--- /dev/null
+From 1e90315149f3fe148e114a5de86f0196d1c21fa5 Mon Sep 17 00:00:00 2001
+From: Josef Bacik <josef@toxicpanda.com>
+Date: Thu, 13 Feb 2020 10:47:29 -0500
+Subject: btrfs: do not check delayed items are empty for single transaction cleanup
+
+From: Josef Bacik <josef@toxicpanda.com>
+
+commit 1e90315149f3fe148e114a5de86f0196d1c21fa5 upstream.
+
+btrfs_assert_delayed_root_empty() will check if the delayed root is
+completely empty, but this is a filesystem-wide check. On cleanup we
+may have allowed other transactions to begin, for whatever reason, and
+thus the delayed root is not empty.
+
+So remove this check from cleanup_one_transation(). This however can
+stay in btrfs_cleanup_transaction(), because it checks only after all of
+the transactions have been properly cleaned up, and thus is valid.
+
+CC: stable@vger.kernel.org # 4.4+
+Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+Reviewed-by: Nikolay Borisov <nborisov@suse.com>
+Reviewed-by: Qu Wenruo <wqu@suse.com>
+Signed-off-by: Josef Bacik <josef@toxicpanda.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/disk-io.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/fs/btrfs/disk-io.c
++++ b/fs/btrfs/disk-io.c
+@@ -4394,7 +4394,6 @@ void btrfs_cleanup_one_transaction(struc
+ wake_up(&fs_info->transaction_wait);
+
+ btrfs_destroy_delayed_inodes(fs_info);
+- btrfs_assert_delayed_root_empty(fs_info);
+
+ btrfs_destroy_marked_extents(fs_info, &cur_trans->dirty_pages,
+ EXTENT_DIRTY);
--- /dev/null
+From e75fd33b3f744f644061a4f9662bd63f5434f806 Mon Sep 17 00:00:00 2001
+From: Filipe Manana <fdmanana@suse.com>
+Date: Thu, 13 Feb 2020 12:29:50 +0000
+Subject: Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents
+
+From: Filipe Manana <fdmanana@suse.com>
+
+commit e75fd33b3f744f644061a4f9662bd63f5434f806 upstream.
+
+In btrfs_wait_ordered_range() once we find an ordered extent that has
+finished with an error we exit the loop and don't wait for any other
+ordered extents that might be still in progress.
+
+All the users of btrfs_wait_ordered_range() expect that there are no more
+ordered extents in progress after that function returns. So past fixes
+such like the ones from the two following commits:
+
+ ff612ba7849964 ("btrfs: fix panic during relocation after ENOSPC before
+ writeback happens")
+
+ 28aeeac1dd3080 ("Btrfs: fix panic when starting bg cache writeout after
+ IO error")
+
+don't work when there are multiple ordered extents in the range.
+
+Fix that by making btrfs_wait_ordered_range() wait for all ordered extents
+even after it finds one that had an error.
+
+Link: https://github.com/kdave/btrfs-progs/issues/228#issuecomment-569777554
+CC: stable@vger.kernel.org # 4.4+
+Reviewed-by: Qu Wenruo <wqu@suse.com>
+Reviewed-by: Josef Bacik <josef@toxicpanda.com>
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/ordered-data.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/fs/btrfs/ordered-data.c
++++ b/fs/btrfs/ordered-data.c
+@@ -838,10 +838,15 @@ int btrfs_wait_ordered_range(struct inod
+ }
+ btrfs_start_ordered_extent(inode, ordered, 1);
+ end = ordered->file_offset;
++ /*
++ * If the ordered extent had an error save the error but don't
++ * exit without waiting first for all other ordered extents in
++ * the range to complete.
++ */
+ if (test_bit(BTRFS_ORDERED_IOERR, &ordered->flags))
+ ret = -EIO;
+ btrfs_put_ordered_extent(ordered);
+- if (ret || end == 0 || end == start)
++ if (end == 0 || end == start)
+ break;
+ end--;
+ }
--- /dev/null
+From b778cf962d71a0e737923d55d0432f3bd287258e Mon Sep 17 00:00:00 2001
+From: Josef Bacik <josef@toxicpanda.com>
+Date: Thu, 13 Feb 2020 10:47:31 -0500
+Subject: btrfs: fix bytes_may_use underflow in prealloc error condtition
+
+From: Josef Bacik <josef@toxicpanda.com>
+
+commit b778cf962d71a0e737923d55d0432f3bd287258e upstream.
+
+I hit the following warning while running my error injection stress
+testing:
+
+ WARNING: CPU: 3 PID: 1453 at fs/btrfs/space-info.h:108 btrfs_free_reserved_data_space_noquota+0xfd/0x160 [btrfs]
+ RIP: 0010:btrfs_free_reserved_data_space_noquota+0xfd/0x160 [btrfs]
+ Call Trace:
+ btrfs_free_reserved_data_space+0x4f/0x70 [btrfs]
+ __btrfs_prealloc_file_range+0x378/0x470 [btrfs]
+ elfcorehdr_read+0x40/0x40
+ ? elfcorehdr_read+0x40/0x40
+ ? btrfs_commit_transaction+0xca/0xa50 [btrfs]
+ ? dput+0xb4/0x2a0
+ ? btrfs_log_dentry_safe+0x55/0x70 [btrfs]
+ ? btrfs_sync_file+0x30e/0x420 [btrfs]
+ ? do_fsync+0x38/0x70
+ ? __x64_sys_fdatasync+0x13/0x20
+ ? do_syscall_64+0x5b/0x1b0
+ ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
+
+This happens if we fail to insert our reserved file extent. At this
+point we've already converted our reservation from ->bytes_may_use to
+->bytes_reserved. However once we break we will attempt to free
+everything from [cur_offset, end] from ->bytes_may_use, but our extent
+reservation will overlap part of this.
+
+Fix this problem by adding ins.offset (our extent allocation size) to
+cur_offset so we remove the actual remaining part from ->bytes_may_use.
+
+I validated this fix using my inject-error.py script
+
+python inject-error.py -o should_fail_bio -t cache_save_setup -t \
+ __btrfs_prealloc_file_range \
+ -t insert_reserved_file_extent.constprop.0 \
+ -r "-5" ./run-fsstress.sh
+
+where run-fsstress.sh simply mounts and runs fsstress on a disk.
+
+CC: stable@vger.kernel.org # 4.4+
+Reviewed-by: Qu Wenruo <wqu@suse.com>
+Signed-off-by: Josef Bacik <josef@toxicpanda.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/inode.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+--- a/fs/btrfs/inode.c
++++ b/fs/btrfs/inode.c
+@@ -10639,6 +10639,7 @@ static int __btrfs_prealloc_file_range(s
+ struct btrfs_root *root = BTRFS_I(inode)->root;
+ struct btrfs_key ins;
+ u64 cur_offset = start;
++ u64 clear_offset = start;
+ u64 i_size;
+ u64 cur_bytes;
+ u64 last_alloc = (u64)-1;
+@@ -10673,6 +10674,15 @@ static int __btrfs_prealloc_file_range(s
+ btrfs_end_transaction(trans);
+ break;
+ }
++
++ /*
++ * We've reserved this space, and thus converted it from
++ * ->bytes_may_use to ->bytes_reserved. Any error that happens
++ * from here on out we will only need to clear our reservation
++ * for the remaining unreserved area, so advance our
++ * clear_offset by our extent size.
++ */
++ clear_offset += ins.offset;
+ btrfs_dec_block_group_reservations(fs_info, ins.objectid);
+
+ last_alloc = ins.offset;
+@@ -10753,9 +10763,9 @@ next:
+ if (own_trans)
+ btrfs_end_transaction(trans);
+ }
+- if (cur_offset < end)
+- btrfs_free_reserved_data_space(inode, NULL, cur_offset,
+- end - cur_offset + 1);
++ if (clear_offset < end)
++ btrfs_free_reserved_data_space(inode, NULL, clear_offset,
++ end - clear_offset + 1);
+ return ret;
+ }
+
--- /dev/null
+From 23520b2def95205f132e167cf5b25c609975e959 Mon Sep 17 00:00:00 2001
+From: Miaohe Lin <linmiaohe@huawei.com>
+Date: Fri, 21 Feb 2020 22:04:46 +0800
+Subject: KVM: apic: avoid calculating pending eoi from an uninitialized val
+
+From: Miaohe Lin <linmiaohe@huawei.com>
+
+commit 23520b2def95205f132e167cf5b25c609975e959 upstream.
+
+When pv_eoi_get_user() fails, 'val' may remain uninitialized and the return
+value of pv_eoi_get_pending() becomes random. Fix the issue by initializing
+the variable.
+
+Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/lapic.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/lapic.c
++++ b/arch/x86/kvm/lapic.c
+@@ -566,9 +566,11 @@ static inline bool pv_eoi_enabled(struct
+ static bool pv_eoi_get_pending(struct kvm_vcpu *vcpu)
+ {
+ u8 val;
+- if (pv_eoi_get_user(vcpu, &val) < 0)
++ if (pv_eoi_get_user(vcpu, &val) < 0) {
+ apic_debug("Can't read EOI MSR value: 0x%llx\n",
+ (unsigned long long)vcpu->arch.pv_eoi.msr_val);
++ return false;
++ }
+ return val & 0x1;
+ }
+
--- /dev/null
+From 91a5f413af596ad01097e59bf487eb07cb3f1331 Mon Sep 17 00:00:00 2001
+From: Vitaly Kuznetsov <vkuznets@redhat.com>
+Date: Thu, 20 Feb 2020 18:22:05 +0100
+Subject: KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1
+
+From: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+commit 91a5f413af596ad01097e59bf487eb07cb3f1331 upstream.
+
+Even when APICv is disabled for L1 it can (and, actually, is) still
+available for L2, this means we need to always call
+vmx_deliver_nested_posted_interrupt() when attempting an interrupt
+delivery.
+
+Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/kvm_host.h | 2 +-
+ arch/x86/kvm/lapic.c | 5 +----
+ arch/x86/kvm/svm.c | 7 ++++++-
+ arch/x86/kvm/vmx.c | 13 +++++++++----
+ 4 files changed, 17 insertions(+), 10 deletions(-)
+
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -1006,7 +1006,7 @@ struct kvm_x86_ops {
+ void (*load_eoi_exitmap)(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap);
+ void (*set_virtual_apic_mode)(struct kvm_vcpu *vcpu);
+ void (*set_apic_access_page_addr)(struct kvm_vcpu *vcpu, hpa_t hpa);
+- void (*deliver_posted_interrupt)(struct kvm_vcpu *vcpu, int vector);
++ int (*deliver_posted_interrupt)(struct kvm_vcpu *vcpu, int vector);
+ int (*sync_pir_to_irr)(struct kvm_vcpu *vcpu);
+ int (*set_tss_addr)(struct kvm *kvm, unsigned int addr);
+ int (*get_tdp_level)(struct kvm_vcpu *vcpu);
+--- a/arch/x86/kvm/lapic.c
++++ b/arch/x86/kvm/lapic.c
+@@ -993,11 +993,8 @@ static int __apic_accept_irq(struct kvm_
+ apic_clear_vector(vector, apic->regs + APIC_TMR);
+ }
+
+- if (vcpu->arch.apicv_active)
+- kvm_x86_ops->deliver_posted_interrupt(vcpu, vector);
+- else {
++ if (kvm_x86_ops->deliver_posted_interrupt(vcpu, vector)) {
+ kvm_lapic_set_irr(vector, apic);
+-
+ kvm_make_request(KVM_REQ_EVENT, vcpu);
+ kvm_vcpu_kick(vcpu);
+ }
+--- a/arch/x86/kvm/svm.c
++++ b/arch/x86/kvm/svm.c
+@@ -4631,8 +4631,11 @@ static void svm_load_eoi_exitmap(struct
+ return;
+ }
+
+-static void svm_deliver_avic_intr(struct kvm_vcpu *vcpu, int vec)
++static int svm_deliver_avic_intr(struct kvm_vcpu *vcpu, int vec)
+ {
++ if (!vcpu->arch.apicv_active)
++ return -1;
++
+ kvm_lapic_set_irr(vec, vcpu->arch.apic);
+ smp_mb__after_atomic();
+
+@@ -4641,6 +4644,8 @@ static void svm_deliver_avic_intr(struct
+ kvm_cpu_get_apicid(vcpu->cpu));
+ else
+ kvm_vcpu_wake_up(vcpu);
++
++ return 0;
+ }
+
+ static bool svm_dy_apicv_has_pending_interrupt(struct kvm_vcpu *vcpu)
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -5541,24 +5541,29 @@ static int vmx_deliver_nested_posted_int
+ * 2. If target vcpu isn't running(root mode), kick it to pick up the
+ * interrupt from PIR in next vmentry.
+ */
+-static void vmx_deliver_posted_interrupt(struct kvm_vcpu *vcpu, int vector)
++static int vmx_deliver_posted_interrupt(struct kvm_vcpu *vcpu, int vector)
+ {
+ struct vcpu_vmx *vmx = to_vmx(vcpu);
+ int r;
+
+ r = vmx_deliver_nested_posted_interrupt(vcpu, vector);
+ if (!r)
+- return;
++ return 0;
++
++ if (!vcpu->arch.apicv_active)
++ return -1;
+
+ if (pi_test_and_set_pir(vector, &vmx->pi_desc))
+- return;
++ return 0;
+
+ /* If a previous notification has sent the IPI, nothing to do. */
+ if (pi_test_and_set_on(&vmx->pi_desc))
+- return;
++ return 0;
+
+ if (!kvm_vcpu_trigger_posted_interrupt(vcpu, false))
+ kvm_vcpu_kick(vcpu);
++
++ return 0;
+ }
+
+ /*
ext4-fix-race-between-writepages-and-enabling-ext4_extents_fl.patch
kvm-nvmx-refactor-io-bitmap-checks-into-helper-function.patch
kvm-nvmx-check-io-instruction-vm-exit-conditions.patch
+kvm-nvmx-handle-nested-posted-interrupts-when-apicv-is-disabled-for-l1.patch
+kvm-apic-avoid-calculating-pending-eoi-from-an-uninitialized-val.patch
+btrfs-fix-bytes_may_use-underflow-in-prealloc-error-condtition.patch
+btrfs-do-not-check-delayed-items-are-empty-for-single-transaction-cleanup.patch
+btrfs-fix-btrfs_wait_ordered_range-so-that-it-waits-for-all-ordered-extents.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
