4.9-stable patches

added patches:
	btrfs-fix-early-enospc-due-to-delalloc.patch
	f2fs-sanity-check-checkpoint-segno-and-blkoff.patch

diff --git a/queue-4.9/btrfs-fix-early-enospc-due-to-delalloc.patch b/queue-4.9/btrfs-fix-early-enospc-due-to-delalloc.patch
new file mode 100644 (file)
index 0000000..fc66664
--- /dev/null
+++ b/queue-4.9/btrfs-fix-early-enospc-due-to-delalloc.patch
@@ -0,0 +1,47 @@
+From 17024ad0a0fdfcfe53043afb969b813d3e020c21 Mon Sep 17 00:00:00 2001
+From: Omar Sandoval <osandov@fb.com>
+Date: Thu, 20 Jul 2017 15:10:35 -0700
+Subject: Btrfs: fix early ENOSPC due to delalloc
+
+From: Omar Sandoval <osandov@fb.com>
+
+commit 17024ad0a0fdfcfe53043afb969b813d3e020c21 upstream.
+
+If a lot of metadata is reserved for outstanding delayed allocations, we
+rely on shrink_delalloc() to reclaim metadata space in order to fulfill
+reservation tickets. However, shrink_delalloc() has a shortcut where if
+it determines that space can be overcommitted, it will stop early. This
+made sense before the ticketed enospc system, but now it means that
+shrink_delalloc() will often not reclaim enough space to fulfill any
+tickets, leading to an early ENOSPC. (Reservation tickets don't care
+about being able to overcommit, they need every byte accounted for.)
+
+Fix it by getting rid of the shortcut so that shrink_delalloc() reclaims
+all of the metadata it is supposed to. This fixes early ENOSPCs we were
+seeing when doing a btrfs receive to populate a new filesystem, as well
+as early ENOSPCs Christoph saw when doing a big cp -r onto Btrfs.
+
+Fixes: 957780eb2788 ("Btrfs: introduce ticketed enospc infrastructure")
+Tested-by: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
+Reviewed-by: Josef Bacik <jbacik@fb.com>
+Signed-off-by: Omar Sandoval <osandov@fb.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Nikolay Borisov <nborisov@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/extent-tree.c |    4 ----
+ 1 file changed, 4 deletions(-)
+
+--- a/fs/btrfs/extent-tree.c
++++ b/fs/btrfs/extent-tree.c
+@@ -4759,10 +4759,6 @@ skip_async:
+               else
+                       flush = BTRFS_RESERVE_NO_FLUSH;
+               spin_lock(&space_info->lock);
+-              if (can_overcommit(root, space_info, orig, flush)) {
+-                      spin_unlock(&space_info->lock);
+-                      break;
+-              }
+               if (list_empty(&space_info->tickets) &&
+                   list_empty(&space_info->priority_tickets)) {
+                       spin_unlock(&space_info->lock);

diff --git a/queue-4.9/f2fs-sanity-check-checkpoint-segno-and-blkoff.patch b/queue-4.9/f2fs-sanity-check-checkpoint-segno-and-blkoff.patch
new file mode 100644 (file)
index 0000000..1351b59
--- /dev/null
+++ b/queue-4.9/f2fs-sanity-check-checkpoint-segno-and-blkoff.patch
@@ -0,0 +1,54 @@
+From 15d3042a937c13f5d9244241c7a9c8416ff6e82a Mon Sep 17 00:00:00 2001
+From: Jin Qian <jinqian@google.com>
+Date: Mon, 15 May 2017 10:45:08 -0700
+Subject: f2fs: sanity check checkpoint segno and blkoff
+
+From: Jin Qian <jinqian@google.com>
+
+commit 15d3042a937c13f5d9244241c7a9c8416ff6e82a upstream.
+
+Make sure segno and blkoff read from raw image are valid.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Jin Qian <jinqian@google.com>
+[Jaegeuk Kim: adjust minor coding style]
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+[AmitP: Found in Android Security bulletin for Aug'17, fixes CVE-2017-10663]
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/f2fs/super.c |   16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+--- a/fs/f2fs/super.c
++++ b/fs/f2fs/super.c
+@@ -1424,6 +1424,8 @@ int sanity_check_ckpt(struct f2fs_sb_inf
+       unsigned int total, fsmeta;
+       struct f2fs_super_block *raw_super = F2FS_RAW_SUPER(sbi);
+       struct f2fs_checkpoint *ckpt = F2FS_CKPT(sbi);
++      unsigned int main_segs, blocks_per_seg;
++      int i;
+ 
+       total = le32_to_cpu(raw_super->segment_count);
+       fsmeta = le32_to_cpu(raw_super->segment_count_ckpt);
+@@ -1435,6 +1437,20 @@ int sanity_check_ckpt(struct f2fs_sb_inf
+       if (unlikely(fsmeta >= total))
+               return 1;
+ 
++      main_segs = le32_to_cpu(raw_super->segment_count_main);
++      blocks_per_seg = sbi->blocks_per_seg;
++
++      for (i = 0; i < NR_CURSEG_NODE_TYPE; i++) {
++              if (le32_to_cpu(ckpt->cur_node_segno[i]) >= main_segs ||
++                      le16_to_cpu(ckpt->cur_node_blkoff[i]) >= blocks_per_seg)
++                      return 1;
++      }
++      for (i = 0; i < NR_CURSEG_DATA_TYPE; i++) {
++              if (le32_to_cpu(ckpt->cur_data_segno[i]) >= main_segs ||
++                      le16_to_cpu(ckpt->cur_data_blkoff[i]) >= blocks_per_seg)
++                      return 1;
++      }
++
+       if (unlikely(f2fs_cp_error(sbi))) {
+               f2fs_msg(sbi->sb, KERN_ERR, "A bug case: need to run fsck");
+               return 1;

diff --git a/queue-4.9/series b/queue-4.9/series
index bac4cb3671c6d94098f4b2a998ec32f2333a4072..a573416ff32ed07d8a54d31a8f4d19140f186b01 100644 (file)
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -30,3 +30,5 @@ iscsi-target-fix-initial-login-pdu-asynchronous-socket-close-oops.patch
 mmc-dw_mmc-use-device_property_read-instead-of-of_property_read.patch
 mmc-core-use-device_property_read-instead-of-of_property_read.patch
 media-lirc-lirc_get_rec_resolution-should-return-microseconds.patch
+f2fs-sanity-check-checkpoint-segno-and-blkoff.patch
+btrfs-fix-early-enospc-due-to-delalloc.patch