csum_size = sizeof(struct ext4_dir_entry_tail);
+
+ if (!de) {
+@@ -1772,8 +1763,7 @@ static int make_indexed_dir(handle_t *ha
+ struct fake_dirent *fde;
+ int csum_size = 0;
+
+- if (EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (ext4_has_metadata_csum(inode->i_sb))
+ csum_size = sizeof(struct ext4_dir_entry_tail);
+
+ blocksize = dir->i_sb->s_blocksize;
+@@ -1889,8 +1879,7 @@ static int ext4_add_entry(handle_t *hand
+ ext4_lblk_t block, blocks;
+ int csum_size = 0;
+
+- if (EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (ext4_has_metadata_csum(inode->i_sb))
+ csum_size = sizeof(struct ext4_dir_entry_tail);
+
+ sb = dir->i_sb;
+@@ -2152,8 +2141,7 @@ static int ext4_delete_entry(handle_t *h
+ return err;
+ }
+
+- if (EXT4_HAS_RO_COMPAT_FEATURE(dir->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (ext4_has_metadata_csum(dir->i_sb))
+ csum_size = sizeof(struct ext4_dir_entry_tail);
+
+ BUFFER_TRACE(bh, "get_write_access");
+@@ -2372,8 +2360,7 @@ static int ext4_init_new_dir(handle_t *h
+ int csum_size = 0;
+ int err;
+
+- if (EXT4_HAS_RO_COMPAT_FEATURE(dir->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (ext4_has_metadata_csum(dir->i_sb))
+ csum_size = sizeof(struct ext4_dir_entry_tail);
+
+ if (ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) {
+--- a/fs/ext4/resize.c
++++ b/fs/ext4/resize.c
+@@ -1200,8 +1200,7 @@ static int ext4_set_bitmap_checksums(str
+ {
+ struct buffer_head *bh;
+
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (!ext4_has_metadata_csum(sb))
+ return 0;
+
+ bh = ext4_get_bitmap(sb, group_data->inode_bitmap);
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -140,8 +140,7 @@ static __le32 ext4_superblock_csum(struc
+ int ext4_superblock_csum_verify(struct super_block *sb,
+ struct ext4_super_block *es)
+ {
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (!ext4_has_metadata_csum(sb))
+ return 1;
+
+ return es->s_checksum == ext4_superblock_csum(sb, es);
+@@ -151,8 +150,7 @@ void ext4_superblock_csum_set(struct sup
+ {
+ struct ext4_super_block *es = EXT4_SB(sb)->s_es;
+
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (!ext4_has_metadata_csum(sb))
+ return;
+
+ es->s_checksum = ext4_superblock_csum(sb, es);
+@@ -2003,8 +2001,7 @@ static __le16 ext4_group_desc_csum(struc
+ __u16 crc = 0;
+ __le32 le_group = cpu_to_le32(block_group);
+
+- if ((sbi->s_es->s_feature_ro_compat &
+- cpu_to_le32(EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))) {
++ if (ext4_has_metadata_csum(sbi->s_sb)) {
+ /* Use new metadata_csum algorithm */
+ __le16 save_csum;
+ __u32 csum32;
+@@ -3160,8 +3157,7 @@ static int set_journal_csum_feature_set(
+ int compat, incompat;
+ struct ext4_sb_info *sbi = EXT4_SB(sb);
+
+- if (EXT4_HAS_RO_COMPAT_FEATURE(sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM)) {
++ if (ext4_has_metadata_csum(sb)) {
+ /* journal checksum v3 */
+ compat = 0;
+ incompat = JBD2_FEATURE_INCOMPAT_CSUM_V3;
+@@ -3468,8 +3464,7 @@ static int ext4_fill_super(struct super_
+ }
+
+ /* Precompute checksum seed for all metadata */
+- if (EXT4_HAS_RO_COMPAT_FEATURE(sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (ext4_has_metadata_csum(sb))
+ sbi->s_csum_seed = ext4_chksum(sbi, ~0, es->s_uuid,
+ sizeof(es->s_uuid));
+
+--- a/fs/ext4/xattr.c
++++ b/fs/ext4/xattr.c
+@@ -141,8 +141,7 @@ static int ext4_xattr_block_csum_verify(
+ sector_t block_nr,
+ struct ext4_xattr_header *hdr)
+ {
+- if (EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM) &&
++ if (ext4_has_metadata_csum(inode->i_sb) &&
+ (hdr->h_checksum != ext4_xattr_block_csum(inode, block_nr, hdr)))
+ return 0;
+ return 1;
+@@ -152,8 +151,7 @@ static void ext4_xattr_block_csum_set(st
+ sector_t block_nr,
+ struct ext4_xattr_header *hdr)
+ {
+- if (!EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
++ if (!ext4_has_metadata_csum(inode->i_sb))
+ return;
+
+ hdr->h_checksum = ext4_xattr_block_csum(inode, block_nr, hdr);
--- /dev/null
+From 064d83892e9ba547f7d4eae22cbca066d95210ce Mon Sep 17 00:00:00 2001
+From: "Darrick J. Wong" <darrick.wong@oracle.com>
+Date: Tue, 16 Sep 2014 14:43:09 -0400
+Subject: jbd2: free bh when descriptor block checksum fails
+
+From: "Darrick J. Wong" <darrick.wong@oracle.com>
+
+commit 064d83892e9ba547f7d4eae22cbca066d95210ce upstream.
+
+Free the buffer head if the journal descriptor block fails checksum
+verification.
+
+This is the jbd2 port of the e2fsprogs patch "e2fsck: free bh on csum
+verify error in do_one_pass".
+
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Reviewed-by: Eric Sandeen <sandeen@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/jbd2/recovery.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/jbd2/recovery.c
++++ b/fs/jbd2/recovery.c
+@@ -525,6 +525,7 @@ static int do_one_pass(journal_t *journa
+ !jbd2_descr_block_csum_verify(journal,
+ bh->b_data)) {
+ err = -EIO;
++ brelse(bh);
+ goto failed;
+ }
+
--- /dev/null
+From c572aaf46f71f63ae5914d4e194a955e0ba1b519 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@gmail.com>
+Date: Thu, 16 Oct 2014 11:39:44 +0200
+Subject: qxl: don't create too large primary surface
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@gmail.com>
+
+commit c572aaf46f71f63ae5914d4e194a955e0ba1b519 upstream.
+
+Limit primary to qemu vgamem size, to avoid reaching
+qemu guest bug "requested primary larger than framebuffer"
+on resizing screen too large to fit.
+
+Remove unneeded and misleading variables.
+
+Related to:
+https://bugzilla.redhat.com/show_bug.cgi?id=1127552
+
+Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/qxl/qxl_display.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+--- a/drivers/gpu/drm/qxl/qxl_display.c
++++ b/drivers/gpu/drm/qxl/qxl_display.c
+@@ -523,7 +523,6 @@ static int qxl_crtc_mode_set(struct drm_
+ struct qxl_framebuffer *qfb;
+ struct qxl_bo *bo, *old_bo = NULL;
+ struct qxl_crtc *qcrtc = to_qxl_crtc(crtc);
+- uint32_t width, height, base_offset;
+ bool recreate_primary = false;
+ int ret;
+ int surf_id;
+@@ -553,9 +552,10 @@ static int qxl_crtc_mode_set(struct drm_
+ if (qcrtc->index == 0)
+ recreate_primary = true;
+
+- width = mode->hdisplay;
+- height = mode->vdisplay;
+- base_offset = 0;
++ if (bo->surf.stride * bo->surf.height > qdev->vram_size) {
++ DRM_ERROR("Mode doesn't fit in vram size (vgamem)");
++ return -EINVAL;
++ }
+
+ ret = qxl_bo_reserve(bo, false);
+ if (ret != 0)
+@@ -569,10 +569,10 @@ static int qxl_crtc_mode_set(struct drm_
+ if (recreate_primary) {
+ qxl_io_destroy_primary(qdev);
+ qxl_io_log(qdev,
+- "recreate primary: %dx%d (was %dx%d,%d,%d)\n",
+- width, height, bo->surf.width,
+- bo->surf.height, bo->surf.stride, bo->surf.format);
+- qxl_io_create_primary(qdev, base_offset, bo);
++ "recreate primary: %dx%d,%d,%d\n",
++ bo->surf.width, bo->surf.height,
++ bo->surf.stride, bo->surf.format);
++ qxl_io_create_primary(qdev, 0, bo);
+ bo->is_primary = true;
+ surf_id = 0;
+ } else {
target-fix-aptpl-metadata-handling-for-dynamic-mappedluns.patch
mips-ftrace-fix-a-micromips-build-problem.patch
mips-tlbex-properly-fix-huge-tlb-refill-exception-handler.patch
+qxl-don-t-create-too-large-primary-surface.patch
+jbd2-free-bh-when-descriptor-block-checksum-fails.patch
+ext4-check-ea-value-offset-when-loading.patch
+ext4-don-t-check-quota-format-when-there-are-no-quota-files.patch
+ext4-fix-mmap-data-corruption-when-blocksize-pagesize.patch
+ext4-grab-missed-write_count-for-ext4_ioc_swap_boot.patch
+ext4-add-ext4_iget_normal-which-is-to-be-used-for-dir-tree-lookups.patch
+ext4-fix-reservation-overflow-in-ext4_da_write_begin.patch
+ext4-replace-open-coded-mdata-csum-feature-to-helper-function.patch
+ext4-check-s_chksum_driver-when-looking-for-bg-csum-presence.patch
+ext4-fix-overflow-when-updating-superblock-backups-after-resize.patch
+ext4-enable-journal-checksum-when-metadata-checksum-feature-enabled.patch
+ext4-fix-oops-when-loading-block-bitmap-failed.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
