From 395d71aea7f439d9faf6f09f3c21a19f19a92cf7 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 29 Nov 2021 17:13:18 +0100
Subject: [PATCH] 4.14-stable patches

added patches:
	fuse-release-pipe-buf-after-last-use.patch
---
 ...fuse-release-pipe-buf-after-last-use.patch | 51 +++++++++++++++++++
 queue-4.14/series                             |  1 +
 2 files changed, 52 insertions(+)
 create mode 100644 queue-4.14/fuse-release-pipe-buf-after-last-use.patch

diff --git a/queue-4.14/fuse-release-pipe-buf-after-last-use.patch b/queue-4.14/fuse-release-pipe-buf-after-last-use.patch
new file mode 100644
index 00000000000..b384246c76d
--- /dev/null
+++ b/queue-4.14/fuse-release-pipe-buf-after-last-use.patch
@@ -0,0 +1,51 @@
+From 473441720c8616dfaf4451f9c7ea14f0eb5e5d65 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Thu, 25 Nov 2021 14:05:18 +0100
+Subject: fuse: release pipe buf after last use
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit 473441720c8616dfaf4451f9c7ea14f0eb5e5d65 upstream.
+
+Checking buf->flags should be done before the pipe_buf_release() is called
+on the pipe buffer, since releasing the buffer might modify the flags.
+
+This is exactly what page_cache_pipe_buf_release() does, and which results
+in the same VM_BUG_ON_PAGE(PageLRU(page)) that the original patch was
+trying to fix.
+
+Reported-by: Justin Forbes <jmforbes@linuxtx.org>
+Fixes: 712a951025c0 ("fuse: fix page stealing")
+Cc: <stable@vger.kernel.org> # v2.6.35
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/fuse/dev.c |   10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/fs/fuse/dev.c
++++ b/fs/fuse/dev.c
+@@ -897,17 +897,17 @@ static int fuse_try_move_page(struct fus
+ 		goto out_put_old;
+ 	}
+ 
++	get_page(newpage);
++
++	if (!(buf->flags & PIPE_BUF_FLAG_LRU))
++		lru_cache_add_file(newpage);
++
+ 	/*
+ 	 * Release while we have extra ref on stolen page.  Otherwise
+ 	 * anon_pipe_buf_release() might think the page can be reused.
+ 	 */
+ 	pipe_buf_release(cs->pipe, buf);
+ 
+-	get_page(newpage);
+-
+-	if (!(buf->flags & PIPE_BUF_FLAG_LRU))
+-		lru_cache_add_file(newpage);
+-
+ 	err = 0;
+ 	spin_lock(&cs->req->waitq.lock);
+ 	if (test_bit(FR_ABORTED, &cs->req->flags))
diff --git a/queue-4.14/series b/queue-4.14/series
index 78d3c3d437e..900a5a4d034 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -56,3 +56,4 @@ arm64-dts-marvell-armada-37xx-set-pcie_reset_pin-to-gpio-function.patch
 hugetlbfs-flush-tlbs-correctly-after-huge_pmd_unshare.patch
 proc-vmcore-fix-clearing-user-buffer-by-properly-using-clear_user.patch
 nfc-add-nci_unreg-flag-to-eliminate-the-race.patch
+fuse-release-pipe-buf-after-last-use.patch
-- 
2.39.5