From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 27 Feb 2019 14:05:39 +0000 (+0100)
Subject: 4.9-stable patches
X-Git-Tag: v4.9.162~37
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=de5730d8512349feca8b6f50cc4aa0d95a5b8766;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	revert-loop-fix-double-mutex_unlock-loop_ctl_mutex-in-loop_control_ioctl.patch
	revert-loop-fold-__loop_release-into-loop_release.patch
	revert-loop-get-rid-of-loop_index_mutex.patch
---

diff --git a/queue-4.9/revert-loop-fix-double-mutex_unlock-loop_ctl_mutex-in-loop_control_ioctl.patch b/queue-4.9/revert-loop-fix-double-mutex_unlock-loop_ctl_mutex-in-loop_control_ioctl.patch
new file mode 100644
index 00000000000..107de3ecf0a
--- /dev/null
+++ b/queue-4.9/revert-loop-fix-double-mutex_unlock-loop_ctl_mutex-in-loop_control_ioctl.patch
@@ -0,0 +1,39 @@
+From b69d8c31e3f18ab93422db072a3e57638bb4129c Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Wed, 27 Feb 2019 14:58:58 +0100
+Subject: Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()"
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+This reverts commit 5d3cf50105d007adc54949e0caeca1e944549723 which is
+commit 628bd85947091830a8c4872adfd5ed1d515a9cf2 upstream.
+
+It does not work properly in the 4.9.y tree and causes more problems
+than it fixes, so revert it.
+
+Reported-by: Thomas Lindroth <thomas.lindroth@gmail.com>
+Reported-by: Jan Kara <jack@suse.cz>
+Cc: syzbot <syzbot+c0138741c2290fc5e63f@syzkaller.appspotmail.com>
+Cc: Ming Lei <ming.lei@redhat.com>
+Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Cc: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/block/loop.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/block/loop.c
++++ b/drivers/block/loop.c
+@@ -1929,10 +1929,12 @@ static long loop_control_ioctl(struct fi
+ 			break;
+ 		if (lo->lo_state != Lo_unbound) {
+ 			ret = -EBUSY;
++			mutex_unlock(&loop_ctl_mutex);
+ 			break;
+ 		}
+ 		if (atomic_read(&lo->lo_refcnt) > 0) {
+ 			ret = -EBUSY;
++			mutex_unlock(&loop_ctl_mutex);
+ 			break;
+ 		}
+ 		lo->lo_disk->private_data = NULL;
diff --git a/queue-4.9/revert-loop-fold-__loop_release-into-loop_release.patch b/queue-4.9/revert-loop-fold-__loop_release-into-loop_release.patch
new file mode 100644
index 00000000000..c00229b356e
--- /dev/null
+++ b/queue-4.9/revert-loop-fold-__loop_release-into-loop_release.patch
@@ -0,0 +1,64 @@
+From 50c99bd6aa579ece90683e488c14ac5a88a5afc6 Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Wed, 27 Feb 2019 15:02:03 +0100
+Subject: Revert "loop: Fold __loop_release into loop_release"
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+This reverts commit 7d839c10b848aa66ca1290a21ee600bd17c2dcb4 which is
+commit 967d1dc144b50ad005e5eecdfadfbcfb399ffff6 upstream.
+
+It does not work properly in the 4.9.y tree and causes more problems
+than it fixes, so revert it.
+
+Reported-by: Thomas Lindroth <thomas.lindroth@gmail.com>
+Reported-by: Jan Kara <jack@suse.cz>
+Cc: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/block/loop.c |   16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+--- a/drivers/block/loop.c
++++ b/drivers/block/loop.c
+@@ -1575,15 +1575,12 @@ out:
+ 	return err;
+ }
+ 
+-static void lo_release(struct gendisk *disk, fmode_t mode)
++static void __lo_release(struct loop_device *lo)
+ {
+-	struct loop_device *lo;
+ 	int err;
+ 
+-	mutex_lock(&loop_index_mutex);
+-	lo = disk->private_data;
+ 	if (atomic_dec_return(&lo->lo_refcnt))
+-		goto unlock_index;
++		return;
+ 
+ 	mutex_lock(&loop_ctl_mutex);
+ 	if (lo->lo_flags & LO_FLAGS_AUTOCLEAR) {
+@@ -1593,7 +1590,7 @@ static void lo_release(struct gendisk *d
+ 		 */
+ 		err = loop_clr_fd(lo);
+ 		if (!err)
+-			goto unlock_index;
++			return;
+ 	} else {
+ 		/*
+ 		 * Otherwise keep thread (if running) and config,
+@@ -1603,7 +1600,12 @@ static void lo_release(struct gendisk *d
+ 	}
+ 
+ 	mutex_unlock(&loop_ctl_mutex);
+-unlock_index:
++}
++
++static void lo_release(struct gendisk *disk, fmode_t mode)
++{
++	mutex_lock(&loop_index_mutex);
++	__lo_release(disk->private_data);
+ 	mutex_unlock(&loop_index_mutex);
+ }
+ 
diff --git a/queue-4.9/revert-loop-get-rid-of-loop_index_mutex.patch b/queue-4.9/revert-loop-get-rid-of-loop_index_mutex.patch
new file mode 100644
index 00000000000..b9ec9a7058e
--- /dev/null
+++ b/queue-4.9/revert-loop-get-rid-of-loop_index_mutex.patch
@@ -0,0 +1,161 @@
+From 40be92f86e231126b4445ed185147004205c110c Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Wed, 27 Feb 2019 15:00:55 +0100
+Subject: Revert "loop: Get rid of loop_index_mutex"
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+This reverts commit 6a8f1d8d701462937ce01a3f2219af5435372af7 which is
+commit 0a42e99b58a208839626465af194cfe640ef9493 upstream.
+
+It does not work properly in the 4.9.y tree and causes more problems
+than it fixes, so revert it.
+
+Reported-by: Thomas Lindroth <thomas.lindroth@gmail.com>
+Reported-by: Jan Kara <jack@suse.cz>
+Cc: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/block/loop.c |   39 +++++++++++++++++++--------------------
+ 1 file changed, 19 insertions(+), 20 deletions(-)
+
+--- a/drivers/block/loop.c
++++ b/drivers/block/loop.c
+@@ -81,6 +81,7 @@
+ #include <asm/uaccess.h>
+ 
+ static DEFINE_IDR(loop_index_idr);
++static DEFINE_MUTEX(loop_index_mutex);
+ static DEFINE_MUTEX(loop_ctl_mutex);
+ 
+ static int max_part;
+@@ -1559,11 +1560,9 @@ static int lo_compat_ioctl(struct block_
+ static int lo_open(struct block_device *bdev, fmode_t mode)
+ {
+ 	struct loop_device *lo;
+-	int err;
++	int err = 0;
+ 
+-	err = mutex_lock_killable(&loop_ctl_mutex);
+-	if (err)
+-		return err;
++	mutex_lock(&loop_index_mutex);
+ 	lo = bdev->bd_disk->private_data;
+ 	if (!lo) {
+ 		err = -ENXIO;
+@@ -1572,7 +1571,7 @@ static int lo_open(struct block_device *
+ 
+ 	atomic_inc(&lo->lo_refcnt);
+ out:
+-	mutex_unlock(&loop_ctl_mutex);
++	mutex_unlock(&loop_index_mutex);
+ 	return err;
+ }
+ 
+@@ -1581,11 +1580,12 @@ static void lo_release(struct gendisk *d
+ 	struct loop_device *lo;
+ 	int err;
+ 
+-	mutex_lock(&loop_ctl_mutex);
++	mutex_lock(&loop_index_mutex);
+ 	lo = disk->private_data;
+ 	if (atomic_dec_return(&lo->lo_refcnt))
+-		goto out_unlock;
++		goto unlock_index;
+ 
++	mutex_lock(&loop_ctl_mutex);
+ 	if (lo->lo_flags & LO_FLAGS_AUTOCLEAR) {
+ 		/*
+ 		 * In autoclear mode, stop the loop thread
+@@ -1593,7 +1593,7 @@ static void lo_release(struct gendisk *d
+ 		 */
+ 		err = loop_clr_fd(lo);
+ 		if (!err)
+-			return;
++			goto unlock_index;
+ 	} else {
+ 		/*
+ 		 * Otherwise keep thread (if running) and config,
+@@ -1602,8 +1602,9 @@ static void lo_release(struct gendisk *d
+ 		loop_flush(lo);
+ 	}
+ 
+-out_unlock:
+ 	mutex_unlock(&loop_ctl_mutex);
++unlock_index:
++	mutex_unlock(&loop_index_mutex);
+ }
+ 
+ static const struct block_device_operations lo_fops = {
+@@ -1889,7 +1890,7 @@ static struct kobject *loop_probe(dev_t
+ 	struct kobject *kobj;
+ 	int err;
+ 
+-	mutex_lock(&loop_ctl_mutex);
++	mutex_lock(&loop_index_mutex);
+ 	err = loop_lookup(&lo, MINOR(dev) >> part_shift);
+ 	if (err < 0)
+ 		err = loop_add(&lo, MINOR(dev) >> part_shift);
+@@ -1897,7 +1898,7 @@ static struct kobject *loop_probe(dev_t
+ 		kobj = NULL;
+ 	else
+ 		kobj = get_disk(lo->lo_disk);
+-	mutex_unlock(&loop_ctl_mutex);
++	mutex_unlock(&loop_index_mutex);
+ 
+ 	*part = 0;
+ 	return kobj;
+@@ -1907,13 +1908,9 @@ static long loop_control_ioctl(struct fi
+ 			       unsigned long parm)
+ {
+ 	struct loop_device *lo;
+-	int ret;
+-
+-	ret = mutex_lock_killable(&loop_ctl_mutex);
+-	if (ret)
+-		return ret;
++	int ret = -ENOSYS;
+ 
+-	ret = -ENOSYS;
++	mutex_lock(&loop_index_mutex);
+ 	switch (cmd) {
+ 	case LOOP_CTL_ADD:
+ 		ret = loop_lookup(&lo, parm);
+@@ -1927,6 +1924,7 @@ static long loop_control_ioctl(struct fi
+ 		ret = loop_lookup(&lo, parm);
+ 		if (ret < 0)
+ 			break;
++		mutex_lock(&loop_ctl_mutex);
+ 		if (lo->lo_state != Lo_unbound) {
+ 			ret = -EBUSY;
+ 			mutex_unlock(&loop_ctl_mutex);
+@@ -1938,6 +1936,7 @@ static long loop_control_ioctl(struct fi
+ 			break;
+ 		}
+ 		lo->lo_disk->private_data = NULL;
++		mutex_unlock(&loop_ctl_mutex);
+ 		idr_remove(&loop_index_idr, lo->lo_number);
+ 		loop_remove(lo);
+ 		break;
+@@ -1947,7 +1946,7 @@ static long loop_control_ioctl(struct fi
+ 			break;
+ 		ret = loop_add(&lo, -1);
+ 	}
+-	mutex_unlock(&loop_ctl_mutex);
++	mutex_unlock(&loop_index_mutex);
+ 
+ 	return ret;
+ }
+@@ -2030,10 +2029,10 @@ static int __init loop_init(void)
+ 				  THIS_MODULE, loop_probe, NULL, NULL);
+ 
+ 	/* pre-create number of devices given by config or max_loop */
+-	mutex_lock(&loop_ctl_mutex);
++	mutex_lock(&loop_index_mutex);
+ 	for (i = 0; i < nr; i++)
+ 		loop_add(&lo, i);
+-	mutex_unlock(&loop_ctl_mutex);
++	mutex_unlock(&loop_index_mutex);
+ 
+ 	printk(KERN_INFO "loop: module loaded\n");
+ 	return 0;
diff --git a/queue-4.9/series b/queue-4.9/series
new file mode 100644
index 00000000000..c5c92cac45a
--- /dev/null
+++ b/queue-4.9/series
@@ -0,0 +1,3 @@
+revert-loop-fix-double-mutex_unlock-loop_ctl_mutex-in-loop_control_ioctl.patch
+revert-loop-get-rid-of-loop_index_mutex.patch
+revert-loop-fold-__loop_release-into-loop_release.patch