From: Greg Kroah-Hartman Date: Thu, 3 Oct 2019 12:23:38 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v4.4.195~24 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=acd5ad6ee2468d776f053cd32ad7aedc3ba51411;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: cfg80211-purge-frame-registrations-on-iftype-change.patch cifs-fix-max-ea-value-size.patch cifs-fix-oplock-handling-for-smb-2.1-protocols.patch dev-mem-bail-out-upon-sigkill.patch ext4-fix-punch-hole-for-inline_data-file-systems.patch ext4-fix-warning-inside-ext4_convert_unwritten_extents_endio.patch hwrng-core-don-t-wait-on-add_early_randomness.patch i2c-riic-clear-nack-in-tend-isr.patch md-don-t-report-active-array_state-until-after-revalidate_disk-completes.patch md-only-call-set_in_sync-when-it-is-expected-to-succeed.patch md-raid6-set-r5_readerror-when-there-is-read-failure-on-parity-disk.patch quota-fix-wrong-condition-in-is_quota_modification.patch --- diff --git a/queue-4.14/cfg80211-purge-frame-registrations-on-iftype-change.patch b/queue-4.14/cfg80211-purge-frame-registrations-on-iftype-change.patch new file mode 100644 index 00000000000..ed3427b932b --- /dev/null +++ b/queue-4.14/cfg80211-purge-frame-registrations-on-iftype-change.patch @@ -0,0 +1,41 @@ +From c1d3ad84eae35414b6b334790048406bd6301b12 Mon Sep 17 00:00:00 2001 +From: Denis Kenzior +Date: Wed, 28 Aug 2019 16:11:10 -0500 +Subject: cfg80211: Purge frame registrations on iftype change + +From: Denis Kenzior + +commit c1d3ad84eae35414b6b334790048406bd6301b12 upstream. + +Currently frame registrations are not purged, even when changing the +interface type. This can lead to potentially weird situations where +frames possibly not allowed on a given interface type remain registered +due to the type switching happening after registration. + +The kernel currently relies on userspace apps to actually purge the +registrations themselves, this is not something that the kernel should +rely on. + +Add a call to cfg80211_mlme_purge_registrations() to forcefully remove +any registrations left over prior to switching the iftype. + +Cc: stable@vger.kernel.org +Signed-off-by: Denis Kenzior +Link: https://lore.kernel.org/r/20190828211110.15005-1-denkenz@gmail.com +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/util.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/wireless/util.c ++++ b/net/wireless/util.c +@@ -1042,6 +1042,7 @@ int cfg80211_change_iface(struct cfg8021 + } + + cfg80211_process_rdev_events(rdev); ++ cfg80211_mlme_purge_registrations(dev->ieee80211_ptr); + } + + err = rdev_change_virtual_intf(rdev, dev, ntype, params); diff --git a/queue-4.14/cifs-fix-max-ea-value-size.patch b/queue-4.14/cifs-fix-max-ea-value-size.patch new file mode 100644 index 00000000000..642e76689e4 --- /dev/null +++ b/queue-4.14/cifs-fix-max-ea-value-size.patch @@ -0,0 +1,34 @@ +From 63d37fb4ce5ae7bf1e58f906d1bf25f036fe79b2 Mon Sep 17 00:00:00 2001 +From: Murphy Zhou +Date: Sat, 21 Sep 2019 19:26:00 +0800 +Subject: CIFS: fix max ea value size + +From: Murphy Zhou + +commit 63d37fb4ce5ae7bf1e58f906d1bf25f036fe79b2 upstream. + +It should not be larger then the slab max buf size. If user +specifies a larger size, it passes this check and goes +straightly to SMB2_set_info_init performing an insecure memcpy. + +Signed-off-by: Murphy Zhou +Reviewed-by: Aurelien Aptel +CC: Stable +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/xattr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/cifs/xattr.c ++++ b/fs/cifs/xattr.c +@@ -31,7 +31,7 @@ + #include "cifs_fs_sb.h" + #include "cifs_unicode.h" + +-#define MAX_EA_VALUE_SIZE 65535 ++#define MAX_EA_VALUE_SIZE CIFSMaxBufSize + #define CIFS_XATTR_CIFS_ACL "system.cifs_acl" + #define CIFS_XATTR_ATTRIB "cifs.dosattrib" /* full name: user.cifs.dosattrib */ + #define CIFS_XATTR_CREATETIME "cifs.creationtime" /* user.cifs.creationtime */ diff --git a/queue-4.14/cifs-fix-oplock-handling-for-smb-2.1-protocols.patch b/queue-4.14/cifs-fix-oplock-handling-for-smb-2.1-protocols.patch new file mode 100644 index 00000000000..7474cde517d --- /dev/null +++ b/queue-4.14/cifs-fix-oplock-handling-for-smb-2.1-protocols.patch @@ -0,0 +1,48 @@ +From a016e2794fc3a245a91946038dd8f34d65e53cc3 Mon Sep 17 00:00:00 2001 +From: Pavel Shilovsky +Date: Thu, 26 Sep 2019 12:31:20 -0700 +Subject: CIFS: Fix oplock handling for SMB 2.1+ protocols + +From: Pavel Shilovsky + +commit a016e2794fc3a245a91946038dd8f34d65e53cc3 upstream. + +There may be situations when a server negotiates SMB 2.1 +protocol version or higher but responds to a CREATE request +with an oplock rather than a lease. + +Currently the client doesn't handle such a case correctly: +when another CREATE comes in the server sends an oplock +break to the initial CREATE and the client doesn't send +an ack back due to a wrong caching level being set (READ +instead of RWH). Missing an oplock break ack makes the +server wait until the break times out which dramatically +increases the latency of the second CREATE. + +Fix this by properly detecting oplocks when using SMB 2.1 +protocol version and higher. + +Cc: +Signed-off-by: Pavel Shilovsky +Signed-off-by: Steve French +Reviewed-by: Ronnie Sahlberg +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/smb2ops.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/fs/cifs/smb2ops.c ++++ b/fs/cifs/smb2ops.c +@@ -1975,6 +1975,11 @@ smb21_set_oplock_level(struct cifsInodeI + if (oplock == SMB2_OPLOCK_LEVEL_NOCHANGE) + return; + ++ /* Check if the server granted an oplock rather than a lease */ ++ if (oplock & SMB2_OPLOCK_LEVEL_EXCLUSIVE) ++ return smb2_set_oplock_level(cinode, oplock, epoch, ++ purge_cache); ++ + if (oplock & SMB2_LEASE_READ_CACHING_HE) { + new_oplock |= CIFS_CACHE_READ_FLG; + strcat(message, "R"); diff --git a/queue-4.14/dev-mem-bail-out-upon-sigkill.patch b/queue-4.14/dev-mem-bail-out-upon-sigkill.patch new file mode 100644 index 00000000000..8dc845e41f3 --- /dev/null +++ b/queue-4.14/dev-mem-bail-out-upon-sigkill.patch @@ -0,0 +1,112 @@ +From 8619e5bdeee8b2c685d686281f2d2a6017c4bc15 Mon Sep 17 00:00:00 2001 +From: Tetsuo Handa +Date: Mon, 26 Aug 2019 22:13:25 +0900 +Subject: /dev/mem: Bail out upon SIGKILL. + +From: Tetsuo Handa + +commit 8619e5bdeee8b2c685d686281f2d2a6017c4bc15 upstream. + +syzbot found that a thread can stall for minutes inside read_mem() or +write_mem() after that thread was killed by SIGKILL [1]. Reading from +iomem areas of /dev/mem can be slow, depending on the hardware. +While reading 2GB at one read() is legal, delaying termination of killed +thread for minutes is bad. Thus, allow reading/writing /dev/mem and +/dev/kmem to be preemptible and killable. + + [ 1335.912419][T20577] read_mem: sz=4096 count=2134565632 + [ 1335.943194][T20577] read_mem: sz=4096 count=2134561536 + [ 1335.978280][T20577] read_mem: sz=4096 count=2134557440 + [ 1336.011147][T20577] read_mem: sz=4096 count=2134553344 + [ 1336.041897][T20577] read_mem: sz=4096 count=2134549248 + +Theoretically, reading/writing /dev/mem and /dev/kmem can become +"interruptible". But this patch chose "killable". Future patch will make +them "interruptible" so that we can revert to "killable" if some program +regressed. + +[1] https://syzkaller.appspot.com/bug?id=a0e3436829698d5824231251fad9d8e998f94f5e + +Signed-off-by: Tetsuo Handa +Cc: stable +Reported-by: syzbot +Link: https://lore.kernel.org/r/1566825205-10703-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/mem.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +--- a/drivers/char/mem.c ++++ b/drivers/char/mem.c +@@ -97,6 +97,13 @@ void __weak unxlate_dev_mem_ptr(phys_add + } + #endif + ++static inline bool should_stop_iteration(void) ++{ ++ if (need_resched()) ++ cond_resched(); ++ return fatal_signal_pending(current); ++} ++ + /* + * This funcion reads the *physical* memory. The f_pos points directly to the + * memory location. +@@ -175,6 +182,8 @@ static ssize_t read_mem(struct file *fil + p += sz; + count -= sz; + read += sz; ++ if (should_stop_iteration()) ++ break; + } + kfree(bounce); + +@@ -251,6 +260,8 @@ static ssize_t write_mem(struct file *fi + p += sz; + count -= sz; + written += sz; ++ if (should_stop_iteration()) ++ break; + } + + *ppos += written; +@@ -464,6 +475,10 @@ static ssize_t read_kmem(struct file *fi + read += sz; + low_count -= sz; + count -= sz; ++ if (should_stop_iteration()) { ++ count = 0; ++ break; ++ } + } + } + +@@ -488,6 +503,8 @@ static ssize_t read_kmem(struct file *fi + buf += sz; + read += sz; + p += sz; ++ if (should_stop_iteration()) ++ break; + } + free_page((unsigned long)kbuf); + } +@@ -540,6 +557,8 @@ static ssize_t do_write_kmem(unsigned lo + p += sz; + count -= sz; + written += sz; ++ if (should_stop_iteration()) ++ break; + } + + *ppos += written; +@@ -591,6 +610,8 @@ static ssize_t write_kmem(struct file *f + buf += sz; + virtr += sz; + p += sz; ++ if (should_stop_iteration()) ++ break; + } + free_page((unsigned long)kbuf); + } diff --git a/queue-4.14/ext4-fix-punch-hole-for-inline_data-file-systems.patch b/queue-4.14/ext4-fix-punch-hole-for-inline_data-file-systems.patch new file mode 100644 index 00000000000..ab5bd98e29b --- /dev/null +++ b/queue-4.14/ext4-fix-punch-hole-for-inline_data-file-systems.patch @@ -0,0 +1,49 @@ +From c1e8220bd316d8ae8e524df39534b8a412a45d5e Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Fri, 23 Aug 2019 22:38:00 -0400 +Subject: ext4: fix punch hole for inline_data file systems + +From: Theodore Ts'o + +commit c1e8220bd316d8ae8e524df39534b8a412a45d5e upstream. + +If a program attempts to punch a hole on an inline data file, we need +to convert it to a normal file first. + +This was detected using ext4/032 using the adv configuration. Simple +reproducer: + +mke2fs -Fq -t ext4 -O inline_data /dev/vdc +mount /vdc +echo "" > /vdc/testfile +xfs_io -c 'truncate 33554432' /vdc/testfile +xfs_io -c 'fpunch 0 1048576' /vdc/testfile +umount /vdc +e2fsck -fy /dev/vdc + +Cc: stable@vger.kernel.org +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/inode.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -4177,6 +4177,15 @@ int ext4_punch_hole(struct inode *inode, + + trace_ext4_punch_hole(inode, offset, length, 0); + ++ ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA); ++ if (ext4_has_inline_data(inode)) { ++ down_write(&EXT4_I(inode)->i_mmap_sem); ++ ret = ext4_convert_inline_data(inode); ++ up_write(&EXT4_I(inode)->i_mmap_sem); ++ if (ret) ++ return ret; ++ } ++ + /* + * Write out all dirty pages to avoid race conditions + * Then release them. diff --git a/queue-4.14/ext4-fix-warning-inside-ext4_convert_unwritten_extents_endio.patch b/queue-4.14/ext4-fix-warning-inside-ext4_convert_unwritten_extents_endio.patch new file mode 100644 index 00000000000..53f8d96fd24 --- /dev/null +++ b/queue-4.14/ext4-fix-warning-inside-ext4_convert_unwritten_extents_endio.patch @@ -0,0 +1,37 @@ +From e3d550c2c4f2f3dba469bc3c4b83d9332b4e99e1 Mon Sep 17 00:00:00 2001 +From: Rakesh Pandit +Date: Thu, 22 Aug 2019 22:53:46 -0400 +Subject: ext4: fix warning inside ext4_convert_unwritten_extents_endio + +From: Rakesh Pandit + +commit e3d550c2c4f2f3dba469bc3c4b83d9332b4e99e1 upstream. + +Really enable warning when CONFIG_EXT4_DEBUG is set and fix missing +first argument. This was introduced in commit ff95ec22cd7f ("ext4: +add warning to ext4_convert_unwritten_extents_endio") and splitting +extents inside endio would trigger it. + +Fixes: ff95ec22cd7f ("ext4: add warning to ext4_convert_unwritten_extents_endio") +Signed-off-by: Rakesh Pandit +Signed-off-by: Theodore Ts'o +Cc: stable@kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/extents.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/ext4/extents.c ++++ b/fs/ext4/extents.c +@@ -3756,8 +3756,8 @@ static int ext4_convert_unwritten_extent + * illegal. + */ + if (ee_block != map->m_lblk || ee_len > map->m_len) { +-#ifdef EXT4_DEBUG +- ext4_warning("Inode (%ld) finished: extent logical block %llu," ++#ifdef CONFIG_EXT4_DEBUG ++ ext4_warning(inode->i_sb, "Inode (%ld) finished: extent logical block %llu," + " len %u; IO logical block %llu, len %u", + inode->i_ino, (unsigned long long)ee_block, ee_len, + (unsigned long long)map->m_lblk, map->m_len); diff --git a/queue-4.14/hwrng-core-don-t-wait-on-add_early_randomness.patch b/queue-4.14/hwrng-core-don-t-wait-on-add_early_randomness.patch new file mode 100644 index 00000000000..b8ba31fe04b --- /dev/null +++ b/queue-4.14/hwrng-core-don-t-wait-on-add_early_randomness.patch @@ -0,0 +1,55 @@ +From 78887832e76541f77169a24ac238fccb51059b63 Mon Sep 17 00:00:00 2001 +From: Laurent Vivier +Date: Tue, 17 Sep 2019 11:54:50 +0200 +Subject: hwrng: core - don't wait on add_early_randomness() + +From: Laurent Vivier + +commit 78887832e76541f77169a24ac238fccb51059b63 upstream. + +add_early_randomness() is called by hwrng_register() when the +hardware is added. If this hardware and its module are present +at boot, and if there is no data available the boot hangs until +data are available and can't be interrupted. + +For instance, in the case of virtio-rng, in some cases the host can be +not able to provide enough entropy for all the guests. + +We can have two easy ways to reproduce the problem but they rely on +misconfiguration of the hypervisor or the egd daemon: + +- if virtio-rng device is configured to connect to the egd daemon of the +host but when the virtio-rng driver asks for data the daemon is not +connected, + +- if virtio-rng device is configured to connect to the egd daemon of the +host but the egd daemon doesn't provide data. + +The guest kernel will hang at boot until the virtio-rng driver provides +enough data. + +To avoid that, call rng_get_data() in non-blocking mode (wait=0) +from add_early_randomness(). + +Signed-off-by: Laurent Vivier +Fixes: d9e797261933 ("hwrng: add randomness to system from rng...") +Cc: +Reviewed-by: Theodore Ts'o +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/hw_random/core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/char/hw_random/core.c ++++ b/drivers/char/hw_random/core.c +@@ -67,7 +67,7 @@ static void add_early_randomness(struct + size_t size = min_t(size_t, 16, rng_buffer_size()); + + mutex_lock(&reading_mutex); +- bytes_read = rng_get_data(rng, rng_buffer, size, 1); ++ bytes_read = rng_get_data(rng, rng_buffer, size, 0); + mutex_unlock(&reading_mutex); + if (bytes_read > 0) + add_device_randomness(rng_buffer, bytes_read); diff --git a/queue-4.14/i2c-riic-clear-nack-in-tend-isr.patch b/queue-4.14/i2c-riic-clear-nack-in-tend-isr.patch new file mode 100644 index 00000000000..2dfa77646dc --- /dev/null +++ b/queue-4.14/i2c-riic-clear-nack-in-tend-isr.patch @@ -0,0 +1,37 @@ +From a71e2ac1f32097fbb2beab098687a7a95c84543e Mon Sep 17 00:00:00 2001 +From: Chris Brandt +Date: Thu, 26 Sep 2019 07:19:09 -0500 +Subject: i2c: riic: Clear NACK in tend isr + +From: Chris Brandt + +commit a71e2ac1f32097fbb2beab098687a7a95c84543e upstream. + +The NACKF flag should be cleared in INTRIICNAKI interrupt processing as +description in HW manual. + +This issue shows up quickly when PREEMPT_RT is applied and a device is +probed that is not plugged in (like a touchscreen controller). The result +is endless interrupts that halt system boot. + +Fixes: 310c18a41450 ("i2c: riic: add driver") +Cc: stable@vger.kernel.org +Reported-by: Chien Nguyen +Signed-off-by: Chris Brandt +Signed-off-by: Wolfram Sang +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/i2c/busses/i2c-riic.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/i2c/busses/i2c-riic.c ++++ b/drivers/i2c/busses/i2c-riic.c +@@ -212,6 +212,7 @@ static irqreturn_t riic_tend_isr(int irq + if (readb(riic->base + RIIC_ICSR2) & ICSR2_NACKF) { + /* We got a NACKIE */ + readb(riic->base + RIIC_ICDRR); /* dummy read */ ++ riic_clear_set_bit(riic, ICSR2_NACKF, 0, RIIC_ICSR2); + riic->err = -ENXIO; + } else if (riic->bytes_left) { + return IRQ_NONE; diff --git a/queue-4.14/md-don-t-report-active-array_state-until-after-revalidate_disk-completes.patch b/queue-4.14/md-don-t-report-active-array_state-until-after-revalidate_disk-completes.patch new file mode 100644 index 00000000000..2b09a67ea63 --- /dev/null +++ b/queue-4.14/md-don-t-report-active-array_state-until-after-revalidate_disk-completes.patch @@ -0,0 +1,104 @@ +From 9d4b45d6af442237560d0bb5502a012baa5234b7 Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Tue, 20 Aug 2019 10:21:09 +1000 +Subject: md: don't report active array_state until after revalidate_disk() completes. + +From: NeilBrown + +commit 9d4b45d6af442237560d0bb5502a012baa5234b7 upstream. + +Until revalidate_disk() has completed, the size of a new md array will +appear to be zero. +So we shouldn't report, through array_state, that the array is active +until that time. +udev rules check array_state to see if the array is ready. As soon as +it appear to be zero, fsck can be run. If it find the size to be +zero, it will fail. + +So add a new flag to provide an interlock between do_md_run() and +array_state_show(). This flag is set while do_md_run() is active and +it prevents array_state_show() from reporting that the array is +active. + +Before do_md_run() is called, ->pers will be NULL so array is +definitely not active. +After do_md_run() is called, revalidate_disk() will have run and the +array will be completely ready. + +We also move various sysfs_notify*() calls out of md_run() into +do_md_run() after MD_NOT_READY is cleared. This ensure the +information is ready before the notification is sent. + +Prior to v4.12, array_state_show() was called with the +mddev->reconfig_mutex held, which provided exclusion with do_md_run(). + +Note that MD_NOT_READY cleared twice. This is deliberate to cover +both success and error paths with minimal noise. + +Fixes: b7b17c9b67e5 ("md: remove mddev_lock() from md_attr_show()") +Cc: stable@vger.kernel.org (v4.12++) +Signed-off-by: NeilBrown +Signed-off-by: Song Liu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/md.c | 11 +++++++---- + drivers/md/md.h | 3 +++ + 2 files changed, 10 insertions(+), 4 deletions(-) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -4108,7 +4108,7 @@ array_state_show(struct mddev *mddev, ch + { + enum array_state st = inactive; + +- if (mddev->pers) ++ if (mddev->pers && !test_bit(MD_NOT_READY, &mddev->flags)) + switch(mddev->ro) { + case 1: + st = readonly; +@@ -5669,9 +5669,6 @@ int md_run(struct mddev *mddev) + md_update_sb(mddev, 0); + + md_new_event(mddev); +- sysfs_notify_dirent_safe(mddev->sysfs_state); +- sysfs_notify_dirent_safe(mddev->sysfs_action); +- sysfs_notify(&mddev->kobj, NULL, "degraded"); + return 0; + + abort: +@@ -5692,6 +5689,7 @@ static int do_md_run(struct mddev *mddev + { + int err; + ++ set_bit(MD_NOT_READY, &mddev->flags); + err = md_run(mddev); + if (err) + goto out; +@@ -5709,9 +5707,14 @@ static int do_md_run(struct mddev *mddev + + set_capacity(mddev->gendisk, mddev->array_sectors); + revalidate_disk(mddev->gendisk); ++ clear_bit(MD_NOT_READY, &mddev->flags); + mddev->changed = 1; + kobject_uevent(&disk_to_dev(mddev->gendisk)->kobj, KOBJ_CHANGE); ++ sysfs_notify_dirent_safe(mddev->sysfs_state); ++ sysfs_notify_dirent_safe(mddev->sysfs_action); ++ sysfs_notify(&mddev->kobj, NULL, "degraded"); + out: ++ clear_bit(MD_NOT_READY, &mddev->flags); + return err; + } + +--- a/drivers/md/md.h ++++ b/drivers/md/md.h +@@ -243,6 +243,9 @@ enum mddev_flags { + MD_UPDATING_SB, /* md_check_recovery is updating the metadata + * without explicitly holding reconfig_mutex. + */ ++ MD_NOT_READY, /* do_md_run() is active, so 'array_state' ++ * must not report that array is ready yet ++ */ + }; + + enum mddev_sb_flags { diff --git a/queue-4.14/md-only-call-set_in_sync-when-it-is-expected-to-succeed.patch b/queue-4.14/md-only-call-set_in_sync-when-it-is-expected-to-succeed.patch new file mode 100644 index 00000000000..430b197b7b8 --- /dev/null +++ b/queue-4.14/md-only-call-set_in_sync-when-it-is-expected-to-succeed.patch @@ -0,0 +1,59 @@ +From 480523feae581ab714ba6610388a3b4619a2f695 Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Tue, 20 Aug 2019 10:21:09 +1000 +Subject: md: only call set_in_sync() when it is expected to succeed. + +From: NeilBrown + +commit 480523feae581ab714ba6610388a3b4619a2f695 upstream. + +Since commit 4ad23a976413 ("MD: use per-cpu counter for +writes_pending"), set_in_sync() is substantially more expensive: it +can wait for a full RCU grace period which can be 10s of milliseconds. + +So we should only call it when the cost is justified. + +md_check_recovery() currently calls set_in_sync() every time it finds +anything to do (on non-external active arrays). For an array +performing resync or recovery, this will be quite often. +Each call will introduce a delay to the md thread, which can noticeable +affect IO submission latency. + +In md_check_recovery() we only need to call set_in_sync() if +'safemode' was non-zero at entry, meaning that there has been not +recent IO. So we save this "safemode was nonzero" state, and only +call set_in_sync() if it was non-zero. + +This measurably reduces mean and maximum IO submission latency during +resync/recovery. + +Reported-and-tested-by: Jack Wang +Fixes: 4ad23a976413 ("MD: use per-cpu counter for writes_pending") +Cc: stable@vger.kernel.org (v4.12+) +Signed-off-by: NeilBrown +Signed-off-by: Song Liu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/md.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -8765,6 +8765,7 @@ void md_check_recovery(struct mddev *mdd + + if (mddev_trylock(mddev)) { + int spares = 0; ++ bool try_set_sync = mddev->safemode != 0; + + if (!mddev->external && mddev->safemode == 1) + mddev->safemode = 0; +@@ -8810,7 +8811,7 @@ void md_check_recovery(struct mddev *mdd + } + } + +- if (!mddev->external && !mddev->in_sync) { ++ if (try_set_sync && !mddev->external && !mddev->in_sync) { + spin_lock(&mddev->lock); + set_in_sync(mddev); + spin_unlock(&mddev->lock); diff --git a/queue-4.14/md-raid6-set-r5_readerror-when-there-is-read-failure-on-parity-disk.patch b/queue-4.14/md-raid6-set-r5_readerror-when-there-is-read-failure-on-parity-disk.patch new file mode 100644 index 00000000000..6826ef1d235 --- /dev/null +++ b/queue-4.14/md-raid6-set-r5_readerror-when-there-is-read-failure-on-parity-disk.patch @@ -0,0 +1,46 @@ +From 143f6e733b73051cd22dcb80951c6c929da413ce Mon Sep 17 00:00:00 2001 +From: Xiao Ni +Date: Mon, 8 Jul 2019 10:14:32 +0800 +Subject: md/raid6: Set R5_ReadError when there is read failure on parity disk + +From: Xiao Ni + +commit 143f6e733b73051cd22dcb80951c6c929da413ce upstream. + +7471fb77ce4d ("md/raid6: Fix anomily when recovering a single device in +RAID6.") avoids rereading P when it can be computed from other members. +However, this misses the chance to re-write the right data to P. This +patch sets R5_ReadError if the re-read fails. + +Also, when re-read is skipped, we also missed the chance to reset +rdev->read_errors to 0. It can fail the disk when there are many read +errors on P member disk (other disks don't have read error) + +V2: upper layer read request don't read parity/Q data. So there is no +need to consider such situation. + +This is Reported-by: kbuild test robot + +Fixes: 7471fb77ce4d ("md/raid6: Fix anomily when recovering a single device in RAID6.") +Cc: #4.4+ +Signed-off-by: Xiao Ni +Signed-off-by: Song Liu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/raid5.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/md/raid5.c ++++ b/drivers/md/raid5.c +@@ -2571,7 +2571,9 @@ static void raid5_end_read_request(struc + && !test_bit(R5_ReadNoMerge, &sh->dev[i].flags)) + retry = 1; + if (retry) +- if (test_bit(R5_ReadNoMerge, &sh->dev[i].flags)) { ++ if (sh->qd_idx >= 0 && sh->pd_idx == i) ++ set_bit(R5_ReadError, &sh->dev[i].flags); ++ else if (test_bit(R5_ReadNoMerge, &sh->dev[i].flags)) { + set_bit(R5_ReadError, &sh->dev[i].flags); + clear_bit(R5_ReadNoMerge, &sh->dev[i].flags); + } else diff --git a/queue-4.14/quota-fix-wrong-condition-in-is_quota_modification.patch b/queue-4.14/quota-fix-wrong-condition-in-is_quota_modification.patch new file mode 100644 index 00000000000..bf88a9f8605 --- /dev/null +++ b/queue-4.14/quota-fix-wrong-condition-in-is_quota_modification.patch @@ -0,0 +1,47 @@ +From 6565c182094f69e4ffdece337d395eb7ec760efc Mon Sep 17 00:00:00 2001 +From: Chao Yu +Date: Wed, 11 Sep 2019 17:36:50 +0800 +Subject: quota: fix wrong condition in is_quota_modification() + +From: Chao Yu + +commit 6565c182094f69e4ffdece337d395eb7ec760efc upstream. + +Quoted from +commit 3da40c7b0898 ("ext4: only call ext4_truncate when size <= isize") + +" At LSF we decided that if we truncate up from isize we shouldn't trim + fallocated blocks that were fallocated with KEEP_SIZE and are past the + new i_size. This patch fixes ext4 to do this. " + +And generic/092 of fstest have covered this case for long time, however +is_quota_modification() didn't adjust based on that rule, so that in +below condition, we will lose to quota block change: +- fallocate blocks beyond EOF +- remount +- truncate(file_path, file_size) + +Fix it. + +Link: https://lore.kernel.org/r/20190911093650.35329-1-yuchao0@huawei.com +Fixes: 3da40c7b0898 ("ext4: only call ext4_truncate when size <= isize") +CC: stable@vger.kernel.org +Signed-off-by: Chao Yu +Signed-off-by: Jan Kara +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/quotaops.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/linux/quotaops.h ++++ b/include/linux/quotaops.h +@@ -22,7 +22,7 @@ static inline struct quota_info *sb_dqop + /* i_mutex must being held */ + static inline bool is_quota_modification(struct inode *inode, struct iattr *ia) + { +- return (ia->ia_valid & ATTR_SIZE && ia->ia_size != inode->i_size) || ++ return (ia->ia_valid & ATTR_SIZE) || + (ia->ia_valid & ATTR_UID && !uid_eq(ia->ia_uid, inode->i_uid)) || + (ia->ia_valid & ATTR_GID && !gid_eq(ia->ia_gid, inode->i_gid)); + } diff --git a/queue-4.14/series b/queue-4.14/series index 094f0edf11f..26d23e340b5 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -168,3 +168,15 @@ ovl-filter-of-trusted-xattr-results-in-audit.patch btrfs-fix-use-after-free-when-using-the-tree-modification-log.patch btrfs-relinquish-cpus-in-btrfs_compare_trees.patch btrfs-qgroup-fix-the-wrong-target-io_tree-when-freeing-reserved-data-space.patch +md-raid6-set-r5_readerror-when-there-is-read-failure-on-parity-disk.patch +md-don-t-report-active-array_state-until-after-revalidate_disk-completes.patch +md-only-call-set_in_sync-when-it-is-expected-to-succeed.patch +cfg80211-purge-frame-registrations-on-iftype-change.patch +dev-mem-bail-out-upon-sigkill.patch +ext4-fix-warning-inside-ext4_convert_unwritten_extents_endio.patch +ext4-fix-punch-hole-for-inline_data-file-systems.patch +quota-fix-wrong-condition-in-is_quota_modification.patch +hwrng-core-don-t-wait-on-add_early_randomness.patch +i2c-riic-clear-nack-in-tend-isr.patch +cifs-fix-max-ea-value-size.patch +cifs-fix-oplock-handling-for-smb-2.1-protocols.patch