From 97fcd8f346eb7de8a988006fab24e375ad9c7504 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Wed, 7 Oct 2020 09:40:15 +0100 Subject: Fix aarch64 boot crash on BTI capable systems --- ...m64-Use-x16-with-indirect-branch-to-bti_c.patch | 149 +++++++++++++++++++++ kernel.spec | 5 + 2 files changed, 154 insertions(+) create mode 100644 arm64-BUG-crypto-arm64-Use-x16-with-indirect-branch-to-bti_c.patch diff --git a/arm64-BUG-crypto-arm64-Use-x16-with-indirect-branch-to-bti_c.patch b/arm64-BUG-crypto-arm64-Use-x16-with-indirect-branch-to-bti_c.patch new file mode 100644 index 000000000..4cc11ce37 --- /dev/null +++ b/arm64-BUG-crypto-arm64-Use-x16-with-indirect-branch-to-bti_c.patch @@ -0,0 +1,149 @@ +From patchwork Tue Oct 6 16:33:26 2020 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +X-Patchwork-Submitter: Jeremy Linton +X-Patchwork-Id: 11818995 +Return-Path: + +Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org + [172.30.200.123]) + by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 90CE859D + for ; + Tue, 6 Oct 2020 16:35:07 +0000 (UTC) +Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) + (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) + (No client certificate requested) + by mail.kernel.org (Postfix) with ESMTPS id 5D82E206D4 + for ; + Tue, 6 Oct 2020 16:35:07 +0000 (UTC) +Authentication-Results: mail.kernel.org; + dkim=pass (2048-bit key) header.d=lists.infradead.org + header.i=@lists.infradead.org header.b="f/oUq3JQ" +DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5D82E206D4 +Authentication-Results: mail.kernel.org; + dmarc=fail (p=none dis=none) header.from=arm.com +Authentication-Results: mail.kernel.org; + spf=none + smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; + d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: + Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: + List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: + Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender + :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; + bh=zNs0I+g5JjqBvhvT5+mF98XNJ/hK7N5NCEi/ndGYagE=; b=f/oUq3JQxCkOkX7IQrzLh7mHuM + vBXmyTI3BhMnGo6oaWvcF/dYeUpO4wAmEHlqyFf6zHzUv8Gwtm5IDH4l0csTqkTEYUdkwD6A9MGX2 + RHpylWVrErZCvcV4kRqENP+0w7j8Ry+ZE4+NZZFcUB/ecGYhJxD3/4Gc5ycmENUkRIAsJrQOPWW+b + SIKpmegcjtJ1AIv7+Y+7II37IhmF579qQoghCSgFaGp6WAEIv80wcrswEnEDc9nsbBMIC1XjlN6g3 + 8PclJ+oXlsNPMLkhu1gJclvRBWzN3OjXVvwAvQuLBW2CqpdTxvYIE6g26kpEbUdGOVaGlieYcN0pd + RrspfWkQ==; +Received: from localhost ([::1] helo=merlin.infradead.org) + by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) + id 1kPpu9-0007rB-Rx; Tue, 06 Oct 2020 16:33:33 +0000 +Received: from foss.arm.com ([217.140.110.172]) + by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) + id 1kPpu6-0007qe-MX + for linux-arm-kernel@lists.infradead.org; Tue, 06 Oct 2020 16:33:31 +0000 +Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) + by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 69DBBD6E; + Tue, 6 Oct 2020 09:33:27 -0700 (PDT) +Received: from mammon-tx2.austin.arm.com (mammon-tx2.austin.arm.com + [10.118.28.62]) + by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 608393F66B; + Tue, 6 Oct 2020 09:33:27 -0700 (PDT) +From: Jeremy Linton +To: linux-arm-kernel@lists.infradead.org +Subject: [BUG][PATCH v3] crypto: arm64: Use x16 with indirect branch to bti_c +Date: Tue, 6 Oct 2020 11:33:26 -0500 +Message-Id: <20201006163326.2780619-1-jeremy.linton@arm.com> +X-Mailer: git-send-email 2.25.4 +MIME-Version: 1.0 +X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 +X-CRM114-CacheID: sfid-20201006_123330_788327_AA367CD9 +X-CRM114-Status: GOOD ( 11.54 ) +X-Spam-Score: -2.3 (--) +X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: + Content analysis details: (-2.3 points) + pts rule name description + ---- ---------------------- + -------------------------------------------------- + -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, + medium trust [217.140.110.172 listed in list.dnswl.org] + -0.0 SPF_PASS SPF: sender matches SPF record + 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record +X-BeenThere: linux-arm-kernel@lists.infradead.org +X-Mailman-Version: 2.1.29 +Precedence: list +List-Id: +List-Unsubscribe: + , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: + , + +Cc: herbert@gondor.apana.org.au, catalin.marinas@arm.com, + linux-kernel@vger.kernel.org, Jeremy Linton , + ardb@kernel.org, broonie@kernel.org, linux-crypto@vger.kernel.org, + will@kernel.org, davem@davemloft.net, dave.martin@arm.com +Sender: "linux-arm-kernel" +Errors-To: + linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org + +The AES code uses a 'br x7' as part of a function called by +a macro. That branch needs a bti_j as a target. This results +in a panic as seen below. Using x16 (or x17) with an indirect +branch keeps the target bti_c. + + Bad mode in Synchronous Abort handler detected on CPU1, code 0x34000003 -- BTI + CPU: 1 PID: 265 Comm: cryptomgr_test Not tainted 5.8.11-300.fc33.aarch64 #1 + pstate: 20400c05 (nzCv daif +PAN -UAO BTYPE=j-) + pc : aesbs_encrypt8+0x0/0x5f0 [aes_neon_bs] + lr : aesbs_xts_encrypt+0x48/0xe0 [aes_neon_bs] + sp : ffff80001052b730 + + aesbs_encrypt8+0x0/0x5f0 [aes_neon_bs] + __xts_crypt+0xb0/0x2dc [aes_neon_bs] + xts_encrypt+0x28/0x3c [aes_neon_bs] + crypto_skcipher_encrypt+0x50/0x84 + simd_skcipher_encrypt+0xc8/0xe0 + crypto_skcipher_encrypt+0x50/0x84 + test_skcipher_vec_cfg+0x224/0x5f0 + test_skcipher+0xbc/0x120 + alg_test_skcipher+0xa0/0x1b0 + alg_test+0x3dc/0x47c + cryptomgr_test+0x38/0x60 + +Fixes: 0e89640b640d ("crypto: arm64 - Use modern annotations for assembly functions") +Signed-off-by: Jeremy Linton +Reviewed-by: Ard Biesheuvel +Reviewed-by: Mark Brown +--- + arch/arm64/crypto/aes-neonbs-core.S | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/arm64/crypto/aes-neonbs-core.S b/arch/arm64/crypto/aes-neonbs-core.S +index b357164379f6..63a52ad9a75c 100644 +--- a/arch/arm64/crypto/aes-neonbs-core.S ++++ b/arch/arm64/crypto/aes-neonbs-core.S +@@ -788,7 +788,7 @@ SYM_FUNC_START_LOCAL(__xts_crypt8) + + 0: mov bskey, x21 + mov rounds, x22 +- br x7 ++ br x16 + SYM_FUNC_END(__xts_crypt8) + + .macro __xts_crypt, do8, o0, o1, o2, o3, o4, o5, o6, o7 +@@ -806,7 +806,7 @@ SYM_FUNC_END(__xts_crypt8) + uzp1 v30.4s, v30.4s, v25.4s + ld1 {v25.16b}, [x24] + +-99: adr x7, \do8 ++99: adr x16, \do8 + bl __xts_crypt8 + + ldp q16, q17, [sp, #.Lframe_local_offset] diff --git a/kernel.spec b/kernel.spec index a86ce04b5..604ae9922 100644 --- a/kernel.spec +++ b/kernel.spec @@ -884,6 +884,8 @@ Patch117: arm64-pwm-rockchip-Keep-enabled-PWMs-running-while-probing.patch # Backport from 5.9 Patch118: arm64-rockchip-pinebookpro-add-fuel-gauge.patch +# https://patchwork.kernel.org/patch/11818995 +Patch121: arm64-BUG-crypto-arm64-Use-x16-with-indirect-branch-to-bti_c.patch # END OF PATCH DEFINITIONS %endif @@ -2997,6 +2999,9 @@ fi # # %changelog +* Wed Oct 7 2020 Peter Robinson +- Fix aarch64 boot crash on BTI capable systems + * Thu Oct 1 12:09:13 CDT 2020 Justin M. Forbes - 5.8.13-200 - Linux v5.8.13 -- cgit From 8f59ee3302480d41b414891e8fe4417996c3c674 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Wed, 7 Oct 2020 09:42:30 +0100 Subject: Fix boot crash on aarch64 Ampere eMAG systems (rhbz #1874117) --- ...f-xgene_pmu-Fix-uninitialized-resource-st.patch | 128 +++++++++++---------- kernel.spec | 1 + 2 files changed, 71 insertions(+), 58 deletions(-) diff --git a/0001-drivers-perf-xgene_pmu-Fix-uninitialized-resource-st.patch b/0001-drivers-perf-xgene_pmu-Fix-uninitialized-resource-st.patch index ddd1bb26b..00975ae46 100644 --- a/0001-drivers-perf-xgene_pmu-Fix-uninitialized-resource-st.patch +++ b/0001-drivers-perf-xgene_pmu-Fix-uninitialized-resource-st.patch @@ -1,45 +1,15 @@ -From 68912566d659046b12b02e5a316af3760e08eab8 Mon Sep 17 00:00:00 2001 -From: Fedora Kernel Team -Date: Tue, 1 Sep 2020 18:44:00 -0400 +From b0697932d03bd78bd4db6466939680c0fbdd8589 Mon Sep 17 00:00:00 2001 +From: Mark Salter +Date: Tue, 15 Sep 2020 16:41:09 -0400 Subject: [PATCH] drivers/perf: xgene_pmu: Fix uninitialized resource struct This splat was reported on newer Fedora kernels booting on certain -Ampere machines: +X-gene based machines: xgene-pmu APMC0D83:00: X-Gene PMU version 3 - Unable to handle kernel read from unreadable memory at virtual address 0000000000004006 - Mem abort info: - ESR = 0x96000004 - EC = 0x25: DABT (current EL), IL = 32 bits - SET = 0, FnV = 0 - EA = 0, S1PTW = 0 - Data abort info: - ISV = 0, ISS = 0x00000004 - CM = 0, WnR = 0 - [0000000000004006] user address but active_mm is swapper - Internal error: Oops: 96000004 [#1] SMP - Modules linked in: - CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.8.3-300.fc33.aarch64 #1 - Hardware name: Lenovo HR350A 7X35CTO1WW /HR350A , BIOS HVE104N-1.12 11/29/2019 - pstate: 00400005 (nzcv daif +PAN -UAO BTYPE=--) - pc : string+0x50/0x100 - lr : vsnprintf+0x160/0x750 - sp : ffff800012b4b760 - x29: ffff800012b4b760 x28: 000000000000000c - x27: ffff8000113610d5 x26: ffff8000113610d5 - x25: 0000000000000020 x24: 0000000000000000 - x23: 00000000ffffffe8 x22: ffff800010f8e628 - x21: ffff800012b4b8f0 x20: 0000000000000000 - x19: 0000000000000000 x18: 00000000fffffffc - x17: 000000000000002d x16: 0000000000000001 - x15: 0000000000000020 x14: 0000000000000000 - x13: 0000000000000000 x12: 071c71c71c71c71c - x11: 00000000ffffff76 x10: ffff800012b4b8f0 - x9 : ffff8000109e97d8 x8 : 00000000ffffffff - x7 : 000000000000000b x6 : 0000000000000000 - x5 : 0000000000000000 x4 : 0000000000000000 - x3 : ffff0a00ffffff04 x2 : 0000000000004006 - x1 : ffffffffffffffff x0 : 000000000000000c + Unable to handle kernel read from unreadable memory at virtual \ + address 0000000000004006 + ... Call trace: string+0x50/0x100 vsnprintf+0x160/0x750 @@ -72,38 +42,80 @@ Ampere machines: ret_from_fork+0x10/0x18 Code: 91000400 110004e1 eb08009f 540000c0 (38646846) ---[ end trace f08c10566496a703 ]--- - Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b - SMP: stopping secondary CPUs - Kernel Offset: 0x40000 from 0xffff800010000000 - PHYS_OFFSET: 0x80000000 - CPU features: 0x240002,20802008 - Memory Limit: none -This was due to a local struct resource variable in acpi_get_pmu_hw_inf(). -A pointer to that struct makes it's way to __devm_ioremap_resource() -where the name field is passed to devm_kasprintf() and dereferenced. -The struct was never initialized, so the name pointer is whatever -happened to be on the stack. This has been the case since the original -checkin of xgene_pmu.c, but it was a recent change to which added the -use of the name field. +This is due to use of an uninitialized local resource struct in the xgene +pmu driver. The thunderx2_pmu driver avoids this by using the resource list +constructed by acpi_dev_get_resources() rather than using a callback from +that function. The callback in the xgene driver didn't fully initialize +the resource. So get rid of the callback and search the resource list as +done by thunderx2. +Fixes: 832c927d119b ("perf: xgene: Add APM X-Gene SoC Performance Monitoring Unit driver") Signed-off-by: Mark Salter +Link: https://lore.kernel.org/r/20200915204110.326138-1-msalter@redhat.com +Signed-off-by: Will Deacon --- - drivers/perf/xgene_pmu.c | 1 + - 1 file changed, 1 insertion(+) + drivers/perf/xgene_pmu.c | 32 +++++++++++++++++--------------- + 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/drivers/perf/xgene_pmu.c b/drivers/perf/xgene_pmu.c -index edac28c..fdbbd08 100644 +index edac28cd25dd..633cf07ba672 100644 --- a/drivers/perf/xgene_pmu.c +++ b/drivers/perf/xgene_pmu.c -@@ -1483,6 +1483,7 @@ xgene_pmu_dev_ctx *acpi_get_pmu_hw_inf(struct xgene_pmu *xgene_pmu, +@@ -1453,17 +1453,6 @@ static char *xgene_pmu_dev_name(struct device *dev, u32 type, int id) + } + + #if defined(CONFIG_ACPI) +-static int acpi_pmu_dev_add_resource(struct acpi_resource *ares, void *data) +-{ +- struct resource *res = data; +- +- if (ares->type == ACPI_RESOURCE_TYPE_FIXED_MEMORY32) +- acpi_dev_resource_memory(ares, res); +- +- /* Always tell the ACPI core to skip this resource */ +- return 1; +-} +- + static struct + xgene_pmu_dev_ctx *acpi_get_pmu_hw_inf(struct xgene_pmu *xgene_pmu, + struct acpi_device *adev, u32 type) +@@ -1475,6 +1464,7 @@ xgene_pmu_dev_ctx *acpi_get_pmu_hw_inf(struct xgene_pmu *xgene_pmu, + struct hw_pmu_info *inf; + void __iomem *dev_csr; + struct resource res; ++ struct resource_entry *rentry; + int enable_bit; + int rc; + +@@ -1483,11 +1473,23 @@ xgene_pmu_dev_ctx *acpi_get_pmu_hw_inf(struct xgene_pmu *xgene_pmu, return NULL; INIT_LIST_HEAD(&resource_list); -+ memset(&res, 0, sizeof(res)); - rc = acpi_dev_get_resources(adev, &resource_list, - acpi_pmu_dev_add_resource, &res); +- rc = acpi_dev_get_resources(adev, &resource_list, +- acpi_pmu_dev_add_resource, &res); ++ rc = acpi_dev_get_resources(adev, &resource_list, NULL, NULL); ++ if (rc <= 0) { ++ dev_err(dev, "PMU type %d: No resources found\n", type); ++ return NULL; ++ } ++ ++ list_for_each_entry(rentry, &resource_list, node) { ++ if (resource_type(rentry->res) == IORESOURCE_MEM) { ++ res = *rentry->res; ++ rentry = NULL; ++ break; ++ } ++ } acpi_dev_free_resource_list(&resource_list); +- if (rc < 0) { +- dev_err(dev, "PMU type %d: No resource address found\n", type); ++ ++ if (rentry) { ++ dev_err(dev, "PMU type %d: No memory resource found\n", type); + return NULL; + } + -- -2.26.0 +2.26.2 diff --git a/kernel.spec b/kernel.spec index 604ae9922..542a37dca 100644 --- a/kernel.spec +++ b/kernel.spec @@ -3001,6 +3001,7 @@ fi %changelog * Wed Oct 7 2020 Peter Robinson - Fix aarch64 boot crash on BTI capable systems +- Fix boot crash on aarch64 Ampere eMAG systems (rhbz #1874117) * Thu Oct 1 12:09:13 CDT 2020 Justin M. Forbes - 5.8.13-200 - Linux v5.8.13 -- cgit From cf5cdb31a68e31e2350d188cb392a9b901c509d3 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Wed, 7 Oct 2020 07:25:38 -0500 Subject: Linux v5.8.14 Signed-off-by: Justin M. Forbes --- kernel.spec | 8 +- sources | 2 +- ...Fix-security-label-length-not-being-reset.patch | 150 --------------------- 3 files changed, 5 insertions(+), 155 deletions(-) delete mode 100644 v2-nfs-Fix-security-label-length-not-being-reset.patch diff --git a/kernel.spec b/kernel.spec index 542a37dca..c0e6aff56 100644 --- a/kernel.spec +++ b/kernel.spec @@ -92,7 +92,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 13 +%define stable_update 14 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -869,9 +869,6 @@ Patch107: 0001-drivers-perf-xgene_pmu-Fix-uninitialized-resource-st.patch Patch110: memory-tegra-Remove-GPU-from-DRM-IOMMU-group.patch -# rhbz 1873720 -Patch112: v2-nfs-Fix-security-label-length-not-being-reset.patch - # rhbz 1875339 1875828 1876997 Patch113: pdx86-SW_TABLET_MODE-fixes.patch @@ -2999,6 +2996,9 @@ fi # # %changelog +* Wed Oct 7 07:21:23 CDT 2020 Justin M. Forbes - 5.8.14-200 +- Linux v5.8.14 + * Wed Oct 7 2020 Peter Robinson - Fix aarch64 boot crash on BTI capable systems - Fix boot crash on aarch64 Ampere eMAG systems (rhbz #1874117) diff --git a/sources b/sources index 7015594b4..1776919ce 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (linux-5.8.tar.xz) = 19c8694bda4533464877e2d976aca95f48c2c40c11efcc1dce0ca91cc5f9826110e277c7de2a49ff99af8ae1c76e275b7c463abf71fbf410956d63066dc4ee53 -SHA512 (patch-5.8.13.xz) = 4686b149cde34dae709a806b283724a970a2a8ce3b5bc858c160618c756ce3d6dd5628d9e91117a682dc011a68ef23cc3e9c16fbce4ff3537d919201a432ade8 +SHA512 (patch-5.8.14.xz) = 41a75b2b2f02f3412be9327a54688830396e66bd2bf6ca5535ba7a20bef8b8619b5939b7fbea70ed54e895480be99b6cf1484403a4da44f3500349349a8e14fc diff --git a/v2-nfs-Fix-security-label-length-not-being-reset.patch b/v2-nfs-Fix-security-label-length-not-being-reset.patch deleted file mode 100644 index 60f61c35c..000000000 --- a/v2-nfs-Fix-security-label-length-not-being-reset.patch +++ /dev/null @@ -1,150 +0,0 @@ -From patchwork Tue Sep 15 21:42:52 2020 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -X-Patchwork-Submitter: Jeffrey Mitchell -X-Patchwork-Id: 11777881 -Return-Path: -Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org - [172.30.200.123]) - by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9BEEA618 - for ; - Tue, 15 Sep 2020 21:44:46 +0000 (UTC) -Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) - by mail.kernel.org (Postfix) with ESMTP id 600CF20731 - for ; - Tue, 15 Sep 2020 21:44:46 +0000 (UTC) -Authentication-Results: mail.kernel.org; - dkim=pass (1024-bit key) header.d=starlab.io header.i=@starlab.io - header.b="aJuHPsEZ" -Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand - id S1728066AbgIOVoW (ORCPT - ); - Tue, 15 Sep 2020 17:44:22 -0400 -Received: from mail-dm3gcc02on2104.outbound.protection.outlook.com - ([40.107.91.104]:22176 - "EHLO GCC02-DM3-obe.outbound.protection.outlook.com" - rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP - id S1727845AbgIOVnq (ORCPT ); - Tue, 15 Sep 2020 17:43:46 -0400 -ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; - b=gP59+M9kP3ZEQtpnFruwMJTxipkpx5mXy/SAn2tLXN3JL4qzMJ1ovTpHbiAiF/nRgN+JWCDnMI8WCCcRMUXjnFduBiNpgILfXKaDFIuooiqrtNQxzbDEq+ZXqd/6dyBNj6iD6CmIZdrBoo6eEZJhIR2gVWzt1Zu1x2I8WkY2+RjJDlgZrfvNwRcw/4U3TdF97r5ksdewF0BlNby6ZExrsumudCVvW+WO8hM/di5362QOMxgKtlaqtFHQX4/sqqgAZs6qXS1WZMpGBjKNYO3kZhTdRl0X06MFZ2UnBUMt/P9Vh4IpyS3dUHF9DQWGbOXmF9OR97gJSP4UYP6Vo+NIvg== -ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; - s=arcselector9901; - h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; - bh=5XTZZ/aS36tpTnR5M4LBDQk4eW6LhdJERW6/8ZQBdjg=; - b=AEMkmqRUg3UZV5ehyVTDA4QkihRZ0LrGTYP4+eEdl+HOkLUjAoN3uBVLLoJlH2fPtc1OtuPBOe6RA6OE3dr3FKkRGBU86TJAfPr8Mr8nkNHkKcK2wXE2uMFPinGFNIq8DVH2P5c8qKxMSe/e48ddMFm/cKT/T6YCQHAtxWOBQSrZM9Gm3Dci1Vc6xbAceeaIrV7uqIAt+aSmcu7+HnZT3PDT1IsxxgdT5xexteAv8RKROzjmpwlzYCMuMeLNN2zV7TMVCaqZUkMQEe6MjAsvnvQ4erXTZ1441TMna1uCIsttHHrkV3rb9UABF9g5P5ffrbNzUXeKwEMYjUjUFq6SXg== -ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass - smtp.mailfrom=starlab.io; dmarc=pass action=none header.from=starlab.io; - dkim=pass header.d=starlab.io; arc=none -DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=starlab.io; - s=selector2; - h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; - bh=5XTZZ/aS36tpTnR5M4LBDQk4eW6LhdJERW6/8ZQBdjg=; - b=aJuHPsEZcvYEP98mtq2JKo/LbYpT9T2mpgQahKfEPFXnrB3ajaaj7edTDPFd88SsdHU/wC7pVNVj0g8Ybc9hBn483uen/K+fV2fNe2IiND7jJO/8+jusNVQEVcBbNcaGNFA1idd4Us3/7XC9AqnJ7uKjYcLlkpDC5MooQ2ALKLA= -Authentication-Results: starlab.io; dkim=none (message not signed) - header.d=none;starlab.io; dmarc=none action=none header.from=starlab.io; -Received: from SA9PR09MB5246.namprd09.prod.outlook.com (2603:10b6:806:4b::9) - by SA9PR09MB5376.namprd09.prod.outlook.com (2603:10b6:806:44::20) with - Microsoft SMTP Server (version=TLS1_2, - cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.16; Tue, 15 Sep - 2020 21:43:23 +0000 -Received: from SA9PR09MB5246.namprd09.prod.outlook.com - ([fe80::e90f:c1b7:2964:d2ac]) by SA9PR09MB5246.namprd09.prod.outlook.com - ([fe80::e90f:c1b7:2964:d2ac%7]) with mapi id 15.20.3370.019; Tue, 15 Sep 2020 - 21:43:23 +0000 -From: Jeffrey Mitchell -To: Trond Myklebust , - Anna Schumaker , - "J . Bruce Fields" -Cc: linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org, - Jeffrey Mitchell -Subject: [PATCH v2] nfs: Fix security label length not being reset -Date: Tue, 15 Sep 2020 16:42:52 -0500 -Message-Id: <20200915214252.262881-1-jeffrey.mitchell@starlab.io> -X-Mailer: git-send-email 2.25.1 -In-Reply-To: <20200914154958.55451-1-jeffrey.mitchell@starlab.io> -References: <20200914154958.55451-1-jeffrey.mitchell@starlab.io> -X-ClientProxiedBy: SN4PR0701CA0023.namprd07.prod.outlook.com - (2603:10b6:803:28::33) To SA9PR09MB5246.namprd09.prod.outlook.com - (2603:10b6:806:4b::9) -MIME-Version: 1.0 -X-MS-Exchange-MessageSentRepresentingType: 1 -Received: from jeffrey-work-20 (75.1.70.238) by - SN4PR0701CA0023.namprd07.prod.outlook.com (2603:10b6:803:28::33) with - Microsoft SMTP Server (version=TLS1_2, - cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.16 via Frontend - Transport; Tue, 15 Sep 2020 21:43:22 +0000 -X-Mailer: git-send-email 2.25.1 -X-Originating-IP: [75.1.70.238] -X-MS-PublicTrafficType: Email -X-MS-Office365-Filtering-Correlation-Id: f6b6cbb7-73d3-494f-9182-08d859c05e6a -X-MS-TrafficTypeDiagnostic: SA9PR09MB5376: -X-MS-Exchange-Transport-Forked: True -X-Microsoft-Antispam-PRVS: - -X-MS-Oob-TLC-OOBClassifiers: OLM:9508; -X-MS-Exchange-SenderADCheck: 1 -X-Microsoft-Antispam: BCL:0; -X-Microsoft-Antispam-Message-Info: - ve0rVm2dgAEEJAHk636eMFSzbaG54N1EjudpqWLYW0DylXWpm1XPdYOKGIJ7OQAUpYFiKRVvvCCHJyBpHbHzGKC4nG5t9P4JC8cVt7aPrOwpeaPSxWzUaFp0k9bOYDPZUOJ8XLYLs7IY1pk2rtYoLLTdDcfG5Kzzo2J3bIaePbV3MKzQ0UsODbgcJZlEpmQscx6xeqDlu+uG1mYjrtw5UiZLSQAD5lbkudMm2EmmZLEYqmYHzwFZpOujih7ONUEwBPmwH3cgEdqhdth5H9fRA5RelGwfRwMIn7uLA+/xqi7XnIvhkfvfdF/IyPz3eBCA -X-Forefront-Antispam-Report: - CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA9PR09MB5246.namprd09.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(39830400003)(346002)(136003)(376002)(366004)(16526019)(186003)(107886003)(4326008)(8676002)(8936002)(36756003)(6496006)(66946007)(2906002)(15650500001)(52116002)(66556008)(66476007)(316002)(6666004)(86362001)(26005)(5660300002)(1076003)(44832011)(83380400001)(478600001)(2616005)(110136005)(956004)(6486002);DIR:OUT;SFP:1102; -X-MS-Exchange-AntiSpam-MessageData: - q4wBhvrjMzSF6Plz5Ht6sf9Uu69ig8LJutAd8jEyaoRDqKTewYyNQQYzV/bQE3XEV4LlM1hb3ypXtn2UD9kZ/IWTmgpl/Y1MFe+L1ElTHVh//V3w7gSJ81b08ickMgWfthsYiUVGueTLp5bDY8dzcUXctkSBIycLijlMk9+jcS/InJxM/w8oiMk/mNtfX7EFuhtrsvQyWRN5ixKH/jgHOhkH7+r8SK5ywKJUxitBRQHXKyBbJ9wi7nEbTIzYCW4WKtrnhYoNWNvKgjBUWA0LPrhxeO1sXAk5oq+Vuw0Oo4uzI4RtN84ucfhZCYEh5tbZXN7/hZ7VucAojcwKizYByZwF9Y7Tms+Qu6o+0mYEg8rv3674tDIbW55gvLpoClnMmUgAKEzNg3gEgaTkoYgW2ASPlIsKNy1rO+ukeMT7BSsbPQRBapQYtCSIs/TsmQcBp2XuuNqtXEhKJNwc+yV3tT3/D7hfCg9JfhdCwpS03f5o4OZPzwW+O0EF3E4KpZkQ81iTRmt6v5H+6f57VRofr6IckSvmbX+Mwbis7sXKBegIgGp8/a87r847npRq68Rao6ZDV+Z7R7M5FYP/bzJZOIWJmmn8EIoY/0as0nZmCFPxewig4O+RKwxixWqNxIYAEZZWR96si8n53nHTsMOJHQ== -X-OriginatorOrg: starlab.io -X-MS-Exchange-CrossTenant-Network-Message-Id: - f6b6cbb7-73d3-494f-9182-08d859c05e6a -X-MS-Exchange-CrossTenant-AuthSource: SA9PR09MB5246.namprd09.prod.outlook.com -X-MS-Exchange-CrossTenant-AuthAs: Internal -X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Sep 2020 21:43:22.8388 - (UTC) -X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted -X-MS-Exchange-CrossTenant-Id: 5e611933-986f-4838-a403-4acb432ce224 -X-MS-Exchange-CrossTenant-MailboxType: HOSTED -X-MS-Exchange-CrossTenant-UserPrincipalName: - chYVMMkYAvfiR0om1oU7hkRD1vHWk8vWKpUFgxhDUxbYALnkAu4ki99P8nO5pZmG5IsEx33nXgcNyg9tcTPVyxPI/upgYllWlX/Q0iCwT6Q= -X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA9PR09MB5376 -Sender: linux-nfs-owner@vger.kernel.org -Precedence: bulk -List-ID: -X-Mailing-List: linux-nfs@vger.kernel.org - -nfs_readdir_page_filler() iterates over entries in a directory, reusing -the same security label buffer, but does not reset the buffer's length. -This causes decode_attr_security_label() to return -ERANGE if an entry's -security label is longer than the previous one's. This error, in -nfs4_decode_dirent(), only gets passed up as -EAGAIN, which causes another -failed attempt to copy into the buffer. The second error is ignored and -the remaining entries do not show up in ls, specifically the getdents64() -syscall. - -Reproduce by creating multiple files in NFS and giving one of the later -files a longer security label. ls will not see that file nor any that are -added afterwards, though they will exist on the backend. - -In nfs_readdir_page_filler(), reset security label buffer length before -every reuse - -Signed-off-by: Jeffrey Mitchell ---- -v2: Added explanation from cover letter as requested by J. Bruce Fields - - - fs/nfs/dir.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c -index e732580fe47b..cb52db9a0cfb 100644 ---- a/fs/nfs/dir.c -+++ b/fs/nfs/dir.c -@@ -579,6 +579,9 @@ int nfs_readdir_page_filler(nfs_readdir_descriptor_t *desc, struct nfs_entry *en - xdr_set_scratch_buffer(&stream, page_address(scratch), PAGE_SIZE); - - do { -+ if (entry->label) -+ entry->label->len = NFS4_MAXLABELLEN; -+ - status = xdr_decode(desc, entry, &stream); - if (status != 0) { - if (status == -EAGAIN) -- cgit