From c7ad7def35bb0afeea59e6e0c41ca0a666a9479f Mon Sep 17 00:00:00 2001
From: Sasha Levin <sashal@kernel.org>
Date: Tue, 24 Aug 2021 11:31:22 -0400
Subject: [PATCH] Fixes for 5.10

Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 ...alloc_cycle-error-return-value-check.patch | 48 ++++++++++++++++++
 ...sign-io_uring_enter-sqpoll-error-in-.patch | 50 +++++++++++++++++++
 queue-5.10/series                             |  2 +
 3 files changed, 100 insertions(+)
 create mode 100644 queue-5.10/io_uring-fix-xa_alloc_cycle-error-return-value-check.patch
 create mode 100644 queue-5.10/io_uring-only-assign-io_uring_enter-sqpoll-error-in-.patch

diff --git a/queue-5.10/io_uring-fix-xa_alloc_cycle-error-return-value-check.patch b/queue-5.10/io_uring-fix-xa_alloc_cycle-error-return-value-check.patch
new file mode 100644
index 00000000000..a1f440f7d1e
--- /dev/null
+++ b/queue-5.10/io_uring-fix-xa_alloc_cycle-error-return-value-check.patch
@@ -0,0 +1,48 @@
+From 077ca7235339ca86a455377fae51cd6c3396c04a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Aug 2021 13:15:01 +0100
+Subject: io_uring: fix xa_alloc_cycle() error return value check
+
+From: Jens Axboe <axboe@kernel.dk>
+
+[ upstream commit a30f895ad3239f45012e860d4f94c1a388b36d14 ]
+
+We currently check for ret != 0 to indicate error, but '1' is a valid
+return and just indicates that the allocation succeeded with a wrap.
+Correct the check to be for < 0, like it was before the xarray
+conversion.
+
+Cc: stable@vger.kernel.org
+Fixes: 61cf93700fe6 ("io_uring: Convert personality_idr to XArray")
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/io_uring.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/fs/io_uring.c b/fs/io_uring.c
+index ed641dca7957..762eae2440b5 100644
+--- a/fs/io_uring.c
++++ b/fs/io_uring.c
+@@ -9601,11 +9601,12 @@ static int io_register_personality(struct io_ring_ctx *ctx)
+ 
+ 	ret = xa_alloc_cyclic(&ctx->personalities, &id, (void *)iod,
+ 			XA_LIMIT(0, USHRT_MAX), &ctx->pers_next, GFP_KERNEL);
+-	if (!ret)
+-		return id;
+-	put_cred(iod->creds);
+-	kfree(iod);
+-	return ret;
++	if (ret < 0) {
++		put_cred(iod->creds);
++		kfree(iod);
++		return ret;
++	}
++	return id;
+ }
+ 
+ static int io_register_restrictions(struct io_ring_ctx *ctx, void __user *arg,
+-- 
+2.30.2
+
diff --git a/queue-5.10/io_uring-only-assign-io_uring_enter-sqpoll-error-in-.patch b/queue-5.10/io_uring-only-assign-io_uring_enter-sqpoll-error-in-.patch
new file mode 100644
index 00000000000..4c119007908
--- /dev/null
+++ b/queue-5.10/io_uring-only-assign-io_uring_enter-sqpoll-error-in-.patch
@@ -0,0 +1,50 @@
+From 2ef5886671905159cc2e2e3f3e2be24d7bd8c985 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Aug 2021 13:15:31 +0100
+Subject: io_uring: only assign io_uring_enter() SQPOLL error in actual error
+ case
+
+From: Jens Axboe <axboe@kernel.dk>
+
+[ upstream commit 21f965221e7c42609521342403e8fb91b8b3e76e ]
+
+If an SQPOLL based ring is newly created and an application issues an
+io_uring_enter(2) system call on it, then we can return a spurious
+-EOWNERDEAD error. This happens because there's nothing to submit, and
+if the caller doesn't specify any other action, the initial error
+assignment of -EOWNERDEAD never gets overwritten. This causes us to
+return it directly, even if it isn't valid.
+
+Move the error assignment into the actual failure case instead.
+
+Cc: stable@vger.kernel.org
+Fixes: d9d05217cb69 ("io_uring: stop SQPOLL submit on creator's death")
+Reported-by: Sherlock Holo sherlockya@gmail.com
+Link: https://github.com/axboe/liburing/issues/413
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/io_uring.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/fs/io_uring.c b/fs/io_uring.c
+index 762eae2440b5..108b0ed31c11 100644
+--- a/fs/io_uring.c
++++ b/fs/io_uring.c
+@@ -9078,9 +9078,10 @@ SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit,
+ 	if (ctx->flags & IORING_SETUP_SQPOLL) {
+ 		io_cqring_overflow_flush(ctx, false, NULL, NULL);
+ 
+-		ret = -EOWNERDEAD;
+-		if (unlikely(ctx->sqo_dead))
++		if (unlikely(ctx->sqo_dead)) {
++			ret = -EOWNERDEAD;
+ 			goto out;
++		}
+ 		if (flags & IORING_ENTER_SQ_WAKEUP)
+ 			wake_up(&ctx->sq_data->wait);
+ 		if (flags & IORING_ENTER_SQ_WAIT) {
+-- 
+2.30.2
+
diff --git a/queue-5.10/series b/queue-5.10/series
index 5653644865a..adeb74fa02d 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -93,3 +93,5 @@ alsa-hda-realtek-limit-mic-boost-on-hp-probook-445-g.patch
 asoc-intel-atom-fix-breakage-for-pcm-buffer-address-.patch
 mm-memcontrol-fix-occasional-ooms-due-to-proportiona.patch
 fs-warn-about-impending-deprecation-of-mandatory-loc.patch
+io_uring-fix-xa_alloc_cycle-error-return-value-check.patch
+io_uring-only-assign-io_uring_enter-sqpoll-error-in-.patch
-- 
2.47.3