From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 27 Feb 2019 14:10:49 +0000 (+0100)
Subject: 4.14-stable patches
X-Git-Tag: v4.9.162~36
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=72b6212c39e10c109b868fa11613318176200f05;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	revert-loop-fix-double-mutex_unlock-loop_ctl_mutex-in-loop_control_ioctl.patch
	revert-loop-fold-__loop_release-into-loop_release.patch
	revert-loop-get-rid-of-loop_index_mutex.patch
---

diff --git a/queue-4.14/revert-loop-fix-double-mutex_unlock-loop_ctl_mutex-in-loop_control_ioctl.patch b/queue-4.14/revert-loop-fix-double-mutex_unlock-loop_ctl_mutex-in-loop_control_ioctl.patch
new file mode 100644
index 00000000000..831352c7a5e
--- /dev/null
+++ b/queue-4.14/revert-loop-fix-double-mutex_unlock-loop_ctl_mutex-in-loop_control_ioctl.patch
@@ -0,0 +1,39 @@
+From b69d8c31e3f18ab93422db072a3e57638bb4129c Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Wed, 27 Feb 2019 14:58:58 +0100
+Subject: Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()"
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+This reverts commit d2762edcb6af99fc9322bab0b1d4e71a427760e8 which is
+commit 628bd85947091830a8c4872adfd5ed1d515a9cf2 upstream.
+
+It does not work properly in the 4.14.y tree and causes more problems
+than it fixes, so revert it.
+
+Reported-by: Thomas Lindroth <thomas.lindroth@gmail.com>
+Reported-by: Jan Kara <jack@suse.cz>
+Cc: syzbot <syzbot+c0138741c2290fc5e63f@syzkaller.appspotmail.com>
+Cc: Ming Lei <ming.lei@redhat.com>
+Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Cc: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/block/loop.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/block/loop.c
++++ b/drivers/block/loop.c
+@@ -1996,10 +1996,12 @@ static long loop_control_ioctl(struct fi
+ 			break;
+ 		if (lo->lo_state != Lo_unbound) {
+ 			ret = -EBUSY;
++			mutex_unlock(&loop_ctl_mutex);
+ 			break;
+ 		}
+ 		if (atomic_read(&lo->lo_refcnt) > 0) {
+ 			ret = -EBUSY;
++			mutex_unlock(&loop_ctl_mutex);
+ 			break;
+ 		}
+ 		lo->lo_disk->private_data = NULL;
diff --git a/queue-4.14/revert-loop-fold-__loop_release-into-loop_release.patch b/queue-4.14/revert-loop-fold-__loop_release-into-loop_release.patch
new file mode 100644
index 00000000000..58318ef9ad8
--- /dev/null
+++ b/queue-4.14/revert-loop-fold-__loop_release-into-loop_release.patch
@@ -0,0 +1,64 @@
+From 23b0213696688c5e7a3456221ac12bf3bae5e67b Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Wed, 27 Feb 2019 15:09:22 +0100
+Subject: Revert "loop: Fold __loop_release into loop_release"
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+This reverts commit f1e81ba8a3fa56dcc48828869b392b29559a0ac3 which is
+commit 967d1dc144b50ad005e5eecdfadfbcfb399ffff6 upstream.
+
+It does not work properly in the 4.14.y tree and causes more problems
+than it fixes, so revert it.
+
+Reported-by: Thomas Lindroth <thomas.lindroth@gmail.com>
+Reported-by: Jan Kara <jack@suse.cz>
+Cc: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/block/loop.c |   16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+--- a/drivers/block/loop.c
++++ b/drivers/block/loop.c
+@@ -1634,15 +1634,12 @@ out:
+ 	return err;
+ }
+ 
+-static void lo_release(struct gendisk *disk, fmode_t mode)
++static void __lo_release(struct loop_device *lo)
+ {
+-	struct loop_device *lo;
+ 	int err;
+ 
+-	mutex_lock(&loop_index_mutex);
+-	lo = disk->private_data;
+ 	if (atomic_dec_return(&lo->lo_refcnt))
+-		goto unlock_index;
++		return;
+ 
+ 	mutex_lock(&loop_ctl_mutex);
+ 	if (lo->lo_flags & LO_FLAGS_AUTOCLEAR) {
+@@ -1652,7 +1649,7 @@ static void lo_release(struct gendisk *d
+ 		 */
+ 		err = loop_clr_fd(lo);
+ 		if (!err)
+-			goto unlock_index;
++			return;
+ 	} else if (lo->lo_state == Lo_bound) {
+ 		/*
+ 		 * Otherwise keep thread (if running) and config,
+@@ -1663,7 +1660,12 @@ static void lo_release(struct gendisk *d
+ 	}
+ 
+ 	mutex_unlock(&loop_ctl_mutex);
+-unlock_index:
++}
++
++static void lo_release(struct gendisk *disk, fmode_t mode)
++{
++	mutex_lock(&loop_index_mutex);
++	__lo_release(disk->private_data);
+ 	mutex_unlock(&loop_index_mutex);
+ }
+ 
diff --git a/queue-4.14/revert-loop-get-rid-of-loop_index_mutex.patch b/queue-4.14/revert-loop-get-rid-of-loop_index_mutex.patch
new file mode 100644
index 00000000000..41e69d489de
--- /dev/null
+++ b/queue-4.14/revert-loop-get-rid-of-loop_index_mutex.patch
@@ -0,0 +1,161 @@
+From 8e1a82e6d3ceada936a24743bb9f6919cf8a46a9 Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Wed, 27 Feb 2019 15:08:29 +0100
+Subject: Revert "loop: Get rid of loop_index_mutex"
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+This reverts commit c1e63df4f30c3918476ac9bc594355b0e9629893 which is
+commit 0a42e99b58a208839626465af194cfe640ef9493 upstream.
+
+It does not work properly in the 4.14.y tree and causes more problems
+than it fixes, so revert it.
+
+Reported-by: Thomas Lindroth <thomas.lindroth@gmail.com>
+Reported-by: Jan Kara <jack@suse.cz>
+Cc: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/block/loop.c |   39 +++++++++++++++++++--------------------
+ 1 file changed, 19 insertions(+), 20 deletions(-)
+
+--- a/drivers/block/loop.c
++++ b/drivers/block/loop.c
+@@ -81,6 +81,7 @@
+ #include <linux/uaccess.h>
+ 
+ static DEFINE_IDR(loop_index_idr);
++static DEFINE_MUTEX(loop_index_mutex);
+ static DEFINE_MUTEX(loop_ctl_mutex);
+ 
+ static int max_part;
+@@ -1618,11 +1619,9 @@ static int lo_compat_ioctl(struct block_
+ static int lo_open(struct block_device *bdev, fmode_t mode)
+ {
+ 	struct loop_device *lo;
+-	int err;
++	int err = 0;
+ 
+-	err = mutex_lock_killable(&loop_ctl_mutex);
+-	if (err)
+-		return err;
++	mutex_lock(&loop_index_mutex);
+ 	lo = bdev->bd_disk->private_data;
+ 	if (!lo) {
+ 		err = -ENXIO;
+@@ -1631,7 +1630,7 @@ static int lo_open(struct block_device *
+ 
+ 	atomic_inc(&lo->lo_refcnt);
+ out:
+-	mutex_unlock(&loop_ctl_mutex);
++	mutex_unlock(&loop_index_mutex);
+ 	return err;
+ }
+ 
+@@ -1640,11 +1639,12 @@ static void lo_release(struct gendisk *d
+ 	struct loop_device *lo;
+ 	int err;
+ 
+-	mutex_lock(&loop_ctl_mutex);
++	mutex_lock(&loop_index_mutex);
+ 	lo = disk->private_data;
+ 	if (atomic_dec_return(&lo->lo_refcnt))
+-		goto out_unlock;
++		goto unlock_index;
+ 
++	mutex_lock(&loop_ctl_mutex);
+ 	if (lo->lo_flags & LO_FLAGS_AUTOCLEAR) {
+ 		/*
+ 		 * In autoclear mode, stop the loop thread
+@@ -1652,7 +1652,7 @@ static void lo_release(struct gendisk *d
+ 		 */
+ 		err = loop_clr_fd(lo);
+ 		if (!err)
+-			return;
++			goto unlock_index;
+ 	} else if (lo->lo_state == Lo_bound) {
+ 		/*
+ 		 * Otherwise keep thread (if running) and config,
+@@ -1662,8 +1662,9 @@ static void lo_release(struct gendisk *d
+ 		blk_mq_unfreeze_queue(lo->lo_queue);
+ 	}
+ 
+-out_unlock:
+ 	mutex_unlock(&loop_ctl_mutex);
++unlock_index:
++	mutex_unlock(&loop_index_mutex);
+ }
+ 
+ static const struct block_device_operations lo_fops = {
+@@ -1956,7 +1957,7 @@ static struct kobject *loop_probe(dev_t
+ 	struct kobject *kobj;
+ 	int err;
+ 
+-	mutex_lock(&loop_ctl_mutex);
++	mutex_lock(&loop_index_mutex);
+ 	err = loop_lookup(&lo, MINOR(dev) >> part_shift);
+ 	if (err < 0)
+ 		err = loop_add(&lo, MINOR(dev) >> part_shift);
+@@ -1964,7 +1965,7 @@ static struct kobject *loop_probe(dev_t
+ 		kobj = NULL;
+ 	else
+ 		kobj = get_disk(lo->lo_disk);
+-	mutex_unlock(&loop_ctl_mutex);
++	mutex_unlock(&loop_index_mutex);
+ 
+ 	*part = 0;
+ 	return kobj;
+@@ -1974,13 +1975,9 @@ static long loop_control_ioctl(struct fi
+ 			       unsigned long parm)
+ {
+ 	struct loop_device *lo;
+-	int ret;
+-
+-	ret = mutex_lock_killable(&loop_ctl_mutex);
+-	if (ret)
+-		return ret;
++	int ret = -ENOSYS;
+ 
+-	ret = -ENOSYS;
++	mutex_lock(&loop_index_mutex);
+ 	switch (cmd) {
+ 	case LOOP_CTL_ADD:
+ 		ret = loop_lookup(&lo, parm);
+@@ -1994,6 +1991,7 @@ static long loop_control_ioctl(struct fi
+ 		ret = loop_lookup(&lo, parm);
+ 		if (ret < 0)
+ 			break;
++		mutex_lock(&loop_ctl_mutex);
+ 		if (lo->lo_state != Lo_unbound) {
+ 			ret = -EBUSY;
+ 			mutex_unlock(&loop_ctl_mutex);
+@@ -2005,6 +2003,7 @@ static long loop_control_ioctl(struct fi
+ 			break;
+ 		}
+ 		lo->lo_disk->private_data = NULL;
++		mutex_unlock(&loop_ctl_mutex);
+ 		idr_remove(&loop_index_idr, lo->lo_number);
+ 		loop_remove(lo);
+ 		break;
+@@ -2014,7 +2013,7 @@ static long loop_control_ioctl(struct fi
+ 			break;
+ 		ret = loop_add(&lo, -1);
+ 	}
+-	mutex_unlock(&loop_ctl_mutex);
++	mutex_unlock(&loop_index_mutex);
+ 
+ 	return ret;
+ }
+@@ -2098,10 +2097,10 @@ static int __init loop_init(void)
+ 				  THIS_MODULE, loop_probe, NULL, NULL);
+ 
+ 	/* pre-create number of devices given by config or max_loop */
+-	mutex_lock(&loop_ctl_mutex);
++	mutex_lock(&loop_index_mutex);
+ 	for (i = 0; i < nr; i++)
+ 		loop_add(&lo, i);
+-	mutex_unlock(&loop_ctl_mutex);
++	mutex_unlock(&loop_index_mutex);
+ 
+ 	printk(KERN_INFO "loop: module loaded\n");
+ 	return 0;
diff --git a/queue-4.14/series b/queue-4.14/series
new file mode 100644
index 00000000000..c5c92cac45a
--- /dev/null
+++ b/queue-4.14/series
@@ -0,0 +1,3 @@
+revert-loop-fix-double-mutex_unlock-loop_ctl_mutex-in-loop_control_ioctl.patch
+revert-loop-get-rid-of-loop_index_mutex.patch
+revert-loop-fold-__loop_release-into-loop_release.patch