From: Greg Kroah-Hartman Date: Tue, 10 Jan 2023 08:14:52 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v5.15.87~34 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e5a65f923f55e7216131cc0a2ffd3ee4bc462d00;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: nfsd-fix-handling-of-readdir-in-v4root-vs.-mount-upcall-timeout.patch x86-bugs-flush-ibp-in-ib_prctl_set.patch --- diff --git a/queue-5.4/nfsd-fix-handling-of-readdir-in-v4root-vs.-mount-upcall-timeout.patch b/queue-5.4/nfsd-fix-handling-of-readdir-in-v4root-vs.-mount-upcall-timeout.patch new file mode 100644 index 00000000000..e012826483a --- /dev/null +++ b/queue-5.4/nfsd-fix-handling-of-readdir-in-v4root-vs.-mount-upcall-timeout.patch @@ -0,0 +1,52 @@ +From cad853374d85fe678d721512cecfabd7636e51f3 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Tue, 13 Dec 2022 13:08:26 -0500 +Subject: nfsd: fix handling of readdir in v4root vs. mount upcall timeout + +From: Jeff Layton + +commit cad853374d85fe678d721512cecfabd7636e51f3 upstream. + +If v4 READDIR operation hits a mountpoint and gets back an error, +then it will include that entry in the reply and set RDATTR_ERROR for it +to the error. + +That's fine for "normal" exported filesystems, but on the v4root, we +need to be more careful to only expose the existence of dentries that +lead to exports. + +If the mountd upcall times out while checking to see whether a +mountpoint on the v4root is exported, then we have no recourse other +than to fail the whole operation. + +Cc: Steve Dickson +Link: https://bugzilla.kernel.org/show_bug.cgi?id=216777 +Reported-by: JianHong Yin +Signed-off-by: Jeff Layton +Signed-off-by: Chuck Lever +Cc: +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfsd/nfs4xdr.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -3109,6 +3109,17 @@ nfsd4_encode_dirent(void *ccdv, const ch + case nfserr_noent: + xdr_truncate_encode(xdr, start_offset); + goto skip_entry; ++ case nfserr_jukebox: ++ /* ++ * The pseudoroot should only display dentries that lead to ++ * exports. If we get EJUKEBOX here, then we can't tell whether ++ * this entry should be included. Just fail the whole READDIR ++ * with NFS4ERR_DELAY in that case, and hope that the situation ++ * will resolve itself by the client's next attempt. ++ */ ++ if (cd->rd_fhp->fh_export->ex_flags & NFSEXP_V4ROOT) ++ goto fail; ++ fallthrough; + default: + /* + * If the client requested the RDATTR_ERROR attribute, diff --git a/queue-5.4/series b/queue-5.4/series index 7dd9ed5ee6c..23721164356 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -588,3 +588,5 @@ drm-i915-unpin-on-error-in-intel_vgpu_shadow_mm_pin.patch caif-fix-memory-leak-in-cfctrl_linkup_request.patch udf-fix-extension-of-the-last-extent-in-the-file.patch asoc-intel-bytcr_rt5640-add-quirk-for-the-advantech-.patch +x86-bugs-flush-ibp-in-ib_prctl_set.patch +nfsd-fix-handling-of-readdir-in-v4root-vs.-mount-upcall-timeout.patch diff --git a/queue-5.4/x86-bugs-flush-ibp-in-ib_prctl_set.patch b/queue-5.4/x86-bugs-flush-ibp-in-ib_prctl_set.patch new file mode 100644 index 00000000000..a5a5b2fe194 --- /dev/null +++ b/queue-5.4/x86-bugs-flush-ibp-in-ib_prctl_set.patch @@ -0,0 +1,31 @@ +From a664ec9158eeddd75121d39c9a0758016097fa96 Mon Sep 17 00:00:00 2001 +From: Rodrigo Branco +Date: Tue, 3 Jan 2023 14:17:51 -0600 +Subject: x86/bugs: Flush IBP in ib_prctl_set() + +From: Rodrigo Branco + +commit a664ec9158eeddd75121d39c9a0758016097fa96 upstream. + +We missed the window between the TIF flag update and the next reschedule. + +Signed-off-by: Rodrigo Branco +Reviewed-by: Borislav Petkov (AMD) +Signed-off-by: Ingo Molnar +Cc: +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/cpu/bugs.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -1787,6 +1787,8 @@ static int ib_prctl_set(struct task_stru + if (ctrl == PR_SPEC_FORCE_DISABLE) + task_set_spec_ib_force_disable(task); + task_update_spec_tif(task); ++ if (task == current) ++ indirect_branch_prediction_barrier(); + break; + default: + return -ERANGE;