+++ /dev/null
-From b712a5f9de40f05543043efe4c34eb17f4e23e35 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 6 Dec 2019 16:07:32 -0500
-Subject: nfsd4: avoid NULL deference on strange COPY compounds
-
-From: J. Bruce Fields <bfields@redhat.com>
-
-[ Upstream commit d781e3df710745fbbaee4eb07fd5b64331a1b175 ]
-
-With cross-server COPY we've introduced the possibility that the current
-or saved filehandle might not have fh_dentry/fh_export filled in, but we
-missed a place that assumed it was. I think this could be triggered by
-a compound like:
-
- PUTFH(foreign filehandle)
- GETATTR
- SAVEFH
- COPY
-
-First, check_if_stalefh_allowed sets no_verify on the first (PUTFH) op.
-Then op_func = nfsd4_putfh runs and leaves current_fh->fh_export NULL.
-need_wrongsec_check returns true, since this PUTFH has OP_IS_PUTFH_LIKE
-set and GETATTR does not have OP_HANDLES_WRONGSEC set.
-
-We should probably also consider tightening the checks in
-check_if_stalefh_allowed and double-checking that we don't assume the
-filehandle is verified elsewhere in the compound. But I think this
-fixes the immediate issue.
-
-Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
-Fixes: 4e48f1cccab3 "NFSD: allow inter server COPY to have... "
-Signed-off-by: J. Bruce Fields <bfields@redhat.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/nfsd/nfs4proc.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
-index ee765abad2efb..be42ea2603683 100644
---- a/fs/nfsd/nfs4proc.c
-+++ b/fs/nfsd/nfs4proc.c
-@@ -1798,7 +1798,8 @@ nfsd4_proc_compound(struct svc_rqst *rqstp)
- if (op->opdesc->op_flags & OP_CLEAR_STATEID)
- clear_current_stateid(cstate);
-
-- if (need_wrongsec_check(rqstp))
-+ if (current_fh->fh_export &&
-+ need_wrongsec_check(rqstp))
- op->status = check_nfsd_access(current_fh->fh_export, rqstp);
- }
- encode_op:
---
-2.20.1
-
revert-kvm-vmx-add-non-canonical-check-on-writes-to-.patch
kvm-nvmx-use-correct-root-level-for-nested-ept-shado.patch
drm-gma500-fixup-fbdev-stolen-size-usage-evaluation.patch
-nfsd4-avoid-null-deference-on-strange-copy-compounds.patch
cpu-hotplug-stop_machine-fix-stop_machine-vs-hotplug.patch
brcmfmac-fix-use-after-free-in-brcmf_sdio_readframes.patch
leds-pca963x-fix-open-drain-initialization.patch
+++ /dev/null
-From 6681e19ad413b85811213e66a1a2e60f231bcda4 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 6 Dec 2019 16:07:32 -0500
-Subject: nfsd4: avoid NULL deference on strange COPY compounds
-
-From: J. Bruce Fields <bfields@redhat.com>
-
-[ Upstream commit d781e3df710745fbbaee4eb07fd5b64331a1b175 ]
-
-With cross-server COPY we've introduced the possibility that the current
-or saved filehandle might not have fh_dentry/fh_export filled in, but we
-missed a place that assumed it was. I think this could be triggered by
-a compound like:
-
- PUTFH(foreign filehandle)
- GETATTR
- SAVEFH
- COPY
-
-First, check_if_stalefh_allowed sets no_verify on the first (PUTFH) op.
-Then op_func = nfsd4_putfh runs and leaves current_fh->fh_export NULL.
-need_wrongsec_check returns true, since this PUTFH has OP_IS_PUTFH_LIKE
-set and GETATTR does not have OP_HANDLES_WRONGSEC set.
-
-We should probably also consider tightening the checks in
-check_if_stalefh_allowed and double-checking that we don't assume the
-filehandle is verified elsewhere in the compound. But I think this
-fixes the immediate issue.
-
-Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
-Fixes: 4e48f1cccab3 "NFSD: allow inter server COPY to have... "
-Signed-off-by: J. Bruce Fields <bfields@redhat.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/nfsd/nfs4proc.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
-index f35aa9f88b5ec..895123518fd42 100644
---- a/fs/nfsd/nfs4proc.c
-+++ b/fs/nfsd/nfs4proc.c
-@@ -1789,7 +1789,8 @@ nfsd4_proc_compound(struct svc_rqst *rqstp)
- if (op->opdesc->op_flags & OP_CLEAR_STATEID)
- clear_current_stateid(cstate);
-
-- if (need_wrongsec_check(rqstp))
-+ if (current_fh->fh_export &&
-+ need_wrongsec_check(rqstp))
- op->status = check_nfsd_access(current_fh->fh_export, rqstp);
- }
- encode_op:
---
-2.20.1
-
revert-kvm-vmx-add-non-canonical-check-on-writes-to-.patch
kvm-nvmx-use-correct-root-level-for-nested-ept-shado.patch
drm-gma500-fixup-fbdev-stolen-size-usage-evaluation.patch
-nfsd4-avoid-null-deference-on-strange-copy-compounds.patch
cpu-hotplug-stop_machine-fix-stop_machine-vs-hotplug.patch
brcmfmac-fix-use-after-free-in-brcmf_sdio_readframes.patch
leds-pca963x-fix-open-drain-initialization.patch
+++ /dev/null
-From 1afcc98c1b35802dcf7854cf2b29e19c30416c86 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 6 Dec 2019 16:07:32 -0500
-Subject: nfsd4: avoid NULL deference on strange COPY compounds
-
-From: J. Bruce Fields <bfields@redhat.com>
-
-[ Upstream commit d781e3df710745fbbaee4eb07fd5b64331a1b175 ]
-
-With cross-server COPY we've introduced the possibility that the current
-or saved filehandle might not have fh_dentry/fh_export filled in, but we
-missed a place that assumed it was. I think this could be triggered by
-a compound like:
-
- PUTFH(foreign filehandle)
- GETATTR
- SAVEFH
- COPY
-
-First, check_if_stalefh_allowed sets no_verify on the first (PUTFH) op.
-Then op_func = nfsd4_putfh runs and leaves current_fh->fh_export NULL.
-need_wrongsec_check returns true, since this PUTFH has OP_IS_PUTFH_LIKE
-set and GETATTR does not have OP_HANDLES_WRONGSEC set.
-
-We should probably also consider tightening the checks in
-check_if_stalefh_allowed and double-checking that we don't assume the
-filehandle is verified elsewhere in the compound. But I think this
-fixes the immediate issue.
-
-Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
-Fixes: 4e48f1cccab3 "NFSD: allow inter server COPY to have... "
-Signed-off-by: J. Bruce Fields <bfields@redhat.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/nfsd/nfs4proc.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
-index c67064d94096b..0cb956d792f21 100644
---- a/fs/nfsd/nfs4proc.c
-+++ b/fs/nfsd/nfs4proc.c
-@@ -1704,7 +1704,8 @@ nfsd4_proc_compound(struct svc_rqst *rqstp,
- if (opdesc->op_flags & OP_CLEAR_STATEID)
- clear_current_stateid(cstate);
-
-- if (need_wrongsec_check(rqstp))
-+ if (current_fh->fh_export &&
-+ need_wrongsec_check(rqstp))
- op->status = check_nfsd_access(current_fh->fh_export, rqstp);
- }
- encode_op:
---
-2.20.1
-
scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch
revert-kvm-vmx-add-non-canonical-check-on-writes-to-.patch
drm-gma500-fixup-fbdev-stolen-size-usage-evaluation.patch
-nfsd4-avoid-null-deference-on-strange-copy-compounds.patch
brcmfmac-fix-use-after-free-in-brcmf_sdio_readframes.patch
gianfar-fix-tx-timestamping-with-a-stacked-dsa-drive.patch
pinctrl-sh-pfc-sh7264-fix-can-function-gpios.patch
+++ /dev/null
-From e0d4740dac290b43dd78e4d4d11d01092291209a Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 6 Dec 2019 16:07:32 -0500
-Subject: nfsd4: avoid NULL deference on strange COPY compounds
-
-From: J. Bruce Fields <bfields@redhat.com>
-
-[ Upstream commit d781e3df710745fbbaee4eb07fd5b64331a1b175 ]
-
-With cross-server COPY we've introduced the possibility that the current
-or saved filehandle might not have fh_dentry/fh_export filled in, but we
-missed a place that assumed it was. I think this could be triggered by
-a compound like:
-
- PUTFH(foreign filehandle)
- GETATTR
- SAVEFH
- COPY
-
-First, check_if_stalefh_allowed sets no_verify on the first (PUTFH) op.
-Then op_func = nfsd4_putfh runs and leaves current_fh->fh_export NULL.
-need_wrongsec_check returns true, since this PUTFH has OP_IS_PUTFH_LIKE
-set and GETATTR does not have OP_HANDLES_WRONGSEC set.
-
-We should probably also consider tightening the checks in
-check_if_stalefh_allowed and double-checking that we don't assume the
-filehandle is verified elsewhere in the compound. But I think this
-fixes the immediate issue.
-
-Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
-Fixes: 4e48f1cccab3 "NFSD: allow inter server COPY to have... "
-Signed-off-by: J. Bruce Fields <bfields@redhat.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/nfsd/nfs4proc.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
-index 66985a6a7047b..33537bbb70b36 100644
---- a/fs/nfsd/nfs4proc.c
-+++ b/fs/nfsd/nfs4proc.c
-@@ -1800,7 +1800,8 @@ nfsd4_proc_compound(struct svc_rqst *rqstp,
- if (opdesc->op_flags & OP_CLEAR_STATEID)
- clear_current_stateid(cstate);
-
-- if (need_wrongsec_check(rqstp))
-+ if (current_fh->fh_export &&
-+ need_wrongsec_check(rqstp))
- op->status = check_nfsd_access(current_fh->fh_export, rqstp);
- }
- encode_op:
---
-2.20.1
-
scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch
revert-kvm-vmx-add-non-canonical-check-on-writes-to-.patch
drm-gma500-fixup-fbdev-stolen-size-usage-evaluation.patch
-nfsd4-avoid-null-deference-on-strange-copy-compounds.patch
cpu-hotplug-stop_machine-fix-stop_machine-vs-hotplug.patch
brcmfmac-fix-use-after-free-in-brcmf_sdio_readframes.patch
gianfar-fix-tx-timestamping-with-a-stacked-dsa-drive.patch
+++ /dev/null
-From 38711c854041bcd9ee879750c702d3ba598339ab Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 6 Dec 2019 16:07:32 -0500
-Subject: nfsd4: avoid NULL deference on strange COPY compounds
-
-From: J. Bruce Fields <bfields@redhat.com>
-
-[ Upstream commit d781e3df710745fbbaee4eb07fd5b64331a1b175 ]
-
-With cross-server COPY we've introduced the possibility that the current
-or saved filehandle might not have fh_dentry/fh_export filled in, but we
-missed a place that assumed it was. I think this could be triggered by
-a compound like:
-
- PUTFH(foreign filehandle)
- GETATTR
- SAVEFH
- COPY
-
-First, check_if_stalefh_allowed sets no_verify on the first (PUTFH) op.
-Then op_func = nfsd4_putfh runs and leaves current_fh->fh_export NULL.
-need_wrongsec_check returns true, since this PUTFH has OP_IS_PUTFH_LIKE
-set and GETATTR does not have OP_HANDLES_WRONGSEC set.
-
-We should probably also consider tightening the checks in
-check_if_stalefh_allowed and double-checking that we don't assume the
-filehandle is verified elsewhere in the compound. But I think this
-fixes the immediate issue.
-
-Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
-Fixes: 4e48f1cccab3 "NFSD: allow inter server COPY to have... "
-Signed-off-by: J. Bruce Fields <bfields@redhat.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/nfsd/nfs4proc.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
-index 4798667af647c..4d1d0bf8e385f 100644
---- a/fs/nfsd/nfs4proc.c
-+++ b/fs/nfsd/nfs4proc.c
-@@ -2025,7 +2025,8 @@ nfsd4_proc_compound(struct svc_rqst *rqstp)
- if (op->opdesc->op_flags & OP_CLEAR_STATEID)
- clear_current_stateid(cstate);
-
-- if (need_wrongsec_check(rqstp))
-+ if (current_fh->fh_export &&
-+ need_wrongsec_check(rqstp))
- op->status = check_nfsd_access(current_fh->fh_export, rqstp);
- }
- encode_op:
---
-2.20.1
-
ath10k-fix-qmi-init-error-handling.patch
wil6210-fix-break-that-is-never-reached-because-of-z.patch
drm-qxl-complete-exception-handling-in-qxl_device_in.patch
-nfsd4-avoid-null-deference-on-strange-copy-compounds.patch
rcu-nocb-fix-dump_tree-hierarchy-print-always-active.patch
rcu-fix-missed-wakeup-of-exp_wq-waiters.patch
rcu-fix-data-race-due-to-atomic_t-copy-by-value.patch
+++ /dev/null
-From 37e01a00c2c8333af15909df4975045cc24ec2e0 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 6 Dec 2019 16:07:32 -0500
-Subject: nfsd4: avoid NULL deference on strange COPY compounds
-
-From: J. Bruce Fields <bfields@redhat.com>
-
-[ Upstream commit d781e3df710745fbbaee4eb07fd5b64331a1b175 ]
-
-With cross-server COPY we've introduced the possibility that the current
-or saved filehandle might not have fh_dentry/fh_export filled in, but we
-missed a place that assumed it was. I think this could be triggered by
-a compound like:
-
- PUTFH(foreign filehandle)
- GETATTR
- SAVEFH
- COPY
-
-First, check_if_stalefh_allowed sets no_verify on the first (PUTFH) op.
-Then op_func = nfsd4_putfh runs and leaves current_fh->fh_export NULL.
-need_wrongsec_check returns true, since this PUTFH has OP_IS_PUTFH_LIKE
-set and GETATTR does not have OP_HANDLES_WRONGSEC set.
-
-We should probably also consider tightening the checks in
-check_if_stalefh_allowed and double-checking that we don't assume the
-filehandle is verified elsewhere in the compound. But I think this
-fixes the immediate issue.
-
-Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
-Fixes: 4e48f1cccab3 "NFSD: allow inter server COPY to have... "
-Signed-off-by: J. Bruce Fields <bfields@redhat.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/nfsd/nfs4proc.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
-index 4798667af647c..4d1d0bf8e385f 100644
---- a/fs/nfsd/nfs4proc.c
-+++ b/fs/nfsd/nfs4proc.c
-@@ -2025,7 +2025,8 @@ nfsd4_proc_compound(struct svc_rqst *rqstp)
- if (op->opdesc->op_flags & OP_CLEAR_STATEID)
- clear_current_stateid(cstate);
-
-- if (need_wrongsec_check(rqstp))
-+ if (current_fh->fh_export &&
-+ need_wrongsec_check(rqstp))
- op->status = check_nfsd_access(current_fh->fh_export, rqstp);
- }
- encode_op:
---
-2.20.1
-
wil6210-fix-break-that-is-never-reached-because-of-z.patch
drm-virtio-fix-byteorder-handling-in-virtio_gpu_cmd_.patch
drm-qxl-complete-exception-handling-in-qxl_device_in.patch
-nfsd4-avoid-null-deference-on-strange-copy-compounds.patch
rcu-nocb-fix-dump_tree-hierarchy-print-always-active.patch
rcu-fix-missed-wakeup-of-exp_wq-waiters.patch
rcu-fix-data-race-due-to-atomic_t-copy-by-value.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
