From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 5 Jun 2017 15:09:48 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v3.18.56~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cb90b18d5fc3565dc51a06658313b88376080146;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	xfs-in-_attrlist_by_handle-copy-the-cursor-back-to-userspace.patch
	xfs-only-return-errno-or-success-from-attr-put_listent.patch
---

diff --git a/queue-4.4/series b/queue-4.4/series
index 40ec9ee83f6..217c438f9e0 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -49,3 +49,5 @@ xfs-wait-on-new-inodes-during-quotaoff-dquot-release.patch
 xfs-fix-indlen-accounting-error-on-partial-delalloc-conversion.patch
 xfs-bad-assertion-for-delalloc-an-extent-that-start-at-i_size.patch
 xfs-fix-unaligned-access-in-xfs_btree_visit_blocks.patch
+xfs-in-_attrlist_by_handle-copy-the-cursor-back-to-userspace.patch
+xfs-only-return-errno-or-success-from-attr-put_listent.patch
diff --git a/queue-4.4/xfs-in-_attrlist_by_handle-copy-the-cursor-back-to-userspace.patch b/queue-4.4/xfs-in-_attrlist_by_handle-copy-the-cursor-back-to-userspace.patch
new file mode 100644
index 00000000000..78f88664b5e
--- /dev/null
+++ b/queue-4.4/xfs-in-_attrlist_by_handle-copy-the-cursor-back-to-userspace.patch
@@ -0,0 +1,45 @@
+From 0facef7fb053be4353c0a48c2f48c9dbee91cb19 Mon Sep 17 00:00:00 2001
+From: "Darrick J. Wong" <darrick.wong@oracle.com>
+Date: Wed, 3 Aug 2016 10:58:53 +1000
+Subject: xfs: in _attrlist_by_handle, copy the cursor back to userspace
+
+From: Darrick J. Wong <darrick.wong@oracle.com>
+
+commit 0facef7fb053be4353c0a48c2f48c9dbee91cb19 upstream.
+
+When we're iterating inode xattrs by handle, we have to copy the
+cursor back to userspace so that a subsequent invocation actually
+retrieves subsequent contents.
+
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Dave Chinner <david@fromorbit.com>
+Cc: Nikolay Borisov <nborisov@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/xfs/xfs_ioctl.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/xfs/xfs_ioctl.c
++++ b/fs/xfs/xfs_ioctl.c
+@@ -403,6 +403,7 @@ xfs_attrlist_by_handle(
+ {
+ 	int			error = -ENOMEM;
+ 	attrlist_cursor_kern_t	*cursor;
++	struct xfs_fsop_attrlist_handlereq __user	*p = arg;
+ 	xfs_fsop_attrlist_handlereq_t al_hreq;
+ 	struct dentry		*dentry;
+ 	char			*kbuf;
+@@ -435,6 +436,11 @@ xfs_attrlist_by_handle(
+ 	if (error)
+ 		goto out_kfree;
+ 
++	if (copy_to_user(&p->pos, cursor, sizeof(attrlist_cursor_kern_t))) {
++		error = -EFAULT;
++		goto out_kfree;
++	}
++
+ 	if (copy_to_user(al_hreq.buffer, kbuf, al_hreq.buflen))
+ 		error = -EFAULT;
+ 
diff --git a/queue-4.4/xfs-only-return-errno-or-success-from-attr-put_listent.patch b/queue-4.4/xfs-only-return-errno-or-success-from-attr-put_listent.patch
new file mode 100644
index 00000000000..aa1561ef483
--- /dev/null
+++ b/queue-4.4/xfs-only-return-errno-or-success-from-attr-put_listent.patch
@@ -0,0 +1,117 @@
+From 2a6fba6d2311151598abaa1e7c9abd5f8d024a43 Mon Sep 17 00:00:00 2001
+From: Eric Sandeen <sandeen@sandeen.net>
+Date: Wed, 6 Apr 2016 07:57:18 +1000
+Subject: xfs: only return -errno or success from attr ->put_listent
+
+From: Eric Sandeen <sandeen@sandeen.net>
+
+commit 2a6fba6d2311151598abaa1e7c9abd5f8d024a43 upstream.
+
+Today, the put_listent formatters return either 1 or 0; if
+they return 1, some callers treat this as an error and return
+it up the stack, despite "1" not being a valid (negative)
+error code.
+
+The intent seems to be that if the input buffer is full,
+we set seen_enough or set count = -1, and return 1;
+but some callers check the return before checking the
+seen_enough or count fields of the context.
+
+Fix this by only returning non-zero for actual errors
+encountered, and rely on the caller to first check the
+return value, then check the values in the context to
+decide what to do.
+
+Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Dave Chinner <david@fromorbit.com>
+Signed-off-by: Nikolay Borisov <nborisov@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/xfs/xfs_attr.h      |    1 +
+ fs/xfs/xfs_attr_list.c |    8 +++-----
+ fs/xfs/xfs_xattr.c     |   15 ++++++++++-----
+ 3 files changed, 14 insertions(+), 10 deletions(-)
+
+--- a/fs/xfs/xfs_attr.h
++++ b/fs/xfs/xfs_attr.h
+@@ -112,6 +112,7 @@ typedef struct attrlist_cursor_kern {
+  *========================================================================*/
+ 
+ 
++/* Return 0 on success, or -errno; other state communicated via *context */
+ typedef int (*put_listent_func_t)(struct xfs_attr_list_context *, int,
+ 			      unsigned char *, int, int, unsigned char *);
+ 
+--- a/fs/xfs/xfs_attr_list.c
++++ b/fs/xfs/xfs_attr_list.c
+@@ -108,16 +108,14 @@ xfs_attr_shortform_list(xfs_attr_list_co
+ 					   (int)sfe->namelen,
+ 					   (int)sfe->valuelen,
+ 					   &sfe->nameval[sfe->namelen]);
+-
++			if (error)
++				return error;
+ 			/*
+ 			 * Either search callback finished early or
+ 			 * didn't fit it all in the buffer after all.
+ 			 */
+ 			if (context->seen_enough)
+ 				break;
+-
+-			if (error)
+-				return error;
+ 			sfe = XFS_ATTR_SF_NEXTENTRY(sfe);
+ 		}
+ 		trace_xfs_attr_list_sf_all(context);
+@@ -581,7 +579,7 @@ xfs_attr_put_listent(
+ 		trace_xfs_attr_list_full(context);
+ 		alist->al_more = 1;
+ 		context->seen_enough = 1;
+-		return 1;
++		return 0;
+ 	}
+ 
+ 	aep = (attrlist_ent_t *)&context->alist[context->firstu];
+--- a/fs/xfs/xfs_xattr.c
++++ b/fs/xfs/xfs_xattr.c
+@@ -180,7 +180,7 @@ xfs_xattr_put_listent(
+ 	arraytop = context->count + prefix_len + namelen + 1;
+ 	if (arraytop > context->firstu) {
+ 		context->count = -1;	/* insufficient space */
+-		return 1;
++		return 0;
+ 	}
+ 	offset = (char *)context->alist + context->count;
+ 	strncpy(offset, xfs_xattr_prefix(flags), prefix_len);
+@@ -222,12 +222,15 @@ list_one_attr(const char *name, const si
+ }
+ 
+ ssize_t
+-xfs_vn_listxattr(struct dentry *dentry, char *data, size_t size)
++xfs_vn_listxattr(
++	struct dentry	*dentry,
++	char		*data,
++	size_t		size)
+ {
+ 	struct xfs_attr_list_context context;
+ 	struct attrlist_cursor_kern cursor = { 0 };
+-	struct inode		*inode = d_inode(dentry);
+-	int			error;
++	struct inode	*inode = d_inode(dentry);
++	int		error;
+ 
+ 	/*
+ 	 * First read the regular on-disk attributes.
+@@ -245,7 +248,9 @@ xfs_vn_listxattr(struct dentry *dentry,
+ 	else
+ 		context.put_listent = xfs_xattr_put_listent_sizes;
+ 
+-	xfs_attr_list_int(&context);
++	error = xfs_attr_list_int(&context);
++	if (error)
++		return error;
+ 	if (context.count < 0)
+ 		return -ERANGE;
+