--- /dev/null
+From d2c5eb57b6da10f335c30356f9696bd667601e6a Mon Sep 17 00:00:00 2001
+From: David Howells <dhowells@redhat.com>
+Date: Thu, 18 Jul 2024 20:55:20 +0100
+Subject: cifs: Fix missing error code set
+
+From: David Howells <dhowells@redhat.com>
+
+commit d2c5eb57b6da10f335c30356f9696bd667601e6a upstream.
+
+In cifs_strict_readv(), the default rc (-EACCES) is accidentally cleared by
+a successful return from netfs_start_io_direct(), such that if
+cifs_find_lock_conflict() fails, we don't return an error.
+
+Fix this by resetting the default error code.
+
+Fixes: 14b1cd25346b ("cifs: Fix locking in cifs_strict_readv()")
+Cc: stable@vger.kernel.org
+Signed-off-by: David Howells <dhowells@redhat.com>
+Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
+cc: Jeff Layton <jlayton@kernel.org>
+cc: linux-cifs@vger.kernel.org
+cc: netfs@lists.linux.dev
+cc: linux-fsdevel@vger.kernel.org
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/client/file.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c
+index 1374635e89fa..6178c6d8097d 100644
+--- a/fs/smb/client/file.c
++++ b/fs/smb/client/file.c
+@@ -2877,6 +2877,7 @@ cifs_strict_readv(struct kiocb *iocb, struct iov_iter *to)
+ rc = netfs_start_io_direct(inode);
+ if (rc < 0)
+ goto out;
++ rc = -EACCES;
+ down_read(&cinode->lock_sem);
+ if (!cifs_find_lock_conflict(
+ cfile, iocb->ki_pos, iov_iter_count(to),
+@@ -2889,6 +2890,7 @@ cifs_strict_readv(struct kiocb *iocb, struct iov_iter *to)
+ rc = netfs_start_io_read(inode);
+ if (rc < 0)
+ goto out;
++ rc = -EACCES;
+ down_read(&cinode->lock_sem);
+ if (!cifs_find_lock_conflict(
+ cfile, iocb->ki_pos, iov_iter_count(to),
+--
+2.45.2
+
--- /dev/null
+From a07d38afd15281c42613943a9a715c3ba07c21e6 Mon Sep 17 00:00:00 2001
+From: David Howells <dhowells@redhat.com>
+Date: Fri, 19 Jul 2024 16:01:48 +0100
+Subject: cifs: Fix missing fscache invalidation
+
+From: David Howells <dhowells@redhat.com>
+
+commit a07d38afd15281c42613943a9a715c3ba07c21e6 upstream.
+
+A network filesystem needs to implement a netfslib hook to invalidate
+fscache if it's to be able to use the cache.
+
+Fix cifs to implement the cache invalidation hook.
+
+Signed-off-by: David Howells <dhowells@redhat.com>
+Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
+cc: Jeff Layton <jlayton@kernel.org>
+cc: linux-cifs@vger.kernel.org
+cc: netfs@lists.linux.dev
+cc: linux-fsdevel@vger.kernel.org
+Cc: stable@vger.kernel.org
+Fixes: 3ee1a1fc3981 ("cifs: Cut over to using netfslib")
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/client/file.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/smb/client/file.c
++++ b/fs/smb/client/file.c
+@@ -123,6 +123,11 @@ fail:
+ goto out;
+ }
+
++static void cifs_netfs_invalidate_cache(struct netfs_io_request *wreq)
++{
++ cifs_invalidate_cache(wreq->inode, 0);
++}
++
+ /*
+ * Split the read up according to how many credits we can get for each piece.
+ * It's okay to sleep here if we need to wait for more credit to become
+@@ -307,6 +312,7 @@ const struct netfs_request_ops cifs_req_
+ .begin_writeback = cifs_begin_writeback,
+ .prepare_write = cifs_prepare_write,
+ .issue_write = cifs_issue_write,
++ .invalidate_cache = cifs_netfs_invalidate_cache,
+ };
+
+ /*
--- /dev/null
+From ae4ccca47195332c69176b8615c5ee17efd30c46 Mon Sep 17 00:00:00 2001
+From: Steve French <stfrench@microsoft.com>
+Date: Wed, 17 Jul 2024 00:42:22 -0500
+Subject: cifs: fix noisy message on copy_file_range
+
+From: Steve French <stfrench@microsoft.com>
+
+commit ae4ccca47195332c69176b8615c5ee17efd30c46 upstream.
+
+There are common cases where copy_file_range can noisily
+log "source and target of copy not on same server"
+e.g. the mv command across mounts to two different server's shares.
+Change this to informational rather than logging as an error.
+
+A followon patch will add dynamic trace points e.g. for
+cifs_file_copychunk_range
+
+Cc: stable@vger.kernel.org
+Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/client/cifsfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/smb/client/cifsfs.c
++++ b/fs/smb/client/cifsfs.c
+@@ -1359,7 +1359,7 @@ ssize_t cifs_file_copychunk_range(unsign
+ target_tcon = tlink_tcon(smb_file_target->tlink);
+
+ if (src_tcon->ses != target_tcon->ses) {
+- cifs_dbg(VFS, "source and target of copy not on same server\n");
++ cifs_dbg(FYI, "source and target of copy not on same server\n");
+ goto out;
+ }
+
--- /dev/null
+From de40579b903883274fe203865f29d66b168b7236 Mon Sep 17 00:00:00 2001
+From: David Howells <dhowells@redhat.com>
+Date: Thu, 18 Jul 2024 20:19:32 +0100
+Subject: cifs: Fix server re-repick on subrequest retry
+
+From: David Howells <dhowells@redhat.com>
+
+commit de40579b903883274fe203865f29d66b168b7236 upstream.
+
+When a subrequest is marked for needing retry, netfs will call
+cifs_prepare_write() which will make cifs repick the server for the op
+before renegotiating credits; it then calls cifs_issue_write() which
+invokes smb2_async_writev() - which re-repicks the server.
+
+If a different server is then selected, this causes the increment of
+server->in_flight to happen against one record and the decrement to happen
+against another, leading to misaccounting.
+
+Fix this by just removing the repick code in smb2_async_writev(). As this
+is only called from netfslib-driven code, cifs_prepare_write() should
+always have been called first, and so server should never be NULL and the
+preparatory step is repeated in the event that we do a retry.
+
+The problem manifests as a warning looking something like:
+
+ WARNING: CPU: 4 PID: 72896 at fs/smb/client/smb2ops.c:97 smb2_add_credits+0x3f0/0x9e0 [cifs]
+ ...
+ RIP: 0010:smb2_add_credits+0x3f0/0x9e0 [cifs]
+ ...
+ smb2_writev_callback+0x334/0x560 [cifs]
+ cifs_demultiplex_thread+0x77a/0x11b0 [cifs]
+ kthread+0x187/0x1d0
+ ret_from_fork+0x34/0x60
+ ret_from_fork_asm+0x1a/0x30
+
+Which may be triggered by a number of different xfstests running against an
+Azure server in multichannel mode. generic/249 seems the most repeatable,
+but generic/215, generic/249 and generic/308 may also show it.
+
+Fixes: 3ee1a1fc3981 ("cifs: Cut over to using netfslib")
+Cc: stable@vger.kernel.org
+Reported-by: Steve French <smfrench@gmail.com>
+Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
+Acked-by: Tom Talpey <tom@talpey.com>
+Signed-off-by: David Howells <dhowells@redhat.com>
+cc: Jeff Layton <jlayton@kernel.org>
+cc: Aurelien Aptel <aaptel@suse.com>
+cc: linux-cifs@vger.kernel.org
+cc: netfs@lists.linux.dev
+cc: linux-fsdevel@vger.kernel.org
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/client/smb2pdu.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c
+index 2ae2dbb6202b..bb84a89e5905 100644
+--- a/fs/smb/client/smb2pdu.c
++++ b/fs/smb/client/smb2pdu.c
+@@ -4859,9 +4859,6 @@ smb2_async_writev(struct cifs_io_subrequest *wdata)
+ struct cifs_io_parms *io_parms = NULL;
+ int credit_request;
+
+- if (!wdata->server || test_bit(NETFS_SREQ_RETRYING, &wdata->subreq.flags))
+- server = wdata->server = cifs_pick_channel(tcon->ses);
+-
+ /*
+ * in future we may get cifs_io_parms passed in from the caller,
+ * but for now we construct it here...
+--
+2.45.2
+
--- /dev/null
+From 61ea6b3a3104fcd66364282391dd2152bc4c129a Mon Sep 17 00:00:00 2001
+From: David Howells <dhowells@redhat.com>
+Date: Fri, 19 Jul 2024 14:07:07 +0100
+Subject: cifs: Fix setting of zero_point after DIO write
+
+From: David Howells <dhowells@redhat.com>
+
+commit 61ea6b3a3104fcd66364282391dd2152bc4c129a upstream.
+
+At the moment, at the end of a DIO write, cifs calls netfs_resize_file() to
+adjust the size of the file if it needs it. This will reduce the
+zero_point (the point above which we assume a read will just return zeros)
+if it's more than the new i_size, but won't increase it.
+
+With DIO writes, however, we definitely want to increase it as we have
+clobbered the local pagecache and then written some data that's not
+available locally.
+
+Fix cifs to make the zero_point above the end of a DIO or unbuffered write.
+
+This fixes corruption seen occasionally with the generic/708 xfs-test. In
+that case, the read-back of some of the written data is being
+short-circuited and replaced with zeroes.
+
+Fixes: 3ee1a1fc3981 ("cifs: Cut over to using netfslib")
+Cc: stable@vger.kernel.org
+Reported-by: Steve French <sfrench@samba.org>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
+cc: Jeff Layton <jlayton@kernel.org>
+cc: linux-cifs@vger.kernel.org
+cc: netfs@lists.linux.dev
+cc: linux-fsdevel@vger.kernel.org
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/client/file.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+--- a/fs/smb/client/file.c
++++ b/fs/smb/client/file.c
+@@ -2364,13 +2364,18 @@ void cifs_write_subrequest_terminated(st
+ bool was_async)
+ {
+ struct netfs_io_request *wreq = wdata->rreq;
+- loff_t new_server_eof;
++ struct netfs_inode *ictx = netfs_inode(wreq->inode);
++ loff_t wrend;
+
+ if (result > 0) {
+- new_server_eof = wdata->subreq.start + wdata->subreq.transferred + result;
++ wrend = wdata->subreq.start + wdata->subreq.transferred + result;
+
+- if (new_server_eof > netfs_inode(wreq->inode)->remote_i_size)
+- netfs_resize_file(netfs_inode(wreq->inode), new_server_eof, true);
++ if (wrend > ictx->zero_point &&
++ (wdata->rreq->origin == NETFS_UNBUFFERED_WRITE ||
++ wdata->rreq->origin == NETFS_DIO_WRITE))
++ ictx->zero_point = wrend;
++ if (wrend > ictx->remote_i_size)
++ netfs_resize_file(ictx, wrend, true);
+ }
+
+ netfs_write_subrequest_terminated(&wdata->subreq, result, was_async);
--- /dev/null
+From be27cd64461c45a6088a91a04eba5cd44e1767ef Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Thu, 23 May 2024 15:54:12 -0700
+Subject: ext4: use memtostr_pad() for s_volume_name
+
+From: Kees Cook <keescook@chromium.org>
+
+commit be27cd64461c45a6088a91a04eba5cd44e1767ef upstream.
+
+As with the other strings in struct ext4_super_block, s_volume_name is
+not NUL terminated. The other strings were marked in commit 072ebb3bffe6
+("ext4: add nonstring annotations to ext4.h"). Using strscpy() isn't
+the right replacement for strncpy(); it should use memtostr_pad()
+instead.
+
+Reported-by: syzbot+50835f73143cc2905b9e@syzkaller.appspotmail.com
+Closes: https://lore.kernel.org/all/00000000000019f4c00619192c05@google.com/
+Fixes: 744a56389f73 ("ext4: replace deprecated strncpy with alternatives")
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Link: https://patch.msgid.link/20240523225408.work.904-kees@kernel.org
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ext4/ext4.h | 2 +-
+ fs/ext4/ioctl.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/ext4/ext4.h
++++ b/fs/ext4/ext4.h
+@@ -1347,7 +1347,7 @@ struct ext4_super_block {
+ /*60*/ __le32 s_feature_incompat; /* incompatible feature set */
+ __le32 s_feature_ro_compat; /* readonly-compatible feature set */
+ /*68*/ __u8 s_uuid[16]; /* 128-bit uuid for volume */
+-/*78*/ char s_volume_name[EXT4_LABEL_MAX]; /* volume name */
++/*78*/ char s_volume_name[EXT4_LABEL_MAX] __nonstring; /* volume name */
+ /*88*/ char s_last_mounted[64] __nonstring; /* directory where last mounted */
+ /*C8*/ __le32 s_algorithm_usage_bitmap; /* For compression */
+ /*
+--- a/fs/ext4/ioctl.c
++++ b/fs/ext4/ioctl.c
+@@ -1151,7 +1151,7 @@ static int ext4_ioctl_getlabel(struct ex
+ BUILD_BUG_ON(EXT4_LABEL_MAX >= FSLABEL_MAX);
+
+ lock_buffer(sbi->s_sbh);
+- strscpy_pad(label, sbi->s_es->s_volume_name);
++ memtostr_pad(label, sbi->s_es->s_volume_name);
+ unlock_buffer(sbi->s_sbh);
+
+ if (copy_to_user(user_label, label, sizeof(label)))
--- /dev/null
+ext4-use-memtostr_pad-for-s_volume_name.patch
+cifs-fix-missing-error-code-set.patch
+cifs-fix-missing-fscache-invalidation.patch
+cifs-fix-noisy-message-on-copy_file_range.patch
+cifs-fix-server-re-repick-on-subrequest-retry.patch
+cifs-fix-setting-of-zero_point-after-dio-write.patch
+tpm-use-auth-only-after-null-check-in-tpm_buf_check_hmac_response.patch
--- /dev/null
+From 7dc357d343f134bf59815ff6098b93503ec8a23b Mon Sep 17 00:00:00 2001
+From: Hao Ge <gehao@kylinos.cn>
+Date: Tue, 9 Jul 2024 10:33:37 +0800
+Subject: tpm: Use auth only after NULL check in tpm_buf_check_hmac_response()
+
+From: Hao Ge <gehao@kylinos.cn>
+
+commit 7dc357d343f134bf59815ff6098b93503ec8a23b upstream.
+
+Dereference auth after NULL check in tpm_buf_check_hmac_response().
+Otherwise, unless tpm2_sessions_init() was called, a call can cause NULL
+dereference, when TCG_TPM2_HMAC is enabled.
+
+[jarkko: adjusted the commit message.]
+Cc: stable@vger.kernel.org # v6.10+
+Fixes: 7ca110f2679b ("tpm: Address !chip->auth in tpm_buf_append_hmac_session*()")
+Signed-off-by: Hao Ge <gehao@kylinos.cn>
+Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/char/tpm/tpm2-sessions.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
+index 2281d55df545..d3521aadd43e 100644
+--- a/drivers/char/tpm/tpm2-sessions.c
++++ b/drivers/char/tpm/tpm2-sessions.c
+@@ -746,15 +746,16 @@ int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf,
+ struct tpm2_auth *auth = chip->auth;
+ off_t offset_s, offset_p;
+ u8 rphash[SHA256_DIGEST_SIZE];
+- u32 attrs;
++ u32 attrs, cc;
+ struct sha256_state sctx;
+ u16 tag = be16_to_cpu(head->tag);
+- u32 cc = be32_to_cpu(auth->ordinal);
+ int parm_len, len, i, handles;
+
+ if (!auth)
+ return rc;
+
++ cc = be32_to_cpu(auth->ordinal);
++
+ if (auth->session >= TPM_HEADER_SIZE) {
+ WARN(1, "tpm session not filled correctly\n");
+ goto out;
+--
+2.45.2
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
