--- /dev/null
+From 5de5b6ecf97a021f29403aa272cb4e03318ef586 Mon Sep 17 00:00:00 2001
+From: Dave Airlie <airlied@redhat.com>
+Date: Tue, 28 Jul 2020 14:17:36 +1000
+Subject: drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Dave Airlie <airlied@redhat.com>
+
+commit 5de5b6ecf97a021f29403aa272cb4e03318ef586 upstream.
+
+This is confusing, and from my reading of all the drivers only
+nouveau got this right.
+
+Just make the API act under driver control of it's own allocation
+failing, and don't call destroy, if the page table fails to
+create there is nothing to cleanup here.
+
+(I'm willing to believe I've missed something here, so please
+review deeply).
+
+Reviewed-by: Christian König <christian.koenig@amd.com>
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20200728041736.20689-1-airlied@gmail.com
+[bwh: Backported to 4.14:
+ - Drop change in ttm_sg_tt_init()
+ - Adjust context]
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/nouveau/nouveau_sgdma.c | 9 +++------
+ drivers/gpu/drm/ttm/ttm_tt.c | 2 --
+ 2 files changed, 3 insertions(+), 8 deletions(-)
+
+--- a/drivers/gpu/drm/nouveau/nouveau_sgdma.c
++++ b/drivers/gpu/drm/nouveau/nouveau_sgdma.c
+@@ -106,12 +106,9 @@ nouveau_sgdma_create_ttm(struct ttm_bo_d
+ else
+ nvbe->ttm.ttm.func = &nv50_sgdma_backend;
+
+- if (ttm_dma_tt_init(&nvbe->ttm, bdev, size, page_flags, dummy_read_page))
+- /*
+- * A failing ttm_dma_tt_init() will call ttm_tt_destroy()
+- * and thus our nouveau_sgdma_destroy() hook, so we don't need
+- * to free nvbe here.
+- */
++ if (ttm_dma_tt_init(&nvbe->ttm, bdev, size, page_flags, dummy_read_page)) {
++ kfree(nvbe);
+ return NULL;
++ }
+ return &nvbe->ttm.ttm;
+ }
+--- a/drivers/gpu/drm/ttm/ttm_tt.c
++++ b/drivers/gpu/drm/ttm/ttm_tt.c
+@@ -199,7 +199,6 @@ int ttm_tt_init(struct ttm_tt *ttm, stru
+
+ ttm_tt_alloc_page_directory(ttm);
+ if (!ttm->pages) {
+- ttm_tt_destroy(ttm);
+ pr_err("Failed allocating page table\n");
+ return -ENOMEM;
+ }
+@@ -232,7 +231,6 @@ int ttm_dma_tt_init(struct ttm_dma_tt *t
+ INIT_LIST_HEAD(&ttm_dma->pages_list);
+ ttm_dma_tt_alloc_page_directory(ttm_dma);
+ if (!ttm->pages) {
+- ttm_tt_destroy(ttm);
+ pr_err("Failed allocating page table\n");
+ return -ENOMEM;
+ }
-From 5d069dbe8aaf2a197142558b6fb2978189ba3454 Mon Sep 17 00:00:00 2001
-From: Miklos Szeredi <mszeredi@redhat.com>
-Date: Thu, 10 Dec 2020 15:33:14 +0100
+From foo@baz Mon Jan 24 04:40:51 PM CET 2022
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Mon, 24 Jan 2022 16:17:18 +0100
Subject: fuse: fix bad inode
+To: stable@vger.kernel.org
+Cc: Miklos Szeredi <mszeredi@redhat.com>, Jan Kara <jack@suse.cz>
+Message-ID: <Ye7C/r2HAXqKeg/7@decadent.org.uk>
+Content-Disposition: inline
From: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Tested-by: Jan Kara <jack@suse.cz>
Cc: <stable@vger.kernel.org>
-[adjusted for missing fs/fuse/readdir.c and changes in fuse_evict_inode() in 4.14]
-Signed-off-by: Samuel Mendoza-Jonas <samjonas@amazon.com>
+[bwh: Backported to 4.19:
+ - Drop changes in fuse_dir_fsync(), fuse_readahead(), fuse_evict_inode()
+ - In fuse_get_link(), return ERR_PTR(-EIO) for bad inodes
+ - Convert some additional calls to is_bad_inode()
+ - Adjust filename, context]
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fuse/acl.c | 6 ++++++
- fs/fuse/dir.c | 37 ++++++++++++++++++++++++++++++++-----
- fs/fuse/file.c | 21 +++++++++++++++------
+ fs/fuse/dir.c | 40 +++++++++++++++++++++++++++++++++++-----
+ fs/fuse/file.c | 27 ++++++++++++++++++---------
fs/fuse/fuse_i.h | 12 ++++++++++++
fs/fuse/inode.c | 2 +-
fs/fuse/xattr.c | 9 +++++++++
- 6 files changed, 75 insertions(+), 12 deletions(-)
+ 6 files changed, 81 insertions(+), 15 deletions(-)
--- a/fs/fuse/acl.c
+++ b/fs/fuse/acl.c
return -EIO;
req = fuse_get_req(fc, 1);
-@@ -1703,7 +1724,7 @@ int fuse_do_setattr(struct dentry *dentr
+@@ -1405,6 +1426,9 @@ static const char *fuse_get_link(struct
+ if (!dentry)
+ return ERR_PTR(-ECHILD);
+
++ if (fuse_is_bad(inode))
++ return ERR_PTR(-EIO);
++
+ link = kmalloc(PAGE_SIZE, GFP_KERNEL);
+ if (!link)
+ return ERR_PTR(-ENOMEM);
+@@ -1703,7 +1727,7 @@ int fuse_do_setattr(struct dentry *dentr
if (fuse_invalid_attr(&outarg.attr) ||
(inode->i_mode ^ outarg.attr.mode) & S_IFMT) {
err = -EIO;
goto error;
}
-@@ -1759,6 +1780,9 @@ static int fuse_setattr(struct dentry *e
+@@ -1759,6 +1783,9 @@ static int fuse_setattr(struct dentry *e
struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL;
int ret;
if (!fuse_allow_current_process(get_fuse_conn(inode)))
return -EACCES;
-@@ -1817,6 +1841,9 @@ static int fuse_getattr(const struct pat
+@@ -1817,6 +1844,9 @@ static int fuse_getattr(const struct pat
struct inode *inode = d_inode(path->dentry);
struct fuse_conn *fc = get_fuse_conn(inode);
/*
* In auto invalidate mode, always update attributes on read.
* Otherwise, only update if we attempt to read past EOF (to ensure
+@@ -1127,7 +1133,7 @@ static ssize_t fuse_perform_write(struct
+ int err = 0;
+ ssize_t res = 0;
+
+- if (is_bad_inode(inode))
++ if (fuse_is_bad(inode))
+ return -EIO;
+
+ if (inode->i_size < pos + iov_iter_count(ii))
@@ -1184,6 +1190,9 @@ static ssize_t fuse_file_write_iter(stru
ssize_t err;
loff_t endbyte = 0;
if (get_fuse_conn(inode)->writeback_cache) {
/* Update size (EOF optimization) and mode (SUID clearing) */
err = fuse_update_attributes(mapping->host, file);
+@@ -1420,7 +1429,7 @@ static ssize_t __fuse_direct_read(struct
+ ssize_t res;
+ struct inode *inode = file_inode(io->iocb->ki_filp);
+
+- if (is_bad_inode(inode))
++ if (fuse_is_bad(inode))
+ return -EIO;
+
+ res = fuse_direct_io(io, iter, ppos, 0);
+@@ -1442,7 +1451,7 @@ static ssize_t fuse_direct_write_iter(st
+ struct fuse_io_priv io = FUSE_IO_PRIV_SYNC(iocb);
+ ssize_t res;
+
+- if (is_bad_inode(inode))
++ if (fuse_is_bad(inode))
+ return -EIO;
+
+ /* Don't allow parallel writes to the same file */
@@ -1916,7 +1925,7 @@ static int fuse_writepages(struct addres
int err;
-From 775c5033a0d164622d9d10dd0f0a5531639ed3ed Mon Sep 17 00:00:00 2001
-From: Amir Goldstein <amir73il@gmail.com>
-Date: Thu, 4 Mar 2021 11:09:12 +0200
+From foo@baz Mon Jan 24 04:40:51 PM CET 2022
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Mon, 24 Jan 2022 16:18:28 +0100
Subject: fuse: fix live lock in fuse_iget()
+To: stable@vger.kernel.org
+Cc: Amir Goldstein <amir73il@gmail.com>, Miklos Szeredi <mszeredi@redhat.com>, Jan Kara <jack@suse.cz>
+Message-ID: <Ye7DRM+jxoaske8/@decadent.org.uk>
+Content-Disposition: inline
From: Amir Goldstein <amir73il@gmail.com>
[ ] fuse_iget+0x96/0x1b0
Fixes: 5d069dbe8aaf ("fuse: fix bad inode")
-Cc: stable@vger.kernel.org # 5.10+
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
-Signed-off-by: Samuel Mendoza-Jonas <samjonas@amazon.com>
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fuse/fuse_i.h | 1 +
projects / thirdparty / kernel / stable-queue.git / commitdiff
