From: Greg Kroah-Hartman Date: Thu, 30 Aug 2018 17:04:09 +0000 (-0700) Subject: 4.4-stable patches X-Git-Tag: v3.18.121~39 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f15b28215e810ae269864a27bdf867a5d87c90a4;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: ext4-check-for-nul-characters-in-extended-attribute-s-name.patch ext4-reset-error-code-in-ext4_find_entry-in-fallback.patch ext4-sysfs-print-ext4_super_block-fields-as-little-endian.patch s390-kvm-fix-deadlock-when-killed-by-oom.patch --- diff --git a/queue-4.4/ext4-check-for-nul-characters-in-extended-attribute-s-name.patch b/queue-4.4/ext4-check-for-nul-characters-in-extended-attribute-s-name.patch new file mode 100644 index 00000000000..bea5208d0d4 --- /dev/null +++ b/queue-4.4/ext4-check-for-nul-characters-in-extended-attribute-s-name.patch @@ -0,0 +1,38 @@ +From 7d95178c77014dbd8dce36ee40bbbc5e6c121ff5 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Wed, 1 Aug 2018 12:36:52 -0400 +Subject: ext4: check for NUL characters in extended attribute's name + +From: Theodore Ts'o + +commit 7d95178c77014dbd8dce36ee40bbbc5e6c121ff5 upstream. + +Extended attribute names are defined to be NUL-terminated, so the name +must not contain a NUL character. This is important because there are +places when remove extended attribute, the code uses strlen to +determine the length of the entry. That should probably be fixed at +some point, but code is currently really messy, so the simplest fix +for now is to simply validate that the extended attributes are sane. + +https://bugzilla.kernel.org/show_bug.cgi?id=200401 + +Reported-by: Wen Xu +Signed-off-by: Theodore Ts'o +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/xattr.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -197,6 +197,8 @@ ext4_xattr_check_names(struct ext4_xattr + struct ext4_xattr_entry *next = EXT4_XATTR_NEXT(e); + if ((void *)next >= end) + return -EFSCORRUPTED; ++ if (strnlen(e->e_name, e->e_name_len) != e->e_name_len) ++ return -EFSCORRUPTED; + e = next; + } + diff --git a/queue-4.4/ext4-reset-error-code-in-ext4_find_entry-in-fallback.patch b/queue-4.4/ext4-reset-error-code-in-ext4_find_entry-in-fallback.patch new file mode 100644 index 00000000000..c5e381159ab --- /dev/null +++ b/queue-4.4/ext4-reset-error-code-in-ext4_find_entry-in-fallback.patch @@ -0,0 +1,37 @@ +From f39b3f45dbcb0343822cce31ea7636ad66e60bc2 Mon Sep 17 00:00:00 2001 +From: Eric Sandeen +Date: Sun, 29 Jul 2018 17:13:42 -0400 +Subject: ext4: reset error code in ext4_find_entry in fallback + +From: Eric Sandeen + +commit f39b3f45dbcb0343822cce31ea7636ad66e60bc2 upstream. + +When ext4_find_entry() falls back to "searching the old fashioned +way" due to a corrupt dx dir, it needs to reset the error code +to NULL so that the nonstandard ERR_BAD_DX_DIR code isn't returned +to userspace. + +https://bugzilla.kernel.org/show_bug.cgi?id=199947 + +Reported-by: Anatoly Trosinenko +Reviewed-by: Andreas Dilger +Signed-off-by: Eric Sandeen +Signed-off-by: Theodore Ts'o +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/namei.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/ext4/namei.c ++++ b/fs/ext4/namei.c +@@ -1401,6 +1401,7 @@ static struct buffer_head * ext4_find_en + goto cleanup_and_exit; + dxtrace(printk(KERN_DEBUG "ext4_find_entry: dx failed, " + "falling back\n")); ++ ret = NULL; + } + nblocks = dir->i_size >> EXT4_BLOCK_SIZE_BITS(sb); + if (!nblocks) { diff --git a/queue-4.4/ext4-sysfs-print-ext4_super_block-fields-as-little-endian.patch b/queue-4.4/ext4-sysfs-print-ext4_super_block-fields-as-little-endian.patch new file mode 100644 index 00000000000..e93d90e636e --- /dev/null +++ b/queue-4.4/ext4-sysfs-print-ext4_super_block-fields-as-little-endian.patch @@ -0,0 +1,59 @@ +From a4d2aadca184ece182418950d45ba4ffc7b652d2 Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Sun, 29 Jul 2018 15:48:00 -0400 +Subject: ext4: sysfs: print ext4_super_block fields as little-endian + +From: Arnd Bergmann + +commit a4d2aadca184ece182418950d45ba4ffc7b652d2 upstream. + +While working on extended rand for last_error/first_error timestamps, +I noticed that the endianess is wrong; we access the little-endian +fields in struct ext4_super_block as native-endian when we print them. + +This adds a special case in ext4_attr_show() and ext4_attr_store() +to byteswap the superblock fields if needed. + +In older kernels, this code was part of super.c, it got moved to +sysfs.c in linux-4.4. + +Cc: stable@vger.kernel.org +Fixes: 52c198c6820f ("ext4: add sysfs entry showing whether the fs contains errors") +Reviewed-by: Andreas Dilger +Signed-off-by: Arnd Bergmann +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/sysfs.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +--- a/fs/ext4/sysfs.c ++++ b/fs/ext4/sysfs.c +@@ -277,8 +277,12 @@ static ssize_t ext4_attr_show(struct kob + case attr_pointer_ui: + if (!ptr) + return 0; +- return snprintf(buf, PAGE_SIZE, "%u\n", +- *((unsigned int *) ptr)); ++ if (a->attr_ptr == ptr_ext4_super_block_offset) ++ return snprintf(buf, PAGE_SIZE, "%u\n", ++ le32_to_cpup(ptr)); ++ else ++ return snprintf(buf, PAGE_SIZE, "%u\n", ++ *((unsigned int *) ptr)); + case attr_pointer_atomic: + if (!ptr) + return 0; +@@ -311,7 +315,10 @@ static ssize_t ext4_attr_store(struct ko + ret = kstrtoul(skip_spaces(buf), 0, &t); + if (ret) + return ret; +- *((unsigned int *) ptr) = t; ++ if (a->attr_ptr == ptr_ext4_super_block_offset) ++ *((__le32 *) ptr) = cpu_to_le32(t); ++ else ++ *((unsigned int *) ptr) = t; + return len; + case attr_inode_readahead: + return inode_readahead_blks_store(a, sbi, buf, len); diff --git a/queue-4.4/s390-kvm-fix-deadlock-when-killed-by-oom.patch b/queue-4.4/s390-kvm-fix-deadlock-when-killed-by-oom.patch new file mode 100644 index 00000000000..07c7a2d5734 --- /dev/null +++ b/queue-4.4/s390-kvm-fix-deadlock-when-killed-by-oom.patch @@ -0,0 +1,40 @@ +From 306d6c49ac9ded11114cb53b0925da52f2c2ada1 Mon Sep 17 00:00:00 2001 +From: Claudio Imbrenda +Date: Mon, 16 Jul 2018 10:38:57 +0200 +Subject: s390/kvm: fix deadlock when killed by oom + +From: Claudio Imbrenda + +commit 306d6c49ac9ded11114cb53b0925da52f2c2ada1 upstream. + +When the oom killer kills a userspace process in the page fault handler +while in guest context, the fault handler fails to release the mm_sem +if the FAULT_FLAG_RETRY_NOWAIT option is set. This leads to a deadlock +when tearing down the mm when the process terminates. This bug can only +happen when pfault is enabled, so only KVM clients are affected. + +The problem arises in the rare cases in which handle_mm_fault does not +release the mm_sem. This patch fixes the issue by manually releasing +the mm_sem when needed. + +Fixes: 24eb3a824c4f3 ("KVM: s390: Add FAULT_FLAG_RETRY_NOWAIT for guest fault") +Cc: # 3.15+ +Signed-off-by: Claudio Imbrenda +Signed-off-by: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/mm/fault.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/s390/mm/fault.c ++++ b/arch/s390/mm/fault.c +@@ -459,6 +459,8 @@ retry: + /* No reason to continue if interrupted by SIGKILL. */ + if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current)) { + fault = VM_FAULT_SIGNAL; ++ if (flags & FAULT_FLAG_RETRY_NOWAIT) ++ goto out_up; + goto out; + } + if (unlikely(fault & VM_FAULT_ERROR)) diff --git a/queue-4.4/series b/queue-4.4/series index f7840ec4f09..e9bcfb1247d 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -44,3 +44,7 @@ smb3-do-not-send-smb3-set_info-if-nothing-changed.patch smb3-don-t-request-leases-in-symlink-creation-and-query.patch smb3-fill-in-statfs-fsid-and-correct-namelen.patch btrfs-don-t-leak-ret-from-do_chunk_alloc.patch +s390-kvm-fix-deadlock-when-killed-by-oom.patch +ext4-check-for-nul-characters-in-extended-attribute-s-name.patch +ext4-sysfs-print-ext4_super_block-fields-as-little-endian.patch +ext4-reset-error-code-in-ext4_find_entry-in-fallback.patch