<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/md, branch v4.1.36</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>md: be careful not lot leak internal curr_resync value into metadata. -- (all)</title>
<updated>2016-11-26T03:57:03+00:00</updated>
<author>
<name>NeilBrown</name>
<email>neilb@suse.com</email>
</author>
<published>2016-10-28T04:59:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4fe9ae4d3fcf35b089721ed9d4df163b2d1d1439'/>
<id>4fe9ae4d3fcf35b089721ed9d4df163b2d1d1439</id>
<content type='text'>
[ Upstream commit 1217e1d1999ed6c9c1e1b1acae0a74ab70464ae2 ]

mddev-&gt;curr_resync usually records where the current resync is up to,
but during the starting phase it has some "magic" values.

 1 - means that the array is trying to start a resync, but has yielded
     to another array which shares physical devices, and also needs to
     start a resync
 2 - means the array is trying to start resync, but has found another
     array which shares physical devices and has already started resync.

 3 - means that resync has commensed, but it is possible that nothing
     has actually been resynced yet.

It is important that this value not be visible to user-space and
particularly that it doesn't get written to the metadata, as the
resync or recovery checkpoint.  In part, this is because it may be
slightly higher than the correct value, though this is very rare.
In part, because it is not a multiple of 4K, and some devices only
support 4K aligned accesses.

There are two places where this value is propagates into either
-&gt;curr_resync_completed or -&gt;recovery_cp or -&gt;recovery_offset.
These currently avoid the propagation of values 1 and 3, but will
allow 3 to leak through.

Change them to only propagate the value if it is &gt; 3.

As this can cause an array to fail, the patch is suitable for -stable.

Cc: stable@vger.kernel.org (v3.7+)
Reported-by: Viswesh &lt;viswesh.vichu@gmail.com&gt;
Signed-off-by: NeilBrown &lt;neilb@suse.com&gt;
Signed-off-by: Shaohua Li &lt;shli@fb.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 1217e1d1999ed6c9c1e1b1acae0a74ab70464ae2 ]

mddev-&gt;curr_resync usually records where the current resync is up to,
but during the starting phase it has some "magic" values.

 1 - means that the array is trying to start a resync, but has yielded
     to another array which shares physical devices, and also needs to
     start a resync
 2 - means the array is trying to start resync, but has found another
     array which shares physical devices and has already started resync.

 3 - means that resync has commensed, but it is possible that nothing
     has actually been resynced yet.

It is important that this value not be visible to user-space and
particularly that it doesn't get written to the metadata, as the
resync or recovery checkpoint.  In part, this is because it may be
slightly higher than the correct value, though this is very rare.
In part, because it is not a multiple of 4K, and some devices only
support 4K aligned accesses.

There are two places where this value is propagates into either
-&gt;curr_resync_completed or -&gt;recovery_cp or -&gt;recovery_offset.
These currently avoid the propagation of values 1 and 3, but will
allow 3 to leak through.

Change them to only propagate the value if it is &gt; 3.

As this can cause an array to fail, the patch is suitable for -stable.

Cc: stable@vger.kernel.org (v3.7+)
Reported-by: Viswesh &lt;viswesh.vichu@gmail.com&gt;
Signed-off-by: NeilBrown &lt;neilb@suse.com&gt;
Signed-off-by: Shaohua Li &lt;shli@fb.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>md: sync sync_completed has correct value as recovery finishes.</title>
<updated>2016-11-26T03:57:03+00:00</updated>
<author>
<name>NeilBrown</name>
<email>neilb@suse.com</email>
</author>
<published>2015-07-24T03:27:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e1e5cab9b43c37c8069519cb671baa9ff986466a'/>
<id>e1e5cab9b43c37c8069519cb671baa9ff986466a</id>
<content type='text'>
[ Upstream commit 5ed1df2eacc0ba92c8c7e2499c97594b5ef928a8 ]

There can be a small window between the moment that recovery
actually writes the last block and the time when various sysfs
and /proc/mdstat attributes report that it has finished.
During this time, 'sync_completed' can have the wrong value.
This can confuse monitoring software.

So:
 - don't set curr_resync_completed beyond the end of the devices,
 - set it correctly when resync/recovery has completed.

Signed-off-by: NeilBrown &lt;neilb@suse.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 5ed1df2eacc0ba92c8c7e2499c97594b5ef928a8 ]

There can be a small window between the moment that recovery
actually writes the last block and the time when various sysfs
and /proc/mdstat attributes report that it has finished.
During this time, 'sync_completed' can have the wrong value.
This can confuse monitoring software.

So:
 - don't set curr_resync_completed beyond the end of the devices,
 - set it correctly when resync/recovery has completed.

Signed-off-by: NeilBrown &lt;neilb@suse.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>dm table: fix missing dm_put_target_type() in dm_table_add_target()</title>
<updated>2016-11-24T01:59:49+00:00</updated>
<author>
<name>tang.junhui</name>
<email>tang.junhui@zte.com.cn</email>
</author>
<published>2016-10-21T01:35:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=39709c84807f6bc5c56089223c4dbfeaff33065c'/>
<id>39709c84807f6bc5c56089223c4dbfeaff33065c</id>
<content type='text'>
[ Upstream commit dafa724bf582181d9a7d54f5cb4ca0bf8ef29269 ]

dm_get_target_type() was previously called so any error returned from
dm_table_add_target() must first call dm_put_target_type().  Otherwise
the DM target module's reference count will leak and the associated
kernel module will be unable to be removed.

Also, leverage the fact that r is already -EINVAL and remove an extra
newline.

Fixes: 36a0456 ("dm table: add immutable feature")
Fixes: cc6cbe1 ("dm table: add always writeable feature")
Fixes: 3791e2f ("dm table: add singleton feature")
Cc: stable@vger.kernel.org # 3.2+
Signed-off-by: tang.junhui &lt;tang.junhui@zte.com.cn&gt;
Signed-off-by: Mike Snitzer &lt;snitzer@redhat.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit dafa724bf582181d9a7d54f5cb4ca0bf8ef29269 ]

dm_get_target_type() was previously called so any error returned from
dm_table_add_target() must first call dm_put_target_type().  Otherwise
the DM target module's reference count will leak and the associated
kernel module will be unable to be removed.

Also, leverage the fact that r is already -EINVAL and remove an extra
newline.

Fixes: 36a0456 ("dm table: add immutable feature")
Fixes: cc6cbe1 ("dm table: add always writeable feature")
Fixes: 3791e2f ("dm table: add singleton feature")
Cc: stable@vger.kernel.org # 3.2+
Signed-off-by: tang.junhui &lt;tang.junhui@zte.com.cn&gt;
Signed-off-by: Mike Snitzer &lt;snitzer@redhat.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>dm crypt: fix free of bad values after tfm allocation failure</title>
<updated>2016-09-15T22:53:30+00:00</updated>
<author>
<name>Eric Biggers</name>
<email>ebiggers@google.com</email>
</author>
<published>2016-08-30T16:51:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e1857183b9f00bc4aef95794a5215b386d540f33'/>
<id>e1857183b9f00bc4aef95794a5215b386d540f33</id>
<content type='text'>
[ Upstream commit 5d0be84ec0cacfc7a6d6ea548afdd07d481324cd ]

If crypt_alloc_tfms() had to allocate multiple tfms and it failed before
the last allocation, then it would call crypt_free_tfms() and could free
pointers from uninitialized memory -- due to the crypt_free_tfms() check
for non-zero cc-&gt;tfms[i].  Fix by allocating zeroed memory.

Signed-off-by: Eric Biggers &lt;ebiggers@google.com&gt;
Signed-off-by: Mike Snitzer &lt;snitzer@redhat.com&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 5d0be84ec0cacfc7a6d6ea548afdd07d481324cd ]

If crypt_alloc_tfms() had to allocate multiple tfms and it failed before
the last allocation, then it would call crypt_free_tfms() and could free
pointers from uninitialized memory -- due to the crypt_free_tfms() check
for non-zero cc-&gt;tfms[i].  Fix by allocating zeroed memory.

Signed-off-by: Eric Biggers &lt;ebiggers@google.com&gt;
Signed-off-by: Mike Snitzer &lt;snitzer@redhat.com&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>dm crypt: fix error with too large bios</title>
<updated>2016-09-15T22:53:30+00:00</updated>
<author>
<name>Mikulas Patocka</name>
<email>mpatocka@redhat.com</email>
</author>
<published>2016-08-30T20:38:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=af26eb1cc0535f5c59ef6241bb4f305c846b22d5'/>
<id>af26eb1cc0535f5c59ef6241bb4f305c846b22d5</id>
<content type='text'>
[ Upstream commit 4e870e948fbabf62b78e8410f04c67703e7c816b ]

When dm-crypt processes writes, it allocates a new bio in
crypt_alloc_buffer().  The bio is allocated from a bio set and it can
have at most BIO_MAX_PAGES vector entries, however the incoming bio can be
larger (e.g. if it was allocated by bcache).  If the incoming bio is
larger, bio_alloc_bioset() fails and an error is returned.

To avoid the error, we test for a too large bio in the function
crypt_map() and use dm_accept_partial_bio() to split the bio.
dm_accept_partial_bio() trims the current bio to the desired size and
asks DM core to send another bio with the rest of the data.

Signed-off-by: Mikulas Patocka &lt;mpatocka@redhat.com&gt;
Signed-off-by: Mike Snitzer &lt;snitzer@redhat.com&gt;
Cc: stable@vger.kernel.org # v3.16+
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 4e870e948fbabf62b78e8410f04c67703e7c816b ]

When dm-crypt processes writes, it allocates a new bio in
crypt_alloc_buffer().  The bio is allocated from a bio set and it can
have at most BIO_MAX_PAGES vector entries, however the incoming bio can be
larger (e.g. if it was allocated by bcache).  If the incoming bio is
larger, bio_alloc_bioset() fails and an error is returned.

To avoid the error, we test for a too large bio in the function
crypt_map() and use dm_accept_partial_bio() to split the bio.
dm_accept_partial_bio() trims the current bio to the desired size and
asks DM core to send another bio with the rest of the data.

Signed-off-by: Mikulas Patocka &lt;mpatocka@redhat.com&gt;
Signed-off-by: Mike Snitzer &lt;snitzer@redhat.com&gt;
Cc: stable@vger.kernel.org # v3.16+
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>dm log writes: fix check of kthread_run() return value</title>
<updated>2016-09-15T22:53:30+00:00</updated>
<author>
<name>Vladimir Zapolskiy</name>
<email>vz@mleia.com</email>
</author>
<published>2016-03-09T23:22:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=14afdb21578a068c8c331e5695c5b7dd971dcb64'/>
<id>14afdb21578a068c8c331e5695c5b7dd971dcb64</id>
<content type='text'>
[ Upstream commit 91e630d9ae6de6f740ef7c8176736eb55366833e ]

The kthread_run() function returns either a valid task_struct or
ERR_PTR() value, check for NULL is invalid.  This change fixes potential
for oops, e.g. in OOM situation.

Signed-off-by: Vladimir Zapolskiy &lt;vz@mleia.com&gt;
Signed-off-by: Mike Snitzer &lt;snitzer@redhat.com&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 91e630d9ae6de6f740ef7c8176736eb55366833e ]

The kthread_run() function returns either a valid task_struct or
ERR_PTR() value, check for NULL is invalid.  This change fixes potential
for oops, e.g. in OOM situation.

Signed-off-by: Vladimir Zapolskiy &lt;vz@mleia.com&gt;
Signed-off-by: Mike Snitzer &lt;snitzer@redhat.com&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>dm log writes: fix bug with too large bios</title>
<updated>2016-09-15T22:53:30+00:00</updated>
<author>
<name>Mikulas Patocka</name>
<email>mpatocka@redhat.com</email>
</author>
<published>2016-08-30T20:20:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=6f3e5e4d8e4fc69a3aebe54d9073fa3418ef3fe1'/>
<id>6f3e5e4d8e4fc69a3aebe54d9073fa3418ef3fe1</id>
<content type='text'>
[ Upstream commit 7efb367320f56fc4d549875b6f3a6940018ef2e5 ]

bio_alloc() can allocate a bio with at most BIO_MAX_PAGES (256) vector
entries.  However, the incoming bio may have more vector entries if it
was allocated by other means.  For example, bcache submits bios with
more than BIO_MAX_PAGES entries.  This results in bio_alloc() failure.

To avoid the failure, change the code so that it allocates bio with at
most BIO_MAX_PAGES entries.  If the incoming bio has more entries,
bio_add_page() will fail and a new bio will be allocated - the code that
handles bio_add_page() failure already exists in the dm-log-writes
target.

Signed-off-by: Mikulas Patocka &lt;mpatocka@redhat.com&gt;
Reviewed-by: Josef Bacik &lt;jbacik@fb,com&gt;
Signed-off-by: Mike Snitzer &lt;snitzer@redhat.com&gt;
Cc: stable@vger.kernel.org # v4.1+
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 7efb367320f56fc4d549875b6f3a6940018ef2e5 ]

bio_alloc() can allocate a bio with at most BIO_MAX_PAGES (256) vector
entries.  However, the incoming bio may have more vector entries if it
was allocated by other means.  For example, bcache submits bios with
more than BIO_MAX_PAGES entries.  This results in bio_alloc() failure.

To avoid the failure, change the code so that it allocates bio with at
most BIO_MAX_PAGES entries.  If the incoming bio has more entries,
bio_add_page() will fail and a new bio will be allocated - the code that
handles bio_add_page() failure already exists in the dm-log-writes
target.

Signed-off-by: Mikulas Patocka &lt;mpatocka@redhat.com&gt;
Reviewed-by: Josef Bacik &lt;jbacik@fb,com&gt;
Signed-off-by: Mike Snitzer &lt;snitzer@redhat.com&gt;
Cc: stable@vger.kernel.org # v4.1+
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>dm log writes: move IO accounting earlier to fix error path</title>
<updated>2016-09-15T22:53:30+00:00</updated>
<author>
<name>Mikulas Patocka</name>
<email>mpatocka@redhat.com</email>
</author>
<published>2016-08-30T20:11:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=0fe71822120598997bec6ac18b10e6348d06d80a'/>
<id>0fe71822120598997bec6ac18b10e6348d06d80a</id>
<content type='text'>
[ Upstream commit a5d60783df61fbb67b7596b8a0f6b4b2e05251d5 ]

Move log_one_block()'s atomic_inc(&amp;lc-&gt;io_blocks) before bio_alloc() to
fix a bug that the target hangs if bio_alloc() fails.  The error path
does put_io_block(lc), so atomic_inc(&amp;lc-&gt;io_blocks) must occur before
invoking the error path to avoid underflow of lc-&gt;io_blocks.

Signed-off-by: Mikulas Patocka &lt;mpatocka@redhat.com&gt;
Reviewed-by: Josef Bacik &lt;jbacik@fb,com&gt;
Signed-off-by: Mike Snitzer &lt;snitzer@redhat.com&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit a5d60783df61fbb67b7596b8a0f6b4b2e05251d5 ]

Move log_one_block()'s atomic_inc(&amp;lc-&gt;io_blocks) before bio_alloc() to
fix a bug that the target hangs if bio_alloc() fails.  The error path
does put_io_block(lc), so atomic_inc(&amp;lc-&gt;io_blocks) must occur before
invoking the error path to avoid underflow of lc-&gt;io_blocks.

Signed-off-by: Mikulas Patocka &lt;mpatocka@redhat.com&gt;
Reviewed-by: Josef Bacik &lt;jbacik@fb,com&gt;
Signed-off-by: Mike Snitzer &lt;snitzer@redhat.com&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>dm flakey: fix reads to be issued if drop_writes configured</title>
<updated>2016-08-31T23:21:09+00:00</updated>
<author>
<name>Mike Snitzer</name>
<email>snitzer@redhat.com</email>
</author>
<published>2016-08-25T01:12:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=917f1531b13efbc52acbc9fc0a65c258f01bfbc4'/>
<id>917f1531b13efbc52acbc9fc0a65c258f01bfbc4</id>
<content type='text'>
[ Upstream commit 299f6230bc6d0ccd5f95bb0fb865d80a9c7d5ccc ]

v4.8-rc3 commit 99f3c90d0d ("dm flakey: error READ bios during the
down_interval") overlooked the 'drop_writes' feature, which is meant to
allow reads to be issued rather than errored, during the down_interval.

Fixes: 99f3c90d0d ("dm flakey: error READ bios during the down_interval")
Reported-by: Qu Wenruo &lt;quwenruo@cn.fujitsu.com&gt;
Signed-off-by: Mike Snitzer &lt;snitzer@redhat.com&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 299f6230bc6d0ccd5f95bb0fb865d80a9c7d5ccc ]

v4.8-rc3 commit 99f3c90d0d ("dm flakey: error READ bios during the
down_interval") overlooked the 'drop_writes' feature, which is meant to
allow reads to be issued rather than errored, during the down_interval.

Fixes: 99f3c90d0d ("dm flakey: error READ bios during the down_interval")
Reported-by: Qu Wenruo &lt;quwenruo@cn.fujitsu.com&gt;
Signed-off-by: Mike Snitzer &lt;snitzer@redhat.com&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>bcache: RESERVE_PRIO is too small by one when prio_buckets() is a power of two.</title>
<updated>2016-08-31T23:21:09+00:00</updated>
<author>
<name>Kent Overstreet</name>
<email>kent.overstreet@gmail.com</email>
</author>
<published>2016-08-18T01:21:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=cb515bdff8293136e97dd5370d0a094d3074ab21'/>
<id>cb515bdff8293136e97dd5370d0a094d3074ab21</id>
<content type='text'>
[ Upstream commit acc9cf8c66c66b2cbbdb4a375537edee72be64df ]

This patch fixes a cachedev registration-time allocation deadlock.
This can deadlock on boot if your initrd auto-registeres bcache devices:

Allocator thread:
[  720.727614] INFO: task bcache_allocato:3833 blocked for more than 120 seconds.
[  720.732361]  [&lt;ffffffff816eeac7&gt;] schedule+0x37/0x90
[  720.732963]  [&lt;ffffffffa05192b8&gt;] bch_bucket_alloc+0x188/0x360 [bcache]
[  720.733538]  [&lt;ffffffff810e6950&gt;] ? prepare_to_wait_event+0xf0/0xf0
[  720.734137]  [&lt;ffffffffa05302bd&gt;] bch_prio_write+0x19d/0x340 [bcache]
[  720.734715]  [&lt;ffffffffa05190bf&gt;] bch_allocator_thread+0x3ff/0x470 [bcache]
[  720.735311]  [&lt;ffffffff816ee41c&gt;] ? __schedule+0x2dc/0x950
[  720.735884]  [&lt;ffffffffa0518cc0&gt;] ? invalidate_buckets+0x980/0x980 [bcache]

Registration thread:
[  720.710403] INFO: task bash:3531 blocked for more than 120 seconds.
[  720.715226]  [&lt;ffffffff816eeac7&gt;] schedule+0x37/0x90
[  720.715805]  [&lt;ffffffffa05235cd&gt;] __bch_btree_map_nodes+0x12d/0x150 [bcache]
[  720.716409]  [&lt;ffffffffa0522d30&gt;] ? bch_btree_insert_check_key+0x1c0/0x1c0 [bcache]
[  720.717008]  [&lt;ffffffffa05236e4&gt;] bch_btree_insert+0xf4/0x170 [bcache]
[  720.717586]  [&lt;ffffffff810e6950&gt;] ? prepare_to_wait_event+0xf0/0xf0
[  720.718191]  [&lt;ffffffffa0527d9a&gt;] bch_journal_replay+0x14a/0x290 [bcache]
[  720.718766]  [&lt;ffffffff810cc90d&gt;] ? ttwu_do_activate.constprop.94+0x5d/0x70
[  720.719369]  [&lt;ffffffff810cf684&gt;] ? try_to_wake_up+0x1d4/0x350
[  720.719968]  [&lt;ffffffffa05317d0&gt;] run_cache_set+0x580/0x8e0 [bcache]
[  720.720553]  [&lt;ffffffffa053302e&gt;] register_bcache+0xe2e/0x13b0 [bcache]
[  720.721153]  [&lt;ffffffff81354cef&gt;] kobj_attr_store+0xf/0x20
[  720.721730]  [&lt;ffffffff812a2dad&gt;] sysfs_kf_write+0x3d/0x50
[  720.722327]  [&lt;ffffffff812a225a&gt;] kernfs_fop_write+0x12a/0x180
[  720.722904]  [&lt;ffffffff81225177&gt;] __vfs_write+0x37/0x110
[  720.723503]  [&lt;ffffffff81228048&gt;] ? __sb_start_write+0x58/0x110
[  720.724100]  [&lt;ffffffff812cedb3&gt;] ? security_file_permission+0x23/0xa0
[  720.724675]  [&lt;ffffffff812258a9&gt;] vfs_write+0xa9/0x1b0
[  720.725275]  [&lt;ffffffff8102479c&gt;] ? do_audit_syscall_entry+0x6c/0x70
[  720.725849]  [&lt;ffffffff81226755&gt;] SyS_write+0x55/0xd0
[  720.726451]  [&lt;ffffffff8106a390&gt;] ? do_page_fault+0x30/0x80
[  720.727045]  [&lt;ffffffff816f2cae&gt;] system_call_fastpath+0x12/0x71

The fifo code in upstream bcache can't use the last element in the buffer,
which was the cause of the bug: if you asked for a power of two size,
it'd give you a fifo that could hold one less than what you asked for
rather than allocating a buffer twice as big.

Signed-off-by: Kent Overstreet &lt;kent.overstreet@gmail.com&gt;
Tested-by: Eric Wheeler &lt;bcache@linux.ewheeler.net&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit acc9cf8c66c66b2cbbdb4a375537edee72be64df ]

This patch fixes a cachedev registration-time allocation deadlock.
This can deadlock on boot if your initrd auto-registeres bcache devices:

Allocator thread:
[  720.727614] INFO: task bcache_allocato:3833 blocked for more than 120 seconds.
[  720.732361]  [&lt;ffffffff816eeac7&gt;] schedule+0x37/0x90
[  720.732963]  [&lt;ffffffffa05192b8&gt;] bch_bucket_alloc+0x188/0x360 [bcache]
[  720.733538]  [&lt;ffffffff810e6950&gt;] ? prepare_to_wait_event+0xf0/0xf0
[  720.734137]  [&lt;ffffffffa05302bd&gt;] bch_prio_write+0x19d/0x340 [bcache]
[  720.734715]  [&lt;ffffffffa05190bf&gt;] bch_allocator_thread+0x3ff/0x470 [bcache]
[  720.735311]  [&lt;ffffffff816ee41c&gt;] ? __schedule+0x2dc/0x950
[  720.735884]  [&lt;ffffffffa0518cc0&gt;] ? invalidate_buckets+0x980/0x980 [bcache]

Registration thread:
[  720.710403] INFO: task bash:3531 blocked for more than 120 seconds.
[  720.715226]  [&lt;ffffffff816eeac7&gt;] schedule+0x37/0x90
[  720.715805]  [&lt;ffffffffa05235cd&gt;] __bch_btree_map_nodes+0x12d/0x150 [bcache]
[  720.716409]  [&lt;ffffffffa0522d30&gt;] ? bch_btree_insert_check_key+0x1c0/0x1c0 [bcache]
[  720.717008]  [&lt;ffffffffa05236e4&gt;] bch_btree_insert+0xf4/0x170 [bcache]
[  720.717586]  [&lt;ffffffff810e6950&gt;] ? prepare_to_wait_event+0xf0/0xf0
[  720.718191]  [&lt;ffffffffa0527d9a&gt;] bch_journal_replay+0x14a/0x290 [bcache]
[  720.718766]  [&lt;ffffffff810cc90d&gt;] ? ttwu_do_activate.constprop.94+0x5d/0x70
[  720.719369]  [&lt;ffffffff810cf684&gt;] ? try_to_wake_up+0x1d4/0x350
[  720.719968]  [&lt;ffffffffa05317d0&gt;] run_cache_set+0x580/0x8e0 [bcache]
[  720.720553]  [&lt;ffffffffa053302e&gt;] register_bcache+0xe2e/0x13b0 [bcache]
[  720.721153]  [&lt;ffffffff81354cef&gt;] kobj_attr_store+0xf/0x20
[  720.721730]  [&lt;ffffffff812a2dad&gt;] sysfs_kf_write+0x3d/0x50
[  720.722327]  [&lt;ffffffff812a225a&gt;] kernfs_fop_write+0x12a/0x180
[  720.722904]  [&lt;ffffffff81225177&gt;] __vfs_write+0x37/0x110
[  720.723503]  [&lt;ffffffff81228048&gt;] ? __sb_start_write+0x58/0x110
[  720.724100]  [&lt;ffffffff812cedb3&gt;] ? security_file_permission+0x23/0xa0
[  720.724675]  [&lt;ffffffff812258a9&gt;] vfs_write+0xa9/0x1b0
[  720.725275]  [&lt;ffffffff8102479c&gt;] ? do_audit_syscall_entry+0x6c/0x70
[  720.725849]  [&lt;ffffffff81226755&gt;] SyS_write+0x55/0xd0
[  720.726451]  [&lt;ffffffff8106a390&gt;] ? do_page_fault+0x30/0x80
[  720.727045]  [&lt;ffffffff816f2cae&gt;] system_call_fastpath+0x12/0x71

The fifo code in upstream bcache can't use the last element in the buffer,
which was the cause of the bug: if you asked for a power of two size,
it'd give you a fifo that could hold one less than what you asked for
rather than allocating a buffer twice as big.

Signed-off-by: Kent Overstreet &lt;kent.overstreet@gmail.com&gt;
Tested-by: Eric Wheeler &lt;bcache@linux.ewheeler.net&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
