From: Greg Kroah-Hartman Date: Fri, 10 May 2013 21:00:51 +0000 (-0700) Subject: 3.9-stable patches X-Git-Tag: v3.9.2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=862bc9a736fcfcf8e0448b40d6191116c5af3350;p=thirdparty%2Fkernel%2Fstable-queue.git 3.9-stable patches added patches: hp_accel-ignore-the-error-from-lis3lv02d_poweron-at-resume.patch nfsd4-don-t-allow-owner-override-on-4.1-claim_fh-opens.patch nfsd-fix-oops-when-legacy_recdir_name_error-is-passed-a.patch x86-vm86-fix-vm86-syscalls-use-syscall_definex.patch --- diff --git a/queue-3.9/hp_accel-ignore-the-error-from-lis3lv02d_poweron-at-resume.patch b/queue-3.9/hp_accel-ignore-the-error-from-lis3lv02d_poweron-at-resume.patch new file mode 100644 index 00000000000..d3400cb3708 --- /dev/null +++ b/queue-3.9/hp_accel-ignore-the-error-from-lis3lv02d_poweron-at-resume.patch @@ -0,0 +1,36 @@ +From 7783819920ca52fc582a2782f654fe6ed373f465 Mon Sep 17 00:00:00 2001 +From: Shuah Khan +Date: Sat, 9 Mar 2013 11:39:22 -0700 +Subject: hp_accel: Ignore the error from lis3lv02d_poweron() at resume + +From: Shuah Khan + +commit 7783819920ca52fc582a2782f654fe6ed373f465 upstream. + +The error in lis3lv02_poweron() is harmless in the resume path, so +we should ignore it. It is inline with the other usages of lis3lv02_poweron() +and matches the 3.0 code for this routine. This patch is in suse git and +might have missed making it into the mainline. +opensuse - commit id: 66ccdac87c322cf7af12bddba8c805af640b1cff + +Signed-off-by: Takashi Iwai +Signed-off-by: Shuah Khan +Signed-off-by: Matthew Garrett +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/platform/x86/hp_accel.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/platform/x86/hp_accel.c ++++ b/drivers/platform/x86/hp_accel.c +@@ -362,7 +362,8 @@ static int lis3lv02d_suspend(struct devi + + static int lis3lv02d_resume(struct device *dev) + { +- return lis3lv02d_poweron(&lis3_dev); ++ lis3lv02d_poweron(&lis3_dev); ++ return 0; + } + + static SIMPLE_DEV_PM_OPS(hp_accel_pm, lis3lv02d_suspend, lis3lv02d_resume); diff --git a/queue-3.9/nfsd-fix-oops-when-legacy_recdir_name_error-is-passed-a.patch b/queue-3.9/nfsd-fix-oops-when-legacy_recdir_name_error-is-passed-a.patch new file mode 100644 index 00000000000..2f5a633ee35 --- /dev/null +++ b/queue-3.9/nfsd-fix-oops-when-legacy_recdir_name_error-is-passed-a.patch @@ -0,0 +1,129 @@ +From 7255e716b1757dc10fa5e3a4d2eaab303ff9f7b6 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Thu, 9 May 2013 08:36:23 -0400 +Subject: nfsd: fix oops when legacy_recdir_name_error is passed a + -ENOENT error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Jeff Layton + +commit 7255e716b1757dc10fa5e3a4d2eaab303ff9f7b6 upstream. + +Toralf reported the following oops to the linux-nfs mailing list: + + -----------------[snip]------------------ + NFSD: unable to generate recoverydir name (-2). + NFSD: disabling legacy clientid tracking. Reboot recovery will not function correctly! + BUG: unable to handle kernel NULL pointer dereference at 000003c8 + IP: [] nfsd4_client_tracking_exit+0x11/0x50 [nfsd] + *pdpt = 000000002ba33001 *pde = 0000000000000000 + Oops: 0000 [#1] SMP + Modules linked in: loop nfsd auth_rpcgss ipt_MASQUERADE xt_owner xt_multiport ipt_REJECT xt_tcpudp xt_recent xt_conntrack nf_conntrack_ftp xt_limit xt_LOG iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_filter ip_tables x_tables af_packet pppoe pppox ppp_generic slhc bridge stp llc tun arc4 iwldvm mac80211 coretemp kvm_intel uvcvideo sdhci_pci sdhci mmc_core videobuf2_vmalloc videobuf2_memops usblp videobuf2_core i915 iwlwifi psmouse videodev cfg80211 kvm fbcon bitblit cfbfillrect acpi_cpufreq mperf evdev softcursor font cfbimgblt i2c_algo_bit cfbcopyarea intel_agp intel_gtt drm_kms_helper snd_hda_codec_conexant drm agpgart fb fbdev tpm_tis thinkpad_acpi tpm nvram e1000e rfkill thermal ptp wmi pps_core tpm_bios 8250_pci processor 8250 ac snd_hda_intel snd_hda_codec snd_pcm battery video i2c_i801 snd_page_alloc snd_timer button serial_core i2c_core snd soundcore thermal_sys hwmon aesni_intel ablk_helper cryp +td lrw aes_i586 xts gf128mul cbc fuse nfs lockd sunrpc dm_crypt dm_mod hid_monterey hid_microsoft hid_logitech hid_ezkey hid_cypress hid_chicony hid_cherry hid_belkin hid_apple hid_a4tech hid_generic usbhid hid sr_mod cdrom sg [last unloaded: microcode] + Pid: 6374, comm: nfsd Not tainted 3.9.1 #6 LENOVO 4180F65/4180F65 + EIP: 0060:[] EFLAGS: 00010202 CPU: 0 + EIP is at nfsd4_client_tracking_exit+0x11/0x50 [nfsd] + EAX: 00000000 EBX: fffffffe ECX: 00000007 EDX: 00000007 + ESI: eb9dcb00 EDI: eb2991c0 EBP: eb2bde38 ESP: eb2bde34 + DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 + CR0: 80050033 CR2: 000003c8 CR3: 2ba80000 CR4: 000407f0 + DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 + DR6: ffff0ff0 DR7: 00000400 + Process nfsd (pid: 6374, ti=eb2bc000 task=eb2711c0 task.ti=eb2bc000) + Stack: + fffffffe eb2bde4c f90a3e0c f90a7754 fffffffe eb0a9c00 eb2bdea0 f90a41ed + eb2991c0 1b270000 eb2991c0 eb2bde7c f9099ce9 eb2bde98 0129a020 eb29a020 + eb2bdecc eb2991c0 eb2bdea8 f9099da5 00000000 eb9dcb00 00000001 67822f08 + Call Trace: + [] legacy_recdir_name_error+0x3c/0x40 [nfsd] + [] nfsd4_create_clid_dir+0x15d/0x1c0 [nfsd] + [] ? nfsd4_lookup_stateid+0x99/0xd0 [nfsd] + [] ? nfs4_preprocess_seqid_op+0x85/0x100 [nfsd] + [] nfsd4_client_record_create+0x37/0x50 [nfsd] + [] nfsd4_open_confirm+0xfe/0x130 [nfsd] + [] ? nfsd4_encode_operation+0x61/0x90 [nfsd] + [] ? nfsd4_free_stateid+0xc0/0xc0 [nfsd] + [] nfsd4_proc_compound+0x41b/0x530 [nfsd] + [] nfsd_dispatch+0x8b/0x1a0 [nfsd] + [] svc_process+0x3dd/0x640 [sunrpc] + [] nfsd+0xad/0x110 [nfsd] + [] ? nfsd_destroy+0x70/0x70 [nfsd] + [] kthread+0x94/0xa0 + [] ret_from_kernel_thread+0x1b/0x28 + [] ? flush_kthread_work+0xd0/0xd0 + Code: 86 b0 00 00 00 90 c5 0a f9 c7 04 24 70 76 0a f9 e8 74 a9 3d c8 eb ba 8d 76 00 55 89 e5 53 66 66 66 66 90 8b 15 68 c7 0a f9 85 d2 <8b> 88 c8 03 00 00 74 2c 3b 11 77 28 8b 5c 91 08 85 db 74 22 8b + EIP: [] nfsd4_client_tracking_exit+0x11/0x50 [nfsd] SS:ESP 0068:eb2bde34 + CR2: 00000000000003c8 + ---[ end trace 09e54015d145c9c6 ]--- + +The problem appears to be a regression that was introduced in commit +9a9c6478 "nfsd: make NFSv4 recovery client tracking options per net". +Prior to that commit, it was safe to pass a NULL net pointer to +nfsd4_client_tracking_exit in the legacy recdir case, and +legacy_recdir_name_error did so. After that comit, the net pointer must +be valid. + +This patch just fixes legacy_recdir_name_error to pass in a valid net +pointer to that function. + +Reported-and-tested-by: Toralf Förster +Cc: Stanislav Kinsbursky +Signed-off-by: Jeff Layton +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4recover.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +--- a/fs/nfsd/nfs4recover.c ++++ b/fs/nfsd/nfs4recover.c +@@ -146,7 +146,7 @@ out_no_tfm: + * then disable recovery tracking. + */ + static void +-legacy_recdir_name_error(int error) ++legacy_recdir_name_error(struct nfs4_client *clp, int error) + { + printk(KERN_ERR "NFSD: unable to generate recoverydir " + "name (%d).\n", error); +@@ -159,9 +159,7 @@ legacy_recdir_name_error(int error) + if (error == -ENOENT) { + printk(KERN_ERR "NFSD: disabling legacy clientid tracking. " + "Reboot recovery will not function correctly!\n"); +- +- /* the argument is ignored by the legacy exit function */ +- nfsd4_client_tracking_exit(NULL); ++ nfsd4_client_tracking_exit(clp->net); + } + } + +@@ -184,7 +182,7 @@ nfsd4_create_clid_dir(struct nfs4_client + + status = nfs4_make_rec_clidname(dname, &clp->cl_name); + if (status) +- return legacy_recdir_name_error(status); ++ return legacy_recdir_name_error(clp, status); + + status = nfs4_save_creds(&original_cred); + if (status < 0) +@@ -341,7 +339,7 @@ nfsd4_remove_clid_dir(struct nfs4_client + + status = nfs4_make_rec_clidname(dname, &clp->cl_name); + if (status) +- return legacy_recdir_name_error(status); ++ return legacy_recdir_name_error(clp, status); + + status = mnt_want_write_file(nn->rec_file); + if (status) +@@ -601,7 +599,7 @@ nfsd4_check_legacy_client(struct nfs4_cl + + status = nfs4_make_rec_clidname(dname, &clp->cl_name); + if (status) { +- legacy_recdir_name_error(status); ++ legacy_recdir_name_error(clp, status); + return status; + } + diff --git a/queue-3.9/nfsd4-don-t-allow-owner-override-on-4.1-claim_fh-opens.patch b/queue-3.9/nfsd4-don-t-allow-owner-override-on-4.1-claim_fh-opens.patch new file mode 100644 index 00000000000..5256399f9fd --- /dev/null +++ b/queue-3.9/nfsd4-don-t-allow-owner-override-on-4.1-claim_fh-opens.patch @@ -0,0 +1,65 @@ +From 9f415eb25574db4b73a9a712a4438e41dc284922 Mon Sep 17 00:00:00 2001 +From: "J. Bruce Fields" +Date: Fri, 3 May 2013 16:09:09 -0400 +Subject: nfsd4: don't allow owner override on 4.1 CLAIM_FH opens + +From: "J. Bruce Fields" + +commit 9f415eb25574db4b73a9a712a4438e41dc284922 upstream. + +The Linux client is using CLAIM_FH to implement regular opens, not just +recovery cases, so it depends on the server to check permissions +correctly. + +Therefore the owner override, which may make sense in the delegation +recovery case, isn't right in the CLAIM_FH case. + +Symptoms: on a client with 49f9a0fafd844c32f2abada047c0b9a5ba0d6255 +"NFSv4.1: Enable open-by-filehandle", Bryan noticed this: + + touch test.txt + chmod 000 test.txt + echo test > test.txt + +succeeding. + +Reported-by: Bryan Schumaker +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4proc.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +--- a/fs/nfsd/nfs4proc.c ++++ b/fs/nfsd/nfs4proc.c +@@ -271,6 +271,7 @@ static __be32 + do_open_fhandle(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open) + { + __be32 status; ++ int accmode = 0; + + /* We don't know the target directory, and therefore can not + * set the change info +@@ -284,9 +285,19 @@ do_open_fhandle(struct svc_rqst *rqstp, + + open->op_truncate = (open->op_iattr.ia_valid & ATTR_SIZE) && + (open->op_iattr.ia_size == 0); ++ /* ++ * In the delegation case, the client is telling us about an ++ * open that it *already* performed locally, some time ago. We ++ * should let it succeed now if possible. ++ * ++ * In the case of a CLAIM_FH open, on the other hand, the client ++ * may be counting on us to enforce permissions (the Linux 4.1 ++ * client uses this for normal opens, for example). ++ */ ++ if (open->op_claim_type == NFS4_OPEN_CLAIM_DELEG_CUR_FH) ++ accmode = NFSD_MAY_OWNER_OVERRIDE; + +- status = do_open_permission(rqstp, current_fh, open, +- NFSD_MAY_OWNER_OVERRIDE); ++ status = do_open_permission(rqstp, current_fh, open, accmode); + + return status; + } diff --git a/queue-3.9/series b/queue-3.9/series index dcf907a5bfc..b51f0fa9874 100644 --- a/queue-3.9/series +++ b/queue-3.9/series @@ -21,3 +21,7 @@ sched-avoid-cputime-scaling-overflow.patch sched-do-not-account-bogus-utime.patch revert-math64-new-div64_u64_rem-helper.patch sched-avoid-prev-stime-underflow.patch +nfsd4-don-t-allow-owner-override-on-4.1-claim_fh-opens.patch +nfsd-fix-oops-when-legacy_recdir_name_error-is-passed-a.patch +hp_accel-ignore-the-error-from-lis3lv02d_poweron-at-resume.patch +x86-vm86-fix-vm86-syscalls-use-syscall_definex.patch diff --git a/queue-3.9/x86-vm86-fix-vm86-syscalls-use-syscall_definex.patch b/queue-3.9/x86-vm86-fix-vm86-syscalls-use-syscall_definex.patch new file mode 100644 index 00000000000..b73338e10a7 --- /dev/null +++ b/queue-3.9/x86-vm86-fix-vm86-syscalls-use-syscall_definex.patch @@ -0,0 +1,152 @@ +From 5522ddb3fc0dfd4a503c8278eafd88c9f2d3fada Mon Sep 17 00:00:00 2001 +From: Alexander van Heukelum +Date: Wed, 27 Mar 2013 22:18:05 +0100 +Subject: x86, vm86: fix VM86 syscalls: use SYSCALL_DEFINEx(...) + +From: Alexander van Heukelum + +commit 5522ddb3fc0dfd4a503c8278eafd88c9f2d3fada upstream. + +Commit 49cb25e9290 x86: 'get rid of pt_regs argument in vm86/vm86old' +got rid of the pt_regs stub for sys_vm86old and sys_vm86. The functions +were, however, not changed to use the calling convention for syscalls. + +[AV: killed asmlinkage_protect() - it's done automatically now] + +Reported-and-tested-by: Hans de Bruin +Signed-off-by: Alexander van Heukelum +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/include/asm/syscalls.h | 4 ++-- + arch/x86/kernel/vm86_32.c | 38 ++++++++++++++------------------------ + 2 files changed, 16 insertions(+), 26 deletions(-) + +--- a/arch/x86/include/asm/syscalls.h ++++ b/arch/x86/include/asm/syscalls.h +@@ -37,8 +37,8 @@ asmlinkage int sys_get_thread_area(struc + unsigned long sys_sigreturn(void); + + /* kernel/vm86_32.c */ +-int sys_vm86old(struct vm86_struct __user *); +-int sys_vm86(unsigned long, unsigned long); ++asmlinkage long sys_vm86old(struct vm86_struct __user *); ++asmlinkage long sys_vm86(unsigned long, unsigned long); + + #else /* CONFIG_X86_32 */ + +--- a/arch/x86/kernel/vm86_32.c ++++ b/arch/x86/kernel/vm86_32.c +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -48,7 +49,6 @@ + #include + #include + #include +-#include + + /* + * Known problems: +@@ -202,36 +202,32 @@ out: + static int do_vm86_irq_handling(int subfunction, int irqnumber); + static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk); + +-int sys_vm86old(struct vm86_struct __user *v86) ++SYSCALL_DEFINE1(vm86old, struct vm86_struct __user *, v86) + { + struct kernel_vm86_struct info; /* declare this _on top_, + * this avoids wasting of stack space. + * This remains on the stack until we + * return to 32 bit user space. + */ +- struct task_struct *tsk; +- int tmp, ret = -EPERM; ++ struct task_struct *tsk = current; ++ int tmp; + +- tsk = current; + if (tsk->thread.saved_sp0) +- goto out; ++ return -EPERM; + tmp = copy_vm86_regs_from_user(&info.regs, &v86->regs, + offsetof(struct kernel_vm86_struct, vm86plus) - + sizeof(info.regs)); +- ret = -EFAULT; + if (tmp) +- goto out; ++ return -EFAULT; + memset(&info.vm86plus, 0, (int)&info.regs32 - (int)&info.vm86plus); + info.regs32 = current_pt_regs(); + tsk->thread.vm86_info = v86; + do_sys_vm86(&info, tsk); +- ret = 0; /* we never return here */ +-out: +- return ret; ++ return 0; /* we never return here */ + } + + +-int sys_vm86(unsigned long cmd, unsigned long arg) ++SYSCALL_DEFINE2(vm86, unsigned long, cmd, unsigned long, arg) + { + struct kernel_vm86_struct info; /* declare this _on top_, + * this avoids wasting of stack space. +@@ -239,7 +235,7 @@ int sys_vm86(unsigned long cmd, unsigned + * return to 32 bit user space. + */ + struct task_struct *tsk; +- int tmp, ret; ++ int tmp; + struct vm86plus_struct __user *v86; + + tsk = current; +@@ -248,8 +244,7 @@ int sys_vm86(unsigned long cmd, unsigned + case VM86_FREE_IRQ: + case VM86_GET_IRQ_BITS: + case VM86_GET_AND_RESET_IRQ: +- ret = do_vm86_irq_handling(cmd, (int)arg); +- goto out; ++ return do_vm86_irq_handling(cmd, (int)arg); + case VM86_PLUS_INSTALL_CHECK: + /* + * NOTE: on old vm86 stuff this will return the error +@@ -257,28 +252,23 @@ int sys_vm86(unsigned long cmd, unsigned + * interpreted as (invalid) address to vm86_struct. + * So the installation check works. + */ +- ret = 0; +- goto out; ++ return 0; + } + + /* we come here only for functions VM86_ENTER, VM86_ENTER_NO_BYPASS */ +- ret = -EPERM; + if (tsk->thread.saved_sp0) +- goto out; ++ return -EPERM; + v86 = (struct vm86plus_struct __user *)arg; + tmp = copy_vm86_regs_from_user(&info.regs, &v86->regs, + offsetof(struct kernel_vm86_struct, regs32) - + sizeof(info.regs)); +- ret = -EFAULT; + if (tmp) +- goto out; ++ return -EFAULT; + info.regs32 = current_pt_regs(); + info.vm86plus.is_vm86pus = 1; + tsk->thread.vm86_info = (struct vm86_struct __user *)v86; + do_sys_vm86(&info, tsk); +- ret = 0; /* we never return here */ +-out: +- return ret; ++ return 0; /* we never return here */ + } + +