From 4313ff07b41b199f77cb5b5a4c65001e67d50fa9 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 21 Aug 2023 13:45:26 +0200
Subject: [PATCH] 4.19-stable patches

added patches:
	cifs-release-folio-lock-on-fscache-read-hit.patch
	mmc-wbsd-fix-double-mmc_free_host-in-wbsd_init.patch
---
 ...lease-folio-lock-on-fscache-read-hit.patch | 65 +++++++++++++++++++
 ...ix-double-mmc_free_host-in-wbsd_init.patch | 33 ++++++++++
 queue-4.19/series                             |  2 +
 3 files changed, 100 insertions(+)
 create mode 100644 queue-4.19/cifs-release-folio-lock-on-fscache-read-hit.patch
 create mode 100644 queue-4.19/mmc-wbsd-fix-double-mmc_free_host-in-wbsd_init.patch

diff --git a/queue-4.19/cifs-release-folio-lock-on-fscache-read-hit.patch b/queue-4.19/cifs-release-folio-lock-on-fscache-read-hit.patch
new file mode 100644
index 00000000000..8641d57fd1f
--- /dev/null
+++ b/queue-4.19/cifs-release-folio-lock-on-fscache-read-hit.patch
@@ -0,0 +1,65 @@
+From 69513dd669e243928f7450893190915a88f84a2b Mon Sep 17 00:00:00 2001
+From: Russell Harmon via samba-technical <samba-technical@lists.samba.org>
+Date: Thu, 10 Aug 2023 00:19:22 -0700
+Subject: cifs: Release folio lock on fscache read hit.
+
+From: Russell Harmon via samba-technical <samba-technical@lists.samba.org>
+
+commit 69513dd669e243928f7450893190915a88f84a2b upstream.
+
+Under the current code, when cifs_readpage_worker is called, the call
+contract is that the callee should unlock the page. This is documented
+in the read_folio section of Documentation/filesystems/vfs.rst as:
+
+> The filesystem should unlock the folio once the read has completed,
+> whether it was successful or not.
+
+Without this change, when fscache is in use and cache hit occurs during
+a read, the page lock is leaked, producing the following stack on
+subsequent reads (via mmap) to the page:
+
+$ cat /proc/3890/task/12864/stack
+[<0>] folio_wait_bit_common+0x124/0x350
+[<0>] filemap_read_folio+0xad/0xf0
+[<0>] filemap_fault+0x8b1/0xab0
+[<0>] __do_fault+0x39/0x150
+[<0>] do_fault+0x25c/0x3e0
+[<0>] __handle_mm_fault+0x6ca/0xc70
+[<0>] handle_mm_fault+0xe9/0x350
+[<0>] do_user_addr_fault+0x225/0x6c0
+[<0>] exc_page_fault+0x84/0x1b0
+[<0>] asm_exc_page_fault+0x27/0x30
+
+This requires a reboot to resolve; it is a deadlock.
+
+Note however that the call to cifs_readpage_from_fscache does mark the
+page clean, but does not free the folio lock. This happens in
+__cifs_readpage_from_fscache on success. Releasing the lock at that
+point however is not appropriate as cifs_readahead also calls
+cifs_readpage_from_fscache and *does* unconditionally release the lock
+after its return. This change therefore effectively makes
+cifs_readpage_worker work like cifs_readahead.
+
+Signed-off-by: Russell Harmon <russ@har.mn>
+Acked-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
+Reviewed-by: David Howells <dhowells@redhat.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/file.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/cifs/file.c
++++ b/fs/cifs/file.c
+@@ -3991,9 +3991,9 @@ static int cifs_readpage_worker(struct f
+ 
+ io_error:
+ 	kunmap(page);
+-	unlock_page(page);
+ 
+ read_complete:
++	unlock_page(page);
+ 	return rc;
+ }
+ 
diff --git a/queue-4.19/mmc-wbsd-fix-double-mmc_free_host-in-wbsd_init.patch b/queue-4.19/mmc-wbsd-fix-double-mmc_free_host-in-wbsd_init.patch
new file mode 100644
index 00000000000..a929205f1a2
--- /dev/null
+++ b/queue-4.19/mmc-wbsd-fix-double-mmc_free_host-in-wbsd_init.patch
@@ -0,0 +1,33 @@
+From d83035433701919ac6db15f7737cbf554c36c1a6 Mon Sep 17 00:00:00 2001
+From: Yang Yingliang <yangyingliang@huawei.com>
+Date: Mon, 7 Aug 2023 20:44:42 +0800
+Subject: mmc: wbsd: fix double mmc_free_host() in wbsd_init()
+
+From: Yang Yingliang <yangyingliang@huawei.com>
+
+commit d83035433701919ac6db15f7737cbf554c36c1a6 upstream.
+
+mmc_free_host() has already be called in wbsd_free_mmc(),
+remove the mmc_free_host() in error path in wbsd_init().
+
+Fixes: dc5b9b50fc9d ("mmc: wbsd: fix return value check of mmc_add_host()")
+Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20230807124443.3431366-1-yangyingliang@huawei.com
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mmc/host/wbsd.c |    2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/drivers/mmc/host/wbsd.c
++++ b/drivers/mmc/host/wbsd.c
+@@ -1713,8 +1713,6 @@ static int wbsd_init(struct device *dev,
+ 
+ 		wbsd_release_resources(host);
+ 		wbsd_free_mmc(dev);
+-
+-		mmc_free_host(mmc);
+ 		return ret;
+ 	}
+ 
diff --git a/queue-4.19/series b/queue-4.19/series
index 5bede626e81..15823204aee 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -74,3 +74,5 @@ asoc-rt5665-add-missed-regulator_bulk_disable.patch
 asoc-meson-axg-tdm-formatter-fix-channel-slot-alloca.patch
 serial-8250-fix-oops-for-port-pm-on-uart_change_pm.patch
 alsa-usb-audio-add-support-for-mythware-xa001au-capture-and-playback-interfaces.patch
+cifs-release-folio-lock-on-fscache-read-hit.patch
+mmc-wbsd-fix-double-mmc_free_host-in-wbsd_init.patch
-- 
2.47.3