fixes for 4.9

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-4.9/9p-acl-fix-uninitialized-iattr-access.patch b/queue-4.9/9p-acl-fix-uninitialized-iattr-access.patch
new file mode 100644 (file)
index 0000000..0bf4d46
--- /dev/null
+++ b/queue-4.9/9p-acl-fix-uninitialized-iattr-access.patch
@@ -0,0 +1,35 @@
+From a9cf6a40da7eca4d6335a0d074b229663a9fa441 Mon Sep 17 00:00:00 2001
+From: Dominique Martinet <dominique.martinet@cea.fr>
+Date: Sat, 8 Sep 2018 00:10:57 +0900
+Subject: 9p: acl: fix uninitialized iattr access
+
+[ Upstream commit e02a53d92e197706cad1627bd84705d4aa20a145 ]
+
+iattr is passed to v9fs_vfs_setattr_dotl which does send various
+values from iattr over the wire, even if it tells the server to
+only look at iattr.ia_valid fields this could leak some stack data.
+
+Link: http://lkml.kernel.org/r/1536339057-21974-2-git-send-email-asmadeus@codewreck.org
+Addresses-Coverity-ID: 1195601 ("Uninitalized scalar variable")
+Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/9p/acl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/9p/acl.c b/fs/9p/acl.c
+index 082d227fa56b..6261719f6f2a 100644
+--- a/fs/9p/acl.c
++++ b/fs/9p/acl.c
+@@ -276,7 +276,7 @@ static int v9fs_xattr_set_acl(const struct xattr_handler *handler,
+       switch (handler->flags) {
+       case ACL_TYPE_ACCESS:
+               if (acl) {
+-                      struct iattr iattr;
++                      struct iattr iattr = { 0 };
+                       struct posix_acl *old_acl = acl;
+ 
+                       retval = posix_acl_update_mode(inode, &iattr.ia_mode, &acl);
+-- 
+2.20.1
+

diff --git a/queue-4.9/9p-p9dirent_read-check-network-provided-name-length.patch b/queue-4.9/9p-p9dirent_read-check-network-provided-name-length.patch
new file mode 100644 (file)
index 0000000..df615e3
--- /dev/null
+++ b/queue-4.9/9p-p9dirent_read-check-network-provided-name-length.patch
@@ -0,0 +1,52 @@
+From a253589f7cd77f5bda72b325a26f923ec4a12740 Mon Sep 17 00:00:00 2001
+From: Dominique Martinet <dominique.martinet@cea.fr>
+Date: Sat, 8 Sep 2018 00:36:08 +0900
+Subject: 9p: p9dirent_read: check network-provided name length
+
+[ Upstream commit ef5305f1f72eb1cfcda25c382bb0368509c0385b ]
+
+strcpy to dirent->d_name could overflow the buffer, use strscpy to check
+the provided string length and error out if the size was too big.
+
+While we are here, make the function return an error when the pdu
+parsing failed, instead of returning the pdu offset as if it had been a
+success...
+
+Link: http://lkml.kernel.org/r/1536339057-21974-4-git-send-email-asmadeus@codewreck.org
+Addresses-Coverity-ID: 139133 ("Copy into fixed size buffer")
+Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/9p/protocol.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/net/9p/protocol.c b/net/9p/protocol.c
+index 7f1b45c082c9..ed1e39ccaebf 100644
+--- a/net/9p/protocol.c
++++ b/net/9p/protocol.c
+@@ -622,13 +622,19 @@ int p9dirent_read(struct p9_client *clnt, char *buf, int len,
+       if (ret) {
+               p9_debug(P9_DEBUG_9P, "<<< p9dirent_read failed: %d\n", ret);
+               trace_9p_protocol_dump(clnt, &fake_pdu);
+-              goto out;
++              return ret;
+       }
+ 
+-      strcpy(dirent->d_name, nameptr);
++      ret = strscpy(dirent->d_name, nameptr, sizeof(dirent->d_name));
++      if (ret < 0) {
++              p9_debug(P9_DEBUG_ERROR,
++                       "On the wire dirent name too long: %s\n",
++                       nameptr);
++              kfree(nameptr);
++              return ret;
++      }
+       kfree(nameptr);
+ 
+-out:
+       return fake_pdu.offset;
+ }
+ EXPORT_SYMBOL(p9dirent_read);
+-- 
+2.20.1
+

diff --git a/queue-4.9/9p-rdma-do-not-disconnect-on-down_interruptible-eaga.patch b/queue-4.9/9p-rdma-do-not-disconnect-on-down_interruptible-eaga.patch
new file mode 100644 (file)
index 0000000..f9d71fa
--- /dev/null
+++ b/queue-4.9/9p-rdma-do-not-disconnect-on-down_interruptible-eaga.patch
@@ -0,0 +1,45 @@
+From d3d0f0bcf0fe94ee3bc3f9e9dba1f8a3434be141 Mon Sep 17 00:00:00 2001
+From: Dominique Martinet <dominique.martinet@cea.fr>
+Date: Thu, 30 Aug 2018 19:29:36 +0900
+Subject: 9p/rdma: do not disconnect on down_interruptible EAGAIN
+
+[ Upstream commit 8b894adb2b7e1d1e64b8954569c761eaf3d51ab5 ]
+
+9p/rdma would sometimes drop the connection and display errors in
+recv_done when the user does ^C.
+The errors were caused by recv buffers that were posted at the time
+of disconnect, and we just do not want to disconnect when
+down_interruptible is... interrupted.
+
+Link: http://lkml.kernel.org/r/1535625307-18019-1-git-send-email-asmadeus@codewreck.org
+Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/9p/trans_rdma.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/net/9p/trans_rdma.c b/net/9p/trans_rdma.c
+index 5a2ad4707463..9662c2747be7 100644
+--- a/net/9p/trans_rdma.c
++++ b/net/9p/trans_rdma.c
+@@ -454,7 +454,7 @@ static int rdma_request(struct p9_client *client, struct p9_req_t *req)
+ 
+       err = post_recv(client, rpl_context);
+       if (err) {
+-              p9_debug(P9_DEBUG_FCALL, "POST RECV failed\n");
++              p9_debug(P9_DEBUG_ERROR, "POST RECV failed: %d\n", err);
+               goto recv_error;
+       }
+       /* remove posted receive buffer from request structure */
+@@ -523,7 +523,7 @@ static int rdma_request(struct p9_client *client, struct p9_req_t *req)
+  recv_error:
+       kfree(rpl_context);
+       spin_lock_irqsave(&rdma->req_lock, flags);
+-      if (rdma->state < P9_RDMA_CLOSING) {
++      if (err != -EINTR && rdma->state < P9_RDMA_CLOSING) {
+               rdma->state = P9_RDMA_CLOSING;
+               spin_unlock_irqrestore(&rdma->req_lock, flags);
+               rdma_disconnect(rdma->cm_id);
+-- 
+2.20.1
+

diff --git a/queue-4.9/9p-rdma-remove-useless-check-in-cm_event_handler.patch b/queue-4.9/9p-rdma-remove-useless-check-in-cm_event_handler.patch
new file mode 100644 (file)
index 0000000..a45ced9
--- /dev/null
+++ b/queue-4.9/9p-rdma-remove-useless-check-in-cm_event_handler.patch
@@ -0,0 +1,36 @@
+From c402266cace7169f24217def43ff07e8880cd7e7 Mon Sep 17 00:00:00 2001
+From: Dominique Martinet <dominique.martinet@cea.fr>
+Date: Sat, 8 Sep 2018 00:26:50 +0900
+Subject: 9p/rdma: remove useless check in cm_event_handler
+
+[ Upstream commit 473c7dd1d7b59ff8f88a5154737e3eac78a96e5b ]
+
+the client c is always dereferenced to get the rdma struct, so c has to
+be a valid pointer at this point.
+Gcc would optimize that away but let's make coverity happy...
+
+Link: http://lkml.kernel.org/r/1536339057-21974-3-git-send-email-asmadeus@codewreck.org
+Addresses-Coverity-ID: 102778 ("Dereference before null check")
+Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/9p/trans_rdma.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/net/9p/trans_rdma.c b/net/9p/trans_rdma.c
+index 9662c2747be7..8e4313ad3f02 100644
+--- a/net/9p/trans_rdma.c
++++ b/net/9p/trans_rdma.c
+@@ -254,8 +254,7 @@ p9_cm_event_handler(struct rdma_cm_id *id, struct rdma_cm_event *event)
+       case RDMA_CM_EVENT_DISCONNECTED:
+               if (rdma)
+                       rdma->state = P9_RDMA_CLOSED;
+-              if (c)
+-                      c->status = Disconnected;
++              c->status = Disconnected;
+               break;
+ 
+       case RDMA_CM_EVENT_TIMEWAIT_EXIT:
+-- 
+2.20.1
+

diff --git a/queue-4.9/net-9p-include-trans_common.h-to-fix-missing-prototy.patch b/queue-4.9/net-9p-include-trans_common.h-to-fix-missing-prototy.patch
new file mode 100644 (file)
index 0000000..f2c77bc
--- /dev/null
+++ b/queue-4.9/net-9p-include-trans_common.h-to-fix-missing-prototy.patch
@@ -0,0 +1,35 @@
+From a2b08f43a2cca01a4c71de35081e35ac99cb1fbc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Adeodato=20Sim=C3=B3?= <dato@net.com.org.es>
+Date: Tue, 13 Nov 2018 03:28:53 -0300
+Subject: net/9p: include trans_common.h to fix missing prototype warning.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+[ Upstream commit 52ad259eaac0454c1ac7123e7148cf8d6e6f5301 ]
+
+This silences -Wmissing-prototypes when defining p9_release_pages.
+
+Link: http://lkml.kernel.org/r/b1c4df8f21689b10d451c28fe38e860722d20e71.1542089696.git.dato@net.com.org.es
+Signed-off-by: Adeodato Simó <dato@net.com.org.es>
+Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/9p/trans_common.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/net/9p/trans_common.c b/net/9p/trans_common.c
+index 38aa6345bdfa..9c0c894b56f8 100644
+--- a/net/9p/trans_common.c
++++ b/net/9p/trans_common.c
+@@ -14,6 +14,7 @@
+ 
+ #include <linux/mm.h>
+ #include <linux/module.h>
++#include "trans_common.h"
+ 
+ /**
+  *  p9_release_req_pages - Release pages after the transaction.
+-- 
+2.20.1
+

diff --git a/queue-4.9/series b/queue-4.9/series
index ecda3b9cdcbf8d04cbc75801ab210b297f1201ae..282f89413141f29cbaca40f59c90b4eed84b9f44 100644 (file)
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -37,3 +37,8 @@ ib-hfi1-avoid-hardlockup-with-flushlist_lock.patch
 perf-ui-helpline-use-strlcpy-as-a-shorter-form-of-strncpy-explicit-set-nul.patch
 perf-help-remove-needless-use-of-strncpy.patch
 perf-header-fix-unchecked-usage-of-strncpy.patch
+9p-rdma-do-not-disconnect-on-down_interruptible-eaga.patch
+9p-acl-fix-uninitialized-iattr-access.patch
+9p-rdma-remove-useless-check-in-cm_event_handler.patch
+9p-p9dirent_read-check-network-provided-name-length.patch
+net-9p-include-trans_common.h-to-fix-missing-prototy.patch