From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 23 Feb 2019 11:11:11 +0000 (+0100)
Subject: 4.4-stable patches
X-Git-Tag: v4.9.161~46
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=404f9ccee01ea222d1d9d236c9f166c56dab4eae;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	ceph-avoid-repeatedly-adding-inode-to-mdsc-snap_flush_list.patch
	keys-allow-reaching-the-keys-quotas-exactly.patch
	numa-change-get_mempolicy-to-use-nr_node_ids-instead-of-max_numnodes.patch
	series
---

diff --git a/queue-4.4/ceph-avoid-repeatedly-adding-inode-to-mdsc-snap_flush_list.patch b/queue-4.4/ceph-avoid-repeatedly-adding-inode-to-mdsc-snap_flush_list.patch
new file mode 100644
index 00000000000..c5398906a06
--- /dev/null
+++ b/queue-4.4/ceph-avoid-repeatedly-adding-inode-to-mdsc-snap_flush_list.patch
@@ -0,0 +1,33 @@
+From 04242ff3ac0abbaa4362f97781dac268e6c3541a Mon Sep 17 00:00:00 2001
+From: "Yan, Zheng" <zyan@redhat.com>
+Date: Mon, 11 Feb 2019 15:18:52 +0800
+Subject: ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
+
+From: Yan, Zheng <zyan@redhat.com>
+
+commit 04242ff3ac0abbaa4362f97781dac268e6c3541a upstream.
+
+Otherwise, mdsc->snap_flush_list may get corrupted.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
+Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ceph/snap.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/ceph/snap.c
++++ b/fs/ceph/snap.c
+@@ -611,7 +611,8 @@ int __ceph_finish_cap_snap(struct ceph_i
+ 	     capsnap->size);
+ 
+ 	spin_lock(&mdsc->snap_flush_lock);
+-	list_add_tail(&ci->i_snap_flush_item, &mdsc->snap_flush_list);
++	if (list_empty(&ci->i_snap_flush_item))
++		list_add_tail(&ci->i_snap_flush_item, &mdsc->snap_flush_list);
+ 	spin_unlock(&mdsc->snap_flush_lock);
+ 	return 1;  /* caller may want to ceph_flush_snaps */
+ }
diff --git a/queue-4.4/keys-allow-reaching-the-keys-quotas-exactly.patch b/queue-4.4/keys-allow-reaching-the-keys-quotas-exactly.patch
new file mode 100644
index 00000000000..1c6ae950c65
--- /dev/null
+++ b/queue-4.4/keys-allow-reaching-the-keys-quotas-exactly.patch
@@ -0,0 +1,43 @@
+From a08bf91ce28ed3ae7b6fef35d843fef8dc8c2cd9 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 14 Feb 2019 16:20:01 +0000
+Subject: KEYS: allow reaching the keys quotas exactly
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit a08bf91ce28ed3ae7b6fef35d843fef8dc8c2cd9 upstream.
+
+If the sysctl 'kernel.keys.maxkeys' is set to some number n, then
+actually users can only add up to 'n - 1' keys.  Likewise for
+'kernel.keys.maxbytes' and the root_* versions of these sysctls.  But
+these sysctls are apparently supposed to be *maximums*, as per their
+names and all documentation I could find -- the keyrings(7) man page,
+Documentation/security/keys/core.rst, and all the mentions of EDQUOT
+meaning that the key quota was *exceeded* (as opposed to reached).
+
+Thus, fix the code to allow reaching the quotas exactly.
+
+Fixes: 0b77f5bfb45c ("keys: make the keyring quotas controllable through /proc/sys")
+Cc: stable@vger.kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Signed-off-by: James Morris <james.morris@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/keys/key.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/security/keys/key.c
++++ b/security/keys/key.c
+@@ -260,8 +260,8 @@ struct key *key_alloc(struct key_type *t
+ 
+ 		spin_lock(&user->lock);
+ 		if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) {
+-			if (user->qnkeys + 1 >= maxkeys ||
+-			    user->qnbytes + quotalen >= maxbytes ||
++			if (user->qnkeys + 1 > maxkeys ||
++			    user->qnbytes + quotalen > maxbytes ||
+ 			    user->qnbytes + quotalen < user->qnbytes)
+ 				goto no_quota;
+ 		}
diff --git a/queue-4.4/numa-change-get_mempolicy-to-use-nr_node_ids-instead-of-max_numnodes.patch b/queue-4.4/numa-change-get_mempolicy-to-use-nr_node_ids-instead-of-max_numnodes.patch
new file mode 100644
index 00000000000..d896b0a02ac
--- /dev/null
+++ b/queue-4.4/numa-change-get_mempolicy-to-use-nr_node_ids-instead-of-max_numnodes.patch
@@ -0,0 +1,71 @@
+From 050c17f239fd53adb55aa768d4f41bc76c0fe045 Mon Sep 17 00:00:00 2001
+From: Ralph Campbell <rcampbell@nvidia.com>
+Date: Wed, 20 Feb 2019 22:18:58 -0800
+Subject: numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
+
+From: Ralph Campbell <rcampbell@nvidia.com>
+
+commit 050c17f239fd53adb55aa768d4f41bc76c0fe045 upstream.
+
+The system call, get_mempolicy() [1], passes an unsigned long *nodemask
+pointer and an unsigned long maxnode argument which specifies the length
+of the user's nodemask array in bits (which is rounded up).  The manual
+page says that if the maxnode value is too small, get_mempolicy will
+return EINVAL but there is no system call to return this minimum value.
+To determine this value, some programs search /proc/<pid>/status for a
+line starting with "Mems_allowed:" and use the number of digits in the
+mask to determine the minimum value.  A recent change to the way this line
+is formatted [2] causes these programs to compute a value less than
+MAX_NUMNODES so get_mempolicy() returns EINVAL.
+
+Change get_mempolicy(), the older compat version of get_mempolicy(), and
+the copy_nodes_to_user() function to use nr_node_ids instead of
+MAX_NUMNODES, thus preserving the defacto method of computing the minimum
+size for the nodemask array and the maxnode argument.
+
+[1] http://man7.org/linux/man-pages/man2/get_mempolicy.2.html
+[2] https://lore.kernel.org/lkml/1545405631-6808-1-git-send-email-longman@redhat.com
+
+Link: http://lkml.kernel.org/r/20190211180245.22295-1-rcampbell@nvidia.com
+Fixes: 4fb8e5b89bcbbbb ("include/linux/nodemask.h: use nr_node_ids (not MAX_NUMNODES) in __nodemask_pr_numnodes()")
+Signed-off-by: Ralph Campbell <rcampbell@nvidia.com>
+Suggested-by: Alexander Duyck <alexander.duyck@gmail.com>
+Cc: Waiman Long <longman@redhat.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/mempolicy.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/mm/mempolicy.c
++++ b/mm/mempolicy.c
+@@ -1295,7 +1295,7 @@ static int copy_nodes_to_user(unsigned l
+ 			      nodemask_t *nodes)
+ {
+ 	unsigned long copy = ALIGN(maxnode-1, 64) / 8;
+-	const int nbytes = BITS_TO_LONGS(MAX_NUMNODES) * sizeof(long);
++	unsigned int nbytes = BITS_TO_LONGS(nr_node_ids) * sizeof(long);
+ 
+ 	if (copy > nbytes) {
+ 		if (copy > PAGE_SIZE)
+@@ -1456,7 +1456,7 @@ SYSCALL_DEFINE5(get_mempolicy, int __use
+ 	int uninitialized_var(pval);
+ 	nodemask_t nodes;
+ 
+-	if (nmask != NULL && maxnode < MAX_NUMNODES)
++	if (nmask != NULL && maxnode < nr_node_ids)
+ 		return -EINVAL;
+ 
+ 	err = do_get_mempolicy(&pval, &nodes, addr, flags);
+@@ -1485,7 +1485,7 @@ COMPAT_SYSCALL_DEFINE5(get_mempolicy, in
+ 	unsigned long nr_bits, alloc_size;
+ 	DECLARE_BITMAP(bm, MAX_NUMNODES);
+ 
+-	nr_bits = min_t(unsigned long, maxnode-1, MAX_NUMNODES);
++	nr_bits = min_t(unsigned long, maxnode-1, nr_node_ids);
+ 	alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8;
+ 
+ 	if (nmask)
diff --git a/queue-4.4/series b/queue-4.4/series
new file mode 100644
index 00000000000..8d69dab7bf8
--- /dev/null
+++ b/queue-4.4/series
@@ -0,0 +1,3 @@
+ceph-avoid-repeatedly-adding-inode-to-mdsc-snap_flush_list.patch
+numa-change-get_mempolicy-to-use-nr_node_ids-instead-of-max_numnodes.patch
+keys-allow-reaching-the-keys-quotas-exactly.patch