4.14-stable patches

added patches:
	9p-net-put-a-lower-bound-on-msize.patch
	rxe-fix-error-completion-wr_id-and-qp_num.patch

diff --git a/queue-4.14/9p-net-put-a-lower-bound-on-msize.patch b/queue-4.14/9p-net-put-a-lower-bound-on-msize.patch
new file mode 100644 (file)
index 0000000..8380914
--- /dev/null
+++ b/queue-4.14/9p-net-put-a-lower-bound-on-msize.patch
@@ -0,0 +1,81 @@
+From 574d356b7a02c7e1b01a1d9cba8a26b3c2888f45 Mon Sep 17 00:00:00 2001
+From: Dominique Martinet <dominique.martinet@cea.fr>
+Date: Mon, 5 Nov 2018 09:52:48 +0100
+Subject: 9p/net: put a lower bound on msize
+
+From: Dominique Martinet <dominique.martinet@cea.fr>
+
+commit 574d356b7a02c7e1b01a1d9cba8a26b3c2888f45 upstream.
+
+If the requested msize is too small (either from command line argument
+or from the server version reply), we won't get any work done.
+If it's *really* too small, nothing will work, and this got caught by
+syzbot recently (on a new kmem_cache_create_usercopy() call)
+
+Just set a minimum msize to 4k in both code paths, until someone
+complains they have a use-case for a smaller msize.
+
+We need to check in both mount option and server reply individually
+because the msize for the first version request would be unchecked
+with just a global check on clnt->msize.
+
+Link: http://lkml.kernel.org/r/1541407968-31350-1-git-send-email-asmadeus@codewreck.org
+Reported-by: syzbot+0c1d61e4db7db94102ca@syzkaller.appspotmail.com
+Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
+Cc: Eric Van Hensbergen <ericvh@gmail.com>
+Cc: Latchesar Ionkov <lucho@ionkov.net>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/9p/client.c |   21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+--- a/net/9p/client.c
++++ b/net/9p/client.c
+@@ -181,6 +181,12 @@ static int parse_opts(char *opts, struct
+                               ret = r;
+                               continue;
+                       }
++                      if (option < 4096) {
++                              p9_debug(P9_DEBUG_ERROR,
++                                       "msize should be at least 4k\n");
++                              ret = -EINVAL;
++                              continue;
++                      }
+                       clnt->msize = option;
+                       break;
+               case Opt_trans:
+@@ -996,10 +1002,18 @@ static int p9_client_version(struct p9_c
+       else if (!strncmp(version, "9P2000", 6))
+               c->proto_version = p9_proto_legacy;
+       else {
++              p9_debug(P9_DEBUG_ERROR,
++                       "server returned an unknown version: %s\n", version);
+               err = -EREMOTEIO;
+               goto error;
+       }
+ 
++      if (msize < 4096) {
++              p9_debug(P9_DEBUG_ERROR,
++                       "server returned a msize < 4096: %d\n", msize);
++              err = -EREMOTEIO;
++              goto error;
++      }
+       if (msize < c->msize)
+               c->msize = msize;
+ 
+@@ -1064,6 +1078,13 @@ struct p9_client *p9_client_create(const
+       if (clnt->msize > clnt->trans_mod->maxsize)
+               clnt->msize = clnt->trans_mod->maxsize;
+ 
++      if (clnt->msize < 4096) {
++              p9_debug(P9_DEBUG_ERROR,
++                       "Please specify a msize of at least 4k\n");
++              err = -EINVAL;
++              goto free_client;
++      }
++
+       err = p9_client_version(clnt);
+       if (err)
+               goto close_trans;

diff --git a/queue-4.14/rxe-fix-error-completion-wr_id-and-qp_num.patch b/queue-4.14/rxe-fix-error-completion-wr_id-and-qp_num.patch
new file mode 100644 (file)
index 0000000..a156734
--- /dev/null
+++ b/queue-4.14/rxe-fix-error-completion-wr_id-and-qp_num.patch
@@ -0,0 +1,48 @@
+From e48d8ed9c6193502d849b35767fd18e20bbd7ba2 Mon Sep 17 00:00:00 2001
+From: Sagi Grimberg <sagi@grimberg.me>
+Date: Thu, 25 Oct 2018 12:40:57 -0700
+Subject: rxe: fix error completion wr_id and qp_num
+
+From: Sagi Grimberg <sagi@grimberg.me>
+
+commit e48d8ed9c6193502d849b35767fd18e20bbd7ba2 upstream.
+
+Error completions must still contain a valid wr_id and
+qp_num such that the consumer can rely on. Correctly
+fill these fields in receive error completions.
+
+Reported-by: Walker Benjamin <benjamin.walker@intel.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
+Reviewed-by: Zhu Yanjun <yanjun.zhu@oracle.com>
+Tested-by: Zhu Yanjun <yanjun.zhu@oracle.com>
+Signed-off-by: Doug Ledford <dledford@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/sw/rxe/rxe_resp.c |   13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+--- a/drivers/infiniband/sw/rxe/rxe_resp.c
++++ b/drivers/infiniband/sw/rxe/rxe_resp.c
+@@ -845,11 +845,16 @@ static enum resp_states do_complete(stru
+ 
+       memset(&cqe, 0, sizeof(cqe));
+ 
+-      wc->wr_id               = wqe->wr_id;
+-      wc->status              = qp->resp.status;
+-      wc->qp                  = &qp->ibqp;
++      if (qp->rcq->is_user) {
++              uwc->status             = qp->resp.status;
++              uwc->qp_num             = qp->ibqp.qp_num;
++              uwc->wr_id              = wqe->wr_id;
++      } else {
++              wc->status              = qp->resp.status;
++              wc->qp                  = &qp->ibqp;
++              wc->wr_id               = wqe->wr_id;
++      }
+ 
+-      /* fields after status are not required for errors */
+       if (wc->status == IB_WC_SUCCESS) {
+               wc->opcode = (pkt->mask & RXE_IMMDT_MASK &&
+                               pkt->mask & RXE_WRITE_MASK) ?

diff --git a/queue-4.14/series b/queue-4.14/series
index 4d7f0db12dac1d4b3d426cef40806e4bbb4641ed..d6e41c999276c311881b2a7ef1008546cd4440e8 100644 (file)
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -93,3 +93,5 @@ lockd-show-pid-of-lockd-for-remote-locks.patch
 arm64-drop-linker-script-hack-to-hide-__efistub_-symbols.patch
 arm64-relocatable-fix-inconsistencies-in-linker-script-and-options.patch
 powerpc-tm-set-msr-just-prior-to-recheckpoint.patch
+9p-net-put-a-lower-bound-on-msize.patch
+rxe-fix-error-completion-wr_id-and-qp_num.patch