Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.4 commit in: /
Date: Wed, 16 Jan 2019 23:27:59
Message-Id: 1547681232.b3ebb4c67c366cb01773ce5833866b9b489a483f.mpagano@gentoo
1 commit: b3ebb4c67c366cb01773ce5833866b9b489a483f
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Wed Jan 16 23:27:12 2019 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Wed Jan 16 23:27:12 2019 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=b3ebb4c6
7
8 proj/linux-patches: Linux patch 4.4.171
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1170_linux-4.4.171.patch | 2650 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 2654 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index ff5384e..fb7be63 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -723,6 +723,10 @@ Patch: 1169_linux-4.4.170.patch
21 From: http://www.kernel.org
22 Desc: Linux 4.4.170
23
24 +Patch: 1170_linux-4.4.171.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 4.4.171
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1170_linux-4.4.171.patch b/1170_linux-4.4.171.patch
33 new file mode 100644
34 index 0000000..4061abc
35 --- /dev/null
36 +++ b/1170_linux-4.4.171.patch
37 @@ -0,0 +1,2650 @@
38 +diff --git a/Makefile b/Makefile
39 +index bc58f206c0da..c6b680faedd8 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,6 +1,6 @@
43 + VERSION = 4
44 + PATCHLEVEL = 4
45 +-SUBLEVEL = 170
46 ++SUBLEVEL = 171
47 + EXTRAVERSION =
48 + NAME = Blurry Fish Butt
49 +
50 +diff --git a/crypto/cts.c b/crypto/cts.c
51 +index e467ec0acf9f..e65688d6a4ca 100644
52 +--- a/crypto/cts.c
53 ++++ b/crypto/cts.c
54 +@@ -137,8 +137,8 @@ static int crypto_cts_encrypt(struct blkcipher_desc *desc,
55 + lcldesc.info = desc->info;
56 + lcldesc.flags = desc->flags;
57 +
58 +- if (tot_blocks == 1) {
59 +- err = crypto_blkcipher_encrypt_iv(&lcldesc, dst, src, bsize);
60 ++ if (tot_blocks <= 1) {
61 ++ err = crypto_blkcipher_encrypt_iv(&lcldesc, dst, src, nbytes);
62 + } else if (nbytes <= bsize * 2) {
63 + err = cts_cbc_encrypt(ctx, desc, dst, src, 0, nbytes);
64 + } else {
65 +@@ -232,8 +232,8 @@ static int crypto_cts_decrypt(struct blkcipher_desc *desc,
66 + lcldesc.info = desc->info;
67 + lcldesc.flags = desc->flags;
68 +
69 +- if (tot_blocks == 1) {
70 +- err = crypto_blkcipher_decrypt_iv(&lcldesc, dst, src, bsize);
71 ++ if (tot_blocks <= 1) {
72 ++ err = crypto_blkcipher_decrypt_iv(&lcldesc, dst, src, nbytes);
73 + } else if (nbytes <= bsize * 2) {
74 + err = cts_cbc_decrypt(ctx, desc, dst, src, 0, nbytes);
75 + } else {
76 +diff --git a/drivers/acpi/power.c b/drivers/acpi/power.c
77 +index 1c2b846c5776..f28b4949cb9d 100644
78 +--- a/drivers/acpi/power.c
79 ++++ b/drivers/acpi/power.c
80 +@@ -131,6 +131,23 @@ void acpi_power_resources_list_free(struct list_head *list)
81 + }
82 + }
83 +
84 ++static bool acpi_power_resource_is_dup(union acpi_object *package,
85 ++ unsigned int start, unsigned int i)
86 ++{
87 ++ acpi_handle rhandle, dup;
88 ++ unsigned int j;
89 ++
90 ++ /* The caller is expected to check the package element types */
91 ++ rhandle = package->package.elements[i].reference.handle;
92 ++ for (j = start; j < i; j++) {
93 ++ dup = package->package.elements[j].reference.handle;
94 ++ if (dup == rhandle)
95 ++ return true;
96 ++ }
97 ++
98 ++ return false;
99 ++}
100 ++
101 + int acpi_extract_power_resources(union acpi_object *package, unsigned int start,
102 + struct list_head *list)
103 + {
104 +@@ -150,6 +167,11 @@ int acpi_extract_power_resources(union acpi_object *package, unsigned int start,
105 + err = -ENODEV;
106 + break;
107 + }
108 ++
109 ++ /* Some ACPI tables contain duplicate power resource references */
110 ++ if (acpi_power_resource_is_dup(package, start, i))
111 ++ continue;
112 ++
113 + err = acpi_add_power_resource(rhandle);
114 + if (err)
115 + break;
116 +diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c
117 +index 94c837046786..57e3790c87b1 100644
118 +--- a/drivers/i2c/i2c-dev.c
119 ++++ b/drivers/i2c/i2c-dev.c
120 +@@ -459,9 +459,15 @@ static long i2cdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
121 + return i2cdev_ioctl_smbus(client, arg);
122 +
123 + case I2C_RETRIES:
124 ++ if (arg > INT_MAX)
125 ++ return -EINVAL;
126 ++
127 + client->adapter->retries = arg;
128 + break;
129 + case I2C_TIMEOUT:
130 ++ if (arg > INT_MAX)
131 ++ return -EINVAL;
132 ++
133 + /* For historical reasons, user-space sets the timeout
134 + * value in units of 10 ms.
135 + */
136 +diff --git a/drivers/pci/host/pcie-altera.c b/drivers/pci/host/pcie-altera.c
137 +index 99da549d5d06..0118287a8a10 100644
138 +--- a/drivers/pci/host/pcie-altera.c
139 ++++ b/drivers/pci/host/pcie-altera.c
140 +@@ -40,8 +40,10 @@
141 + #define P2A_INT_ENABLE 0x3070
142 + #define P2A_INT_ENA_ALL 0xf
143 + #define RP_LTSSM 0x3c64
144 ++#define RP_LTSSM_MASK 0x1f
145 + #define LTSSM_L0 0xf
146 +
147 ++#define PCIE_CAP_OFFSET 0x80
148 + /* TLP configuration type 0 and 1 */
149 + #define TLP_FMTTYPE_CFGRD0 0x04 /* Configuration Read Type 0 */
150 + #define TLP_FMTTYPE_CFGWR0 0x44 /* Configuration Write Type 0 */
151 +@@ -60,6 +62,9 @@
152 + #define TLP_LOOP 500
153 + #define RP_DEVFN 0
154 +
155 ++#define LINK_UP_TIMEOUT HZ
156 ++#define LINK_RETRAIN_TIMEOUT HZ
157 ++
158 + #define INTX_NUM 4
159 +
160 + #define DWORD_MASK 3
161 +@@ -80,25 +85,21 @@ struct tlp_rp_regpair_t {
162 + u32 reg1;
163 + };
164 +
165 +-static void altera_pcie_retrain(struct pci_dev *dev)
166 ++static inline void cra_writel(struct altera_pcie *pcie, const u32 value,
167 ++ const u32 reg)
168 + {
169 +- u16 linkcap, linkstat;
170 +-
171 +- /*
172 +- * Set the retrain bit if the PCIe rootport support > 2.5GB/s, but
173 +- * current speed is 2.5 GB/s.
174 +- */
175 +- pcie_capability_read_word(dev, PCI_EXP_LNKCAP, &linkcap);
176 ++ writel_relaxed(value, pcie->cra_base + reg);
177 ++}
178 +
179 +- if ((linkcap & PCI_EXP_LNKCAP_SLS) <= PCI_EXP_LNKCAP_SLS_2_5GB)
180 +- return;
181 ++static inline u32 cra_readl(struct altera_pcie *pcie, const u32 reg)
182 ++{
183 ++ return readl_relaxed(pcie->cra_base + reg);
184 ++}
185 +
186 +- pcie_capability_read_word(dev, PCI_EXP_LNKSTA, &linkstat);
187 +- if ((linkstat & PCI_EXP_LNKSTA_CLS) == PCI_EXP_LNKSTA_CLS_2_5GB)
188 +- pcie_capability_set_word(dev, PCI_EXP_LNKCTL,
189 +- PCI_EXP_LNKCTL_RL);
190 ++static bool altera_pcie_link_is_up(struct altera_pcie *pcie)
191 ++{
192 ++ return !!((cra_readl(pcie, RP_LTSSM) & RP_LTSSM_MASK) == LTSSM_L0);
193 + }
194 +-DECLARE_PCI_FIXUP_EARLY(0x1172, PCI_ANY_ID, altera_pcie_retrain);
195 +
196 + /*
197 + * Altera PCIe port uses BAR0 of RC's configuration space as the translation
198 +@@ -119,17 +120,6 @@ static bool altera_pcie_hide_rc_bar(struct pci_bus *bus, unsigned int devfn,
199 + return false;
200 + }
201 +
202 +-static inline void cra_writel(struct altera_pcie *pcie, const u32 value,
203 +- const u32 reg)
204 +-{
205 +- writel_relaxed(value, pcie->cra_base + reg);
206 +-}
207 +-
208 +-static inline u32 cra_readl(struct altera_pcie *pcie, const u32 reg)
209 +-{
210 +- return readl_relaxed(pcie->cra_base + reg);
211 +-}
212 +-
213 + static void tlp_write_tx(struct altera_pcie *pcie,
214 + struct tlp_rp_regpair_t *tlp_rp_regdata)
215 + {
216 +@@ -138,11 +128,6 @@ static void tlp_write_tx(struct altera_pcie *pcie,
217 + cra_writel(pcie, tlp_rp_regdata->ctrl, RP_TX_CNTRL);
218 + }
219 +
220 +-static bool altera_pcie_link_is_up(struct altera_pcie *pcie)
221 +-{
222 +- return !!(cra_readl(pcie, RP_LTSSM) & LTSSM_L0);
223 +-}
224 +-
225 + static bool altera_pcie_valid_config(struct altera_pcie *pcie,
226 + struct pci_bus *bus, int dev)
227 + {
228 +@@ -286,22 +271,14 @@ static int tlp_cfg_dword_write(struct altera_pcie *pcie, u8 bus, u32 devfn,
229 + return PCIBIOS_SUCCESSFUL;
230 + }
231 +
232 +-static int altera_pcie_cfg_read(struct pci_bus *bus, unsigned int devfn,
233 +- int where, int size, u32 *value)
234 ++static int _altera_pcie_cfg_read(struct altera_pcie *pcie, u8 busno,
235 ++ unsigned int devfn, int where, int size,
236 ++ u32 *value)
237 + {
238 +- struct altera_pcie *pcie = bus->sysdata;
239 + int ret;
240 + u32 data;
241 + u8 byte_en;
242 +
243 +- if (altera_pcie_hide_rc_bar(bus, devfn, where))
244 +- return PCIBIOS_BAD_REGISTER_NUMBER;
245 +-
246 +- if (!altera_pcie_valid_config(pcie, bus, PCI_SLOT(devfn))) {
247 +- *value = 0xffffffff;
248 +- return PCIBIOS_DEVICE_NOT_FOUND;
249 +- }
250 +-
251 + switch (size) {
252 + case 1:
253 + byte_en = 1 << (where & 3);
254 +@@ -314,7 +291,7 @@ static int altera_pcie_cfg_read(struct pci_bus *bus, unsigned int devfn,
255 + break;
256 + }
257 +
258 +- ret = tlp_cfg_dword_read(pcie, bus->number, devfn,
259 ++ ret = tlp_cfg_dword_read(pcie, busno, devfn,
260 + (where & ~DWORD_MASK), byte_en, &data);
261 + if (ret != PCIBIOS_SUCCESSFUL)
262 + return ret;
263 +@@ -334,20 +311,14 @@ static int altera_pcie_cfg_read(struct pci_bus *bus, unsigned int devfn,
264 + return PCIBIOS_SUCCESSFUL;
265 + }
266 +
267 +-static int altera_pcie_cfg_write(struct pci_bus *bus, unsigned int devfn,
268 +- int where, int size, u32 value)
269 ++static int _altera_pcie_cfg_write(struct altera_pcie *pcie, u8 busno,
270 ++ unsigned int devfn, int where, int size,
271 ++ u32 value)
272 + {
273 +- struct altera_pcie *pcie = bus->sysdata;
274 + u32 data32;
275 + u32 shift = 8 * (where & 3);
276 + u8 byte_en;
277 +
278 +- if (altera_pcie_hide_rc_bar(bus, devfn, where))
279 +- return PCIBIOS_BAD_REGISTER_NUMBER;
280 +-
281 +- if (!altera_pcie_valid_config(pcie, bus, PCI_SLOT(devfn)))
282 +- return PCIBIOS_DEVICE_NOT_FOUND;
283 +-
284 + switch (size) {
285 + case 1:
286 + data32 = (value & 0xff) << shift;
287 +@@ -363,8 +334,40 @@ static int altera_pcie_cfg_write(struct pci_bus *bus, unsigned int devfn,
288 + break;
289 + }
290 +
291 +- return tlp_cfg_dword_write(pcie, bus->number, devfn,
292 +- (where & ~DWORD_MASK), byte_en, data32);
293 ++ return tlp_cfg_dword_write(pcie, busno, devfn, (where & ~DWORD_MASK),
294 ++ byte_en, data32);
295 ++}
296 ++
297 ++static int altera_pcie_cfg_read(struct pci_bus *bus, unsigned int devfn,
298 ++ int where, int size, u32 *value)
299 ++{
300 ++ struct altera_pcie *pcie = bus->sysdata;
301 ++
302 ++ if (altera_pcie_hide_rc_bar(bus, devfn, where))
303 ++ return PCIBIOS_BAD_REGISTER_NUMBER;
304 ++
305 ++ if (!altera_pcie_valid_config(pcie, bus, PCI_SLOT(devfn))) {
306 ++ *value = 0xffffffff;
307 ++ return PCIBIOS_DEVICE_NOT_FOUND;
308 ++ }
309 ++
310 ++ return _altera_pcie_cfg_read(pcie, bus->number, devfn, where, size,
311 ++ value);
312 ++}
313 ++
314 ++static int altera_pcie_cfg_write(struct pci_bus *bus, unsigned int devfn,
315 ++ int where, int size, u32 value)
316 ++{
317 ++ struct altera_pcie *pcie = bus->sysdata;
318 ++
319 ++ if (altera_pcie_hide_rc_bar(bus, devfn, where))
320 ++ return PCIBIOS_BAD_REGISTER_NUMBER;
321 ++
322 ++ if (!altera_pcie_valid_config(pcie, bus, PCI_SLOT(devfn)))
323 ++ return PCIBIOS_DEVICE_NOT_FOUND;
324 ++
325 ++ return _altera_pcie_cfg_write(pcie, bus->number, devfn, where, size,
326 ++ value);
327 + }
328 +
329 + static struct pci_ops altera_pcie_ops = {
330 +@@ -372,6 +375,90 @@ static struct pci_ops altera_pcie_ops = {
331 + .write = altera_pcie_cfg_write,
332 + };
333 +
334 ++static int altera_read_cap_word(struct altera_pcie *pcie, u8 busno,
335 ++ unsigned int devfn, int offset, u16 *value)
336 ++{
337 ++ u32 data;
338 ++ int ret;
339 ++
340 ++ ret = _altera_pcie_cfg_read(pcie, busno, devfn,
341 ++ PCIE_CAP_OFFSET + offset, sizeof(*value),
342 ++ &data);
343 ++ *value = data;
344 ++ return ret;
345 ++}
346 ++
347 ++static int altera_write_cap_word(struct altera_pcie *pcie, u8 busno,
348 ++ unsigned int devfn, int offset, u16 value)
349 ++{
350 ++ return _altera_pcie_cfg_write(pcie, busno, devfn,
351 ++ PCIE_CAP_OFFSET + offset, sizeof(value),
352 ++ value);
353 ++}
354 ++
355 ++static void altera_wait_link_retrain(struct altera_pcie *pcie)
356 ++{
357 ++ u16 reg16;
358 ++ unsigned long start_jiffies;
359 ++
360 ++ /* Wait for link training end. */
361 ++ start_jiffies = jiffies;
362 ++ for (;;) {
363 ++ altera_read_cap_word(pcie, pcie->root_bus_nr, RP_DEVFN,
364 ++ PCI_EXP_LNKSTA, &reg16);
365 ++ if (!(reg16 & PCI_EXP_LNKSTA_LT))
366 ++ break;
367 ++
368 ++ if (time_after(jiffies, start_jiffies + LINK_RETRAIN_TIMEOUT)) {
369 ++ dev_err(&pcie->pdev->dev, "link retrain timeout\n");
370 ++ break;
371 ++ }
372 ++ udelay(100);
373 ++ }
374 ++
375 ++ /* Wait for link is up */
376 ++ start_jiffies = jiffies;
377 ++ for (;;) {
378 ++ if (altera_pcie_link_is_up(pcie))
379 ++ break;
380 ++
381 ++ if (time_after(jiffies, start_jiffies + LINK_UP_TIMEOUT)) {
382 ++ dev_err(&pcie->pdev->dev, "link up timeout\n");
383 ++ break;
384 ++ }
385 ++ udelay(100);
386 ++ }
387 ++}
388 ++
389 ++static void altera_pcie_retrain(struct altera_pcie *pcie)
390 ++{
391 ++ u16 linkcap, linkstat, linkctl;
392 ++
393 ++ if (!altera_pcie_link_is_up(pcie))
394 ++ return;
395 ++
396 ++ /*
397 ++ * Set the retrain bit if the PCIe rootport support > 2.5GB/s, but
398 ++ * current speed is 2.5 GB/s.
399 ++ */
400 ++ altera_read_cap_word(pcie, pcie->root_bus_nr, RP_DEVFN, PCI_EXP_LNKCAP,
401 ++ &linkcap);
402 ++ if ((linkcap & PCI_EXP_LNKCAP_SLS) <= PCI_EXP_LNKCAP_SLS_2_5GB)
403 ++ return;
404 ++
405 ++ altera_read_cap_word(pcie, pcie->root_bus_nr, RP_DEVFN, PCI_EXP_LNKSTA,
406 ++ &linkstat);
407 ++ if ((linkstat & PCI_EXP_LNKSTA_CLS) == PCI_EXP_LNKSTA_CLS_2_5GB) {
408 ++ altera_read_cap_word(pcie, pcie->root_bus_nr, RP_DEVFN,
409 ++ PCI_EXP_LNKCTL, &linkctl);
410 ++ linkctl |= PCI_EXP_LNKCTL_RL;
411 ++ altera_write_cap_word(pcie, pcie->root_bus_nr, RP_DEVFN,
412 ++ PCI_EXP_LNKCTL, linkctl);
413 ++
414 ++ altera_wait_link_retrain(pcie);
415 ++ }
416 ++}
417 ++
418 + static int altera_pcie_intx_map(struct irq_domain *domain, unsigned int irq,
419 + irq_hw_number_t hwirq)
420 + {
421 +@@ -506,6 +593,11 @@ static int altera_pcie_parse_dt(struct altera_pcie *pcie)
422 + return 0;
423 + }
424 +
425 ++static void altera_pcie_host_init(struct altera_pcie *pcie)
426 ++{
427 ++ altera_pcie_retrain(pcie);
428 ++}
429 ++
430 + static int altera_pcie_probe(struct platform_device *pdev)
431 + {
432 + struct altera_pcie *pcie;
433 +@@ -543,6 +635,7 @@ static int altera_pcie_probe(struct platform_device *pdev)
434 + cra_writel(pcie, P2A_INT_STS_ALL, P2A_INT_STATUS);
435 + /* enable all interrupts */
436 + cra_writel(pcie, P2A_INT_ENA_ALL, P2A_INT_ENABLE);
437 ++ altera_pcie_host_init(pcie);
438 +
439 + bus = pci_scan_root_bus(&pdev->dev, pcie->root_bus_nr, &altera_pcie_ops,
440 + pcie, &pcie->resources);
441 +diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
442 +index 3919ea066bf9..736de1021d8b 100644
443 +--- a/drivers/usb/class/cdc-acm.c
444 ++++ b/drivers/usb/class/cdc-acm.c
445 +@@ -1885,6 +1885,13 @@ static const struct usb_device_id acm_ids[] = {
446 + .driver_info = IGNORE_DEVICE,
447 + },
448 +
449 ++ { USB_DEVICE(0x1bc7, 0x0021), /* Telit 3G ACM only composition */
450 ++ .driver_info = SEND_ZERO_PACKET,
451 ++ },
452 ++ { USB_DEVICE(0x1bc7, 0x0023), /* Telit 3G ACM + ECM composition */
453 ++ .driver_info = SEND_ZERO_PACKET,
454 ++ },
455 ++
456 + /* control interfaces without any protocol set */
457 + { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_ACM,
458 + USB_CDC_PROTO_NONE) },
459 +diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c
460 +index cf378b1ed373..733479ddf8a7 100644
461 +--- a/drivers/usb/core/quirks.c
462 ++++ b/drivers/usb/core/quirks.c
463 +@@ -240,7 +240,8 @@ static const struct usb_device_id usb_quirk_list[] = {
464 + USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL },
465 +
466 + /* Corsair K70 RGB */
467 +- { USB_DEVICE(0x1b1c, 0x1b13), .driver_info = USB_QUIRK_DELAY_INIT },
468 ++ { USB_DEVICE(0x1b1c, 0x1b13), .driver_info = USB_QUIRK_DELAY_INIT |
469 ++ USB_QUIRK_DELAY_CTRL_MSG },
470 +
471 + /* Corsair Strafe */
472 + { USB_DEVICE(0x1b1c, 0x1b15), .driver_info = USB_QUIRK_DELAY_INIT |
473 +diff --git a/drivers/usb/storage/scsiglue.c b/drivers/usb/storage/scsiglue.c
474 +index 6c186b4df94a..b3344a77dcce 100644
475 +--- a/drivers/usb/storage/scsiglue.c
476 ++++ b/drivers/usb/storage/scsiglue.c
477 +@@ -223,8 +223,12 @@ static int slave_configure(struct scsi_device *sdev)
478 + if (!(us->fflags & US_FL_NEEDS_CAP16))
479 + sdev->try_rc_10_first = 1;
480 +
481 +- /* assume SPC3 or latter devices support sense size > 18 */
482 +- if (sdev->scsi_level > SCSI_SPC_2)
483 ++ /*
484 ++ * assume SPC3 or latter devices support sense size > 18
485 ++ * unless US_FL_BAD_SENSE quirk is specified.
486 ++ */
487 ++ if (sdev->scsi_level > SCSI_SPC_2 &&
488 ++ !(us->fflags & US_FL_BAD_SENSE))
489 + us->fflags |= US_FL_SANE_SENSE;
490 +
491 + /* USB-IDE bridges tend to report SK = 0x04 (Non-recoverable
492 +diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h
493 +index 898215cad351..d92b974f0635 100644
494 +--- a/drivers/usb/storage/unusual_devs.h
495 ++++ b/drivers/usb/storage/unusual_devs.h
496 +@@ -1392,6 +1392,18 @@ UNUSUAL_DEV( 0x0d49, 0x7310, 0x0000, 0x9999,
497 + USB_SC_DEVICE, USB_PR_DEVICE, NULL,
498 + US_FL_SANE_SENSE),
499 +
500 ++/*
501 ++ * Reported by Icenowy Zheng <icenowy@××××.io>
502 ++ * The SMI SM3350 USB-UFS bridge controller will enter a wrong state
503 ++ * that do not process read/write command if a long sense is requested,
504 ++ * so force to use 18-byte sense.
505 ++ */
506 ++UNUSUAL_DEV( 0x090c, 0x3350, 0x0000, 0xffff,
507 ++ "SMI",
508 ++ "SM3350 UFS-to-USB-Mass-Storage bridge",
509 ++ USB_SC_DEVICE, USB_PR_DEVICE, NULL,
510 ++ US_FL_BAD_SENSE ),
511 ++
512 + /*
513 + * Pete Zaitcev <zaitcev@×××××.com>, bz#164688.
514 + * The device blatantly ignores LUN and returns 1 in GetMaxLUN.
515 +diff --git a/fs/btrfs/Makefile b/fs/btrfs/Makefile
516 +index 6d1d0b93b1aa..c792df826e12 100644
517 +--- a/fs/btrfs/Makefile
518 ++++ b/fs/btrfs/Makefile
519 +@@ -9,7 +9,7 @@ btrfs-y += super.o ctree.o extent-tree.o print-tree.o root-tree.o dir-item.o \
520 + export.o tree-log.o free-space-cache.o zlib.o lzo.o \
521 + compression.o delayed-ref.o relocation.o delayed-inode.o scrub.o \
522 + reada.o backref.o ulist.o qgroup.o send.o dev-replace.o raid56.o \
523 +- uuid-tree.o props.o hash.o
524 ++ uuid-tree.o props.o hash.o tree-checker.o
525 +
526 + btrfs-$(CONFIG_BTRFS_FS_POSIX_ACL) += acl.o
527 + btrfs-$(CONFIG_BTRFS_FS_CHECK_INTEGRITY) += check-integrity.o
528 +diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
529 +index 38ee08675468..8f4baa3cb992 100644
530 +--- a/fs/btrfs/ctree.c
531 ++++ b/fs/btrfs/ctree.c
532 +@@ -1726,20 +1726,6 @@ int btrfs_realloc_node(struct btrfs_trans_handle *trans,
533 + return err;
534 + }
535 +
536 +-/*
537 +- * The leaf data grows from end-to-front in the node.
538 +- * this returns the address of the start of the last item,
539 +- * which is the stop of the leaf data stack
540 +- */
541 +-static inline unsigned int leaf_data_end(struct btrfs_root *root,
542 +- struct extent_buffer *leaf)
543 +-{
544 +- u32 nr = btrfs_header_nritems(leaf);
545 +- if (nr == 0)
546 +- return BTRFS_LEAF_DATA_SIZE(root);
547 +- return btrfs_item_offset_nr(leaf, nr - 1);
548 +-}
549 +-
550 +
551 + /*
552 + * search for key in the extent_buffer. The items start at offset p,
553 +diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h
554 +index e847573c6db0..4a91d3119e59 100644
555 +--- a/fs/btrfs/ctree.h
556 ++++ b/fs/btrfs/ctree.h
557 +@@ -35,6 +35,7 @@
558 + #include <linux/btrfs.h>
559 + #include <linux/workqueue.h>
560 + #include <linux/security.h>
561 ++#include <linux/sizes.h>
562 + #include "extent_io.h"
563 + #include "extent_map.h"
564 + #include "async-thread.h"
565 +@@ -897,6 +898,7 @@ struct btrfs_balance_item {
566 + #define BTRFS_FILE_EXTENT_INLINE 0
567 + #define BTRFS_FILE_EXTENT_REG 1
568 + #define BTRFS_FILE_EXTENT_PREALLOC 2
569 ++#define BTRFS_FILE_EXTENT_TYPES 2
570 +
571 + struct btrfs_file_extent_item {
572 + /*
573 +@@ -2283,7 +2285,7 @@ do { \
574 + #define BTRFS_INODE_ROOT_ITEM_INIT (1 << 31)
575 +
576 + struct btrfs_map_token {
577 +- struct extent_buffer *eb;
578 ++ const struct extent_buffer *eb;
579 + char *kaddr;
580 + unsigned long offset;
581 + };
582 +@@ -2314,18 +2316,19 @@ static inline void btrfs_init_map_token (struct btrfs_map_token *token)
583 + sizeof(((type *)0)->member)))
584 +
585 + #define DECLARE_BTRFS_SETGET_BITS(bits) \
586 +-u##bits btrfs_get_token_##bits(struct extent_buffer *eb, void *ptr, \
587 +- unsigned long off, \
588 +- struct btrfs_map_token *token); \
589 +-void btrfs_set_token_##bits(struct extent_buffer *eb, void *ptr, \
590 ++u##bits btrfs_get_token_##bits(const struct extent_buffer *eb, \
591 ++ const void *ptr, unsigned long off, \
592 ++ struct btrfs_map_token *token); \
593 ++void btrfs_set_token_##bits(struct extent_buffer *eb, const void *ptr, \
594 + unsigned long off, u##bits val, \
595 + struct btrfs_map_token *token); \
596 +-static inline u##bits btrfs_get_##bits(struct extent_buffer *eb, void *ptr, \
597 ++static inline u##bits btrfs_get_##bits(const struct extent_buffer *eb, \
598 ++ const void *ptr, \
599 + unsigned long off) \
600 + { \
601 + return btrfs_get_token_##bits(eb, ptr, off, NULL); \
602 + } \
603 +-static inline void btrfs_set_##bits(struct extent_buffer *eb, void *ptr, \
604 ++static inline void btrfs_set_##bits(struct extent_buffer *eb, void *ptr,\
605 + unsigned long off, u##bits val) \
606 + { \
607 + btrfs_set_token_##bits(eb, ptr, off, val, NULL); \
608 +@@ -2337,7 +2340,8 @@ DECLARE_BTRFS_SETGET_BITS(32)
609 + DECLARE_BTRFS_SETGET_BITS(64)
610 +
611 + #define BTRFS_SETGET_FUNCS(name, type, member, bits) \
612 +-static inline u##bits btrfs_##name(struct extent_buffer *eb, type *s) \
613 ++static inline u##bits btrfs_##name(const struct extent_buffer *eb, \
614 ++ const type *s) \
615 + { \
616 + BUILD_BUG_ON(sizeof(u##bits) != sizeof(((type *)0))->member); \
617 + return btrfs_get_##bits(eb, s, offsetof(type, member)); \
618 +@@ -2348,7 +2352,8 @@ static inline void btrfs_set_##name(struct extent_buffer *eb, type *s, \
619 + BUILD_BUG_ON(sizeof(u##bits) != sizeof(((type *)0))->member); \
620 + btrfs_set_##bits(eb, s, offsetof(type, member), val); \
621 + } \
622 +-static inline u##bits btrfs_token_##name(struct extent_buffer *eb, type *s, \
623 ++static inline u##bits btrfs_token_##name(const struct extent_buffer *eb,\
624 ++ const type *s, \
625 + struct btrfs_map_token *token) \
626 + { \
627 + BUILD_BUG_ON(sizeof(u##bits) != sizeof(((type *)0))->member); \
628 +@@ -2363,9 +2368,9 @@ static inline void btrfs_set_token_##name(struct extent_buffer *eb, \
629 + }
630 +
631 + #define BTRFS_SETGET_HEADER_FUNCS(name, type, member, bits) \
632 +-static inline u##bits btrfs_##name(struct extent_buffer *eb) \
633 ++static inline u##bits btrfs_##name(const struct extent_buffer *eb) \
634 + { \
635 +- type *p = page_address(eb->pages[0]); \
636 ++ const type *p = page_address(eb->pages[0]); \
637 + u##bits res = le##bits##_to_cpu(p->member); \
638 + return res; \
639 + } \
640 +@@ -2377,7 +2382,7 @@ static inline void btrfs_set_##name(struct extent_buffer *eb, \
641 + }
642 +
643 + #define BTRFS_SETGET_STACK_FUNCS(name, type, member, bits) \
644 +-static inline u##bits btrfs_##name(type *s) \
645 ++static inline u##bits btrfs_##name(const type *s) \
646 + { \
647 + return le##bits##_to_cpu(s->member); \
648 + } \
649 +@@ -2678,7 +2683,7 @@ static inline unsigned long btrfs_node_key_ptr_offset(int nr)
650 + sizeof(struct btrfs_key_ptr) * nr;
651 + }
652 +
653 +-void btrfs_node_key(struct extent_buffer *eb,
654 ++void btrfs_node_key(const struct extent_buffer *eb,
655 + struct btrfs_disk_key *disk_key, int nr);
656 +
657 + static inline void btrfs_set_node_key(struct extent_buffer *eb,
658 +@@ -2707,28 +2712,28 @@ static inline struct btrfs_item *btrfs_item_nr(int nr)
659 + return (struct btrfs_item *)btrfs_item_nr_offset(nr);
660 + }
661 +
662 +-static inline u32 btrfs_item_end(struct extent_buffer *eb,
663 ++static inline u32 btrfs_item_end(const struct extent_buffer *eb,
664 + struct btrfs_item *item)
665 + {
666 + return btrfs_item_offset(eb, item) + btrfs_item_size(eb, item);
667 + }
668 +
669 +-static inline u32 btrfs_item_end_nr(struct extent_buffer *eb, int nr)
670 ++static inline u32 btrfs_item_end_nr(const struct extent_buffer *eb, int nr)
671 + {
672 + return btrfs_item_end(eb, btrfs_item_nr(nr));
673 + }
674 +
675 +-static inline u32 btrfs_item_offset_nr(struct extent_buffer *eb, int nr)
676 ++static inline u32 btrfs_item_offset_nr(const struct extent_buffer *eb, int nr)
677 + {
678 + return btrfs_item_offset(eb, btrfs_item_nr(nr));
679 + }
680 +
681 +-static inline u32 btrfs_item_size_nr(struct extent_buffer *eb, int nr)
682 ++static inline u32 btrfs_item_size_nr(const struct extent_buffer *eb, int nr)
683 + {
684 + return btrfs_item_size(eb, btrfs_item_nr(nr));
685 + }
686 +
687 +-static inline void btrfs_item_key(struct extent_buffer *eb,
688 ++static inline void btrfs_item_key(const struct extent_buffer *eb,
689 + struct btrfs_disk_key *disk_key, int nr)
690 + {
691 + struct btrfs_item *item = btrfs_item_nr(nr);
692 +@@ -2764,8 +2769,8 @@ BTRFS_SETGET_STACK_FUNCS(stack_dir_name_len, struct btrfs_dir_item,
693 + BTRFS_SETGET_STACK_FUNCS(stack_dir_transid, struct btrfs_dir_item,
694 + transid, 64);
695 +
696 +-static inline void btrfs_dir_item_key(struct extent_buffer *eb,
697 +- struct btrfs_dir_item *item,
698 ++static inline void btrfs_dir_item_key(const struct extent_buffer *eb,
699 ++ const struct btrfs_dir_item *item,
700 + struct btrfs_disk_key *key)
701 + {
702 + read_eb_member(eb, item, struct btrfs_dir_item, location, key);
703 +@@ -2773,7 +2778,7 @@ static inline void btrfs_dir_item_key(struct extent_buffer *eb,
704 +
705 + static inline void btrfs_set_dir_item_key(struct extent_buffer *eb,
706 + struct btrfs_dir_item *item,
707 +- struct btrfs_disk_key *key)
708 ++ const struct btrfs_disk_key *key)
709 + {
710 + write_eb_member(eb, item, struct btrfs_dir_item, location, key);
711 + }
712 +@@ -2785,8 +2790,8 @@ BTRFS_SETGET_FUNCS(free_space_bitmaps, struct btrfs_free_space_header,
713 + BTRFS_SETGET_FUNCS(free_space_generation, struct btrfs_free_space_header,
714 + generation, 64);
715 +
716 +-static inline void btrfs_free_space_key(struct extent_buffer *eb,
717 +- struct btrfs_free_space_header *h,
718 ++static inline void btrfs_free_space_key(const struct extent_buffer *eb,
719 ++ const struct btrfs_free_space_header *h,
720 + struct btrfs_disk_key *key)
721 + {
722 + read_eb_member(eb, h, struct btrfs_free_space_header, location, key);
723 +@@ -2794,7 +2799,7 @@ static inline void btrfs_free_space_key(struct extent_buffer *eb,
724 +
725 + static inline void btrfs_set_free_space_key(struct extent_buffer *eb,
726 + struct btrfs_free_space_header *h,
727 +- struct btrfs_disk_key *key)
728 ++ const struct btrfs_disk_key *key)
729 + {
730 + write_eb_member(eb, h, struct btrfs_free_space_header, location, key);
731 + }
732 +@@ -2821,25 +2826,25 @@ static inline void btrfs_cpu_key_to_disk(struct btrfs_disk_key *disk,
733 + disk->objectid = cpu_to_le64(cpu->objectid);
734 + }
735 +
736 +-static inline void btrfs_node_key_to_cpu(struct extent_buffer *eb,
737 +- struct btrfs_key *key, int nr)
738 ++static inline void btrfs_node_key_to_cpu(const struct extent_buffer *eb,
739 ++ struct btrfs_key *key, int nr)
740 + {
741 + struct btrfs_disk_key disk_key;
742 + btrfs_node_key(eb, &disk_key, nr);
743 + btrfs_disk_key_to_cpu(key, &disk_key);
744 + }
745 +
746 +-static inline void btrfs_item_key_to_cpu(struct extent_buffer *eb,
747 +- struct btrfs_key *key, int nr)
748 ++static inline void btrfs_item_key_to_cpu(const struct extent_buffer *eb,
749 ++ struct btrfs_key *key, int nr)
750 + {
751 + struct btrfs_disk_key disk_key;
752 + btrfs_item_key(eb, &disk_key, nr);
753 + btrfs_disk_key_to_cpu(key, &disk_key);
754 + }
755 +
756 +-static inline void btrfs_dir_item_key_to_cpu(struct extent_buffer *eb,
757 +- struct btrfs_dir_item *item,
758 +- struct btrfs_key *key)
759 ++static inline void btrfs_dir_item_key_to_cpu(const struct extent_buffer *eb,
760 ++ const struct btrfs_dir_item *item,
761 ++ struct btrfs_key *key)
762 + {
763 + struct btrfs_disk_key disk_key;
764 + btrfs_dir_item_key(eb, item, &disk_key);
765 +@@ -2872,7 +2877,7 @@ BTRFS_SETGET_STACK_FUNCS(stack_header_nritems, struct btrfs_header,
766 + nritems, 32);
767 + BTRFS_SETGET_STACK_FUNCS(stack_header_bytenr, struct btrfs_header, bytenr, 64);
768 +
769 +-static inline int btrfs_header_flag(struct extent_buffer *eb, u64 flag)
770 ++static inline int btrfs_header_flag(const struct extent_buffer *eb, u64 flag)
771 + {
772 + return (btrfs_header_flags(eb) & flag) == flag;
773 + }
774 +@@ -2891,7 +2896,7 @@ static inline int btrfs_clear_header_flag(struct extent_buffer *eb, u64 flag)
775 + return (flags & flag) == flag;
776 + }
777 +
778 +-static inline int btrfs_header_backref_rev(struct extent_buffer *eb)
779 ++static inline int btrfs_header_backref_rev(const struct extent_buffer *eb)
780 + {
781 + u64 flags = btrfs_header_flags(eb);
782 + return flags >> BTRFS_BACKREF_REV_SHIFT;
783 +@@ -2911,12 +2916,12 @@ static inline unsigned long btrfs_header_fsid(void)
784 + return offsetof(struct btrfs_header, fsid);
785 + }
786 +
787 +-static inline unsigned long btrfs_header_chunk_tree_uuid(struct extent_buffer *eb)
788 ++static inline unsigned long btrfs_header_chunk_tree_uuid(const struct extent_buffer *eb)
789 + {
790 + return offsetof(struct btrfs_header, chunk_tree_uuid);
791 + }
792 +
793 +-static inline int btrfs_is_leaf(struct extent_buffer *eb)
794 ++static inline int btrfs_is_leaf(const struct extent_buffer *eb)
795 + {
796 + return btrfs_header_level(eb) == 0;
797 + }
798 +@@ -2950,12 +2955,12 @@ BTRFS_SETGET_STACK_FUNCS(root_stransid, struct btrfs_root_item,
799 + BTRFS_SETGET_STACK_FUNCS(root_rtransid, struct btrfs_root_item,
800 + rtransid, 64);
801 +
802 +-static inline bool btrfs_root_readonly(struct btrfs_root *root)
803 ++static inline bool btrfs_root_readonly(const struct btrfs_root *root)
804 + {
805 + return (root->root_item.flags & cpu_to_le64(BTRFS_ROOT_SUBVOL_RDONLY)) != 0;
806 + }
807 +
808 +-static inline bool btrfs_root_dead(struct btrfs_root *root)
809 ++static inline bool btrfs_root_dead(const struct btrfs_root *root)
810 + {
811 + return (root->root_item.flags & cpu_to_le64(BTRFS_ROOT_SUBVOL_DEAD)) != 0;
812 + }
813 +@@ -3012,51 +3017,51 @@ BTRFS_SETGET_STACK_FUNCS(backup_num_devices, struct btrfs_root_backup,
814 + /* struct btrfs_balance_item */
815 + BTRFS_SETGET_FUNCS(balance_flags, struct btrfs_balance_item, flags, 64);
816 +
817 +-static inline void btrfs_balance_data(struct extent_buffer *eb,
818 +- struct btrfs_balance_item *bi,
819 ++static inline void btrfs_balance_data(const struct extent_buffer *eb,
820 ++ const struct btrfs_balance_item *bi,
821 + struct btrfs_disk_balance_args *ba)
822 + {
823 + read_eb_member(eb, bi, struct btrfs_balance_item, data, ba);
824 + }
825 +
826 + static inline void btrfs_set_balance_data(struct extent_buffer *eb,
827 +- struct btrfs_balance_item *bi,
828 +- struct btrfs_disk_balance_args *ba)
829 ++ struct btrfs_balance_item *bi,
830 ++ const struct btrfs_disk_balance_args *ba)
831 + {
832 + write_eb_member(eb, bi, struct btrfs_balance_item, data, ba);
833 + }
834 +
835 +-static inline void btrfs_balance_meta(struct extent_buffer *eb,
836 +- struct btrfs_balance_item *bi,
837 ++static inline void btrfs_balance_meta(const struct extent_buffer *eb,
838 ++ const struct btrfs_balance_item *bi,
839 + struct btrfs_disk_balance_args *ba)
840 + {
841 + read_eb_member(eb, bi, struct btrfs_balance_item, meta, ba);
842 + }
843 +
844 + static inline void btrfs_set_balance_meta(struct extent_buffer *eb,
845 +- struct btrfs_balance_item *bi,
846 +- struct btrfs_disk_balance_args *ba)
847 ++ struct btrfs_balance_item *bi,
848 ++ const struct btrfs_disk_balance_args *ba)
849 + {
850 + write_eb_member(eb, bi, struct btrfs_balance_item, meta, ba);
851 + }
852 +
853 +-static inline void btrfs_balance_sys(struct extent_buffer *eb,
854 +- struct btrfs_balance_item *bi,
855 ++static inline void btrfs_balance_sys(const struct extent_buffer *eb,
856 ++ const struct btrfs_balance_item *bi,
857 + struct btrfs_disk_balance_args *ba)
858 + {
859 + read_eb_member(eb, bi, struct btrfs_balance_item, sys, ba);
860 + }
861 +
862 + static inline void btrfs_set_balance_sys(struct extent_buffer *eb,
863 +- struct btrfs_balance_item *bi,
864 +- struct btrfs_disk_balance_args *ba)
865 ++ struct btrfs_balance_item *bi,
866 ++ const struct btrfs_disk_balance_args *ba)
867 + {
868 + write_eb_member(eb, bi, struct btrfs_balance_item, sys, ba);
869 + }
870 +
871 + static inline void
872 + btrfs_disk_balance_args_to_cpu(struct btrfs_balance_args *cpu,
873 +- struct btrfs_disk_balance_args *disk)
874 ++ const struct btrfs_disk_balance_args *disk)
875 + {
876 + memset(cpu, 0, sizeof(*cpu));
877 +
878 +@@ -3076,7 +3081,7 @@ btrfs_disk_balance_args_to_cpu(struct btrfs_balance_args *cpu,
879 +
880 + static inline void
881 + btrfs_cpu_balance_args_to_disk(struct btrfs_disk_balance_args *disk,
882 +- struct btrfs_balance_args *cpu)
883 ++ const struct btrfs_balance_args *cpu)
884 + {
885 + memset(disk, 0, sizeof(*disk));
886 +
887 +@@ -3144,7 +3149,7 @@ BTRFS_SETGET_STACK_FUNCS(super_magic, struct btrfs_super_block, magic, 64);
888 + BTRFS_SETGET_STACK_FUNCS(super_uuid_tree_generation, struct btrfs_super_block,
889 + uuid_tree_generation, 64);
890 +
891 +-static inline int btrfs_super_csum_size(struct btrfs_super_block *s)
892 ++static inline int btrfs_super_csum_size(const struct btrfs_super_block *s)
893 + {
894 + u16 t = btrfs_super_csum_type(s);
895 + /*
896 +@@ -3158,6 +3163,21 @@ static inline unsigned long btrfs_leaf_data(struct extent_buffer *l)
897 + return offsetof(struct btrfs_leaf, items);
898 + }
899 +
900 ++/*
901 ++ * The leaf data grows from end-to-front in the node.
902 ++ * this returns the address of the start of the last item,
903 ++ * which is the stop of the leaf data stack
904 ++ */
905 ++static inline unsigned int leaf_data_end(const struct btrfs_root *root,
906 ++ const struct extent_buffer *leaf)
907 ++{
908 ++ u32 nr = btrfs_header_nritems(leaf);
909 ++
910 ++ if (nr == 0)
911 ++ return BTRFS_LEAF_DATA_SIZE(root);
912 ++ return btrfs_item_offset_nr(leaf, nr - 1);
913 ++}
914 ++
915 + /* struct btrfs_file_extent_item */
916 + BTRFS_SETGET_FUNCS(file_extent_type, struct btrfs_file_extent_item, type, 8);
917 + BTRFS_SETGET_STACK_FUNCS(stack_file_extent_disk_bytenr,
918 +@@ -3174,7 +3194,7 @@ BTRFS_SETGET_STACK_FUNCS(stack_file_extent_compression,
919 + struct btrfs_file_extent_item, compression, 8);
920 +
921 + static inline unsigned long
922 +-btrfs_file_extent_inline_start(struct btrfs_file_extent_item *e)
923 ++btrfs_file_extent_inline_start(const struct btrfs_file_extent_item *e)
924 + {
925 + return (unsigned long)e + BTRFS_FILE_EXTENT_INLINE_DATA_START;
926 + }
927 +@@ -3208,8 +3228,9 @@ BTRFS_SETGET_FUNCS(file_extent_other_encoding, struct btrfs_file_extent_item,
928 + * size of any extent headers. If a file is compressed on disk, this is
929 + * the compressed size
930 + */
931 +-static inline u32 btrfs_file_extent_inline_item_len(struct extent_buffer *eb,
932 +- struct btrfs_item *e)
933 ++static inline u32 btrfs_file_extent_inline_item_len(
934 ++ const struct extent_buffer *eb,
935 ++ struct btrfs_item *e)
936 + {
937 + return btrfs_item_size(eb, e) - BTRFS_FILE_EXTENT_INLINE_DATA_START;
938 + }
939 +@@ -3217,9 +3238,9 @@ static inline u32 btrfs_file_extent_inline_item_len(struct extent_buffer *eb,
940 + /* this returns the number of file bytes represented by the inline item.
941 + * If an item is compressed, this is the uncompressed size
942 + */
943 +-static inline u32 btrfs_file_extent_inline_len(struct extent_buffer *eb,
944 +- int slot,
945 +- struct btrfs_file_extent_item *fi)
946 ++static inline u32 btrfs_file_extent_inline_len(const struct extent_buffer *eb,
947 ++ int slot,
948 ++ const struct btrfs_file_extent_item *fi)
949 + {
950 + struct btrfs_map_token token;
951 +
952 +@@ -3241,8 +3262,8 @@ static inline u32 btrfs_file_extent_inline_len(struct extent_buffer *eb,
953 +
954 +
955 + /* btrfs_dev_stats_item */
956 +-static inline u64 btrfs_dev_stats_value(struct extent_buffer *eb,
957 +- struct btrfs_dev_stats_item *ptr,
958 ++static inline u64 btrfs_dev_stats_value(const struct extent_buffer *eb,
959 ++ const struct btrfs_dev_stats_item *ptr,
960 + int index)
961 + {
962 + u64 val;
963 +diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c
964 +index 176a27bc63aa..81e5bc62e8e3 100644
965 +--- a/fs/btrfs/dev-replace.c
966 ++++ b/fs/btrfs/dev-replace.c
967 +@@ -620,7 +620,7 @@ static void btrfs_dev_replace_update_device_in_mapping_tree(
968 + em = lookup_extent_mapping(em_tree, start, (u64)-1);
969 + if (!em)
970 + break;
971 +- map = (struct map_lookup *)em->bdev;
972 ++ map = em->map_lookup;
973 + for (i = 0; i < map->num_stripes; i++)
974 + if (srcdev == map->stripes[i].dev)
975 + map->stripes[i].dev = tgtdev;
976 +diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
977 +index 1f21c6c33228..f80a0af68736 100644
978 +--- a/fs/btrfs/disk-io.c
979 ++++ b/fs/btrfs/disk-io.c
980 +@@ -49,6 +49,7 @@
981 + #include "raid56.h"
982 + #include "sysfs.h"
983 + #include "qgroup.h"
984 ++#include "tree-checker.h"
985 +
986 + #ifdef CONFIG_X86
987 + #include <asm/cpufeature.h>
988 +@@ -522,72 +523,6 @@ static int check_tree_block_fsid(struct btrfs_fs_info *fs_info,
989 + return ret;
990 + }
991 +
992 +-#define CORRUPT(reason, eb, root, slot) \
993 +- btrfs_crit(root->fs_info, "corrupt leaf, %s: block=%llu," \
994 +- "root=%llu, slot=%d", reason, \
995 +- btrfs_header_bytenr(eb), root->objectid, slot)
996 +-
997 +-static noinline int check_leaf(struct btrfs_root *root,
998 +- struct extent_buffer *leaf)
999 +-{
1000 +- struct btrfs_key key;
1001 +- struct btrfs_key leaf_key;
1002 +- u32 nritems = btrfs_header_nritems(leaf);
1003 +- int slot;
1004 +-
1005 +- if (nritems == 0)
1006 +- return 0;
1007 +-
1008 +- /* Check the 0 item */
1009 +- if (btrfs_item_offset_nr(leaf, 0) + btrfs_item_size_nr(leaf, 0) !=
1010 +- BTRFS_LEAF_DATA_SIZE(root)) {
1011 +- CORRUPT("invalid item offset size pair", leaf, root, 0);
1012 +- return -EIO;
1013 +- }
1014 +-
1015 +- /*
1016 +- * Check to make sure each items keys are in the correct order and their
1017 +- * offsets make sense. We only have to loop through nritems-1 because
1018 +- * we check the current slot against the next slot, which verifies the
1019 +- * next slot's offset+size makes sense and that the current's slot
1020 +- * offset is correct.
1021 +- */
1022 +- for (slot = 0; slot < nritems - 1; slot++) {
1023 +- btrfs_item_key_to_cpu(leaf, &leaf_key, slot);
1024 +- btrfs_item_key_to_cpu(leaf, &key, slot + 1);
1025 +-
1026 +- /* Make sure the keys are in the right order */
1027 +- if (btrfs_comp_cpu_keys(&leaf_key, &key) >= 0) {
1028 +- CORRUPT("bad key order", leaf, root, slot);
1029 +- return -EIO;
1030 +- }
1031 +-
1032 +- /*
1033 +- * Make sure the offset and ends are right, remember that the
1034 +- * item data starts at the end of the leaf and grows towards the
1035 +- * front.
1036 +- */
1037 +- if (btrfs_item_offset_nr(leaf, slot) !=
1038 +- btrfs_item_end_nr(leaf, slot + 1)) {
1039 +- CORRUPT("slot offset bad", leaf, root, slot);
1040 +- return -EIO;
1041 +- }
1042 +-
1043 +- /*
1044 +- * Check to make sure that we don't point outside of the leaf,
1045 +- * just incase all the items are consistent to eachother, but
1046 +- * all point outside of the leaf.
1047 +- */
1048 +- if (btrfs_item_end_nr(leaf, slot) >
1049 +- BTRFS_LEAF_DATA_SIZE(root)) {
1050 +- CORRUPT("slot end outside of leaf", leaf, root, slot);
1051 +- return -EIO;
1052 +- }
1053 +- }
1054 +-
1055 +- return 0;
1056 +-}
1057 +-
1058 + static int btree_readpage_end_io_hook(struct btrfs_io_bio *io_bio,
1059 + u64 phy_offset, struct page *page,
1060 + u64 start, u64 end, int mirror)
1061 +@@ -654,11 +589,14 @@ static int btree_readpage_end_io_hook(struct btrfs_io_bio *io_bio,
1062 + * that we don't try and read the other copies of this block, just
1063 + * return -EIO.
1064 + */
1065 +- if (found_level == 0 && check_leaf(root, eb)) {
1066 ++ if (found_level == 0 && btrfs_check_leaf_full(root, eb)) {
1067 + set_bit(EXTENT_BUFFER_CORRUPT, &eb->bflags);
1068 + ret = -EIO;
1069 + }
1070 +
1071 ++ if (found_level > 0 && btrfs_check_node(root, eb))
1072 ++ ret = -EIO;
1073 ++
1074 + if (!ret)
1075 + set_extent_buffer_uptodate(eb);
1076 + err:
1077 +@@ -3958,7 +3896,13 @@ void btrfs_mark_buffer_dirty(struct extent_buffer *buf)
1078 + buf->len,
1079 + root->fs_info->dirty_metadata_batch);
1080 + #ifdef CONFIG_BTRFS_FS_CHECK_INTEGRITY
1081 +- if (btrfs_header_level(buf) == 0 && check_leaf(root, buf)) {
1082 ++ /*
1083 ++ * Since btrfs_mark_buffer_dirty() can be called with item pointer set
1084 ++ * but item data not updated.
1085 ++ * So here we should only check item pointers, not item data.
1086 ++ */
1087 ++ if (btrfs_header_level(buf) == 0 &&
1088 ++ btrfs_check_leaf_relaxed(root, buf)) {
1089 + btrfs_print_leaf(root, buf);
1090 + ASSERT(0);
1091 + }
1092 +diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
1093 +index 13ff0fdae03e..978bbfed5a2c 100644
1094 +--- a/fs/btrfs/extent-tree.c
1095 ++++ b/fs/btrfs/extent-tree.c
1096 +@@ -2342,7 +2342,13 @@ static int run_delayed_tree_ref(struct btrfs_trans_handle *trans,
1097 + ins.type = BTRFS_EXTENT_ITEM_KEY;
1098 + }
1099 +
1100 +- BUG_ON(node->ref_mod != 1);
1101 ++ if (node->ref_mod != 1) {
1102 ++ btrfs_err(root->fs_info,
1103 ++ "btree block(%llu) has %d references rather than 1: action %d ref_root %llu parent %llu",
1104 ++ node->bytenr, node->ref_mod, node->action, ref_root,
1105 ++ parent);
1106 ++ return -EIO;
1107 ++ }
1108 + if (node->action == BTRFS_ADD_DELAYED_REF && insert_reserved) {
1109 + BUG_ON(!extent_op || !extent_op->update_flags);
1110 + ret = alloc_reserved_tree_block(trans, root,
1111 +@@ -9481,6 +9487,8 @@ static int find_first_block_group(struct btrfs_root *root,
1112 + int ret = 0;
1113 + struct btrfs_key found_key;
1114 + struct extent_buffer *leaf;
1115 ++ struct btrfs_block_group_item bg;
1116 ++ u64 flags;
1117 + int slot;
1118 +
1119 + ret = btrfs_search_slot(NULL, root, key, path, 0, 0);
1120 +@@ -9502,7 +9510,47 @@ static int find_first_block_group(struct btrfs_root *root,
1121 +
1122 + if (found_key.objectid >= key->objectid &&
1123 + found_key.type == BTRFS_BLOCK_GROUP_ITEM_KEY) {
1124 +- ret = 0;
1125 ++ struct extent_map_tree *em_tree;
1126 ++ struct extent_map *em;
1127 ++
1128 ++ em_tree = &root->fs_info->mapping_tree.map_tree;
1129 ++ read_lock(&em_tree->lock);
1130 ++ em = lookup_extent_mapping(em_tree, found_key.objectid,
1131 ++ found_key.offset);
1132 ++ read_unlock(&em_tree->lock);
1133 ++ if (!em) {
1134 ++ btrfs_err(root->fs_info,
1135 ++ "logical %llu len %llu found bg but no related chunk",
1136 ++ found_key.objectid, found_key.offset);
1137 ++ ret = -ENOENT;
1138 ++ } else if (em->start != found_key.objectid ||
1139 ++ em->len != found_key.offset) {
1140 ++ btrfs_err(root->fs_info,
1141 ++ "block group %llu len %llu mismatch with chunk %llu len %llu",
1142 ++ found_key.objectid, found_key.offset,
1143 ++ em->start, em->len);
1144 ++ ret = -EUCLEAN;
1145 ++ } else {
1146 ++ read_extent_buffer(leaf, &bg,
1147 ++ btrfs_item_ptr_offset(leaf, slot),
1148 ++ sizeof(bg));
1149 ++ flags = btrfs_block_group_flags(&bg) &
1150 ++ BTRFS_BLOCK_GROUP_TYPE_MASK;
1151 ++
1152 ++ if (flags != (em->map_lookup->type &
1153 ++ BTRFS_BLOCK_GROUP_TYPE_MASK)) {
1154 ++ btrfs_err(root->fs_info,
1155 ++"block group %llu len %llu type flags 0x%llx mismatch with chunk type flags 0x%llx",
1156 ++ found_key.objectid,
1157 ++ found_key.offset, flags,
1158 ++ (BTRFS_BLOCK_GROUP_TYPE_MASK &
1159 ++ em->map_lookup->type));
1160 ++ ret = -EUCLEAN;
1161 ++ } else {
1162 ++ ret = 0;
1163 ++ }
1164 ++ }
1165 ++ free_extent_map(em);
1166 + goto out;
1167 + }
1168 + path->slots[0]++;
1169 +@@ -9717,6 +9765,62 @@ btrfs_create_block_group_cache(struct btrfs_root *root, u64 start, u64 size)
1170 + return cache;
1171 + }
1172 +
1173 ++
1174 ++/*
1175 ++ * Iterate all chunks and verify that each of them has the corresponding block
1176 ++ * group
1177 ++ */
1178 ++static int check_chunk_block_group_mappings(struct btrfs_fs_info *fs_info)
1179 ++{
1180 ++ struct btrfs_mapping_tree *map_tree = &fs_info->mapping_tree;
1181 ++ struct extent_map *em;
1182 ++ struct btrfs_block_group_cache *bg;
1183 ++ u64 start = 0;
1184 ++ int ret = 0;
1185 ++
1186 ++ while (1) {
1187 ++ read_lock(&map_tree->map_tree.lock);
1188 ++ /*
1189 ++ * lookup_extent_mapping will return the first extent map
1190 ++ * intersecting the range, so setting @len to 1 is enough to
1191 ++ * get the first chunk.
1192 ++ */
1193 ++ em = lookup_extent_mapping(&map_tree->map_tree, start, 1);
1194 ++ read_unlock(&map_tree->map_tree.lock);
1195 ++ if (!em)
1196 ++ break;
1197 ++
1198 ++ bg = btrfs_lookup_block_group(fs_info, em->start);
1199 ++ if (!bg) {
1200 ++ btrfs_err(fs_info,
1201 ++ "chunk start=%llu len=%llu doesn't have corresponding block group",
1202 ++ em->start, em->len);
1203 ++ ret = -EUCLEAN;
1204 ++ free_extent_map(em);
1205 ++ break;
1206 ++ }
1207 ++ if (bg->key.objectid != em->start ||
1208 ++ bg->key.offset != em->len ||
1209 ++ (bg->flags & BTRFS_BLOCK_GROUP_TYPE_MASK) !=
1210 ++ (em->map_lookup->type & BTRFS_BLOCK_GROUP_TYPE_MASK)) {
1211 ++ btrfs_err(fs_info,
1212 ++"chunk start=%llu len=%llu flags=0x%llx doesn't match block group start=%llu len=%llu flags=0x%llx",
1213 ++ em->start, em->len,
1214 ++ em->map_lookup->type & BTRFS_BLOCK_GROUP_TYPE_MASK,
1215 ++ bg->key.objectid, bg->key.offset,
1216 ++ bg->flags & BTRFS_BLOCK_GROUP_TYPE_MASK);
1217 ++ ret = -EUCLEAN;
1218 ++ free_extent_map(em);
1219 ++ btrfs_put_block_group(bg);
1220 ++ break;
1221 ++ }
1222 ++ start = em->start + em->len;
1223 ++ free_extent_map(em);
1224 ++ btrfs_put_block_group(bg);
1225 ++ }
1226 ++ return ret;
1227 ++}
1228 ++
1229 + int btrfs_read_block_groups(struct btrfs_root *root)
1230 + {
1231 + struct btrfs_path *path;
1232 +@@ -9903,7 +10007,7 @@ int btrfs_read_block_groups(struct btrfs_root *root)
1233 + }
1234 +
1235 + init_global_block_rsv(info);
1236 +- ret = 0;
1237 ++ ret = check_chunk_block_group_mappings(info);
1238 + error:
1239 + btrfs_free_path(path);
1240 + return ret;
1241 +@@ -10388,7 +10492,7 @@ btrfs_start_trans_remove_block_group(struct btrfs_fs_info *fs_info,
1242 + * more device items and remove one chunk item), but this is done at
1243 + * btrfs_remove_chunk() through a call to check_system_chunk().
1244 + */
1245 +- map = (struct map_lookup *)em->bdev;
1246 ++ map = em->map_lookup;
1247 + num_items = 3 + map->num_stripes;
1248 + free_extent_map(em);
1249 +
1250 +diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
1251 +index 88bee6703cc0..42e7f6a8f91d 100644
1252 +--- a/fs/btrfs/extent_io.c
1253 ++++ b/fs/btrfs/extent_io.c
1254 +@@ -3847,8 +3847,10 @@ static noinline_for_stack int write_one_eb(struct extent_buffer *eb,
1255 + struct block_device *bdev = fs_info->fs_devices->latest_bdev;
1256 + struct extent_io_tree *tree = &BTRFS_I(fs_info->btree_inode)->io_tree;
1257 + u64 offset = eb->start;
1258 ++ u32 nritems;
1259 + unsigned long i, num_pages;
1260 + unsigned long bio_flags = 0;
1261 ++ unsigned long start, end;
1262 + int rw = (epd->sync_io ? WRITE_SYNC : WRITE) | REQ_META;
1263 + int ret = 0;
1264 +
1265 +@@ -3858,6 +3860,23 @@ static noinline_for_stack int write_one_eb(struct extent_buffer *eb,
1266 + if (btrfs_header_owner(eb) == BTRFS_TREE_LOG_OBJECTID)
1267 + bio_flags = EXTENT_BIO_TREE_LOG;
1268 +
1269 ++ /* set btree blocks beyond nritems with 0 to avoid stale content. */
1270 ++ nritems = btrfs_header_nritems(eb);
1271 ++ if (btrfs_header_level(eb) > 0) {
1272 ++ end = btrfs_node_key_ptr_offset(nritems);
1273 ++
1274 ++ memset_extent_buffer(eb, 0, end, eb->len - end);
1275 ++ } else {
1276 ++ /*
1277 ++ * leaf:
1278 ++ * header 0 1 2 .. N ... data_N .. data_2 data_1 data_0
1279 ++ */
1280 ++ start = btrfs_item_nr_offset(nritems);
1281 ++ end = btrfs_leaf_data(eb) +
1282 ++ leaf_data_end(fs_info->tree_root, eb);
1283 ++ memset_extent_buffer(eb, 0, start, end - start);
1284 ++ }
1285 ++
1286 + for (i = 0; i < num_pages; i++) {
1287 + struct page *p = eb->pages[i];
1288 +
1289 +@@ -5362,9 +5381,8 @@ unlock_exit:
1290 + return ret;
1291 + }
1292 +
1293 +-void read_extent_buffer(struct extent_buffer *eb, void *dstv,
1294 +- unsigned long start,
1295 +- unsigned long len)
1296 ++void read_extent_buffer(const struct extent_buffer *eb, void *dstv,
1297 ++ unsigned long start, unsigned long len)
1298 + {
1299 + size_t cur;
1300 + size_t offset;
1301 +@@ -5393,9 +5411,9 @@ void read_extent_buffer(struct extent_buffer *eb, void *dstv,
1302 + }
1303 + }
1304 +
1305 +-int read_extent_buffer_to_user(struct extent_buffer *eb, void __user *dstv,
1306 +- unsigned long start,
1307 +- unsigned long len)
1308 ++int read_extent_buffer_to_user(const struct extent_buffer *eb,
1309 ++ void __user *dstv,
1310 ++ unsigned long start, unsigned long len)
1311 + {
1312 + size_t cur;
1313 + size_t offset;
1314 +@@ -5430,10 +5448,10 @@ int read_extent_buffer_to_user(struct extent_buffer *eb, void __user *dstv,
1315 + return ret;
1316 + }
1317 +
1318 +-int map_private_extent_buffer(struct extent_buffer *eb, unsigned long start,
1319 +- unsigned long min_len, char **map,
1320 +- unsigned long *map_start,
1321 +- unsigned long *map_len)
1322 ++int map_private_extent_buffer(const struct extent_buffer *eb,
1323 ++ unsigned long start, unsigned long min_len,
1324 ++ char **map, unsigned long *map_start,
1325 ++ unsigned long *map_len)
1326 + {
1327 + size_t offset = start & (PAGE_CACHE_SIZE - 1);
1328 + char *kaddr;
1329 +@@ -5468,9 +5486,8 @@ int map_private_extent_buffer(struct extent_buffer *eb, unsigned long start,
1330 + return 0;
1331 + }
1332 +
1333 +-int memcmp_extent_buffer(struct extent_buffer *eb, const void *ptrv,
1334 +- unsigned long start,
1335 +- unsigned long len)
1336 ++int memcmp_extent_buffer(const struct extent_buffer *eb, const void *ptrv,
1337 ++ unsigned long start, unsigned long len)
1338 + {
1339 + size_t cur;
1340 + size_t offset;
1341 +diff --git a/fs/btrfs/extent_io.h b/fs/btrfs/extent_io.h
1342 +index f4c1ae11855f..751435967724 100644
1343 +--- a/fs/btrfs/extent_io.h
1344 ++++ b/fs/btrfs/extent_io.h
1345 +@@ -308,14 +308,13 @@ static inline void extent_buffer_get(struct extent_buffer *eb)
1346 + atomic_inc(&eb->refs);
1347 + }
1348 +
1349 +-int memcmp_extent_buffer(struct extent_buffer *eb, const void *ptrv,
1350 +- unsigned long start,
1351 +- unsigned long len);
1352 +-void read_extent_buffer(struct extent_buffer *eb, void *dst,
1353 ++int memcmp_extent_buffer(const struct extent_buffer *eb, const void *ptrv,
1354 ++ unsigned long start, unsigned long len);
1355 ++void read_extent_buffer(const struct extent_buffer *eb, void *dst,
1356 + unsigned long start,
1357 + unsigned long len);
1358 +-int read_extent_buffer_to_user(struct extent_buffer *eb, void __user *dst,
1359 +- unsigned long start,
1360 ++int read_extent_buffer_to_user(const struct extent_buffer *eb,
1361 ++ void __user *dst, unsigned long start,
1362 + unsigned long len);
1363 + void write_extent_buffer(struct extent_buffer *eb, const void *src,
1364 + unsigned long start, unsigned long len);
1365 +@@ -334,10 +333,10 @@ int set_extent_buffer_uptodate(struct extent_buffer *eb);
1366 + int clear_extent_buffer_uptodate(struct extent_buffer *eb);
1367 + int extent_buffer_uptodate(struct extent_buffer *eb);
1368 + int extent_buffer_under_io(struct extent_buffer *eb);
1369 +-int map_private_extent_buffer(struct extent_buffer *eb, unsigned long offset,
1370 +- unsigned long min_len, char **map,
1371 +- unsigned long *map_start,
1372 +- unsigned long *map_len);
1373 ++int map_private_extent_buffer(const struct extent_buffer *eb,
1374 ++ unsigned long offset, unsigned long min_len,
1375 ++ char **map, unsigned long *map_start,
1376 ++ unsigned long *map_len);
1377 + int extent_range_clear_dirty_for_io(struct inode *inode, u64 start, u64 end);
1378 + int extent_range_redirty_for_io(struct inode *inode, u64 start, u64 end);
1379 + int extent_clear_unlock_delalloc(struct inode *inode, u64 start, u64 end,
1380 +diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c
1381 +index 6a98bddd8f33..84fb56d5c018 100644
1382 +--- a/fs/btrfs/extent_map.c
1383 ++++ b/fs/btrfs/extent_map.c
1384 +@@ -76,7 +76,7 @@ void free_extent_map(struct extent_map *em)
1385 + WARN_ON(extent_map_in_tree(em));
1386 + WARN_ON(!list_empty(&em->list));
1387 + if (test_bit(EXTENT_FLAG_FS_MAPPING, &em->flags))
1388 +- kfree(em->bdev);
1389 ++ kfree(em->map_lookup);
1390 + kmem_cache_free(extent_map_cache, em);
1391 + }
1392 + }
1393 +diff --git a/fs/btrfs/extent_map.h b/fs/btrfs/extent_map.h
1394 +index b2991fd8583e..eb8b8fae036b 100644
1395 +--- a/fs/btrfs/extent_map.h
1396 ++++ b/fs/btrfs/extent_map.h
1397 +@@ -32,7 +32,15 @@ struct extent_map {
1398 + u64 block_len;
1399 + u64 generation;
1400 + unsigned long flags;
1401 +- struct block_device *bdev;
1402 ++ union {
1403 ++ struct block_device *bdev;
1404 ++
1405 ++ /*
1406 ++ * used for chunk mappings
1407 ++ * flags & EXTENT_FLAG_FS_MAPPING must be set
1408 ++ */
1409 ++ struct map_lookup *map_lookup;
1410 ++ };
1411 + atomic_t refs;
1412 + unsigned int compress_type;
1413 + struct list_head list;
1414 +diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c
1415 +index 6dca9f937bf6..cc9ccc42f469 100644
1416 +--- a/fs/btrfs/scrub.c
1417 ++++ b/fs/btrfs/scrub.c
1418 +@@ -3460,7 +3460,7 @@ static noinline_for_stack int scrub_chunk(struct scrub_ctx *sctx,
1419 + return ret;
1420 + }
1421 +
1422 +- map = (struct map_lookup *)em->bdev;
1423 ++ map = em->map_lookup;
1424 + if (em->start != chunk_offset)
1425 + goto out;
1426 +
1427 +diff --git a/fs/btrfs/struct-funcs.c b/fs/btrfs/struct-funcs.c
1428 +index b976597b0721..63ffd213b0b7 100644
1429 +--- a/fs/btrfs/struct-funcs.c
1430 ++++ b/fs/btrfs/struct-funcs.c
1431 +@@ -50,8 +50,8 @@ static inline void put_unaligned_le8(u8 val, void *p)
1432 + */
1433 +
1434 + #define DEFINE_BTRFS_SETGET_BITS(bits) \
1435 +-u##bits btrfs_get_token_##bits(struct extent_buffer *eb, void *ptr, \
1436 +- unsigned long off, \
1437 ++u##bits btrfs_get_token_##bits(const struct extent_buffer *eb, \
1438 ++ const void *ptr, unsigned long off, \
1439 + struct btrfs_map_token *token) \
1440 + { \
1441 + unsigned long part_offset = (unsigned long)ptr; \
1442 +@@ -90,7 +90,8 @@ u##bits btrfs_get_token_##bits(struct extent_buffer *eb, void *ptr, \
1443 + return res; \
1444 + } \
1445 + void btrfs_set_token_##bits(struct extent_buffer *eb, \
1446 +- void *ptr, unsigned long off, u##bits val, \
1447 ++ const void *ptr, unsigned long off, \
1448 ++ u##bits val, \
1449 + struct btrfs_map_token *token) \
1450 + { \
1451 + unsigned long part_offset = (unsigned long)ptr; \
1452 +@@ -133,7 +134,7 @@ DEFINE_BTRFS_SETGET_BITS(16)
1453 + DEFINE_BTRFS_SETGET_BITS(32)
1454 + DEFINE_BTRFS_SETGET_BITS(64)
1455 +
1456 +-void btrfs_node_key(struct extent_buffer *eb,
1457 ++void btrfs_node_key(const struct extent_buffer *eb,
1458 + struct btrfs_disk_key *disk_key, int nr)
1459 + {
1460 + unsigned long ptr = btrfs_node_key_ptr_offset(nr);
1461 +diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
1462 +new file mode 100644
1463 +index 000000000000..5b98f3c76ce4
1464 +--- /dev/null
1465 ++++ b/fs/btrfs/tree-checker.c
1466 +@@ -0,0 +1,649 @@
1467 ++/*
1468 ++ * Copyright (C) Qu Wenruo 2017. All rights reserved.
1469 ++ *
1470 ++ * This program is free software; you can redistribute it and/or
1471 ++ * modify it under the terms of the GNU General Public
1472 ++ * License v2 as published by the Free Software Foundation.
1473 ++ *
1474 ++ * This program is distributed in the hope that it will be useful,
1475 ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
1476 ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
1477 ++ * General Public License for more details.
1478 ++ *
1479 ++ * You should have received a copy of the GNU General Public
1480 ++ * License along with this program.
1481 ++ */
1482 ++
1483 ++/*
1484 ++ * The module is used to catch unexpected/corrupted tree block data.
1485 ++ * Such behavior can be caused either by a fuzzed image or bugs.
1486 ++ *
1487 ++ * The objective is to do leaf/node validation checks when tree block is read
1488 ++ * from disk, and check *every* possible member, so other code won't
1489 ++ * need to checking them again.
1490 ++ *
1491 ++ * Due to the potential and unwanted damage, every checker needs to be
1492 ++ * carefully reviewed otherwise so it does not prevent mount of valid images.
1493 ++ */
1494 ++
1495 ++#include "ctree.h"
1496 ++#include "tree-checker.h"
1497 ++#include "disk-io.h"
1498 ++#include "compression.h"
1499 ++#include "hash.h"
1500 ++#include "volumes.h"
1501 ++
1502 ++#define CORRUPT(reason, eb, root, slot) \
1503 ++ btrfs_crit(root->fs_info, \
1504 ++ "corrupt %s, %s: block=%llu, root=%llu, slot=%d", \
1505 ++ btrfs_header_level(eb) == 0 ? "leaf" : "node", \
1506 ++ reason, btrfs_header_bytenr(eb), root->objectid, slot)
1507 ++
1508 ++/*
1509 ++ * Error message should follow the following format:
1510 ++ * corrupt <type>: <identifier>, <reason>[, <bad_value>]
1511 ++ *
1512 ++ * @type: leaf or node
1513 ++ * @identifier: the necessary info to locate the leaf/node.
1514 ++ * It's recommened to decode key.objecitd/offset if it's
1515 ++ * meaningful.
1516 ++ * @reason: describe the error
1517 ++ * @bad_value: optional, it's recommened to output bad value and its
1518 ++ * expected value (range).
1519 ++ *
1520 ++ * Since comma is used to separate the components, only space is allowed
1521 ++ * inside each component.
1522 ++ */
1523 ++
1524 ++/*
1525 ++ * Append generic "corrupt leaf/node root=%llu block=%llu slot=%d: " to @fmt.
1526 ++ * Allows callers to customize the output.
1527 ++ */
1528 ++__printf(4, 5)
1529 ++static void generic_err(const struct btrfs_root *root,
1530 ++ const struct extent_buffer *eb, int slot,
1531 ++ const char *fmt, ...)
1532 ++{
1533 ++ struct va_format vaf;
1534 ++ va_list args;
1535 ++
1536 ++ va_start(args, fmt);
1537 ++
1538 ++ vaf.fmt = fmt;
1539 ++ vaf.va = &args;
1540 ++
1541 ++ btrfs_crit(root->fs_info,
1542 ++ "corrupt %s: root=%llu block=%llu slot=%d, %pV",
1543 ++ btrfs_header_level(eb) == 0 ? "leaf" : "node",
1544 ++ root->objectid, btrfs_header_bytenr(eb), slot, &vaf);
1545 ++ va_end(args);
1546 ++}
1547 ++
1548 ++static int check_extent_data_item(struct btrfs_root *root,
1549 ++ struct extent_buffer *leaf,
1550 ++ struct btrfs_key *key, int slot)
1551 ++{
1552 ++ struct btrfs_file_extent_item *fi;
1553 ++ u32 sectorsize = root->sectorsize;
1554 ++ u32 item_size = btrfs_item_size_nr(leaf, slot);
1555 ++
1556 ++ if (!IS_ALIGNED(key->offset, sectorsize)) {
1557 ++ CORRUPT("unaligned key offset for file extent",
1558 ++ leaf, root, slot);
1559 ++ return -EUCLEAN;
1560 ++ }
1561 ++
1562 ++ fi = btrfs_item_ptr(leaf, slot, struct btrfs_file_extent_item);
1563 ++
1564 ++ if (btrfs_file_extent_type(leaf, fi) > BTRFS_FILE_EXTENT_TYPES) {
1565 ++ CORRUPT("invalid file extent type", leaf, root, slot);
1566 ++ return -EUCLEAN;
1567 ++ }
1568 ++
1569 ++ /*
1570 ++ * Support for new compression/encrption must introduce incompat flag,
1571 ++ * and must be caught in open_ctree().
1572 ++ */
1573 ++ if (btrfs_file_extent_compression(leaf, fi) > BTRFS_COMPRESS_TYPES) {
1574 ++ CORRUPT("invalid file extent compression", leaf, root, slot);
1575 ++ return -EUCLEAN;
1576 ++ }
1577 ++ if (btrfs_file_extent_encryption(leaf, fi)) {
1578 ++ CORRUPT("invalid file extent encryption", leaf, root, slot);
1579 ++ return -EUCLEAN;
1580 ++ }
1581 ++ if (btrfs_file_extent_type(leaf, fi) == BTRFS_FILE_EXTENT_INLINE) {
1582 ++ /* Inline extent must have 0 as key offset */
1583 ++ if (key->offset) {
1584 ++ CORRUPT("inline extent has non-zero key offset",
1585 ++ leaf, root, slot);
1586 ++ return -EUCLEAN;
1587 ++ }
1588 ++
1589 ++ /* Compressed inline extent has no on-disk size, skip it */
1590 ++ if (btrfs_file_extent_compression(leaf, fi) !=
1591 ++ BTRFS_COMPRESS_NONE)
1592 ++ return 0;
1593 ++
1594 ++ /* Uncompressed inline extent size must match item size */
1595 ++ if (item_size != BTRFS_FILE_EXTENT_INLINE_DATA_START +
1596 ++ btrfs_file_extent_ram_bytes(leaf, fi)) {
1597 ++ CORRUPT("plaintext inline extent has invalid size",
1598 ++ leaf, root, slot);
1599 ++ return -EUCLEAN;
1600 ++ }
1601 ++ return 0;
1602 ++ }
1603 ++
1604 ++ /* Regular or preallocated extent has fixed item size */
1605 ++ if (item_size != sizeof(*fi)) {
1606 ++ CORRUPT(
1607 ++ "regluar or preallocated extent data item size is invalid",
1608 ++ leaf, root, slot);
1609 ++ return -EUCLEAN;
1610 ++ }
1611 ++ if (!IS_ALIGNED(btrfs_file_extent_ram_bytes(leaf, fi), sectorsize) ||
1612 ++ !IS_ALIGNED(btrfs_file_extent_disk_bytenr(leaf, fi), sectorsize) ||
1613 ++ !IS_ALIGNED(btrfs_file_extent_disk_num_bytes(leaf, fi), sectorsize) ||
1614 ++ !IS_ALIGNED(btrfs_file_extent_offset(leaf, fi), sectorsize) ||
1615 ++ !IS_ALIGNED(btrfs_file_extent_num_bytes(leaf, fi), sectorsize)) {
1616 ++ CORRUPT(
1617 ++ "regular or preallocated extent data item has unaligned value",
1618 ++ leaf, root, slot);
1619 ++ return -EUCLEAN;
1620 ++ }
1621 ++
1622 ++ return 0;
1623 ++}
1624 ++
1625 ++static int check_csum_item(struct btrfs_root *root, struct extent_buffer *leaf,
1626 ++ struct btrfs_key *key, int slot)
1627 ++{
1628 ++ u32 sectorsize = root->sectorsize;
1629 ++ u32 csumsize = btrfs_super_csum_size(root->fs_info->super_copy);
1630 ++
1631 ++ if (key->objectid != BTRFS_EXTENT_CSUM_OBJECTID) {
1632 ++ CORRUPT("invalid objectid for csum item", leaf, root, slot);
1633 ++ return -EUCLEAN;
1634 ++ }
1635 ++ if (!IS_ALIGNED(key->offset, sectorsize)) {
1636 ++ CORRUPT("unaligned key offset for csum item", leaf, root, slot);
1637 ++ return -EUCLEAN;
1638 ++ }
1639 ++ if (!IS_ALIGNED(btrfs_item_size_nr(leaf, slot), csumsize)) {
1640 ++ CORRUPT("unaligned csum item size", leaf, root, slot);
1641 ++ return -EUCLEAN;
1642 ++ }
1643 ++ return 0;
1644 ++}
1645 ++
1646 ++/*
1647 ++ * Customized reported for dir_item, only important new info is key->objectid,
1648 ++ * which represents inode number
1649 ++ */
1650 ++__printf(4, 5)
1651 ++static void dir_item_err(const struct btrfs_root *root,
1652 ++ const struct extent_buffer *eb, int slot,
1653 ++ const char *fmt, ...)
1654 ++{
1655 ++ struct btrfs_key key;
1656 ++ struct va_format vaf;
1657 ++ va_list args;
1658 ++
1659 ++ btrfs_item_key_to_cpu(eb, &key, slot);
1660 ++ va_start(args, fmt);
1661 ++
1662 ++ vaf.fmt = fmt;
1663 ++ vaf.va = &args;
1664 ++
1665 ++ btrfs_crit(root->fs_info,
1666 ++ "corrupt %s: root=%llu block=%llu slot=%d ino=%llu, %pV",
1667 ++ btrfs_header_level(eb) == 0 ? "leaf" : "node", root->objectid,
1668 ++ btrfs_header_bytenr(eb), slot, key.objectid, &vaf);
1669 ++ va_end(args);
1670 ++}
1671 ++
1672 ++static int check_dir_item(struct btrfs_root *root,
1673 ++ struct extent_buffer *leaf,
1674 ++ struct btrfs_key *key, int slot)
1675 ++{
1676 ++ struct btrfs_dir_item *di;
1677 ++ u32 item_size = btrfs_item_size_nr(leaf, slot);
1678 ++ u32 cur = 0;
1679 ++
1680 ++ di = btrfs_item_ptr(leaf, slot, struct btrfs_dir_item);
1681 ++ while (cur < item_size) {
1682 ++ u32 name_len;
1683 ++ u32 data_len;
1684 ++ u32 max_name_len;
1685 ++ u32 total_size;
1686 ++ u32 name_hash;
1687 ++ u8 dir_type;
1688 ++
1689 ++ /* header itself should not cross item boundary */
1690 ++ if (cur + sizeof(*di) > item_size) {
1691 ++ dir_item_err(root, leaf, slot,
1692 ++ "dir item header crosses item boundary, have %zu boundary %u",
1693 ++ cur + sizeof(*di), item_size);
1694 ++ return -EUCLEAN;
1695 ++ }
1696 ++
1697 ++ /* dir type check */
1698 ++ dir_type = btrfs_dir_type(leaf, di);
1699 ++ if (dir_type >= BTRFS_FT_MAX) {
1700 ++ dir_item_err(root, leaf, slot,
1701 ++ "invalid dir item type, have %u expect [0, %u)",
1702 ++ dir_type, BTRFS_FT_MAX);
1703 ++ return -EUCLEAN;
1704 ++ }
1705 ++
1706 ++ if (key->type == BTRFS_XATTR_ITEM_KEY &&
1707 ++ dir_type != BTRFS_FT_XATTR) {
1708 ++ dir_item_err(root, leaf, slot,
1709 ++ "invalid dir item type for XATTR key, have %u expect %u",
1710 ++ dir_type, BTRFS_FT_XATTR);
1711 ++ return -EUCLEAN;
1712 ++ }
1713 ++ if (dir_type == BTRFS_FT_XATTR &&
1714 ++ key->type != BTRFS_XATTR_ITEM_KEY) {
1715 ++ dir_item_err(root, leaf, slot,
1716 ++ "xattr dir type found for non-XATTR key");
1717 ++ return -EUCLEAN;
1718 ++ }
1719 ++ if (dir_type == BTRFS_FT_XATTR)
1720 ++ max_name_len = XATTR_NAME_MAX;
1721 ++ else
1722 ++ max_name_len = BTRFS_NAME_LEN;
1723 ++
1724 ++ /* Name/data length check */
1725 ++ name_len = btrfs_dir_name_len(leaf, di);
1726 ++ data_len = btrfs_dir_data_len(leaf, di);
1727 ++ if (name_len > max_name_len) {
1728 ++ dir_item_err(root, leaf, slot,
1729 ++ "dir item name len too long, have %u max %u",
1730 ++ name_len, max_name_len);
1731 ++ return -EUCLEAN;
1732 ++ }
1733 ++ if (name_len + data_len > BTRFS_MAX_XATTR_SIZE(root)) {
1734 ++ dir_item_err(root, leaf, slot,
1735 ++ "dir item name and data len too long, have %u max %zu",
1736 ++ name_len + data_len,
1737 ++ BTRFS_MAX_XATTR_SIZE(root));
1738 ++ return -EUCLEAN;
1739 ++ }
1740 ++
1741 ++ if (data_len && dir_type != BTRFS_FT_XATTR) {
1742 ++ dir_item_err(root, leaf, slot,
1743 ++ "dir item with invalid data len, have %u expect 0",
1744 ++ data_len);
1745 ++ return -EUCLEAN;
1746 ++ }
1747 ++
1748 ++ total_size = sizeof(*di) + name_len + data_len;
1749 ++
1750 ++ /* header and name/data should not cross item boundary */
1751 ++ if (cur + total_size > item_size) {
1752 ++ dir_item_err(root, leaf, slot,
1753 ++ "dir item data crosses item boundary, have %u boundary %u",
1754 ++ cur + total_size, item_size);
1755 ++ return -EUCLEAN;
1756 ++ }
1757 ++
1758 ++ /*
1759 ++ * Special check for XATTR/DIR_ITEM, as key->offset is name
1760 ++ * hash, should match its name
1761 ++ */
1762 ++ if (key->type == BTRFS_DIR_ITEM_KEY ||
1763 ++ key->type == BTRFS_XATTR_ITEM_KEY) {
1764 ++ char namebuf[max(BTRFS_NAME_LEN, XATTR_NAME_MAX)];
1765 ++
1766 ++ read_extent_buffer(leaf, namebuf,
1767 ++ (unsigned long)(di + 1), name_len);
1768 ++ name_hash = btrfs_name_hash(namebuf, name_len);
1769 ++ if (key->offset != name_hash) {
1770 ++ dir_item_err(root, leaf, slot,
1771 ++ "name hash mismatch with key, have 0x%016x expect 0x%016llx",
1772 ++ name_hash, key->offset);
1773 ++ return -EUCLEAN;
1774 ++ }
1775 ++ }
1776 ++ cur += total_size;
1777 ++ di = (struct btrfs_dir_item *)((void *)di + total_size);
1778 ++ }
1779 ++ return 0;
1780 ++}
1781 ++
1782 ++__printf(4, 5)
1783 ++__cold
1784 ++static void block_group_err(const struct btrfs_fs_info *fs_info,
1785 ++ const struct extent_buffer *eb, int slot,
1786 ++ const char *fmt, ...)
1787 ++{
1788 ++ struct btrfs_key key;
1789 ++ struct va_format vaf;
1790 ++ va_list args;
1791 ++
1792 ++ btrfs_item_key_to_cpu(eb, &key, slot);
1793 ++ va_start(args, fmt);
1794 ++
1795 ++ vaf.fmt = fmt;
1796 ++ vaf.va = &args;
1797 ++
1798 ++ btrfs_crit(fs_info,
1799 ++ "corrupt %s: root=%llu block=%llu slot=%d bg_start=%llu bg_len=%llu, %pV",
1800 ++ btrfs_header_level(eb) == 0 ? "leaf" : "node",
1801 ++ btrfs_header_owner(eb), btrfs_header_bytenr(eb), slot,
1802 ++ key.objectid, key.offset, &vaf);
1803 ++ va_end(args);
1804 ++}
1805 ++
1806 ++static int check_block_group_item(struct btrfs_fs_info *fs_info,
1807 ++ struct extent_buffer *leaf,
1808 ++ struct btrfs_key *key, int slot)
1809 ++{
1810 ++ struct btrfs_block_group_item bgi;
1811 ++ u32 item_size = btrfs_item_size_nr(leaf, slot);
1812 ++ u64 flags;
1813 ++ u64 type;
1814 ++
1815 ++ /*
1816 ++ * Here we don't really care about alignment since extent allocator can
1817 ++ * handle it. We care more about the size, as if one block group is
1818 ++ * larger than maximum size, it's must be some obvious corruption.
1819 ++ */
1820 ++ if (key->offset > BTRFS_MAX_DATA_CHUNK_SIZE || key->offset == 0) {
1821 ++ block_group_err(fs_info, leaf, slot,
1822 ++ "invalid block group size, have %llu expect (0, %llu]",
1823 ++ key->offset, BTRFS_MAX_DATA_CHUNK_SIZE);
1824 ++ return -EUCLEAN;
1825 ++ }
1826 ++
1827 ++ if (item_size != sizeof(bgi)) {
1828 ++ block_group_err(fs_info, leaf, slot,
1829 ++ "invalid item size, have %u expect %zu",
1830 ++ item_size, sizeof(bgi));
1831 ++ return -EUCLEAN;
1832 ++ }
1833 ++
1834 ++ read_extent_buffer(leaf, &bgi, btrfs_item_ptr_offset(leaf, slot),
1835 ++ sizeof(bgi));
1836 ++ if (btrfs_block_group_chunk_objectid(&bgi) !=
1837 ++ BTRFS_FIRST_CHUNK_TREE_OBJECTID) {
1838 ++ block_group_err(fs_info, leaf, slot,
1839 ++ "invalid block group chunk objectid, have %llu expect %llu",
1840 ++ btrfs_block_group_chunk_objectid(&bgi),
1841 ++ BTRFS_FIRST_CHUNK_TREE_OBJECTID);
1842 ++ return -EUCLEAN;
1843 ++ }
1844 ++
1845 ++ if (btrfs_block_group_used(&bgi) > key->offset) {
1846 ++ block_group_err(fs_info, leaf, slot,
1847 ++ "invalid block group used, have %llu expect [0, %llu)",
1848 ++ btrfs_block_group_used(&bgi), key->offset);
1849 ++ return -EUCLEAN;
1850 ++ }
1851 ++
1852 ++ flags = btrfs_block_group_flags(&bgi);
1853 ++ if (hweight64(flags & BTRFS_BLOCK_GROUP_PROFILE_MASK) > 1) {
1854 ++ block_group_err(fs_info, leaf, slot,
1855 ++"invalid profile flags, have 0x%llx (%lu bits set) expect no more than 1 bit set",
1856 ++ flags & BTRFS_BLOCK_GROUP_PROFILE_MASK,
1857 ++ hweight64(flags & BTRFS_BLOCK_GROUP_PROFILE_MASK));
1858 ++ return -EUCLEAN;
1859 ++ }
1860 ++
1861 ++ type = flags & BTRFS_BLOCK_GROUP_TYPE_MASK;
1862 ++ if (type != BTRFS_BLOCK_GROUP_DATA &&
1863 ++ type != BTRFS_BLOCK_GROUP_METADATA &&
1864 ++ type != BTRFS_BLOCK_GROUP_SYSTEM &&
1865 ++ type != (BTRFS_BLOCK_GROUP_METADATA |
1866 ++ BTRFS_BLOCK_GROUP_DATA)) {
1867 ++ block_group_err(fs_info, leaf, slot,
1868 ++"invalid type, have 0x%llx (%lu bits set) expect either 0x%llx, 0x%llx, 0x%llx or 0x%llx",
1869 ++ type, hweight64(type),
1870 ++ BTRFS_BLOCK_GROUP_DATA, BTRFS_BLOCK_GROUP_METADATA,
1871 ++ BTRFS_BLOCK_GROUP_SYSTEM,
1872 ++ BTRFS_BLOCK_GROUP_METADATA | BTRFS_BLOCK_GROUP_DATA);
1873 ++ return -EUCLEAN;
1874 ++ }
1875 ++ return 0;
1876 ++}
1877 ++
1878 ++/*
1879 ++ * Common point to switch the item-specific validation.
1880 ++ */
1881 ++static int check_leaf_item(struct btrfs_root *root,
1882 ++ struct extent_buffer *leaf,
1883 ++ struct btrfs_key *key, int slot)
1884 ++{
1885 ++ int ret = 0;
1886 ++
1887 ++ switch (key->type) {
1888 ++ case BTRFS_EXTENT_DATA_KEY:
1889 ++ ret = check_extent_data_item(root, leaf, key, slot);
1890 ++ break;
1891 ++ case BTRFS_EXTENT_CSUM_KEY:
1892 ++ ret = check_csum_item(root, leaf, key, slot);
1893 ++ break;
1894 ++ case BTRFS_DIR_ITEM_KEY:
1895 ++ case BTRFS_DIR_INDEX_KEY:
1896 ++ case BTRFS_XATTR_ITEM_KEY:
1897 ++ ret = check_dir_item(root, leaf, key, slot);
1898 ++ break;
1899 ++ case BTRFS_BLOCK_GROUP_ITEM_KEY:
1900 ++ ret = check_block_group_item(root->fs_info, leaf, key, slot);
1901 ++ break;
1902 ++ }
1903 ++ return ret;
1904 ++}
1905 ++
1906 ++static int check_leaf(struct btrfs_root *root, struct extent_buffer *leaf,
1907 ++ bool check_item_data)
1908 ++{
1909 ++ struct btrfs_fs_info *fs_info = root->fs_info;
1910 ++ /* No valid key type is 0, so all key should be larger than this key */
1911 ++ struct btrfs_key prev_key = {0, 0, 0};
1912 ++ struct btrfs_key key;
1913 ++ u32 nritems = btrfs_header_nritems(leaf);
1914 ++ int slot;
1915 ++
1916 ++ if (btrfs_header_level(leaf) != 0) {
1917 ++ generic_err(root, leaf, 0,
1918 ++ "invalid level for leaf, have %d expect 0",
1919 ++ btrfs_header_level(leaf));
1920 ++ return -EUCLEAN;
1921 ++ }
1922 ++
1923 ++ /*
1924 ++ * Extent buffers from a relocation tree have a owner field that
1925 ++ * corresponds to the subvolume tree they are based on. So just from an
1926 ++ * extent buffer alone we can not find out what is the id of the
1927 ++ * corresponding subvolume tree, so we can not figure out if the extent
1928 ++ * buffer corresponds to the root of the relocation tree or not. So
1929 ++ * skip this check for relocation trees.
1930 ++ */
1931 ++ if (nritems == 0 && !btrfs_header_flag(leaf, BTRFS_HEADER_FLAG_RELOC)) {
1932 ++ u64 owner = btrfs_header_owner(leaf);
1933 ++ struct btrfs_root *check_root;
1934 ++
1935 ++ /* These trees must never be empty */
1936 ++ if (owner == BTRFS_ROOT_TREE_OBJECTID ||
1937 ++ owner == BTRFS_CHUNK_TREE_OBJECTID ||
1938 ++ owner == BTRFS_EXTENT_TREE_OBJECTID ||
1939 ++ owner == BTRFS_DEV_TREE_OBJECTID ||
1940 ++ owner == BTRFS_FS_TREE_OBJECTID ||
1941 ++ owner == BTRFS_DATA_RELOC_TREE_OBJECTID) {
1942 ++ generic_err(root, leaf, 0,
1943 ++ "invalid root, root %llu must never be empty",
1944 ++ owner);
1945 ++ return -EUCLEAN;
1946 ++ }
1947 ++ key.objectid = owner;
1948 ++ key.type = BTRFS_ROOT_ITEM_KEY;
1949 ++ key.offset = (u64)-1;
1950 ++
1951 ++ check_root = btrfs_get_fs_root(fs_info, &key, false);
1952 ++ /*
1953 ++ * The only reason we also check NULL here is that during
1954 ++ * open_ctree() some roots has not yet been set up.
1955 ++ */
1956 ++ if (!IS_ERR_OR_NULL(check_root)) {
1957 ++ struct extent_buffer *eb;
1958 ++
1959 ++ eb = btrfs_root_node(check_root);
1960 ++ /* if leaf is the root, then it's fine */
1961 ++ if (leaf != eb) {
1962 ++ CORRUPT("non-root leaf's nritems is 0",
1963 ++ leaf, check_root, 0);
1964 ++ free_extent_buffer(eb);
1965 ++ return -EUCLEAN;
1966 ++ }
1967 ++ free_extent_buffer(eb);
1968 ++ }
1969 ++ return 0;
1970 ++ }
1971 ++
1972 ++ if (nritems == 0)
1973 ++ return 0;
1974 ++
1975 ++ /*
1976 ++ * Check the following things to make sure this is a good leaf, and
1977 ++ * leaf users won't need to bother with similar sanity checks:
1978 ++ *
1979 ++ * 1) key ordering
1980 ++ * 2) item offset and size
1981 ++ * No overlap, no hole, all inside the leaf.
1982 ++ * 3) item content
1983 ++ * If possible, do comprehensive sanity check.
1984 ++ * NOTE: All checks must only rely on the item data itself.
1985 ++ */
1986 ++ for (slot = 0; slot < nritems; slot++) {
1987 ++ u32 item_end_expected;
1988 ++ int ret;
1989 ++
1990 ++ btrfs_item_key_to_cpu(leaf, &key, slot);
1991 ++
1992 ++ /* Make sure the keys are in the right order */
1993 ++ if (btrfs_comp_cpu_keys(&prev_key, &key) >= 0) {
1994 ++ CORRUPT("bad key order", leaf, root, slot);
1995 ++ return -EUCLEAN;
1996 ++ }
1997 ++
1998 ++ /*
1999 ++ * Make sure the offset and ends are right, remember that the
2000 ++ * item data starts at the end of the leaf and grows towards the
2001 ++ * front.
2002 ++ */
2003 ++ if (slot == 0)
2004 ++ item_end_expected = BTRFS_LEAF_DATA_SIZE(root);
2005 ++ else
2006 ++ item_end_expected = btrfs_item_offset_nr(leaf,
2007 ++ slot - 1);
2008 ++ if (btrfs_item_end_nr(leaf, slot) != item_end_expected) {
2009 ++ CORRUPT("slot offset bad", leaf, root, slot);
2010 ++ return -EUCLEAN;
2011 ++ }
2012 ++
2013 ++ /*
2014 ++ * Check to make sure that we don't point outside of the leaf,
2015 ++ * just in case all the items are consistent to each other, but
2016 ++ * all point outside of the leaf.
2017 ++ */
2018 ++ if (btrfs_item_end_nr(leaf, slot) >
2019 ++ BTRFS_LEAF_DATA_SIZE(root)) {
2020 ++ CORRUPT("slot end outside of leaf", leaf, root, slot);
2021 ++ return -EUCLEAN;
2022 ++ }
2023 ++
2024 ++ /* Also check if the item pointer overlaps with btrfs item. */
2025 ++ if (btrfs_item_nr_offset(slot) + sizeof(struct btrfs_item) >
2026 ++ btrfs_item_ptr_offset(leaf, slot)) {
2027 ++ CORRUPT("slot overlap with its data", leaf, root, slot);
2028 ++ return -EUCLEAN;
2029 ++ }
2030 ++
2031 ++ if (check_item_data) {
2032 ++ /*
2033 ++ * Check if the item size and content meet other
2034 ++ * criteria
2035 ++ */
2036 ++ ret = check_leaf_item(root, leaf, &key, slot);
2037 ++ if (ret < 0)
2038 ++ return ret;
2039 ++ }
2040 ++
2041 ++ prev_key.objectid = key.objectid;
2042 ++ prev_key.type = key.type;
2043 ++ prev_key.offset = key.offset;
2044 ++ }
2045 ++
2046 ++ return 0;
2047 ++}
2048 ++
2049 ++int btrfs_check_leaf_full(struct btrfs_root *root, struct extent_buffer *leaf)
2050 ++{
2051 ++ return check_leaf(root, leaf, true);
2052 ++}
2053 ++
2054 ++int btrfs_check_leaf_relaxed(struct btrfs_root *root,
2055 ++ struct extent_buffer *leaf)
2056 ++{
2057 ++ return check_leaf(root, leaf, false);
2058 ++}
2059 ++
2060 ++int btrfs_check_node(struct btrfs_root *root, struct extent_buffer *node)
2061 ++{
2062 ++ unsigned long nr = btrfs_header_nritems(node);
2063 ++ struct btrfs_key key, next_key;
2064 ++ int slot;
2065 ++ int level = btrfs_header_level(node);
2066 ++ u64 bytenr;
2067 ++ int ret = 0;
2068 ++
2069 ++ if (level <= 0 || level >= BTRFS_MAX_LEVEL) {
2070 ++ generic_err(root, node, 0,
2071 ++ "invalid level for node, have %d expect [1, %d]",
2072 ++ level, BTRFS_MAX_LEVEL - 1);
2073 ++ return -EUCLEAN;
2074 ++ }
2075 ++ if (nr == 0 || nr > BTRFS_NODEPTRS_PER_BLOCK(root)) {
2076 ++ btrfs_crit(root->fs_info,
2077 ++"corrupt node: root=%llu block=%llu, nritems too %s, have %lu expect range [1,%zu]",
2078 ++ root->objectid, node->start,
2079 ++ nr == 0 ? "small" : "large", nr,
2080 ++ BTRFS_NODEPTRS_PER_BLOCK(root));
2081 ++ return -EUCLEAN;
2082 ++ }
2083 ++
2084 ++ for (slot = 0; slot < nr - 1; slot++) {
2085 ++ bytenr = btrfs_node_blockptr(node, slot);
2086 ++ btrfs_node_key_to_cpu(node, &key, slot);
2087 ++ btrfs_node_key_to_cpu(node, &next_key, slot + 1);
2088 ++
2089 ++ if (!bytenr) {
2090 ++ generic_err(root, node, slot,
2091 ++ "invalid NULL node pointer");
2092 ++ ret = -EUCLEAN;
2093 ++ goto out;
2094 ++ }
2095 ++ if (!IS_ALIGNED(bytenr, root->sectorsize)) {
2096 ++ generic_err(root, node, slot,
2097 ++ "unaligned pointer, have %llu should be aligned to %u",
2098 ++ bytenr, root->sectorsize);
2099 ++ ret = -EUCLEAN;
2100 ++ goto out;
2101 ++ }
2102 ++
2103 ++ if (btrfs_comp_cpu_keys(&key, &next_key) >= 0) {
2104 ++ generic_err(root, node, slot,
2105 ++ "bad key order, current (%llu %u %llu) next (%llu %u %llu)",
2106 ++ key.objectid, key.type, key.offset,
2107 ++ next_key.objectid, next_key.type,
2108 ++ next_key.offset);
2109 ++ ret = -EUCLEAN;
2110 ++ goto out;
2111 ++ }
2112 ++ }
2113 ++out:
2114 ++ return ret;
2115 ++}
2116 +diff --git a/fs/btrfs/tree-checker.h b/fs/btrfs/tree-checker.h
2117 +new file mode 100644
2118 +index 000000000000..3d53e8d6fda0
2119 +--- /dev/null
2120 ++++ b/fs/btrfs/tree-checker.h
2121 +@@ -0,0 +1,38 @@
2122 ++/*
2123 ++ * Copyright (C) Qu Wenruo 2017. All rights reserved.
2124 ++ *
2125 ++ * This program is free software; you can redistribute it and/or
2126 ++ * modify it under the terms of the GNU General Public
2127 ++ * License v2 as published by the Free Software Foundation.
2128 ++ *
2129 ++ * This program is distributed in the hope that it will be useful,
2130 ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
2131 ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
2132 ++ * General Public License for more details.
2133 ++ *
2134 ++ * You should have received a copy of the GNU General Public
2135 ++ * License along with this program.
2136 ++ */
2137 ++
2138 ++#ifndef __BTRFS_TREE_CHECKER__
2139 ++#define __BTRFS_TREE_CHECKER__
2140 ++
2141 ++#include "ctree.h"
2142 ++#include "extent_io.h"
2143 ++
2144 ++/*
2145 ++ * Comprehensive leaf checker.
2146 ++ * Will check not only the item pointers, but also every possible member
2147 ++ * in item data.
2148 ++ */
2149 ++int btrfs_check_leaf_full(struct btrfs_root *root, struct extent_buffer *leaf);
2150 ++
2151 ++/*
2152 ++ * Less strict leaf checker.
2153 ++ * Will only check item pointers, not reading item data.
2154 ++ */
2155 ++int btrfs_check_leaf_relaxed(struct btrfs_root *root,
2156 ++ struct extent_buffer *leaf);
2157 ++int btrfs_check_node(struct btrfs_root *root, struct extent_buffer *node);
2158 ++
2159 ++#endif
2160 +diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
2161 +index b4d63a9842fa..5e8fe8f3942d 100644
2162 +--- a/fs/btrfs/volumes.c
2163 ++++ b/fs/btrfs/volumes.c
2164 +@@ -1184,7 +1184,7 @@ again:
2165 + struct map_lookup *map;
2166 + int i;
2167 +
2168 +- map = (struct map_lookup *)em->bdev;
2169 ++ map = em->map_lookup;
2170 + for (i = 0; i < map->num_stripes; i++) {
2171 + u64 end;
2172 +
2173 +@@ -2757,7 +2757,7 @@ int btrfs_remove_chunk(struct btrfs_trans_handle *trans,
2174 + free_extent_map(em);
2175 + return -EINVAL;
2176 + }
2177 +- map = (struct map_lookup *)em->bdev;
2178 ++ map = em->map_lookup;
2179 + lock_chunks(root->fs_info->chunk_root);
2180 + check_system_chunk(trans, extent_root, map->type);
2181 + unlock_chunks(root->fs_info->chunk_root);
2182 +@@ -4540,7 +4540,7 @@ static int __btrfs_alloc_chunk(struct btrfs_trans_handle *trans,
2183 +
2184 + if (type & BTRFS_BLOCK_GROUP_DATA) {
2185 + max_stripe_size = 1024 * 1024 * 1024;
2186 +- max_chunk_size = 10 * max_stripe_size;
2187 ++ max_chunk_size = BTRFS_MAX_DATA_CHUNK_SIZE;
2188 + if (!devs_max)
2189 + devs_max = BTRFS_MAX_DEVS(info->chunk_root);
2190 + } else if (type & BTRFS_BLOCK_GROUP_METADATA) {
2191 +@@ -4731,7 +4731,7 @@ static int __btrfs_alloc_chunk(struct btrfs_trans_handle *trans,
2192 + goto error;
2193 + }
2194 + set_bit(EXTENT_FLAG_FS_MAPPING, &em->flags);
2195 +- em->bdev = (struct block_device *)map;
2196 ++ em->map_lookup = map;
2197 + em->start = start;
2198 + em->len = num_bytes;
2199 + em->block_start = 0;
2200 +@@ -4826,7 +4826,7 @@ int btrfs_finish_chunk_alloc(struct btrfs_trans_handle *trans,
2201 + return -EINVAL;
2202 + }
2203 +
2204 +- map = (struct map_lookup *)em->bdev;
2205 ++ map = em->map_lookup;
2206 + item_size = btrfs_chunk_item_size(map->num_stripes);
2207 + stripe_size = em->orig_block_len;
2208 +
2209 +@@ -4968,7 +4968,7 @@ int btrfs_chunk_readonly(struct btrfs_root *root, u64 chunk_offset)
2210 + if (!em)
2211 + return 1;
2212 +
2213 +- map = (struct map_lookup *)em->bdev;
2214 ++ map = em->map_lookup;
2215 + for (i = 0; i < map->num_stripes; i++) {
2216 + if (map->stripes[i].dev->missing) {
2217 + miss_ndevs++;
2218 +@@ -5048,7 +5048,7 @@ int btrfs_num_copies(struct btrfs_fs_info *fs_info, u64 logical, u64 len)
2219 + return 1;
2220 + }
2221 +
2222 +- map = (struct map_lookup *)em->bdev;
2223 ++ map = em->map_lookup;
2224 + if (map->type & (BTRFS_BLOCK_GROUP_DUP | BTRFS_BLOCK_GROUP_RAID1))
2225 + ret = map->num_stripes;
2226 + else if (map->type & BTRFS_BLOCK_GROUP_RAID10)
2227 +@@ -5091,7 +5091,7 @@ unsigned long btrfs_full_stripe_len(struct btrfs_root *root,
2228 + BUG_ON(!em);
2229 +
2230 + BUG_ON(em->start > logical || em->start + em->len < logical);
2231 +- map = (struct map_lookup *)em->bdev;
2232 ++ map = em->map_lookup;
2233 + if (map->type & BTRFS_BLOCK_GROUP_RAID56_MASK)
2234 + len = map->stripe_len * nr_data_stripes(map);
2235 + free_extent_map(em);
2236 +@@ -5112,7 +5112,7 @@ int btrfs_is_parity_mirror(struct btrfs_mapping_tree *map_tree,
2237 + BUG_ON(!em);
2238 +
2239 + BUG_ON(em->start > logical || em->start + em->len < logical);
2240 +- map = (struct map_lookup *)em->bdev;
2241 ++ map = em->map_lookup;
2242 + if (map->type & BTRFS_BLOCK_GROUP_RAID56_MASK)
2243 + ret = 1;
2244 + free_extent_map(em);
2245 +@@ -5271,7 +5271,7 @@ static int __btrfs_map_block(struct btrfs_fs_info *fs_info, int rw,
2246 + return -EINVAL;
2247 + }
2248 +
2249 +- map = (struct map_lookup *)em->bdev;
2250 ++ map = em->map_lookup;
2251 + offset = logical - em->start;
2252 +
2253 + stripe_len = map->stripe_len;
2254 +@@ -5813,7 +5813,7 @@ int btrfs_rmap_block(struct btrfs_mapping_tree *map_tree,
2255 + free_extent_map(em);
2256 + return -EIO;
2257 + }
2258 +- map = (struct map_lookup *)em->bdev;
2259 ++ map = em->map_lookup;
2260 +
2261 + length = em->len;
2262 + rmap_len = map->stripe_len;
2263 +@@ -6208,6 +6208,101 @@ struct btrfs_device *btrfs_alloc_device(struct btrfs_fs_info *fs_info,
2264 + return dev;
2265 + }
2266 +
2267 ++/* Return -EIO if any error, otherwise return 0. */
2268 ++static int btrfs_check_chunk_valid(struct btrfs_root *root,
2269 ++ struct extent_buffer *leaf,
2270 ++ struct btrfs_chunk *chunk, u64 logical)
2271 ++{
2272 ++ u64 length;
2273 ++ u64 stripe_len;
2274 ++ u16 num_stripes;
2275 ++ u16 sub_stripes;
2276 ++ u64 type;
2277 ++ u64 features;
2278 ++ bool mixed = false;
2279 ++
2280 ++ length = btrfs_chunk_length(leaf, chunk);
2281 ++ stripe_len = btrfs_chunk_stripe_len(leaf, chunk);
2282 ++ num_stripes = btrfs_chunk_num_stripes(leaf, chunk);
2283 ++ sub_stripes = btrfs_chunk_sub_stripes(leaf, chunk);
2284 ++ type = btrfs_chunk_type(leaf, chunk);
2285 ++
2286 ++ if (!num_stripes) {
2287 ++ btrfs_err(root->fs_info, "invalid chunk num_stripes: %u",
2288 ++ num_stripes);
2289 ++ return -EIO;
2290 ++ }
2291 ++ if (!IS_ALIGNED(logical, root->sectorsize)) {
2292 ++ btrfs_err(root->fs_info,
2293 ++ "invalid chunk logical %llu", logical);
2294 ++ return -EIO;
2295 ++ }
2296 ++ if (btrfs_chunk_sector_size(leaf, chunk) != root->sectorsize) {
2297 ++ btrfs_err(root->fs_info, "invalid chunk sectorsize %u",
2298 ++ btrfs_chunk_sector_size(leaf, chunk));
2299 ++ return -EIO;
2300 ++ }
2301 ++ if (!length || !IS_ALIGNED(length, root->sectorsize)) {
2302 ++ btrfs_err(root->fs_info,
2303 ++ "invalid chunk length %llu", length);
2304 ++ return -EIO;
2305 ++ }
2306 ++ if (!is_power_of_2(stripe_len)) {
2307 ++ btrfs_err(root->fs_info, "invalid chunk stripe length: %llu",
2308 ++ stripe_len);
2309 ++ return -EIO;
2310 ++ }
2311 ++ if (~(BTRFS_BLOCK_GROUP_TYPE_MASK | BTRFS_BLOCK_GROUP_PROFILE_MASK) &
2312 ++ type) {
2313 ++ btrfs_err(root->fs_info, "unrecognized chunk type: %llu",
2314 ++ ~(BTRFS_BLOCK_GROUP_TYPE_MASK |
2315 ++ BTRFS_BLOCK_GROUP_PROFILE_MASK) &
2316 ++ btrfs_chunk_type(leaf, chunk));
2317 ++ return -EIO;
2318 ++ }
2319 ++
2320 ++ if ((type & BTRFS_BLOCK_GROUP_TYPE_MASK) == 0) {
2321 ++ btrfs_err(root->fs_info, "missing chunk type flag: 0x%llx", type);
2322 ++ return -EIO;
2323 ++ }
2324 ++
2325 ++ if ((type & BTRFS_BLOCK_GROUP_SYSTEM) &&
2326 ++ (type & (BTRFS_BLOCK_GROUP_METADATA | BTRFS_BLOCK_GROUP_DATA))) {
2327 ++ btrfs_err(root->fs_info,
2328 ++ "system chunk with data or metadata type: 0x%llx", type);
2329 ++ return -EIO;
2330 ++ }
2331 ++
2332 ++ features = btrfs_super_incompat_flags(root->fs_info->super_copy);
2333 ++ if (features & BTRFS_FEATURE_INCOMPAT_MIXED_GROUPS)
2334 ++ mixed = true;
2335 ++
2336 ++ if (!mixed) {
2337 ++ if ((type & BTRFS_BLOCK_GROUP_METADATA) &&
2338 ++ (type & BTRFS_BLOCK_GROUP_DATA)) {
2339 ++ btrfs_err(root->fs_info,
2340 ++ "mixed chunk type in non-mixed mode: 0x%llx", type);
2341 ++ return -EIO;
2342 ++ }
2343 ++ }
2344 ++
2345 ++ if ((type & BTRFS_BLOCK_GROUP_RAID10 && sub_stripes != 2) ||
2346 ++ (type & BTRFS_BLOCK_GROUP_RAID1 && num_stripes < 1) ||
2347 ++ (type & BTRFS_BLOCK_GROUP_RAID5 && num_stripes < 2) ||
2348 ++ (type & BTRFS_BLOCK_GROUP_RAID6 && num_stripes < 3) ||
2349 ++ (type & BTRFS_BLOCK_GROUP_DUP && num_stripes > 2) ||
2350 ++ ((type & BTRFS_BLOCK_GROUP_PROFILE_MASK) == 0 &&
2351 ++ num_stripes != 1)) {
2352 ++ btrfs_err(root->fs_info,
2353 ++ "invalid num_stripes:sub_stripes %u:%u for profile %llu",
2354 ++ num_stripes, sub_stripes,
2355 ++ type & BTRFS_BLOCK_GROUP_PROFILE_MASK);
2356 ++ return -EIO;
2357 ++ }
2358 ++
2359 ++ return 0;
2360 ++}
2361 ++
2362 + static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
2363 + struct extent_buffer *leaf,
2364 + struct btrfs_chunk *chunk)
2365 +@@ -6217,6 +6312,7 @@ static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
2366 + struct extent_map *em;
2367 + u64 logical;
2368 + u64 length;
2369 ++ u64 stripe_len;
2370 + u64 devid;
2371 + u8 uuid[BTRFS_UUID_SIZE];
2372 + int num_stripes;
2373 +@@ -6225,6 +6321,12 @@ static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
2374 +
2375 + logical = key->offset;
2376 + length = btrfs_chunk_length(leaf, chunk);
2377 ++ stripe_len = btrfs_chunk_stripe_len(leaf, chunk);
2378 ++ num_stripes = btrfs_chunk_num_stripes(leaf, chunk);
2379 ++
2380 ++ ret = btrfs_check_chunk_valid(root, leaf, chunk, logical);
2381 ++ if (ret)
2382 ++ return ret;
2383 +
2384 + read_lock(&map_tree->map_tree.lock);
2385 + em = lookup_extent_mapping(&map_tree->map_tree, logical, 1);
2386 +@@ -6241,7 +6343,6 @@ static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
2387 + em = alloc_extent_map();
2388 + if (!em)
2389 + return -ENOMEM;
2390 +- num_stripes = btrfs_chunk_num_stripes(leaf, chunk);
2391 + map = kmalloc(map_lookup_size(num_stripes), GFP_NOFS);
2392 + if (!map) {
2393 + free_extent_map(em);
2394 +@@ -6249,7 +6350,7 @@ static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
2395 + }
2396 +
2397 + set_bit(EXTENT_FLAG_FS_MAPPING, &em->flags);
2398 +- em->bdev = (struct block_device *)map;
2399 ++ em->map_lookup = map;
2400 + em->start = logical;
2401 + em->len = length;
2402 + em->orig_start = 0;
2403 +@@ -6473,6 +6574,7 @@ int btrfs_read_sys_array(struct btrfs_root *root)
2404 + u32 array_size;
2405 + u32 len = 0;
2406 + u32 cur_offset;
2407 ++ u64 type;
2408 + struct btrfs_key key;
2409 +
2410 + ASSERT(BTRFS_SUPER_INFO_SIZE <= root->nodesize);
2411 +@@ -6539,6 +6641,15 @@ int btrfs_read_sys_array(struct btrfs_root *root)
2412 + break;
2413 + }
2414 +
2415 ++ type = btrfs_chunk_type(sb, chunk);
2416 ++ if ((type & BTRFS_BLOCK_GROUP_SYSTEM) == 0) {
2417 ++ btrfs_err(root->fs_info,
2418 ++ "invalid chunk type %llu in sys_array at offset %u",
2419 ++ type, cur_offset);
2420 ++ ret = -EIO;
2421 ++ break;
2422 ++ }
2423 ++
2424 + len = btrfs_chunk_item_size(num_stripes);
2425 + if (cur_offset + len > array_size)
2426 + goto out_short_read;
2427 +@@ -6948,7 +7059,7 @@ void btrfs_update_commit_device_bytes_used(struct btrfs_root *root,
2428 + /* In order to kick the device replace finish process */
2429 + lock_chunks(root);
2430 + list_for_each_entry(em, &transaction->pending_chunks, list) {
2431 +- map = (struct map_lookup *)em->bdev;
2432 ++ map = em->map_lookup;
2433 +
2434 + for (i = 0; i < map->num_stripes; i++) {
2435 + dev = map->stripes[i].dev;
2436 +diff --git a/fs/btrfs/volumes.h b/fs/btrfs/volumes.h
2437 +index d5c84f6b1353..3c651df420be 100644
2438 +--- a/fs/btrfs/volumes.h
2439 ++++ b/fs/btrfs/volumes.h
2440 +@@ -24,6 +24,8 @@
2441 + #include <linux/btrfs.h>
2442 + #include "async-thread.h"
2443 +
2444 ++#define BTRFS_MAX_DATA_CHUNK_SIZE (10ULL * SZ_1G)
2445 ++
2446 + extern struct mutex uuid_mutex;
2447 +
2448 + #define BTRFS_STRIPE_LEN (64 * 1024)
2449 +diff --git a/fs/cifs/file.c b/fs/cifs/file.c
2450 +index 0141aba9eca6..026b399af215 100644
2451 +--- a/fs/cifs/file.c
2452 ++++ b/fs/cifs/file.c
2453 +@@ -1073,10 +1073,10 @@ cifs_push_mandatory_locks(struct cifsFileInfo *cfile)
2454 +
2455 + /*
2456 + * Accessing maxBuf is racy with cifs_reconnect - need to store value
2457 +- * and check it for zero before using.
2458 ++ * and check it before using.
2459 + */
2460 + max_buf = tcon->ses->server->maxBuf;
2461 +- if (!max_buf) {
2462 ++ if (max_buf < (sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE))) {
2463 + free_xid(xid);
2464 + return -EINVAL;
2465 + }
2466 +@@ -1404,10 +1404,10 @@ cifs_unlock_range(struct cifsFileInfo *cfile, struct file_lock *flock,
2467 +
2468 + /*
2469 + * Accessing maxBuf is racy with cifs_reconnect - need to store value
2470 +- * and check it for zero before using.
2471 ++ * and check it before using.
2472 + */
2473 + max_buf = tcon->ses->server->maxBuf;
2474 +- if (!max_buf)
2475 ++ if (max_buf < (sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE)))
2476 + return -EINVAL;
2477 +
2478 + max_num = (max_buf - sizeof(struct smb_hdr)) /
2479 +diff --git a/fs/cifs/smb2file.c b/fs/cifs/smb2file.c
2480 +index b2aff0c6f22c..b7885dc0d9bb 100644
2481 +--- a/fs/cifs/smb2file.c
2482 ++++ b/fs/cifs/smb2file.c
2483 +@@ -123,10 +123,10 @@ smb2_unlock_range(struct cifsFileInfo *cfile, struct file_lock *flock,
2484 +
2485 + /*
2486 + * Accessing maxBuf is racy with cifs_reconnect - need to store value
2487 +- * and check it for zero before using.
2488 ++ * and check it before using.
2489 + */
2490 + max_buf = tcon->ses->server->maxBuf;
2491 +- if (!max_buf)
2492 ++ if (max_buf < sizeof(struct smb2_lock_element))
2493 + return -EINVAL;
2494 +
2495 + max_num = max_buf / sizeof(struct smb2_lock_element);
2496 +diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
2497 +index 54af10204e83..1cf0a336ec06 100644
2498 +--- a/fs/cifs/transport.c
2499 ++++ b/fs/cifs/transport.c
2500 +@@ -360,7 +360,7 @@ uncork:
2501 + if (rc < 0 && rc != -EINTR)
2502 + cifs_dbg(VFS, "Error %d sending data on socket to server\n",
2503 + rc);
2504 +- else
2505 ++ else if (rc > 0)
2506 + rc = 0;
2507 +
2508 + return rc;
2509 +diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
2510 +index 46d4fac48cf4..0dcd33f62637 100644
2511 +--- a/fs/ext4/inline.c
2512 ++++ b/fs/ext4/inline.c
2513 +@@ -1861,12 +1861,12 @@ int ext4_inline_data_fiemap(struct inode *inode,
2514 + physical += (char *)ext4_raw_inode(&iloc) - iloc.bh->b_data;
2515 + physical += offsetof(struct ext4_inode, i_block);
2516 +
2517 +- if (physical)
2518 +- error = fiemap_fill_next_extent(fieinfo, start, physical,
2519 +- inline_len, flags);
2520 + brelse(iloc.bh);
2521 + out:
2522 + up_read(&EXT4_I(inode)->xattr_sem);
2523 ++ if (physical)
2524 ++ error = fiemap_fill_next_extent(fieinfo, start, physical,
2525 ++ inline_len, flags);
2526 + return (error < 0 ? error : 0);
2527 + }
2528 +
2529 +diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
2530 +index cc0fc712bb82..a8ac3f25b4ec 100644
2531 +--- a/include/linux/sunrpc/svc.h
2532 ++++ b/include/linux/sunrpc/svc.h
2533 +@@ -290,9 +290,12 @@ struct svc_rqst {
2534 + struct svc_cacherep * rq_cacherep; /* cache info */
2535 + struct task_struct *rq_task; /* service thread */
2536 + spinlock_t rq_lock; /* per-request lock */
2537 ++ struct net *rq_bc_net; /* pointer to backchannel's
2538 ++ * net namespace
2539 ++ */
2540 + };
2541 +
2542 +-#define SVC_NET(svc_rqst) (svc_rqst->rq_xprt->xpt_net)
2543 ++#define SVC_NET(rqst) (rqst->rq_xprt ? rqst->rq_xprt->xpt_net : rqst->rq_bc_net)
2544 +
2545 + /*
2546 + * Rigorous type checking on sockaddr type conversions
2547 +diff --git a/mm/slab.c b/mm/slab.c
2548 +index fa49c01225a7..92df044f5e00 100644
2549 +--- a/mm/slab.c
2550 ++++ b/mm/slab.c
2551 +@@ -875,8 +875,10 @@ static struct alien_cache *__alloc_alien_cache(int node, int entries,
2552 + struct alien_cache *alc = NULL;
2553 +
2554 + alc = kmalloc_node(memsize, gfp, node);
2555 +- init_arraycache(&alc->ac, entries, batch);
2556 +- spin_lock_init(&alc->lock);
2557 ++ if (alc) {
2558 ++ init_arraycache(&alc->ac, entries, batch);
2559 ++ spin_lock_init(&alc->lock);
2560 ++ }
2561 + return alc;
2562 + }
2563 +
2564 +diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
2565 +index c5b0cb4f4056..41f6e964fe91 100644
2566 +--- a/net/sunrpc/svc.c
2567 ++++ b/net/sunrpc/svc.c
2568 +@@ -1062,6 +1062,8 @@ void svc_printk(struct svc_rqst *rqstp, const char *fmt, ...)
2569 + static __printf(2,3) void svc_printk(struct svc_rqst *rqstp, const char *fmt, ...) {}
2570 + #endif
2571 +
2572 ++extern void svc_tcp_prep_reply_hdr(struct svc_rqst *);
2573 ++
2574 + /*
2575 + * Common routine for processing the RPC request.
2576 + */
2577 +@@ -1091,7 +1093,8 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv)
2578 + clear_bit(RQ_DROPME, &rqstp->rq_flags);
2579 +
2580 + /* Setup reply header */
2581 +- rqstp->rq_xprt->xpt_ops->xpo_prep_reply_hdr(rqstp);
2582 ++ if (rqstp->rq_prot == IPPROTO_TCP)
2583 ++ svc_tcp_prep_reply_hdr(rqstp);
2584 +
2585 + svc_putu32(resv, rqstp->rq_xid);
2586 +
2587 +@@ -1138,7 +1141,8 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv)
2588 + case SVC_DENIED:
2589 + goto err_bad_auth;
2590 + case SVC_CLOSE:
2591 +- if (test_bit(XPT_TEMP, &rqstp->rq_xprt->xpt_flags))
2592 ++ if (rqstp->rq_xprt &&
2593 ++ test_bit(XPT_TEMP, &rqstp->rq_xprt->xpt_flags))
2594 + svc_close_xprt(rqstp->rq_xprt);
2595 + case SVC_DROP:
2596 + goto dropit;
2597 +@@ -1360,10 +1364,10 @@ bc_svc_process(struct svc_serv *serv, struct rpc_rqst *req,
2598 + dprintk("svc: %s(%p)\n", __func__, req);
2599 +
2600 + /* Build the svc_rqst used by the common processing routine */
2601 +- rqstp->rq_xprt = serv->sv_bc_xprt;
2602 + rqstp->rq_xid = req->rq_xid;
2603 + rqstp->rq_prot = req->rq_xprt->prot;
2604 + rqstp->rq_server = serv;
2605 ++ rqstp->rq_bc_net = req->rq_xprt->xprt_net;
2606 +
2607 + rqstp->rq_addrlen = sizeof(req->rq_xprt->addr);
2608 + memcpy(&rqstp->rq_addr, &req->rq_xprt->addr, rqstp->rq_addrlen);
2609 +diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c
2610 +index 71f15da72f02..2b8e80c721db 100644
2611 +--- a/net/sunrpc/svc_xprt.c
2612 ++++ b/net/sunrpc/svc_xprt.c
2613 +@@ -454,10 +454,11 @@ out:
2614 + */
2615 + void svc_reserve(struct svc_rqst *rqstp, int space)
2616 + {
2617 ++ struct svc_xprt *xprt = rqstp->rq_xprt;
2618 ++
2619 + space += rqstp->rq_res.head[0].iov_len;
2620 +
2621 +- if (space < rqstp->rq_reserved) {
2622 +- struct svc_xprt *xprt = rqstp->rq_xprt;
2623 ++ if (xprt && space < rqstp->rq_reserved) {
2624 + atomic_sub((rqstp->rq_reserved - space), &xprt->xpt_reserved);
2625 + rqstp->rq_reserved = space;
2626 +
2627 +diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
2628 +index 9701fcca002c..0a9fe033132c 100644
2629 +--- a/net/sunrpc/svcsock.c
2630 ++++ b/net/sunrpc/svcsock.c
2631 +@@ -1240,7 +1240,7 @@ static int svc_tcp_sendto(struct svc_rqst *rqstp)
2632 + /*
2633 + * Setup response header. TCP has a 4B record length field.
2634 + */
2635 +-static void svc_tcp_prep_reply_hdr(struct svc_rqst *rqstp)
2636 ++void svc_tcp_prep_reply_hdr(struct svc_rqst *rqstp)
2637 + {
2638 + struct kvec *resv = &rqstp->rq_res.head[0];
2639 +
2640 +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
2641 +index 0467e5ba82e0..5d8ac2d798df 100644
2642 +--- a/sound/pci/hda/patch_realtek.c
2643 ++++ b/sound/pci/hda/patch_realtek.c
2644 +@@ -4792,6 +4792,13 @@ static void alc280_fixup_hp_9480m(struct hda_codec *codec,
2645 + }
2646 + }
2647 +
2648 ++static void alc_fixup_disable_mic_vref(struct hda_codec *codec,
2649 ++ const struct hda_fixup *fix, int action)
2650 ++{
2651 ++ if (action == HDA_FIXUP_ACT_PRE_PROBE)
2652 ++ snd_hda_codec_set_pin_target(codec, 0x19, PIN_VREFHIZ);
2653 ++}
2654 ++
2655 + /* for hda_fixup_thinkpad_acpi() */
2656 + #include "thinkpad_helper.c"
2657 +
2658 +@@ -4891,6 +4898,7 @@ enum {
2659 + ALC293_FIXUP_LENOVO_SPK_NOISE,
2660 + ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY,
2661 + ALC255_FIXUP_DELL_SPK_NOISE,
2662 ++ ALC225_FIXUP_DISABLE_MIC_VREF,
2663 + ALC225_FIXUP_DELL1_MIC_NO_PRESENCE,
2664 + ALC295_FIXUP_DISABLE_DAC3,
2665 + ALC280_FIXUP_HP_HEADSET_MIC,
2666 +@@ -5546,6 +5554,12 @@ static const struct hda_fixup alc269_fixups[] = {
2667 + .chained = true,
2668 + .chain_id = ALC255_FIXUP_DELL1_MIC_NO_PRESENCE
2669 + },
2670 ++ [ALC225_FIXUP_DISABLE_MIC_VREF] = {
2671 ++ .type = HDA_FIXUP_FUNC,
2672 ++ .v.func = alc_fixup_disable_mic_vref,
2673 ++ .chained = true,
2674 ++ .chain_id = ALC269_FIXUP_DELL1_MIC_NO_PRESENCE
2675 ++ },
2676 + [ALC225_FIXUP_DELL1_MIC_NO_PRESENCE] = {
2677 + .type = HDA_FIXUP_VERBS,
2678 + .v.verbs = (const struct hda_verb[]) {
2679 +@@ -5555,7 +5569,7 @@ static const struct hda_fixup alc269_fixups[] = {
2680 + {}
2681 + },
2682 + .chained = true,
2683 +- .chain_id = ALC269_FIXUP_DELL1_MIC_NO_PRESENCE
2684 ++ .chain_id = ALC225_FIXUP_DISABLE_MIC_VREF
2685 + },
2686 + [ALC280_FIXUP_HP_HEADSET_MIC] = {
2687 + .type = HDA_FIXUP_FUNC,
Report Message
Find on MARC Find on Google Groups