From 37086ca4948790c32895fcefcaae3e0fd22646ba Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sun, 16 Jul 2023 11:23:27 +0200 Subject: [PATCH] 4.14-stable patches added patches: integrity-fix-possible-multiple-allocation-in-integrity_inode_get.patch jffs2-reduce-stack-usage-in-jffs2_build_xattr_subsystem.patch mmc-core-disable-trim-on-kingston-emmc04g-m627.patch mmc-core-disable-trim-on-micron-mtfc4gacajcn-1m.patch nfsd-add-encoding-of-op_recall-flag-for-write-delegation.patch --- ...le-allocation-in-integrity_inode_get.patch | 62 +++++++++ ...usage-in-jffs2_build_xattr_subsystem.patch | 128 ++++++++++++++++++ ...isable-trim-on-kingston-emmc04g-m627.patch | 46 +++++++ ...sable-trim-on-micron-mtfc4gacajcn-1m.patch | 44 ++++++ ...-op_recall-flag-for-write-delegation.patch | 32 +++++ queue-4.14/series | 5 + 6 files changed, 317 insertions(+) create mode 100644 queue-4.14/integrity-fix-possible-multiple-allocation-in-integrity_inode_get.patch create mode 100644 queue-4.14/jffs2-reduce-stack-usage-in-jffs2_build_xattr_subsystem.patch create mode 100644 queue-4.14/mmc-core-disable-trim-on-kingston-emmc04g-m627.patch create mode 100644 queue-4.14/mmc-core-disable-trim-on-micron-mtfc4gacajcn-1m.patch create mode 100644 queue-4.14/nfsd-add-encoding-of-op_recall-flag-for-write-delegation.patch diff --git a/queue-4.14/integrity-fix-possible-multiple-allocation-in-integrity_inode_get.patch b/queue-4.14/integrity-fix-possible-multiple-allocation-in-integrity_inode_get.patch new file mode 100644 index 00000000000..ac6ae19251f --- /dev/null +++ b/queue-4.14/integrity-fix-possible-multiple-allocation-in-integrity_inode_get.patch @@ -0,0 +1,62 @@ +From 9df6a4870dc371136e90330cfbbc51464ee66993 Mon Sep 17 00:00:00 2001 +From: Tianjia Zhang +Date: Thu, 1 Jun 2023 14:42:44 +0800 +Subject: integrity: Fix possible multiple allocation in integrity_inode_get() + +From: Tianjia Zhang + +commit 9df6a4870dc371136e90330cfbbc51464ee66993 upstream. + +When integrity_inode_get() is querying and inserting the cache, there +is a conditional race in the concurrent environment. + +The race condition is the result of not properly implementing +"double-checked locking". In this case, it first checks to see if the +iint cache record exists before taking the lock, but doesn't check +again after taking the integrity_iint_lock. + +Fixes: bf2276d10ce5 ("ima: allocating iint improvements") +Signed-off-by: Tianjia Zhang +Cc: Dmitry Kasatkin +Cc: # v3.10+ +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman +--- + security/integrity/iint.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +--- a/security/integrity/iint.c ++++ b/security/integrity/iint.c +@@ -43,12 +43,10 @@ static struct integrity_iint_cache *__in + else if (inode > iint->inode) + n = n->rb_right; + else +- break; ++ return iint; + } +- if (!n) +- return NULL; + +- return iint; ++ return NULL; + } + + /* +@@ -112,10 +110,15 @@ struct integrity_iint_cache *integrity_i + parent = *p; + test_iint = rb_entry(parent, struct integrity_iint_cache, + rb_node); +- if (inode < test_iint->inode) ++ if (inode < test_iint->inode) { + p = &(*p)->rb_left; +- else ++ } else if (inode > test_iint->inode) { + p = &(*p)->rb_right; ++ } else { ++ write_unlock(&integrity_iint_lock); ++ kmem_cache_free(iint_cache, iint); ++ return test_iint; ++ } + } + + iint->inode = inode; diff --git a/queue-4.14/jffs2-reduce-stack-usage-in-jffs2_build_xattr_subsystem.patch b/queue-4.14/jffs2-reduce-stack-usage-in-jffs2_build_xattr_subsystem.patch new file mode 100644 index 00000000000..7ffa2036cfa --- /dev/null +++ b/queue-4.14/jffs2-reduce-stack-usage-in-jffs2_build_xattr_subsystem.patch @@ -0,0 +1,128 @@ +From 1168f095417643f663caa341211e117db552989f Mon Sep 17 00:00:00 2001 +From: Fabian Frederick +Date: Sat, 6 May 2023 06:56:12 +0200 +Subject: jffs2: reduce stack usage in jffs2_build_xattr_subsystem() + +From: Fabian Frederick + +commit 1168f095417643f663caa341211e117db552989f upstream. + +Use kcalloc() for allocation/flush of 128 pointers table to +reduce stack usage. + +Function now returns -ENOMEM or 0 on success. + +stackusage +Before: +./fs/jffs2/xattr.c:775 jffs2_build_xattr_subsystem 1208 +dynamic,bounded + +After: +./fs/jffs2/xattr.c:775 jffs2_build_xattr_subsystem 192 +dynamic,bounded + +Also update definition when CONFIG_JFFS2_FS_XATTR is not enabled + +Tested with an MTD mount point and some user set/getfattr. + +Many current target on OpenWRT also suffer from a compilation warning +(that become an error with CONFIG_WERROR) with the following output: + +fs/jffs2/xattr.c: In function 'jffs2_build_xattr_subsystem': +fs/jffs2/xattr.c:887:1: error: the frame size of 1088 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] + 887 | } + | ^ + +Using dynamic allocation fix this compilation warning. + +Fixes: c9f700f840bd ("[JFFS2][XATTR] using 'delete marker' for xdatum/xref deletion") +Reported-by: Tim Gardner +Reported-by: kernel test robot +Reported-by: Ron Economos +Reported-by: Nathan Chancellor +Reviewed-by: Nick Desaulniers +Signed-off-by: Fabian Frederick +Signed-off-by: Christian Marangi +Cc: stable@vger.kernel.org +Message-Id: <20230506045612.16616-1-ansuelsmth@gmail.com> +Signed-off-by: Christian Brauner +Signed-off-by: Greg Kroah-Hartman +--- + fs/jffs2/build.c | 5 ++++- + fs/jffs2/xattr.c | 13 +++++++++---- + fs/jffs2/xattr.h | 4 ++-- + 3 files changed, 15 insertions(+), 7 deletions(-) + +--- a/fs/jffs2/build.c ++++ b/fs/jffs2/build.c +@@ -211,7 +211,10 @@ static int jffs2_build_filesystem(struct + ic->scan_dents = NULL; + cond_resched(); + } +- jffs2_build_xattr_subsystem(c); ++ ret = jffs2_build_xattr_subsystem(c); ++ if (ret) ++ goto exit; ++ + c->flags &= ~JFFS2_SB_FLAG_BUILDING; + + dbg_fsbuild("FS build complete\n"); +--- a/fs/jffs2/xattr.c ++++ b/fs/jffs2/xattr.c +@@ -772,10 +772,10 @@ void jffs2_clear_xattr_subsystem(struct + } + + #define XREF_TMPHASH_SIZE (128) +-void jffs2_build_xattr_subsystem(struct jffs2_sb_info *c) ++int jffs2_build_xattr_subsystem(struct jffs2_sb_info *c) + { + struct jffs2_xattr_ref *ref, *_ref; +- struct jffs2_xattr_ref *xref_tmphash[XREF_TMPHASH_SIZE]; ++ struct jffs2_xattr_ref **xref_tmphash; + struct jffs2_xattr_datum *xd, *_xd; + struct jffs2_inode_cache *ic; + struct jffs2_raw_node_ref *raw; +@@ -784,9 +784,12 @@ void jffs2_build_xattr_subsystem(struct + + BUG_ON(!(c->flags & JFFS2_SB_FLAG_BUILDING)); + ++ xref_tmphash = kcalloc(XREF_TMPHASH_SIZE, ++ sizeof(struct jffs2_xattr_ref *), GFP_KERNEL); ++ if (!xref_tmphash) ++ return -ENOMEM; ++ + /* Phase.1 : Merge same xref */ +- for (i=0; i < XREF_TMPHASH_SIZE; i++) +- xref_tmphash[i] = NULL; + for (ref=c->xref_temp; ref; ref=_ref) { + struct jffs2_xattr_ref *tmp; + +@@ -884,6 +887,8 @@ void jffs2_build_xattr_subsystem(struct + "%u of xref (%u dead, %u orphan) found.\n", + xdatum_count, xdatum_unchecked_count, xdatum_orphan_count, + xref_count, xref_dead_count, xref_orphan_count); ++ kfree(xref_tmphash); ++ return 0; + } + + struct jffs2_xattr_datum *jffs2_setup_xattr_datum(struct jffs2_sb_info *c, +--- a/fs/jffs2/xattr.h ++++ b/fs/jffs2/xattr.h +@@ -71,7 +71,7 @@ static inline int is_xattr_ref_dead(stru + #ifdef CONFIG_JFFS2_FS_XATTR + + extern void jffs2_init_xattr_subsystem(struct jffs2_sb_info *c); +-extern void jffs2_build_xattr_subsystem(struct jffs2_sb_info *c); ++extern int jffs2_build_xattr_subsystem(struct jffs2_sb_info *c); + extern void jffs2_clear_xattr_subsystem(struct jffs2_sb_info *c); + + extern struct jffs2_xattr_datum *jffs2_setup_xattr_datum(struct jffs2_sb_info *c, +@@ -103,7 +103,7 @@ extern ssize_t jffs2_listxattr(struct de + #else + + #define jffs2_init_xattr_subsystem(c) +-#define jffs2_build_xattr_subsystem(c) ++#define jffs2_build_xattr_subsystem(c) (0) + #define jffs2_clear_xattr_subsystem(c) + + #define jffs2_xattr_do_crccheck_inode(c, ic) diff --git a/queue-4.14/mmc-core-disable-trim-on-kingston-emmc04g-m627.patch b/queue-4.14/mmc-core-disable-trim-on-kingston-emmc04g-m627.patch new file mode 100644 index 00000000000..c77405ac358 --- /dev/null +++ b/queue-4.14/mmc-core-disable-trim-on-kingston-emmc04g-m627.patch @@ -0,0 +1,46 @@ +From f1738a1f816233e6dfc2407f24a31d596643fd90 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Mon, 19 Jun 2023 21:35:58 +0200 +Subject: mmc: core: disable TRIM on Kingston EMMC04G-M627 + +From: Robert Marko + +commit f1738a1f816233e6dfc2407f24a31d596643fd90 upstream. + +It seems that Kingston EMMC04G-M627 despite advertising TRIM support does +not work when the core is trying to use REQ_OP_WRITE_ZEROES. + +We are seeing I/O errors in OpenWrt under 6.1 on Zyxel NBG7815 that we did +not previously have and tracked it down to REQ_OP_WRITE_ZEROES. + +Trying to use fstrim seems to also throw errors like: +[93010.835112] I/O error, dev loop0, sector 16902 op 0x3:(DISCARD) flags 0x800 phys_seg 1 prio class 2 + +Disabling TRIM makes the error go away, so lets add a quirk for this eMMC +to disable TRIM. + +Signed-off-by: Robert Marko +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230619193621.437358-1-robimarko@gmail.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/core/quirks.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/mmc/core/quirks.h ++++ b/drivers/mmc/core/quirks.h +@@ -91,6 +91,13 @@ static const struct mmc_fixup mmc_blk_fi + MMC_QUIRK_SEC_ERASE_TRIM_BROKEN), + + /* ++ * Kingston EMMC04G-M627 advertises TRIM but it does not seems to ++ * support being used to offload WRITE_ZEROES. ++ */ ++ MMC_FIXUP("M62704", CID_MANFID_KINGSTON, 0x0100, add_quirk_mmc, ++ MMC_QUIRK_TRIM_BROKEN), ++ ++ /* + * On Some Kingston eMMCs, performing trim can result in + * unrecoverable data conrruption occasionally due to a firmware bug. + */ diff --git a/queue-4.14/mmc-core-disable-trim-on-micron-mtfc4gacajcn-1m.patch b/queue-4.14/mmc-core-disable-trim-on-micron-mtfc4gacajcn-1m.patch new file mode 100644 index 00000000000..6730eea968d --- /dev/null +++ b/queue-4.14/mmc-core-disable-trim-on-micron-mtfc4gacajcn-1m.patch @@ -0,0 +1,44 @@ +From dbfbddcddcebc9ce8a08757708d4e4a99d238e44 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Tue, 30 May 2023 23:32:59 +0200 +Subject: mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M + +From: Robert Marko + +commit dbfbddcddcebc9ce8a08757708d4e4a99d238e44 upstream. + +It seems that Micron MTFC4GACAJCN-1M despite advertising TRIM support does +not work when the core is trying to use REQ_OP_WRITE_ZEROES. + +We are seeing the following errors in OpenWrt under 6.1 on Qnap Qhora 301W +that we did not previously have and tracked it down to REQ_OP_WRITE_ZEROES: +[ 18.085950] I/O error, dev loop0, sector 596 op 0x9:(WRITE_ZEROES) flags 0x800 phys_seg 0 prio class 2 + +Disabling TRIM makes the error go away, so lets add a quirk for this eMMC +to disable TRIM. + +Signed-off-by: Robert Marko +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230530213259.1776512-1-robimarko@gmail.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/core/quirks.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/mmc/core/quirks.h ++++ b/drivers/mmc/core/quirks.h +@@ -98,6 +98,13 @@ static const struct mmc_fixup mmc_blk_fi + MMC_QUIRK_TRIM_BROKEN), + + /* ++ * Micron MTFC4GACAJCN-1M advertises TRIM but it does not seems to ++ * support being used to offload WRITE_ZEROES. ++ */ ++ MMC_FIXUP("Q2J54A", CID_MANFID_MICRON, 0x014e, add_quirk_mmc, ++ MMC_QUIRK_TRIM_BROKEN), ++ ++ /* + * On Some Kingston eMMCs, performing trim can result in + * unrecoverable data conrruption occasionally due to a firmware bug. + */ diff --git a/queue-4.14/nfsd-add-encoding-of-op_recall-flag-for-write-delegation.patch b/queue-4.14/nfsd-add-encoding-of-op_recall-flag-for-write-delegation.patch new file mode 100644 index 00000000000..1ef44cd4b82 --- /dev/null +++ b/queue-4.14/nfsd-add-encoding-of-op_recall-flag-for-write-delegation.patch @@ -0,0 +1,32 @@ +From 58f5d894006d82ed7335e1c37182fbc5f08c2f51 Mon Sep 17 00:00:00 2001 +From: Dai Ngo +Date: Tue, 6 Jun 2023 16:41:02 -0700 +Subject: NFSD: add encoding of op_recall flag for write delegation + +From: Dai Ngo + +commit 58f5d894006d82ed7335e1c37182fbc5f08c2f51 upstream. + +Modified nfsd4_encode_open to encode the op_recall flag properly +for OPEN result with write delegation granted. + +Signed-off-by: Dai Ngo +Reviewed-by: Jeff Layton +Signed-off-by: Chuck Lever +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfsd/nfs4xdr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -3361,7 +3361,7 @@ nfsd4_encode_open(struct nfsd4_compoundr + p = xdr_reserve_space(xdr, 32); + if (!p) + return nfserr_resource; +- *p++ = cpu_to_be32(0); ++ *p++ = cpu_to_be32(open->op_recall); + + /* + * TODO: space_limit's in delegations diff --git a/queue-4.14/series b/queue-4.14/series index eb0696a1596..f5a1eeeef5d 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -75,3 +75,8 @@ net-bridge-keep-ports-without-iff_unicast_flt-in-br_.patch tcp-annotate-data-races-in-__tcp_oow_rate_limited.patch net-sched-act_pedit-add-size-check-for-tca_pedit_par.patch sh-dma-fix-dma-channel-offset-calculation.patch +nfsd-add-encoding-of-op_recall-flag-for-write-delegation.patch +mmc-core-disable-trim-on-kingston-emmc04g-m627.patch +mmc-core-disable-trim-on-micron-mtfc4gacajcn-1m.patch +integrity-fix-possible-multiple-allocation-in-integrity_inode_get.patch +jffs2-reduce-stack-usage-in-jffs2_build_xattr_subsystem.patch -- 2.47.3