From bfaced4ec1c237a22558a823b7ad003b4343f759 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 1 Sep 2021 12:53:25 +0200 Subject: [PATCH] 5.13-stable patches added patches: ext4-report-correct-st_size-for-encrypted-symlinks.patch f2fs-report-correct-st_size-for-encrypted-symlinks.patch fscrypt-add-fscrypt_symlink_getattr-for-computing-st_size.patch net-don-t-unconditionally-copy_from_user-a-struct-ifreq-for-socket-ioctls.patch revert-parisc-add-assembly-implementations-for-memset-strlen-strcpy-strncpy-and-strcat.patch ubifs-report-correct-st_size-for-encrypted-symlinks.patch --- ...rrect-st_size-for-encrypted-symlinks.patch | 51 +++ ...rrect-st_size-for-encrypted-symlinks.patch | 50 +++ ...ymlink_getattr-for-computing-st_size.patch | 145 +++++++++ ...ser-a-struct-ifreq-for-socket-ioctls.patch | 80 +++++ ...set-strlen-strcpy-strncpy-and-strcat.patch | 290 ++++++++++++++++++ queue-5.13/series | 6 + ...rrect-st_size-for-encrypted-symlinks.patch | 56 ++++ 7 files changed, 678 insertions(+) create mode 100644 queue-5.13/ext4-report-correct-st_size-for-encrypted-symlinks.patch create mode 100644 queue-5.13/f2fs-report-correct-st_size-for-encrypted-symlinks.patch create mode 100644 queue-5.13/fscrypt-add-fscrypt_symlink_getattr-for-computing-st_size.patch create mode 100644 queue-5.13/net-don-t-unconditionally-copy_from_user-a-struct-ifreq-for-socket-ioctls.patch create mode 100644 queue-5.13/revert-parisc-add-assembly-implementations-for-memset-strlen-strcpy-strncpy-and-strcat.patch create mode 100644 queue-5.13/ubifs-report-correct-st_size-for-encrypted-symlinks.patch diff --git a/queue-5.13/ext4-report-correct-st_size-for-encrypted-symlinks.patch b/queue-5.13/ext4-report-correct-st_size-for-encrypted-symlinks.patch new file mode 100644 index 00000000000..625ad33aa20 --- /dev/null +++ b/queue-5.13/ext4-report-correct-st_size-for-encrypted-symlinks.patch @@ -0,0 +1,51 @@ +From 8c4bca10ceafc43b1ca0a9fab5fa27e13cbce99e Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 1 Jul 2021 23:53:47 -0700 +Subject: ext4: report correct st_size for encrypted symlinks + +From: Eric Biggers + +commit 8c4bca10ceafc43b1ca0a9fab5fa27e13cbce99e upstream. + +The stat() family of syscalls report the wrong size for encrypted +symlinks, which has caused breakage in several userspace programs. + +Fix this by calling fscrypt_symlink_getattr() after ext4_getattr() for +encrypted symlinks. This function computes the correct size by reading +and decrypting the symlink target (if it's not already cached). + +For more details, see the commit which added fscrypt_symlink_getattr(). + +Fixes: f348c252320b ("ext4 crypto: add symlink encryption") +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20210702065350.209646-3-ebiggers@kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/symlink.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +--- a/fs/ext4/symlink.c ++++ b/fs/ext4/symlink.c +@@ -52,10 +52,20 @@ static const char *ext4_encrypted_get_li + return paddr; + } + ++static int ext4_encrypted_symlink_getattr(struct user_namespace *mnt_userns, ++ const struct path *path, ++ struct kstat *stat, u32 request_mask, ++ unsigned int query_flags) ++{ ++ ext4_getattr(mnt_userns, path, stat, request_mask, query_flags); ++ ++ return fscrypt_symlink_getattr(path, stat); ++} ++ + const struct inode_operations ext4_encrypted_symlink_inode_operations = { + .get_link = ext4_encrypted_get_link, + .setattr = ext4_setattr, +- .getattr = ext4_getattr, ++ .getattr = ext4_encrypted_symlink_getattr, + .listxattr = ext4_listxattr, + }; + diff --git a/queue-5.13/f2fs-report-correct-st_size-for-encrypted-symlinks.patch b/queue-5.13/f2fs-report-correct-st_size-for-encrypted-symlinks.patch new file mode 100644 index 00000000000..ae55e9c7c4e --- /dev/null +++ b/queue-5.13/f2fs-report-correct-st_size-for-encrypted-symlinks.patch @@ -0,0 +1,50 @@ +From 461b43a8f92e68e96c4424b31e15f2b35f1bbfa9 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 1 Jul 2021 23:53:48 -0700 +Subject: f2fs: report correct st_size for encrypted symlinks + +From: Eric Biggers + +commit 461b43a8f92e68e96c4424b31e15f2b35f1bbfa9 upstream. + +The stat() family of syscalls report the wrong size for encrypted +symlinks, which has caused breakage in several userspace programs. + +Fix this by calling fscrypt_symlink_getattr() after f2fs_getattr() for +encrypted symlinks. This function computes the correct size by reading +and decrypting the symlink target (if it's not already cached). + +For more details, see the commit which added fscrypt_symlink_getattr(). + +Fixes: cbaf042a3cc6 ("f2fs crypto: add symlink encryption") +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20210702065350.209646-4-ebiggers@kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Greg Kroah-Hartman +--- + fs/f2fs/namei.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +--- a/fs/f2fs/namei.c ++++ b/fs/f2fs/namei.c +@@ -1313,9 +1313,19 @@ static const char *f2fs_encrypted_get_li + return target; + } + ++static int f2fs_encrypted_symlink_getattr(struct user_namespace *mnt_userns, ++ const struct path *path, ++ struct kstat *stat, u32 request_mask, ++ unsigned int query_flags) ++{ ++ f2fs_getattr(mnt_userns, path, stat, request_mask, query_flags); ++ ++ return fscrypt_symlink_getattr(path, stat); ++} ++ + const struct inode_operations f2fs_encrypted_symlink_inode_operations = { + .get_link = f2fs_encrypted_get_link, +- .getattr = f2fs_getattr, ++ .getattr = f2fs_encrypted_symlink_getattr, + .setattr = f2fs_setattr, + .listxattr = f2fs_listxattr, + }; diff --git a/queue-5.13/fscrypt-add-fscrypt_symlink_getattr-for-computing-st_size.patch b/queue-5.13/fscrypt-add-fscrypt_symlink_getattr-for-computing-st_size.patch new file mode 100644 index 00000000000..56f74c56b7f --- /dev/null +++ b/queue-5.13/fscrypt-add-fscrypt_symlink_getattr-for-computing-st_size.patch @@ -0,0 +1,145 @@ +From d18760560593e5af921f51a8c9b64b6109d634c2 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 1 Jul 2021 23:53:46 -0700 +Subject: fscrypt: add fscrypt_symlink_getattr() for computing st_size + +From: Eric Biggers + +commit d18760560593e5af921f51a8c9b64b6109d634c2 upstream. + +Add a helper function fscrypt_symlink_getattr() which will be called +from the various filesystems' ->getattr() methods to read and decrypt +the target of encrypted symlinks in order to report the correct st_size. + +Detailed explanation: + +As required by POSIX and as documented in various man pages, st_size for +a symlink is supposed to be the length of the symlink target. +Unfortunately, st_size has always been wrong for encrypted symlinks +because st_size is populated from i_size from disk, which intentionally +contains the length of the encrypted symlink target. That's slightly +greater than the length of the decrypted symlink target (which is the +symlink target that userspace usually sees), and usually won't match the +length of the no-key encoded symlink target either. + +This hadn't been fixed yet because reporting the correct st_size would +require reading the symlink target from disk and decrypting or encoding +it, which historically has been considered too heavyweight to do in +->getattr(). Also historically, the wrong st_size had only broken a +test (LTP lstat03) and there were no known complaints from real users. +(This is probably because the st_size of symlinks isn't used too often, +and when it is, typically it's for a hint for what buffer size to pass +to readlink() -- which a slightly-too-large size still works for.) + +However, a couple things have changed now. First, there have recently +been complaints about the current behavior from real users: + +- Breakage in rpmbuild: + https://github.com/rpm-software-management/rpm/issues/1682 + https://github.com/google/fscrypt/issues/305 + +- Breakage in toybox cpio: + https://www.mail-archive.com/toybox@lists.landley.net/msg07193.html + +- Breakage in libgit2: https://issuetracker.google.com/issues/189629152 + (on Android public issue tracker, requires login) + +Second, we now cache decrypted symlink targets in ->i_link. Therefore, +taking the performance hit of reading and decrypting the symlink target +in ->getattr() wouldn't be as big a deal as it used to be, since usually +it will just save having to do the same thing later. + +Also note that eCryptfs ended up having to read and decrypt symlink +targets in ->getattr() as well, to fix this same issue; see +commit 3a60a1686f0d ("eCryptfs: Decrypt symlink target for stat size"). + +So, let's just bite the bullet, and read and decrypt the symlink target +in ->getattr() in order to report the correct st_size. Add a function +fscrypt_symlink_getattr() which the filesystems will call to do this. + +(Alternatively, we could store the decrypted size of symlinks on-disk. +But there isn't a great place to do so, and encryption is meant to hide +the original size to some extent; that property would be lost.) + +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20210702065350.209646-2-ebiggers@kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Greg Kroah-Hartman +--- + fs/crypto/hooks.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ + include/linux/fscrypt.h | 7 +++++++ + 2 files changed, 51 insertions(+) + +--- a/fs/crypto/hooks.c ++++ b/fs/crypto/hooks.c +@@ -384,3 +384,47 @@ err_kfree: + return ERR_PTR(err); + } + EXPORT_SYMBOL_GPL(fscrypt_get_symlink); ++ ++/** ++ * fscrypt_symlink_getattr() - set the correct st_size for encrypted symlinks ++ * @path: the path for the encrypted symlink being queried ++ * @stat: the struct being filled with the symlink's attributes ++ * ++ * Override st_size of encrypted symlinks to be the length of the decrypted ++ * symlink target (or the no-key encoded symlink target, if the key is ++ * unavailable) rather than the length of the encrypted symlink target. This is ++ * necessary for st_size to match the symlink target that userspace actually ++ * sees. POSIX requires this, and some userspace programs depend on it. ++ * ++ * This requires reading the symlink target from disk if needed, setting up the ++ * inode's encryption key if possible, and then decrypting or encoding the ++ * symlink target. This makes lstat() more heavyweight than is normally the ++ * case. However, decrypted symlink targets will be cached in ->i_link, so ++ * usually the symlink won't have to be read and decrypted again later if/when ++ * it is actually followed, readlink() is called, or lstat() is called again. ++ * ++ * Return: 0 on success, -errno on failure ++ */ ++int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat) ++{ ++ struct dentry *dentry = path->dentry; ++ struct inode *inode = d_inode(dentry); ++ const char *link; ++ DEFINE_DELAYED_CALL(done); ++ ++ /* ++ * To get the symlink target that userspace will see (whether it's the ++ * decrypted target or the no-key encoded target), we can just get it in ++ * the same way the VFS does during path resolution and readlink(). ++ */ ++ link = READ_ONCE(inode->i_link); ++ if (!link) { ++ link = inode->i_op->get_link(dentry, inode, &done); ++ if (IS_ERR(link)) ++ return PTR_ERR(link); ++ } ++ stat->size = strlen(link); ++ do_delayed_call(&done); ++ return 0; ++} ++EXPORT_SYMBOL_GPL(fscrypt_symlink_getattr); +--- a/include/linux/fscrypt.h ++++ b/include/linux/fscrypt.h +@@ -253,6 +253,7 @@ int __fscrypt_encrypt_symlink(struct ino + const char *fscrypt_get_symlink(struct inode *inode, const void *caddr, + unsigned int max_size, + struct delayed_call *done); ++int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat); + static inline void fscrypt_set_ops(struct super_block *sb, + const struct fscrypt_operations *s_cop) + { +@@ -583,6 +584,12 @@ static inline const char *fscrypt_get_sy + return ERR_PTR(-EOPNOTSUPP); + } + ++static inline int fscrypt_symlink_getattr(const struct path *path, ++ struct kstat *stat) ++{ ++ return -EOPNOTSUPP; ++} ++ + static inline void fscrypt_set_ops(struct super_block *sb, + const struct fscrypt_operations *s_cop) + { diff --git a/queue-5.13/net-don-t-unconditionally-copy_from_user-a-struct-ifreq-for-socket-ioctls.patch b/queue-5.13/net-don-t-unconditionally-copy_from_user-a-struct-ifreq-for-socket-ioctls.patch new file mode 100644 index 00000000000..bbbc946e4db --- /dev/null +++ b/queue-5.13/net-don-t-unconditionally-copy_from_user-a-struct-ifreq-for-socket-ioctls.patch @@ -0,0 +1,80 @@ +From d0efb16294d145d157432feda83877ae9d7cdf37 Mon Sep 17 00:00:00 2001 +From: Peter Collingbourne +Date: Thu, 26 Aug 2021 12:46:01 -0700 +Subject: net: don't unconditionally copy_from_user a struct ifreq for socket ioctls + +From: Peter Collingbourne + +commit d0efb16294d145d157432feda83877ae9d7cdf37 upstream. + +A common implementation of isatty(3) involves calling a ioctl passing +a dummy struct argument and checking whether the syscall failed -- +bionic and glibc use TCGETS (passing a struct termios), and musl uses +TIOCGWINSZ (passing a struct winsize). If the FD is a socket, we will +copy sizeof(struct ifreq) bytes of data from the argument and return +-EFAULT if that fails. The result is that the isatty implementations +may return a non-POSIX-compliant value in errno in the case where part +of the dummy struct argument is inaccessible, as both struct termios +and struct winsize are smaller than struct ifreq (at least on arm64). + +Although there is usually enough stack space following the argument +on the stack that this did not present a practical problem up to now, +with MTE stack instrumentation it's more likely for the copy to fail, +as the memory following the struct may have a different tag. + +Fix the problem by adding an early check for whether the ioctl is a +valid socket ioctl, and return -ENOTTY if it isn't. + +Fixes: 44c02a2c3dc5 ("dev_ioctl(): move copyin/copyout to callers") +Link: https://linux-review.googlesource.com/id/I869da6cf6daabc3e4b7b82ac979683ba05e27d4d +Signed-off-by: Peter Collingbourne +Cc: # 4.19 +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/netdevice.h | 4 ++++ + net/socket.c | 6 +++++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +--- a/include/linux/netdevice.h ++++ b/include/linux/netdevice.h +@@ -4012,6 +4012,10 @@ int netdev_rx_handler_register(struct ne + void netdev_rx_handler_unregister(struct net_device *dev); + + bool dev_valid_name(const char *name); ++static inline bool is_socket_ioctl_cmd(unsigned int cmd) ++{ ++ return _IOC_TYPE(cmd) == SOCK_IOC_TYPE; ++} + int dev_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr, + bool *need_copyout); + int dev_ifconf(struct net *net, struct ifconf *, int); +--- a/net/socket.c ++++ b/net/socket.c +@@ -1054,7 +1054,7 @@ static long sock_do_ioctl(struct net *ne + rtnl_unlock(); + if (!err && copy_to_user(argp, &ifc, sizeof(struct ifconf))) + err = -EFAULT; +- } else { ++ } else if (is_socket_ioctl_cmd(cmd)) { + struct ifreq ifr; + bool need_copyout; + if (copy_from_user(&ifr, argp, sizeof(struct ifreq))) +@@ -1063,6 +1063,8 @@ static long sock_do_ioctl(struct net *ne + if (!err && need_copyout) + if (copy_to_user(argp, &ifr, sizeof(struct ifreq))) + return -EFAULT; ++ } else { ++ err = -ENOTTY; + } + return err; + } +@@ -3251,6 +3253,8 @@ static int compat_ifr_data_ioctl(struct + struct ifreq ifreq; + u32 data32; + ++ if (!is_socket_ioctl_cmd(cmd)) ++ return -ENOTTY; + if (copy_from_user(ifreq.ifr_name, u_ifreq32->ifr_name, IFNAMSIZ)) + return -EFAULT; + if (get_user(data32, &u_ifreq32->ifr_data)) diff --git a/queue-5.13/revert-parisc-add-assembly-implementations-for-memset-strlen-strcpy-strncpy-and-strcat.patch b/queue-5.13/revert-parisc-add-assembly-implementations-for-memset-strlen-strcpy-strncpy-and-strcat.patch new file mode 100644 index 00000000000..664eeb8f4cd --- /dev/null +++ b/queue-5.13/revert-parisc-add-assembly-implementations-for-memset-strlen-strcpy-strncpy-and-strcat.patch @@ -0,0 +1,290 @@ +From f6a3308d6feb351d9854eb8b3f6289a1ac163125 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Fri, 27 Aug 2021 20:42:57 +0200 +Subject: Revert "parisc: Add assembly implementations for memset, strlen, strcpy, strncpy and strcat" + +From: Helge Deller + +commit f6a3308d6feb351d9854eb8b3f6289a1ac163125 upstream. + +This reverts commit 83af58f8068ea3f7b3c537c37a30887bfa585069. + +It turns out that at least the assembly implementation for strncpy() was +buggy. Revert the whole commit and return back to the default coding. + +Signed-off-by: Helge Deller +Cc: # v5.4+ +Cc: Rasmus Villemoes +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/include/asm/string.h | 15 ---- + arch/parisc/kernel/parisc_ksyms.c | 4 - + arch/parisc/lib/Makefile | 4 - + arch/parisc/lib/memset.c | 72 ++++++++++++++++++++ + arch/parisc/lib/string.S | 136 -------------------------------------- + 5 files changed, 74 insertions(+), 157 deletions(-) + create mode 100644 arch/parisc/lib/memset.c + delete mode 100644 arch/parisc/lib/string.S + +--- a/arch/parisc/include/asm/string.h ++++ b/arch/parisc/include/asm/string.h +@@ -8,19 +8,4 @@ extern void * memset(void *, int, size_t + #define __HAVE_ARCH_MEMCPY + void * memcpy(void * dest,const void *src,size_t count); + +-#define __HAVE_ARCH_STRLEN +-extern size_t strlen(const char *s); +- +-#define __HAVE_ARCH_STRCPY +-extern char *strcpy(char *dest, const char *src); +- +-#define __HAVE_ARCH_STRNCPY +-extern char *strncpy(char *dest, const char *src, size_t count); +- +-#define __HAVE_ARCH_STRCAT +-extern char *strcat(char *dest, const char *src); +- +-#define __HAVE_ARCH_MEMSET +-extern void *memset(void *, int, size_t); +- + #endif +--- a/arch/parisc/kernel/parisc_ksyms.c ++++ b/arch/parisc/kernel/parisc_ksyms.c +@@ -17,10 +17,6 @@ + + #include + EXPORT_SYMBOL(memset); +-EXPORT_SYMBOL(strlen); +-EXPORT_SYMBOL(strcpy); +-EXPORT_SYMBOL(strncpy); +-EXPORT_SYMBOL(strcat); + + #include + EXPORT_SYMBOL(__xchg8); +--- a/arch/parisc/lib/Makefile ++++ b/arch/parisc/lib/Makefile +@@ -3,7 +3,7 @@ + # Makefile for parisc-specific library files + # + +-lib-y := lusercopy.o bitops.o checksum.o io.o memcpy.o \ +- ucmpdi2.o delay.o string.o ++lib-y := lusercopy.o bitops.o checksum.o io.o memset.o memcpy.o \ ++ ucmpdi2.o delay.o + + obj-y := iomap.o +--- /dev/null ++++ b/arch/parisc/lib/memset.c +@@ -0,0 +1,72 @@ ++/* SPDX-License-Identifier: GPL-2.0-or-later */ ++#include ++#include ++ ++#define OPSIZ (BITS_PER_LONG/8) ++typedef unsigned long op_t; ++ ++void * ++memset (void *dstpp, int sc, size_t len) ++{ ++ unsigned int c = sc; ++ long int dstp = (long int) dstpp; ++ ++ if (len >= 8) ++ { ++ size_t xlen; ++ op_t cccc; ++ ++ cccc = (unsigned char) c; ++ cccc |= cccc << 8; ++ cccc |= cccc << 16; ++ if (OPSIZ > 4) ++ /* Do the shift in two steps to avoid warning if long has 32 bits. */ ++ cccc |= (cccc << 16) << 16; ++ ++ /* There are at least some bytes to set. ++ No need to test for LEN == 0 in this alignment loop. */ ++ while (dstp % OPSIZ != 0) ++ { ++ ((unsigned char *) dstp)[0] = c; ++ dstp += 1; ++ len -= 1; ++ } ++ ++ /* Write 8 `op_t' per iteration until less than 8 `op_t' remain. */ ++ xlen = len / (OPSIZ * 8); ++ while (xlen > 0) ++ { ++ ((op_t *) dstp)[0] = cccc; ++ ((op_t *) dstp)[1] = cccc; ++ ((op_t *) dstp)[2] = cccc; ++ ((op_t *) dstp)[3] = cccc; ++ ((op_t *) dstp)[4] = cccc; ++ ((op_t *) dstp)[5] = cccc; ++ ((op_t *) dstp)[6] = cccc; ++ ((op_t *) dstp)[7] = cccc; ++ dstp += 8 * OPSIZ; ++ xlen -= 1; ++ } ++ len %= OPSIZ * 8; ++ ++ /* Write 1 `op_t' per iteration until less than OPSIZ bytes remain. */ ++ xlen = len / OPSIZ; ++ while (xlen > 0) ++ { ++ ((op_t *) dstp)[0] = cccc; ++ dstp += OPSIZ; ++ xlen -= 1; ++ } ++ len %= OPSIZ; ++ } ++ ++ /* Write the last few bytes. */ ++ while (len > 0) ++ { ++ ((unsigned char *) dstp)[0] = c; ++ dstp += 1; ++ len -= 1; ++ } ++ ++ return dstpp; ++} +--- a/arch/parisc/lib/string.S ++++ /dev/null +@@ -1,136 +0,0 @@ +-// SPDX-License-Identifier: GPL-2.0 +-/* +- * PA-RISC assembly string functions +- * +- * Copyright (C) 2019 Helge Deller +- */ +- +-#include +-#include +- +- .section .text.hot +- .level PA_ASM_LEVEL +- +- t0 = r20 +- t1 = r21 +- t2 = r22 +- +-ENTRY_CFI(strlen, frame=0,no_calls) +- or,COND(<>) arg0,r0,ret0 +- b,l,n .Lstrlen_null_ptr,r0 +- depwi 0,31,2,ret0 +- cmpb,COND(<>) arg0,ret0,.Lstrlen_not_aligned +- ldw,ma 4(ret0),t0 +- cmpib,tr 0,r0,.Lstrlen_loop +- uxor,nbz r0,t0,r0 +-.Lstrlen_not_aligned: +- uaddcm arg0,ret0,t1 +- shladd t1,3,r0,t1 +- mtsar t1 +- depwi -1,%sar,32,t0 +- uxor,nbz r0,t0,r0 +-.Lstrlen_loop: +- b,l,n .Lstrlen_end_loop,r0 +- ldw,ma 4(ret0),t0 +- cmpib,tr 0,r0,.Lstrlen_loop +- uxor,nbz r0,t0,r0 +-.Lstrlen_end_loop: +- extrw,u,<> t0,7,8,r0 +- addib,tr,n -3,ret0,.Lstrlen_out +- extrw,u,<> t0,15,8,r0 +- addib,tr,n -2,ret0,.Lstrlen_out +- extrw,u,<> t0,23,8,r0 +- addi -1,ret0,ret0 +-.Lstrlen_out: +- bv r0(rp) +- uaddcm ret0,arg0,ret0 +-.Lstrlen_null_ptr: +- bv,n r0(rp) +-ENDPROC_CFI(strlen) +- +- +-ENTRY_CFI(strcpy, frame=0,no_calls) +- ldb 0(arg1),t0 +- stb t0,0(arg0) +- ldo 0(arg0),ret0 +- ldo 1(arg1),t1 +- cmpb,= r0,t0,2f +- ldo 1(arg0),t2 +-1: ldb 0(t1),arg1 +- stb arg1,0(t2) +- ldo 1(t1),t1 +- cmpb,<> r0,arg1,1b +- ldo 1(t2),t2 +-2: bv,n r0(rp) +-ENDPROC_CFI(strcpy) +- +- +-ENTRY_CFI(strncpy, frame=0,no_calls) +- ldb 0(arg1),t0 +- stb t0,0(arg0) +- ldo 1(arg1),t1 +- ldo 0(arg0),ret0 +- cmpb,= r0,t0,2f +- ldo 1(arg0),arg1 +-1: ldo -1(arg2),arg2 +- cmpb,COND(=),n r0,arg2,2f +- ldb 0(t1),arg0 +- stb arg0,0(arg1) +- ldo 1(t1),t1 +- cmpb,<> r0,arg0,1b +- ldo 1(arg1),arg1 +-2: bv,n r0(rp) +-ENDPROC_CFI(strncpy) +- +- +-ENTRY_CFI(strcat, frame=0,no_calls) +- ldb 0(arg0),t0 +- cmpb,= t0,r0,2f +- ldo 0(arg0),ret0 +- ldo 1(arg0),arg0 +-1: ldb 0(arg0),t1 +- cmpb,<>,n r0,t1,1b +- ldo 1(arg0),arg0 +-2: ldb 0(arg1),t2 +- stb t2,0(arg0) +- ldo 1(arg0),arg0 +- ldb 0(arg1),t0 +- cmpb,<> r0,t0,2b +- ldo 1(arg1),arg1 +- bv,n r0(rp) +-ENDPROC_CFI(strcat) +- +- +-ENTRY_CFI(memset, frame=0,no_calls) +- copy arg0,ret0 +- cmpb,COND(=) r0,arg0,4f +- copy arg0,t2 +- cmpb,COND(=) r0,arg2,4f +- ldo -1(arg2),arg3 +- subi -1,arg3,t0 +- subi 0,t0,t1 +- cmpiclr,COND(>=) 0,t1,arg2 +- ldo -1(t1),arg2 +- extru arg2,31,2,arg0 +-2: stb arg1,0(t2) +- ldo 1(t2),t2 +- addib,>= -1,arg0,2b +- ldo -1(arg3),arg3 +- cmpiclr,COND(<=) 4,arg2,r0 +- b,l,n 4f,r0 +-#ifdef CONFIG_64BIT +- depd,* r0,63,2,arg2 +-#else +- depw r0,31,2,arg2 +-#endif +- ldo 1(t2),t2 +-3: stb arg1,-1(t2) +- stb arg1,0(t2) +- stb arg1,1(t2) +- stb arg1,2(t2) +- addib,COND(>) -4,arg2,3b +- ldo 4(t2),t2 +-4: bv,n r0(rp) +-ENDPROC_CFI(memset) +- +- .end diff --git a/queue-5.13/series b/queue-5.13/series index 9925d092ecd..727636b9225 100644 --- a/queue-5.13/series +++ b/queue-5.13/series @@ -104,3 +104,9 @@ net-dsa-mt7530-fix-vlan-traffic-leaks-again.patch arm64-dts-qcom-msm8994-angler-fix-gpio-reserved-ranges-85-88.patch btrfs-fix-null-pointer-dereference-when-deleting-device-by-invalid-id.patch revert-floppy-reintroduce-o_ndelay-fix.patch +fscrypt-add-fscrypt_symlink_getattr-for-computing-st_size.patch +ext4-report-correct-st_size-for-encrypted-symlinks.patch +f2fs-report-correct-st_size-for-encrypted-symlinks.patch +ubifs-report-correct-st_size-for-encrypted-symlinks.patch +revert-parisc-add-assembly-implementations-for-memset-strlen-strcpy-strncpy-and-strcat.patch +net-don-t-unconditionally-copy_from_user-a-struct-ifreq-for-socket-ioctls.patch diff --git a/queue-5.13/ubifs-report-correct-st_size-for-encrypted-symlinks.patch b/queue-5.13/ubifs-report-correct-st_size-for-encrypted-symlinks.patch new file mode 100644 index 00000000000..5d70df03a94 --- /dev/null +++ b/queue-5.13/ubifs-report-correct-st_size-for-encrypted-symlinks.patch @@ -0,0 +1,56 @@ +From 064c734986011390b4d111f1a99372b7f26c3850 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 1 Jul 2021 23:53:49 -0700 +Subject: ubifs: report correct st_size for encrypted symlinks + +From: Eric Biggers + +commit 064c734986011390b4d111f1a99372b7f26c3850 upstream. + +The stat() family of syscalls report the wrong size for encrypted +symlinks, which has caused breakage in several userspace programs. + +Fix this by calling fscrypt_symlink_getattr() after ubifs_getattr() for +encrypted symlinks. This function computes the correct size by reading +and decrypting the symlink target (if it's not already cached). + +For more details, see the commit which added fscrypt_symlink_getattr(). + +Fixes: ca7f85be8d6c ("ubifs: Add support for encrypted symlinks") +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20210702065350.209646-5-ebiggers@kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Greg Kroah-Hartman +--- + fs/ubifs/file.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +--- a/fs/ubifs/file.c ++++ b/fs/ubifs/file.c +@@ -1630,6 +1630,17 @@ static const char *ubifs_get_link(struct + return fscrypt_get_symlink(inode, ui->data, ui->data_len, done); + } + ++static int ubifs_symlink_getattr(struct user_namespace *mnt_userns, ++ const struct path *path, struct kstat *stat, ++ u32 request_mask, unsigned int query_flags) ++{ ++ ubifs_getattr(mnt_userns, path, stat, request_mask, query_flags); ++ ++ if (IS_ENCRYPTED(d_inode(path->dentry))) ++ return fscrypt_symlink_getattr(path, stat); ++ return 0; ++} ++ + const struct address_space_operations ubifs_file_address_operations = { + .readpage = ubifs_readpage, + .writepage = ubifs_writepage, +@@ -1655,7 +1666,7 @@ const struct inode_operations ubifs_file + const struct inode_operations ubifs_symlink_inode_operations = { + .get_link = ubifs_get_link, + .setattr = ubifs_setattr, +- .getattr = ubifs_getattr, ++ .getattr = ubifs_symlink_getattr, + .listxattr = ubifs_listxattr, + .update_time = ubifs_update_time, + }; -- 2.47.3