From: Greg Kroah-Hartman Date: Mon, 7 Oct 2024 15:42:22 +0000 (+0200) Subject: 5.10-stable patches X-Git-Tag: v6.6.55~85 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b8f09016cf4ce2eba2f457e2059cfca268603b02;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: exfat-fix-memory-leak-in-exfat_load_bitmap.patch nfsd-fix-delegation_blocked-to-block-correctly-for-at-least-30-seconds.patch nfsd-fix-nfsv4-s-putpubfh-operation.patch nfsd-map-the-ebadmsg-to-nfserr_io-to-avoid-warning.patch riscv-define-illegal_pointer_value-for-64bit.patch --- diff --git a/queue-5.10/exfat-fix-memory-leak-in-exfat_load_bitmap.patch b/queue-5.10/exfat-fix-memory-leak-in-exfat_load_bitmap.patch new file mode 100644 index 00000000000..a770b56c135 --- /dev/null +++ b/queue-5.10/exfat-fix-memory-leak-in-exfat_load_bitmap.patch @@ -0,0 +1,49 @@ +From d2b537b3e533f28e0d97293fe9293161fe8cd137 Mon Sep 17 00:00:00 2001 +From: Yuezhang Mo +Date: Tue, 3 Sep 2024 15:01:09 +0800 +Subject: exfat: fix memory leak in exfat_load_bitmap() + +From: Yuezhang Mo + +commit d2b537b3e533f28e0d97293fe9293161fe8cd137 upstream. + +If the first directory entry in the root directory is not a bitmap +directory entry, 'bh' will not be released and reassigned, which +will cause a memory leak. + +Fixes: 1e49a94cf707 ("exfat: add bitmap operations") +Cc: stable@vger.kernel.org +Signed-off-by: Yuezhang Mo +Reviewed-by: Aoyama Wataru +Signed-off-by: Namjae Jeon +Signed-off-by: Greg Kroah-Hartman +--- + fs/exfat/balloc.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/fs/exfat/balloc.c ++++ b/fs/exfat/balloc.c +@@ -110,11 +110,8 @@ int exfat_load_bitmap(struct super_block + return -EIO; + + type = exfat_get_entry_type(ep); +- if (type == TYPE_UNUSED) +- break; +- if (type != TYPE_BITMAP) +- continue; +- if (ep->dentry.bitmap.flags == 0x0) { ++ if (type == TYPE_BITMAP && ++ ep->dentry.bitmap.flags == 0x0) { + int err; + + err = exfat_allocate_bitmap(sb, ep); +@@ -122,6 +119,9 @@ int exfat_load_bitmap(struct super_block + return err; + } + brelse(bh); ++ ++ if (type == TYPE_UNUSED) ++ return -EINVAL; + } + + if (exfat_get_next_cluster(sb, &clu.dir)) diff --git a/queue-5.10/nfsd-fix-delegation_blocked-to-block-correctly-for-at-least-30-seconds.patch b/queue-5.10/nfsd-fix-delegation_blocked-to-block-correctly-for-at-least-30-seconds.patch new file mode 100644 index 00000000000..bb4f78f71d4 --- /dev/null +++ b/queue-5.10/nfsd-fix-delegation_blocked-to-block-correctly-for-at-least-30-seconds.patch @@ -0,0 +1,59 @@ +From 45bb63ed20e02ae146336412889fe5450316a84f Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Mon, 9 Sep 2024 15:06:36 +1000 +Subject: nfsd: fix delegation_blocked() to block correctly for at least 30 seconds + +From: NeilBrown + +commit 45bb63ed20e02ae146336412889fe5450316a84f upstream. + +The pair of bloom filtered used by delegation_blocked() was intended to +block delegations on given filehandles for between 30 and 60 seconds. A +new filehandle would be recorded in the "new" bit set. That would then +be switch to the "old" bit set between 0 and 30 seconds later, and it +would remain as the "old" bit set for 30 seconds. + +Unfortunately the code intended to clear the old bit set once it reached +30 seconds old, preparing it to be the next new bit set, instead cleared +the *new* bit set before switching it to be the old bit set. This means +that the "old" bit set is always empty and delegations are blocked +between 0 and 30 seconds. + +This patch updates bd->new before clearing the set with that index, +instead of afterwards. + +Reported-by: Olga Kornievskaia +Cc: stable@vger.kernel.org +Fixes: 6282cd565553 ("NFSD: Don't hand out delegations for 30 seconds after recalling them.") +Signed-off-by: NeilBrown +Reviewed-by: Benjamin Coddington +Reviewed-by: Jeff Layton +Signed-off-by: Chuck Lever +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfsd/nfs4state.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/fs/nfsd/nfs4state.c ++++ b/fs/nfsd/nfs4state.c +@@ -1090,7 +1090,8 @@ static void nfs4_free_deleg(struct nfs4_ + * When a delegation is recalled, the filehandle is stored in the "new" + * filter. + * Every 30 seconds we swap the filters and clear the "new" one, +- * unless both are empty of course. ++ * unless both are empty of course. This results in delegations for a ++ * given filehandle being blocked for between 30 and 60 seconds. + * + * Each filter is 256 bits. We hash the filehandle to 32bit and use the + * low 3 bytes as hash-table indices. +@@ -1119,9 +1120,9 @@ static int delegation_blocked(struct knf + if (ktime_get_seconds() - bd->swap_time > 30) { + bd->entries -= bd->old_entries; + bd->old_entries = bd->entries; ++ bd->new = 1-bd->new; + memset(bd->set[bd->new], 0, + sizeof(bd->set[0])); +- bd->new = 1-bd->new; + bd->swap_time = ktime_get_seconds(); + } + spin_unlock(&blocked_delegations_lock); diff --git a/queue-5.10/nfsd-fix-nfsv4-s-putpubfh-operation.patch b/queue-5.10/nfsd-fix-nfsv4-s-putpubfh-operation.patch new file mode 100644 index 00000000000..01f7c9562b8 --- /dev/null +++ b/queue-5.10/nfsd-fix-nfsv4-s-putpubfh-operation.patch @@ -0,0 +1,55 @@ +From 202f39039a11402dcbcd5fece8d9fa6be83f49ae Mon Sep 17 00:00:00 2001 +From: Chuck Lever +Date: Sun, 11 Aug 2024 13:11:07 -0400 +Subject: NFSD: Fix NFSv4's PUTPUBFH operation + +From: Chuck Lever + +commit 202f39039a11402dcbcd5fece8d9fa6be83f49ae upstream. + +According to RFC 8881, all minor versions of NFSv4 support PUTPUBFH. + +Replace the XDR decoder for PUTPUBFH with a "noop" since we no +longer want the minorversion check, and PUTPUBFH has no arguments to +decode. (Ideally nfsd4_decode_noop should really be called +nfsd4_decode_void). + +PUTPUBFH should now behave just like PUTROOTFH. + +Reported-by: Cedric Blancher +Fixes: e1a90ebd8b23 ("NFSD: Combine decode operations for v4 and v4.1") +Cc: Dan Shelton +Cc: Roland Mainz +Cc: stable@vger.kernel.org +Signed-off-by: Chuck Lever +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfsd/nfs4xdr.c | 10 +--------- + 1 file changed, 1 insertion(+), 9 deletions(-) + +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -1246,14 +1246,6 @@ nfsd4_decode_putfh(struct nfsd4_compound + } + + static __be32 +-nfsd4_decode_putpubfh(struct nfsd4_compoundargs *argp, union nfsd4_op_u *p) +-{ +- if (argp->minorversion == 0) +- return nfs_ok; +- return nfserr_notsupp; +-} +- +-static __be32 + nfsd4_decode_read(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) + { + struct nfsd4_read *read = &u->read; +@@ -2345,7 +2337,7 @@ static const nfsd4_dec nfsd4_dec_ops[] = + [OP_OPEN_CONFIRM] = nfsd4_decode_open_confirm, + [OP_OPEN_DOWNGRADE] = nfsd4_decode_open_downgrade, + [OP_PUTFH] = nfsd4_decode_putfh, +- [OP_PUTPUBFH] = nfsd4_decode_putpubfh, ++ [OP_PUTPUBFH] = nfsd4_decode_noop, + [OP_PUTROOTFH] = nfsd4_decode_noop, + [OP_READ] = nfsd4_decode_read, + [OP_READDIR] = nfsd4_decode_readdir, diff --git a/queue-5.10/nfsd-map-the-ebadmsg-to-nfserr_io-to-avoid-warning.patch b/queue-5.10/nfsd-map-the-ebadmsg-to-nfserr_io-to-avoid-warning.patch new file mode 100644 index 00000000000..cc6a9f19575 --- /dev/null +++ b/queue-5.10/nfsd-map-the-ebadmsg-to-nfserr_io-to-avoid-warning.patch @@ -0,0 +1,108 @@ +From 340e61e44c1d2a15c42ec72ade9195ad525fd048 Mon Sep 17 00:00:00 2001 +From: Li Lingfeng +Date: Sat, 17 Aug 2024 14:27:13 +0800 +Subject: nfsd: map the EBADMSG to nfserr_io to avoid warning + +From: Li Lingfeng + +commit 340e61e44c1d2a15c42ec72ade9195ad525fd048 upstream. + +Ext4 will throw -EBADMSG through ext4_readdir when a checksum error +occurs, resulting in the following WARNING. + +Fix it by mapping EBADMSG to nfserr_io. + +nfsd_buffered_readdir + iterate_dir // -EBADMSG -74 + ext4_readdir // .iterate_shared + ext4_dx_readdir + ext4_htree_fill_tree + htree_dirblock_to_tree + ext4_read_dirblock + __ext4_read_dirblock + ext4_dirblock_csum_verify + warn_no_space_for_csum + __warn_no_space_for_csum + return ERR_PTR(-EFSBADCRC) // -EBADMSG -74 + nfserrno // WARNING + +[ 161.115610] ------------[ cut here ]------------ +[ 161.116465] nfsd: non-standard errno: -74 +[ 161.117315] WARNING: CPU: 1 PID: 780 at fs/nfsd/nfsproc.c:878 nfserrno+0x9d/0xd0 +[ 161.118596] Modules linked in: +[ 161.119243] CPU: 1 PID: 780 Comm: nfsd Not tainted 5.10.0-00014-g79679361fd5d #138 +[ 161.120684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qe +mu.org 04/01/2014 +[ 161.123601] RIP: 0010:nfserrno+0x9d/0xd0 +[ 161.124676] Code: 0f 87 da 30 dd 00 83 e3 01 b8 00 00 00 05 75 d7 44 89 ee 48 c7 c7 c0 57 24 98 89 44 24 04 c6 + 05 ce 2b 61 03 01 e8 99 20 d8 00 <0f> 0b 8b 44 24 04 eb b5 4c 89 e6 48 c7 c7 a0 6d a4 99 e8 cc 15 33 +[ 161.127797] RSP: 0018:ffffc90000e2f9c0 EFLAGS: 00010286 +[ 161.128794] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 +[ 161.130089] RDX: 1ffff1103ee16f6d RSI: 0000000000000008 RDI: fffff520001c5f2a +[ 161.131379] RBP: 0000000000000022 R08: 0000000000000001 R09: ffff8881f70c1827 +[ 161.132664] R10: ffffed103ee18304 R11: 0000000000000001 R12: 0000000000000021 +[ 161.133949] R13: 00000000ffffffb6 R14: ffff8881317c0000 R15: ffffc90000e2fbd8 +[ 161.135244] FS: 0000000000000000(0000) GS:ffff8881f7080000(0000) knlGS:0000000000000000 +[ 161.136695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 161.137761] CR2: 00007fcaad70b348 CR3: 0000000144256006 CR4: 0000000000770ee0 +[ 161.139041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 161.140291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 161.141519] PKRU: 55555554 +[ 161.142076] Call Trace: +[ 161.142575] ? __warn+0x9b/0x140 +[ 161.143229] ? nfserrno+0x9d/0xd0 +[ 161.143872] ? report_bug+0x125/0x150 +[ 161.144595] ? handle_bug+0x41/0x90 +[ 161.145284] ? exc_invalid_op+0x14/0x70 +[ 161.146009] ? asm_exc_invalid_op+0x12/0x20 +[ 161.146816] ? nfserrno+0x9d/0xd0 +[ 161.147487] nfsd_buffered_readdir+0x28b/0x2b0 +[ 161.148333] ? nfsd4_encode_dirent_fattr+0x380/0x380 +[ 161.149258] ? nfsd_buffered_filldir+0xf0/0xf0 +[ 161.150093] ? wait_for_concurrent_writes+0x170/0x170 +[ 161.151004] ? generic_file_llseek_size+0x48/0x160 +[ 161.151895] nfsd_readdir+0x132/0x190 +[ 161.152606] ? nfsd4_encode_dirent_fattr+0x380/0x380 +[ 161.153516] ? nfsd_unlink+0x380/0x380 +[ 161.154256] ? override_creds+0x45/0x60 +[ 161.155006] nfsd4_encode_readdir+0x21a/0x3d0 +[ 161.155850] ? nfsd4_encode_readlink+0x210/0x210 +[ 161.156731] ? write_bytes_to_xdr_buf+0x97/0xe0 +[ 161.157598] ? __write_bytes_to_xdr_buf+0xd0/0xd0 +[ 161.158494] ? lock_downgrade+0x90/0x90 +[ 161.159232] ? nfs4svc_decode_voidarg+0x10/0x10 +[ 161.160092] nfsd4_encode_operation+0x15a/0x440 +[ 161.160959] nfsd4_proc_compound+0x718/0xe90 +[ 161.161818] nfsd_dispatch+0x18e/0x2c0 +[ 161.162586] svc_process_common+0x786/0xc50 +[ 161.163403] ? nfsd_svc+0x380/0x380 +[ 161.164137] ? svc_printk+0x160/0x160 +[ 161.164846] ? svc_xprt_do_enqueue.part.0+0x365/0x380 +[ 161.165808] ? nfsd_svc+0x380/0x380 +[ 161.166523] ? rcu_is_watching+0x23/0x40 +[ 161.167309] svc_process+0x1a5/0x200 +[ 161.168019] nfsd+0x1f5/0x380 +[ 161.168663] ? nfsd_shutdown_threads+0x260/0x260 +[ 161.169554] kthread+0x1c4/0x210 +[ 161.170224] ? kthread_insert_work_sanity_check+0x80/0x80 +[ 161.171246] ret_from_fork+0x1f/0x30 + +Signed-off-by: Li Lingfeng +Reviewed-by: Jeff Layton +Cc: stable@vger.kernel.org +Signed-off-by: Chuck Lever +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfsd/vfs.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/nfsd/vfs.c ++++ b/fs/nfsd/vfs.c +@@ -100,6 +100,7 @@ nfserrno (int errno) + { nfserr_io, -EUCLEAN }, + { nfserr_perm, -ENOKEY }, + { nfserr_no_grace, -ENOGRACE}, ++ { nfserr_io, -EBADMSG }, + }; + int i; + diff --git a/queue-5.10/riscv-define-illegal_pointer_value-for-64bit.patch b/queue-5.10/riscv-define-illegal_pointer_value-for-64bit.patch new file mode 100644 index 00000000000..e22119909e1 --- /dev/null +++ b/queue-5.10/riscv-define-illegal_pointer_value-for-64bit.patch @@ -0,0 +1,38 @@ +From 5c178472af247c7b50f962495bb7462ba453b9fb Mon Sep 17 00:00:00 2001 +From: Jisheng Zhang +Date: Sat, 6 Jul 2024 01:02:10 +0800 +Subject: riscv: define ILLEGAL_POINTER_VALUE for 64bit + +From: Jisheng Zhang + +commit 5c178472af247c7b50f962495bb7462ba453b9fb upstream. + +This is used in poison.h for poison pointer offset. Based on current +SV39, SV48 and SV57 vm layout, 0xdead000000000000 is a proper value +that is not mappable, this can avoid potentially turning an oops to +an expolit. + +Signed-off-by: Jisheng Zhang +Fixes: fbe934d69eb7 ("RISC-V: Build Infrastructure") +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20240705170210.3236-1-jszhang@kernel.org +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/Kconfig | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/arch/riscv/Kconfig ++++ b/arch/riscv/Kconfig +@@ -193,6 +193,11 @@ config GENERIC_HWEIGHT + config FIX_EARLYCON_MEM + def_bool MMU + ++config ILLEGAL_POINTER_VALUE ++ hex ++ default 0 if 32BIT ++ default 0xdead000000000000 if 64BIT ++ + config PGTABLE_LEVELS + int + default 3 if 64BIT diff --git a/queue-5.10/series b/queue-5.10/series index a9191b0e3b5..c471b64df63 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -401,3 +401,8 @@ ocfs2-cancel-dqi_sync_work-before-freeing-oinfo.patch ocfs2-remove-unreasonable-unlock-in-ocfs2_read_blocks.patch ocfs2-fix-null-ptr-deref-when-journal-load-failed.patch ocfs2-fix-possible-null-ptr-deref-in-ocfs2_set_buffer_uptodate.patch +riscv-define-illegal_pointer_value-for-64bit.patch +exfat-fix-memory-leak-in-exfat_load_bitmap.patch +nfsd-fix-delegation_blocked-to-block-correctly-for-at-least-30-seconds.patch +nfsd-map-the-ebadmsg-to-nfserr_io-to-avoid-warning.patch +nfsd-fix-nfsv4-s-putpubfh-operation.patch