3.18-stable patches

added patches:
	cifs-release-auth_key.response-for-reconnect.patch
	cifs-release-cifs-root_cred-after-exit_cifs.patch

diff --git a/queue-3.18/cifs-release-auth_key.response-for-reconnect.patch b/queue-3.18/cifs-release-auth_key.response-for-reconnect.patch
new file mode 100644 (file)
index 0000000..8b4db59
--- /dev/null
+++ b/queue-3.18/cifs-release-auth_key.response-for-reconnect.patch
@@ -0,0 +1,58 @@
+From f5c4ba816315d3b813af16f5571f86c8d4e897bd Mon Sep 17 00:00:00 2001
+From: Shu Wang <shuwang@redhat.com>
+Date: Fri, 8 Sep 2017 18:48:33 +0800
+Subject: cifs: release auth_key.response for reconnect.
+
+From: Shu Wang <shuwang@redhat.com>
+
+commit f5c4ba816315d3b813af16f5571f86c8d4e897bd upstream.
+
+There is a race that cause cifs reconnect in cifs_mount,
+- cifs_mount
+  - cifs_get_tcp_session
+    - [ start thread cifs_demultiplex_thread
+      - cifs_read_from_socket: -ECONNABORTED
+        - DELAY_WORK smb2_reconnect_server ]
+  - cifs_setup_session
+  - [ smb2_reconnect_server ]
+
+auth_key.response was allocated in cifs_setup_session, and
+will release when the session destoried. So when session re-
+connect, auth_key.response should be check and released.
+
+Tested with my system:
+CIFS VFS: Free previous auth_key.response = ffff8800320bbf80
+
+A simple auth_key.response allocation call trace:
+- cifs_setup_session
+- SMB2_sess_setup
+- SMB2_sess_auth_rawntlmssp_authenticate
+- build_ntlmssp_auth_blob
+- setup_ntlmv2_rsp
+
+Signed-off-by: Shu Wang <shuwang@redhat.com>
+Signed-off-by: Steve French <smfrench@gmail.com>
+Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/connect.c |    8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/fs/cifs/connect.c
++++ b/fs/cifs/connect.c
+@@ -3958,6 +3958,14 @@ cifs_setup_session(const unsigned int xi
+       cifs_dbg(FYI, "Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d\n",
+                server->sec_mode, server->capabilities, server->timeAdj);
+ 
++      if (ses->auth_key.response) {
++              cifs_dbg(VFS, "Free previous auth_key.response = %p\n",
++                       ses->auth_key.response);
++              kfree(ses->auth_key.response);
++              ses->auth_key.response = NULL;
++              ses->auth_key.len = 0;
++      }
++
+       if (server->ops->sess_setup)
+               rc = server->ops->sess_setup(xid, ses, nls_info);
+ 

diff --git a/queue-3.18/cifs-release-cifs-root_cred-after-exit_cifs.patch b/queue-3.18/cifs-release-cifs-root_cred-after-exit_cifs.patch
new file mode 100644 (file)
index 0000000..ee23fe3
--- /dev/null
+++ b/queue-3.18/cifs-release-cifs-root_cred-after-exit_cifs.patch
@@ -0,0 +1,47 @@
+From 94183331e815617246b1baa97e0916f358c794bb Mon Sep 17 00:00:00 2001
+From: Shu Wang <shuwang@redhat.com>
+Date: Thu, 7 Sep 2017 16:03:27 +0800
+Subject: cifs: release cifs root_cred after exit_cifs
+
+From: Shu Wang <shuwang@redhat.com>
+
+commit 94183331e815617246b1baa97e0916f358c794bb upstream.
+
+memory leak was found by kmemleak. exit_cifs_spnego
+should be called before cifs module removed, or
+cifs root_cred will not be released.
+
+kmemleak report:
+unreferenced object 0xffff880070a3ce40 (size 192):
+  backtrace:
+     kmemleak_alloc+0x4a/0xa0
+     kmem_cache_alloc+0xc7/0x1d0
+     prepare_kernel_cred+0x20/0x120
+     init_cifs_spnego+0x2d/0x170 [cifs]
+     0xffffffffc07801f3
+     do_one_initcall+0x51/0x1b0
+     do_init_module+0x60/0x1fd
+     load_module+0x161e/0x1b60
+     SYSC_finit_module+0xa9/0x100
+     SyS_finit_module+0xe/0x10
+
+Signed-off-by: Shu Wang <shuwang@redhat.com>
+Signed-off-by: Steve French <smfrench@gmail.com>
+Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/cifsfs.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/cifs/cifsfs.c
++++ b/fs/cifs/cifsfs.c
+@@ -1311,7 +1311,7 @@ exit_cifs(void)
+       exit_cifs_idmap();
+ #endif
+ #ifdef CONFIG_CIFS_UPCALL
+-      unregister_key_type(&cifs_spnego_key_type);
++      exit_cifs_spnego();
+ #endif
+       cifs_destroy_request_bufs();
+       cifs_destroy_mids();

diff --git a/queue-3.18/series b/queue-3.18/series
new file mode 100644 (file)
index 0000000..718257a
--- /dev/null
+++ b/queue-3.18/series
@@ -0,0 +1,2 @@
+cifs-release-cifs-root_cred-after-exit_cifs.patch
+cifs-release-auth_key.response-for-reconnect.patch

diff --git a/queue-4.13/series b/queue-4.13/series
new file mode 100644 (file)
index 0000000..ae6a188
--- /dev/null
+++ b/queue-4.13/series
@@ -0,0 +1,12 @@
+cifs-check-rsp-for-null-before-dereferencing-in-smb2_open.patch
+cifs-release-cifs-root_cred-after-exit_cifs.patch
+cifs-release-auth_key.response-for-reconnect.patch
+nvme-pci-fix-host-memory-buffer-allocation-fallback.patch
+nvme-pci-use-appropriate-initial-chunk-size-for-hmb-allocation.patch
+nvme-pci-propagate-some-errors-from-host-memory-buffer-setup.patch
+dax-remove-the-pmem_dax_ops-flush-abstraction.patch
+dm-integrity-do-not-check-integrity-for-failed-read-operations.patch
+mmc-block-fix-incorrectly-initialized-requests.patch
+fs-proc-report-eip-esp-in-prod-pid-stat-for-coredumping.patch
+scsi-scsi_transport_fc-fix-null-pointer-dereference-in-fc_bsg_job_timeout.patch
+smb3-add-support-for-multidialect-negotiate-smb2.1-and-later.patch

diff --git a/queue-4.4/series b/queue-4.4/series
new file mode 100644 (file)
index 0000000..718257a
--- /dev/null
+++ b/queue-4.4/series
@@ -0,0 +1,2 @@
+cifs-release-cifs-root_cred-after-exit_cifs.patch
+cifs-release-auth_key.response-for-reconnect.patch

diff --git a/queue-4.9/series b/queue-4.9/series
new file mode 100644 (file)
index 0000000..6772ac3
--- /dev/null
+++ b/queue-4.9/series
@@ -0,0 +1,3 @@
+cifs-release-cifs-root_cred-after-exit_cifs.patch
+cifs-release-auth_key.response-for-reconnect.patch
+fs-proc-report-eip-esp-in-prod-pid-stat-for-coredumping.patch