--- /dev/null
+From b0dd940e582b6a60296b9847a54012a4b080dc72 Mon Sep 17 00:00:00 2001
+From: Ronnie Sahlberg <lsahlber@redhat.com>
+Date: Wed, 5 Feb 2020 11:08:01 +1000
+Subject: cifs: fail i/o on soft mounts if sessionsetup errors out
+
+From: Ronnie Sahlberg <lsahlber@redhat.com>
+
+commit b0dd940e582b6a60296b9847a54012a4b080dc72 upstream.
+
+RHBZ: 1579050
+
+If we have a soft mount we should fail commands for session-setup
+failures (such as the password having changed/ account being deleted/ ...)
+and return an error back to the application.
+
+Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+CC: Stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/smb2pdu.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -247,9 +247,14 @@ smb2_reconnect(__le16 smb2_command, stru
+ */
+ mutex_lock(&tcon->ses->session_mutex);
+ rc = cifs_negotiate_protocol(0, tcon->ses);
+- if (!rc && tcon->ses->need_reconnect)
++ if (!rc && tcon->ses->need_reconnect) {
+ rc = cifs_setup_session(0, tcon->ses, nls_codepage);
+-
++ if ((rc == -EACCES) && !tcon->retry) {
++ rc = -EHOSTDOWN;
++ mutex_unlock(&tcon->ses->session_mutex);
++ goto failed;
++ }
++ }
+ if (rc || !tcon->need_reconnect) {
+ mutex_unlock(&tcon->ses->session_mutex);
+ goto out;
+@@ -291,6 +296,7 @@ out:
+ case SMB2_SET_INFO:
+ rc = -EAGAIN;
+ }
++failed:
+ unload_nls(nls_codepage);
+ return rc;
+ }
--- /dev/null
+From e3e056c35108661e418c803adfc054bf683426e7 Mon Sep 17 00:00:00 2001
+From: Aurelien Aptel <aaptel@suse.com>
+Date: Thu, 6 Feb 2020 18:16:55 +0100
+Subject: cifs: fix mode bits from dir listing when mounted with modefromsid
+
+From: Aurelien Aptel <aaptel@suse.com>
+
+commit e3e056c35108661e418c803adfc054bf683426e7 upstream.
+
+When mounting with -o modefromsid, the mode bits are stored in an
+ACE. Directory enumeration (e.g. ls -l /mnt) triggers an SMB Query Dir
+which does not include ACEs in its response. The mode bits in this
+case are silently set to a default value of 755 instead.
+
+This patch marks the dentry created during the directory enumeration
+as needing re-evaluation (i.e. additional Query Info with ACEs) so
+that the mode bits can be properly extracted.
+
+Quick repro:
+
+$ mount.cifs //win19.test/data /mnt -o ...,modefromsid
+$ touch /mnt/foo && chmod 751 /mnt/foo
+$ stat /mnt/foo
+ # reports 751 (OK)
+$ sleep 2
+ # dentry older than 1s by default get invalidated
+$ ls -l /mnt
+ # since dentry invalid, ls does a Query Dir
+ # and reports foo as 755 (WRONG)
+
+Signed-off-by: Aurelien Aptel <aaptel@suse.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+CC: Stable <stable@vger.kernel.org>
+Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/readdir.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/cifs/readdir.c
++++ b/fs/cifs/readdir.c
+@@ -174,7 +174,8 @@ cifs_fill_common_info(struct cifs_fattr
+ * may look wrong since the inodes may not have timed out by the time
+ * "ls" does a stat() call on them.
+ */
+- if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_ACL)
++ if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_ACL) ||
++ (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MODE_FROM_SID))
+ fattr->cf_flags |= CIFS_FATTR_NEED_REVAL;
+
+ if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UNX_EMUL &&
--- /dev/null
+From febac332a819f0e764aa4da62757ba21d18c182b Mon Sep 17 00:00:00 2001
+From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
+Date: Fri, 31 Jan 2020 19:08:59 +0300
+Subject: clocksource: Prevent double add_timer_on() for watchdog_timer
+
+From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
+
+commit febac332a819f0e764aa4da62757ba21d18c182b upstream.
+
+Kernel crashes inside QEMU/KVM are observed:
+
+ kernel BUG at kernel/time/timer.c:1154!
+ BUG_ON(timer_pending(timer) || !timer->function) in add_timer_on().
+
+At the same time another cpu got:
+
+ general protection fault: 0000 [#1] SMP PTI of poinson pointer 0xdead000000000200 in:
+
+ __hlist_del at include/linux/list.h:681
+ (inlined by) detach_timer at kernel/time/timer.c:818
+ (inlined by) expire_timers at kernel/time/timer.c:1355
+ (inlined by) __run_timers at kernel/time/timer.c:1686
+ (inlined by) run_timer_softirq at kernel/time/timer.c:1699
+
+Unfortunately kernel logs are badly scrambled, stacktraces are lost.
+
+Printing the timer->function before the BUG_ON() pointed to
+clocksource_watchdog().
+
+The execution of clocksource_watchdog() can race with a sequence of
+clocksource_stop_watchdog() .. clocksource_start_watchdog():
+
+expire_timers()
+ detach_timer(timer, true);
+ timer->entry.pprev = NULL;
+ raw_spin_unlock_irq(&base->lock);
+ call_timer_fn
+ clocksource_watchdog()
+
+ clocksource_watchdog_kthread() or
+ clocksource_unbind()
+
+ spin_lock_irqsave(&watchdog_lock, flags);
+ clocksource_stop_watchdog();
+ del_timer(&watchdog_timer);
+ watchdog_running = 0;
+ spin_unlock_irqrestore(&watchdog_lock, flags);
+
+ spin_lock_irqsave(&watchdog_lock, flags);
+ clocksource_start_watchdog();
+ add_timer_on(&watchdog_timer, ...);
+ watchdog_running = 1;
+ spin_unlock_irqrestore(&watchdog_lock, flags);
+
+ spin_lock(&watchdog_lock);
+ add_timer_on(&watchdog_timer, ...);
+ BUG_ON(timer_pending(timer) || !timer->function);
+ timer_pending() -> true
+ BUG()
+
+I.e. inside clocksource_watchdog() watchdog_timer could be already armed.
+
+Check timer_pending() before calling add_timer_on(). This is sufficient as
+all operations are synchronized by watchdog_lock.
+
+Fixes: 75c5158f70c0 ("timekeeping: Update clocksource with stop_machine")
+Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/158048693917.4378.13823603769948933793.stgit@buzz
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/time/clocksource.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+--- a/kernel/time/clocksource.c
++++ b/kernel/time/clocksource.c
+@@ -272,8 +272,15 @@ static void clocksource_watchdog(unsigne
+ next_cpu = cpumask_next(raw_smp_processor_id(), cpu_online_mask);
+ if (next_cpu >= nr_cpu_ids)
+ next_cpu = cpumask_first(cpu_online_mask);
+- watchdog_timer.expires += WATCHDOG_INTERVAL;
+- add_timer_on(&watchdog_timer, next_cpu);
++
++ /*
++ * Arm timer if not already pending: could race with concurrent
++ * pair clocksource_stop_watchdog() clocksource_start_watchdog().
++ */
++ if (!timer_pending(&watchdog_timer)) {
++ watchdog_timer.expires += WATCHDOG_INTERVAL;
++ add_timer_on(&watchdog_timer, next_cpu);
++ }
+ out:
+ spin_unlock(&watchdog_lock);
+ }
--- /dev/null
+From 003461559ef7a9bd0239bae35a22ad8924d6e9ad Mon Sep 17 00:00:00 2001
+From: Song Liu <songliubraving@fb.com>
+Date: Thu, 23 Jan 2020 10:11:46 -0800
+Subject: perf/core: Fix mlock accounting in perf_mmap()
+
+From: Song Liu <songliubraving@fb.com>
+
+commit 003461559ef7a9bd0239bae35a22ad8924d6e9ad upstream.
+
+Decreasing sysctl_perf_event_mlock between two consecutive perf_mmap()s of
+a perf ring buffer may lead to an integer underflow in locked memory
+accounting. This may lead to the undesired behaviors, such as failures in
+BPF map creation.
+
+Address this by adjusting the accounting logic to take into account the
+possibility that the amount of already locked memory may exceed the
+current limit.
+
+Fixes: c4b75479741c ("perf/core: Make the mlock accounting simple again")
+Suggested-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Signed-off-by: Song Liu <songliubraving@fb.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Cc: <stable@vger.kernel.org>
+Acked-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Link: https://lkml.kernel.org/r/20200123181146.2238074-1-songliubraving@fb.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/events/core.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -5303,7 +5303,15 @@ accounting:
+ */
+ user_lock_limit *= num_online_cpus();
+
+- user_locked = atomic_long_read(&user->locked_vm) + user_extra;
++ user_locked = atomic_long_read(&user->locked_vm);
++
++ /*
++ * sysctl_perf_event_mlock may have changed, so that
++ * user->locked_vm > user_lock_limit
++ */
++ if (user_locked > user_lock_limit)
++ user_locked = user_lock_limit;
++ user_locked += user_extra;
+
+ if (user_locked > user_lock_limit)
+ extra = user_locked - user_lock_limit;
kvm-x86-mmu-apply-max-pa-check-for-mmio-sptes-to-32-.patch
kvm-vmx-add-non-canonical-check-on-writes-to-rtit-ad.patch
kvm-nvmx-vmread-should-not-set-rflags-to-specify-suc.patch
+cifs-fail-i-o-on-soft-mounts-if-sessionsetup-errors-out.patch
+cifs-fix-mode-bits-from-dir-listing-when-mounted-with-modefromsid.patch
+clocksource-prevent-double-add_timer_on-for-watchdog_timer.patch
+perf-core-fix-mlock-accounting-in-perf_mmap.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
