From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 23 Jun 2021 15:05:28 +0000 (+0200)
Subject: 4.14-stable patches
X-Git-Tag: v5.12.14~65
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5222b24ebc96786014a15a8f4ba542eb6e64be18;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	kernfs-deal-with-kernfs_fill_super-failures.patch
	unfuck-sysfs_mount.patch
	x86-fpu-reset-state-for-all-signal-restore-failures.patch
---

diff --git a/queue-4.14/kernfs-deal-with-kernfs_fill_super-failures.patch b/queue-4.14/kernfs-deal-with-kernfs_fill_super-failures.patch
new file mode 100644
index 00000000000..1f217c8c8ee
--- /dev/null
+++ b/queue-4.14/kernfs-deal-with-kernfs_fill_super-failures.patch
@@ -0,0 +1,29 @@
+From 82382acec0c97b91830fff7130d0acce4ac4f3f3 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Tue, 3 Apr 2018 00:22:29 -0400
+Subject: kernfs: deal with kernfs_fill_super() failures
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 82382acec0c97b91830fff7130d0acce4ac4f3f3 upstream.
+
+make sure that info->node is initialized early, so that kernfs_kill_sb()
+can list_del() it safely.
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Guilherme G. Piccoli <gpiccoli@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/kernfs/mount.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/kernfs/mount.c
++++ b/fs/kernfs/mount.c
+@@ -320,6 +320,7 @@ struct dentry *kernfs_mount_ns(struct fi
+ 
+ 	info->root = root;
+ 	info->ns = ns;
++	INIT_LIST_HEAD(&info->node);
+ 
+ 	sb = sget_userns(fs_type, kernfs_test_super, kernfs_set_super, flags,
+ 			 &init_user_ns, info);
diff --git a/queue-4.14/series b/queue-4.14/series
index 809d5f5410d..4975375e48a 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -59,3 +59,6 @@ net-fec_ptp-add-clock-rate-zero-check.patch
 can-bcm-raw-isotp-use-per-module-netdevice-notifier.patch
 inet-use-bigger-hash-table-for-ip-id-generation.patch
 usb-dwc3-core-fix-kernel-panic-when-do-reboot.patch
+kernfs-deal-with-kernfs_fill_super-failures.patch
+unfuck-sysfs_mount.patch
+x86-fpu-reset-state-for-all-signal-restore-failures.patch
diff --git a/queue-4.14/unfuck-sysfs_mount.patch b/queue-4.14/unfuck-sysfs_mount.patch
new file mode 100644
index 00000000000..aad80efa097
--- /dev/null
+++ b/queue-4.14/unfuck-sysfs_mount.patch
@@ -0,0 +1,48 @@
+From 7b745a4e4051e1bbce40e0b1c2cf636c70583aa4 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Mon, 14 May 2018 00:03:34 -0400
+Subject: unfuck sysfs_mount()
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 7b745a4e4051e1bbce40e0b1c2cf636c70583aa4 upstream.
+
+new_sb is left uninitialized in case of early failures in kernfs_mount_ns(),
+and while IS_ERR(root) is true in all such cases, using IS_ERR(root) || !new_sb
+is not a solution - IS_ERR(root) is true in some cases when new_sb is true.
+
+Make sure new_sb is initialized (and matches the reality) in all cases and
+fix the condition for dropping kobj reference - we want it done precisely
+in those situations where the reference has not been transferred into a new
+super_block instance.
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Guilherme G. Piccoli <gpiccoli@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/sysfs/mount.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/fs/sysfs/mount.c
++++ b/fs/sysfs/mount.c
+@@ -28,7 +28,7 @@ static struct dentry *sysfs_mount(struct
+ {
+ 	struct dentry *root;
+ 	void *ns;
+-	bool new_sb;
++	bool new_sb = false;
+ 
+ 	if (!(flags & MS_KERNMOUNT)) {
+ 		if (!kobj_ns_current_may_mount(KOBJ_NS_TYPE_NET))
+@@ -38,9 +38,9 @@ static struct dentry *sysfs_mount(struct
+ 	ns = kobj_ns_grab_current(KOBJ_NS_TYPE_NET);
+ 	root = kernfs_mount_ns(fs_type, flags, sysfs_root,
+ 				SYSFS_MAGIC, &new_sb, ns);
+-	if (IS_ERR(root) || !new_sb)
++	if (!new_sb)
+ 		kobj_ns_drop(KOBJ_NS_TYPE_NET, ns);
+-	else if (new_sb)
++	else if (!IS_ERR(root))
+ 		root->d_sb->s_iflags |= SB_I_USERNS_VISIBLE;
+ 
+ 	return root;
diff --git a/queue-4.14/x86-fpu-reset-state-for-all-signal-restore-failures.patch b/queue-4.14/x86-fpu-reset-state-for-all-signal-restore-failures.patch
new file mode 100644
index 00000000000..08fedf41d27
--- /dev/null
+++ b/queue-4.14/x86-fpu-reset-state-for-all-signal-restore-failures.patch
@@ -0,0 +1,91 @@
+From efa165504943f2128d50f63de0c02faf6dcceb0d Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Wed, 9 Jun 2021 21:18:00 +0200
+Subject: x86/fpu: Reset state for all signal restore failures
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit efa165504943f2128d50f63de0c02faf6dcceb0d upstream.
+
+If access_ok() or fpregs_soft_set() fails in __fpu__restore_sig() then the
+function just returns but does not clear the FPU state as it does for all
+other fatal failures.
+
+Clear the FPU state for these failures as well.
+
+Fixes: 72a671ced66d ("x86, fpu: Unify signal handling code paths for x86 and x86_64 kernels")
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/87mtryyhhz.ffs@nanos.tec.linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kernel/fpu/signal.c |   31 ++++++++++++++++++++-----------
+ 1 file changed, 20 insertions(+), 11 deletions(-)
+
+--- a/arch/x86/kernel/fpu/signal.c
++++ b/arch/x86/kernel/fpu/signal.c
+@@ -272,6 +272,7 @@ static int __fpu__restore_sig(void __use
+ 	int state_size = fpu_kernel_xstate_size;
+ 	u64 xfeatures = 0;
+ 	int fx_only = 0;
++	int ret = 0;
+ 
+ 	ia32_fxstate &= (IS_ENABLED(CONFIG_X86_32) ||
+ 			 IS_ENABLED(CONFIG_IA32_EMULATION));
+@@ -281,15 +282,21 @@ static int __fpu__restore_sig(void __use
+ 		return 0;
+ 	}
+ 
+-	if (!access_ok(VERIFY_READ, buf, size))
+-		return -EACCES;
++	if (!access_ok(VERIFY_READ, buf, size)) {
++		ret = -EACCES;
++		goto out_err;
++	}
+ 
+ 	fpu__initialize(fpu);
+ 
+-	if (!static_cpu_has(X86_FEATURE_FPU))
+-		return fpregs_soft_set(current, NULL,
+-				       0, sizeof(struct user_i387_ia32_struct),
+-				       NULL, buf) != 0;
++	if (!static_cpu_has(X86_FEATURE_FPU)) {
++		ret = fpregs_soft_set(current, NULL,
++				      0, sizeof(struct user_i387_ia32_struct),
++				      NULL, buf) != 0;
++		if (ret)
++			goto out_err;
++		return 0;
++	}
+ 
+ 	if (use_xsave()) {
+ 		struct _fpx_sw_bytes fx_sw_user;
+@@ -349,6 +356,7 @@ static int __fpu__restore_sig(void __use
+ 		fpu__restore(fpu);
+ 		local_bh_enable();
+ 
++		/* Failure is already handled */
+ 		return err;
+ 	} else {
+ 		/*
+@@ -356,13 +364,14 @@ static int __fpu__restore_sig(void __use
+ 		 * state to the registers directly (with exceptions handled).
+ 		 */
+ 		user_fpu_begin();
+-		if (copy_user_to_fpregs_zeroing(buf_fx, xfeatures, fx_only)) {
+-			fpu__clear(fpu);
+-			return -1;
+-		}
++		if (!copy_user_to_fpregs_zeroing(buf_fx, xfeatures, fx_only))
++			return 0;
++		ret = -1;
+ 	}
+ 
+-	return 0;
++out_err:
++	fpu__clear(fpu);
++	return ret;
+ }
+ 
+ static inline int xstate_sigframe_size(void)