]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
5.10-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 7 Oct 2024 15:42:22 +0000 (17:42 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 7 Oct 2024 15:42:22 +0000 (17:42 +0200)
added patches:
exfat-fix-memory-leak-in-exfat_load_bitmap.patch
nfsd-fix-delegation_blocked-to-block-correctly-for-at-least-30-seconds.patch
nfsd-fix-nfsv4-s-putpubfh-operation.patch
nfsd-map-the-ebadmsg-to-nfserr_io-to-avoid-warning.patch
riscv-define-illegal_pointer_value-for-64bit.patch

queue-5.10/exfat-fix-memory-leak-in-exfat_load_bitmap.patch [new file with mode: 0644]
queue-5.10/nfsd-fix-delegation_blocked-to-block-correctly-for-at-least-30-seconds.patch [new file with mode: 0644]
queue-5.10/nfsd-fix-nfsv4-s-putpubfh-operation.patch [new file with mode: 0644]
queue-5.10/nfsd-map-the-ebadmsg-to-nfserr_io-to-avoid-warning.patch [new file with mode: 0644]
queue-5.10/riscv-define-illegal_pointer_value-for-64bit.patch [new file with mode: 0644]
queue-5.10/series

diff --git a/queue-5.10/exfat-fix-memory-leak-in-exfat_load_bitmap.patch b/queue-5.10/exfat-fix-memory-leak-in-exfat_load_bitmap.patch
new file mode 100644 (file)
index 0000000..a770b56
--- /dev/null
@@ -0,0 +1,49 @@
+From d2b537b3e533f28e0d97293fe9293161fe8cd137 Mon Sep 17 00:00:00 2001
+From: Yuezhang Mo <Yuezhang.Mo@sony.com>
+Date: Tue, 3 Sep 2024 15:01:09 +0800
+Subject: exfat: fix memory leak in exfat_load_bitmap()
+
+From: Yuezhang Mo <Yuezhang.Mo@sony.com>
+
+commit d2b537b3e533f28e0d97293fe9293161fe8cd137 upstream.
+
+If the first directory entry in the root directory is not a bitmap
+directory entry, 'bh' will not be released and reassigned, which
+will cause a memory leak.
+
+Fixes: 1e49a94cf707 ("exfat: add bitmap operations")
+Cc: stable@vger.kernel.org
+Signed-off-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
+Reviewed-by: Aoyama Wataru <wataru.aoyama@sony.com>
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/exfat/balloc.c |   10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/fs/exfat/balloc.c
++++ b/fs/exfat/balloc.c
+@@ -110,11 +110,8 @@ int exfat_load_bitmap(struct super_block
+                               return -EIO;
+                       type = exfat_get_entry_type(ep);
+-                      if (type == TYPE_UNUSED)
+-                              break;
+-                      if (type != TYPE_BITMAP)
+-                              continue;
+-                      if (ep->dentry.bitmap.flags == 0x0) {
++                      if (type == TYPE_BITMAP &&
++                          ep->dentry.bitmap.flags == 0x0) {
+                               int err;
+                               err = exfat_allocate_bitmap(sb, ep);
+@@ -122,6 +119,9 @@ int exfat_load_bitmap(struct super_block
+                               return err;
+                       }
+                       brelse(bh);
++
++                      if (type == TYPE_UNUSED)
++                              return -EINVAL;
+               }
+               if (exfat_get_next_cluster(sb, &clu.dir))
diff --git a/queue-5.10/nfsd-fix-delegation_blocked-to-block-correctly-for-at-least-30-seconds.patch b/queue-5.10/nfsd-fix-delegation_blocked-to-block-correctly-for-at-least-30-seconds.patch
new file mode 100644 (file)
index 0000000..bb4f78f
--- /dev/null
@@ -0,0 +1,59 @@
+From 45bb63ed20e02ae146336412889fe5450316a84f Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Mon, 9 Sep 2024 15:06:36 +1000
+Subject: nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
+
+From: NeilBrown <neilb@suse.de>
+
+commit 45bb63ed20e02ae146336412889fe5450316a84f upstream.
+
+The pair of bloom filtered used by delegation_blocked() was intended to
+block delegations on given filehandles for between 30 and 60 seconds.  A
+new filehandle would be recorded in the "new" bit set.  That would then
+be switch to the "old" bit set between 0 and 30 seconds later, and it
+would remain as the "old" bit set for 30 seconds.
+
+Unfortunately the code intended to clear the old bit set once it reached
+30 seconds old, preparing it to be the next new bit set, instead cleared
+the *new* bit set before switching it to be the old bit set.  This means
+that the "old" bit set is always empty and delegations are blocked
+between 0 and 30 seconds.
+
+This patch updates bd->new before clearing the set with that index,
+instead of afterwards.
+
+Reported-by: Olga Kornievskaia <okorniev@redhat.com>
+Cc: stable@vger.kernel.org
+Fixes: 6282cd565553 ("NFSD: Don't hand out delegations for 30 seconds after recalling them.")
+Signed-off-by: NeilBrown <neilb@suse.de>
+Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfsd/nfs4state.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/nfsd/nfs4state.c
++++ b/fs/nfsd/nfs4state.c
+@@ -1090,7 +1090,8 @@ static void nfs4_free_deleg(struct nfs4_
+  * When a delegation is recalled, the filehandle is stored in the "new"
+  * filter.
+  * Every 30 seconds we swap the filters and clear the "new" one,
+- * unless both are empty of course.
++ * unless both are empty of course.  This results in delegations for a
++ * given filehandle being blocked for between 30 and 60 seconds.
+  *
+  * Each filter is 256 bits.  We hash the filehandle to 32bit and use the
+  * low 3 bytes as hash-table indices.
+@@ -1119,9 +1120,9 @@ static int delegation_blocked(struct knf
+               if (ktime_get_seconds() - bd->swap_time > 30) {
+                       bd->entries -= bd->old_entries;
+                       bd->old_entries = bd->entries;
++                      bd->new = 1-bd->new;
+                       memset(bd->set[bd->new], 0,
+                              sizeof(bd->set[0]));
+-                      bd->new = 1-bd->new;
+                       bd->swap_time = ktime_get_seconds();
+               }
+               spin_unlock(&blocked_delegations_lock);
diff --git a/queue-5.10/nfsd-fix-nfsv4-s-putpubfh-operation.patch b/queue-5.10/nfsd-fix-nfsv4-s-putpubfh-operation.patch
new file mode 100644 (file)
index 0000000..01f7c95
--- /dev/null
@@ -0,0 +1,55 @@
+From 202f39039a11402dcbcd5fece8d9fa6be83f49ae Mon Sep 17 00:00:00 2001
+From: Chuck Lever <chuck.lever@oracle.com>
+Date: Sun, 11 Aug 2024 13:11:07 -0400
+Subject: NFSD: Fix NFSv4's PUTPUBFH operation
+
+From: Chuck Lever <chuck.lever@oracle.com>
+
+commit 202f39039a11402dcbcd5fece8d9fa6be83f49ae upstream.
+
+According to RFC 8881, all minor versions of NFSv4 support PUTPUBFH.
+
+Replace the XDR decoder for PUTPUBFH with a "noop" since we no
+longer want the minorversion check, and PUTPUBFH has no arguments to
+decode. (Ideally nfsd4_decode_noop should really be called
+nfsd4_decode_void).
+
+PUTPUBFH should now behave just like PUTROOTFH.
+
+Reported-by: Cedric Blancher <cedric.blancher@gmail.com>
+Fixes: e1a90ebd8b23 ("NFSD: Combine decode operations for v4 and v4.1")
+Cc: Dan Shelton <dan.f.shelton@gmail.com>
+Cc: Roland Mainz <roland.mainz@nrubsig.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfsd/nfs4xdr.c |   10 +---------
+ 1 file changed, 1 insertion(+), 9 deletions(-)
+
+--- a/fs/nfsd/nfs4xdr.c
++++ b/fs/nfsd/nfs4xdr.c
+@@ -1246,14 +1246,6 @@ nfsd4_decode_putfh(struct nfsd4_compound
+ }
+ static __be32
+-nfsd4_decode_putpubfh(struct nfsd4_compoundargs *argp, union nfsd4_op_u *p)
+-{
+-      if (argp->minorversion == 0)
+-              return nfs_ok;
+-      return nfserr_notsupp;
+-}
+-
+-static __be32
+ nfsd4_decode_read(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u)
+ {
+       struct nfsd4_read *read = &u->read;
+@@ -2345,7 +2337,7 @@ static const nfsd4_dec nfsd4_dec_ops[] =
+       [OP_OPEN_CONFIRM]       = nfsd4_decode_open_confirm,
+       [OP_OPEN_DOWNGRADE]     = nfsd4_decode_open_downgrade,
+       [OP_PUTFH]              = nfsd4_decode_putfh,
+-      [OP_PUTPUBFH]           = nfsd4_decode_putpubfh,
++      [OP_PUTPUBFH]           = nfsd4_decode_noop,
+       [OP_PUTROOTFH]          = nfsd4_decode_noop,
+       [OP_READ]               = nfsd4_decode_read,
+       [OP_READDIR]            = nfsd4_decode_readdir,
diff --git a/queue-5.10/nfsd-map-the-ebadmsg-to-nfserr_io-to-avoid-warning.patch b/queue-5.10/nfsd-map-the-ebadmsg-to-nfserr_io-to-avoid-warning.patch
new file mode 100644 (file)
index 0000000..cc6a9f1
--- /dev/null
@@ -0,0 +1,108 @@
+From 340e61e44c1d2a15c42ec72ade9195ad525fd048 Mon Sep 17 00:00:00 2001
+From: Li Lingfeng <lilingfeng3@huawei.com>
+Date: Sat, 17 Aug 2024 14:27:13 +0800
+Subject: nfsd: map the EBADMSG to nfserr_io to avoid warning
+
+From: Li Lingfeng <lilingfeng3@huawei.com>
+
+commit 340e61e44c1d2a15c42ec72ade9195ad525fd048 upstream.
+
+Ext4 will throw -EBADMSG through ext4_readdir when a checksum error
+occurs, resulting in the following WARNING.
+
+Fix it by mapping EBADMSG to nfserr_io.
+
+nfsd_buffered_readdir
+ iterate_dir // -EBADMSG -74
+  ext4_readdir // .iterate_shared
+   ext4_dx_readdir
+    ext4_htree_fill_tree
+     htree_dirblock_to_tree
+      ext4_read_dirblock
+       __ext4_read_dirblock
+        ext4_dirblock_csum_verify
+         warn_no_space_for_csum
+          __warn_no_space_for_csum
+        return ERR_PTR(-EFSBADCRC) // -EBADMSG -74
+ nfserrno // WARNING
+
+[  161.115610] ------------[ cut here ]------------
+[  161.116465] nfsd: non-standard errno: -74
+[  161.117315] WARNING: CPU: 1 PID: 780 at fs/nfsd/nfsproc.c:878 nfserrno+0x9d/0xd0
+[  161.118596] Modules linked in:
+[  161.119243] CPU: 1 PID: 780 Comm: nfsd Not tainted 5.10.0-00014-g79679361fd5d #138
+[  161.120684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qe
+mu.org 04/01/2014
+[  161.123601] RIP: 0010:nfserrno+0x9d/0xd0
+[  161.124676] Code: 0f 87 da 30 dd 00 83 e3 01 b8 00 00 00 05 75 d7 44 89 ee 48 c7 c7 c0 57 24 98 89 44 24 04 c6
+ 05 ce 2b 61 03 01 e8 99 20 d8 00 <0f> 0b 8b 44 24 04 eb b5 4c 89 e6 48 c7 c7 a0 6d a4 99 e8 cc 15 33
+[  161.127797] RSP: 0018:ffffc90000e2f9c0 EFLAGS: 00010286
+[  161.128794] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
+[  161.130089] RDX: 1ffff1103ee16f6d RSI: 0000000000000008 RDI: fffff520001c5f2a
+[  161.131379] RBP: 0000000000000022 R08: 0000000000000001 R09: ffff8881f70c1827
+[  161.132664] R10: ffffed103ee18304 R11: 0000000000000001 R12: 0000000000000021
+[  161.133949] R13: 00000000ffffffb6 R14: ffff8881317c0000 R15: ffffc90000e2fbd8
+[  161.135244] FS:  0000000000000000(0000) GS:ffff8881f7080000(0000) knlGS:0000000000000000
+[  161.136695] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[  161.137761] CR2: 00007fcaad70b348 CR3: 0000000144256006 CR4: 0000000000770ee0
+[  161.139041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[  161.140291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[  161.141519] PKRU: 55555554
+[  161.142076] Call Trace:
+[  161.142575]  ? __warn+0x9b/0x140
+[  161.143229]  ? nfserrno+0x9d/0xd0
+[  161.143872]  ? report_bug+0x125/0x150
+[  161.144595]  ? handle_bug+0x41/0x90
+[  161.145284]  ? exc_invalid_op+0x14/0x70
+[  161.146009]  ? asm_exc_invalid_op+0x12/0x20
+[  161.146816]  ? nfserrno+0x9d/0xd0
+[  161.147487]  nfsd_buffered_readdir+0x28b/0x2b0
+[  161.148333]  ? nfsd4_encode_dirent_fattr+0x380/0x380
+[  161.149258]  ? nfsd_buffered_filldir+0xf0/0xf0
+[  161.150093]  ? wait_for_concurrent_writes+0x170/0x170
+[  161.151004]  ? generic_file_llseek_size+0x48/0x160
+[  161.151895]  nfsd_readdir+0x132/0x190
+[  161.152606]  ? nfsd4_encode_dirent_fattr+0x380/0x380
+[  161.153516]  ? nfsd_unlink+0x380/0x380
+[  161.154256]  ? override_creds+0x45/0x60
+[  161.155006]  nfsd4_encode_readdir+0x21a/0x3d0
+[  161.155850]  ? nfsd4_encode_readlink+0x210/0x210
+[  161.156731]  ? write_bytes_to_xdr_buf+0x97/0xe0
+[  161.157598]  ? __write_bytes_to_xdr_buf+0xd0/0xd0
+[  161.158494]  ? lock_downgrade+0x90/0x90
+[  161.159232]  ? nfs4svc_decode_voidarg+0x10/0x10
+[  161.160092]  nfsd4_encode_operation+0x15a/0x440
+[  161.160959]  nfsd4_proc_compound+0x718/0xe90
+[  161.161818]  nfsd_dispatch+0x18e/0x2c0
+[  161.162586]  svc_process_common+0x786/0xc50
+[  161.163403]  ? nfsd_svc+0x380/0x380
+[  161.164137]  ? svc_printk+0x160/0x160
+[  161.164846]  ? svc_xprt_do_enqueue.part.0+0x365/0x380
+[  161.165808]  ? nfsd_svc+0x380/0x380
+[  161.166523]  ? rcu_is_watching+0x23/0x40
+[  161.167309]  svc_process+0x1a5/0x200
+[  161.168019]  nfsd+0x1f5/0x380
+[  161.168663]  ? nfsd_shutdown_threads+0x260/0x260
+[  161.169554]  kthread+0x1c4/0x210
+[  161.170224]  ? kthread_insert_work_sanity_check+0x80/0x80
+[  161.171246]  ret_from_fork+0x1f/0x30
+
+Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfsd/vfs.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/nfsd/vfs.c
++++ b/fs/nfsd/vfs.c
+@@ -100,6 +100,7 @@ nfserrno (int errno)
+               { nfserr_io, -EUCLEAN },
+               { nfserr_perm, -ENOKEY },
+               { nfserr_no_grace, -ENOGRACE},
++              { nfserr_io, -EBADMSG },
+       };
+       int     i;
diff --git a/queue-5.10/riscv-define-illegal_pointer_value-for-64bit.patch b/queue-5.10/riscv-define-illegal_pointer_value-for-64bit.patch
new file mode 100644 (file)
index 0000000..e221199
--- /dev/null
@@ -0,0 +1,38 @@
+From 5c178472af247c7b50f962495bb7462ba453b9fb Mon Sep 17 00:00:00 2001
+From: Jisheng Zhang <jszhang@kernel.org>
+Date: Sat, 6 Jul 2024 01:02:10 +0800
+Subject: riscv: define ILLEGAL_POINTER_VALUE for 64bit
+
+From: Jisheng Zhang <jszhang@kernel.org>
+
+commit 5c178472af247c7b50f962495bb7462ba453b9fb upstream.
+
+This is used in poison.h for poison pointer offset. Based on current
+SV39, SV48 and SV57 vm layout, 0xdead000000000000 is a proper value
+that is not mappable, this can avoid potentially turning an oops to
+an expolit.
+
+Signed-off-by: Jisheng Zhang <jszhang@kernel.org>
+Fixes: fbe934d69eb7 ("RISC-V: Build Infrastructure")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20240705170210.3236-1-jszhang@kernel.org
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/riscv/Kconfig |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/arch/riscv/Kconfig
++++ b/arch/riscv/Kconfig
+@@ -193,6 +193,11 @@ config GENERIC_HWEIGHT
+ config FIX_EARLYCON_MEM
+       def_bool MMU
++config ILLEGAL_POINTER_VALUE
++      hex
++      default 0 if 32BIT
++      default 0xdead000000000000 if 64BIT
++
+ config PGTABLE_LEVELS
+       int
+       default 3 if 64BIT
index a9191b0e3b514939c90580606024f2730189f6ad..c471b64df639bfb01b0bfa7a5ba695652d59c54f 100644 (file)
@@ -401,3 +401,8 @@ ocfs2-cancel-dqi_sync_work-before-freeing-oinfo.patch
 ocfs2-remove-unreasonable-unlock-in-ocfs2_read_blocks.patch
 ocfs2-fix-null-ptr-deref-when-journal-load-failed.patch
 ocfs2-fix-possible-null-ptr-deref-in-ocfs2_set_buffer_uptodate.patch
+riscv-define-illegal_pointer_value-for-64bit.patch
+exfat-fix-memory-leak-in-exfat_load_bitmap.patch
+nfsd-fix-delegation_blocked-to-block-correctly-for-at-least-30-seconds.patch
+nfsd-map-the-ebadmsg-to-nfserr_io-to-avoid-warning.patch
+nfsd-fix-nfsv4-s-putpubfh-operation.patch