--- /dev/null
+From a75ca9303175d36af93c0937dd9b1a6422908b8d Mon Sep 17 00:00:00 2001
+From: yu kuai <yukuai3@huawei.com>
+Date: Mon, 1 Jun 2020 20:38:56 +0800
+Subject: block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed
+
+From: yu kuai <yukuai3@huawei.com>
+
+commit a75ca9303175d36af93c0937dd9b1a6422908b8d upstream.
+
+commit e7bf90e5afe3 ("block/bio-integrity: fix a memory leak bug") added
+a kfree() for 'buf' if bio_integrity_add_page() returns '0'. However,
+the object will be freed in bio_integrity_free() since 'bio->bi_opf' and
+'bio->bi_integrity' were set previousy in bio_integrity_alloc().
+
+Fixes: commit e7bf90e5afe3 ("block/bio-integrity: fix a memory leak bug")
+Signed-off-by: yu kuai <yukuai3@huawei.com>
+Reviewed-by: Ming Lei <ming.lei@redhat.com>
+Reviewed-by: Bob Liu <bob.liu@oracle.com>
+Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ block/bio-integrity.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/block/bio-integrity.c
++++ b/block/bio-integrity.c
+@@ -293,7 +293,6 @@ bool bio_integrity_prep(struct bio *bio)
+
+ if (ret == 0) {
+ printk(KERN_ERR "could not attach integrity payload\n");
+- kfree(buf);
+ status = BLK_STS_RESOURCE;
+ goto err_end_io;
+ }
--- /dev/null
+From 2f02fd3fa13e51713b630164f8a8e5b42de8283b Mon Sep 17 00:00:00 2001
+From: Amir Goldstein <amir73il@gmail.com>
+Date: Sun, 24 May 2020 10:24:41 +0300
+Subject: fanotify: fix ignore mask logic for events on child and on dir
+
+From: Amir Goldstein <amir73il@gmail.com>
+
+commit 2f02fd3fa13e51713b630164f8a8e5b42de8283b upstream.
+
+The comments in fanotify_group_event_mask() say:
+
+ "If the event is on dir/child and this mark doesn't care about
+ events on dir/child, don't send it!"
+
+Specifically, mount and filesystem marks do not care about events
+on child, but they can still specify an ignore mask for those events.
+For example, a group that has:
+- A mount mark with mask 0 and ignore_mask FAN_OPEN
+- An inode mark on a directory with mask FAN_OPEN | FAN_OPEN_EXEC
+ with flag FAN_EVENT_ON_CHILD
+
+A child file open for exec would be reported to group with the FAN_OPEN
+event despite the fact that FAN_OPEN is in ignore mask of mount mark,
+because the mark iteration loop skips over non-inode marks for events
+on child when calculating the ignore mask.
+
+Move ignore mask calculation to the top of the iteration loop block
+before excluding marks for events on dir/child.
+
+Link: https://lore.kernel.org/r/20200524072441.18258-1-amir73il@gmail.com
+Reported-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/linux-fsdevel/20200521162443.GA26052@quack2.suse.cz/
+Fixes: 55bf882c7f13 "fanotify: fix merging marks masks with FAN_ONDIR"
+Fixes: b469e7e47c8a "fanotify: fix handling of events on child..."
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/notify/fanotify/fanotify.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/fs/notify/fanotify/fanotify.c
++++ b/fs/notify/fanotify/fanotify.c
+@@ -114,6 +114,10 @@ static bool fanotify_should_send_event(s
+ if (!fsnotify_iter_should_report_type(iter_info, type))
+ continue;
+ mark = iter_info->marks[type];
++
++ /* Apply ignore mask regardless of ISDIR and ON_CHILD flags */
++ marks_ignored_mask |= mark->ignored_mask;
++
+ /*
+ * If the event is for a child and this mark doesn't care about
+ * events on a child, don't send it!
+@@ -124,7 +128,6 @@ static bool fanotify_should_send_event(s
+ continue;
+
+ marks_mask |= mark->mask;
+- marks_ignored_mask |= mark->ignored_mask;
+ }
+
+ if (d_is_dir(path->dentry) &&
--- /dev/null
+From 7c6d2ecbda83150b2036a2b36b21381ad4667762 Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Thu, 28 May 2020 14:57:47 -0700
+Subject: net: be more gentle about silly gso requests coming from user
+
+From: Eric Dumazet <edumazet@google.com>
+
+commit 7c6d2ecbda83150b2036a2b36b21381ad4667762 upstream.
+
+Recent change in virtio_net_hdr_to_skb() broke some packetdrill tests.
+
+When --mss=XXX option is set, packetdrill always provide gso_type & gso_size
+for its inbound packets, regardless of packet size.
+
+ if (packet->tcp && packet->mss) {
+ if (packet->ipv4)
+ gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV4;
+ else
+ gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV6;
+ gso.gso_size = packet->mss;
+ }
+
+Since many other programs could do the same, relax virtio_net_hdr_to_skb()
+to no longer return an error, but instead ignore gso settings.
+
+This keeps Willem intent to make sure no malicious packet could
+reach gso stack.
+
+Note that TCP stack has a special logic in tcp_set_skb_tso_segs()
+to clear gso_size for small packets.
+
+Fixes: 6dd912f82680 ("net: check untrusted gso_size at kernel entry")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Willem de Bruijn <willemb@google.com>
+Acked-by: Willem de Bruijn <willemb@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/virtio_net.h | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+--- a/include/linux/virtio_net.h
++++ b/include/linux/virtio_net.h
+@@ -109,16 +109,17 @@ retry:
+
+ if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) {
+ u16 gso_size = __virtio16_to_cpu(little_endian, hdr->gso_size);
++ struct skb_shared_info *shinfo = skb_shinfo(skb);
+
+- if (skb->len - p_off <= gso_size)
+- return -EINVAL;
++ /* Too small packets are not really GSO ones. */
++ if (skb->len - p_off > gso_size) {
++ shinfo->gso_size = gso_size;
++ shinfo->gso_type = gso_type;
+
+- skb_shinfo(skb)->gso_size = gso_size;
+- skb_shinfo(skb)->gso_type = gso_type;
+-
+- /* Header must be checked, and gso_segs computed. */
+- skb_shinfo(skb)->gso_type |= SKB_GSO_DODGY;
+- skb_shinfo(skb)->gso_segs = 0;
++ /* Header must be checked, and gso_segs computed. */
++ shinfo->gso_type |= SKB_GSO_DODGY;
++ shinfo->gso_segs = 0;
++ }
+ }
+
+ return 0;
projects / thirdparty / kernel / stable-queue.git / commitdiff
