Home Home > GIT Browse > SLE12-SP5-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2019-09-05 11:43:37 +0200
committerTakashi Iwai <tiwai@suse.de>2019-09-05 11:43:37 +0200
commit5ab410a9916ebd9343d0e765bc2e99968a5541fb (patch)
tree8d1639c0cecd559911083dc8933a2821f87a22f6
parent8e349ee44912d6967ed6fe79a4594fb7b97c336e (diff)
parent629b4f4512faf4dd37df9b4034a1f000816974f3 (diff)
Merge branch 'users/lhenriques/SLE15/for-next' into SLE15
Pull ceph fixes from Luis Henriques
-rw-r--r--patches.suse/ceph-don-t-blindly-unregister-session-that-is-in-opening-state.patch96
-rw-r--r--patches.suse/ceph-don-t-try-fill-file_lock-on-unsuccessful-getfilelock-reply.patch36
-rw-r--r--patches.suse/ceph-fix-buffer-free-while-holding-i_ceph_lock-in-_ceph_build_xattrs_blob.patch157
-rw-r--r--patches.suse/ceph-fix-buffer-free-while-holding-i_ceph_lock-in-_ceph_setxattr.patch88
-rw-r--r--patches.suse/ceph-fix-buffer-free-while-holding-i_ceph_lock-in-fill_inode.patch81
-rw-r--r--patches.suse/ceph-fix-ceph-dir-rctime-vxattr-value.patch31
-rw-r--r--patches.suse/ceph-fix-improper-use-of-smp_mb__before_atomic.patch42
-rw-r--r--patches.suse/ceph-hold-i_ceph_lock-when-removing-caps-for-freeing-inode.patch48
-rw-r--r--patches.suse/ceph-remove-request-from-waiting-list-before-unregister.patch37
-rw-r--r--patches.suse/ceph-silence-a-checker-warning-in-mdsc_show.patch37
-rw-r--r--patches.suse/libceph-allow-ceph_buffer_put-to-receive-a-null-ceph_buffer.patch29
-rw-r--r--patches.suse/libceph-fix-pg-split-vs-osd-reconnect-race.patch71
-rw-r--r--series.conf12
13 files changed, 765 insertions, 0 deletions
diff --git a/patches.suse/ceph-don-t-blindly-unregister-session-that-is-in-opening-state.patch b/patches.suse/ceph-don-t-blindly-unregister-session-that-is-in-opening-state.patch
new file mode 100644
index 0000000000..baab50a096
--- /dev/null
+++ b/patches.suse/ceph-don-t-blindly-unregister-session-that-is-in-opening-state.patch
@@ -0,0 +1,96 @@
+From: "Yan, Zheng" <zyan@redhat.com>
+Date: Mon, 10 Jun 2019 15:45:09 +0800
+Subject: ceph: don't blindly unregister session that is in opening state
+Git-commit: 6f0f597b5debc7c2356fa6a17e2f179066e340d0
+Patch-mainline: v5.3-rc1
+References: bsc#1148133
+
+handle_cap_export() may add placeholder caps to session that is in
+opening state. These caps' session pointer become wild after session get
+unregistered.
+
+The fix is not to unregister session in opening state during mds failovers,
+just let client to reconnect later when mds is recovered.
+
+Link: https://tracker.ceph.com/issues/40190
+Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Acked-by: Luis Henriques <lhenriques@suse.com>
+---
+ fs/ceph/mds_client.c | 59 +++++++++++++++++++++++-----------------------------
+ 1 file changed, 26 insertions(+), 33 deletions(-)
+
+diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
+index 709ac3bde86e..fcea46a54622 100644
+--- a/fs/ceph/mds_client.c
++++ b/fs/ceph/mds_client.c
+@@ -3737,42 +3737,35 @@ static void check_new_map(struct ceph_mds_client *mdsc,
+ ceph_mdsmap_is_laggy(newmap, i) ? " (laggy)" : "",
+ ceph_session_state_name(s->s_state));
+
+- if (i >= newmap->m_num_mds ||
+- memcmp(ceph_mdsmap_get_addr(oldmap, i),
+- ceph_mdsmap_get_addr(newmap, i),
+- sizeof(struct ceph_entity_addr))) {
+- if (s->s_state == CEPH_MDS_SESSION_OPENING) {
+- /* the session never opened, just close it
+- * out now */
+- get_session(s);
+- __unregister_session(mdsc, s);
+- __wake_requests(mdsc, &s->s_waiting);
+- ceph_put_mds_session(s);
+- } else if (i >= newmap->m_num_mds) {
+- /* force close session for stopped mds */
+- get_session(s);
+- __unregister_session(mdsc, s);
+- __wake_requests(mdsc, &s->s_waiting);
+- kick_requests(mdsc, i);
+- mutex_unlock(&mdsc->mutex);
++ if (i >= newmap->m_num_mds) {
++ /* force close session for stopped mds */
++ get_session(s);
++ __unregister_session(mdsc, s);
++ __wake_requests(mdsc, &s->s_waiting);
++ mutex_unlock(&mdsc->mutex);
+
+- mutex_lock(&s->s_mutex);
+- cleanup_session_requests(mdsc, s);
+- remove_session_caps(s);
+- mutex_unlock(&s->s_mutex);
++ mutex_lock(&s->s_mutex);
++ cleanup_session_requests(mdsc, s);
++ remove_session_caps(s);
++ mutex_unlock(&s->s_mutex);
+
+- ceph_put_mds_session(s);
++ ceph_put_mds_session(s);
+
+- mutex_lock(&mdsc->mutex);
+- } else {
+- /* just close it */
+- mutex_unlock(&mdsc->mutex);
+- mutex_lock(&s->s_mutex);
+- mutex_lock(&mdsc->mutex);
+- ceph_con_close(&s->s_con);
+- mutex_unlock(&s->s_mutex);
+- s->s_state = CEPH_MDS_SESSION_RESTARTING;
+- }
++ mutex_lock(&mdsc->mutex);
++ kick_requests(mdsc, i);
++ continue;
++ }
++
++ if (memcmp(ceph_mdsmap_get_addr(oldmap, i),
++ ceph_mdsmap_get_addr(newmap, i),
++ sizeof(struct ceph_entity_addr))) {
++ /* just close it */
++ mutex_unlock(&mdsc->mutex);
++ mutex_lock(&s->s_mutex);
++ mutex_lock(&mdsc->mutex);
++ ceph_con_close(&s->s_con);
++ mutex_unlock(&s->s_mutex);
++ s->s_state = CEPH_MDS_SESSION_RESTARTING;
+ } else if (oldstate == newstate) {
+ continue; /* nothing new with this mds */
+ }
+
diff --git a/patches.suse/ceph-don-t-try-fill-file_lock-on-unsuccessful-getfilelock-reply.patch b/patches.suse/ceph-don-t-try-fill-file_lock-on-unsuccessful-getfilelock-reply.patch
new file mode 100644
index 0000000000..ccf9af3713
--- /dev/null
+++ b/patches.suse/ceph-don-t-try-fill-file_lock-on-unsuccessful-getfilelock-reply.patch
@@ -0,0 +1,36 @@
+From: Jeff Layton <jlayton@kernel.org>
+Date: Thu, 15 Aug 2019 06:23:38 -0400
+Subject: ceph: don't try fill file_lock on unsuccessful GETFILELOCK reply
+Git-commit: 28a282616f56990547b9dcd5c6fbd2001344664c
+Patch-mainline: v5.3-rc6
+References: bsc#1148133
+
+When ceph_mdsc_do_request returns an error, we can't assume that the
+filelock_reply pointer will be set. Only try to fetch fields out of
+the r_reply_info when it returns success.
+
+Cc: stable@vger.kernel.org
+Reported-by: Hector Martin <hector@marcansoft.com>
+Signed-off-by: Jeff Layton <jlayton@kernel.org>
+Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Acked-by: Luis Henriques <lhenriques@suse.com>
+---
+ fs/ceph/locks.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/fs/ceph/locks.c b/fs/ceph/locks.c
+index ac9b53b89365..5083e238ad15 100644
+--- a/fs/ceph/locks.c
++++ b/fs/ceph/locks.c
+@@ -110,8 +110,7 @@ static int ceph_lock_message(u8 lock_typ
+ req->r_wait_for_completion = ceph_lock_wait_for_completion;
+
+ err = ceph_mdsc_do_request(mdsc, inode, req);
+-
+- if (operation == CEPH_MDS_OP_GETFILELOCK) {
++ if (!err && operation == CEPH_MDS_OP_GETFILELOCK) {
+ fl->fl_pid = le64_to_cpu(req->r_reply_info.filelock_reply->pid);
+ if (CEPH_LOCK_SHARED == req->r_reply_info.filelock_reply->type)
+ fl->fl_type = F_RDLCK;
+
diff --git a/patches.suse/ceph-fix-buffer-free-while-holding-i_ceph_lock-in-_ceph_build_xattrs_blob.patch b/patches.suse/ceph-fix-buffer-free-while-holding-i_ceph_lock-in-_ceph_build_xattrs_blob.patch
new file mode 100644
index 0000000000..0dcc0e0edf
--- /dev/null
+++ b/patches.suse/ceph-fix-buffer-free-while-holding-i_ceph_lock-in-_ceph_build_xattrs_blob.patch
@@ -0,0 +1,157 @@
+From: Luis Henriques <lhenriques@suse.com>
+Date: Fri, 19 Jul 2019 15:32:21 +0100
+Subject: ceph: fix buffer free while holding i_ceph_lock in
+ __ceph_build_xattrs_blob()
+Git-commit: 12fe3dda7ed89c95cc0ef7abc001ad1ad3e092f8
+Patch-mainline: v5.3-rc6
+References: bsc#1148133
+
+Calling ceph_buffer_put() in __ceph_build_xattrs_blob() may result in
+freeing the i_xattrs.blob buffer while holding the i_ceph_lock. This can
+be fixed by having this function returning the old blob buffer and have
+the callers of this function freeing it when the lock is released.
+
+The following backtrace was triggered by fstests generic/117.
+
+ BUG: sleeping function called from invalid context at mm/vmalloc.c:2283
+ in_atomic(): 1, irqs_disabled(): 0, pid: 649, name: fsstress
+ 4 locks held by fsstress/649:
+ #0: 00000000a7478e7e (&type->s_umount_key#19){++++}, at: iterate_supers+0x77/0xf0
+ #1: 00000000f8de1423 (&(&ci->i_ceph_lock)->rlock){+.+.}, at: ceph_check_caps+0x7b/0xc60
+ #2: 00000000562f2b27 (&s->s_mutex){+.+.}, at: ceph_check_caps+0x3bd/0xc60
+ #3: 00000000f83ce16a (&mdsc->snap_rwsem){++++}, at: ceph_check_caps+0x3ed/0xc60
+ CPU: 1 PID: 649 Comm: fsstress Not tainted 5.2.0+ #439
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58-prebuilt.qemu.org 04/01/2014
+ Call Trace:
+ dump_stack+0x67/0x90
+ ___might_sleep.cold+0x9f/0xb1
+ vfree+0x4b/0x60
+ ceph_buffer_release+0x1b/0x60
+ __ceph_build_xattrs_blob+0x12b/0x170
+ __send_cap+0x302/0x540
+ ? __lock_acquire+0x23c/0x1e40
+ ? __mark_caps_flushing+0x15c/0x280
+ ? _raw_spin_unlock+0x24/0x30
+ ceph_check_caps+0x5f0/0xc60
+ ceph_flush_dirty_caps+0x7c/0x150
+ ? __ia32_sys_fdatasync+0x20/0x20
+ ceph_sync_fs+0x5a/0x130
+ iterate_supers+0x8f/0xf0
+ ksys_sync+0x4f/0xb0
+ __ia32_sys_sync+0xa/0x10
+ do_syscall_64+0x50/0x1c0
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+ RIP: 0033:0x7fc6409ab617
+
+Signed-off-by: Luis Henriques <lhenriques@suse.com>
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+---
+ fs/ceph/caps.c | 5 ++++-
+ fs/ceph/snap.c | 4 +++-
+ fs/ceph/super.h | 2 +-
+ fs/ceph/xattr.c | 11 ++++++++---
+ 4 files changed, 16 insertions(+), 6 deletions(-)
+
+--- a/fs/ceph/caps.c
++++ b/fs/ceph/caps.c
+@@ -1290,6 +1290,7 @@ static int __send_cap(struct ceph_mds_cl
+ {
+ struct ceph_inode_info *ci = cap->ci;
+ struct inode *inode = &ci->vfs_inode;
++ struct ceph_buffer *old_blob = NULL;
+ struct cap_msg_args arg;
+ int held, revoking;
+ int wake = 0;
+@@ -1354,7 +1355,7 @@ static int __send_cap(struct ceph_mds_cl
+ ci->i_requested_max_size = arg.max_size;
+
+ if (flushing & CEPH_CAP_XATTR_EXCL) {
+- __ceph_build_xattrs_blob(ci);
++ old_blob = __ceph_build_xattrs_blob(ci);
+ arg.xattr_version = ci->i_xattrs.version;
+ arg.xattr_buf = ci->i_xattrs.blob;
+ } else {
+@@ -1389,6 +1390,8 @@ static int __send_cap(struct ceph_mds_cl
+
+ spin_unlock(&ci->i_ceph_lock);
+
++ ceph_buffer_put(old_blob);
++
+ ret = send_cap_msg(&arg);
+ if (ret < 0) {
+ dout("error sending cap msg, must requeue %p\n", inode);
+--- a/fs/ceph/snap.c
++++ b/fs/ceph/snap.c
+@@ -459,6 +459,7 @@ void ceph_queue_cap_snap(struct ceph_ino
+ struct inode *inode = &ci->vfs_inode;
+ struct ceph_cap_snap *capsnap;
+ struct ceph_snap_context *old_snapc, *new_snapc;
++ struct ceph_buffer *old_blob = NULL;
+ int used, dirty;
+
+ capsnap = kzalloc(sizeof(*capsnap), GFP_NOFS);
+@@ -535,7 +536,7 @@ void ceph_queue_cap_snap(struct ceph_ino
+ capsnap->gid = inode->i_gid;
+
+ if (dirty & CEPH_CAP_XATTR_EXCL) {
+- __ceph_build_xattrs_blob(ci);
++ old_blob = __ceph_build_xattrs_blob(ci);
+ capsnap->xattr_blob =
+ ceph_buffer_get(ci->i_xattrs.blob);
+ capsnap->xattr_version = ci->i_xattrs.version;
+@@ -578,6 +579,7 @@ update_snapc:
+ }
+ spin_unlock(&ci->i_ceph_lock);
+
++ ceph_buffer_put(old_blob);
+ kfree(capsnap);
+ ceph_put_snap_context(old_snapc);
+ }
+--- a/fs/ceph/super.h
++++ b/fs/ceph/super.h
+@@ -895,7 +895,7 @@ extern int ceph_getattr(const struct pat
+ int __ceph_setxattr(struct inode *, const char *, const void *, size_t, int);
+ ssize_t __ceph_getxattr(struct inode *, const char *, void *, size_t);
+ extern ssize_t ceph_listxattr(struct dentry *, char *, size_t);
+-extern void __ceph_build_xattrs_blob(struct ceph_inode_info *ci);
++extern struct ceph_buffer *__ceph_build_xattrs_blob(struct ceph_inode_info *ci);
+ extern void __ceph_destroy_xattrs(struct ceph_inode_info *ci);
+ extern void __init ceph_xattr_init(void);
+ extern void ceph_xattr_exit(void);
+--- a/fs/ceph/xattr.c
++++ b/fs/ceph/xattr.c
+@@ -754,12 +754,15 @@ static int __get_required_blob_size(stru
+
+ /*
+ * If there are dirty xattrs, reencode xattrs into the prealloc_blob
+- * and swap into place.
++ * and swap into place. It returns the old i_xattrs.blob (or NULL) so
++ * that it can be freed by the caller as the i_ceph_lock is likely to be
++ * held.
+ */
+-void __ceph_build_xattrs_blob(struct ceph_inode_info *ci)
++struct ceph_buffer *__ceph_build_xattrs_blob(struct ceph_inode_info *ci)
+ {
+ struct rb_node *p;
+ struct ceph_inode_xattr *xattr = NULL;
++ struct ceph_buffer *old_blob = NULL;
+ void *dest;
+
+ dout("__build_xattrs_blob %p\n", &ci->vfs_inode);
+@@ -790,12 +793,14 @@ void __ceph_build_xattrs_blob(struct cep
+ dest - ci->i_xattrs.prealloc_blob->vec.iov_base;
+
+ if (ci->i_xattrs.blob)
+- ceph_buffer_put(ci->i_xattrs.blob);
++ old_blob = ci->i_xattrs.blob;
+ ci->i_xattrs.blob = ci->i_xattrs.prealloc_blob;
+ ci->i_xattrs.prealloc_blob = NULL;
+ ci->i_xattrs.dirty = false;
+ ci->i_xattrs.version++;
+ }
++
++ return old_blob;
+ }
+
+ static inline int __get_request_mask(struct inode *in) {
diff --git a/patches.suse/ceph-fix-buffer-free-while-holding-i_ceph_lock-in-_ceph_setxattr.patch b/patches.suse/ceph-fix-buffer-free-while-holding-i_ceph_lock-in-_ceph_setxattr.patch
new file mode 100644
index 0000000000..ce9b3ed848
--- /dev/null
+++ b/patches.suse/ceph-fix-buffer-free-while-holding-i_ceph_lock-in-_ceph_setxattr.patch
@@ -0,0 +1,88 @@
+From: Luis Henriques <lhenriques@suse.com>
+Date: Fri, 19 Jul 2019 15:32:20 +0100
+Subject: ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
+Git-commit: 86968ef21596515958d5f0a40233d02be78ecec0
+Patch-mainline: v5.3-rc6
+References: bsc#1148133
+
+Calling ceph_buffer_put() in __ceph_setxattr() may end up freeing the
+i_xattrs.prealloc_blob buffer while holding the i_ceph_lock. This can be
+fixed by postponing the call until later, when the lock is released.
+
+The following backtrace was triggered by fstests generic/117.
+
+ BUG: sleeping function called from invalid context at mm/vmalloc.c:2283
+ in_atomic(): 1, irqs_disabled(): 0, pid: 650, name: fsstress
+ 3 locks held by fsstress/650:
+ #0: 00000000870a0fe8 (sb_writers#8){.+.+}, at: mnt_want_write+0x20/0x50
+ #1: 00000000ba0c4c74 (&type->i_mutex_dir_key#6){++++}, at: vfs_setxattr+0x55/0xa0
+ #2: 000000008dfbb3f2 (&(&ci->i_ceph_lock)->rlock){+.+.}, at: __ceph_setxattr+0x297/0x810
+ CPU: 1 PID: 650 Comm: fsstress Not tainted 5.2.0+ #437
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58-prebuilt.qemu.org 04/01/2014
+ Call Trace:
+ dump_stack+0x67/0x90
+ ___might_sleep.cold+0x9f/0xb1
+ vfree+0x4b/0x60
+ ceph_buffer_release+0x1b/0x60
+ __ceph_setxattr+0x2b4/0x810
+ __vfs_setxattr+0x66/0x80
+ __vfs_setxattr_noperm+0x59/0xf0
+ vfs_setxattr+0x81/0xa0
+ setxattr+0x115/0x230
+ ? filename_lookup+0xc9/0x140
+ ? rcu_read_lock_sched_held+0x74/0x80
+ ? rcu_sync_lockdep_assert+0x2e/0x60
+ ? __sb_start_write+0x142/0x1a0
+ ? mnt_want_write+0x20/0x50
+ path_setxattr+0xba/0xd0
+ __x64_sys_lsetxattr+0x24/0x30
+ do_syscall_64+0x50/0x1c0
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+ RIP: 0033:0x7ff23514359a
+
+Signed-off-by: Luis Henriques <lhenriques@suse.com>
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+---
+ fs/ceph/xattr.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c
+index 37b458a9af3a..c083557b3657 100644
+--- a/fs/ceph/xattr.c
++++ b/fs/ceph/xattr.c
+@@ -1036,6 +1036,7 @@ int __ceph_setxattr(struct inode *inode, const char *name,
+ struct ceph_inode_info *ci = ceph_inode(inode);
+ struct ceph_mds_client *mdsc = ceph_sb_to_client(inode->i_sb)->mdsc;
+ struct ceph_cap_flush *prealloc_cf = NULL;
++ struct ceph_buffer *old_blob = NULL;
+ int issued;
+ int err;
+ int dirty = 0;
+@@ -1109,13 +1110,15 @@ int __ceph_setxattr(struct inode *inode, const char *name,
+ struct ceph_buffer *blob;
+
+ spin_unlock(&ci->i_ceph_lock);
+- dout(" preaallocating new blob size=%d\n", required_blob_size);
++ ceph_buffer_put(old_blob); /* Shouldn't be required */
++ dout(" pre-allocating new blob size=%d\n", required_blob_size);
+ blob = ceph_buffer_new(required_blob_size, GFP_NOFS);
+ if (!blob)
+ goto do_sync_unlocked;
+ spin_lock(&ci->i_ceph_lock);
++ /* prealloc_blob can't be released while holding i_ceph_lock */
+ if (ci->i_xattrs.prealloc_blob)
+- ceph_buffer_put(ci->i_xattrs.prealloc_blob);
++ old_blob = ci->i_xattrs.prealloc_blob;
+ ci->i_xattrs.prealloc_blob = blob;
+ goto retry;
+ }
+@@ -1131,6 +1134,7 @@ int __ceph_setxattr(struct inode *inode, const char *name,
+ }
+
+ spin_unlock(&ci->i_ceph_lock);
++ ceph_buffer_put(old_blob);
+ if (lock_snap_rwsem)
+ up_read(&mdsc->snap_rwsem);
+ if (dirty)
+
diff --git a/patches.suse/ceph-fix-buffer-free-while-holding-i_ceph_lock-in-fill_inode.patch b/patches.suse/ceph-fix-buffer-free-while-holding-i_ceph_lock-in-fill_inode.patch
new file mode 100644
index 0000000000..ac35db37f1
--- /dev/null
+++ b/patches.suse/ceph-fix-buffer-free-while-holding-i_ceph_lock-in-fill_inode.patch
@@ -0,0 +1,81 @@
+From: Luis Henriques <lhenriques@suse.com>
+Date: Fri, 19 Jul 2019 15:32:22 +0100
+Subject: ceph: fix buffer free while holding i_ceph_lock in fill_inode()
+Git-commit: af8a85a41734f37b67ba8ce69d56b685bee4ac48
+Patch-mainline: v5.3-rc6
+References: bsc#1148133
+
+Calling ceph_buffer_put() in fill_inode() may result in freeing the
+i_xattrs.blob buffer while holding the i_ceph_lock. This can be fixed by
+postponing the call until later, when the lock is released.
+
+The following backtrace was triggered by fstests generic/070.
+
+ BUG: sleeping function called from invalid context at mm/vmalloc.c:2283
+ in_atomic(): 1, irqs_disabled(): 0, pid: 3852, name: kworker/0:4
+ 6 locks held by kworker/0:4/3852:
+ #0: 000000004270f6bb ((wq_completion)ceph-msgr){+.+.}, at: process_one_work+0x1b8/0x5f0
+ #1: 00000000eb420803 ((work_completion)(&(&con->work)->work)){+.+.}, at: process_one_work+0x1b8/0x5f0
+ #2: 00000000be1c53a4 (&s->s_mutex){+.+.}, at: dispatch+0x288/0x1476
+ #3: 00000000559cb958 (&mdsc->snap_rwsem){++++}, at: dispatch+0x2eb/0x1476
+ #4: 000000000d5ebbae (&req->r_fill_mutex){+.+.}, at: dispatch+0x2fc/0x1476
+ #5: 00000000a83d0514 (&(&ci->i_ceph_lock)->rlock){+.+.}, at: fill_inode.isra.0+0xf8/0xf70
+ CPU: 0 PID: 3852 Comm: kworker/0:4 Not tainted 5.2.0+ #441
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58-prebuilt.qemu.org 04/01/2014
+ Workqueue: ceph-msgr ceph_con_workfn
+ Call Trace:
+ dump_stack+0x67/0x90
+ ___might_sleep.cold+0x9f/0xb1
+ vfree+0x4b/0x60
+ ceph_buffer_release+0x1b/0x60
+ fill_inode.isra.0+0xa9b/0xf70
+ ceph_fill_trace+0x13b/0xc70
+ ? dispatch+0x2eb/0x1476
+ dispatch+0x320/0x1476
+ ? __mutex_unlock_slowpath+0x4d/0x2a0
+ ceph_con_workfn+0xc97/0x2ec0
+ ? process_one_work+0x1b8/0x5f0
+ process_one_work+0x244/0x5f0
+ worker_thread+0x4d/0x3e0
+ kthread+0x105/0x140
+ ? process_one_work+0x5f0/0x5f0
+ ? kthread_park+0x90/0x90
+ ret_from_fork+0x3a/0x50
+
+Signed-off-by: Luis Henriques <lhenriques@suse.com>
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+---
+ fs/ceph/inode.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/fs/ceph/inode.c
++++ b/fs/ceph/inode.c
+@@ -744,6 +744,7 @@ static int fill_inode(struct inode *inod
+ int issued = 0, implemented, new_issued;
+ struct timespec mtime, atime, ctime;
+ struct ceph_buffer *xattr_blob = NULL;
++ struct ceph_buffer *old_blob = NULL;
+ struct ceph_string *pool_ns = NULL;
+ struct ceph_cap *new_cap = NULL;
+ int err = 0;
+@@ -874,7 +875,7 @@ static int fill_inode(struct inode *inod
+ if ((ci->i_xattrs.version == 0 || !(issued & CEPH_CAP_XATTR_EXCL)) &&
+ le64_to_cpu(info->xattr_version) > ci->i_xattrs.version) {
+ if (ci->i_xattrs.blob)
+- ceph_buffer_put(ci->i_xattrs.blob);
++ old_blob = ci->i_xattrs.blob;
+ ci->i_xattrs.blob = xattr_blob;
+ if (xattr_blob)
+ memcpy(ci->i_xattrs.blob->vec.iov_base,
+@@ -1019,8 +1020,8 @@ static int fill_inode(struct inode *inod
+ out:
+ if (new_cap)
+ ceph_put_cap(mdsc, new_cap);
+- if (xattr_blob)
+- ceph_buffer_put(xattr_blob);
++ ceph_buffer_put(old_blob);
++ ceph_buffer_put(xattr_blob);
+ ceph_put_string(pool_ns);
+ return err;
+ }
diff --git a/patches.suse/ceph-fix-ceph-dir-rctime-vxattr-value.patch b/patches.suse/ceph-fix-ceph-dir-rctime-vxattr-value.patch
new file mode 100644
index 0000000000..b54da58a5e
--- /dev/null
+++ b/patches.suse/ceph-fix-ceph-dir-rctime-vxattr-value.patch
@@ -0,0 +1,31 @@
+From: David Disseldorp <ddiss@suse.de>
+Date: Wed, 15 May 2019 16:56:39 +0200
+Subject: ceph: fix "ceph.dir.rctime" vxattr value
+Git-commit: 718807289d4130be1fe13f24f018733116958070
+Patch-mainline: v5.3-rc1
+References: bsc#1148133 bsc#1135219
+
+The vxattr value incorrectly places a "09" prefix to the nanoseconds
+field, instead of providing it as a zero-pad width specifier after '%'.
+
+Fixes: 3489b42a72a4 ("ceph: fix three bugs, two in ceph_vxattrcb_file_layout()")
+Link: https://tracker.ceph.com/issues/39943
+Signed-off-by: David Disseldorp <ddiss@suse.de>
+Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Acked-by: Luis Henriques <lhenriques@suse.com>
+---
+ fs/ceph/xattr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/ceph/xattr.c
++++ b/fs/ceph/xattr.c
+@@ -223,7 +223,7 @@ static size_t ceph_vxattrcb_dir_rbytes(s
+ static size_t ceph_vxattrcb_dir_rctime(struct ceph_inode_info *ci, char *val,
+ size_t size)
+ {
+- return snprintf(val, size, "%ld.09%ld", (long)ci->i_rctime.tv_sec,
++ return snprintf(val, size, "%ld.%09ld", (long)ci->i_rctime.tv_sec,
+ (long)ci->i_rctime.tv_nsec);
+ }
+
diff --git a/patches.suse/ceph-fix-improper-use-of-smp_mb__before_atomic.patch b/patches.suse/ceph-fix-improper-use-of-smp_mb__before_atomic.patch
new file mode 100644
index 0000000000..97b6034377
--- /dev/null
+++ b/patches.suse/ceph-fix-improper-use-of-smp_mb__before_atomic.patch
@@ -0,0 +1,42 @@
+From: Andrea Parri <andrea.parri@amarulasolutions.com>
+Date: Mon, 20 May 2019 19:23:58 +0200
+Subject: ceph: fix improper use of smp_mb__before_atomic()
+Git-commit: 749607731e26dfb2558118038c40e9c0c80d23b5
+Patch-mainline: v5.3-rc1
+References: bsc#1148133
+
+This barrier only applies to the read-modify-write operations; in
+particular, it does not apply to the atomic64_set() primitive.
+
+Replace the barrier with an smp_mb().
+
+Fixes: fdd4e15838e59 ("ceph: rework dcache readdir")
+Reported-by: "Paul E. McKenney" <paulmck@linux.ibm.com>
+Reported-by: Peter Zijlstra <peterz@infradead.org>
+Signed-off-by: Andrea Parri <andrea.parri@amarulasolutions.com>
+Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Acked-by: Luis Henriques <lhenriques@suse.com>
+---
+ fs/ceph/super.h | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/fs/ceph/super.h b/fs/ceph/super.h
+index 7209548527ab..29ea4eba98fe 100644
+--- a/fs/ceph/super.h
++++ b/fs/ceph/super.h
+@@ -545,7 +545,12 @@ static inline void __ceph_dir_set_complete(struct ceph_inode_info *ci,
+ long long release_count,
+ long long ordered_count)
+ {
+- smp_mb__before_atomic();
++ /*
++ * Makes sure operations that setup readdir cache (update page
++ * cache and i_size) are strongly ordered w.r.t. the following
++ * atomic64_set() operations.
++ */
++ smp_mb();
+ atomic64_set(&ci->i_complete_seq[0], release_count);
+ atomic64_set(&ci->i_complete_seq[1], ordered_count);
+ }
+
diff --git a/patches.suse/ceph-hold-i_ceph_lock-when-removing-caps-for-freeing-inode.patch b/patches.suse/ceph-hold-i_ceph_lock-when-removing-caps-for-freeing-inode.patch
new file mode 100644
index 0000000000..30c6488231
--- /dev/null
+++ b/patches.suse/ceph-hold-i_ceph_lock-when-removing-caps-for-freeing-inode.patch
@@ -0,0 +1,48 @@
+From: "Yan, Zheng" <zyan@redhat.com>
+Date: Thu, 23 May 2019 11:01:37 +0800
+Subject: ceph: hold i_ceph_lock when removing caps for freeing inode
+Git-commit: d6e47819721ae2d9d090058ad5570a66f3c42e39
+Patch-mainline: v5.3-rc1
+References: bsc#1148133
+
+ceph_d_revalidate(, LOOKUP_RCU) may call __ceph_caps_issued_mask()
+on a freeing inode.
+
+Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
+Reviewed-by: Jeff Layton <jlayton@redhat.com>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Acked-by: Luis Henriques <lhenriques@suse.com>
+[luis: modified ceph_queue_caps_release() instead of __ceph_remove_caps,
+ as in stable 4.14]
+---
+ fs/ceph/caps.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/fs/ceph/caps.c
++++ b/fs/ceph/caps.c
+@@ -1239,20 +1239,23 @@ static int send_cap_msg(struct cap_msg_a
+ }
+
+ /*
+- * Queue cap releases when an inode is dropped from our cache. Since
+- * inode is about to be destroyed, there is no need for i_ceph_lock.
++ * Queue cap releases when an inode is dropped from our cache.
+ */
+ void ceph_queue_caps_release(struct inode *inode)
+ {
+ struct ceph_inode_info *ci = ceph_inode(inode);
+ struct rb_node *p;
+
++ /* lock i_ceph_lock, because ceph_d_revalidate(..., LOOKUP_RCU)
++ * may call __ceph_caps_issued_mask() on a freeing inode. */
++ spin_lock(&ci->i_ceph_lock);
+ p = rb_first(&ci->i_caps);
+ while (p) {
+ struct ceph_cap *cap = rb_entry(p, struct ceph_cap, ci_node);
+ p = rb_next(p);
+ __ceph_remove_cap(cap, true);
+ }
++ spin_unlock(&ci->i_ceph_lock);
+ }
+
+ /*
diff --git a/patches.suse/ceph-remove-request-from-waiting-list-before-unregister.patch b/patches.suse/ceph-remove-request-from-waiting-list-before-unregister.patch
new file mode 100644
index 0000000000..8f6074ae19
--- /dev/null
+++ b/patches.suse/ceph-remove-request-from-waiting-list-before-unregister.patch
@@ -0,0 +1,37 @@
+From: "Yan, Zheng" <zyan@redhat.com>
+Date: Fri, 14 Jun 2019 10:55:05 +0800
+Subject: ceph: remove request from waiting list before unregister
+Git-commit: 428138c9892fac19a682973bbb6d8c2a904b6639
+Patch-mainline: v5.3-rc1
+References: bsc#1148133
+
+Link: https://tracker.ceph.com/issues/40339
+Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
+Reviewed-by: Jeff Layton <jlayton@redhat.com>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Acked-by: Luis Henriques <lhenriques@suse.com>
+---
+ fs/ceph/mds_client.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
+index fcea46a54622..598a3fa280a7 100644
+--- a/fs/ceph/mds_client.c
++++ b/fs/ceph/mds_client.c
+@@ -727,6 +727,7 @@ void ceph_mdsc_release_request(struct kref *kref)
+ ceph_pagelist_release(req->r_pagelist);
+ put_request_session(req);
+ ceph_unreserve_caps(req->r_mdsc, &req->r_caps_reservation);
++ WARN_ON_ONCE(!list_empty(&req->r_wait));
+ kfree(req);
+ }
+
+@@ -4162,6 +4163,7 @@ static void wait_requests(struct ceph_mds_client *mdsc)
+ while ((req = __get_oldest_req(mdsc))) {
+ dout("wait_requests timed out on tid %llu\n",
+ req->r_tid);
++ list_del_init(&req->r_wait);
+ __unregister_request(mdsc, req);
+ }
+ }
+
diff --git a/patches.suse/ceph-silence-a-checker-warning-in-mdsc_show.patch b/patches.suse/ceph-silence-a-checker-warning-in-mdsc_show.patch
new file mode 100644
index 0000000000..2c659bed7e
--- /dev/null
+++ b/patches.suse/ceph-silence-a-checker-warning-in-mdsc_show.patch
@@ -0,0 +1,37 @@
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Thu, 9 May 2019 13:11:25 +0300
+Subject: ceph: silence a checker warning in mdsc_show()
+Git-commit: 13c41737b912a6f6354369c9b20a02c3868ab304
+Patch-mainline: v5.3-rc1
+References: bsc#1148133
+
+The problem is that if ceph_mdsc_build_path() fails then we set "path"
+to NULL and the "pathlen" variable is uninitialized. Then we call
+ceph_mdsc_free_path(path, pathlen) to clean up. Since "path" is NULL,
+the function is a no-op but Smatch and UBSan still complain that
+"pathlen" is uninitialized.
+
+This patch doesn't change run time, it just silence the warnings.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Acked-by: Luis Henriques <lhenriques@suse.com>
+---
+ fs/ceph/debugfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/ceph/debugfs.c b/fs/ceph/debugfs.c
+index b3fc5fe26a1a..a14d64664878 100644
+--- a/fs/ceph/debugfs.c
++++ b/fs/ceph/debugfs.c
+@@ -52,7 +52,7 @@ static int mdsc_show(struct seq_file *s, void *p)
+ struct ceph_mds_client *mdsc = fsc->mdsc;
+ struct ceph_mds_request *req;
+ struct rb_node *rp;
+- int pathlen;
++ int pathlen = 0;
+ u64 pathbase;
+ char *path;
+
+
diff --git a/patches.suse/libceph-allow-ceph_buffer_put-to-receive-a-null-ceph_buffer.patch b/patches.suse/libceph-allow-ceph_buffer_put-to-receive-a-null-ceph_buffer.patch
new file mode 100644
index 0000000000..e4cf896236
--- /dev/null
+++ b/patches.suse/libceph-allow-ceph_buffer_put-to-receive-a-null-ceph_buffer.patch
@@ -0,0 +1,29 @@
+From: Luis Henriques <lhenriques@suse.com>
+Date: Fri, 19 Jul 2019 15:32:19 +0100
+Subject: libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
+Git-commit: 5c498950f730aa17c5f8a2cdcb903524e4002ed2
+Patch-mainline: v5.3-rc6
+References: bsc#1148133
+
+Signed-off-by: Luis Henriques <lhenriques@suse.com>
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+---
+ include/linux/ceph/buffer.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/include/linux/ceph/buffer.h b/include/linux/ceph/buffer.h
+index 5e58bb29b1a3..11cdc7c60480 100644
+--- a/include/linux/ceph/buffer.h
++++ b/include/linux/ceph/buffer.h
+@@ -30,7 +30,8 @@ static inline struct ceph_buffer *ceph_buffer_get(struct ceph_buffer *b)
+
+ static inline void ceph_buffer_put(struct ceph_buffer *b)
+ {
+- kref_put(&b->kref, ceph_buffer_release);
++ if (b)
++ kref_put(&b->kref, ceph_buffer_release);
+ }
+
+ extern int ceph_decode_buffer(struct ceph_buffer **b, void **p, void *end);
+
diff --git a/patches.suse/libceph-fix-pg-split-vs-osd-reconnect-race.patch b/patches.suse/libceph-fix-pg-split-vs-osd-reconnect-race.patch
new file mode 100644
index 0000000000..211e407664
--- /dev/null
+++ b/patches.suse/libceph-fix-pg-split-vs-osd-reconnect-race.patch
@@ -0,0 +1,71 @@
+From: Ilya Dryomov <idryomov@gmail.com>
+Date: Tue, 20 Aug 2019 16:40:33 +0200
+Subject: libceph: fix PG split vs OSD (re)connect race
+Git-commit: a561372405cf6bc6f14239b3a9e57bb39f2788b0
+Patch-mainline: v5.3-rc6
+References: bsc#1148133
+
+We can't rely on ->peer_features in calc_target() because it may be
+called both when the OSD session is established and open and when it's
+not. ->peer_features is not valid unless the OSD session is open. If
+this happens on a PG split (pg_num increase), that could mean we don't
+resend a request that should have been resent, hanging the client
+indefinitely.
+
+In userspace this was fixed by looking at require_osd_release and
+get_xinfo[osd].features fields of the osdmap. However these fields
+belong to the OSD section of the osdmap, which the kernel doesn't
+decode (only the client section is decoded).
+
+Instead, let's drop this feature check. It effectively checks for
+luminous, so only pre-luminous OSDs would be affected in that on a PG
+split the kernel might resend a request that should not have been
+resent. Duplicates can occur in other scenarios, so both sides should
+already be prepared for them: see dup/replay logic on the OSD side and
+retry_attempt check on the client side.
+
+Cc: stable@vger.kernel.org
+Fixes: 7de030d6b10a ("libceph: resend on PG splits if OSD has RESEND_ON_SPLIT")
+Link: https://tracker.ceph.com/issues/41162
+Reported-by: Jerry Lee <leisurelysw24@gmail.com>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Tested-by: Jerry Lee <leisurelysw24@gmail.com>
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Acked-by: Luis Henriques <lhenriques@suse.com>
+---
+ net/ceph/osd_client.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
+index 0b2df09b2554..78ae6e8c953d 100644
+--- a/net/ceph/osd_client.c
++++ b/net/ceph/osd_client.c
+@@ -1496,7 +1496,7 @@ static enum calc_target_result calc_target(struct ceph_osd_client *osdc,
+ struct ceph_osds up, acting;
+ bool force_resend = false;
+ bool unpaused = false;
+- bool legacy_change;
++ bool legacy_change = false;
+ bool split = false;
+ bool sort_bitwise = ceph_osdmap_flag(osdc, CEPH_OSDMAP_SORTBITWISE);
+ bool recovery_deletes = ceph_osdmap_flag(osdc,
+@@ -1584,15 +1584,14 @@ static enum calc_target_result calc_target(struct ceph_osd_client *osdc,
+ t->osd = acting.primary;
+ }
+
+- if (unpaused || legacy_change || force_resend ||
+- (split && con && CEPH_HAVE_FEATURE(con->peer_features,
+- RESEND_ON_SPLIT)))
++ if (unpaused || legacy_change || force_resend || split)
+ ct_res = CALC_TARGET_NEED_RESEND;
+ else
+ ct_res = CALC_TARGET_NO_ACTION;
+
+ out:
+- dout("%s t %p -> ct_res %d osd %d\n", __func__, t, ct_res, t->osd);
++ dout("%s t %p -> %d%d%d%d ct_res %d osd%d\n", __func__, t, unpaused,
++ legacy_change, force_resend, split, ct_res, t->osd);
+ return ct_res;
+ }
+
+
diff --git a/series.conf b/series.conf
index 7544c4c1d8..01805f69ff 100644
--- a/series.conf
+++ b/series.conf
@@ -23909,7 +23909,13 @@
patches.suse/ALSA-hda-realtek-Fixed-Headphone-Mic-can-t-record-on.patch
patches.suse/ALSA-hda-realtek-apply-ALC891-headset-fixup-to-one-D.patch
patches.suse/ALSA-seq-Break-too-long-mutex-context-in-the-write-l.patch
+ patches.suse/ceph-silence-a-checker-warning-in-mdsc_show.patch
patches.suse/ceph-clean-up-ceph-dir-pin-vxattr-name-sizeof.patch
+ patches.suse/ceph-fix-ceph-dir-rctime-vxattr-value.patch
+ patches.suse/ceph-fix-improper-use-of-smp_mb__before_atomic.patch
+ patches.suse/ceph-hold-i_ceph_lock-when-removing-caps-for-freeing-inode.patch
+ patches.suse/ceph-don-t-blindly-unregister-session-that-is-in-opening-state.patch
+ patches.suse/ceph-remove-request-from-waiting-list-before-unregister.patch
patches.suse/cifs-Use-kmemdup-in-SMB2_ioctl_init-.patch
patches.suse/fs-cifs-Drop-unlikely-before-IS_ERR-_OR_NULL-.patch
patches.suse/SMB3-Add-SMB3-1-1-GCM-to-negotiated-crypto-algorigthms.patch
@@ -24121,6 +24127,12 @@
patches.suse/0001-HID-wacom-correct-misreported-EKR-ring-values.patch
patches.suse/drm-mediatek-use-correct-device-to-import-PRIME-buff.patch
patches.suse/drm-mediatek-mtk_drm_drv.c-Add-of_node_put-before-go.patch
+ patches.suse/libceph-allow-ceph_buffer_put-to-receive-a-null-ceph_buffer.patch
+ patches.suse/ceph-fix-buffer-free-while-holding-i_ceph_lock-in-_ceph_setxattr.patch
+ patches.suse/ceph-fix-buffer-free-while-holding-i_ceph_lock-in-_ceph_build_xattrs_blob.patch
+ patches.suse/ceph-fix-buffer-free-while-holding-i_ceph_lock-in-fill_inode.patch
+ patches.suse/ceph-don-t-try-fill-file_lock-on-unsuccessful-getfilelock-reply.patch
+ patches.suse/libceph-fix-pg-split-vs-osd-reconnect-race.patch
patches.suse/vfs-fix-page-locking-deadlocks-when-deduping-files.patch
patches.suse/fs-xfs-Fix-return-code-of-xfs_break_leased_layouts.patch
patches.suse/Revert-dm-bufio-fix-deadlock-with-loop-device.patch