From: Greg Kroah-Hartman Date: Mon, 6 Apr 2015 19:09:09 +0000 (+0200) Subject: 3.10-stable patches X-Git-Tag: v3.10.74~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=477dd9915fd19329888700df5924eca876cfdef9;p=thirdparty%2Fkernel%2Fstable-queue.git 3.10-stable patches added patches: dm-hold-suspend_lock-while-suspending-device-during-device-deletion.patch hfsplus-fix-b-tree-corruption-after-insertion-at-position-0.patch --- diff --git a/queue-3.10/dm-hold-suspend_lock-while-suspending-device-during-device-deletion.patch b/queue-3.10/dm-hold-suspend_lock-while-suspending-device-during-device-deletion.patch new file mode 100644 index 00000000000..4ab1e8b3b9e --- /dev/null +++ b/queue-3.10/dm-hold-suspend_lock-while-suspending-device-during-device-deletion.patch @@ -0,0 +1,39 @@ +From ab7c7bb6f4ab95dbca96fcfc4463cd69843e3e24 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Fri, 27 Feb 2015 14:04:27 -0500 +Subject: dm: hold suspend_lock while suspending device during device deletion + +From: Mikulas Patocka + +commit ab7c7bb6f4ab95dbca96fcfc4463cd69843e3e24 upstream. + +__dm_destroy() must take the suspend_lock so that its presuspend and +postsuspend calls do not race with an internal suspend. + +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -2333,10 +2333,16 @@ static void __dm_destroy(struct mapped_d + set_bit(DMF_FREEING, &md->flags); + spin_unlock(&_minor_lock); + ++ /* ++ * Take suspend_lock so that presuspend and postsuspend methods ++ * do not race with internal suspend. ++ */ ++ mutex_lock(&md->suspend_lock); + if (!dm_suspended_md(md)) { + dm_table_presuspend_targets(map); + dm_table_postsuspend_targets(map); + } ++ mutex_unlock(&md->suspend_lock); + + /* + * Rare, but there may be I/O requests still going to complete, diff --git a/queue-3.10/hfsplus-fix-b-tree-corruption-after-insertion-at-position-0.patch b/queue-3.10/hfsplus-fix-b-tree-corruption-after-insertion-at-position-0.patch new file mode 100644 index 00000000000..a0fb27265e6 --- /dev/null +++ b/queue-3.10/hfsplus-fix-b-tree-corruption-after-insertion-at-position-0.patch @@ -0,0 +1,105 @@ +From 98cf21c61a7f5419d82f847c4d77bf6e96a76f5f Mon Sep 17 00:00:00 2001 +From: Sergei Antonov +Date: Wed, 25 Mar 2015 15:55:34 -0700 +Subject: hfsplus: fix B-tree corruption after insertion at position 0 + +From: Sergei Antonov + +commit 98cf21c61a7f5419d82f847c4d77bf6e96a76f5f upstream. + +Fix B-tree corruption when a new record is inserted at position 0 in the +node in hfs_brec_insert(). In this case a hfs_brec_update_parent() is +called to update the parent index node (if exists) and it is passed +hfs_find_data with a search_key containing a newly inserted key instead +of the key to be updated. This results in an inconsistent index node. +The bug reproduces on my machine after an extents overflow record for +the catalog file (CNID=4) is inserted into the extents overflow B-tree. +Because of a low (reserved) value of CNID=4, it has to become the first +record in the first leaf node. + +The resulting first leaf node is correct: + + ---------------------------------------------------- + | key0.CNID=4 | key1.CNID=123 | key2.CNID=456, ... | + ---------------------------------------------------- + +But the parent index key0 still contains the previous key CNID=123: + + ----------------------- + | key0.CNID=123 | ... | + ----------------------- + +A change in hfs_brec_insert() makes hfs_brec_update_parent() work +correctly by preventing it from getting fd->record=-1 value from +__hfs_brec_find(). + +Along the way, I removed duplicate code with unification of the if +condition. The resulting code is equivalent to the original code +because node is never 0. + +Also hfs_brec_update_parent() will now return an error after getting a +negative fd->record value. However, the return value of +hfs_brec_update_parent() is not checked anywhere in the file and I'm +leaving it unchanged by this patch. brec.c lacks error checking after +some other calls too, but this issue is of less importance than the one +being fixed by this patch. + +Signed-off-by: Sergei Antonov +Cc: Joe Perches +Reviewed-by: Vyacheslav Dubeyko +Acked-by: Hin-Tak Leung +Cc: Anton Altaparmakov +Cc: Al Viro +Cc: Christoph Hellwig +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/hfsplus/brec.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +--- a/fs/hfsplus/brec.c ++++ b/fs/hfsplus/brec.c +@@ -131,13 +131,16 @@ skip: + hfs_bnode_write(node, entry, data_off + key_len, entry_len); + hfs_bnode_dump(node); + +- if (new_node) { +- /* update parent key if we inserted a key +- * at the start of the first node +- */ +- if (!rec && new_node != node) +- hfs_brec_update_parent(fd); ++ /* ++ * update parent key if we inserted a key ++ * at the start of the node and it is not the new node ++ */ ++ if (!rec && new_node != node) { ++ hfs_bnode_read_key(node, fd->search_key, data_off + size); ++ hfs_brec_update_parent(fd); ++ } + ++ if (new_node) { + hfs_bnode_put(fd->bnode); + if (!new_node->parent) { + hfs_btree_inc_height(tree); +@@ -168,9 +171,6 @@ skip: + goto again; + } + +- if (!rec) +- hfs_brec_update_parent(fd); +- + return 0; + } + +@@ -370,6 +370,8 @@ again: + if (IS_ERR(parent)) + return PTR_ERR(parent); + __hfs_brec_find(parent, fd, hfs_find_rec_by_key); ++ if (fd->record < 0) ++ return -ENOENT; + hfs_bnode_dump(parent); + rec = fd->record; + diff --git a/queue-3.10/series b/queue-3.10/series index eaffb21041f..a0420c5d803 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -17,3 +17,5 @@ mac80211-drop-unencrypted-frames-in-mesh-fwding.patch revert-iwlwifi-mvm-fix-failure-path-when-power_update.patch perf-fix-irq_work-tail-recursion.patch vt6655-rfbsetpower-fix-missing-rate-rate_12m.patch +dm-hold-suspend_lock-while-suspending-device-during-device-deletion.patch +hfsplus-fix-b-tree-corruption-after-insertion-at-position-0.patch