From: Greg Kroah-Hartman Date: Thu, 23 May 2019 12:35:39 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v5.1.5~20 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1e6a8e33d2c0de91e3119edb91699283d6a818b1;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: dm-cache-metadata-fix-loading-discard-bitset.patch dm-delay-fix-a-crash-when-invalid-device-is-specified.patch dm-integrity-correctly-calculate-the-size-of-metadata-area.patch dm-mpath-always-free-attached_handler_name-in-parse_path.patch dm-zoned-fix-zone-report-handling.patch fuse-add-fopen_stream-to-use-stream_open.patch --- diff --git a/queue-4.19/dm-cache-metadata-fix-loading-discard-bitset.patch b/queue-4.19/dm-cache-metadata-fix-loading-discard-bitset.patch new file mode 100644 index 00000000000..687cdffcc79 --- /dev/null +++ b/queue-4.19/dm-cache-metadata-fix-loading-discard-bitset.patch @@ -0,0 +1,47 @@ +From e28adc3bf34e434b30e8d063df4823ba0f3e0529 Mon Sep 17 00:00:00 2001 +From: Nikos Tsironis +Date: Wed, 17 Apr 2019 17:19:18 +0300 +Subject: dm cache metadata: Fix loading discard bitset + +From: Nikos Tsironis + +commit e28adc3bf34e434b30e8d063df4823ba0f3e0529 upstream. + +Add missing dm_bitset_cursor_next() to properly advance the bitset +cursor. + +Otherwise, the discarded state of all blocks is set according to the +discarded state of the first block. + +Fixes: ae4a46a1f6 ("dm cache metadata: use bitset cursor api to load discard bitset") +Cc: stable@vger.kernel.org +Signed-off-by: Nikos Tsironis +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm-cache-metadata.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/drivers/md/dm-cache-metadata.c ++++ b/drivers/md/dm-cache-metadata.c +@@ -1167,11 +1167,18 @@ static int __load_discards(struct dm_cac + if (r) + return r; + +- for (b = 0; b < from_dblock(cmd->discard_nr_blocks); b++) { ++ for (b = 0; ; b++) { + r = fn(context, cmd->discard_block_size, to_dblock(b), + dm_bitset_cursor_get_value(&c)); + if (r) + break; ++ ++ if (b >= (from_dblock(cmd->discard_nr_blocks) - 1)) ++ break; ++ ++ r = dm_bitset_cursor_next(&c); ++ if (r) ++ break; + } + + dm_bitset_cursor_end(&c); diff --git a/queue-4.19/dm-delay-fix-a-crash-when-invalid-device-is-specified.patch b/queue-4.19/dm-delay-fix-a-crash-when-invalid-device-is-specified.patch new file mode 100644 index 00000000000..bead3ce9080 --- /dev/null +++ b/queue-4.19/dm-delay-fix-a-crash-when-invalid-device-is-specified.patch @@ -0,0 +1,34 @@ +From 81bc6d150ace6250503b825d9d0c10f7bbd24095 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Thu, 25 Apr 2019 12:07:54 -0400 +Subject: dm delay: fix a crash when invalid device is specified + +From: Mikulas Patocka + +commit 81bc6d150ace6250503b825d9d0c10f7bbd24095 upstream. + +When the target line contains an invalid device, delay_ctr() will call +delay_dtr() with NULL workqueue. Attempting to destroy the NULL +workqueue causes a crash. + +Signed-off-by: Mikulas Patocka +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm-delay.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/md/dm-delay.c ++++ b/drivers/md/dm-delay.c +@@ -121,7 +121,8 @@ static void delay_dtr(struct dm_target * + { + struct delay_c *dc = ti->private; + +- destroy_workqueue(dc->kdelayd_wq); ++ if (dc->kdelayd_wq) ++ destroy_workqueue(dc->kdelayd_wq); + + if (dc->read.dev) + dm_put_device(ti, dc->read.dev); diff --git a/queue-4.19/dm-integrity-correctly-calculate-the-size-of-metadata-area.patch b/queue-4.19/dm-integrity-correctly-calculate-the-size-of-metadata-area.patch new file mode 100644 index 00000000000..1c7f86a2077 --- /dev/null +++ b/queue-4.19/dm-integrity-correctly-calculate-the-size-of-metadata-area.patch @@ -0,0 +1,48 @@ +From 30bba430ddf737978e40561198693ba91386dac1 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Tue, 7 May 2019 14:28:35 -0400 +Subject: dm integrity: correctly calculate the size of metadata area + +From: Mikulas Patocka + +commit 30bba430ddf737978e40561198693ba91386dac1 upstream. + +When we use separate devices for data and metadata, dm-integrity would +incorrectly calculate the size of the metadata device as if it had +512-byte block size - and it would refuse activation with larger block +size and smaller metadata device. + +Fix this so that it takes actual block size into account, which fixes +the following reported issue: +https://gitlab.com/cryptsetup/cryptsetup/issues/450 + +Fixes: 356d9d52e122 ("dm integrity: allow separate metadata device") +Cc: stable@vger.kernel.org # v4.19+ +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm-integrity.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/md/dm-integrity.c ++++ b/drivers/md/dm-integrity.c +@@ -2557,7 +2557,7 @@ static int calculate_device_limits(struc + if (last_sector < ic->start || last_sector >= ic->meta_device_sectors) + return -EINVAL; + } else { +- __u64 meta_size = ic->provided_data_sectors * ic->tag_size; ++ __u64 meta_size = (ic->provided_data_sectors >> ic->sb->log2_sectors_per_block) * ic->tag_size; + meta_size = (meta_size + ((1U << (ic->log2_buffer_sectors + SECTOR_SHIFT)) - 1)) + >> (ic->log2_buffer_sectors + SECTOR_SHIFT); + meta_size <<= ic->log2_buffer_sectors; +@@ -3428,7 +3428,7 @@ try_smaller_buffer: + DEBUG_print(" journal_sections %u\n", (unsigned)le32_to_cpu(ic->sb->journal_sections)); + DEBUG_print(" journal_entries %u\n", ic->journal_entries); + DEBUG_print(" log2_interleave_sectors %d\n", ic->sb->log2_interleave_sectors); +- DEBUG_print(" device_sectors 0x%llx\n", (unsigned long long)ic->device_sectors); ++ DEBUG_print(" data_device_sectors 0x%llx\n", (unsigned long long)ic->data_device_sectors); + DEBUG_print(" initial_sectors 0x%x\n", ic->initial_sectors); + DEBUG_print(" metadata_run 0x%x\n", ic->metadata_run); + DEBUG_print(" log2_metadata_run %d\n", ic->log2_metadata_run); diff --git a/queue-4.19/dm-mpath-always-free-attached_handler_name-in-parse_path.patch b/queue-4.19/dm-mpath-always-free-attached_handler_name-in-parse_path.patch new file mode 100644 index 00000000000..29b6ec17be3 --- /dev/null +++ b/queue-4.19/dm-mpath-always-free-attached_handler_name-in-parse_path.patch @@ -0,0 +1,46 @@ +From 940bc471780b004a5277c1931f52af363c2fc9da Mon Sep 17 00:00:00 2001 +From: Martin Wilck +Date: Mon, 29 Apr 2019 11:48:15 +0200 +Subject: dm mpath: always free attached_handler_name in parse_path() + +From: Martin Wilck + +commit 940bc471780b004a5277c1931f52af363c2fc9da upstream. + +Commit b592211c33f7 ("dm mpath: fix attached_handler_name leak and +dangling hw_handler_name pointer") fixed a memory leak for the case +where setup_scsi_dh() returns failure. But setup_scsi_dh may return +success and not "use" attached_handler_name if the +retain_attached_hwhandler flag is not set on the map. As setup_scsi_sh +properly "steals" the pointer by nullifying it, freeing it +unconditionally in parse_path() is safe. + +Fixes: b592211c33f7 ("dm mpath: fix attached_handler_name leak and dangling hw_handler_name pointer") +Cc: stable@vger.kernel.org +Reported-by: Yufen Yu +Signed-off-by: Martin Wilck +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm-mpath.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/md/dm-mpath.c ++++ b/drivers/md/dm-mpath.c +@@ -892,6 +892,7 @@ static struct pgpath *parse_path(struct + if (attached_handler_name || m->hw_handler_name) { + INIT_DELAYED_WORK(&p->activate_path, activate_path_work); + r = setup_scsi_dh(p->path.dev->bdev, m, &attached_handler_name, &ti->error); ++ kfree(attached_handler_name); + if (r) { + dm_put_device(ti, p->path.dev); + goto bad; +@@ -906,7 +907,6 @@ static struct pgpath *parse_path(struct + + return p; + bad: +- kfree(attached_handler_name); + free_pgpath(p); + return ERR_PTR(r); + } diff --git a/queue-4.19/dm-zoned-fix-zone-report-handling.patch b/queue-4.19/dm-zoned-fix-zone-report-handling.patch new file mode 100644 index 00000000000..d623826669e --- /dev/null +++ b/queue-4.19/dm-zoned-fix-zone-report-handling.patch @@ -0,0 +1,57 @@ +From 7aedf75ff740a98f3683439449cd91c8662d03b2 Mon Sep 17 00:00:00 2001 +From: Damien Le Moal +Date: Thu, 18 Apr 2019 18:03:07 +0900 +Subject: dm zoned: Fix zone report handling + +From: Damien Le Moal + +commit 7aedf75ff740a98f3683439449cd91c8662d03b2 upstream. + +The function blkdev_report_zones() returns success even if no zone +information is reported (empty report). Empty zone reports can only +happen if the report start sector passed exceeds the device capacity. +The conditions for this to happen are either a bug in the caller code, +or, a change in the device that forced the low level driver to change +the device capacity to a value that is lower than the report start +sector. This situation includes a failed disk revalidation resulting in +the disk capacity being changed to 0. + +If this change happens while dm-zoned is in its initialization phase +executing dmz_init_zones(), this function may enter an infinite loop +and hang the system. To avoid this, add a check to disallow empty zone +reports and bail out early. Also fix the function dmz_update_zone() to +make sure that the report for the requested zone was correctly obtained. + +Fixes: 3b1a94c88b79 ("dm zoned: drive-managed zoned block device target") +Cc: stable@vger.kernel.org +Signed-off-by: Damien Le Moal +Reviewed-by: Shaun Tancheff +Signed-off-by: Damien Le Moal +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm-zoned-metadata.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/md/dm-zoned-metadata.c ++++ b/drivers/md/dm-zoned-metadata.c +@@ -1169,6 +1169,9 @@ static int dmz_init_zones(struct dmz_met + goto out; + } + ++ if (!nr_blkz) ++ break; ++ + /* Process report */ + for (i = 0; i < nr_blkz; i++) { + ret = dmz_init_zone(zmd, zone, &blkz[i]); +@@ -1204,6 +1207,8 @@ static int dmz_update_zone(struct dmz_me + /* Get zone information from disk */ + ret = blkdev_report_zones(zmd->dev->bdev, dmz_start_sect(zmd, zone), + &blkz, &nr_blkz, GFP_NOIO); ++ if (!nr_blkz) ++ ret = -EIO; + if (ret) { + dmz_dev_err(zmd->dev, "Get zone %u report failed", + dmz_id(zmd, zone)); diff --git a/queue-4.19/fuse-add-fopen_stream-to-use-stream_open.patch b/queue-4.19/fuse-add-fopen_stream-to-use-stream_open.patch new file mode 100644 index 00000000000..e7621f89287 --- /dev/null +++ b/queue-4.19/fuse-add-fopen_stream-to-use-stream_open.patch @@ -0,0 +1,86 @@ +From bbd84f33652f852ce5992d65db4d020aba21f882 Mon Sep 17 00:00:00 2001 +From: Kirill Smelkov +Date: Wed, 24 Apr 2019 07:13:57 +0000 +Subject: fuse: Add FOPEN_STREAM to use stream_open() + +From: Kirill Smelkov + +commit bbd84f33652f852ce5992d65db4d020aba21f882 upstream. + +Starting from commit 9c225f2655e3 ("vfs: atomic f_pos accesses as per +POSIX") files opened even via nonseekable_open gate read and write via lock +and do not allow them to be run simultaneously. This can create read vs +write deadlock if a filesystem is trying to implement a socket-like file +which is intended to be simultaneously used for both read and write from +filesystem client. See commit 10dce8af3422 ("fs: stream_open - opener for +stream-like files so that read and write can run simultaneously without +deadlock") for details and e.g. commit 581d21a2d02a ("xenbus: fix deadlock +on writes to /proc/xen/xenbus") for a similar deadlock example on +/proc/xen/xenbus. + +To avoid such deadlock it was tempting to adjust fuse_finish_open to use +stream_open instead of nonseekable_open on just FOPEN_NONSEEKABLE flags, +but grepping through Debian codesearch shows users of FOPEN_NONSEEKABLE, +and in particular GVFS which actually uses offset in its read and write +handlers + + https://codesearch.debian.net/search?q=-%3Enonseekable+%3D + https://gitlab.gnome.org/GNOME/gvfs/blob/1.40.0-6-gcbc54396/client/gvfsfusedaemon.c#L1080 + https://gitlab.gnome.org/GNOME/gvfs/blob/1.40.0-6-gcbc54396/client/gvfsfusedaemon.c#L1247-1346 + https://gitlab.gnome.org/GNOME/gvfs/blob/1.40.0-6-gcbc54396/client/gvfsfusedaemon.c#L1399-1481 + +so if we would do such a change it will break a real user. + +Add another flag (FOPEN_STREAM) for filesystem servers to indicate that the +opened handler is having stream-like semantics; does not use file position +and thus the kernel is free to issue simultaneous read and write request on +opened file handle. + +This patch together with stream_open() should be added to stable kernels +starting from v3.14+. This will allow to patch OSSPD and other FUSE +filesystems that provide stream-like files to return FOPEN_STREAM | +FOPEN_NONSEEKABLE in open handler and this way avoid the deadlock on all +kernel versions. This should work because fuse_finish_open ignores unknown +open flags returned from a filesystem and so passing FOPEN_STREAM to a +kernel that is not aware of this flag cannot hurt. In turn the kernel that +is not aware of FOPEN_STREAM will be < v3.14 where just FOPEN_NONSEEKABLE +is sufficient to implement streams without read vs write deadlock. + +Cc: stable@vger.kernel.org # v3.14+ +Signed-off-by: Kirill Smelkov +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/file.c | 4 +++- + include/uapi/linux/fuse.h | 2 ++ + 2 files changed, 5 insertions(+), 1 deletion(-) + +--- a/fs/fuse/file.c ++++ b/fs/fuse/file.c +@@ -179,7 +179,9 @@ void fuse_finish_open(struct inode *inod + file->f_op = &fuse_direct_io_file_operations; + if (!(ff->open_flags & FOPEN_KEEP_CACHE)) + invalidate_inode_pages2(inode->i_mapping); +- if (ff->open_flags & FOPEN_NONSEEKABLE) ++ if (ff->open_flags & FOPEN_STREAM) ++ stream_open(inode, file); ++ else if (ff->open_flags & FOPEN_NONSEEKABLE) + nonseekable_open(inode, file); + if (fc->atomic_o_trunc && (file->f_flags & O_TRUNC)) { + struct fuse_inode *fi = get_fuse_inode(inode); +--- a/include/uapi/linux/fuse.h ++++ b/include/uapi/linux/fuse.h +@@ -219,10 +219,12 @@ struct fuse_file_lock { + * FOPEN_DIRECT_IO: bypass page cache for this open file + * FOPEN_KEEP_CACHE: don't invalidate the data cache on open + * FOPEN_NONSEEKABLE: the file is not seekable ++ * FOPEN_STREAM: the file is stream-like (no file position at all) + */ + #define FOPEN_DIRECT_IO (1 << 0) + #define FOPEN_KEEP_CACHE (1 << 1) + #define FOPEN_NONSEEKABLE (1 << 2) ++#define FOPEN_STREAM (1 << 4) + + /** + * INIT request/reply flags diff --git a/queue-4.19/series b/queue-4.19/series index f149e00b062..0a6a2f36651 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -74,3 +74,9 @@ pci-aer-change-pci_aer_init-stub-to-return-void.patch pci-rcar-add-the-initialization-of-pcie-link-in-resume_noirq.patch pci-factor-out-pcie_retrain_link-function.patch pci-work-around-pericom-pcie-to-pci-bridge-retrain-link-erratum.patch +dm-cache-metadata-fix-loading-discard-bitset.patch +dm-zoned-fix-zone-report-handling.patch +dm-delay-fix-a-crash-when-invalid-device-is-specified.patch +dm-integrity-correctly-calculate-the-size-of-metadata-area.patch +dm-mpath-always-free-attached_handler_name-in-parse_path.patch +fuse-add-fopen_stream-to-use-stream_open.patch