Merge branch 'SLE12-SP3' into SLE12-SP3-AZURESLE12-SP3-AZURE

author: Kernel Build Daemon <kbuild@suse.de> 2019-04-23 07:00:32 +0200
committer: Kernel Build Daemon <kbuild@suse.de> 2019-04-23 07:00:32 +0200
commit: f6eb895d95adff2d337e60076ba3ca16545f8d3c (patch)
tree: 539cc18b15a70c3b920f051d9adff1ec7ae49119
parent: 75e666e3b33d18b5615a7c8343cc3d764e474253 (diff)
parent: ff724563a853bd4d5346d655f7d211676a713ba9 (diff)
4 files changed, 260 insertions, 0 deletions
diff --git a/patches.fixes/0001-net-sysfs-call-dev_hold-if-kobject_init_and_add-succ.patch b/patches.fixes/0001-net-sysfs-call-dev_hold-if-kobject_init_and_add-succ.patch
new file mode 100644
index 0000000000..c8312e7a01
--- /dev/null
+++ b/patches.fixes/0001-net-sysfs-call-dev_hold-if-kobject_init_and_add-succ.patch
@@ -0,0 +1,64 @@
+From: YueHaibing <yuehaibing@huawei.com>
+Subject: net-sysfs: call dev_hold if kobject_init_and_add success
+Patch-mainline: v5.1-rc3 
+Git-commit: a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e
+References: git-fixes
+
+In netdev_queue_add_kobject and rx_queue_add_kobject,
+if sysfs_create_group failed, kobject_put will call
+netdev_queue_release to decrease dev refcont, however
+dev_hold has not be called. So we will see this while
+unregistering dev:
+
+unregister_netdevice: waiting for bcsh0 to become free. Usage count = -1
+
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Fixes: d0d668371679 ("net: don't decrement kobj reference count on init failure")
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Denis Kirjanov <dkirjanov@suse.com>
+---
+ net/core/net-sysfs.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
+index 37488e5130fd..edafd949ec64 100644
+--- a/net/core/net-sysfs.c
++++ b/net/core/net-sysfs.c
+@@ -898,6 +898,8 @@ static int rx_queue_add_kobject(struct net_device *dev, int index)
+ 	if (error)
+ 		return error;
+ 
++	dev_hold(queue->dev);
++
+ 	if (dev->sysfs_rx_queue_group) {
+ 		error = sysfs_create_group(kobj, dev->sysfs_rx_queue_group);
+ 		if (error) {
+@@ -907,7 +909,6 @@ static int rx_queue_add_kobject(struct net_device *dev, int index)
+ 	}
+ 
+ 	kobject_uevent(kobj, KOBJ_ADD);
+-	dev_hold(queue->dev);
+ 
+ 	return error;
+ }
+@@ -1289,6 +1290,8 @@ static int netdev_queue_add_kobject(struct net_device *dev, int index)
+ 	if (error)
+ 		return error;
+ 
++	dev_hold(queue->dev);
++
+ #ifdef CONFIG_BQL
+ 	error = sysfs_create_group(kobj, &dql_group);
+ 	if (error) {
+@@ -1298,7 +1301,6 @@ static int netdev_queue_add_kobject(struct net_device *dev, int index)
+ #endif
+ 
+ 	kobject_uevent(kobj, KOBJ_ADD);
+-	dev_hold(queue->dev);
+ 
+ 	return 0;
+ }
+-- 
+2.12.3
+
diff --git a/patches.fixes/fuse-continue-to-send-FUSE_RELEASEDIR-when-FUSE_OPEN-returns-ENOSYS.patch b/patches.fixes/fuse-continue-to-send-FUSE_RELEASEDIR-when-FUSE_OPEN-returns-ENOSYS.patch
new file mode 100644
index 0000000000..6851785f41
--- /dev/null
+++ b/patches.fixes/fuse-continue-to-send-FUSE_RELEASEDIR-when-FUSE_OPEN-returns-ENOSYS.patch
@@ -0,0 +1,135 @@
+From 2e64ff154ce6ce9a8dc0f9556463916efa6ff460 Mon Sep 17 00:00:00 2001
+From: Chad Austin <chadaustin@fb.com>
+Date: Mon Dec 10 10:54:52 2018 -0800
+Subject: [PATCH] fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS
+Git-commit: 2e64ff154ce6ce9a8dc0f9556463916efa6ff460
+References: git-fixes
+Patch-mainline: v4.20-rc7
+
+When FUSE_OPEN returns ENOSYS, the no_open bit is set on the connection.
+
+Because the FUSE_RELEASE and FUSE_RELEASEDIR paths share code, this
+incorrectly caused the FUSE_RELEASEDIR request to be dropped and never sent
+to userspace.
+
+Pass an isdir bool to distinguish between FUSE_RELEASE and FUSE_RELEASEDIR
+inside of fuse_file_put.
+
+Fixes: 7678ac50615d ("fuse: support clients that don't implement 'open'")
+Cc: <stable@vger.kernel.org> # v3.14
+Signed-off-by: Chad Austin <chadaustin@fb.com>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
+
+---
+ fs/fuse/dir.c    |    2 +-
+ fs/fuse/file.c   |   19 ++++++++++---------
+ fs/fuse/fuse_i.h |    2 +-
+ 3 files changed, 12 insertions(+), 11 deletions(-)
+
+--- a/fs/fuse/dir.c
++++ b/fs/fuse/dir.c
+@@ -1403,7 +1403,7 @@ static int fuse_dir_open(struct inode *i
+ 
+ static int fuse_dir_release(struct inode *inode, struct file *file)
+ {
+-	fuse_release_common(file, FUSE_RELEASEDIR);
++	fuse_release_common(file, true);
+ 
+ 	return 0;
+ }
+--- a/fs/fuse/file.c
++++ b/fs/fuse/file.c
+@@ -86,12 +86,12 @@ static void fuse_release_end(struct fuse
+ 	iput(req->misc.release.inode);
+ }
+ 
+-static void fuse_file_put(struct fuse_file *ff, bool sync)
++static void fuse_file_put(struct fuse_file *ff, bool sync, bool isdir)
+ {
+ 	if (atomic_dec_and_test(&ff->count)) {
+ 		struct fuse_req *req = ff->reserved_req;
+ 
+-		if (ff->fc->no_open) {
++		if (ff->fc->no_open && !isdir) {
+ 			/*
+ 			 * Drop the release request when client does not
+ 			 * implement 'open'
+@@ -244,10 +244,11 @@ static void fuse_prepare_release(struct
+ 	req->in.args[0].value = inarg;
+ }
+ 
+-void fuse_release_common(struct file *file, int opcode)
++void fuse_release_common(struct file *file, bool isdir)
+ {
+ 	struct fuse_file *ff;
+ 	struct fuse_req *req;
++	int opcode = isdir ? FUSE_RELEASEDIR : FUSE_RELEASE;
+ 
+ 	ff = file->private_data;
+ 	if (unlikely(!ff))
+@@ -274,7 +275,7 @@ void fuse_release_common(struct file *fi
+ 	 * synchronous RELEASE is allowed (and desirable) in this case
+ 	 * because the server can be trusted not to screw up.
+ 	 */
+-	fuse_file_put(ff, ff->fc->destroy_req != NULL);
++	fuse_file_put(ff, ff->fc->destroy_req != NULL, isdir);
+ }
+ 
+ static int fuse_open(struct inode *inode, struct file *file)
+@@ -290,7 +291,7 @@ static int fuse_release(struct inode *in
+ 	if (fc->writeback_cache)
+ 		write_inode_now(inode, 1);
+ 
+-	fuse_release_common(file, FUSE_RELEASE);
++	fuse_release_common(file, false);
+ 
+ 	/* return value is ignored by VFS */
+ 	return 0;
+@@ -817,7 +818,7 @@ static void fuse_readpages_end(struct fu
+ 		page_cache_release(page);
+ 	}
+ 	if (req->ff)
+-		fuse_file_put(req->ff, false);
++		fuse_file_put(req->ff, false, false);
+ }
+ 
+ static void fuse_send_readpages(struct fuse_req *req, struct file *file)
+@@ -1467,7 +1468,7 @@ static void fuse_writepage_free(struct f
+ 		__free_page(req->pages[i]);
+ 
+ 	if (req->ff)
+-		fuse_file_put(req->ff, false);
++		fuse_file_put(req->ff, false, false);
+ }
+ 
+ static void fuse_writepage_finish(struct fuse_conn *fc, struct fuse_req *req)
+@@ -1624,7 +1625,7 @@ int fuse_write_inode(struct inode *inode
+ 	ff = __fuse_write_file_get(fc, fi);
+ 	err = fuse_flush_times(inode, ff);
+ 	if (ff)
+-		fuse_file_put(ff, 0);
++		fuse_file_put(ff, false, false);
+ 
+ 	return err;
+ }
+@@ -1937,7 +1938,7 @@ static int fuse_writepages(struct addres
+ 		err = 0;
+ 	}
+ 	if (data.ff)
+-		fuse_file_put(data.ff, false);
++		fuse_file_put(data.ff, false, false);
+ 
+ 	kfree(data.orig_pages);
+ out:
+--- a/fs/fuse/fuse_i.h
++++ b/fs/fuse/fuse_i.h
+@@ -730,7 +730,7 @@ void fuse_sync_release(struct fuse_file
+ /**
+  * Send RELEASE or RELEASEDIR request
+  */
+-void fuse_release_common(struct file *file, int opcode);
++void fuse_release_common(struct file *file, bool isdir);
+ 
+ /**
+  * Send FSYNC or FSYNCDIR request
diff --git a/patches.fixes/fuse-fix-possibly-missed-wake-up-after-abort.patch b/patches.fixes/fuse-fix-possibly-missed-wake-up-after-abort.patch
new file mode 100644
index 0000000000..365bd1fbf6
--- /dev/null
+++ b/patches.fixes/fuse-fix-possibly-missed-wake-up-after-abort.patch
@@ -0,0 +1,58 @@
+From 2d84a2d19b6150c6dbac1e6ebad9c82e4c123772 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Fri Nov  9 15:52:16 2018 +0100
+Subject: [PATCH] fuse: fix possibly missed wake-up after abort
+Git-commit: 2d84a2d19b6150c6dbac1e6ebad9c82e4c123772
+References: git-fixes
+Patch-mainline: v4.20-rc3
+
+In current fuse_drop_waiting() implementation it's possible that
+fuse_wait_aborted() will not be woken up in the unlikely case that
+fuse_abort_conn() + fuse_wait_aborted() runs in between checking
+fc->connected and calling atomic_dec(&fc->num_waiting).
+
+Do the atomic_dec_and_test() unconditionally, which also provides the
+necessary barrier against reordering with the fc->connected check.
+
+The explicit smp_mb() in fuse_wait_aborted() is not actually needed, since
+the spin_unlock() in fuse_abort_conn() provides the necessary RELEASE
+barrier after resetting fc->connected.  However, this is not a performance
+sensitive path, and adding the explicit barrier makes it easier to
+document.
+
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Fixes: b8f95e5d13f5 ("fuse: umount should wait for all requests")
+Cc: <stable@vger.kernel.org> #v4.19
+Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
+
+diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
+index 6fe330c..a5e516a 100644
+
+--- a/fs/fuse/dev.c
++++ b/fs/fuse/dev.c
+@@ -165,9 +165,13 @@ static bool fuse_block_alloc(struct fuse_conn *fc, bool for_background)
+ 
+ static void fuse_drop_waiting(struct fuse_conn *fc)
+ {
+-	if (fc->connected) {
+-		atomic_dec(&fc->num_waiting);
+-	} else if (atomic_dec_and_test(&fc->num_waiting)) {
++	/*
++	 * lockess check of fc->connected is okay, because atomic_dec_and_test()
++	 * provides a memory barrier mached with the one in fuse_wait_aborted()
++	 * to ensure no wake-up is missed.
++	 */
++	if (atomic_dec_and_test(&fc->num_waiting) &&
++	    !READ_ONCE(fc->connected)) {
+ 		/* wake up aborters */
+ 		wake_up_all(&fc->blocked_waitq);
+ 	}
+@@ -2221,6 +2225,8 @@ EXPORT_SYMBOL_GPL(fuse_abort_conn);
+ 
+ void fuse_wait_aborted(struct fuse_conn *fc)
+ {
++	/* matches implicit memory barrier in fuse_drop_waiting() */
++	smp_mb();
+ 	wait_event(fc->blocked_waitq, atomic_read(&fc->num_waiting) == 0);
+ }
+ 
diff --git a/series.conf b/series.conf
index 898e4aa9db..f0127b802b 100644
--- a/series.conf
+++ b/series.conf
@@ -24969,6 +24969,7 @@
 	patches.arch/acpi-nfit-x86-mce-validate-a-mce-s-address-before-using-it.patch
 	patches.drivers/ibmvnic-fix-accelerated-VLAN-handling.patch
 	patches.fixes/NFSv4-Don-t-exit-the-state-manager-without-clearing-.patch
+	patches.fixes/fuse-fix-possibly-missed-wake-up-after-abort.patch
 	patches.fixes/0001-floppy-fix-race-condition-in-__floppy_read_block_0.patch
 	patches.fixes/acpi-nfit-fix-ars-overflow-continuation.patch
 	patches.drivers/xhci-add-quirk-to-workaround-the-errata-seen-on-cavium-thunder-x2-soc.patch
@@ -24998,6 +24999,7 @@
 	patches.drivers/net-ibmvnic-Fix-RTNL-deadlock-during-device-reset.patch
 	patches.fixes/ipv4-ipv6-netfilter-Adjust-the-frag-mem-limit-when-t.patch
 	patches.drivers/net-mlx4_core-Correctly-set-PFC-param-if-global-paus.patch
+	patches.fixes/fuse-continue-to-send-FUSE_RELEASEDIR-when-FUSE_OPEN-returns-ENOSYS.patch
 	patches.drivers/IB-hfi1-Fix-an-out-of-bounds-access-in-get_hw_stats.patch
 	patches.arch/ibmvnic-Convert-reset-work-item-mutex-to-spin-lock.patch
 	patches.arch/ibmvnic-Fix-non-atomic-memory-allocation-in-IRQ-cont.patch
@@ -25117,6 +25119,7 @@
 	patches.drivers/ibmvscsi-Fix-empty-event-pool-access-during-host-rem.patch
 	patches.suse/btrfs-avoid-possible-qgroup_rsv_size-overflow-in-btrfs_calculate_inode_block_rsv_size.patch
 	patches.fixes/NFS-fix-mount-umount-race-in-nlmclnt.patch
+	patches.fixes/0001-net-sysfs-call-dev_hold-if-kobject_init_and_add-succ.patch
 	patches.drivers/iommu-don-t-print-warning-when-iommu-driver-only-supports-unmanaged-domains
 	patches.drivers/iommu-amd-reserve-exclusion-range-in-iova-domain
 	patches.fixes/0001-mm-debug.c-fix-__dump_page-when-mapping-host-is-not-.patch
author	Kernel Build Daemon <kbuild@suse.de>	2019-04-23 07:00:32 +0200
committer	Kernel Build Daemon <kbuild@suse.de>	2019-04-23 07:00:32 +0200
commit	f6eb895d95adff2d337e60076ba3ca16545f8d3c (patch)
tree	539cc18b15a70c3b920f051d9adff1ec7ae49119
parent	75e666e3b33d18b5615a7c8343cc3d764e474253 (diff)
parent	ff724563a853bd4d5346d655f7d211676a713ba9 (diff)