--- /dev/null
+From 6d2fcfe6b517fe7cbf2687adfb0a16cdcd5d9243 Mon Sep 17 00:00:00 2001
+From: Aurelien Aptel <aaptel@suse.com>
+Date: Fri, 21 May 2021 17:19:27 +0200
+Subject: cifs: set server->cipher_type to AES-128-CCM for SMB3.0
+
+From: Aurelien Aptel <aaptel@suse.com>
+
+commit 6d2fcfe6b517fe7cbf2687adfb0a16cdcd5d9243 upstream.
+
+SMB3.0 doesn't have encryption negotiate context but simply uses
+the SMB2_GLOBAL_CAP_ENCRYPTION flag.
+
+When that flag is present in the neg response cifs.ko uses AES-128-CCM
+which is the only cipher available in this context.
+
+cipher_type was set to the server cipher only when parsing encryption
+negotiate context (SMB3.1.1).
+
+For SMB3.0 it was set to 0. This means cipher_type value can be 0 or 1
+for AES-128-CCM.
+
+Fix this by checking for SMB3.0 and encryption capability and setting
+cipher_type appropriately.
+
+Signed-off-by: Aurelien Aptel <aaptel@suse.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/smb2pdu.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -791,6 +791,13 @@ SMB2_negotiate(const unsigned int xid, s
+ /* Internal types */
+ server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES;
+
++ /*
++ * SMB3.0 supports only 1 cipher and doesn't have a encryption neg context
++ * Set the cipher type manually.
++ */
++ if (server->dialect == SMB30_PROT_ID && (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
++ server->cipher_type = SMB2_ENCRYPTION_AES128_CCM;
++
+ security_blob = smb2_get_data_area_len(&blob_offset, &blob_length,
+ (struct smb2_sync_hdr *)rsp);
+ /*
--- /dev/null
+From 0ee74d5a48635c848c20f152d0d488bf84641304 Mon Sep 17 00:00:00 2001
+From: Rolf Eike Beer <eb@emlix.com>
+Date: Tue, 25 May 2021 15:08:02 +0800
+Subject: iommu/vt-d: Fix sysfs leak in alloc_iommu()
+
+From: Rolf Eike Beer <eb@emlix.com>
+
+commit 0ee74d5a48635c848c20f152d0d488bf84641304 upstream.
+
+iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent
+errors.
+
+Fixes: 39ab9555c2411 ("iommu: Add sysfs bindings for struct iommu_device")
+Cc: stable@vger.kernel.org # 4.11.x
+Signed-off-by: Rolf Eike Beer <eb@emlix.com>
+Acked-by: Lu Baolu <baolu.lu@linux.intel.com>
+Link: https://lore.kernel.org/r/17411490.HIIP88n32C@mobilepool36.emlix.com
+Link: https://lore.kernel.org/r/20210525070802.361755-2-baolu.lu@linux.intel.com
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/iommu/dmar.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/iommu/dmar.c
++++ b/drivers/iommu/dmar.c
+@@ -1119,7 +1119,7 @@ static int alloc_iommu(struct dmar_drhd_
+
+ err = iommu_device_register(&iommu->iommu);
+ if (err)
+- goto err_unmap;
++ goto err_sysfs;
+ }
+
+ drhd->iommu = iommu;
+@@ -1127,6 +1127,8 @@ static int alloc_iommu(struct dmar_drhd_
+
+ return 0;
+
++err_sysfs:
++ iommu_device_sysfs_remove(&iommu->iommu);
+ err_unmap:
+ unmap_iommu(iommu);
+ error_free_seq_id:
--- /dev/null
+From a421d218603ffa822a0b8045055c03eae394a7eb Mon Sep 17 00:00:00 2001
+From: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Date: Wed, 19 May 2021 12:54:51 -0400
+Subject: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
+
+From: Anna Schumaker <Anna.Schumaker@Netapp.com>
+
+commit a421d218603ffa822a0b8045055c03eae394a7eb upstream.
+
+Commit de144ff4234f changes _pnfs_return_layout() to call
+pnfs_mark_matching_lsegs_return() passing NULL as the struct
+pnfs_layout_range argument. Unfortunately,
+pnfs_mark_matching_lsegs_return() doesn't check if we have a value here
+before dereferencing it, causing an oops.
+
+I'm able to hit this crash consistently when running connectathon basic
+tests on NFS v4.1/v4.2 against Ontap.
+
+Fixes: de144ff4234f ("NFSv4: Don't discard segments marked for return in _pnfs_return_layout()")
+Cc: stable@vger.kernel.org
+Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfs/pnfs.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+--- a/fs/nfs/pnfs.c
++++ b/fs/nfs/pnfs.c
+@@ -1268,6 +1268,11 @@ _pnfs_return_layout(struct inode *ino)
+ {
+ struct pnfs_layout_hdr *lo = NULL;
+ struct nfs_inode *nfsi = NFS_I(ino);
++ struct pnfs_layout_range range = {
++ .iomode = IOMODE_ANY,
++ .offset = 0,
++ .length = NFS4_MAX_UINT64,
++ };
+ LIST_HEAD(tmp_list);
+ nfs4_stateid stateid;
+ int status = 0;
+@@ -1294,16 +1299,10 @@ _pnfs_return_layout(struct inode *ino)
+ }
+ valid_layout = pnfs_layout_is_valid(lo);
+ pnfs_clear_layoutcommit(ino, &tmp_list);
+- pnfs_mark_matching_lsegs_return(lo, &tmp_list, NULL, 0);
++ pnfs_mark_matching_lsegs_return(lo, &tmp_list, &range, 0);
+
+- if (NFS_SERVER(ino)->pnfs_curr_ld->return_range) {
+- struct pnfs_layout_range range = {
+- .iomode = IOMODE_ANY,
+- .offset = 0,
+- .length = NFS4_MAX_UINT64,
+- };
++ if (NFS_SERVER(ino)->pnfs_curr_ld->return_range)
+ NFS_SERVER(ino)->pnfs_curr_ld->return_range(lo, &range);
+- }
+
+ /* Don't send a LAYOUTRETURN if list was initially empty */
+ if (!test_bit(NFS_LAYOUT_RETURN_REQUESTED, &lo->plh_flags) ||
mm-vmstat-drop-zone-lock-in-proc-pagetypeinfo.patch
usb-dwc3-gadget-enable-suspend-events.patch
nfc-nci-fix-memory-leak-in-nci_allocate_device.patch
+cifs-set-server-cipher_type-to-aes-128-ccm-for-smb3.0.patch
+nfsv4-fix-a-null-pointer-dereference-in-pnfs_mark_matching_lsegs_return.patch
+iommu-vt-d-fix-sysfs-leak-in-alloc_iommu.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
