From f7965a58244630d3563af5714429a6898f420cc2 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sat, 1 Aug 2020 12:36:07 +0200 Subject: [PATCH] drop some f2fs patches that broke the build --- ...ck-if-file-namelen-exceeds-max-value.patch | 38 ----------- ...ck-memory-boundary-by-insane-namelen.patch | 51 --------------- queue-4.14/series | 3 +- queue-4.19/series | 1 + ...ck-if-file-namelen-exceeds-max-value.patch | 38 ----------- ...ck-memory-boundary-by-insane-namelen.patch | 51 --------------- queue-4.4/series | 3 +- ...ck-if-file-namelen-exceeds-max-value.patch | 38 ----------- ...ck-memory-boundary-by-insane-namelen.patch | 51 --------------- ...oid-memory-leakage-in-f2fs_listxattr.patch | 65 ------------------- queue-4.9/series | 4 +- queue-5.4/series | 1 + queue-5.7/series | 1 + 13 files changed, 6 insertions(+), 339 deletions(-) delete mode 100644 queue-4.14/f2fs-check-if-file-namelen-exceeds-max-value.patch delete mode 100644 queue-4.14/f2fs-check-memory-boundary-by-insane-namelen.patch delete mode 100644 queue-4.4/f2fs-check-if-file-namelen-exceeds-max-value.patch delete mode 100644 queue-4.4/f2fs-check-memory-boundary-by-insane-namelen.patch delete mode 100644 queue-4.9/f2fs-check-if-file-namelen-exceeds-max-value.patch delete mode 100644 queue-4.9/f2fs-check-memory-boundary-by-insane-namelen.patch delete mode 100644 queue-4.9/f2fs-fix-to-avoid-memory-leakage-in-f2fs_listxattr.patch diff --git a/queue-4.14/f2fs-check-if-file-namelen-exceeds-max-value.patch b/queue-4.14/f2fs-check-if-file-namelen-exceeds-max-value.patch deleted file mode 100644 index 448918124e5..00000000000 --- a/queue-4.14/f2fs-check-if-file-namelen-exceeds-max-value.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 36fe9b4e51156ceded27c42255b18cf5a48d82b7 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Mon, 7 Jan 2019 15:02:34 +0800 -Subject: f2fs: check if file namelen exceeds max value - -From: Sheng Yong - -[ Upstream commit 720db068634c91553a8e1d9a0fcd8c7050e06d2b ] - -Dentry bitmap is not enough to detect incorrect dentries. So this patch -also checks the namelen value of a dentry. - -Signed-off-by: Gong Chen -Signed-off-by: Sheng Yong -Reviewed-by: Chao Yu -Signed-off-by: Jaegeuk Kim -Signed-off-by: Sasha Levin ---- - fs/f2fs/dir.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c -index 9e85e2d7a1b3c..f019bbf6f52ff 100644 ---- a/fs/f2fs/dir.c -+++ b/fs/f2fs/dir.c -@@ -819,7 +819,8 @@ int f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, - - /* check memory boundary before moving forward */ - bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len)); -- if (unlikely(bit_pos > d->max)) { -+ if (unlikely(bit_pos > d->max || -+ le16_to_cpu(de->name_len) > F2FS_NAME_LEN)) { - f2fs_msg(F2FS_I_SB(d->inode)->sb, KERN_WARNING, - "%s: corrupted namelen=%d, run fsck to fix.", - __func__, le16_to_cpu(de->name_len)); --- -2.25.1 - diff --git a/queue-4.14/f2fs-check-memory-boundary-by-insane-namelen.patch b/queue-4.14/f2fs-check-memory-boundary-by-insane-namelen.patch deleted file mode 100644 index 6e17edd9f82..00000000000 --- a/queue-4.14/f2fs-check-memory-boundary-by-insane-namelen.patch +++ /dev/null @@ -1,51 +0,0 @@ -From eca1eba41a2efa42abb1c7dcc7e169fb691de90c Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Wed, 14 Nov 2018 12:40:30 -0800 -Subject: f2fs: check memory boundary by insane namelen - -From: Jaegeuk Kim - -[ Upstream commit 4e240d1bab1ead280ddf5eb05058dba6bbd57d10 ] - -If namelen is corrupted to have very long value, fill_dentries can copy -wrong memory area. - -Reviewed-by: Chao Yu -Signed-off-by: Jaegeuk Kim -Signed-off-by: Sasha Levin ---- - fs/f2fs/dir.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c -index 4abefd841b6c7..9e85e2d7a1b3c 100644 ---- a/fs/f2fs/dir.c -+++ b/fs/f2fs/dir.c -@@ -817,6 +817,16 @@ int f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, - de_name.name = d->filename[bit_pos]; - de_name.len = le16_to_cpu(de->name_len); - -+ /* check memory boundary before moving forward */ -+ bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len)); -+ if (unlikely(bit_pos > d->max)) { -+ f2fs_msg(F2FS_I_SB(d->inode)->sb, KERN_WARNING, -+ "%s: corrupted namelen=%d, run fsck to fix.", -+ __func__, le16_to_cpu(de->name_len)); -+ set_sbi_flag(sbi, SBI_NEED_FSCK); -+ return -EINVAL; -+ } -+ - if (f2fs_encrypted_inode(d->inode)) { - int save_len = fstr->len; - int err; -@@ -835,7 +845,6 @@ int f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, - le32_to_cpu(de->ino), d_type)) - return 1; - -- bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len)); - ctx->pos = start_pos + bit_pos; - } - return 0; --- -2.25.1 - diff --git a/queue-4.14/series b/queue-4.14/series index 0fe34a55bca..c9b648b8b58 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -6,5 +6,4 @@ iio-imu-adis16400-fix-memory-leak.patch ath9k_htc-release-allocated-buffer-if-timed-out.patch ath9k-release-allocated-buffer-if-timed-out.patch x86-kvm-be-careful-not-to-clear-kvm_vcpu_flush_tlb-b.patch -f2fs-check-memory-boundary-by-insane-namelen.patch -f2fs-check-if-file-namelen-exceeds-max-value.patch +pci-aspm-disable-aspm-on-asmedia-asm1083-1085-pcie-to-pci-bridge.patch diff --git a/queue-4.19/series b/queue-4.19/series index 2da2013c6db..6906767b6a7 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -9,3 +9,4 @@ drm-amd-display-prevent-memory-leak.patch btrfs-inode-verify-inode-mode-to-avoid-null-pointer-.patch sctp-implement-memory-accounting-on-tx-path.patch btrfs-fix-selftests-failure-due-to-uninitialized-i_m.patch +pci-aspm-disable-aspm-on-asmedia-asm1083-1085-pcie-to-pci-bridge.patch diff --git a/queue-4.4/f2fs-check-if-file-namelen-exceeds-max-value.patch b/queue-4.4/f2fs-check-if-file-namelen-exceeds-max-value.patch deleted file mode 100644 index acd8be85d8c..00000000000 --- a/queue-4.4/f2fs-check-if-file-namelen-exceeds-max-value.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 8a6e5910b2a0014ada5510bd21a838ccce6e4a7f Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Mon, 7 Jan 2019 15:02:34 +0800 -Subject: f2fs: check if file namelen exceeds max value - -From: Sheng Yong - -[ Upstream commit 720db068634c91553a8e1d9a0fcd8c7050e06d2b ] - -Dentry bitmap is not enough to detect incorrect dentries. So this patch -also checks the namelen value of a dentry. - -Signed-off-by: Gong Chen -Signed-off-by: Sheng Yong -Reviewed-by: Chao Yu -Signed-off-by: Jaegeuk Kim -Signed-off-by: Sasha Levin ---- - fs/f2fs/dir.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c -index 437ec6e38d41d..b40681e91ebe2 100644 ---- a/fs/f2fs/dir.c -+++ b/fs/f2fs/dir.c -@@ -807,7 +807,8 @@ bool f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, - - /* check memory boundary before moving forward */ - bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len)); -- if (unlikely(bit_pos > d->max)) { -+ if (unlikely(bit_pos > d->max || -+ le16_to_cpu(de->name_len) > F2FS_NAME_LEN)) { - f2fs_msg(F2FS_I_SB(d->inode)->sb, KERN_WARNING, - "%s: corrupted namelen=%d, run fsck to fix.", - __func__, le16_to_cpu(de->name_len)); --- -2.25.1 - diff --git a/queue-4.4/f2fs-check-memory-boundary-by-insane-namelen.patch b/queue-4.4/f2fs-check-memory-boundary-by-insane-namelen.patch deleted file mode 100644 index ee65c73accf..00000000000 --- a/queue-4.4/f2fs-check-memory-boundary-by-insane-namelen.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 830774f263ff218d0acf94f448289c871d76e8ea Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Wed, 14 Nov 2018 12:40:30 -0800 -Subject: f2fs: check memory boundary by insane namelen - -From: Jaegeuk Kim - -[ Upstream commit 4e240d1bab1ead280ddf5eb05058dba6bbd57d10 ] - -If namelen is corrupted to have very long value, fill_dentries can copy -wrong memory area. - -Reviewed-by: Chao Yu -Signed-off-by: Jaegeuk Kim -Signed-off-by: Sasha Levin ---- - fs/f2fs/dir.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c -index 92a240616f520..437ec6e38d41d 100644 ---- a/fs/f2fs/dir.c -+++ b/fs/f2fs/dir.c -@@ -805,6 +805,16 @@ bool f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, - de_name.name = d->filename[bit_pos]; - de_name.len = le16_to_cpu(de->name_len); - -+ /* check memory boundary before moving forward */ -+ bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len)); -+ if (unlikely(bit_pos > d->max)) { -+ f2fs_msg(F2FS_I_SB(d->inode)->sb, KERN_WARNING, -+ "%s: corrupted namelen=%d, run fsck to fix.", -+ __func__, le16_to_cpu(de->name_len)); -+ set_sbi_flag(sbi, SBI_NEED_FSCK); -+ return -EINVAL; -+ } -+ - if (f2fs_encrypted_inode(d->inode)) { - int save_len = fstr->len; - int ret; -@@ -829,7 +839,6 @@ bool f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, - le32_to_cpu(de->ino), d_type)) - return true; - -- bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len)); - ctx->pos = start_pos + bit_pos; - } - return false; --- -2.25.1 - diff --git a/queue-4.4/series b/queue-4.4/series index 3936cc3b25a..4bfa0dcb0bc 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -3,7 +3,6 @@ net-phy-mdio-bcm-unimac-fix-potential-null-dereferen.patch media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch ath9k_htc-release-allocated-buffer-if-timed-out.patch ath9k-release-allocated-buffer-if-timed-out.patch -f2fs-check-memory-boundary-by-insane-namelen.patch -f2fs-check-if-file-namelen-exceeds-max-value.patch nfs-move-call-to-security_inode_listsecurity-into-nf.patch scsi-libsas-direct-call-probe-and-destruct.patch +pci-aspm-disable-aspm-on-asmedia-asm1083-1085-pcie-to-pci-bridge.patch diff --git a/queue-4.9/f2fs-check-if-file-namelen-exceeds-max-value.patch b/queue-4.9/f2fs-check-if-file-namelen-exceeds-max-value.patch deleted file mode 100644 index dd040083787..00000000000 --- a/queue-4.9/f2fs-check-if-file-namelen-exceeds-max-value.patch +++ /dev/null @@ -1,38 +0,0 @@ -From bbb65221d2ea643cc8f5237a19a488d10e455498 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Mon, 7 Jan 2019 15:02:34 +0800 -Subject: f2fs: check if file namelen exceeds max value - -From: Sheng Yong - -[ Upstream commit 720db068634c91553a8e1d9a0fcd8c7050e06d2b ] - -Dentry bitmap is not enough to detect incorrect dentries. So this patch -also checks the namelen value of a dentry. - -Signed-off-by: Gong Chen -Signed-off-by: Sheng Yong -Reviewed-by: Chao Yu -Signed-off-by: Jaegeuk Kim -Signed-off-by: Sasha Levin ---- - fs/f2fs/dir.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c -index c452069b5e644..8dd83f024cf26 100644 ---- a/fs/f2fs/dir.c -+++ b/fs/f2fs/dir.c -@@ -845,7 +845,8 @@ bool f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, - - /* check memory boundary before moving forward */ - bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len)); -- if (unlikely(bit_pos > d->max)) { -+ if (unlikely(bit_pos > d->max || -+ le16_to_cpu(de->name_len) > F2FS_NAME_LEN)) { - f2fs_msg(F2FS_I_SB(d->inode)->sb, KERN_WARNING, - "%s: corrupted namelen=%d, run fsck to fix.", - __func__, le16_to_cpu(de->name_len)); --- -2.25.1 - diff --git a/queue-4.9/f2fs-check-memory-boundary-by-insane-namelen.patch b/queue-4.9/f2fs-check-memory-boundary-by-insane-namelen.patch deleted file mode 100644 index 162e839025f..00000000000 --- a/queue-4.9/f2fs-check-memory-boundary-by-insane-namelen.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 0d565aa43ac4df4d3bf3f0106cec18c108b601e8 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Wed, 14 Nov 2018 12:40:30 -0800 -Subject: f2fs: check memory boundary by insane namelen - -From: Jaegeuk Kim - -[ Upstream commit 4e240d1bab1ead280ddf5eb05058dba6bbd57d10 ] - -If namelen is corrupted to have very long value, fill_dentries can copy -wrong memory area. - -Reviewed-by: Chao Yu -Signed-off-by: Jaegeuk Kim -Signed-off-by: Sasha Levin ---- - fs/f2fs/dir.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c -index b414892be08b7..c452069b5e644 100644 ---- a/fs/f2fs/dir.c -+++ b/fs/f2fs/dir.c -@@ -843,6 +843,16 @@ bool f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, - de_name.name = d->filename[bit_pos]; - de_name.len = le16_to_cpu(de->name_len); - -+ /* check memory boundary before moving forward */ -+ bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len)); -+ if (unlikely(bit_pos > d->max)) { -+ f2fs_msg(F2FS_I_SB(d->inode)->sb, KERN_WARNING, -+ "%s: corrupted namelen=%d, run fsck to fix.", -+ __func__, le16_to_cpu(de->name_len)); -+ set_sbi_flag(sbi, SBI_NEED_FSCK); -+ return -EINVAL; -+ } -+ - if (f2fs_encrypted_inode(d->inode)) { - int save_len = fstr->len; - int err; -@@ -861,7 +871,6 @@ bool f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, - le32_to_cpu(de->ino), d_type)) - return true; - -- bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len)); - ctx->pos = start_pos + bit_pos; - } - return false; --- -2.25.1 - diff --git a/queue-4.9/f2fs-fix-to-avoid-memory-leakage-in-f2fs_listxattr.patch b/queue-4.9/f2fs-fix-to-avoid-memory-leakage-in-f2fs_listxattr.patch deleted file mode 100644 index 77b6ae4b709..00000000000 --- a/queue-4.9/f2fs-fix-to-avoid-memory-leakage-in-f2fs_listxattr.patch +++ /dev/null @@ -1,65 +0,0 @@ -From bb2b2d2daae30ce2b40049e92bf9331b1fada4a4 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Fri, 18 Oct 2019 14:56:22 +0800 -Subject: f2fs: fix to avoid memory leakage in f2fs_listxattr - -From: Randall Huang - -[ Upstream commit 688078e7f36c293dae25b338ddc9e0a2790f6e06 ] - -In f2fs_listxattr, there is no boundary check before -memcpy e_name to buffer. -If the e_name_len is corrupted, -unexpected memory contents may be returned to the buffer. - -Signed-off-by: Randall Huang -Reviewed-by: Chao Yu -Signed-off-by: Jaegeuk Kim -Signed-off-by: Sasha Levin ---- - fs/f2fs/xattr.c | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/fs/f2fs/xattr.c b/fs/f2fs/xattr.c -index 3e1c0280f8661..50fe6840d593a 100644 ---- a/fs/f2fs/xattr.c -+++ b/fs/f2fs/xattr.c -@@ -404,8 +404,9 @@ cleanup: - ssize_t f2fs_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) - { - struct inode *inode = d_inode(dentry); -+ nid_t xnid = F2FS_I(inode)->i_xattr_nid; - struct f2fs_xattr_entry *entry; -- void *base_addr; -+ void *base_addr, *last_base_addr; - int error = 0; - size_t rest = buffer_size; - -@@ -413,6 +414,8 @@ ssize_t f2fs_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) - if (error) - return error; - -+ last_base_addr = (void *)base_addr + XATTR_SIZE(xnid, inode); -+ - list_for_each_xattr(entry, base_addr) { - const struct xattr_handler *handler = - f2fs_xattr_handler(entry->e_name_index); -@@ -420,6 +423,15 @@ ssize_t f2fs_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) - size_t prefix_len; - size_t size; - -+ if ((void *)(entry) + sizeof(__u32) > last_base_addr || -+ (void *)XATTR_NEXT_ENTRY(entry) > last_base_addr) { -+ f2fs_err(F2FS_I_SB(inode), "inode (%lu) has corrupted xattr", -+ inode->i_ino); -+ set_sbi_flag(F2FS_I_SB(inode), SBI_NEED_FSCK); -+ error = -EFSCORRUPTED; -+ goto cleanup; -+ } -+ - if (!handler || (handler->list && !handler->list(dentry))) - continue; - --- -2.25.1 - diff --git a/queue-4.9/series b/queue-4.9/series index 6f35880be26..f47ae07688b 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -6,7 +6,5 @@ crypto-ccp-release-all-allocated-memory-if-sha-type-.patch media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch ath9k_htc-release-allocated-buffer-if-timed-out.patch ath9k-release-allocated-buffer-if-timed-out.patch -f2fs-check-memory-boundary-by-insane-namelen.patch -f2fs-check-if-file-namelen-exceeds-max-value.patch -f2fs-fix-to-avoid-memory-leakage-in-f2fs_listxattr.patch scsi-libsas-direct-call-probe-and-destruct.patch +pci-aspm-disable-aspm-on-asmedia-asm1083-1085-pcie-to-pci-bridge.patch diff --git a/queue-5.4/series b/queue-5.4/series index a2a0ae49505..f171aab408e 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -2,3 +2,4 @@ crypto-ccp-release-all-allocated-memory-if-sha-type-.patch media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch sunrpc-check-that-domain-table-is-empty-at-module-un.patch ath10k-enable-transmit-data-ack-rssi-for-qca9884.patch +pci-aspm-disable-aspm-on-asmedia-asm1083-1085-pcie-to-pci-bridge.patch diff --git a/queue-5.7/series b/queue-5.7/series index bb402a3a16c..5191c32f5d7 100644 --- a/queue-5.7/series +++ b/queue-5.7/series @@ -1 +1,2 @@ sunrpc-check-that-domain-table-is-empty-at-module-un.patch +pci-aspm-disable-aspm-on-asmedia-asm1083-1085-pcie-to-pci-bridge.patch -- 2.47.3