From: Greg Kroah-Hartman Date: Thu, 19 Sep 2019 19:13:04 +0000 (+0200) Subject: 5.2-stable patches X-Git-Tag: v4.4.194~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1bfb5dddb380f08bd94b95ee1d5c75b1086bf1e4;p=thirdparty%2Fkernel%2Fstable-queue.git 5.2-stable patches added patches: floppy-fix-usercopy-direction.patch ovl-fix-regression-caused-by-overlapping-layers-detection.patch revert-arm64-remove-unnecessary-isbs-from-set_-pte-pmd-pud.patch --- diff --git a/queue-5.2/floppy-fix-usercopy-direction.patch b/queue-5.2/floppy-fix-usercopy-direction.patch new file mode 100644 index 00000000000..25950daa648 --- /dev/null +++ b/queue-5.2/floppy-fix-usercopy-direction.patch @@ -0,0 +1,44 @@ +From 52f6f9d74f31078964ca1574f7bb612da7877ac8 Mon Sep 17 00:00:00 2001 +From: Jann Horn +Date: Tue, 26 Mar 2019 23:03:48 +0100 +Subject: floppy: fix usercopy direction + +From: Jann Horn + +commit 52f6f9d74f31078964ca1574f7bb612da7877ac8 upstream. + +As sparse points out, these two copy_from_user() should actually be +copy_to_user(). + +Fixes: 229b53c9bf4e ("take floppy compat ioctls to sodding floppy.c") +Cc: stable@vger.kernel.org +Acked-by: Alexander Popov +Reviewed-by: Mukesh Ojha +Signed-off-by: Jann Horn +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/block/floppy.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/block/floppy.c ++++ b/drivers/block/floppy.c +@@ -3780,7 +3780,7 @@ static int compat_getdrvprm(int drive, + v.native_format = UDP->native_format; + mutex_unlock(&floppy_mutex); + +- if (copy_from_user(arg, &v, sizeof(struct compat_floppy_drive_params))) ++ if (copy_to_user(arg, &v, sizeof(struct compat_floppy_drive_params))) + return -EFAULT; + return 0; + } +@@ -3816,7 +3816,7 @@ static int compat_getdrvstat(int drive, + v.bufblocks = UDRS->bufblocks; + mutex_unlock(&floppy_mutex); + +- if (copy_from_user(arg, &v, sizeof(struct compat_floppy_drive_struct))) ++ if (copy_to_user(arg, &v, sizeof(struct compat_floppy_drive_struct))) + return -EFAULT; + return 0; + Eintr: diff --git a/queue-5.2/ovl-fix-regression-caused-by-overlapping-layers-detection.patch b/queue-5.2/ovl-fix-regression-caused-by-overlapping-layers-detection.patch new file mode 100644 index 00000000000..31c599d8617 --- /dev/null +++ b/queue-5.2/ovl-fix-regression-caused-by-overlapping-layers-detection.patch @@ -0,0 +1,226 @@ +From 0be0bfd2de9dfdd2098a9c5b14bdd8f739c9165d Mon Sep 17 00:00:00 2001 +From: Amir Goldstein +Date: Fri, 12 Jul 2019 15:24:34 +0300 +Subject: ovl: fix regression caused by overlapping layers detection + +From: Amir Goldstein + +commit 0be0bfd2de9dfdd2098a9c5b14bdd8f739c9165d upstream. + +Once upon a time, commit 2cac0c00a6cd ("ovl: get exclusive ownership on +upper/work dirs") in v4.13 added some sanity checks on overlayfs layers. +This change caused a docker regression. The root cause was mount leaks +by docker, which as far as I know, still exist. + +To mitigate the regression, commit 85fdee1eef1a ("ovl: fix regression +caused by exclusive upper/work dir protection") in v4.14 turned the +mount errors into warnings for the default index=off configuration. + +Recently, commit 146d62e5a586 ("ovl: detect overlapping layers") in +v5.2, re-introduced exclusive upper/work dir checks regardless of +index=off configuration. + +This changes the status quo and mount leak related bug reports have +started to re-surface. Restore the status quo to fix the regressions. +To clarify, index=off does NOT relax overlapping layers check for this +ovelayfs mount. index=off only relaxes exclusive upper/work dir checks +with another overlayfs mount. + +To cover the part of overlapping layers detection that used the +exclusive upper/work dir checks to detect overlap with self upper/work +dir, add a trap also on the work base dir. + +Link: https://github.com/moby/moby/issues/34672 +Link: https://lore.kernel.org/linux-fsdevel/20171006121405.GA32700@veci.piliscsaba.szeredi.hu/ +Link: https://github.com/containers/libpod/issues/3540 +Fixes: 146d62e5a586 ("ovl: detect overlapping layers") +Cc: # v4.19+ +Signed-off-by: Amir Goldstein +Tested-by: Colin Walters +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + Documentation/filesystems/overlayfs.txt | 2 + fs/overlayfs/ovl_entry.h | 1 + fs/overlayfs/super.c | 73 ++++++++++++++++++++------------ + 3 files changed, 49 insertions(+), 27 deletions(-) + +--- a/Documentation/filesystems/overlayfs.txt ++++ b/Documentation/filesystems/overlayfs.txt +@@ -302,7 +302,7 @@ beneath or above the path of another ove + + Using an upper layer path and/or a workdir path that are already used by + another overlay mount is not allowed and may fail with EBUSY. Using +-partially overlapping paths is not allowed but will not fail with EBUSY. ++partially overlapping paths is not allowed and may fail with EBUSY. + If files are accessed from two overlayfs mounts which share or overlap the + upper layer and/or workdir path the behavior of the overlay is undefined, + though it will not result in a crash or deadlock. +--- a/fs/overlayfs/ovl_entry.h ++++ b/fs/overlayfs/ovl_entry.h +@@ -66,6 +66,7 @@ struct ovl_fs { + bool workdir_locked; + /* Traps in ovl inode cache */ + struct inode *upperdir_trap; ++ struct inode *workbasedir_trap; + struct inode *workdir_trap; + struct inode *indexdir_trap; + /* Inode numbers in all layers do not use the high xino_bits */ +--- a/fs/overlayfs/super.c ++++ b/fs/overlayfs/super.c +@@ -212,6 +212,7 @@ static void ovl_free_fs(struct ovl_fs *o + { + unsigned i; + ++ iput(ofs->workbasedir_trap); + iput(ofs->indexdir_trap); + iput(ofs->workdir_trap); + iput(ofs->upperdir_trap); +@@ -1003,6 +1004,25 @@ static int ovl_setup_trap(struct super_b + return 0; + } + ++/* ++ * Determine how we treat concurrent use of upperdir/workdir based on the ++ * index feature. This is papering over mount leaks of container runtimes, ++ * for example, an old overlay mount is leaked and now its upperdir is ++ * attempted to be used as a lower layer in a new overlay mount. ++ */ ++static int ovl_report_in_use(struct ovl_fs *ofs, const char *name) ++{ ++ if (ofs->config.index) { ++ pr_err("overlayfs: %s is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.\n", ++ name); ++ return -EBUSY; ++ } else { ++ pr_warn("overlayfs: %s is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.\n", ++ name); ++ return 0; ++ } ++} ++ + static int ovl_get_upper(struct super_block *sb, struct ovl_fs *ofs, + struct path *upperpath) + { +@@ -1040,14 +1060,12 @@ static int ovl_get_upper(struct super_bl + upper_mnt->mnt_flags &= ~(MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME); + ofs->upper_mnt = upper_mnt; + +- err = -EBUSY; + if (ovl_inuse_trylock(ofs->upper_mnt->mnt_root)) { + ofs->upperdir_locked = true; +- } else if (ofs->config.index) { +- pr_err("overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection.\n"); +- goto out; + } else { +- pr_warn("overlayfs: upperdir is in-use by another mount, accessing files from both mounts will result in undefined behavior.\n"); ++ err = ovl_report_in_use(ofs, "upperdir"); ++ if (err) ++ goto out; + } + + err = 0; +@@ -1157,16 +1175,19 @@ static int ovl_get_workdir(struct super_ + + ofs->workbasedir = dget(workpath.dentry); + +- err = -EBUSY; + if (ovl_inuse_trylock(ofs->workbasedir)) { + ofs->workdir_locked = true; +- } else if (ofs->config.index) { +- pr_err("overlayfs: workdir is in-use by another mount, mount with '-o index=off' to override exclusive workdir protection.\n"); +- goto out; + } else { +- pr_warn("overlayfs: workdir is in-use by another mount, accessing files from both mounts will result in undefined behavior.\n"); ++ err = ovl_report_in_use(ofs, "workdir"); ++ if (err) ++ goto out; + } + ++ err = ovl_setup_trap(sb, ofs->workbasedir, &ofs->workbasedir_trap, ++ "workdir"); ++ if (err) ++ goto out; ++ + err = ovl_make_workdir(sb, ofs, &workpath); + + out: +@@ -1313,16 +1334,16 @@ static int ovl_get_lower_layers(struct s + if (err < 0) + goto out; + +- err = -EBUSY; +- if (ovl_is_inuse(stack[i].dentry)) { +- pr_err("overlayfs: lowerdir is in-use as upperdir/workdir\n"); +- goto out; +- } +- + err = ovl_setup_trap(sb, stack[i].dentry, &trap, "lowerdir"); + if (err) + goto out; + ++ if (ovl_is_inuse(stack[i].dentry)) { ++ err = ovl_report_in_use(ofs, "lowerdir"); ++ if (err) ++ goto out; ++ } ++ + mnt = clone_private_mount(&stack[i]); + err = PTR_ERR(mnt); + if (IS_ERR(mnt)) { +@@ -1469,8 +1490,8 @@ out_err: + * - another layer of this overlayfs instance + * - upper/work dir of any overlayfs instance + */ +-static int ovl_check_layer(struct super_block *sb, struct dentry *dentry, +- const char *name) ++static int ovl_check_layer(struct super_block *sb, struct ovl_fs *ofs, ++ struct dentry *dentry, const char *name) + { + struct dentry *next = dentry, *parent; + int err = 0; +@@ -1482,13 +1503,11 @@ static int ovl_check_layer(struct super_ + + /* Walk back ancestors to root (inclusive) looking for traps */ + while (!err && parent != next) { +- if (ovl_is_inuse(parent)) { +- err = -EBUSY; +- pr_err("overlayfs: %s path overlapping in-use upperdir/workdir\n", +- name); +- } else if (ovl_lookup_trap_inode(sb, parent)) { ++ if (ovl_lookup_trap_inode(sb, parent)) { + err = -ELOOP; + pr_err("overlayfs: overlapping %s path\n", name); ++ } else if (ovl_is_inuse(parent)) { ++ err = ovl_report_in_use(ofs, name); + } + next = parent; + parent = dget_parent(next); +@@ -1509,7 +1528,8 @@ static int ovl_check_overlapping_layers( + int i, err; + + if (ofs->upper_mnt) { +- err = ovl_check_layer(sb, ofs->upper_mnt->mnt_root, "upperdir"); ++ err = ovl_check_layer(sb, ofs, ofs->upper_mnt->mnt_root, ++ "upperdir"); + if (err) + return err; + +@@ -1520,13 +1540,14 @@ static int ovl_check_overlapping_layers( + * workbasedir. In that case, we already have their traps in + * inode cache and we will catch that case on lookup. + */ +- err = ovl_check_layer(sb, ofs->workbasedir, "workdir"); ++ err = ovl_check_layer(sb, ofs, ofs->workbasedir, "workdir"); + if (err) + return err; + } + + for (i = 0; i < ofs->numlower; i++) { +- err = ovl_check_layer(sb, ofs->lower_layers[i].mnt->mnt_root, ++ err = ovl_check_layer(sb, ofs, ++ ofs->lower_layers[i].mnt->mnt_root, + "lowerdir"); + if (err) + return err; diff --git a/queue-5.2/revert-arm64-remove-unnecessary-isbs-from-set_-pte-pmd-pud.patch b/queue-5.2/revert-arm64-remove-unnecessary-isbs-from-set_-pte-pmd-pud.patch new file mode 100644 index 00000000000..17f78bd091a --- /dev/null +++ b/queue-5.2/revert-arm64-remove-unnecessary-isbs-from-set_-pte-pmd-pud.patch @@ -0,0 +1,103 @@ +From d0b7a302d58abe24ed0f32a0672dd4c356bb73db Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Thu, 22 Aug 2019 14:58:37 +0100 +Subject: Revert "arm64: Remove unnecessary ISBs from set_{pte,pmd,pud}" + +From: Will Deacon + +commit d0b7a302d58abe24ed0f32a0672dd4c356bb73db upstream. + +This reverts commit 24fe1b0efad4fcdd32ce46cffeab297f22581707. + +Commit 24fe1b0efad4fcdd ("arm64: Remove unnecessary ISBs from +set_{pte,pmd,pud}") removed ISB instructions immediately following updates +to the page table, on the grounds that they are not required by the +architecture and a DSB alone is sufficient to ensure that subsequent data +accesses use the new translation: + + DDI0487E_a, B2-128: + + | ... no instruction that appears in program order after the DSB + | instruction can alter any state of the system or perform any part of + | its functionality until the DSB completes other than: + | + | * Being fetched from memory and decoded + | * Reading the general-purpose, SIMD and floating-point, + | Special-purpose, or System registers that are directly or indirectly + | read without causing side-effects. + +However, the same document also states the following: + + DDI0487E_a, B2-125: + + | DMB and DSB instructions affect reads and writes to the memory system + | generated by Load/Store instructions and data or unified cache + | maintenance instructions being executed by the PE. Instruction fetches + | or accesses caused by a hardware translation table access are not + | explicit accesses. + +which appears to claim that the DSB alone is insufficient. Unfortunately, +some CPU designers have followed the second clause above, whereas in Linux +we've been relying on the first. This means that our mapping sequence: + + MOV X0, + STR X0, [Xptep] // Store new PTE to page table + DSB ISHST + LDR X1, [X2] // Translates using the new PTE + +can actually raise a translation fault on the load instruction because the +translation can be performed speculatively before the page table update and +then marked as "faulting" by the CPU. For user PTEs, this is ok because we +can handle the spurious fault, but for kernel PTEs and intermediate table +entries this results in a panic(). + +Revert the offending commit to reintroduce the missing barriers. + +Cc: +Fixes: 24fe1b0efad4fcdd ("arm64: Remove unnecessary ISBs from set_{pte,pmd,pud}") +Reviewed-by: Mark Rutland +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/include/asm/pgtable.h | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +--- a/arch/arm64/include/asm/pgtable.h ++++ b/arch/arm64/include/asm/pgtable.h +@@ -214,8 +214,10 @@ static inline void set_pte(pte_t *ptep, + * Only if the new pte is valid and kernel, otherwise TLB maintenance + * or update_mmu_cache() have the necessary barriers. + */ +- if (pte_valid_not_user(pte)) ++ if (pte_valid_not_user(pte)) { + dsb(ishst); ++ isb(); ++ } + } + + extern void __sync_icache_dcache(pte_t pteval); +@@ -453,8 +455,10 @@ static inline void set_pmd(pmd_t *pmdp, + + WRITE_ONCE(*pmdp, pmd); + +- if (pmd_valid(pmd)) ++ if (pmd_valid(pmd)) { + dsb(ishst); ++ isb(); ++ } + } + + static inline void pmd_clear(pmd_t *pmdp) +@@ -512,8 +516,10 @@ static inline void set_pud(pud_t *pudp, + + WRITE_ONCE(*pudp, pud); + +- if (pud_valid(pud)) ++ if (pud_valid(pud)) { + dsb(ishst); ++ isb(); ++ } + } + + static inline void pud_clear(pud_t *pudp) diff --git a/queue-5.2/series b/queue-5.2/series index 6922fd127b5..e956e8c70a1 100644 --- a/queue-5.2/series +++ b/queue-5.2/series @@ -117,3 +117,6 @@ dmaengine-rcar-dmac-fix-dmachclr-handling-if-iommu-i.patch keys-fix-missing-null-pointer-check-in-request_key_a.patch iommu-amd-flush-old-domains-in-kdump-kernel.patch iommu-amd-fix-race-in-increase_address_space.patch +revert-arm64-remove-unnecessary-isbs-from-set_-pte-pmd-pud.patch +ovl-fix-regression-caused-by-overlapping-layers-detection.patch +floppy-fix-usercopy-direction.patch