From f996d4e37395ee9577a1af48333d4d54fe4c2a59 Mon Sep 17 00:00:00 2001
From: Sasha Levin <sashal@kernel.org>
Date: Mon, 29 Jun 2020 10:35:21 -0400
Subject: [PATCH] Fixes for 4.19

Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 queue-4.19/series                             |   1 +
 ...-freeblocks-verify-in-xfs_agf_verify.patch | 112 ++++++++++++++++++
 2 files changed, 113 insertions(+)
 create mode 100644 queue-4.19/xfs-add-agf-freeblocks-verify-in-xfs_agf_verify.patch

diff --git a/queue-4.19/series b/queue-4.19/series
index 774b56cc521..d35cef5a039 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -127,3 +127,4 @@ pnfs-flexfiles-fix-list-corruption-if-the-mirror-count-changes.patch
 nfsv4-fix-close-not-waiting-for-direct-io-compeletion.patch
 dm-writecache-correct-uncommitted_block-when-discarding-uncommitted-entry.patch
 dm-writecache-add-cond_resched-to-loop-in-persistent_memory_claim.patch
+xfs-add-agf-freeblocks-verify-in-xfs_agf_verify.patch
diff --git a/queue-4.19/xfs-add-agf-freeblocks-verify-in-xfs_agf_verify.patch b/queue-4.19/xfs-add-agf-freeblocks-verify-in-xfs_agf_verify.patch
new file mode 100644
index 00000000000..728e1e49054
--- /dev/null
+++ b/queue-4.19/xfs-add-agf-freeblocks-verify-in-xfs_agf_verify.patch
@@ -0,0 +1,112 @@
+From 4650c848b7dc6a3b62aa2b61a4b9876050dc50aa Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 21 Feb 2020 07:38:20 -0800
+Subject: xfs: add agf freeblocks verify in xfs_agf_verify
+
+From: Zheng Bin <zhengbin13@huawei.com>
+
+[ Upstream commit d0c7feaf87678371c2c09b3709400be416b2dc62 ]
+
+We recently used fuzz(hydra) to test XFS and automatically generate
+tmp.img(XFS v5 format, but some metadata is wrong)
+
+xfs_repair information(just one AG):
+agf_freeblks 0, counted 3224 in ag 0
+agf_longest 536874136, counted 3224 in ag 0
+sb_fdblocks 613, counted 3228
+
+Test as follows:
+mount tmp.img tmpdir
+cp file1M tmpdir
+sync
+
+In 4.19-stable, sync will stuck, the reason is:
+xfs_mountfs
+  xfs_check_summary_counts
+    if ((!xfs_sb_version_haslazysbcount(&mp->m_sb) ||
+       XFS_LAST_UNMOUNT_WAS_CLEAN(mp)) &&
+       !xfs_fs_has_sickness(mp, XFS_SICK_FS_COUNTERS))
+	return 0;  -->just return, incore sb_fdblocks still be 613
+    xfs_initialize_perag_data
+
+cp file1M tmpdir -->ok(write file to pagecache)
+sync -->stuck(write pagecache to disk)
+xfs_map_blocks
+  xfs_iomap_write_allocate
+    while (count_fsb != 0) {
+      nimaps = 0;
+      while (nimaps == 0) { --> endless loop
+         nimaps = 1;
+         xfs_bmapi_write(..., &nimaps) --> nimaps becomes 0 again
+xfs_bmapi_write
+  xfs_bmap_alloc
+    xfs_bmap_btalloc
+      xfs_alloc_vextent
+        xfs_alloc_fix_freelist
+          xfs_alloc_space_available -->fail(agf_freeblks is 0)
+
+In linux-next, sync not stuck, cause commit c2b3164320b5 ("xfs:
+use the latest extent at writeback delalloc conversion time") remove
+the above while, dmesg is as follows:
+[   55.250114] XFS (loop0): page discard on page ffffea0008bc7380, inode 0x1b0c, offset 0.
+
+Users do not know why this page is discard, the better soultion is:
+1. Like xfs_repair, make sure sb_fdblocks is equal to counted
+(xfs_initialize_perag_data did this, who is not called at this mount)
+2. Add agf verify, if fail, will tell users to repair
+
+This patch use the second soultion.
+
+Signed-off-by: Zheng Bin <zhengbin13@huawei.com>
+Signed-off-by: Ren Xudong <renxudong1@huawei.com>
+Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/xfs/libxfs/xfs_alloc.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/fs/xfs/libxfs/xfs_alloc.c b/fs/xfs/libxfs/xfs_alloc.c
+index e1c0c0d2f1b05..1eb7933dac83e 100644
+--- a/fs/xfs/libxfs/xfs_alloc.c
++++ b/fs/xfs/libxfs/xfs_alloc.c
+@@ -2596,6 +2596,13 @@ xfs_agf_verify(
+ 	      be32_to_cpu(agf->agf_flcount) <= xfs_agfl_size(mp)))
+ 		return __this_address;
+ 
++	if (be32_to_cpu(agf->agf_length) > mp->m_sb.sb_dblocks)
++		return __this_address;
++
++	if (be32_to_cpu(agf->agf_freeblks) < be32_to_cpu(agf->agf_longest) ||
++	    be32_to_cpu(agf->agf_freeblks) > be32_to_cpu(agf->agf_length))
++		return __this_address;
++
+ 	if (be32_to_cpu(agf->agf_levels[XFS_BTNUM_BNO]) < 1 ||
+ 	    be32_to_cpu(agf->agf_levels[XFS_BTNUM_CNT]) < 1 ||
+ 	    be32_to_cpu(agf->agf_levels[XFS_BTNUM_BNO]) > XFS_BTREE_MAXLEVELS ||
+@@ -2607,6 +2614,10 @@ xfs_agf_verify(
+ 	     be32_to_cpu(agf->agf_levels[XFS_BTNUM_RMAP]) > XFS_BTREE_MAXLEVELS))
+ 		return __this_address;
+ 
++	if (xfs_sb_version_hasrmapbt(&mp->m_sb) &&
++	    be32_to_cpu(agf->agf_rmap_blocks) > be32_to_cpu(agf->agf_length))
++		return __this_address;
++
+ 	/*
+ 	 * during growfs operations, the perag is not fully initialised,
+ 	 * so we can't use it for any useful checking. growfs ensures we can't
+@@ -2620,6 +2631,11 @@ xfs_agf_verify(
+ 	    be32_to_cpu(agf->agf_btreeblks) > be32_to_cpu(agf->agf_length))
+ 		return __this_address;
+ 
++	if (xfs_sb_version_hasreflink(&mp->m_sb) &&
++	    be32_to_cpu(agf->agf_refcount_blocks) >
++	    be32_to_cpu(agf->agf_length))
++		return __this_address;
++
+ 	if (xfs_sb_version_hasreflink(&mp->m_sb) &&
+ 	    (be32_to_cpu(agf->agf_refcount_level) < 1 ||
+ 	     be32_to_cpu(agf->agf_refcount_level) > XFS_BTREE_MAXLEVELS))
+-- 
+2.25.1
+
-- 
2.47.3