From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 8 Aug 2017 16:23:52 +0000 (-0700)
Subject: 4.9-stable patches
X-Git-Tag: v4.12.6~28
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6842ee603e8bccc61b2258bb194a8568f78add83;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	btrfs-fix-early-enospc-due-to-delalloc.patch
	f2fs-sanity-check-checkpoint-segno-and-blkoff.patch
---

diff --git a/queue-4.9/btrfs-fix-early-enospc-due-to-delalloc.patch b/queue-4.9/btrfs-fix-early-enospc-due-to-delalloc.patch
new file mode 100644
index 00000000000..fc666646dd3
--- /dev/null
+++ b/queue-4.9/btrfs-fix-early-enospc-due-to-delalloc.patch
@@ -0,0 +1,47 @@
+From 17024ad0a0fdfcfe53043afb969b813d3e020c21 Mon Sep 17 00:00:00 2001
+From: Omar Sandoval <osandov@fb.com>
+Date: Thu, 20 Jul 2017 15:10:35 -0700
+Subject: Btrfs: fix early ENOSPC due to delalloc
+
+From: Omar Sandoval <osandov@fb.com>
+
+commit 17024ad0a0fdfcfe53043afb969b813d3e020c21 upstream.
+
+If a lot of metadata is reserved for outstanding delayed allocations, we
+rely on shrink_delalloc() to reclaim metadata space in order to fulfill
+reservation tickets. However, shrink_delalloc() has a shortcut where if
+it determines that space can be overcommitted, it will stop early. This
+made sense before the ticketed enospc system, but now it means that
+shrink_delalloc() will often not reclaim enough space to fulfill any
+tickets, leading to an early ENOSPC. (Reservation tickets don't care
+about being able to overcommit, they need every byte accounted for.)
+
+Fix it by getting rid of the shortcut so that shrink_delalloc() reclaims
+all of the metadata it is supposed to. This fixes early ENOSPCs we were
+seeing when doing a btrfs receive to populate a new filesystem, as well
+as early ENOSPCs Christoph saw when doing a big cp -r onto Btrfs.
+
+Fixes: 957780eb2788 ("Btrfs: introduce ticketed enospc infrastructure")
+Tested-by: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
+Reviewed-by: Josef Bacik <jbacik@fb.com>
+Signed-off-by: Omar Sandoval <osandov@fb.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Nikolay Borisov <nborisov@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/extent-tree.c |    4 ----
+ 1 file changed, 4 deletions(-)
+
+--- a/fs/btrfs/extent-tree.c
++++ b/fs/btrfs/extent-tree.c
+@@ -4759,10 +4759,6 @@ skip_async:
+ 		else
+ 			flush = BTRFS_RESERVE_NO_FLUSH;
+ 		spin_lock(&space_info->lock);
+-		if (can_overcommit(root, space_info, orig, flush)) {
+-			spin_unlock(&space_info->lock);
+-			break;
+-		}
+ 		if (list_empty(&space_info->tickets) &&
+ 		    list_empty(&space_info->priority_tickets)) {
+ 			spin_unlock(&space_info->lock);
diff --git a/queue-4.9/f2fs-sanity-check-checkpoint-segno-and-blkoff.patch b/queue-4.9/f2fs-sanity-check-checkpoint-segno-and-blkoff.patch
new file mode 100644
index 00000000000..1351b597239
--- /dev/null
+++ b/queue-4.9/f2fs-sanity-check-checkpoint-segno-and-blkoff.patch
@@ -0,0 +1,54 @@
+From 15d3042a937c13f5d9244241c7a9c8416ff6e82a Mon Sep 17 00:00:00 2001
+From: Jin Qian <jinqian@google.com>
+Date: Mon, 15 May 2017 10:45:08 -0700
+Subject: f2fs: sanity check checkpoint segno and blkoff
+
+From: Jin Qian <jinqian@google.com>
+
+commit 15d3042a937c13f5d9244241c7a9c8416ff6e82a upstream.
+
+Make sure segno and blkoff read from raw image are valid.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Jin Qian <jinqian@google.com>
+[Jaegeuk Kim: adjust minor coding style]
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+[AmitP: Found in Android Security bulletin for Aug'17, fixes CVE-2017-10663]
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/f2fs/super.c |   16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+--- a/fs/f2fs/super.c
++++ b/fs/f2fs/super.c
+@@ -1424,6 +1424,8 @@ int sanity_check_ckpt(struct f2fs_sb_inf
+ 	unsigned int total, fsmeta;
+ 	struct f2fs_super_block *raw_super = F2FS_RAW_SUPER(sbi);
+ 	struct f2fs_checkpoint *ckpt = F2FS_CKPT(sbi);
++	unsigned int main_segs, blocks_per_seg;
++	int i;
+ 
+ 	total = le32_to_cpu(raw_super->segment_count);
+ 	fsmeta = le32_to_cpu(raw_super->segment_count_ckpt);
+@@ -1435,6 +1437,20 @@ int sanity_check_ckpt(struct f2fs_sb_inf
+ 	if (unlikely(fsmeta >= total))
+ 		return 1;
+ 
++	main_segs = le32_to_cpu(raw_super->segment_count_main);
++	blocks_per_seg = sbi->blocks_per_seg;
++
++	for (i = 0; i < NR_CURSEG_NODE_TYPE; i++) {
++		if (le32_to_cpu(ckpt->cur_node_segno[i]) >= main_segs ||
++			le16_to_cpu(ckpt->cur_node_blkoff[i]) >= blocks_per_seg)
++			return 1;
++	}
++	for (i = 0; i < NR_CURSEG_DATA_TYPE; i++) {
++		if (le32_to_cpu(ckpt->cur_data_segno[i]) >= main_segs ||
++			le16_to_cpu(ckpt->cur_data_blkoff[i]) >= blocks_per_seg)
++			return 1;
++	}
++
+ 	if (unlikely(f2fs_cp_error(sbi))) {
+ 		f2fs_msg(sbi->sb, KERN_ERR, "A bug case: need to run fsck");
+ 		return 1;
diff --git a/queue-4.9/series b/queue-4.9/series
index bac4cb3671c..a573416ff32 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -30,3 +30,5 @@ iscsi-target-fix-initial-login-pdu-asynchronous-socket-close-oops.patch
 mmc-dw_mmc-use-device_property_read-instead-of-of_property_read.patch
 mmc-core-use-device_property_read-instead-of-of_property_read.patch
 media-lirc-lirc_get_rec_resolution-should-return-microseconds.patch
+f2fs-sanity-check-checkpoint-segno-and-blkoff.patch
+btrfs-fix-early-enospc-due-to-delalloc.patch