From 5025ca62ee90e1ce1dcff6f201fb63f9c68dfdbd Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 7 May 2021 17:31:48 +0200
Subject: [PATCH] 4.19-stable patches

added patches:
	btrfs-fix-metadata-extent-leak-after-failure-to-create-subvolume.patch
	cifs-return-correct-error-code-from-smb2_get_enc_key.patch
	intel_th-pci-add-rocket-lake-cpu-support.patch
---
 ...ak-after-failure-to-create-subvolume.patch | 95 +++++++++++++++++++
 ...ect-error-code-from-smb2_get_enc_key.patch | 50 ++++++++++
 ...l_th-pci-add-rocket-lake-cpu-support.patch | 35 +++++++
 queue-4.19/series                             |  3 +
 4 files changed, 183 insertions(+)
 create mode 100644 queue-4.19/btrfs-fix-metadata-extent-leak-after-failure-to-create-subvolume.patch
 create mode 100644 queue-4.19/cifs-return-correct-error-code-from-smb2_get_enc_key.patch
 create mode 100644 queue-4.19/intel_th-pci-add-rocket-lake-cpu-support.patch

diff --git a/queue-4.19/btrfs-fix-metadata-extent-leak-after-failure-to-create-subvolume.patch b/queue-4.19/btrfs-fix-metadata-extent-leak-after-failure-to-create-subvolume.patch
new file mode 100644
index 00000000000..cf1f39ffcc8
--- /dev/null
+++ b/queue-4.19/btrfs-fix-metadata-extent-leak-after-failure-to-create-subvolume.patch
@@ -0,0 +1,95 @@
+From 67addf29004c5be9fa0383c82a364bb59afc7f84 Mon Sep 17 00:00:00 2001
+From: Filipe Manana <fdmanana@suse.com>
+Date: Tue, 20 Apr 2021 10:55:12 +0100
+Subject: btrfs: fix metadata extent leak after failure to create subvolume
+
+From: Filipe Manana <fdmanana@suse.com>
+
+commit 67addf29004c5be9fa0383c82a364bb59afc7f84 upstream.
+
+When creating a subvolume we allocate an extent buffer for its root node
+after starting a transaction. We setup a root item for the subvolume that
+points to that extent buffer and then attempt to insert the root item into
+the root tree - however if that fails, due to ENOMEM for example, we do
+not free the extent buffer previously allocated and we do not abort the
+transaction (as at that point we did nothing that can not be undone).
+
+This means that we effectively do not return the metadata extent back to
+the free space cache/tree and we leave a delayed reference for it which
+causes a metadata extent item to be added to the extent tree, in the next
+transaction commit, without having backreferences. When this happens
+'btrfs check' reports the following:
+
+  $ btrfs check /dev/sdi
+  Opening filesystem to check...
+  Checking filesystem on /dev/sdi
+  UUID: dce2cb9d-025f-4b05-a4bf-cee0ad3785eb
+  [1/7] checking root items
+  [2/7] checking extents
+  ref mismatch on [30425088 16384] extent item 1, found 0
+  backref 30425088 root 256 not referenced back 0x564a91c23d70
+  incorrect global backref count on 30425088 found 1 wanted 0
+  backpointer mismatch on [30425088 16384]
+  owner ref check failed [30425088 16384]
+  ERROR: errors found in extent allocation tree or chunk allocation
+  [3/7] checking free space cache
+  [4/7] checking fs roots
+  [5/7] checking only csums items (without verifying data)
+  [6/7] checking root refs
+  [7/7] checking quota groups skipped (not enabled on this FS)
+  found 212992 bytes used, error(s) found
+  total csum bytes: 0
+  total tree bytes: 131072
+  total fs tree bytes: 32768
+  total extent tree bytes: 16384
+  btree space waste bytes: 124669
+  file data blocks allocated: 65536
+   referenced 65536
+
+So fix this by freeing the metadata extent if btrfs_insert_root() returns
+an error.
+
+CC: stable@vger.kernel.org # 4.4+
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/ioctl.c |   18 +++++++++++++++---
+ 1 file changed, 15 insertions(+), 3 deletions(-)
+
+--- a/fs/btrfs/ioctl.c
++++ b/fs/btrfs/ioctl.c
+@@ -656,8 +656,6 @@ static noinline int create_subvol(struct
+ 	btrfs_set_root_otransid(root_item, trans->transid);
+ 
+ 	btrfs_tree_unlock(leaf);
+-	free_extent_buffer(leaf);
+-	leaf = NULL;
+ 
+ 	btrfs_set_root_dirid(root_item, new_dirid);
+ 
+@@ -666,8 +664,22 @@ static noinline int create_subvol(struct
+ 	key.type = BTRFS_ROOT_ITEM_KEY;
+ 	ret = btrfs_insert_root(trans, fs_info->tree_root, &key,
+ 				root_item);
+-	if (ret)
++	if (ret) {
++		/*
++		 * Since we don't abort the transaction in this case, free the
++		 * tree block so that we don't leak space and leave the
++		 * filesystem in an inconsistent state (an extent item in the
++		 * extent tree without backreferences). Also no need to have
++		 * the tree block locked since it is not in any tree at this
++		 * point, so no other task can find it and use it.
++		 */
++		btrfs_free_tree_block(trans, root, leaf, 0, 1);
++		free_extent_buffer(leaf);
+ 		goto fail;
++	}
++
++	free_extent_buffer(leaf);
++	leaf = NULL;
+ 
+ 	key.offset = (u64)-1;
+ 	new_root = btrfs_read_fs_root_no_name(fs_info, &key);
diff --git a/queue-4.19/cifs-return-correct-error-code-from-smb2_get_enc_key.patch b/queue-4.19/cifs-return-correct-error-code-from-smb2_get_enc_key.patch
new file mode 100644
index 00000000000..db0252d37ee
--- /dev/null
+++ b/queue-4.19/cifs-return-correct-error-code-from-smb2_get_enc_key.patch
@@ -0,0 +1,50 @@
+From 83728cbf366e334301091d5b808add468ab46b27 Mon Sep 17 00:00:00 2001
+From: Paul Aurich <paul@darkrain42.org>
+Date: Tue, 13 Apr 2021 14:25:27 -0700
+Subject: cifs: Return correct error code from smb2_get_enc_key
+
+From: Paul Aurich <paul@darkrain42.org>
+
+commit 83728cbf366e334301091d5b808add468ab46b27 upstream.
+
+Avoid a warning if the error percolates back up:
+
+[440700.376476] CIFS VFS: \\otters.example.com crypt_message: Could not get encryption key
+[440700.386947] ------------[ cut here ]------------
+[440700.386948] err = 1
+[440700.386977] WARNING: CPU: 11 PID: 2733 at /build/linux-hwe-5.4-p6lk6L/linux-hwe-5.4-5.4.0/lib/errseq.c:74 errseq_set+0x5c/0x70
+...
+[440700.397304] CPU: 11 PID: 2733 Comm: tar Tainted: G           OE     5.4.0-70-generic #78~18.04.1-Ubuntu
+...
+[440700.397334] Call Trace:
+[440700.397346]  __filemap_set_wb_err+0x1a/0x70
+[440700.397419]  cifs_writepages+0x9c7/0xb30 [cifs]
+[440700.397426]  do_writepages+0x4b/0xe0
+[440700.397444]  __filemap_fdatawrite_range+0xcb/0x100
+[440700.397455]  filemap_write_and_wait+0x42/0xa0
+[440700.397486]  cifs_setattr+0x68b/0xf30 [cifs]
+[440700.397493]  notify_change+0x358/0x4a0
+[440700.397500]  utimes_common+0xe9/0x1c0
+[440700.397510]  do_utimes+0xc5/0x150
+[440700.397520]  __x64_sys_utimensat+0x88/0xd0
+
+Fixes: 61cfac6f267d ("CIFS: Fix possible use after free in demultiplex thread")
+Signed-off-by: Paul Aurich <paul@darkrain42.org>
+CC: stable@vger.kernel.org
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/smb2ops.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/cifs/smb2ops.c
++++ b/fs/cifs/smb2ops.c
+@@ -2700,7 +2700,7 @@ smb2_get_enc_key(struct TCP_Server_Info
+ 	}
+ 	spin_unlock(&cifs_tcp_ses_lock);
+ 
+-	return 1;
++	return -EAGAIN;
+ }
+ /*
+  * Encrypt or decrypt @rqst message. @rqst[0] has the following format:
diff --git a/queue-4.19/intel_th-pci-add-rocket-lake-cpu-support.patch b/queue-4.19/intel_th-pci-add-rocket-lake-cpu-support.patch
new file mode 100644
index 00000000000..b2fcf19ea3b
--- /dev/null
+++ b/queue-4.19/intel_th-pci-add-rocket-lake-cpu-support.patch
@@ -0,0 +1,35 @@
+From 9f7f2a5e01ab4ee56b6d9c0572536fe5fd56e376 Mon Sep 17 00:00:00 2001
+From: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Date: Wed, 14 Apr 2021 20:12:50 +0300
+Subject: intel_th: pci: Add Rocket Lake CPU support
+
+From: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+
+commit 9f7f2a5e01ab4ee56b6d9c0572536fe5fd56e376 upstream.
+
+This adds support for the Trace Hub in Rocket Lake CPUs.
+
+Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Cc: stable <stable@vger.kernel.org> # v4.14+
+Link: https://lore.kernel.org/r/20210414171251.14672-7-alexander.shishkin@linux.intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/hwtracing/intel_th/pci.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/hwtracing/intel_th/pci.c
++++ b/drivers/hwtracing/intel_th/pci.c
+@@ -240,6 +240,11 @@ static const struct pci_device_id intel_
+ 		PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x1bcc),
+ 		.driver_data = (kernel_ulong_t)&intel_th_2x,
+ 	},
++	{
++		/* Rocket Lake CPU */
++		PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x4c19),
++		.driver_data = (kernel_ulong_t)&intel_th_2x,
++	},
+ 	{ 0 },
+ };
+ 
diff --git a/queue-4.19/series b/queue-4.19/series
index 1fddff06392..7b1eb66bd82 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -16,3 +16,6 @@ mmc-block-issue-a-cache-flush-only-when-it-s-enabled.patch
 mmc-core-do-a-power-cycle-when-the-cmd11-fails.patch
 mmc-core-set-read-only-for-sd-cards-with-permanent-write-protect-bit.patch
 erofs-add-unsupported-inode-i_format-check.patch
+cifs-return-correct-error-code-from-smb2_get_enc_key.patch
+btrfs-fix-metadata-extent-leak-after-failure-to-create-subvolume.patch
+intel_th-pci-add-rocket-lake-cpu-support.patch
-- 
2.47.3