--- /dev/null
+From ecebf55d27a11538ea84aee0be643dd953f830d5 Mon Sep 17 00:00:00 2001
+From: Pan Bian <bianpan2016@163.com>
+Date: Sun, 25 Nov 2018 08:58:02 +0800
+Subject: ext2: fix potential use after free
+
+From: Pan Bian <bianpan2016@163.com>
+
+commit ecebf55d27a11538ea84aee0be643dd953f830d5 upstream.
+
+The function ext2_xattr_set calls brelse(bh) to drop the reference count
+of bh. After that, bh may be freed. However, following brelse(bh),
+it reads bh->b_data via macro HDR(bh). This may result in a
+use-after-free bug. This patch moves brelse(bh) after reading field.
+
+CC: stable@vger.kernel.org
+Signed-off-by: Pan Bian <bianpan2016@163.com>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext2/xattr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/ext2/xattr.c
++++ b/fs/ext2/xattr.c
+@@ -605,9 +605,9 @@ skip_replace:
+ }
+
+ cleanup:
+- brelse(bh);
+ if (!(bh && header == HDR(bh)))
+ kfree(header);
++ brelse(bh);
+ up_write(&EXT2_I(inode)->xattr_sem);
+
+ return error;
--- /dev/null
+From 8114865ff82e200b383e46821c25cb0625b842b5 Mon Sep 17 00:00:00 2001
+From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
+Date: Sun, 18 Nov 2018 17:10:15 -0500
+Subject: function_graph: Create function_graph_enter() to consolidate architecture code
+
+From: Steven Rostedt (VMware) <rostedt@goodmis.org>
+
+commit 8114865ff82e200b383e46821c25cb0625b842b5 upstream.
+
+Currently all the architectures do basically the same thing in preparing the
+function graph tracer on entry to a function. This code can be pulled into a
+generic location and then this will allow the function graph tracer to be
+fixed, as well as extended.
+
+Create a new function graph helper function_graph_enter() that will call the
+hook function (ftrace_graph_entry) and the shadow stack operation
+(ftrace_push_return_trace), and remove the need of the architecture code to
+manage the shadow stack.
+
+This is needed to prepare for a fix of a design bug on how the curr_ret_stack
+is used.
+
+Cc: stable@kernel.org
+Fixes: 03274a3ffb449 ("tracing/fgraph: Adjust fgraph depth before calling trace return callback")
+Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/ftrace.h | 4 ++++
+ kernel/trace/trace_functions_graph.c | 16 ++++++++++++++++
+ 2 files changed, 20 insertions(+)
+
+--- a/include/linux/ftrace.h
++++ b/include/linux/ftrace.h
+@@ -773,6 +773,10 @@ extern int
+ ftrace_push_return_trace(unsigned long ret, unsigned long func, int *depth,
+ unsigned long frame_pointer);
+
++extern int
++function_graph_enter(unsigned long ret, unsigned long func,
++ unsigned long frame_pointer, unsigned long *retp);
++
+ /*
+ * Sometimes we don't want to trace a function with the function
+ * graph tracer but we want them to keep traced by the usual function
+--- a/kernel/trace/trace_functions_graph.c
++++ b/kernel/trace/trace_functions_graph.c
+@@ -176,6 +176,22 @@ ftrace_push_return_trace(unsigned long r
+ return 0;
+ }
+
++int function_graph_enter(unsigned long ret, unsigned long func,
++ unsigned long frame_pointer, unsigned long *retp)
++{
++ struct ftrace_graph_ent trace;
++
++ trace.func = func;
++ trace.depth = current->curr_ret_stack + 1;
++
++ /* Only trace if the calling function expects to */
++ if (!ftrace_graph_entry(&trace))
++ return -EBUSY;
++
++ return ftrace_push_return_trace(ret, func, &trace.depth,
++ frame_pointer, retp);
++}
++
+ /* Retrieve a function return address to the trace stack on thread info.*/
+ static void
+ ftrace_pop_return_trace(struct ftrace_graph_ret *trace, unsigned long *ret,
--- /dev/null
+From d125f3f866df88da5a85df00291f88f0baa89f7c Mon Sep 17 00:00:00 2001
+From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
+Date: Mon, 19 Nov 2018 07:40:39 -0500
+Subject: function_graph: Make ftrace_push_return_trace() static
+
+From: Steven Rostedt (VMware) <rostedt@goodmis.org>
+
+commit d125f3f866df88da5a85df00291f88f0baa89f7c upstream.
+
+As all architectures now call function_graph_enter() to do the entry work,
+no architecture should ever call ftrace_push_return_trace(). Make it static.
+
+This is needed to prepare for a fix of a design bug on how the curr_ret_stack
+is used.
+
+Cc: stable@kernel.org
+Fixes: 03274a3ffb449 ("tracing/fgraph: Adjust fgraph depth before calling trace return callback")
+Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/ftrace.h | 4 ----
+ kernel/trace/trace_functions_graph.c | 2 +-
+ 2 files changed, 1 insertion(+), 5 deletions(-)
+
+--- a/include/linux/ftrace.h
++++ b/include/linux/ftrace.h
+@@ -770,10 +770,6 @@ struct ftrace_ret_stack {
+ extern void return_to_handler(void);
+
+ extern int
+-ftrace_push_return_trace(unsigned long ret, unsigned long func, int *depth,
+- unsigned long frame_pointer);
+-
+-extern int
+ function_graph_enter(unsigned long ret, unsigned long func,
+ unsigned long frame_pointer, unsigned long *retp);
+
+--- a/kernel/trace/trace_functions_graph.c
++++ b/kernel/trace/trace_functions_graph.c
+@@ -116,7 +116,7 @@ print_graph_duration(struct trace_array
+ struct trace_seq *s, u32 flags);
+
+ /* Add a function return address to the trace stack on thread info.*/
+-int
++static int
+ ftrace_push_return_trace(unsigned long ret, unsigned long func, int *depth,
+ unsigned long frame_pointer)
+ {
alsa-ac97-fix-incorrect-bit-shift-at-ac97-spsa-control-write.patch
alsa-control-fix-race-between-adding-and-removing-a-user-element.patch
alsa-sparc-fix-invalid-snd_free_pages-at-error-path.patch
+function_graph-create-function_graph_enter-to-consolidate-architecture-code.patch
+function_graph-make-ftrace_push_return_trace-static.patch
+ext2-fix-potential-use-after-free.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
