From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 24 Sep 2019 16:30:53 +0000 (+0200)
Subject: 4.19-stable patches
X-Git-Tag: v5.3.2~43
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=20f9f3da9612f3ce025b408518f82a9703f348bd;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	cifs-fix-deadlock-in-cached-root-handling.patch
	crypto-talitos-fix-missing-break-in-switch-statement.patch
---

diff --git a/queue-4.19/cifs-fix-deadlock-in-cached-root-handling.patch b/queue-4.19/cifs-fix-deadlock-in-cached-root-handling.patch
new file mode 100644
index 00000000000..57562457da9
--- /dev/null
+++ b/queue-4.19/cifs-fix-deadlock-in-cached-root-handling.patch
@@ -0,0 +1,88 @@
+From 7e5a70ad88b1e6f6d9b934b2efb41afff496820f Mon Sep 17 00:00:00 2001
+From: Aurelien Aptel <aaptel@suse.com>
+Date: Wed, 17 Jul 2019 12:46:28 +0200
+Subject: CIFS: fix deadlock in cached root handling
+
+From: Aurelien Aptel <aaptel@suse.com>
+
+commit 7e5a70ad88b1e6f6d9b934b2efb41afff496820f upstream.
+
+Prevent deadlock between open_shroot() and
+cifs_mark_open_files_invalid() by releasing the lock before entering
+SMB2_open, taking it again after and checking if we still need to use
+the result.
+
+Link: https://lore.kernel.org/linux-cifs/684ed01c-cbca-2716-bc28-b0a59a0f8521@prodrive-technologies.com/T/#u
+Fixes: 3d4ef9a15343 ("smb3: fix redundant opens on root")
+Signed-off-by: Aurelien Aptel <aaptel@suse.com>
+Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+CC: Stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ fs/cifs/smb2ops.c |   44 ++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 44 insertions(+)
+
+--- a/fs/cifs/smb2ops.c
++++ b/fs/cifs/smb2ops.c
+@@ -553,7 +553,50 @@ int open_shroot(unsigned int xid, struct
+ 	oparams.fid = pfid;
+ 	oparams.reconnect = false;
+ 
++	/*
++	 * We do not hold the lock for the open because in case
++	 * SMB2_open needs to reconnect, it will end up calling
++	 * cifs_mark_open_files_invalid() which takes the lock again
++	 * thus causing a deadlock
++	 */
++	mutex_unlock(&tcon->crfid.fid_mutex);
+ 	rc = SMB2_open(xid, &oparams, &srch_path, &oplock, NULL, NULL, NULL);
++	mutex_lock(&tcon->crfid.fid_mutex);
++
++	/*
++	 * Now we need to check again as the cached root might have
++	 * been successfully re-opened from a concurrent process
++	 */
++
++	if (tcon->crfid.is_valid) {
++		/* work was already done */
++
++		/* stash fids for close() later */
++		struct cifs_fid fid = {
++			.persistent_fid = pfid->persistent_fid,
++			.volatile_fid = pfid->volatile_fid,
++		};
++
++		/*
++		 * Caller expects this func to set pfid to a valid
++		 * cached root, so we copy the existing one and get a
++		 * reference
++		 */
++		memcpy(pfid, tcon->crfid.fid, sizeof(*pfid));
++		kref_get(&tcon->crfid.refcount);
++
++		mutex_unlock(&tcon->crfid.fid_mutex);
++
++		if (rc == 0) {
++			/* close extra handle outside of critical section */
++			SMB2_close(xid, tcon, fid.persistent_fid,
++				   fid.volatile_fid);
++		}
++		return 0;
++	}
++
++	/* Cached root is still invalid, continue normaly */
++
+ 	if (rc == 0) {
+ 		memcpy(tcon->crfid.fid, pfid, sizeof(struct cifs_fid));
+ 		tcon->crfid.tcon = tcon;
+@@ -561,6 +604,7 @@ int open_shroot(unsigned int xid, struct
+ 		kref_init(&tcon->crfid.refcount);
+ 		kref_get(&tcon->crfid.refcount);
+ 	}
++
+ 	mutex_unlock(&tcon->crfid.fid_mutex);
+ 	return rc;
+ }
diff --git a/queue-4.19/crypto-talitos-fix-missing-break-in-switch-statement.patch b/queue-4.19/crypto-talitos-fix-missing-break-in-switch-statement.patch
new file mode 100644
index 00000000000..5ffa980d7c0
--- /dev/null
+++ b/queue-4.19/crypto-talitos-fix-missing-break-in-switch-statement.patch
@@ -0,0 +1,34 @@
+From 5fc194ea6d34dfad9833d3043ce41d6c52aff39a Mon Sep 17 00:00:00 2001
+From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
+Date: Mon, 9 Sep 2019 00:29:52 -0500
+Subject: crypto: talitos - fix missing break in switch statement
+
+From: Gustavo A. R. Silva <gustavo@embeddedor.com>
+
+commit 5fc194ea6d34dfad9833d3043ce41d6c52aff39a upstream.
+
+Add missing break statement in order to prevent the code from falling
+through to case CRYPTO_ALG_TYPE_AHASH.
+
+Fixes: aeb4c132f33d ("crypto: talitos - Convert to new AEAD interface")
+Cc: stable@vger.kernel.org
+Reported-by: kbuild test robot <lkp@intel.com>
+Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
+Reviewed-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -3124,6 +3124,7 @@ static int talitos_remove(struct platfor
+ 			break;
+ 		case CRYPTO_ALG_TYPE_AEAD:
+ 			crypto_unregister_aead(&t_alg->algt.alg.aead);
++			break;
+ 		case CRYPTO_ALG_TYPE_AHASH:
+ 			crypto_unregister_ahash(&t_alg->algt.alg.hash);
+ 			break;
diff --git a/queue-4.19/series b/queue-4.19/series
index 2cba4da9838..4830e4cf7ed 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -10,3 +10,5 @@ hid-logitech-fix-general-protection-fault-caused-by-logitech-driver.patch
 hid-hidraw-fix-invalid-read-in-hidraw_ioctl.patch
 hid-add-quirk-for-hp-x500-pixart-oem-mouse.patch
 mtd-cfi_cmdset_0002-use-chip_good-to-retry-in-do_write_oneword.patch
+crypto-talitos-fix-missing-break-in-switch-statement.patch
+cifs-fix-deadlock-in-cached-root-handling.patch