From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 17 Feb 2020 14:19:32 +0000 (+0100)
Subject: 4.4-stable patches
X-Git-Tag: v4.19.105~28
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1e41eff5fc6a93af2a2ae32671e817360c517ce8;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	ubifs-fix-deadlock-in-concurrent-bulk-read-and-writepage.patch
---

diff --git a/queue-4.4/series b/queue-4.4/series
index ae986414400..05a0b1aef7c 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -1 +1,2 @@
 alsa-usb-audio-apply-sample-rate-quirk-for-audioengine-d1.patch
+ubifs-fix-deadlock-in-concurrent-bulk-read-and-writepage.patch
diff --git a/queue-4.4/ubifs-fix-deadlock-in-concurrent-bulk-read-and-writepage.patch b/queue-4.4/ubifs-fix-deadlock-in-concurrent-bulk-read-and-writepage.patch
new file mode 100644
index 00000000000..a5912ceb7cb
--- /dev/null
+++ b/queue-4.4/ubifs-fix-deadlock-in-concurrent-bulk-read-and-writepage.patch
@@ -0,0 +1,61 @@
+From f5de5b83303e61b1f3fb09bd77ce3ac2d7a475f2 Mon Sep 17 00:00:00 2001
+From: Zhihao Cheng <chengzhihao1@huawei.com>
+Date: Sat, 11 Jan 2020 17:50:36 +0800
+Subject: ubifs: Fix deadlock in concurrent bulk-read and writepage
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Zhihao Cheng <chengzhihao1@huawei.com>
+
+commit f5de5b83303e61b1f3fb09bd77ce3ac2d7a475f2 upstream.
+
+In ubifs, concurrent execution of writepage and bulk read on the same file
+may cause ABBA deadlock, for example (Reproduce method see Link):
+
+Process A(Bulk-read starts from page4)         Process B(write page4 back)
+  vfs_read                                       wb_workfn or fsync
+  ...                                            ...
+  generic_file_buffered_read                     write_cache_pages
+    ubifs_readpage                                 LOCK(page4)
+
+      ubifs_bulk_read                              ubifs_writepage
+        LOCK(ui->ui_mutex)                           ubifs_write_inode
+
+	  ubifs_do_bulk_read                           LOCK(ui->ui_mutex)
+	    find_or_create_page(alloc page4)                  ↑
+	      LOCK(page4)                   <--     ABBA deadlock occurs!
+
+In order to ensure the serialization execution of bulk read, we can't
+remove the big lock 'ui->ui_mutex' in ubifs_bulk_read(). Instead, we
+allow ubifs_do_bulk_read() to lock page failed by replacing
+find_or_create_page(FGP_LOCK) with
+pagecache_get_page(FGP_LOCK | FGP_NOWAIT).
+
+Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
+Suggested-by: zhangyi (F) <yi.zhang@huawei.com>
+Cc: <Stable@vger.kernel.org>
+Fixes: 4793e7c5e1c ("UBIFS: add bulk-read facility")
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=206153
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ fs/ubifs/file.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/ubifs/file.c
++++ b/fs/ubifs/file.c
+@@ -782,8 +782,9 @@ static int ubifs_do_bulk_read(struct ubi
+ 
+ 		if (page_offset > end_index)
+ 			break;
+-		page = find_or_create_page(mapping, page_offset,
+-					   GFP_NOFS | __GFP_COLD);
++		page = pagecache_get_page(mapping, page_offset,
++				 FGP_LOCK|FGP_ACCESSED|FGP_CREAT|FGP_NOWAIT,
++				 GFP_NOFS | __GFP_COLD);
+ 		if (!page)
+ 			break;
+ 		if (!PageUptodate(page))