--- /dev/null
+From 4be34f3d0731b38a1b24566b37fbb39500aaf3a2 Mon Sep 17 00:00:00 2001
+From: Stanislav Fomichev <sdf@google.com>
+Date: Tue, 12 Jan 2021 08:28:29 -0800
+Subject: bpf: Don't leak memory in bpf getsockopt when optlen == 0
+
+From: Stanislav Fomichev <sdf@google.com>
+
+commit 4be34f3d0731b38a1b24566b37fbb39500aaf3a2 upstream.
+
+optlen == 0 indicates that the kernel should ignore BPF buffer
+and use the original one from the user. We, however, forget
+to free the temporary buffer that we've allocated for BPF.
+
+Fixes: d8fe449a9c51 ("bpf: Don't return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE")
+Reported-by: Martin KaFai Lau <kafai@fb.com>
+Signed-off-by: Stanislav Fomichev <sdf@google.com>
+Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
+Acked-by: Martin KaFai Lau <kafai@fb.com>
+Link: https://lore.kernel.org/bpf/20210112162829.775079-1-sdf@google.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/bpf/cgroup.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/kernel/bpf/cgroup.c
++++ b/kernel/bpf/cgroup.c
+@@ -1057,12 +1057,13 @@ int __cgroup_bpf_run_filter_setsockopt(s
+ if (ctx.optlen != 0) {
+ *optlen = ctx.optlen;
+ *kernel_optval = ctx.optval;
++ /* export and don't free sockopt buf */
++ return 0;
+ }
+ }
+
+ out:
+- if (ret)
+- sockopt_free_buf(&ctx);
++ sockopt_free_buf(&ctx);
+ return ret;
+ }
+ EXPORT_SYMBOL(__cgroup_bpf_run_filter_setsockopt);
--- /dev/null
+From 301a33d51880619d0c5a581b5a48d3a5248fa84b Mon Sep 17 00:00:00 2001
+From: Mircea Cirjaliu <mcirjaliu@bitdefender.com>
+Date: Tue, 19 Jan 2021 21:53:18 +0100
+Subject: bpf: Fix helper bpf_map_peek_elem_proto pointing to wrong callback
+
+From: Mircea Cirjaliu <mcirjaliu@bitdefender.com>
+
+commit 301a33d51880619d0c5a581b5a48d3a5248fa84b upstream.
+
+I assume this was obtained by copy/paste. Point it to bpf_map_peek_elem()
+instead of bpf_map_pop_elem(). In practice it may have been less likely
+hit when under JIT given shielded via 84430d4232c3 ("bpf, verifier: avoid
+retpoline for map push/pop/peek operation").
+
+Fixes: f1a2e44a3aec ("bpf: add queue and stack maps")
+Signed-off-by: Mircea Cirjaliu <mcirjaliu@bitdefender.com>
+Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
+Cc: Mauricio Vasquez <mauriciovasquezbernal@gmail.com>
+Link: https://lore.kernel.org/bpf/AM7PR02MB6082663DFDCCE8DA7A6DD6B1BBA30@AM7PR02MB6082.eurprd02.prod.outlook.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/bpf/helpers.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/bpf/helpers.c
++++ b/kernel/bpf/helpers.c
+@@ -105,7 +105,7 @@ BPF_CALL_2(bpf_map_peek_elem, struct bpf
+ }
+
+ const struct bpf_func_proto bpf_map_peek_elem_proto = {
+- .func = bpf_map_pop_elem,
++ .func = bpf_map_peek_elem,
+ .gpl_only = false,
+ .ret_type = RET_INTEGER,
+ .arg1_type = ARG_CONST_MAP_PTR,
--- /dev/null
+From 51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 Mon Sep 17 00:00:00 2001
+From: "J. Bruce Fields" <bfields@redhat.com>
+Date: Mon, 11 Jan 2021 16:01:29 -0500
+Subject: nfsd4: readdirplus shouldn't return parent of export
+
+From: J. Bruce Fields <bfields@redhat.com>
+
+commit 51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 upstream.
+
+If you export a subdirectory of a filesystem, a READDIRPLUS on the root
+of that export will return the filehandle of the parent with the ".."
+entry.
+
+The filehandle is optional, so let's just not return the filehandle for
+".." if we're at the root of an export.
+
+Note that once the client learns one filehandle outside of the export,
+they can trivially access the rest of the export using further lookups.
+
+However, it is also not very difficult to guess filehandles outside of
+the export. So exporting a subdirectory of a filesystem should
+considered equivalent to providing access to the entire filesystem. To
+avoid confusion, we recommend only exporting entire filesystems.
+
+Reported-by: Youjipeng <wangzhibei1999@gmail.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs3xdr.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfs3xdr.c
++++ b/fs/nfsd/nfs3xdr.c
+@@ -857,9 +857,14 @@ compose_entry_fh(struct nfsd3_readdirres
+ if (isdotent(name, namlen)) {
+ if (namlen == 2) {
+ dchild = dget_parent(dparent);
+- /* filesystem root - cannot return filehandle for ".." */
++ /*
++ * Don't return filehandle for ".." if we're at
++ * the filesystem or export root:
++ */
+ if (dchild == dparent)
+ goto out;
++ if (dparent == exp->ex_path.dentry)
++ goto out;
+ } else
+ dchild = dget(dparent);
+ } else
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-diff --git a/drivers/scsi/lpfc/lpfc_nportdisc.c b/drivers/scsi/lpfc/lpfc_nportdisc.c
-index 1c46e3adbda2..a024e5a3918f 100644
+---
+ drivers/scsi/lpfc/lpfc_nportdisc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
--- a/drivers/scsi/lpfc/lpfc_nportdisc.c
+++ b/drivers/scsi/lpfc/lpfc_nportdisc.c
-@@ -340,7 +340,7 @@ lpfc_defer_pt2pt_acc(struct lpfc_hba *phba, LPFC_MBOXQ_t *link_mbox)
+@@ -340,7 +340,7 @@ lpfc_defer_pt2pt_acc(struct lpfc_hba *ph
* This routine is only called if we are SLI4, acting in target
* mode and the remote NPort issues the PLOGI after link up.
**/
elfcore-fix-building-with-clang.patch
scsi-lpfc-make-function-lpfc_defer_pt2pt_acc-static.patch
scsi-lpfc-make-lpfc_defer_acc_rsp-static.patch
+spi-npcm-fiu-simplify-the-return-expression-of-npcm_fiu_probe.patch
+spi-npcm-fiu-disable-clock-in-probe-error-path.patch
+nfsd4-readdirplus-shouldn-t-return-parent-of-export.patch
+bpf-don-t-leak-memory-in-bpf-getsockopt-when-optlen-0.patch
+bpf-fix-helper-bpf_map_peek_elem_proto-pointing-to-wrong-callback.patch
--- /dev/null
+From foo@baz Thu Jan 21 02:23:31 PM CET 2021
+From: Lukas Wunner <lukas@wunner.de>
+Date: Mon, 7 Dec 2020 09:17:16 +0100
+Subject: spi: npcm-fiu: Disable clock in probe error path
+
+From: Lukas Wunner <lukas@wunner.de>
+
+commit 234266a5168bbe8220d263e3aa7aa80cf921c483 upstream
+
+If the call to devm_spi_register_master() fails on probe of the NPCM FIU
+SPI driver, the clock "fiu->clk" is erroneously not unprepared and
+disabled. Fix it.
+
+Fixes: ace55c411b11 ("spi: npcm-fiu: add NPCM FIU controller driver")
+Signed-off-by: Lukas Wunner <lukas@wunner.de>
+Cc: <stable@vger.kernel.org> # v5.4+
+Cc: Tomer Maimon <tmaimon77@gmail.com>
+Link: https://lore.kernel.org/r/9ae62f4e1cfe542bec57ac2743e6fca9f9548f55.1607286887.git.lukas@wunner.de
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/spi/spi-npcm-fiu.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/drivers/spi/spi-npcm-fiu.c
++++ b/drivers/spi/spi-npcm-fiu.c
+@@ -677,7 +677,7 @@ static int npcm_fiu_probe(struct platfor
+ struct npcm_fiu_spi *fiu;
+ void __iomem *regbase;
+ struct resource *res;
+- int id;
++ int id, ret;
+
+ ctrl = devm_spi_alloc_master(dev, sizeof(*fiu));
+ if (!ctrl)
+@@ -735,7 +735,11 @@ static int npcm_fiu_probe(struct platfor
+ ctrl->num_chipselect = fiu->info->max_cs;
+ ctrl->dev.of_node = dev->of_node;
+
+- return devm_spi_register_master(dev, ctrl);
++ ret = devm_spi_register_master(dev, ctrl);
++ if (ret)
++ clk_disable_unprepare(fiu->clk);
++
++ return ret;
+ }
+
+ static int npcm_fiu_remove(struct platform_device *pdev)
--- /dev/null
+From foo@baz Thu Jan 21 02:23:25 PM CET 2021
+From: Qinglang Miao <miaoqinglang@huawei.com>
+Date: Mon, 21 Sep 2020 21:11:06 +0800
+Subject: spi: npcm-fiu: simplify the return expression of npcm_fiu_probe()
+
+From: Qinglang Miao <miaoqinglang@huawei.com>
+
+commit 4c3a14fbc05a09fc369fb68a86cdbf6f441a29f2 upstream
+
+Simplify the return expression.
+
+Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com>
+Link: https://lore.kernel.org/r/20200921131106.93228-1-miaoqinglang@huawei.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/spi/spi-npcm-fiu.c | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+--- a/drivers/spi/spi-npcm-fiu.c
++++ b/drivers/spi/spi-npcm-fiu.c
+@@ -677,7 +677,6 @@ static int npcm_fiu_probe(struct platfor
+ struct npcm_fiu_spi *fiu;
+ void __iomem *regbase;
+ struct resource *res;
+- int ret;
+ int id;
+
+ ctrl = devm_spi_alloc_master(dev, sizeof(*fiu));
+@@ -736,11 +735,7 @@ static int npcm_fiu_probe(struct platfor
+ ctrl->num_chipselect = fiu->info->max_cs;
+ ctrl->dev.of_node = dev->of_node;
+
+- ret = devm_spi_register_master(dev, ctrl);
+- if (ret)
+- return ret;
+-
+- return 0;
++ return devm_spi_register_master(dev, ctrl);
+ }
+
+ static int npcm_fiu_remove(struct platform_device *pdev)
projects / thirdparty / kernel / stable-queue.git / commitdiff
