--- /dev/null
+From d2b537b3e533f28e0d97293fe9293161fe8cd137 Mon Sep 17 00:00:00 2001
+From: Yuezhang Mo <Yuezhang.Mo@sony.com>
+Date: Tue, 3 Sep 2024 15:01:09 +0800
+Subject: exfat: fix memory leak in exfat_load_bitmap()
+
+From: Yuezhang Mo <Yuezhang.Mo@sony.com>
+
+commit d2b537b3e533f28e0d97293fe9293161fe8cd137 upstream.
+
+If the first directory entry in the root directory is not a bitmap
+directory entry, 'bh' will not be released and reassigned, which
+will cause a memory leak.
+
+Fixes: 1e49a94cf707 ("exfat: add bitmap operations")
+Cc: stable@vger.kernel.org
+Signed-off-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
+Reviewed-by: Aoyama Wataru <wataru.aoyama@sony.com>
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/exfat/balloc.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/fs/exfat/balloc.c
++++ b/fs/exfat/balloc.c
+@@ -110,11 +110,8 @@ int exfat_load_bitmap(struct super_block
+ return -EIO;
+
+ type = exfat_get_entry_type(ep);
+- if (type == TYPE_UNUSED)
+- break;
+- if (type != TYPE_BITMAP)
+- continue;
+- if (ep->dentry.bitmap.flags == 0x0) {
++ if (type == TYPE_BITMAP &&
++ ep->dentry.bitmap.flags == 0x0) {
+ int err;
+
+ err = exfat_allocate_bitmap(sb, ep);
+@@ -122,6 +119,9 @@ int exfat_load_bitmap(struct super_block
+ return err;
+ }
+ brelse(bh);
++
++ if (type == TYPE_UNUSED)
++ return -EINVAL;
+ }
+
+ if (exfat_get_next_cluster(sb, &clu.dir))
--- /dev/null
+From 45bb63ed20e02ae146336412889fe5450316a84f Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Mon, 9 Sep 2024 15:06:36 +1000
+Subject: nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
+
+From: NeilBrown <neilb@suse.de>
+
+commit 45bb63ed20e02ae146336412889fe5450316a84f upstream.
+
+The pair of bloom filtered used by delegation_blocked() was intended to
+block delegations on given filehandles for between 30 and 60 seconds. A
+new filehandle would be recorded in the "new" bit set. That would then
+be switch to the "old" bit set between 0 and 30 seconds later, and it
+would remain as the "old" bit set for 30 seconds.
+
+Unfortunately the code intended to clear the old bit set once it reached
+30 seconds old, preparing it to be the next new bit set, instead cleared
+the *new* bit set before switching it to be the old bit set. This means
+that the "old" bit set is always empty and delegations are blocked
+between 0 and 30 seconds.
+
+This patch updates bd->new before clearing the set with that index,
+instead of afterwards.
+
+Reported-by: Olga Kornievskaia <okorniev@redhat.com>
+Cc: stable@vger.kernel.org
+Fixes: 6282cd565553 ("NFSD: Don't hand out delegations for 30 seconds after recalling them.")
+Signed-off-by: NeilBrown <neilb@suse.de>
+Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfsd/nfs4state.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/nfsd/nfs4state.c
++++ b/fs/nfsd/nfs4state.c
+@@ -1090,7 +1090,8 @@ static void nfs4_free_deleg(struct nfs4_
+ * When a delegation is recalled, the filehandle is stored in the "new"
+ * filter.
+ * Every 30 seconds we swap the filters and clear the "new" one,
+- * unless both are empty of course.
++ * unless both are empty of course. This results in delegations for a
++ * given filehandle being blocked for between 30 and 60 seconds.
+ *
+ * Each filter is 256 bits. We hash the filehandle to 32bit and use the
+ * low 3 bytes as hash-table indices.
+@@ -1119,9 +1120,9 @@ static int delegation_blocked(struct knf
+ if (ktime_get_seconds() - bd->swap_time > 30) {
+ bd->entries -= bd->old_entries;
+ bd->old_entries = bd->entries;
++ bd->new = 1-bd->new;
+ memset(bd->set[bd->new], 0,
+ sizeof(bd->set[0]));
+- bd->new = 1-bd->new;
+ bd->swap_time = ktime_get_seconds();
+ }
+ spin_unlock(&blocked_delegations_lock);
--- /dev/null
+From 202f39039a11402dcbcd5fece8d9fa6be83f49ae Mon Sep 17 00:00:00 2001
+From: Chuck Lever <chuck.lever@oracle.com>
+Date: Sun, 11 Aug 2024 13:11:07 -0400
+Subject: NFSD: Fix NFSv4's PUTPUBFH operation
+
+From: Chuck Lever <chuck.lever@oracle.com>
+
+commit 202f39039a11402dcbcd5fece8d9fa6be83f49ae upstream.
+
+According to RFC 8881, all minor versions of NFSv4 support PUTPUBFH.
+
+Replace the XDR decoder for PUTPUBFH with a "noop" since we no
+longer want the minorversion check, and PUTPUBFH has no arguments to
+decode. (Ideally nfsd4_decode_noop should really be called
+nfsd4_decode_void).
+
+PUTPUBFH should now behave just like PUTROOTFH.
+
+Reported-by: Cedric Blancher <cedric.blancher@gmail.com>
+Fixes: e1a90ebd8b23 ("NFSD: Combine decode operations for v4 and v4.1")
+Cc: Dan Shelton <dan.f.shelton@gmail.com>
+Cc: Roland Mainz <roland.mainz@nrubsig.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfsd/nfs4xdr.c | 10 +---------
+ 1 file changed, 1 insertion(+), 9 deletions(-)
+
+--- a/fs/nfsd/nfs4xdr.c
++++ b/fs/nfsd/nfs4xdr.c
+@@ -1246,14 +1246,6 @@ nfsd4_decode_putfh(struct nfsd4_compound
+ }
+
+ static __be32
+-nfsd4_decode_putpubfh(struct nfsd4_compoundargs *argp, union nfsd4_op_u *p)
+-{
+- if (argp->minorversion == 0)
+- return nfs_ok;
+- return nfserr_notsupp;
+-}
+-
+-static __be32
+ nfsd4_decode_read(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u)
+ {
+ struct nfsd4_read *read = &u->read;
+@@ -2345,7 +2337,7 @@ static const nfsd4_dec nfsd4_dec_ops[] =
+ [OP_OPEN_CONFIRM] = nfsd4_decode_open_confirm,
+ [OP_OPEN_DOWNGRADE] = nfsd4_decode_open_downgrade,
+ [OP_PUTFH] = nfsd4_decode_putfh,
+- [OP_PUTPUBFH] = nfsd4_decode_putpubfh,
++ [OP_PUTPUBFH] = nfsd4_decode_noop,
+ [OP_PUTROOTFH] = nfsd4_decode_noop,
+ [OP_READ] = nfsd4_decode_read,
+ [OP_READDIR] = nfsd4_decode_readdir,
--- /dev/null
+From 340e61e44c1d2a15c42ec72ade9195ad525fd048 Mon Sep 17 00:00:00 2001
+From: Li Lingfeng <lilingfeng3@huawei.com>
+Date: Sat, 17 Aug 2024 14:27:13 +0800
+Subject: nfsd: map the EBADMSG to nfserr_io to avoid warning
+
+From: Li Lingfeng <lilingfeng3@huawei.com>
+
+commit 340e61e44c1d2a15c42ec72ade9195ad525fd048 upstream.
+
+Ext4 will throw -EBADMSG through ext4_readdir when a checksum error
+occurs, resulting in the following WARNING.
+
+Fix it by mapping EBADMSG to nfserr_io.
+
+nfsd_buffered_readdir
+ iterate_dir // -EBADMSG -74
+ ext4_readdir // .iterate_shared
+ ext4_dx_readdir
+ ext4_htree_fill_tree
+ htree_dirblock_to_tree
+ ext4_read_dirblock
+ __ext4_read_dirblock
+ ext4_dirblock_csum_verify
+ warn_no_space_for_csum
+ __warn_no_space_for_csum
+ return ERR_PTR(-EFSBADCRC) // -EBADMSG -74
+ nfserrno // WARNING
+
+[ 161.115610] ------------[ cut here ]------------
+[ 161.116465] nfsd: non-standard errno: -74
+[ 161.117315] WARNING: CPU: 1 PID: 780 at fs/nfsd/nfsproc.c:878 nfserrno+0x9d/0xd0
+[ 161.118596] Modules linked in:
+[ 161.119243] CPU: 1 PID: 780 Comm: nfsd Not tainted 5.10.0-00014-g79679361fd5d #138
+[ 161.120684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qe
+mu.org 04/01/2014
+[ 161.123601] RIP: 0010:nfserrno+0x9d/0xd0
+[ 161.124676] Code: 0f 87 da 30 dd 00 83 e3 01 b8 00 00 00 05 75 d7 44 89 ee 48 c7 c7 c0 57 24 98 89 44 24 04 c6
+ 05 ce 2b 61 03 01 e8 99 20 d8 00 <0f> 0b 8b 44 24 04 eb b5 4c 89 e6 48 c7 c7 a0 6d a4 99 e8 cc 15 33
+[ 161.127797] RSP: 0018:ffffc90000e2f9c0 EFLAGS: 00010286
+[ 161.128794] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
+[ 161.130089] RDX: 1ffff1103ee16f6d RSI: 0000000000000008 RDI: fffff520001c5f2a
+[ 161.131379] RBP: 0000000000000022 R08: 0000000000000001 R09: ffff8881f70c1827
+[ 161.132664] R10: ffffed103ee18304 R11: 0000000000000001 R12: 0000000000000021
+[ 161.133949] R13: 00000000ffffffb6 R14: ffff8881317c0000 R15: ffffc90000e2fbd8
+[ 161.135244] FS: 0000000000000000(0000) GS:ffff8881f7080000(0000) knlGS:0000000000000000
+[ 161.136695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 161.137761] CR2: 00007fcaad70b348 CR3: 0000000144256006 CR4: 0000000000770ee0
+[ 161.139041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 161.140291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[ 161.141519] PKRU: 55555554
+[ 161.142076] Call Trace:
+[ 161.142575] ? __warn+0x9b/0x140
+[ 161.143229] ? nfserrno+0x9d/0xd0
+[ 161.143872] ? report_bug+0x125/0x150
+[ 161.144595] ? handle_bug+0x41/0x90
+[ 161.145284] ? exc_invalid_op+0x14/0x70
+[ 161.146009] ? asm_exc_invalid_op+0x12/0x20
+[ 161.146816] ? nfserrno+0x9d/0xd0
+[ 161.147487] nfsd_buffered_readdir+0x28b/0x2b0
+[ 161.148333] ? nfsd4_encode_dirent_fattr+0x380/0x380
+[ 161.149258] ? nfsd_buffered_filldir+0xf0/0xf0
+[ 161.150093] ? wait_for_concurrent_writes+0x170/0x170
+[ 161.151004] ? generic_file_llseek_size+0x48/0x160
+[ 161.151895] nfsd_readdir+0x132/0x190
+[ 161.152606] ? nfsd4_encode_dirent_fattr+0x380/0x380
+[ 161.153516] ? nfsd_unlink+0x380/0x380
+[ 161.154256] ? override_creds+0x45/0x60
+[ 161.155006] nfsd4_encode_readdir+0x21a/0x3d0
+[ 161.155850] ? nfsd4_encode_readlink+0x210/0x210
+[ 161.156731] ? write_bytes_to_xdr_buf+0x97/0xe0
+[ 161.157598] ? __write_bytes_to_xdr_buf+0xd0/0xd0
+[ 161.158494] ? lock_downgrade+0x90/0x90
+[ 161.159232] ? nfs4svc_decode_voidarg+0x10/0x10
+[ 161.160092] nfsd4_encode_operation+0x15a/0x440
+[ 161.160959] nfsd4_proc_compound+0x718/0xe90
+[ 161.161818] nfsd_dispatch+0x18e/0x2c0
+[ 161.162586] svc_process_common+0x786/0xc50
+[ 161.163403] ? nfsd_svc+0x380/0x380
+[ 161.164137] ? svc_printk+0x160/0x160
+[ 161.164846] ? svc_xprt_do_enqueue.part.0+0x365/0x380
+[ 161.165808] ? nfsd_svc+0x380/0x380
+[ 161.166523] ? rcu_is_watching+0x23/0x40
+[ 161.167309] svc_process+0x1a5/0x200
+[ 161.168019] nfsd+0x1f5/0x380
+[ 161.168663] ? nfsd_shutdown_threads+0x260/0x260
+[ 161.169554] kthread+0x1c4/0x210
+[ 161.170224] ? kthread_insert_work_sanity_check+0x80/0x80
+[ 161.171246] ret_from_fork+0x1f/0x30
+
+Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfsd/vfs.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/nfsd/vfs.c
++++ b/fs/nfsd/vfs.c
+@@ -100,6 +100,7 @@ nfserrno (int errno)
+ { nfserr_io, -EUCLEAN },
+ { nfserr_perm, -ENOKEY },
+ { nfserr_no_grace, -ENOGRACE},
++ { nfserr_io, -EBADMSG },
+ };
+ int i;
+
--- /dev/null
+From 5c178472af247c7b50f962495bb7462ba453b9fb Mon Sep 17 00:00:00 2001
+From: Jisheng Zhang <jszhang@kernel.org>
+Date: Sat, 6 Jul 2024 01:02:10 +0800
+Subject: riscv: define ILLEGAL_POINTER_VALUE for 64bit
+
+From: Jisheng Zhang <jszhang@kernel.org>
+
+commit 5c178472af247c7b50f962495bb7462ba453b9fb upstream.
+
+This is used in poison.h for poison pointer offset. Based on current
+SV39, SV48 and SV57 vm layout, 0xdead000000000000 is a proper value
+that is not mappable, this can avoid potentially turning an oops to
+an expolit.
+
+Signed-off-by: Jisheng Zhang <jszhang@kernel.org>
+Fixes: fbe934d69eb7 ("RISC-V: Build Infrastructure")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20240705170210.3236-1-jszhang@kernel.org
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/riscv/Kconfig | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/arch/riscv/Kconfig
++++ b/arch/riscv/Kconfig
+@@ -193,6 +193,11 @@ config GENERIC_HWEIGHT
+ config FIX_EARLYCON_MEM
+ def_bool MMU
+
++config ILLEGAL_POINTER_VALUE
++ hex
++ default 0 if 32BIT
++ default 0xdead000000000000 if 64BIT
++
+ config PGTABLE_LEVELS
+ int
+ default 3 if 64BIT
ocfs2-remove-unreasonable-unlock-in-ocfs2_read_blocks.patch
ocfs2-fix-null-ptr-deref-when-journal-load-failed.patch
ocfs2-fix-possible-null-ptr-deref-in-ocfs2_set_buffer_uptodate.patch
+riscv-define-illegal_pointer_value-for-64bit.patch
+exfat-fix-memory-leak-in-exfat_load_bitmap.patch
+nfsd-fix-delegation_blocked-to-block-correctly-for-at-least-30-seconds.patch
+nfsd-map-the-ebadmsg-to-nfserr_io-to-avoid-warning.patch
+nfsd-fix-nfsv4-s-putpubfh-operation.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
