--- /dev/null
+From bf2cbd3c57159c2b639ee8797b52ab5af180bf83 Mon Sep 17 00:00:00 2001
+From: Chengguang Xu <cgxu519@mykernel.net>
+Date: Sat, 4 Jan 2020 22:20:04 +0800
+Subject: f2fs: code cleanup for f2fs_statfs_project()
+
+From: Chengguang Xu <cgxu519@mykernel.net>
+
+commit bf2cbd3c57159c2b639ee8797b52ab5af180bf83 upstream.
+
+Calling min_not_zero() to simplify complicated prjquota
+limit comparison in f2fs_statfs_project().
+
+Signed-off-by: Chengguang Xu <cgxu519@mykernel.net>
+Reviewed-by: Chao Yu <yuchao0@huawei.com>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/f2fs/super.c | 16 ++++------------
+ 1 file changed, 4 insertions(+), 12 deletions(-)
+
+--- a/fs/f2fs/super.c
++++ b/fs/f2fs/super.c
+@@ -1213,12 +1213,8 @@ static int f2fs_statfs_project(struct su
+ return PTR_ERR(dquot);
+ spin_lock(&dquot->dq_dqb_lock);
+
+- limit = 0;
+- if (dquot->dq_dqb.dqb_bsoftlimit)
+- limit = dquot->dq_dqb.dqb_bsoftlimit;
+- if (dquot->dq_dqb.dqb_bhardlimit &&
+- (!limit || dquot->dq_dqb.dqb_bhardlimit < limit))
+- limit = dquot->dq_dqb.dqb_bhardlimit;
++ limit = min_not_zero(dquot->dq_dqb.dqb_bsoftlimit,
++ dquot->dq_dqb.dqb_bhardlimit);
+ if (limit)
+ limit >>= sb->s_blocksize_bits;
+
+@@ -1230,12 +1226,8 @@ static int f2fs_statfs_project(struct su
+ (buf->f_blocks - curblock) : 0;
+ }
+
+- limit = 0;
+- if (dquot->dq_dqb.dqb_isoftlimit)
+- limit = dquot->dq_dqb.dqb_isoftlimit;
+- if (dquot->dq_dqb.dqb_ihardlimit &&
+- (!limit || dquot->dq_dqb.dqb_ihardlimit < limit))
+- limit = dquot->dq_dqb.dqb_ihardlimit;
++ limit = min_not_zero(dquot->dq_dqb.dqb_isoftlimit,
++ dquot->dq_dqb.dqb_ihardlimit);
+
+ if (limit && buf->f_files > limit) {
+ buf->f_files = limit;
--- /dev/null
+From 5515eae647426169e4b7969271fb207881eba7f6 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 23 Jan 2020 20:15:48 -0800
+Subject: f2fs: fix dcache lookup of !casefolded directories
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 5515eae647426169e4b7969271fb207881eba7f6 upstream.
+
+Do the name comparison for non-casefolded directories correctly.
+
+This is analogous to ext4's commit 66883da1eee8 ("ext4: fix dcache
+lookup of !casefolded directories").
+
+Fixes: 2c2eb7a300cd ("f2fs: Support case-insensitive file name lookups")
+Cc: <stable@vger.kernel.org> # v5.4+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/f2fs/dir.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/f2fs/dir.c
++++ b/fs/f2fs/dir.c
+@@ -1073,7 +1073,7 @@ static int f2fs_d_compare(const struct d
+ if (!IS_CASEFOLDED(dentry->d_parent->d_inode)) {
+ if (len != name->len)
+ return -1;
+- return memcmp(str, name, len);
++ return memcmp(str, name->name, len);
+ }
+
+ return f2fs_ci_compare(dentry->d_parent->d_inode, name, &qstr, false);
--- /dev/null
+From acdf2172172a511f97fa21ed0ee7609a6d3b3a07 Mon Sep 17 00:00:00 2001
+From: Chengguang Xu <cgxu519@mykernel.net>
+Date: Sat, 4 Jan 2020 22:20:03 +0800
+Subject: f2fs: fix miscounted block limit in f2fs_statfs_project()
+
+From: Chengguang Xu <cgxu519@mykernel.net>
+
+commit acdf2172172a511f97fa21ed0ee7609a6d3b3a07 upstream.
+
+statfs calculates Total/Used/Avail disk space in block unit,
+so we should translate soft/hard prjquota limit to block unit
+as well.
+
+Below testing result shows the block/inode numbers of
+Total/Used/Avail from df command are all correct afer
+applying this patch.
+
+[root@localhost quota-tools]\# ./repquota -P /dev/sdb1
+---
+ fs/f2fs/super.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/f2fs/super.c
++++ b/fs/f2fs/super.c
+@@ -1219,6 +1219,8 @@ static int f2fs_statfs_project(struct su
+ if (dquot->dq_dqb.dqb_bhardlimit &&
+ (!limit || dquot->dq_dqb.dqb_bhardlimit < limit))
+ limit = dquot->dq_dqb.dqb_bhardlimit;
++ if (limit)
++ limit >>= sb->s_blocksize_bits;
+
+ if (limit && buf->f_blocks > limit) {
+ curblock = dquot->dq_dqb.dqb_curspace >> sb->s_blocksize_bits;
--- /dev/null
+From 80f2388afa6ef985f9c5c228e36705c4d4db4756 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 23 Jan 2020 20:15:49 -0800
+Subject: f2fs: fix race conditions in ->d_compare() and ->d_hash()
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 80f2388afa6ef985f9c5c228e36705c4d4db4756 upstream.
+
+Since ->d_compare() and ->d_hash() can be called in RCU-walk mode,
+->d_parent and ->d_inode can be concurrently modified, and in
+particular, ->d_inode may be changed to NULL. For f2fs_d_hash() this
+resulted in a reproducible NULL dereference if a lookup is done in a
+directory being deleted, e.g. with:
+
+ int main()
+ {
+ if (fork()) {
+ for (;;) {
+ mkdir("subdir", 0700);
+ rmdir("subdir");
+ }
+ } else {
+ for (;;)
+ access("subdir/file", 0);
+ }
+ }
+
+... or by running the 't_encrypted_d_revalidate' program from xfstests.
+Both repros work in any directory on a filesystem with the encoding
+feature, even if the directory doesn't actually have the casefold flag.
+
+I couldn't reproduce a crash in f2fs_d_compare(), but it appears that a
+similar crash is possible there.
+
+Fix these bugs by reading ->d_parent and ->d_inode using READ_ONCE() and
+falling back to the case sensitive behavior if the inode is NULL.
+
+Reported-by: Al Viro <viro@zeniv.linux.org.uk>
+Fixes: 2c2eb7a300cd ("f2fs: Support case-insensitive file name lookups")
+Cc: <stable@vger.kernel.org> # v5.4+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/f2fs/dir.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/fs/f2fs/dir.c
++++ b/fs/f2fs/dir.c
+@@ -1069,24 +1069,27 @@ static int f2fs_d_compare(const struct d
+ const char *str, const struct qstr *name)
+ {
+ struct qstr qstr = {.name = str, .len = len };
++ const struct dentry *parent = READ_ONCE(dentry->d_parent);
++ const struct inode *inode = READ_ONCE(parent->d_inode);
+
+- if (!IS_CASEFOLDED(dentry->d_parent->d_inode)) {
++ if (!inode || !IS_CASEFOLDED(inode)) {
+ if (len != name->len)
+ return -1;
+ return memcmp(str, name->name, len);
+ }
+
+- return f2fs_ci_compare(dentry->d_parent->d_inode, name, &qstr, false);
++ return f2fs_ci_compare(inode, name, &qstr, false);
+ }
+
+ static int f2fs_d_hash(const struct dentry *dentry, struct qstr *str)
+ {
+ struct f2fs_sb_info *sbi = F2FS_SB(dentry->d_sb);
+ const struct unicode_map *um = sbi->s_encoding;
++ const struct inode *inode = READ_ONCE(dentry->d_inode);
+ unsigned char *norm;
+ int len, ret = 0;
+
+- if (!IS_CASEFOLDED(dentry->d_inode))
++ if (!inode || !IS_CASEFOLDED(inode))
+ return 0;
+
+ norm = f2fs_kmalloc(sbi, PATH_MAX, GFP_ATOMIC);
--- /dev/null
+From a4ac9d45c0cd14a2adc872186431c79804b77dbf Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Mon, 3 Feb 2020 11:41:53 +0100
+Subject: ovl: fix lseek overflow on 32bit
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit a4ac9d45c0cd14a2adc872186431c79804b77dbf upstream.
+
+ovl_lseek() is using ssize_t to return the value from vfs_llseek(). On a
+32-bit kernel ssize_t is a 32-bit signed int, which overflows above 2 GB.
+
+Assign the return value of vfs_llseek() to loff_t to fix this.
+
+Reported-by: Boris Gjenero <boris.gjenero@gmail.com>
+Fixes: 9e46b840c705 ("ovl: support stacked SEEK_HOLE/SEEK_DATA")
+Cc: <stable@vger.kernel.org> # v4.19
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/overlayfs/file.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/overlayfs/file.c
++++ b/fs/overlayfs/file.c
+@@ -146,7 +146,7 @@ static loff_t ovl_llseek(struct file *fi
+ struct inode *inode = file_inode(file);
+ struct fd real;
+ const struct cred *old_cred;
+- ssize_t ret;
++ loff_t ret;
+
+ /*
+ * The two special cases below do not need to involve real fs,
--- /dev/null
+From 4c37e71b713ecffe81f8e6273c6835e54306d412 Mon Sep 17 00:00:00 2001
+From: Amir Goldstein <amir73il@gmail.com>
+Date: Sun, 22 Dec 2019 22:47:54 +0200
+Subject: ovl: fix wrong WARN_ON() in ovl_cache_update_ino()
+
+From: Amir Goldstein <amir73il@gmail.com>
+
+commit 4c37e71b713ecffe81f8e6273c6835e54306d412 upstream.
+
+The WARN_ON() that child entry is always on overlay st_dev became wrong
+when we allowed this function to update d_ino in non-samefs setup with xino
+enabled.
+
+It is not true in case of xino bits overflow on a non-dir inode. Leave the
+WARN_ON() only for directories, where assertion is still true.
+
+Fixes: adbf4f7ea834 ("ovl: consistent d_ino for non-samefs with xino")
+Cc: <stable@vger.kernel.org> # v4.17+
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/overlayfs/readdir.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/fs/overlayfs/readdir.c
++++ b/fs/overlayfs/readdir.c
+@@ -504,7 +504,13 @@ get:
+ if (err)
+ goto fail;
+
+- WARN_ON_ONCE(dir->d_sb->s_dev != stat.dev);
++ /*
++ * Directory inode is always on overlay st_dev.
++ * Non-dir with ovl_same_dev() could be on pseudo st_dev in case
++ * of xino bits overflow.
++ */
++ WARN_ON_ONCE(S_ISDIR(stat.mode) &&
++ dir->d_sb->s_dev != stat.dev);
+ ino = stat.ino;
+ } else if (xinobits && !OVL_TYPE_UPPER(type)) {
+ ino = ovl_remap_lower_ino(ino, xinobits,
cpupower-revert-library-abi-changes-from-commit-ae2917093fb60bdc1ed3e.patch
power-supply-axp20x_ac_power-fix-reporting-online-status.patch
power-supply-ltc2941-battery-gauge-fix-use-after-free.patch
+ovl-fix-wrong-warn_on-in-ovl_cache_update_ino.patch
+ovl-fix-lseek-overflow-on-32bit.patch
+f2fs-fix-miscounted-block-limit-in-f2fs_statfs_project.patch
+f2fs-code-cleanup-for-f2fs_statfs_project.patch
+f2fs-fix-dcache-lookup-of-casefolded-directories.patch
+f2fs-fix-race-conditions-in-d_compare-and-d_hash.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
