From 3e344f630a64bc2951c0634c0303aada277a7294 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 21 Jan 2021 14:32:33 +0100 Subject: [PATCH] 4.4-stable patches added patches: iio-buffer-fix-demux-update.patch nfsd4-readdirplus-shouldn-t-return-parent-of-export.patch --- queue-4.4/iio-buffer-fix-demux-update.patch | 55 +++++++++++++++++++ ...us-shouldn-t-return-parent-of-export.patch | 52 ++++++++++++++++++ queue-4.4/series | 2 + 3 files changed, 109 insertions(+) create mode 100644 queue-4.4/iio-buffer-fix-demux-update.patch create mode 100644 queue-4.4/nfsd4-readdirplus-shouldn-t-return-parent-of-export.patch diff --git a/queue-4.4/iio-buffer-fix-demux-update.patch b/queue-4.4/iio-buffer-fix-demux-update.patch new file mode 100644 index 00000000000..68261e724a0 --- /dev/null +++ b/queue-4.4/iio-buffer-fix-demux-update.patch @@ -0,0 +1,55 @@ +From foo@baz Thu Jan 21 02:24:10 PM CET 2021 +From: "Nuno Sá" +Date: Thu, 12 Nov 2020 15:43:22 +0100 +Subject: iio: buffer: Fix demux update + +From: "Nuno Sá" + +commit 19ef7b70ca9487773c29b449adf0c70f540a0aab upstream + +When updating the buffer demux, we will skip a scan element from the +device in the case `in_ind != out_ind` and we enter the while loop. +in_ind should only be refreshed with `find_next_bit()` in the end of the +loop. + +Note, to cause problems we need a situation where we are skippig over +an element (channel not enabled) that happens to not have the same size +as the next element. Whilst this is a possible situation we haven't +actually identified any cases in mainline where it happens as most drivers +have consistent channel storage sizes with the exception of the timestamp +which is the last element and hence never skipped over. + +Fixes: 5ada4ea9be16 ("staging:iio: add demux optionally to path from device to buffer") +Signed-off-by: Nuno Sá +Link: https://lore.kernel.org/r/20201112144323.28887-1-nuno.sa@analog.com +Cc: +Signed-off-by: Jonathan Cameron +[sudip: adjust context] +Signed-off-by: Sudip Mukherjee +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iio/industrialio-buffer.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/iio/industrialio-buffer.c ++++ b/drivers/iio/industrialio-buffer.c +@@ -1281,9 +1281,6 @@ static int iio_buffer_update_demux(struc + indio_dev->masklength, + in_ind + 1); + while (in_ind != out_ind) { +- in_ind = find_next_bit(indio_dev->active_scan_mask, +- indio_dev->masklength, +- in_ind + 1); + ch = iio_find_channel_from_si(indio_dev, in_ind); + if (ch->scan_type.repeat > 1) + length = ch->scan_type.storagebits / 8 * +@@ -1292,6 +1289,9 @@ static int iio_buffer_update_demux(struc + length = ch->scan_type.storagebits / 8; + /* Make sure we are aligned */ + in_loc = roundup(in_loc, length) + length; ++ in_ind = find_next_bit(indio_dev->active_scan_mask, ++ indio_dev->masklength, ++ in_ind + 1); + } + ch = iio_find_channel_from_si(indio_dev, in_ind); + if (ch->scan_type.repeat > 1) diff --git a/queue-4.4/nfsd4-readdirplus-shouldn-t-return-parent-of-export.patch b/queue-4.4/nfsd4-readdirplus-shouldn-t-return-parent-of-export.patch new file mode 100644 index 00000000000..fc9c37047bc --- /dev/null +++ b/queue-4.4/nfsd4-readdirplus-shouldn-t-return-parent-of-export.patch @@ -0,0 +1,52 @@ +From 51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 Mon Sep 17 00:00:00 2001 +From: "J. Bruce Fields" +Date: Mon, 11 Jan 2021 16:01:29 -0500 +Subject: nfsd4: readdirplus shouldn't return parent of export + +From: J. Bruce Fields + +commit 51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 upstream. + +If you export a subdirectory of a filesystem, a READDIRPLUS on the root +of that export will return the filehandle of the parent with the ".." +entry. + +The filehandle is optional, so let's just not return the filehandle for +".." if we're at the root of an export. + +Note that once the client learns one filehandle outside of the export, +they can trivially access the rest of the export using further lookups. + +However, it is also not very difficult to guess filehandles outside of +the export. So exporting a subdirectory of a filesystem should +considered equivalent to providing access to the entire filesystem. To +avoid confusion, we recommend only exporting entire filesystems. + +Reported-by: Youjipeng +Signed-off-by: J. Bruce Fields +Cc: stable@vger.kernel.org +Signed-off-by: Chuck Lever +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs3xdr.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/fs/nfsd/nfs3xdr.c ++++ b/fs/nfsd/nfs3xdr.c +@@ -821,9 +821,14 @@ compose_entry_fh(struct nfsd3_readdirres + if (isdotent(name, namlen)) { + if (namlen == 2) { + dchild = dget_parent(dparent); +- /* filesystem root - cannot return filehandle for ".." */ ++ /* ++ * Don't return filehandle for ".." if we're at ++ * the filesystem or export root: ++ */ + if (dchild == dparent) + goto out; ++ if (dparent == exp->ex_path.dentry) ++ goto out; + } else + dchild = dget(dparent); + } else diff --git a/queue-4.4/series b/queue-4.4/series index 6ab79f68f6b..e731cd81516 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -18,3 +18,5 @@ mm-slub-consider-rest-of-partial-list-if-acquire_slab-fails.patch net-sunrpc-interpret-the-return-value-of-kstrtou32-correctly.patch usb-ohci-make-distrust_firmware-param-default-to-false.patch compiler.h-raise-minimum-version-of-gcc-to-5.1-for-arm64.patch +iio-buffer-fix-demux-update.patch +nfsd4-readdirplus-shouldn-t-return-parent-of-export.patch -- 2.47.3