From: Greg Kroah-Hartman Date: Sun, 13 Mar 2016 03:47:39 +0000 (-0800) Subject: 4.4-stable patches X-Git-Tag: v4.4.6~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=946ad61b8fb4d07d919a23140581ce82b44090d0;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: ovl-copy-new-uid-gid-into-overlayfs-runtime-inode.patch ovl-fix-getcwd-failure-after-unsuccessful-rmdir.patch userfaultfd-don-t-block-on-the-last-vm-updates-at-exit-time.patch --- diff --git a/queue-4.4/ovl-copy-new-uid-gid-into-overlayfs-runtime-inode.patch b/queue-4.4/ovl-copy-new-uid-gid-into-overlayfs-runtime-inode.patch new file mode 100644 index 00000000000..fc873988572 --- /dev/null +++ b/queue-4.4/ovl-copy-new-uid-gid-into-overlayfs-runtime-inode.patch @@ -0,0 +1,31 @@ +From b81de061fa59f17d2730aabb1b84419ef3913810 Mon Sep 17 00:00:00 2001 +From: Konstantin Khlebnikov +Date: Sun, 31 Jan 2016 16:21:29 +0300 +Subject: ovl: copy new uid/gid into overlayfs runtime inode + +From: Konstantin Khlebnikov + +commit b81de061fa59f17d2730aabb1b84419ef3913810 upstream. + +Overlayfs must update uid/gid after chown, otherwise functions +like inode_owner_or_capable() will check user against stale uid. +Catched by xfstests generic/087, it chowns file and calls utimes. + +Signed-off-by: Konstantin Khlebnikov +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman +--- + fs/overlayfs/inode.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/overlayfs/inode.c ++++ b/fs/overlayfs/inode.c +@@ -65,6 +65,8 @@ int ovl_setattr(struct dentry *dentry, s + + mutex_lock(&upperdentry->d_inode->i_mutex); + err = notify_change(upperdentry, attr, NULL); ++ if (!err) ++ ovl_copyattr(upperdentry->d_inode, dentry->d_inode); + mutex_unlock(&upperdentry->d_inode->i_mutex); + } + ovl_drop_write(dentry); diff --git a/queue-4.4/ovl-fix-getcwd-failure-after-unsuccessful-rmdir.patch b/queue-4.4/ovl-fix-getcwd-failure-after-unsuccessful-rmdir.patch new file mode 100644 index 00000000000..d2cf475cdd0 --- /dev/null +++ b/queue-4.4/ovl-fix-getcwd-failure-after-unsuccessful-rmdir.patch @@ -0,0 +1,37 @@ +From ce9113bbcbf45a57c082d6603b9a9f342be3ef74 Mon Sep 17 00:00:00 2001 +From: Rui Wang +Date: Fri, 8 Jan 2016 23:09:59 +0800 +Subject: ovl: fix getcwd() failure after unsuccessful rmdir + +From: Rui Wang + +commit ce9113bbcbf45a57c082d6603b9a9f342be3ef74 upstream. + +ovl_remove_upper() should do d_drop() only after it successfully +removes the dir, otherwise a subsequent getcwd() system call will +fail, breaking userspace programs. + +This is to fix: https://bugzilla.kernel.org/show_bug.cgi?id=110491 + +Signed-off-by: Rui Wang +Reviewed-by: Konstantin Khlebnikov +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + + +--- + fs/overlayfs/dir.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/overlayfs/dir.c ++++ b/fs/overlayfs/dir.c +@@ -618,7 +618,8 @@ static int ovl_remove_upper(struct dentr + * sole user of this dentry. Too tricky... Just unhash for + * now. + */ +- d_drop(dentry); ++ if (!err) ++ d_drop(dentry); + mutex_unlock(&dir->i_mutex); + + return err; diff --git a/queue-4.4/series b/queue-4.4/series index e0325e4487c..db18604146c 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -40,3 +40,6 @@ revert-drm-radeon-pm-adjust-display-configuration-after-powerstate.patch powerpc-fix-dedotify-for-binutils-2.26.patch powerpc-powernv-add-a-kmsg_dumper-that-flushes-console-output-on-panic.patch powerpc-powernv-fix-opal_console_flush-prototype-and-usages.patch +userfaultfd-don-t-block-on-the-last-vm-updates-at-exit-time.patch +ovl-copy-new-uid-gid-into-overlayfs-runtime-inode.patch +ovl-fix-getcwd-failure-after-unsuccessful-rmdir.patch diff --git a/queue-4.4/userfaultfd-don-t-block-on-the-last-vm-updates-at-exit-time.patch b/queue-4.4/userfaultfd-don-t-block-on-the-last-vm-updates-at-exit-time.patch new file mode 100644 index 00000000000..86abb0fd779 --- /dev/null +++ b/queue-4.4/userfaultfd-don-t-block-on-the-last-vm-updates-at-exit-time.patch @@ -0,0 +1,55 @@ +From 39680f50ae54cbbb6e72ac38b8329dd3eb9105f4 Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Tue, 1 Mar 2016 11:56:22 -0800 +Subject: userfaultfd: don't block on the last VM updates at exit time + +From: Linus Torvalds + +commit 39680f50ae54cbbb6e72ac38b8329dd3eb9105f4 upstream. + +The exit path will do some final updates to the VM of an exiting process +to inform others of the fact that the process is going away. + +That happens, for example, for robust futex state cleanup, but also if +the parent has asked for a TID update when the process exits (we clear +the child tid field in user space). + +However, at the time we do those final VM accesses, we've already +stopped accepting signals, so the usual "stop waiting for userfaults on +signal" code in fs/userfaultfd.c no longer works, and the process can +become an unkillable zombie waiting for something that will never +happen. + +To solve this, just make handle_userfault() abort any user fault +handling if we're already in the exit path past the signal handling +state being dead (marked by PF_EXITING). + +This VM special case is pretty ugly, and it is possible that we should +look at finalizing signals later (or move the VM final accesses +earlier). But in the meantime this is a fairly minimally intrusive fix. + +Reported-and-tested-by: Dmitry Vyukov +Acked-by: Andrea Arcangeli +Signed-off-by: Linus Torvalds +Cc: Sedat Dilek +Signed-off-by: Greg Kroah-Hartman + +--- + fs/userfaultfd.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/fs/userfaultfd.c ++++ b/fs/userfaultfd.c +@@ -287,6 +287,12 @@ int handle_userfault(struct vm_area_stru + goto out; + + /* ++ * We don't do userfault handling for the final child pid update. ++ */ ++ if (current->flags & PF_EXITING) ++ goto out; ++ ++ /* + * Check that we can return VM_FAULT_RETRY. + * + * NOTE: it should become possible to return VM_FAULT_RETRY