From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 16 Oct 2022 13:03:55 +0000 (+0200)
Subject: 4.19-stable patches
X-Git-Tag: v5.4.219~120
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=526db37541bad5ded11990db7f18e7b6c3026aed;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch
	riscv-fix-build-with-binutils-2.38.patch
---

diff --git a/queue-4.19/nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch b/queue-4.19/nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch
new file mode 100644
index 00000000000..6284acf1fe0
--- /dev/null
+++ b/queue-4.19/nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch
@@ -0,0 +1,69 @@
+From d325dc6eb763c10f591c239550b8c7e5466a5d09 Mon Sep 17 00:00:00 2001
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Date: Tue, 4 Oct 2022 00:05:19 +0900
+Subject: nilfs2: fix use-after-free bug of struct nilfs_root
+
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+
+commit d325dc6eb763c10f591c239550b8c7e5466a5d09 upstream.
+
+If the beginning of the inode bitmap area is corrupted on disk, an inode
+with the same inode number as the root inode can be allocated and fail
+soon after.  In this case, the subsequent call to nilfs_clear_inode() on
+that bogus root inode will wrongly decrement the reference counter of
+struct nilfs_root, and this will erroneously free struct nilfs_root,
+causing kernel oopses.
+
+This fixes the problem by changing nilfs_new_inode() to skip reserved
+inode numbers while repairing the inode bitmap.
+
+Link: https://lkml.kernel.org/r/20221003150519.39789-1-konishi.ryusuke@gmail.com
+Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Reported-by: syzbot+b8c672b0e22615c80fe0@syzkaller.appspotmail.com
+Reported-by: Khalid Masum <khalid.masum.92@gmail.com>
+Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nilfs2/inode.c |   18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+--- a/fs/nilfs2/inode.c
++++ b/fs/nilfs2/inode.c
+@@ -340,6 +340,7 @@ struct inode *nilfs_new_inode(struct ino
+ 	struct inode *inode;
+ 	struct nilfs_inode_info *ii;
+ 	struct nilfs_root *root;
++	struct buffer_head *bh;
+ 	int err = -ENOMEM;
+ 	ino_t ino;
+ 
+@@ -355,11 +356,26 @@ struct inode *nilfs_new_inode(struct ino
+ 	ii->i_state = BIT(NILFS_I_NEW);
+ 	ii->i_root = root;
+ 
+-	err = nilfs_ifile_create_inode(root->ifile, &ino, &ii->i_bh);
++	err = nilfs_ifile_create_inode(root->ifile, &ino, &bh);
+ 	if (unlikely(err))
+ 		goto failed_ifile_create_inode;
+ 	/* reference count of i_bh inherits from nilfs_mdt_read_block() */
+ 
++	if (unlikely(ino < NILFS_USER_INO)) {
++		nilfs_msg(sb, KERN_WARNING,
++			  "inode bitmap is inconsistent for reserved inodes");
++		do {
++			brelse(bh);
++			err = nilfs_ifile_create_inode(root->ifile, &ino, &bh);
++			if (unlikely(err))
++				goto failed_ifile_create_inode;
++		} while (ino < NILFS_USER_INO);
++
++		nilfs_msg(sb, KERN_INFO,
++			  "repaired inode bitmap for reserved inodes");
++	}
++	ii->i_bh = bh;
++
+ 	atomic64_inc(&root->inodes_count);
+ 	inode_init_owner(inode, dir, mode);
+ 	inode->i_ino = ino;
diff --git a/queue-4.19/riscv-fix-build-with-binutils-2.38.patch b/queue-4.19/riscv-fix-build-with-binutils-2.38.patch
new file mode 100644
index 00000000000..e210166631c
--- /dev/null
+++ b/queue-4.19/riscv-fix-build-with-binutils-2.38.patch
@@ -0,0 +1,58 @@
+From 6df2a016c0c8a3d0933ef33dd192ea6606b115e3 Mon Sep 17 00:00:00 2001
+From: Aurelien Jarno <aurelien@aurel32.net>
+Date: Wed, 26 Jan 2022 18:14:42 +0100
+Subject: riscv: fix build with binutils 2.38
+
+From: Aurelien Jarno <aurelien@aurel32.net>
+
+commit 6df2a016c0c8a3d0933ef33dd192ea6606b115e3 upstream.
+
+From version 2.38, binutils default to ISA spec version 20191213. This
+means that the csr read/write (csrr*/csrw*) instructions and fence.i
+instruction has separated from the `I` extension, become two standalone
+extensions: Zicsr and Zifencei. As the kernel uses those instruction,
+this causes the following build failure:
+
+  CC      arch/riscv/kernel/vdso/vgettimeofday.o
+  <<BUILDDIR>>/arch/riscv/include/asm/vdso/gettimeofday.h: Assembler messages:
+  <<BUILDDIR>>/arch/riscv/include/asm/vdso/gettimeofday.h:71: Error: unrecognized opcode `csrr a5,0xc01'
+  <<BUILDDIR>>/arch/riscv/include/asm/vdso/gettimeofday.h:71: Error: unrecognized opcode `csrr a5,0xc01'
+  <<BUILDDIR>>/arch/riscv/include/asm/vdso/gettimeofday.h:71: Error: unrecognized opcode `csrr a5,0xc01'
+  <<BUILDDIR>>/arch/riscv/include/asm/vdso/gettimeofday.h:71: Error: unrecognized opcode `csrr a5,0xc01'
+
+The fix is to specify those extensions explicitely in -march. However as
+older binutils version do not support this, we first need to detect
+that.
+
+Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
+Tested-by: Alexandre Ghiti <alexandre.ghiti@canonical.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+[Conor: converted to the 4.19 style of march string generation]
+Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
+---
+ arch/riscv/Makefile |   11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+--- a/arch/riscv/Makefile
++++ b/arch/riscv/Makefile
+@@ -49,9 +49,16 @@ ifeq ($(CONFIG_RISCV_ISA_C),y)
+ 	KBUILD_ARCH_C = c
+ endif
+ 
+-KBUILD_AFLAGS += -march=$(KBUILD_MARCH)$(KBUILD_ARCH_A)fd$(KBUILD_ARCH_C)
++# Newer binutils versions default to ISA spec version 20191213 which moves some
++# instructions from the I extension to the Zicsr and Zifencei extensions.
++toolchain-need-zicsr-zifencei := $(call cc-option-yn, -march=$(riscv-march-y)_zicsr_zifencei)
++ifeq ($(toolchain-need-zicsr-zifencei),y)
++	KBUILD_ARCH_ZISCR_ZIFENCEI = _zicsr_zifencei
++endif
++
++KBUILD_AFLAGS += -march=$(KBUILD_MARCH)$(KBUILD_ARCH_A)fd$(KBUILD_ARCH_C)$(KBUILD_ARCH_ZISCR_ZIFENCEI)
+ 
+-KBUILD_CFLAGS += -march=$(KBUILD_MARCH)$(KBUILD_ARCH_A)$(KBUILD_ARCH_C)
++KBUILD_CFLAGS += -march=$(KBUILD_MARCH)$(KBUILD_ARCH_A)$(KBUILD_ARCH_C)$(KBUILD_ARCH_ZISCR_ZIFENCEI)
+ KBUILD_CFLAGS += -mno-save-restore
+ KBUILD_CFLAGS += -DCONFIG_PAGE_OFFSET=$(CONFIG_PAGE_OFFSET)
+ 
diff --git a/queue-4.19/series b/queue-4.19/series
index 4381b294c84..13d841fecaa 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -53,3 +53,5 @@ um-cpuinfo-fix-a-warning-for-config_cpumask_offstack.patch
 pci-sanitise-firmware-bar-assignments-behind-a-pci-pci-bridge.patch
 fbdev-smscufx-fix-use-after-free-in-ufx_ops_open.patch
 btrfs-fix-race-between-quota-enable-and-quota-rescan-ioctl.patch
+riscv-fix-build-with-binutils-2.38.patch
+nilfs2-fix-use-after-free-bug-of-struct-nilfs_root.patch