From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 24 Jul 2020 09:52:00 +0000 (+0200)
Subject: 4.14-stable patches
X-Git-Tag: v4.14.190~38
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=674c31b632029818329b1a54155c9a655b59eef1;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	ib-umem-fix-reference-count-leak-in-ib_umem_odp_get.patch
---

diff --git a/queue-4.14/ib-umem-fix-reference-count-leak-in-ib_umem_odp_get.patch b/queue-4.14/ib-umem-fix-reference-count-leak-in-ib_umem_odp_get.patch
new file mode 100644
index 00000000000..b3235095ed4
--- /dev/null
+++ b/queue-4.14/ib-umem-fix-reference-count-leak-in-ib_umem_odp_get.patch
@@ -0,0 +1,36 @@
+From yangyingliang@huawei.com  Fri Jul 24 11:49:59 2020
+From: Yang Yingliang <yangyingliang@huawei.com>
+Date: Tue, 14 Jul 2020 14:56:39 +0000
+Subject: IB/umem: fix reference count leak in ib_umem_odp_get()
+To: <stable@vger.kernel.org>, <linux-rdma@vger.kernel.org>
+Cc: <sashal@kernel.org>, <gregkh@linuxfoundation.org>, <dledford@redhat.com>, <jgg@ziepe.ca>, <hal.rosenstock@gmail.com>, <yangyingliang@huawei.com>
+Message-ID: <20200714145639.1381719-1-yangyingliang@huawei.com>
+
+From: Yang Yingliang <yangyingliang@huawei.com>
+
+Add missing mmput() on error path to avoid ref-count leak.
+
+This problem is introduced by 79bb5b7ee177 ("RDMA/umem: Fix missing mmap_sem in get umem ODP call")
+and resolved by f27a0d50a4bc ("RDMA/umem: Use umem->owning_mm inside ODP").
+So, it's only needed in stable-4.14 and stable-4.19.
+
+Fixes: 79bb5b7ee177 ("RDMA/umem: Fix missing mmap_sem in get umem ODP call")
+Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/core/umem_odp.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/infiniband/core/umem_odp.c
++++ b/drivers/infiniband/core/umem_odp.c
+@@ -306,7 +306,8 @@ int ib_umem_odp_get(struct ib_ucontext *
+ 		vma = find_vma(mm, ib_umem_start(umem));
+ 		if (!vma || !is_vm_hugetlb_page(vma)) {
+ 			up_read(&mm->mmap_sem);
+-			return -EINVAL;
++			ret_val = -EINVAL;
++			goto out_mm;
+ 		}
+ 		h = hstate_vma(vma);
+ 		umem->page_shift = huge_page_shift(h);
diff --git a/queue-4.14/series b/queue-4.14/series
index 65610f4f52c..b5965284ea7 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -11,3 +11,4 @@ drm-nouveau-i2c-g94-increase-nv_pmgr_dp_auxctl_trans.patch
 irqdomain-treewide-keep-firmware-node-unconditionall.patch
 sunrpc-reverting-d03727b248d0-nfsv4-fix-close-not-waiting-for-direct-io-compeletion.patch
 spi-spi-fsl-dspi-exit-the-isr-with-irq_none-when-it-s-not-ours.patch
+ib-umem-fix-reference-count-leak-in-ib_umem_odp_get.patch