From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 6 Feb 2020 19:32:03 +0000 (+0100)
Subject: 5.5-stable patches
X-Git-Tag: v4.19.103~113
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=109361d3eac75f9b2d0735ca3a227b530138b379;p=thirdparty%2Fkernel%2Fstable-queue.git

5.5-stable patches

added patches:
	ubifs-fix-deadlock-in-concurrent-bulk-read-and-writepage.patch
	ubifs-fix-fs_ioc_setflags-unexpectedly-clearing-encrypt-flag.patch
	ubifs-fix-wrong-memory-allocation.patch
---

diff --git a/queue-5.5/series b/queue-5.5/series
index 6aa3a5b45f1..152dae04960 100644
--- a/queue-5.5/series
+++ b/queue-5.5/series
@@ -100,3 +100,6 @@ smb3-fix-default-permissions-on-new-files-when-mounting-with-modefromsid.patch
 alarmtimer-unregister-wakeup-source-when-module-get-fails.patch
 fscrypt-don-t-print-name-of-busy-file-when-removing-key.patch
 ubifs-don-t-trigger-assertion-on-invalid-no-key-filename.patch
+ubifs-fix-wrong-memory-allocation.patch
+ubifs-fix-fs_ioc_setflags-unexpectedly-clearing-encrypt-flag.patch
+ubifs-fix-deadlock-in-concurrent-bulk-read-and-writepage.patch
diff --git a/queue-5.5/ubifs-fix-deadlock-in-concurrent-bulk-read-and-writepage.patch b/queue-5.5/ubifs-fix-deadlock-in-concurrent-bulk-read-and-writepage.patch
new file mode 100644
index 00000000000..e8476079881
--- /dev/null
+++ b/queue-5.5/ubifs-fix-deadlock-in-concurrent-bulk-read-and-writepage.patch
@@ -0,0 +1,59 @@
+From f5de5b83303e61b1f3fb09bd77ce3ac2d7a475f2 Mon Sep 17 00:00:00 2001
+From: Zhihao Cheng <chengzhihao1@huawei.com>
+Date: Sat, 11 Jan 2020 17:50:36 +0800
+Subject: ubifs: Fix deadlock in concurrent bulk-read and writepage
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Zhihao Cheng <chengzhihao1@huawei.com>
+
+commit f5de5b83303e61b1f3fb09bd77ce3ac2d7a475f2 upstream.
+
+In ubifs, concurrent execution of writepage and bulk read on the same file
+may cause ABBA deadlock, for example (Reproduce method see Link):
+
+Process A(Bulk-read starts from page4)         Process B(write page4 back)
+  vfs_read                                       wb_workfn or fsync
+  ...                                            ...
+  generic_file_buffered_read                     write_cache_pages
+    ubifs_readpage                                 LOCK(page4)
+
+      ubifs_bulk_read                              ubifs_writepage
+        LOCK(ui->ui_mutex)                           ubifs_write_inode
+
+	  ubifs_do_bulk_read                           LOCK(ui->ui_mutex)
+	    find_or_create_page(alloc page4)                  ↑
+	      LOCK(page4)                   <--     ABBA deadlock occurs!
+
+In order to ensure the serialization execution of bulk read, we can't
+remove the big lock 'ui->ui_mutex' in ubifs_bulk_read(). Instead, we
+allow ubifs_do_bulk_read() to lock page failed by replacing
+find_or_create_page(FGP_LOCK) with
+pagecache_get_page(FGP_LOCK | FGP_NOWAIT).
+
+Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
+Suggested-by: zhangyi (F) <yi.zhang@huawei.com>
+Cc: <Stable@vger.kernel.org>
+Fixes: 4793e7c5e1c ("UBIFS: add bulk-read facility")
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=206153
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ubifs/file.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/ubifs/file.c
++++ b/fs/ubifs/file.c
+@@ -786,7 +786,9 @@ static int ubifs_do_bulk_read(struct ubi
+ 
+ 		if (page_offset > end_index)
+ 			break;
+-		page = find_or_create_page(mapping, page_offset, ra_gfp_mask);
++		page = pagecache_get_page(mapping, page_offset,
++				 FGP_LOCK|FGP_ACCESSED|FGP_CREAT|FGP_NOWAIT,
++				 ra_gfp_mask);
+ 		if (!page)
+ 			break;
+ 		if (!PageUptodate(page))
diff --git a/queue-5.5/ubifs-fix-fs_ioc_setflags-unexpectedly-clearing-encrypt-flag.patch b/queue-5.5/ubifs-fix-fs_ioc_setflags-unexpectedly-clearing-encrypt-flag.patch
new file mode 100644
index 00000000000..ec1a1060da3
--- /dev/null
+++ b/queue-5.5/ubifs-fix-fs_ioc_setflags-unexpectedly-clearing-encrypt-flag.patch
@@ -0,0 +1,57 @@
+From 2b57067a7778484c10892fa191997bfda29fea13 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Mon, 9 Dec 2019 14:23:24 -0800
+Subject: ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 2b57067a7778484c10892fa191997bfda29fea13 upstream.
+
+UBIFS's implementation of FS_IOC_SETFLAGS fails to preserve existing
+inode flags that aren't settable by FS_IOC_SETFLAGS, namely the encrypt
+flag.  This causes the encrypt flag to be unexpectedly cleared.
+
+Fix it by preserving existing unsettable flags, like ext4 and f2fs do.
+
+Test case with kvm-xfstests shell:
+
+    FSTYP=ubifs KEYCTL_PROG=keyctl
+    . fs/ubifs/config
+    . ~/xfstests/common/encrypt
+    dev=$(__blkdev_to_ubi_volume /dev/vdc)
+    ubiupdatevol -t $dev
+    mount $dev /mnt -t ubifs
+    k=$(_generate_session_encryption_key)
+    mkdir /mnt/edir
+    xfs_io -c "set_encpolicy $k" /mnt/edir
+    echo contents > /mnt/edir/file
+    chattr +i /mnt/edir/file
+    chattr -i /mnt/edir/file
+
+With the bug, the following errors occur on the last command:
+
+    [   18.081559] fscrypt (ubifs, inode 67): Inconsistent encryption context (parent directory: 65)
+    chattr: Operation not permitted while reading flags on /mnt/edir/file
+
+Fixes: d475a507457b ("ubifs: Add skeleton for fscrypto")
+Cc: <stable@vger.kernel.org> # v4.10+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ubifs/ioctl.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/ubifs/ioctl.c
++++ b/fs/ubifs/ioctl.c
+@@ -113,7 +113,8 @@ static int setflags(struct inode *inode,
+ 	if (err)
+ 		goto out_unlock;
+ 
+-	ui->flags = ioctl2ubifs(flags);
++	ui->flags &= ~ioctl2ubifs(UBIFS_SUPPORTED_IOCTL_FLAGS);
++	ui->flags |= ioctl2ubifs(flags);
+ 	ubifs_set_inode_flags(inode);
+ 	inode->i_ctime = current_time(inode);
+ 	release = ui->dirty;
diff --git a/queue-5.5/ubifs-fix-wrong-memory-allocation.patch b/queue-5.5/ubifs-fix-wrong-memory-allocation.patch
new file mode 100644
index 00000000000..bab3dcfd6fc
--- /dev/null
+++ b/queue-5.5/ubifs-fix-wrong-memory-allocation.patch
@@ -0,0 +1,36 @@
+From edec51374bce779f37fc209a228139c55d90ec8d Mon Sep 17 00:00:00 2001
+From: Sascha Hauer <s.hauer@pengutronix.de>
+Date: Wed, 4 Dec 2019 11:09:58 +0100
+Subject: ubifs: Fix wrong memory allocation
+
+From: Sascha Hauer <s.hauer@pengutronix.de>
+
+commit edec51374bce779f37fc209a228139c55d90ec8d upstream.
+
+In create_default_filesystem() when we allocate the idx node we must use
+the idx_node_size we calculated just one line before, not tmp, which
+contains completely other data.
+
+Fixes: c4de6d7e4319 ("ubifs: Refactor create_default_filesystem()")
+Cc: stable@vger.kernel.org # v4.20+
+Reported-by: Naga Sureshkumar Relli <nagasure@xilinx.com>
+Tested-by: Naga Sureshkumar Relli <nagasure@xilinx.com>
+Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ubifs/sb.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/ubifs/sb.c
++++ b/fs/ubifs/sb.c
+@@ -161,7 +161,7 @@ static int create_default_filesystem(str
+ 	sup = kzalloc(ALIGN(UBIFS_SB_NODE_SZ, c->min_io_size), GFP_KERNEL);
+ 	mst = kzalloc(c->mst_node_alsz, GFP_KERNEL);
+ 	idx_node_size = ubifs_idx_node_sz(c, 1);
+-	idx = kzalloc(ALIGN(tmp, c->min_io_size), GFP_KERNEL);
++	idx = kzalloc(ALIGN(idx_node_size, c->min_io_size), GFP_KERNEL);
+ 	ino = kzalloc(ALIGN(UBIFS_INO_NODE_SZ, c->min_io_size), GFP_KERNEL);
+ 	cs = kzalloc(ALIGN(UBIFS_CS_NODE_SZ, c->min_io_size), GFP_KERNEL);
+