From: Sasha Levin Date: Fri, 19 Jun 2020 04:11:08 +0000 (-0400) Subject: Fixes for 4.19 X-Git-Tag: v4.4.228~35 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=54471b2834aa4e14041ce38f0f895ba5a55d2774;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.19 Signed-off-by: Sasha Levin --- diff --git a/queue-4.19/btrfs-fix-error-handling-when-submitting-direct-i-o-.patch b/queue-4.19/btrfs-fix-error-handling-when-submitting-direct-i-o-.patch new file mode 100644 index 00000000000..0c3f200313b --- /dev/null +++ b/queue-4.19/btrfs-fix-error-handling-when-submitting-direct-i-o-.patch @@ -0,0 +1,67 @@ +From 9ccc705801bc2f262e89bf3de5aa31aef2eb46e1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 16 Apr 2020 14:46:12 -0700 +Subject: btrfs: fix error handling when submitting direct I/O bio + +From: Omar Sandoval + +[ Upstream commit 6d3113a193e3385c72240096fe397618ecab6e43 ] + +In btrfs_submit_direct_hook(), if a direct I/O write doesn't span a RAID +stripe or chunk, we submit orig_bio without cloning it. In this case, we +don't increment pending_bios. Then, if btrfs_submit_dio_bio() fails, we +decrement pending_bios to -1, and we never complete orig_bio. Fix it by +initializing pending_bios to 1 instead of incrementing later. + +Fixing this exposes another bug: we put orig_bio prematurely and then +put it again from end_io. Fix it by not putting orig_bio. + +After this change, pending_bios is really more of a reference count, but +I'll leave that cleanup separate to keep the fix small. + +Fixes: e65e15355429 ("btrfs: fix panic caused by direct IO") +CC: stable@vger.kernel.org # 4.4+ +Reviewed-by: Nikolay Borisov +Reviewed-by: Josef Bacik +Reviewed-by: Johannes Thumshirn +Signed-off-by: Omar Sandoval +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/inode.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c +index c69e5b255745..b4f295a058d8 100644 +--- a/fs/btrfs/inode.c ++++ b/fs/btrfs/inode.c +@@ -8399,7 +8399,6 @@ static int btrfs_submit_direct_hook(struct btrfs_dio_private *dip) + + /* bio split */ + ASSERT(map_length <= INT_MAX); +- atomic_inc(&dip->pending_bios); + do { + clone_len = min_t(int, submit_len, map_length); + +@@ -8450,7 +8449,8 @@ static int btrfs_submit_direct_hook(struct btrfs_dio_private *dip) + if (!status) + return 0; + +- bio_put(bio); ++ if (bio != orig_bio) ++ bio_put(bio); + out_err: + dip->errors = 1; + /* +@@ -8491,7 +8491,7 @@ static void btrfs_submit_direct(struct bio *dio_bio, struct inode *inode, + bio->bi_private = dip; + dip->orig_bio = bio; + dip->dio_bio = dio_bio; +- atomic_set(&dip->pending_bios, 0); ++ atomic_set(&dip->pending_bios, 1); + io_bio = btrfs_io_bio(bio); + io_bio->logical = file_offset; + +-- +2.25.1 + diff --git a/queue-4.19/btrfs-fix-wrong-file-range-cleanup-after-an-error-fi.patch b/queue-4.19/btrfs-fix-wrong-file-range-cleanup-after-an-error-fi.patch new file mode 100644 index 00000000000..e3b14746cc0 --- /dev/null +++ b/queue-4.19/btrfs-fix-wrong-file-range-cleanup-after-an-error-fi.patch @@ -0,0 +1,46 @@ +From 2f7b3982d2df901d339da4ec4504f1a2e56388b7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 27 May 2020 11:15:53 +0100 +Subject: btrfs: fix wrong file range cleanup after an error filling dealloc + range + +From: Filipe Manana + +[ Upstream commit e2c8e92d1140754073ad3799eb6620c76bab2078 ] + +If an error happens while running dellaloc in COW mode for a range, we can +end up calling extent_clear_unlock_delalloc() for a range that goes beyond +our range's end offset by 1 byte, which affects 1 extra page. This results +in clearing bits and doing page operations (such as a page unlock) outside +our target range. + +Fix that by calling extent_clear_unlock_delalloc() with an inclusive end +offset, instead of an exclusive end offset, at cow_file_range(). + +Fixes: a315e68f6e8b30 ("Btrfs: fix invalid attempt to free reserved space on failure to cow range") +CC: stable@vger.kernel.org # 4.14+ +Signed-off-by: Filipe Manana +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/inode.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c +index b4f295a058d8..887f9ebc2bc2 100644 +--- a/fs/btrfs/inode.c ++++ b/fs/btrfs/inode.c +@@ -1136,8 +1136,8 @@ static noinline int cow_file_range(struct inode *inode, + */ + if (extent_reserved) { + extent_clear_unlock_delalloc(inode, start, +- start + cur_alloc_size, +- start + cur_alloc_size, ++ start + cur_alloc_size - 1, ++ start + cur_alloc_size - 1, + locked_page, + clear_bits, + page_ops); +-- +2.25.1 + diff --git a/queue-4.19/ima-call-ima_calc_boot_aggregate-in-ima_eventdigest_.patch b/queue-4.19/ima-call-ima_calc_boot_aggregate-in-ima_eventdigest_.patch new file mode 100644 index 00000000000..276a4d44105 --- /dev/null +++ b/queue-4.19/ima-call-ima_calc_boot_aggregate-in-ima_eventdigest_.patch @@ -0,0 +1,121 @@ +From 1698279f5a9fb1064b76be3377a4305178aa4072 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 3 Jun 2020 17:08:21 +0200 +Subject: ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() + +From: Roberto Sassu + +[ Upstream commit 6cc7c266e5b47d3cd2b5bb7fd3aac4e6bb2dd1d2 ] + +If the template field 'd' is chosen and the digest to be added to the +measurement entry was not calculated with SHA1 or MD5, it is +recalculated with SHA1, by using the passed file descriptor. However, this +cannot be done for boot_aggregate, because there is no file descriptor. + +This patch adds a call to ima_calc_boot_aggregate() in +ima_eventdigest_init(), so that the digest can be recalculated also for the +boot_aggregate entry. + +Cc: stable@vger.kernel.org # 3.13.x +Fixes: 3ce1217d6cd5d ("ima: define template fields library and new helpers") +Reported-by: Takashi Iwai +Signed-off-by: Roberto Sassu +Signed-off-by: Mimi Zohar +Signed-off-by: Sasha Levin +--- + security/integrity/ima/ima.h | 3 ++- + security/integrity/ima/ima_crypto.c | 6 +++--- + security/integrity/ima/ima_init.c | 2 +- + security/integrity/ima/ima_template_lib.c | 18 ++++++++++++++++++ + 4 files changed, 24 insertions(+), 5 deletions(-) + +diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h +index e7dfd460fe1d..d12b07eb3a58 100644 +--- a/security/integrity/ima/ima.h ++++ b/security/integrity/ima/ima.h +@@ -56,6 +56,7 @@ extern int ima_policy_flag; + extern int ima_hash_algo; + extern int ima_appraise; + extern struct tpm_chip *ima_tpm_chip; ++extern const char boot_aggregate_name[]; + + /* IMA event related data */ + struct ima_event_data { +@@ -139,7 +140,7 @@ int ima_calc_buffer_hash(const void *buf, loff_t len, + int ima_calc_field_array_hash(struct ima_field_data *field_data, + struct ima_template_desc *desc, int num_fields, + struct ima_digest_data *hash); +-int __init ima_calc_boot_aggregate(struct ima_digest_data *hash); ++int ima_calc_boot_aggregate(struct ima_digest_data *hash); + void ima_add_violation(struct file *file, const unsigned char *filename, + struct integrity_iint_cache *iint, + const char *op, const char *cause); +diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c +index 6a6d19ada66a..c5dd05ace28c 100644 +--- a/security/integrity/ima/ima_crypto.c ++++ b/security/integrity/ima/ima_crypto.c +@@ -663,8 +663,8 @@ static void __init ima_pcrread(int idx, u8 *pcr) + /* + * Calculate the boot aggregate hash + */ +-static int __init ima_calc_boot_aggregate_tfm(char *digest, +- struct crypto_shash *tfm) ++static int ima_calc_boot_aggregate_tfm(char *digest, ++ struct crypto_shash *tfm) + { + u8 pcr_i[TPM_DIGEST_SIZE]; + int rc, i; +@@ -688,7 +688,7 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest, + return rc; + } + +-int __init ima_calc_boot_aggregate(struct ima_digest_data *hash) ++int ima_calc_boot_aggregate(struct ima_digest_data *hash) + { + struct crypto_shash *tfm; + int rc; +diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c +index faac9ecaa0ae..a2bc4cb4482a 100644 +--- a/security/integrity/ima/ima_init.c ++++ b/security/integrity/ima/ima_init.c +@@ -25,7 +25,7 @@ + #include "ima.h" + + /* name for boot aggregate entry */ +-static const char *boot_aggregate_name = "boot_aggregate"; ++const char boot_aggregate_name[] = "boot_aggregate"; + struct tpm_chip *ima_tpm_chip; + + /* Add the boot aggregate to the IMA measurement list and extend +diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c +index 43752002c222..48c5a1be88ac 100644 +--- a/security/integrity/ima/ima_template_lib.c ++++ b/security/integrity/ima/ima_template_lib.c +@@ -284,6 +284,24 @@ int ima_eventdigest_init(struct ima_event_data *event_data, + goto out; + } + ++ if ((const char *)event_data->filename == boot_aggregate_name) { ++ if (ima_tpm_chip) { ++ hash.hdr.algo = HASH_ALGO_SHA1; ++ result = ima_calc_boot_aggregate(&hash.hdr); ++ ++ /* algo can change depending on available PCR banks */ ++ if (!result && hash.hdr.algo != HASH_ALGO_SHA1) ++ result = -EINVAL; ++ ++ if (result < 0) ++ memset(&hash, 0, sizeof(hash)); ++ } ++ ++ cur_digest = hash.hdr.digest; ++ cur_digestsize = hash_digest_size[HASH_ALGO_SHA1]; ++ goto out; ++ } ++ + if (!event_data->file) /* missing info to re-calculate the digest */ + return -EINVAL; + +-- +2.25.1 + diff --git a/queue-4.19/series b/queue-4.19/series index 8c2e75dc8cf..5ec757dced9 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -225,3 +225,6 @@ serial-8250_pci-move-pericom-ids-to-pci_ids.h.patch pci-make-acs-quirk-implementations-more-uniform.patch pci-unify-acs-quirk-desired-vs-provided-checking.patch pci-generalize-multi-function-power-dependency-devic.patch +btrfs-fix-error-handling-when-submitting-direct-i-o-.patch +btrfs-fix-wrong-file-range-cleanup-after-an-error-fi.patch +ima-call-ima_calc_boot_aggregate-in-ima_eventdigest_.patch