From: Greg Kroah-Hartman Date: Thu, 28 Sep 2017 13:33:29 +0000 (+0200) Subject: 3.18-stable patches X-Git-Tag: v3.18.73~43 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f7ec87acbb3625f6bded69cd6e2146b78d552235;p=thirdparty%2Fkernel%2Fstable-queue.git 3.18-stable patches added patches: cifs-release-auth_key.response-for-reconnect.patch cifs-release-cifs-root_cred-after-exit_cifs.patch --- diff --git a/queue-3.18/cifs-release-auth_key.response-for-reconnect.patch b/queue-3.18/cifs-release-auth_key.response-for-reconnect.patch new file mode 100644 index 00000000000..8b4db592837 --- /dev/null +++ b/queue-3.18/cifs-release-auth_key.response-for-reconnect.patch @@ -0,0 +1,58 @@ +From f5c4ba816315d3b813af16f5571f86c8d4e897bd Mon Sep 17 00:00:00 2001 +From: Shu Wang +Date: Fri, 8 Sep 2017 18:48:33 +0800 +Subject: cifs: release auth_key.response for reconnect. + +From: Shu Wang + +commit f5c4ba816315d3b813af16f5571f86c8d4e897bd upstream. + +There is a race that cause cifs reconnect in cifs_mount, +- cifs_mount + - cifs_get_tcp_session + - [ start thread cifs_demultiplex_thread + - cifs_read_from_socket: -ECONNABORTED + - DELAY_WORK smb2_reconnect_server ] + - cifs_setup_session + - [ smb2_reconnect_server ] + +auth_key.response was allocated in cifs_setup_session, and +will release when the session destoried. So when session re- +connect, auth_key.response should be check and released. + +Tested with my system: +CIFS VFS: Free previous auth_key.response = ffff8800320bbf80 + +A simple auth_key.response allocation call trace: +- cifs_setup_session +- SMB2_sess_setup +- SMB2_sess_auth_rawntlmssp_authenticate +- build_ntlmssp_auth_blob +- setup_ntlmv2_rsp + +Signed-off-by: Shu Wang +Signed-off-by: Steve French +Reviewed-by: Ronnie Sahlberg +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/connect.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -3958,6 +3958,14 @@ cifs_setup_session(const unsigned int xi + cifs_dbg(FYI, "Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d\n", + server->sec_mode, server->capabilities, server->timeAdj); + ++ if (ses->auth_key.response) { ++ cifs_dbg(VFS, "Free previous auth_key.response = %p\n", ++ ses->auth_key.response); ++ kfree(ses->auth_key.response); ++ ses->auth_key.response = NULL; ++ ses->auth_key.len = 0; ++ } ++ + if (server->ops->sess_setup) + rc = server->ops->sess_setup(xid, ses, nls_info); + diff --git a/queue-3.18/cifs-release-cifs-root_cred-after-exit_cifs.patch b/queue-3.18/cifs-release-cifs-root_cred-after-exit_cifs.patch new file mode 100644 index 00000000000..ee23fe331e2 --- /dev/null +++ b/queue-3.18/cifs-release-cifs-root_cred-after-exit_cifs.patch @@ -0,0 +1,47 @@ +From 94183331e815617246b1baa97e0916f358c794bb Mon Sep 17 00:00:00 2001 +From: Shu Wang +Date: Thu, 7 Sep 2017 16:03:27 +0800 +Subject: cifs: release cifs root_cred after exit_cifs + +From: Shu Wang + +commit 94183331e815617246b1baa97e0916f358c794bb upstream. + +memory leak was found by kmemleak. exit_cifs_spnego +should be called before cifs module removed, or +cifs root_cred will not be released. + +kmemleak report: +unreferenced object 0xffff880070a3ce40 (size 192): + backtrace: + kmemleak_alloc+0x4a/0xa0 + kmem_cache_alloc+0xc7/0x1d0 + prepare_kernel_cred+0x20/0x120 + init_cifs_spnego+0x2d/0x170 [cifs] + 0xffffffffc07801f3 + do_one_initcall+0x51/0x1b0 + do_init_module+0x60/0x1fd + load_module+0x161e/0x1b60 + SYSC_finit_module+0xa9/0x100 + SyS_finit_module+0xe/0x10 + +Signed-off-by: Shu Wang +Signed-off-by: Steve French +Reviewed-by: Ronnie Sahlberg +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/cifsfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/cifs/cifsfs.c ++++ b/fs/cifs/cifsfs.c +@@ -1311,7 +1311,7 @@ exit_cifs(void) + exit_cifs_idmap(); + #endif + #ifdef CONFIG_CIFS_UPCALL +- unregister_key_type(&cifs_spnego_key_type); ++ exit_cifs_spnego(); + #endif + cifs_destroy_request_bufs(); + cifs_destroy_mids(); diff --git a/queue-3.18/series b/queue-3.18/series new file mode 100644 index 00000000000..718257a2567 --- /dev/null +++ b/queue-3.18/series @@ -0,0 +1,2 @@ +cifs-release-cifs-root_cred-after-exit_cifs.patch +cifs-release-auth_key.response-for-reconnect.patch diff --git a/queue-4.13/series b/queue-4.13/series new file mode 100644 index 00000000000..ae6a188f98e --- /dev/null +++ b/queue-4.13/series @@ -0,0 +1,12 @@ +cifs-check-rsp-for-null-before-dereferencing-in-smb2_open.patch +cifs-release-cifs-root_cred-after-exit_cifs.patch +cifs-release-auth_key.response-for-reconnect.patch +nvme-pci-fix-host-memory-buffer-allocation-fallback.patch +nvme-pci-use-appropriate-initial-chunk-size-for-hmb-allocation.patch +nvme-pci-propagate-some-errors-from-host-memory-buffer-setup.patch +dax-remove-the-pmem_dax_ops-flush-abstraction.patch +dm-integrity-do-not-check-integrity-for-failed-read-operations.patch +mmc-block-fix-incorrectly-initialized-requests.patch +fs-proc-report-eip-esp-in-prod-pid-stat-for-coredumping.patch +scsi-scsi_transport_fc-fix-null-pointer-dereference-in-fc_bsg_job_timeout.patch +smb3-add-support-for-multidialect-negotiate-smb2.1-and-later.patch diff --git a/queue-4.4/series b/queue-4.4/series new file mode 100644 index 00000000000..718257a2567 --- /dev/null +++ b/queue-4.4/series @@ -0,0 +1,2 @@ +cifs-release-cifs-root_cred-after-exit_cifs.patch +cifs-release-auth_key.response-for-reconnect.patch diff --git a/queue-4.9/series b/queue-4.9/series new file mode 100644 index 00000000000..6772ac3f13a --- /dev/null +++ b/queue-4.9/series @@ -0,0 +1,3 @@ +cifs-release-cifs-root_cred-after-exit_cifs.patch +cifs-release-auth_key.response-for-reconnect.patch +fs-proc-report-eip-esp-in-prod-pid-stat-for-coredumping.patch