4.9-stable patches

added patches:
	cifs_atomic_open-fix-double-put-on-late-allocation-failure.patch

diff --git a/queue-4.9/cifs_atomic_open-fix-double-put-on-late-allocation-failure.patch b/queue-4.9/cifs_atomic_open-fix-double-put-on-late-allocation-failure.patch
new file mode 100644 (file)
index 0000000..4cf0d80
--- /dev/null
+++ b/queue-4.9/cifs_atomic_open-fix-double-put-on-late-allocation-failure.patch
@@ -0,0 +1,66 @@
+From d9a9f4849fe0c9d560851ab22a85a666cddfdd24 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Thu, 12 Mar 2020 18:25:20 -0400
+Subject: cifs_atomic_open(): fix double-put on late allocation failure
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit d9a9f4849fe0c9d560851ab22a85a666cddfdd24 upstream.
+
+several iterations of ->atomic_open() calling conventions ago, we
+used to need fput() if ->atomic_open() failed at some point after
+successful finish_open().  Now (since 2016) it's not needed -
+struct file carries enough state to make fput() work regardless
+of the point in struct file lifecycle and discarding it on
+failure exits in open() got unified.  Unfortunately, I'd missed
+the fact that we had an instance of ->atomic_open() (cifs one)
+that used to need that fput(), as well as the stale comment in
+finish_open() demanding such late failure handling.  Trivially
+fixed...
+
+Fixes: fe9ec8291fca "do_last(): take fput() on error after opening to out:"
+Cc: stable@kernel.org # v4.7+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ Documentation/filesystems/porting |    7 +++++++
+ fs/cifs/dir.c                     |    1 -
+ fs/open.c                         |    3 ---
+ 3 files changed, 7 insertions(+), 4 deletions(-)
+
+--- a/Documentation/filesystems/porting
++++ b/Documentation/filesystems/porting
+@@ -596,3 +596,10 @@ in your dentry operations instead.
+ [mandatory]
+       ->rename() has an added flags argument.  Any flags not handled by the
+         filesystem should result in EINVAL being returned.
++--
++[mandatory]
++
++      [should've been added in 2016] stale comment in finish_open()
++      nonwithstanding, failure exits in ->atomic_open() instances should
++      *NOT* fput() the file, no matter what.  Everything is handled by the
++      caller.
+--- a/fs/cifs/dir.c
++++ b/fs/cifs/dir.c
+@@ -551,7 +551,6 @@ cifs_atomic_open(struct inode *inode, st
+               if (server->ops->close)
+                       server->ops->close(xid, tcon, &fid);
+               cifs_del_pending_open(&open);
+-              fput(file);
+               rc = -ENOMEM;
+       }
+ 
+--- a/fs/open.c
++++ b/fs/open.c
+@@ -824,9 +824,6 @@ cleanup_file:
+  * the return value of d_splice_alias(), then the caller needs to perform dput()
+  * on it after finish_open().
+  *
+- * On successful return @file is a fully instantiated open file.  After this, if
+- * an error occurs in ->atomic_open(), it needs to clean up with fput().
+- *
+  * Returns zero on success or -errno if the open failed.
+  */
+ int finish_open(struct file *file, struct dentry *dentry,

diff --git a/queue-4.9/series b/queue-4.9/series
index f574b9687162fc4f990cbae9e8a55867800f6713..becc05f3d97baea6d556eb8b1f1ae1496a8e6492 100644 (file)
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -32,3 +32,4 @@ virtio-blk-fix-hw_queue-stopped-on-arbitrary-error.patch
 iommu-vt-d-quirk_ioat_snb_local_iommu-replace-warn_taint-with-pr_warn-add_taint.patch
 workqueue-don-t-use-wq_select_unbound_cpu-for-bound-works.patch
 drm-amd-display-remove-duplicated-assignment-to-grph_obj_type.patch
+cifs_atomic_open-fix-double-put-on-late-allocation-failure.patch