--- /dev/null
+From 82382acec0c97b91830fff7130d0acce4ac4f3f3 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Tue, 3 Apr 2018 00:22:29 -0400
+Subject: kernfs: deal with kernfs_fill_super() failures
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 82382acec0c97b91830fff7130d0acce4ac4f3f3 upstream.
+
+make sure that info->node is initialized early, so that kernfs_kill_sb()
+can list_del() it safely.
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Guilherme G. Piccoli <gpiccoli@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/kernfs/mount.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/kernfs/mount.c
++++ b/fs/kernfs/mount.c
+@@ -320,6 +320,7 @@ struct dentry *kernfs_mount_ns(struct fi
+
+ info->root = root;
+ info->ns = ns;
++ INIT_LIST_HEAD(&info->node);
+
+ sb = sget_userns(fs_type, kernfs_test_super, kernfs_set_super, flags,
+ &init_user_ns, info);
can-bcm-raw-isotp-use-per-module-netdevice-notifier.patch
inet-use-bigger-hash-table-for-ip-id-generation.patch
usb-dwc3-core-fix-kernel-panic-when-do-reboot.patch
+kernfs-deal-with-kernfs_fill_super-failures.patch
+unfuck-sysfs_mount.patch
+x86-fpu-reset-state-for-all-signal-restore-failures.patch
--- /dev/null
+From 7b745a4e4051e1bbce40e0b1c2cf636c70583aa4 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Mon, 14 May 2018 00:03:34 -0400
+Subject: unfuck sysfs_mount()
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 7b745a4e4051e1bbce40e0b1c2cf636c70583aa4 upstream.
+
+new_sb is left uninitialized in case of early failures in kernfs_mount_ns(),
+and while IS_ERR(root) is true in all such cases, using IS_ERR(root) || !new_sb
+is not a solution - IS_ERR(root) is true in some cases when new_sb is true.
+
+Make sure new_sb is initialized (and matches the reality) in all cases and
+fix the condition for dropping kobj reference - we want it done precisely
+in those situations where the reference has not been transferred into a new
+super_block instance.
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Guilherme G. Piccoli <gpiccoli@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/sysfs/mount.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/fs/sysfs/mount.c
++++ b/fs/sysfs/mount.c
+@@ -28,7 +28,7 @@ static struct dentry *sysfs_mount(struct
+ {
+ struct dentry *root;
+ void *ns;
+- bool new_sb;
++ bool new_sb = false;
+
+ if (!(flags & MS_KERNMOUNT)) {
+ if (!kobj_ns_current_may_mount(KOBJ_NS_TYPE_NET))
+@@ -38,9 +38,9 @@ static struct dentry *sysfs_mount(struct
+ ns = kobj_ns_grab_current(KOBJ_NS_TYPE_NET);
+ root = kernfs_mount_ns(fs_type, flags, sysfs_root,
+ SYSFS_MAGIC, &new_sb, ns);
+- if (IS_ERR(root) || !new_sb)
++ if (!new_sb)
+ kobj_ns_drop(KOBJ_NS_TYPE_NET, ns);
+- else if (new_sb)
++ else if (!IS_ERR(root))
+ root->d_sb->s_iflags |= SB_I_USERNS_VISIBLE;
+
+ return root;
--- /dev/null
+From efa165504943f2128d50f63de0c02faf6dcceb0d Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Wed, 9 Jun 2021 21:18:00 +0200
+Subject: x86/fpu: Reset state for all signal restore failures
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit efa165504943f2128d50f63de0c02faf6dcceb0d upstream.
+
+If access_ok() or fpregs_soft_set() fails in __fpu__restore_sig() then the
+function just returns but does not clear the FPU state as it does for all
+other fatal failures.
+
+Clear the FPU state for these failures as well.
+
+Fixes: 72a671ced66d ("x86, fpu: Unify signal handling code paths for x86 and x86_64 kernels")
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/87mtryyhhz.ffs@nanos.tec.linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kernel/fpu/signal.c | 31 ++++++++++++++++++++-----------
+ 1 file changed, 20 insertions(+), 11 deletions(-)
+
+--- a/arch/x86/kernel/fpu/signal.c
++++ b/arch/x86/kernel/fpu/signal.c
+@@ -272,6 +272,7 @@ static int __fpu__restore_sig(void __use
+ int state_size = fpu_kernel_xstate_size;
+ u64 xfeatures = 0;
+ int fx_only = 0;
++ int ret = 0;
+
+ ia32_fxstate &= (IS_ENABLED(CONFIG_X86_32) ||
+ IS_ENABLED(CONFIG_IA32_EMULATION));
+@@ -281,15 +282,21 @@ static int __fpu__restore_sig(void __use
+ return 0;
+ }
+
+- if (!access_ok(VERIFY_READ, buf, size))
+- return -EACCES;
++ if (!access_ok(VERIFY_READ, buf, size)) {
++ ret = -EACCES;
++ goto out_err;
++ }
+
+ fpu__initialize(fpu);
+
+- if (!static_cpu_has(X86_FEATURE_FPU))
+- return fpregs_soft_set(current, NULL,
+- 0, sizeof(struct user_i387_ia32_struct),
+- NULL, buf) != 0;
++ if (!static_cpu_has(X86_FEATURE_FPU)) {
++ ret = fpregs_soft_set(current, NULL,
++ 0, sizeof(struct user_i387_ia32_struct),
++ NULL, buf) != 0;
++ if (ret)
++ goto out_err;
++ return 0;
++ }
+
+ if (use_xsave()) {
+ struct _fpx_sw_bytes fx_sw_user;
+@@ -349,6 +356,7 @@ static int __fpu__restore_sig(void __use
+ fpu__restore(fpu);
+ local_bh_enable();
+
++ /* Failure is already handled */
+ return err;
+ } else {
+ /*
+@@ -356,13 +364,14 @@ static int __fpu__restore_sig(void __use
+ * state to the registers directly (with exceptions handled).
+ */
+ user_fpu_begin();
+- if (copy_user_to_fpregs_zeroing(buf_fx, xfeatures, fx_only)) {
+- fpu__clear(fpu);
+- return -1;
+- }
++ if (!copy_user_to_fpregs_zeroing(buf_fx, xfeatures, fx_only))
++ return 0;
++ ret = -1;
+ }
+
+- return 0;
++out_err:
++ fpu__clear(fpu);
++ return ret;
+ }
+
+ static inline int xstate_sigframe_size(void)
projects / thirdparty / kernel / stable-queue.git / commitdiff
