From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 16 Sep 2017 01:28:46 +0000 (-0700)
Subject: 4.13-stable patches
X-Git-Tag: v4.9.51~21
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=451bf6c9ee146fda0967aef988a8e512bf504905;p=thirdparty%2Fkernel%2Fstable-queue.git

4.13-stable patches

added patches:
	f2fs-check-hot_data-for-roll-forward-recovery.patch
	f2fs-let-fill_super-handle-roll-forward-errors.patch
	thunderbolt-allow-clearing-the-key.patch
	thunderbolt-make-key-root-only-accessible.patch
	thunderbolt-remove-superfluous-check.patch
---

diff --git a/queue-4.13/f2fs-check-hot_data-for-roll-forward-recovery.patch b/queue-4.13/f2fs-check-hot_data-for-roll-forward-recovery.patch
new file mode 100644
index 00000000000..ddedea95198
--- /dev/null
+++ b/queue-4.13/f2fs-check-hot_data-for-roll-forward-recovery.patch
@@ -0,0 +1,31 @@
+From 125c9fb1ccb53eb2ea9380df40f3c743f3fb2fed Mon Sep 17 00:00:00 2001
+From: Jaegeuk Kim <jaegeuk@kernel.org>
+Date: Sat, 12 Aug 2017 21:33:23 -0700
+Subject: f2fs: check hot_data for roll-forward recovery
+
+From: Jaegeuk Kim <jaegeuk@kernel.org>
+
+commit 125c9fb1ccb53eb2ea9380df40f3c743f3fb2fed upstream.
+
+We need to check HOT_DATA to truncate any previous data block when doing
+roll-forward recovery.
+
+Reviewed-by: Chao Yu <yuchao0@huawei.com>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/f2fs/recovery.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/f2fs/recovery.c
++++ b/fs/f2fs/recovery.c
+@@ -291,7 +291,7 @@ static int check_index_in_prev_nodes(str
+ 		return 0;
+ 
+ 	/* Get the previous summary */
+-	for (i = CURSEG_WARM_DATA; i <= CURSEG_COLD_DATA; i++) {
++	for (i = CURSEG_HOT_DATA; i <= CURSEG_COLD_DATA; i++) {
+ 		struct curseg_info *curseg = CURSEG_I(sbi, i);
+ 		if (curseg->segno == segno) {
+ 			sum = curseg->sum_blk->entries[blkoff];
diff --git a/queue-4.13/f2fs-let-fill_super-handle-roll-forward-errors.patch b/queue-4.13/f2fs-let-fill_super-handle-roll-forward-errors.patch
new file mode 100644
index 00000000000..5e24613666e
--- /dev/null
+++ b/queue-4.13/f2fs-let-fill_super-handle-roll-forward-errors.patch
@@ -0,0 +1,34 @@
+From afd2b4da40b3b567ef8d8e6881479345a2312a03 Mon Sep 17 00:00:00 2001
+From: Jaegeuk Kim <jaegeuk@kernel.org>
+Date: Thu, 10 Aug 2017 17:35:04 -0700
+Subject: f2fs: let fill_super handle roll-forward errors
+
+From: Jaegeuk Kim <jaegeuk@kernel.org>
+
+commit afd2b4da40b3b567ef8d8e6881479345a2312a03 upstream.
+
+If we set CP_ERROR_FLAG in roll-forward error, f2fs is no longer to proceed
+any IOs due to f2fs_cp_error(). But, for example, if some stale data is involved
+on roll-forward process, we're able to get -ENOENT, getting fs stuck.
+If we get any error, let fill_super set SBI_NEED_FSCK and try to recover back
+to stable point.
+
+Reviewed-by: Chao Yu <yuchao0@huawei.com>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/f2fs/recovery.c |    2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/fs/f2fs/recovery.c
++++ b/fs/f2fs/recovery.c
+@@ -599,8 +599,6 @@ out:
+ 	}
+ 
+ 	clear_sbi_flag(sbi, SBI_POR_DOING);
+-	if (err)
+-		set_ckpt_flags(sbi, CP_ERROR_FLAG);
+ 	mutex_unlock(&sbi->cp_mutex);
+ 
+ 	/* let's drop all the directory inodes for clean checkpoint */
diff --git a/queue-4.13/series b/queue-4.13/series
index f64f0e3d801..1f46a1b0109 100644
--- a/queue-4.13/series
+++ b/queue-4.13/series
@@ -9,3 +9,8 @@ ipv6-fix-typo-in-fib6_net_exit.patch
 sctp-fix-missing-wake-ups-in-some-situations.patch
 tcp-fix-a-request-socket-leak.patch
 ip_tunnel-fix-setting-ttl-and-tos-value-in-collect_md-mode.patch
+f2fs-let-fill_super-handle-roll-forward-errors.patch
+f2fs-check-hot_data-for-roll-forward-recovery.patch
+thunderbolt-remove-superfluous-check.patch
+thunderbolt-make-key-root-only-accessible.patch
+thunderbolt-allow-clearing-the-key.patch
diff --git a/queue-4.13/thunderbolt-allow-clearing-the-key.patch b/queue-4.13/thunderbolt-allow-clearing-the-key.patch
new file mode 100644
index 00000000000..591355696c3
--- /dev/null
+++ b/queue-4.13/thunderbolt-allow-clearing-the-key.patch
@@ -0,0 +1,71 @@
+From e545f0d8a54a9594fe604d67d80ca6fddf72ca59 Mon Sep 17 00:00:00 2001
+From: "Bernat, Yehezkel" <yehezkel.bernat@intel.com>
+Date: Tue, 15 Aug 2017 08:19:20 +0300
+Subject: thunderbolt: Allow clearing the key
+
+From: Bernat, Yehezkel <yehezkel.bernat@intel.com>
+
+commit e545f0d8a54a9594fe604d67d80ca6fddf72ca59 upstream.
+
+If secure authentication of a devices fails, either because the device
+already has another key uploaded, or there is some other error sending
+challenge to the device, and the user only wants to approve the device
+just once (without a new key being uploaded to the device) the current
+implementation does not allow this because the key cannot be cleared
+once set even if we allow it to be changed.
+
+Make this scenario possible and allow clearing the key by writing
+empty string to the key sysfs file.
+
+Signed-off-by: Yehezkel Bernat <yehezkel.bernat@intel.com>
+Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ Documentation/ABI/testing/sysfs-bus-thunderbolt |    2 ++
+ drivers/thunderbolt/switch.c                    |   15 +++++++++++----
+ 2 files changed, 13 insertions(+), 4 deletions(-)
+
+--- a/Documentation/ABI/testing/sysfs-bus-thunderbolt
++++ b/Documentation/ABI/testing/sysfs-bus-thunderbolt
+@@ -45,6 +45,8 @@ Contact:	thunderbolt-software@lists.01.o
+ Description:	When a devices supports Thunderbolt secure connect it will
+ 		have this attribute. Writing 32 byte hex string changes
+ 		authorization to use the secure connection method instead.
++		Writing an empty string clears the key and regular connection
++		method can be used again.
+ 
+ What:		/sys/bus/thunderbolt/devices/.../device
+ Date:		Sep 2017
+--- a/drivers/thunderbolt/switch.c
++++ b/drivers/thunderbolt/switch.c
+@@ -807,8 +807,11 @@ static ssize_t key_store(struct device *
+ 	struct tb_switch *sw = tb_to_switch(dev);
+ 	u8 key[TB_SWITCH_KEY_SIZE];
+ 	ssize_t ret = count;
++	bool clear = false;
+ 
+-	if (hex2bin(key, buf, sizeof(key)))
++	if (!strcmp(buf, "\n"))
++		clear = true;
++	else if (hex2bin(key, buf, sizeof(key)))
+ 		return -EINVAL;
+ 
+ 	if (mutex_lock_interruptible(&switch_lock))
+@@ -818,9 +821,13 @@ static ssize_t key_store(struct device *
+ 		ret = -EBUSY;
+ 	} else {
+ 		kfree(sw->key);
+-		sw->key = kmemdup(key, sizeof(key), GFP_KERNEL);
+-		if (!sw->key)
+-			ret = -ENOMEM;
++		if (clear) {
++			sw->key = NULL;
++		} else {
++			sw->key = kmemdup(key, sizeof(key), GFP_KERNEL);
++			if (!sw->key)
++				ret = -ENOMEM;
++		}
+ 	}
+ 
+ 	mutex_unlock(&switch_lock);
diff --git a/queue-4.13/thunderbolt-make-key-root-only-accessible.patch b/queue-4.13/thunderbolt-make-key-root-only-accessible.patch
new file mode 100644
index 00000000000..87ee1c19515
--- /dev/null
+++ b/queue-4.13/thunderbolt-make-key-root-only-accessible.patch
@@ -0,0 +1,31 @@
+From 0956e41169222822d3557871fcd1d32e4fa7e934 Mon Sep 17 00:00:00 2001
+From: "Bernat, Yehezkel" <yehezkel.bernat@intel.com>
+Date: Tue, 15 Aug 2017 08:19:12 +0300
+Subject: thunderbolt: Make key root-only accessible
+
+From: Bernat, Yehezkel <yehezkel.bernat@intel.com>
+
+commit 0956e41169222822d3557871fcd1d32e4fa7e934 upstream.
+
+Non-root user may read the key back after root wrote it there.
+This removes read access to everyone but root.
+
+Signed-off-by: Yehezkel Bernat <yehezkel.bernat@intel.com>
+Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/thunderbolt/switch.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/thunderbolt/switch.c
++++ b/drivers/thunderbolt/switch.c
+@@ -826,7 +826,7 @@ static ssize_t key_store(struct device *
+ 	mutex_unlock(&switch_lock);
+ 	return ret;
+ }
+-static DEVICE_ATTR_RW(key);
++static DEVICE_ATTR(key, 0600, key_show, key_store);
+ 
+ static ssize_t nvm_authenticate_show(struct device *dev,
+ 	struct device_attribute *attr, char *buf)
diff --git a/queue-4.13/thunderbolt-remove-superfluous-check.patch b/queue-4.13/thunderbolt-remove-superfluous-check.patch
new file mode 100644
index 00000000000..0f8f17bdb06
--- /dev/null
+++ b/queue-4.13/thunderbolt-remove-superfluous-check.patch
@@ -0,0 +1,32 @@
+From 8fdd6ab36197ad891233572c57781b1f537da0ac Mon Sep 17 00:00:00 2001
+From: "Bernat, Yehezkel" <yehezkel.bernat@intel.com>
+Date: Tue, 15 Aug 2017 08:19:01 +0300
+Subject: thunderbolt: Remove superfluous check
+
+From: Bernat, Yehezkel <yehezkel.bernat@intel.com>
+
+commit 8fdd6ab36197ad891233572c57781b1f537da0ac upstream.
+
+The key size is tested by hex2bin() already (as '\0' isn't an hex digit)
+
+Suggested-by: Andy Shevchenko <andriy.shevchenko@intel.com>
+Signed-off-by: Yehezkel Bernat <yehezkel.bernat@intel.com>
+Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/thunderbolt/switch.c |    3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/drivers/thunderbolt/switch.c
++++ b/drivers/thunderbolt/switch.c
+@@ -808,9 +808,6 @@ static ssize_t key_store(struct device *
+ 	u8 key[TB_SWITCH_KEY_SIZE];
+ 	ssize_t ret = count;
+ 
+-	if (count < 64)
+-		return -EINVAL;
+-
+ 	if (hex2bin(key, buf, sizeof(key)))
+ 		return -EINVAL;
+