From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 29 Jan 2019 10:57:58 +0000 (+0100)
Subject: 4.14-stable patches
X-Git-Tag: v4.9.154~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a35106037d7394c80a8113d01abe8fa242e35e4c;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	btrfs-dev-replace-go-back-to-suspended-state-if-target-device-is-missing.patch
	btrfs-fix-error-handling-in-btrfs_dev_replace_start.patch
	f2fs-read-page-index-before-freeing.patch
---

diff --git a/queue-4.14/btrfs-dev-replace-go-back-to-suspended-state-if-target-device-is-missing.patch b/queue-4.14/btrfs-dev-replace-go-back-to-suspended-state-if-target-device-is-missing.patch
new file mode 100644
index 00000000000..4cee7af7531
--- /dev/null
+++ b/queue-4.14/btrfs-dev-replace-go-back-to-suspended-state-if-target-device-is-missing.patch
@@ -0,0 +1,40 @@
+From 0d228ece59a35a9b9e8ff0d40653234a6d90f61e Mon Sep 17 00:00:00 2001
+From: Anand Jain <anand.jain@oracle.com>
+Date: Sun, 11 Nov 2018 22:22:17 +0800
+Subject: btrfs: dev-replace: go back to suspended state if target device is missing
+
+From: Anand Jain <anand.jain@oracle.com>
+
+commit 0d228ece59a35a9b9e8ff0d40653234a6d90f61e upstream.
+
+At the time of forced unmount we place the running replace to
+BTRFS_IOCTL_DEV_REPLACE_STATE_SUSPENDED state, so when the system comes
+back and expect the target device is missing.
+
+Then let the replace state continue to be in
+BTRFS_IOCTL_DEV_REPLACE_STATE_SUSPENDED state instead of
+BTRFS_IOCTL_DEV_REPLACE_STATE_STARTED as there isn't any matching scrub
+running as part of replace.
+
+Fixes: e93c89c1aaaa ("Btrfs: add new sources for device replace code")
+CC: stable@vger.kernel.org # 4.4+
+Signed-off-by: Anand Jain <anand.jain@oracle.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/dev-replace.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/btrfs/dev-replace.c
++++ b/fs/btrfs/dev-replace.c
+@@ -804,6 +804,8 @@ int btrfs_resume_dev_replace_async(struc
+ 			   "cannot continue dev_replace, tgtdev is missing");
+ 		btrfs_info(fs_info,
+ 			   "you may cancel the operation after 'mount -o degraded'");
++		dev_replace->replace_state =
++					BTRFS_IOCTL_DEV_REPLACE_STATE_SUSPENDED;
+ 		btrfs_dev_replace_unlock(dev_replace, 1);
+ 		return 0;
+ 	}
diff --git a/queue-4.14/btrfs-fix-error-handling-in-btrfs_dev_replace_start.patch b/queue-4.14/btrfs-fix-error-handling-in-btrfs_dev_replace_start.patch
new file mode 100644
index 00000000000..ac2dc7edc37
--- /dev/null
+++ b/queue-4.14/btrfs-fix-error-handling-in-btrfs_dev_replace_start.patch
@@ -0,0 +1,62 @@
+From 5c06147128fbbdf7a84232c5f0d808f53153defe Mon Sep 17 00:00:00 2001
+From: Jeff Mahoney <jeffm@suse.com>
+Date: Thu, 6 Sep 2018 15:52:17 -0400
+Subject: btrfs: fix error handling in btrfs_dev_replace_start
+
+From: Jeff Mahoney <jeffm@suse.com>
+
+commit 5c06147128fbbdf7a84232c5f0d808f53153defe upstream.
+
+When we fail to start a transaction in btrfs_dev_replace_start, we leave
+dev_replace->replace_start set to STARTED but clear ->srcdev and
+->tgtdev.  Later, that can result in an Oops in
+btrfs_dev_replace_progress when having state set to STARTED or SUSPENDED
+implies that ->srcdev is valid.
+
+Also fix error handling when the state is already STARTED or SUSPENDED
+while starting.  That, too, will clear ->srcdev and ->tgtdev even though
+it doesn't own them.  This should be an impossible case to hit since we
+should be protected by the BTRFS_FS_EXCL_OP bit being set.  Let's add an
+ASSERT there while we're at it.
+
+Fixes: e93c89c1aaaaa (Btrfs: add new sources for device replace code)
+CC: stable@vger.kernel.org # 4.4+
+Signed-off-by: Jeff Mahoney <jeffm@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/dev-replace.c |    7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/fs/btrfs/dev-replace.c
++++ b/fs/btrfs/dev-replace.c
+@@ -351,6 +351,7 @@ int btrfs_dev_replace_start(struct btrfs
+ 		break;
+ 	case BTRFS_IOCTL_DEV_REPLACE_STATE_STARTED:
+ 	case BTRFS_IOCTL_DEV_REPLACE_STATE_SUSPENDED:
++		ASSERT(0);
+ 		ret = BTRFS_IOCTL_DEV_REPLACE_RESULT_ALREADY_STARTED;
+ 		goto leave;
+ 	}
+@@ -395,6 +396,10 @@ int btrfs_dev_replace_start(struct btrfs
+ 	if (IS_ERR(trans)) {
+ 		ret = PTR_ERR(trans);
+ 		btrfs_dev_replace_lock(dev_replace, 1);
++		dev_replace->replace_state =
++			BTRFS_IOCTL_DEV_REPLACE_STATE_NEVER_STARTED;
++		dev_replace->srcdev = NULL;
++		dev_replace->tgtdev = NULL;
+ 		goto leave;
+ 	}
+ 
+@@ -416,8 +421,6 @@ int btrfs_dev_replace_start(struct btrfs
+ 	return ret;
+ 
+ leave:
+-	dev_replace->srcdev = NULL;
+-	dev_replace->tgtdev = NULL;
+ 	btrfs_dev_replace_unlock(dev_replace, 1);
+ 	btrfs_destroy_dev_replace_tgtdev(fs_info, tgt_device);
+ 	return ret;
diff --git a/queue-4.14/f2fs-read-page-index-before-freeing.patch b/queue-4.14/f2fs-read-page-index-before-freeing.patch
new file mode 100644
index 00000000000..24a21fe09c0
--- /dev/null
+++ b/queue-4.14/f2fs-read-page-index-before-freeing.patch
@@ -0,0 +1,47 @@
+From 0ea295dd853e0879a9a30ab61f923c26be35b902 Mon Sep 17 00:00:00 2001
+From: Pan Bian <bianpan2016@163.com>
+Date: Thu, 22 Nov 2018 18:58:46 +0800
+Subject: f2fs: read page index before freeing
+
+From: Pan Bian <bianpan2016@163.com>
+
+commit 0ea295dd853e0879a9a30ab61f923c26be35b902 upstream.
+
+The function truncate_node frees the page with f2fs_put_page. However,
+the page index is read after that. So, the patch reads the index before
+freeing the page.
+
+Fixes: bf39c00a9a7f ("f2fs: drop obsolete node page when it is truncated")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Pan Bian <bianpan2016@163.com>
+Reviewed-by: Chao Yu <yuchao0@huawei.com>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/f2fs/node.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/f2fs/node.c
++++ b/fs/f2fs/node.c
+@@ -694,6 +694,7 @@ static void truncate_node(struct dnode_o
+ {
+ 	struct f2fs_sb_info *sbi = F2FS_I_SB(dn->inode);
+ 	struct node_info ni;
++	pgoff_t index;
+ 
+ 	get_node_info(sbi, dn->nid, &ni);
+ 	f2fs_bug_on(sbi, ni.blk_addr == NULL_ADDR);
+@@ -712,10 +713,11 @@ static void truncate_node(struct dnode_o
+ 	clear_node_page_dirty(dn->node_page);
+ 	set_sbi_flag(sbi, SBI_IS_DIRTY);
+ 
++	index = dn->node_page->index;
+ 	f2fs_put_page(dn->node_page, 1);
+ 
+ 	invalidate_mapping_pages(NODE_MAPPING(sbi),
+-			dn->node_page->index, dn->node_page->index);
++			index, index);
+ 
+ 	dn->node_page = NULL;
+ 	trace_f2fs_truncate_node(dn->inode, dn->nid, ni.blk_addr);
diff --git a/queue-4.14/series b/queue-4.14/series
index 9c58fc348e5..68630b5e17a 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -63,3 +63,6 @@ x86-xen-time-set-pvclock-flags-on-xen_time_init.patch
 x86-xen-time-setup-vcpu-0-time-info-page.patch
 x86-xen-time-output-xen-sched_clock-time-from-0.patch
 xen-fix-x86-sched_clock-interface-for-xen.patch
+f2fs-read-page-index-before-freeing.patch
+btrfs-fix-error-handling-in-btrfs_dev_replace_start.patch
+btrfs-dev-replace-go-back-to-suspended-state-if-target-device-is-missing.patch