Home Home > GIT Browse > SLE12-SP3-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKernel Build Daemon <kbuild@suse.de>2019-05-23 07:00:15 +0200
committerKernel Build Daemon <kbuild@suse.de>2019-05-23 07:00:15 +0200
commit881585471e3e67e2f7676656785bb4e3bedb5629 (patch)
tree42bedb65b770d23e028ab553d4dbe057f8c8fc5c
parent5bf998f2f3052d2f5c0393538e5b3f7ec230630a (diff)
parent5739ee56c9d6e64d011cd24360ae84cc6aadf17d (diff)
Merge branch 'SLE12-SP3' into SLE12-SP3-AZURESLE12-SP3-AZURE
-rw-r--r--patches.drivers/nvme-Don-t-allow-to-reset-a-reconnecting-controller.patch35
-rw-r--r--patches.fixes/ext4-zero-out-the-unused-memory-region-in-the-extent.patch87
-rw-r--r--series.conf2
3 files changed, 124 insertions, 0 deletions
diff --git a/patches.drivers/nvme-Don-t-allow-to-reset-a-reconnecting-controller.patch b/patches.drivers/nvme-Don-t-allow-to-reset-a-reconnecting-controller.patch
new file mode 100644
index 0000000000..7d4e623055
--- /dev/null
+++ b/patches.drivers/nvme-Don-t-allow-to-reset-a-reconnecting-controller.patch
@@ -0,0 +1,35 @@
+From: Sagi Grimberg <sagi@grimberg.me>
+Date: Thu, 4 May 2017 13:33:12 +0300
+Subject: nvme: Don't allow to reset a reconnecting controller
+Patch-mainline: v4.13-rc1
+Git-commit: c58bd1bf4d46a020b7a1aa0710bca8191d789caa
+References: bsc#1133874
+
+The reset operation is guaranteed to fail for all scenarios
+but the esoteric case where in the last reconnect attempt
+concurrent with the reset we happen to successfully reconnect.
+
+We just deny initiating a reset if we are reconnecting.
+
+Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
+---
+ drivers/nvme/host/core.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
+index 75a865d6719c..80902de33684 100644
+--- a/drivers/nvme/host/core.c
++++ b/drivers/nvme/host/core.c
+@@ -157,7 +157,6 @@ bool nvme_change_ctrl_state(struct nvme_ctrl *ctrl,
+ switch (old_state) {
+ case NVME_CTRL_NEW:
+ case NVME_CTRL_LIVE:
+- case NVME_CTRL_RECONNECTING:
+ changed = true;
+ /* FALLTHRU */
+ default:
+--
+2.12.3
+
diff --git a/patches.fixes/ext4-zero-out-the-unused-memory-region-in-the-extent.patch b/patches.fixes/ext4-zero-out-the-unused-memory-region-in-the-extent.patch
new file mode 100644
index 0000000000..cfdb379450
--- /dev/null
+++ b/patches.fixes/ext4-zero-out-the-unused-memory-region-in-the-extent.patch
@@ -0,0 +1,87 @@
+From 592acbf16821288ecdc4192c47e3774a4c48bb64 Mon Sep 17 00:00:00 2001
+From: Sriram Rajagopalan <sriramr@arista.com>
+Date: Fri, 10 May 2019 19:28:06 -0400
+Subject: [PATCH] ext4: zero out the unused memory region in the extent tree
+ block
+Git-commit: 592acbf16821288ecdc4192c47e3774a4c48bb64
+Patch-mainline: v5.2-rc1
+References: bsc#1135281 CVE-2019-11833
+
+This commit zeroes out the unused memory region in the buffer_head
+corresponding to the extent metablock after writing the extent header
+and the corresponding extent node entries.
+
+This is done to prevent random uninitialized data from getting into
+the filesystem when the extent block is synced.
+
+This fixes CVE-2019-11833.
+
+Signed-off-by: Sriram Rajagopalan <sriramr@arista.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Cc: stable@kernel.org
+Acked-by: Jan Kara <jack@suse.cz>
+
+---
+ fs/ext4/extents.c | 17 +++++++++++++++--
+ 1 file changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
+index 0f89f5190cd7..f2c62e2a0c98 100644
+--- a/fs/ext4/extents.c
++++ b/fs/ext4/extents.c
+@@ -1035,6 +1035,7 @@ static int ext4_ext_split(handle_t *handle, struct inode *inode,
+ __le32 border;
+ ext4_fsblk_t *ablocks = NULL; /* array of allocated blocks */
+ int err = 0;
++ size_t ext_size = 0;
+
+ /* make decision: where to split? */
+ /* FIXME: now decision is simplest: at current extent */
+@@ -1126,6 +1127,10 @@ static int ext4_ext_split(handle_t *handle, struct inode *inode,
+ le16_add_cpu(&neh->eh_entries, m);
+ }
+
++ /* zero out unused area in the extent block */
++ ext_size = sizeof(struct ext4_extent_header) +
++ sizeof(struct ext4_extent) * le16_to_cpu(neh->eh_entries);
++ memset(bh->b_data + ext_size, 0, inode->i_sb->s_blocksize - ext_size);
+ ext4_extent_block_csum_set(inode, neh);
+ set_buffer_uptodate(bh);
+ unlock_buffer(bh);
+@@ -1205,6 +1210,11 @@ static int ext4_ext_split(handle_t *handle, struct inode *inode,
+ sizeof(struct ext4_extent_idx) * m);
+ le16_add_cpu(&neh->eh_entries, m);
+ }
++ /* zero out unused area in the extent block */
++ ext_size = sizeof(struct ext4_extent_header) +
++ (sizeof(struct ext4_extent) * le16_to_cpu(neh->eh_entries));
++ memset(bh->b_data + ext_size, 0,
++ inode->i_sb->s_blocksize - ext_size);
+ ext4_extent_block_csum_set(inode, neh);
+ set_buffer_uptodate(bh);
+ unlock_buffer(bh);
+@@ -1270,6 +1280,7 @@ static int ext4_ext_grow_indepth(handle_t *handle, struct inode *inode,
+ ext4_fsblk_t newblock, goal = 0;
+ struct ext4_super_block *es = EXT4_SB(inode->i_sb)->s_es;
+ int err = 0;
++ size_t ext_size = 0;
+
+ /* Try to prepend new index to old one */
+ if (ext_depth(inode))
+@@ -1295,9 +1306,11 @@ static int ext4_ext_grow_indepth(handle_t *handle, struct inode *inode,
+ goto out;
+ }
+
++ ext_size = sizeof(EXT4_I(inode)->i_data);
+ /* move top-level index/leaf into new block */
+- memmove(bh->b_data, EXT4_I(inode)->i_data,
+- sizeof(EXT4_I(inode)->i_data));
++ memmove(bh->b_data, EXT4_I(inode)->i_data, ext_size);
++ /* zero out unused area in the extent block */
++ memset(bh->b_data + ext_size, 0, inode->i_sb->s_blocksize - ext_size);
+
+ /* set size of new block */
+ neh = ext_block_hdr(bh);
+--
+2.16.4
+
diff --git a/series.conf b/series.conf
index 471f79594e..c06d890d42 100644
--- a/series.conf
+++ b/series.conf
@@ -21959,6 +21959,7 @@
patches.fixes/iommu-amd-fix-interrupt-remapping-when-disable-guest_mode
patches.suse/loop-Remove-unused-bdev-argument-from-loop_set_capac.patch
patches.drivers/nvme-rdma-make-nvme_rdma_-create-destroy-_queue_ib-s.patch
+ patches.drivers/nvme-Don-t-allow-to-reset-a-reconnecting-controller.patch
patches.drivers/nvme-pci-Remove-watchdog-timer.patch
patches.drivers/0451-scatterlist-add-sg_zero_buffer-helper.patch
patches.drivers/0452-nvmet-use-NVME_IDENTIFY_DATA_SIZE.patch
@@ -25551,6 +25552,7 @@
patches.fixes/0001-PCI-Mark-Atheros-AR9462-to-avoid-bus-reset.patch
patches.fixes/0001-backlight-lm3630a-Return-0-on-success-in-update_stat.patch
patches.fixes/0003-drm-bridge-adv7511-Fix-low-refresh-rate-selection.patch
+ patches.fixes/ext4-zero-out-the-unused-memory-region-in-the-extent.patch
# out-of-tree patches
patches.kabi/0001-move-power_up_on_resume-flag-to-end-of-structure-for.patch