Home Home > GIT Browse > SLE12-SP3-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKernel Build Daemon <kbuild@suse.de>2019-04-18 07:00:15 +0200
committerKernel Build Daemon <kbuild@suse.de>2019-04-18 07:00:15 +0200
commit7cb8414f2ef8019dbcdc7c0ba4c96bf048100615 (patch)
treeb5358db397b0dced50defc7948205d68fed04b7c
parent8748a8b8c2418ebdf3ba50afd359e64fcb2208a8 (diff)
parentf78473b17078297e59d972f0ab739ff6073559a0 (diff)
Merge branch 'SLE12-SP3' into SLE12-SP3-AZURESLE12-SP3-AZURE
-rw-r--r--patches.arch/svm-avic-fix-invalidate-logical-apic-id-entry42
-rw-r--r--patches.fixes/CIFS-fix-POSIX-lock-leak-and-invalid-ptr-deref.patch148
-rw-r--r--patches.suse/btrfs-avoid-possible-qgroup_rsv_size-overflow-in-btrfs_calculate_inode_block_rsv_size.patch40
-rw-r--r--series.conf3
4 files changed, 233 insertions, 0 deletions
diff --git a/patches.arch/svm-avic-fix-invalidate-logical-apic-id-entry b/patches.arch/svm-avic-fix-invalidate-logical-apic-id-entry
new file mode 100644
index 0000000000..7d560b9e35
--- /dev/null
+++ b/patches.arch/svm-avic-fix-invalidate-logical-apic-id-entry
@@ -0,0 +1,42 @@
+From: "Suthikulpanit, Suravee" <Suravee.Suthikulpanit@amd.com>
+Date: Tue, 26 Mar 2019 03:57:37 +0000
+Subject: svm/avic: Fix invalidate logical APIC id entry
+Git-commit: e44e3eacccfd2294a1ce279f68452b1635d7fa82
+Patch-mainline: v5.1-rc6
+References: bsc#1132727
+
+Only clear the valid bit when invalidate logical APIC id entry.
+The current logic clear the valid bit, but also set the rest of
+the bits (including reserved bits) to 1.
+
+Fixes: 98d90582be2e ('svm: Fix AVIC DFR and LDR handling')
+Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Acked-by: Joerg Roedel <jroedel@suse.de>
+---
+ arch/x86/kvm/svm.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
+index d7b14c902052..933f19d840fe 100644
+--- a/arch/x86/kvm/svm.c
++++ b/arch/x86/kvm/svm.c
+@@ -262,6 +262,7 @@ struct amd_svm_iommu_ir {
+ };
+
+ #define AVIC_LOGICAL_ID_ENTRY_GUEST_PHYSICAL_ID_MASK (0xFF)
++#define AVIC_LOGICAL_ID_ENTRY_VALID_BIT 31
+ #define AVIC_LOGICAL_ID_ENTRY_VALID_MASK (1 << 31)
+
+ #define AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK (0xFFULL)
+@@ -4607,7 +4608,7 @@ static void avic_invalidate_logical_id_entry(struct kvm_vcpu *vcpu)
+ u32 *entry = avic_get_logical_id_entry(vcpu, svm->ldr_reg, flat);
+
+ if (entry)
+- WRITE_ONCE(*entry, (u32) ~AVIC_LOGICAL_ID_ENTRY_VALID_MASK);
++ clear_bit(AVIC_LOGICAL_ID_ENTRY_VALID_BIT, (unsigned long *)entry);
+ }
+
+ static int avic_handle_ldr_update(struct kvm_vcpu *vcpu)
+
diff --git a/patches.fixes/CIFS-fix-POSIX-lock-leak-and-invalid-ptr-deref.patch b/patches.fixes/CIFS-fix-POSIX-lock-leak-and-invalid-ptr-deref.patch
new file mode 100644
index 0000000000..39920ae48f
--- /dev/null
+++ b/patches.fixes/CIFS-fix-POSIX-lock-leak-and-invalid-ptr-deref.patch
@@ -0,0 +1,148 @@
+From bc31d0cdcfbadb6258b45db97e93b1c83822ba33 Mon Sep 17 00:00:00 2001
+From: Aurelien Aptel <aaptel@suse.com>
+Date: Thu, 14 Mar 2019 18:44:16 +0100
+Subject: [PATCH] CIFS: fix POSIX lock leak and invalid ptr deref
+Git-commit: bc31d0cdcfbadb6258b45db97e93b1c83822ba33
+Patch-mainline: v5.1-rc1
+References: bsc#1114542
+
+We have a customer reporting crashes in lock_get_status() with many
+"Leaked POSIX lock" messages preceeding the crash.
+
+ Leaked POSIX lock on dev=0x0:0x56 ...
+ Leaked POSIX lock on dev=0x0:0x56 ...
+ Leaked POSIX lock on dev=0x0:0x56 ...
+ Leaked POSIX lock on dev=0x0:0x53 ...
+ Leaked POSIX lock on dev=0x0:0x53 ...
+ Leaked POSIX lock on dev=0x0:0x53 ...
+ Leaked POSIX lock on dev=0x0:0x53 ...
+ POSIX: fl_owner=ffff8900e7b79380 fl_flags=0x1 fl_type=0x1 fl_pid=20709
+ Leaked POSIX lock on dev=0x0:0x4b ino...
+ Leaked locks on dev=0x0:0x4b ino=0xf911400000029:
+ POSIX: fl_owner=ffff89f41c870e00 fl_flags=0x1 fl_type=0x1 fl_pid=19592
+ stack segment: 0000 [#1] SMP
+ Modules linked in: binfmt_misc msr tcp_diag udp_diag inet_diag unix_diag af_packet_diag netlink_diag rpcsec_gss_krb5 arc4 ecb auth_rpcgss nfsv4 md4 nfs nls_utf8 lockd grace cifs sunrpc ccm dns_resolver fscache af_packet iscsi_ibft iscsi_boot_sysfs vmw_vsock_vmci_transport vsock xfs libcrc32c sb_edac edac_core crct10dif_pclmul crc32_pclmul ghash_clmulni_intel drbg ansi_cprng vmw_balloon aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd joydev pcspkr vmxnet3 i2c_piix4 vmw_vmci shpchp fjes processor button ac btrfs xor raid6_pq sr_mod cdrom ata_generic sd_mod ata_piix vmwgfx crc32c_intel drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm serio_raw ahci libahci drm libata vmw_pvscsi sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua scsi_mod autofs4
+
+ Supported: Yes
+ CPU: 6 PID: 28250 Comm: lsof Not tainted 4.4.156-94.64-default #1
+ Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/05/2016
+ task: ffff88a345f28740 ti: ffff88c74005c000 task.ti: ffff88c74005c000
+ RIP: 0010:[<ffffffff8125dcab>] [<ffffffff8125dcab>] lock_get_status+0x9b/0x3b0
+ RSP: 0018:ffff88c74005fd90 EFLAGS: 00010202
+ RAX: ffff89bde83e20ae RBX: ffff89e870003d18 RCX: 0000000049534f50
+ RDX: ffffffff81a3541f RSI: ffffffff81a3544e RDI: ffff89bde83e20ae
+ RBP: 0026252423222120 R08: 0000000020584953 R09: 000000000000ffff
+ R10: 0000000000000000 R11: ffff88c74005fc70 R12: ffff89e5ca7b1340
+ R13: 00000000000050e5 R14: ffff89e870003d30 R15: ffff89e5ca7b1340
+ FS: 00007fafd64be800(0000) GS:ffff89f41fd00000(0000) knlGS:0000000000000000
+ CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ CR2: 0000000001c80018 CR3: 000000a522048000 CR4: 0000000000360670
+ DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+ DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+ Stack:
+ 0000000000000208 ffffffff81a3d6b6 ffff89e870003d30 ffff89e870003d18
+ ffff89e5ca7b1340 ffff89f41738d7c0 ffff89e870003d30 ffff89e5ca7b1340
+ ffffffff8125e08f 0000000000000000 ffff89bc22b67d00 ffff88c74005ff28
+ Call Trace:
+ [<ffffffff8125e08f>] locks_show+0x2f/0x70
+ [<ffffffff81230ad1>] seq_read+0x251/0x3a0
+ [<ffffffff81275bbc>] proc_reg_read+0x3c/0x70
+ [<ffffffff8120e456>] __vfs_read+0x26/0x140
+ [<ffffffff8120e9da>] vfs_read+0x7a/0x120
+ [<ffffffff8120faf2>] SyS_read+0x42/0xa0
+ [<ffffffff8161cbc3>] entry_SYSCALL_64_fastpath+0x1e/0xb7
+
+When Linux closes a FD (close(), close-on-exec, dup2(), ...) it calls
+filp_close() which also removes all posix locks.
+
+The lock struct is initialized like so in filp_close() and passed
+down to cifs
+
+ ...
+ lock.fl_type = F_UNLCK;
+ lock.fl_flags = FL_POSIX | FL_CLOSE;
+ lock.fl_start = 0;
+ lock.fl_end = OFFSET_MAX;
+ ...
+
+Note the FL_CLOSE flag, which hints the VFS code that this unlocking
+is done for closing the fd.
+
+filp_close()
+ locks_remove_posix(filp, id);
+ vfs_lock_file(filp, F_SETLK, &lock, NULL);
+ return filp->f_op->lock(filp, cmd, fl) => cifs_lock()
+ rc = cifs_setlk(file, flock, type, wait_flag, posix_lck, lock, unlock, xid);
+ rc = server->ops->mand_unlock_range(cfile, flock, xid);
+ if (flock->fl_flags & FL_POSIX && !rc)
+ rc = locks_lock_file_wait(file, flock)
+
+Notice how we don't call locks_lock_file_wait() which does the
+generic VFS lock/unlock/wait work on the inode if rc != 0.
+
+If we are closing the handle, the SMB server is supposed to remove any
+locks associated with it. Similarly, cifs.ko frees and wakes up any
+lock and lock waiter when closing the file:
+
+cifs_close()
+ cifsFileInfo_put(file->private_data)
+ /*
+ * Delete any outstanding lock records. We'll lose them when the file
+ * is closed anyway.
+ */
+ down_write(&cifsi->lock_sem);
+ list_for_each_entry_safe(li, tmp, &cifs_file->llist->locks, llist) {
+ list_del(&li->llist);
+ cifs_del_lock_waiters(li);
+ kfree(li);
+ }
+ list_del(&cifs_file->llist->llist);
+ kfree(cifs_file->llist);
+ up_write(&cifsi->lock_sem);
+
+So we can safely ignore unlocking failures in cifs_lock() if they
+happen with the FL_CLOSE flag hint set as both the server and the
+client take care of it during the actual closing.
+
+This is not a proper fix for the unlocking failure but it's safe and
+it seems to prevent the lock leakages and crashes the customer
+experiences.
+
+Signed-off-by: Aurelien Aptel <aaptel@suse.com>
+Signed-off-by: NeilBrown <neil@brown.name>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Acked-by: Pavel Shilovsky <pshilov@microsoft.com>
+Acked-by: Paulo Alcantara <palcantara@suse.de>
+---
+ fs/cifs/file.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/fs/cifs/file.c b/fs/cifs/file.c
+index 4c144c1f50eb..2a6d20c0ce02 100644
+--- a/fs/cifs/file.c
++++ b/fs/cifs/file.c
+@@ -1645,8 +1645,20 @@ cifs_setlk(struct file *file, struct file_lock *flock, __u32 type,
+ rc = server->ops->mand_unlock_range(cfile, flock, xid);
+
+ out:
+- if (flock->fl_flags & FL_POSIX && !rc)
++ if (flock->fl_flags & FL_POSIX) {
++ /*
++ * If this is a request to remove all locks because we
++ * are closing the file, it doesn't matter if the
++ * unlocking failed as both cifs.ko and the SMB server
++ * remove the lock on file close
++ */
++ if (rc) {
++ cifs_dbg(VFS, "%s failed rc=%d\n", __func__, rc);
++ if (!(flock->fl_flags & FL_CLOSE))
++ return rc;
++ }
+ rc = locks_lock_file_wait(file, flock);
++ }
+ return rc;
+ }
+
+--
+2.21.0
+
diff --git a/patches.suse/btrfs-avoid-possible-qgroup_rsv_size-overflow-in-btrfs_calculate_inode_block_rsv_size.patch b/patches.suse/btrfs-avoid-possible-qgroup_rsv_size-overflow-in-btrfs_calculate_inode_block_rsv_size.patch
new file mode 100644
index 0000000000..41776f0acf
--- /dev/null
+++ b/patches.suse/btrfs-avoid-possible-qgroup_rsv_size-overflow-in-btrfs_calculate_inode_block_rsv_size.patch
@@ -0,0 +1,40 @@
+From: Nikolay Borisov <nborisov@suse.com>
+Date: Mon, 18 Mar 2019 17:45:20 +0200
+Subject: btrfs: Avoid possible qgroup_rsv_size overflow in
+ btrfs_calculate_inode_block_rsv_size
+Git-commit: 139a56170de67101791d6e6c8e940c6328393fe9
+Patch-mainline: v5.1-rc3
+References: git-fixes
+
+qgroup_rsv_size is calculated as the product of
+outstanding_extent * fs_info->nodesize. The product is calculated with
+32 bit precision since both variables are defined as u32. Yet
+qgroup_rsv_size expects a 64 bit result.
+
+Avoid possible multiplication overflow by casting outstanding_extent to
+u64. Such overflow would in the worst case (64K nodesize) require more
+than 65536 extents, which is quite large and i'ts not likely that it
+would happen in practice.
+
+Fixes-coverity-id: 1435101
+Fixes: ff6bc37eb7f6 ("btrfs: qgroup: Use independent and accurate per inode qgroup rsv")
+CC: stable@vger.kernel.org # 4.19+
+Reviewed-by: Qu Wenruo <wqu@suse.com>
+Signed-off-by: Nikolay Borisov <nborisov@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+---
+ fs/btrfs/extent-tree.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/btrfs/extent-tree.c
++++ b/fs/btrfs/extent-tree.c
+@@ -6032,7 +6032,7 @@ static void btrfs_calculate_inode_block_
+ *
+ * This is overestimating in most cases.
+ */
+- qgroup_rsv_size = outstanding_extents * fs_info->tree_root->nodesize;
++ qgroup_rsv_size = (u64)outstanding_extents * fs_info->tree_root->nodesize;
+
+ spin_lock(&block_rsv->lock);
+ block_rsv->size = reserve_size;
diff --git a/series.conf b/series.conf
index 6aa2c1cac9..898e4aa9db 100644
--- a/series.conf
+++ b/series.conf
@@ -25108,12 +25108,14 @@
patches.arch/kvm-nvmx-apply-addr-size-mask-to-effective-address-for-vmx-instructions
patches.arch/kvm-call-kvm_arch_memslots_updated-before-updating-memslots
patches.arch/kvm-x86-mmu-do-not-cache-mmio-accesses-while-memslots-are-in-flux
+ patches.fixes/CIFS-fix-POSIX-lock-leak-and-invalid-ptr-deref.patch
patches.fixes/perf-x86-intel-fix-memory-corruption.patch
patches.drivers/iommu-amd-fix-sg-dma_address-for-sg-offset-bigger-than-page_size
patches.drivers/iommu-vt-d-check-capability-before-disabling-protected-memory
patches.arch/powerpc-vdso64-Fix-CLOCK_MONOTONIC-inconsistencies-a.patch
patches.arch/powerpc-security-Fix-spectre_v2-reporting.patch
patches.drivers/ibmvscsi-Fix-empty-event-pool-access-during-host-rem.patch
+ patches.suse/btrfs-avoid-possible-qgroup_rsv_size-overflow-in-btrfs_calculate_inode_block_rsv_size.patch
patches.fixes/NFS-fix-mount-umount-race-in-nlmclnt.patch
patches.drivers/iommu-don-t-print-warning-when-iommu-driver-only-supports-unmanaged-domains
patches.drivers/iommu-amd-reserve-exclusion-range-in-iova-domain
@@ -25130,6 +25132,7 @@
patches.drivers/tpm-Fix-the-type-of-the-return-value-in-calc_tpm2_ev.patch
patches.drivers/iommu-amd-set-exclusion-range-correctly
patches.arch/powerpc-vdso32-fix-CLOCK_MONOTONIC-on-PPC64.patch
+ patches.arch/svm-avic-fix-invalidate-logical-apic-id-entry
# davem/net
patches.drivers/ibmvnic-Enable-GRO.patch