5.4-stable patches

added patches:
	qed-display-vf-trust-config.patch
	qed-validate-and-restrict-untrusted-vfs-vlan-promisc-mode.patch
	scsi-libsas-fix-sas_ata_qc_issue-handling-of-ncq-non-data-commands.patch

diff --git a/queue-5.4/qed-display-vf-trust-config.patch b/queue-5.4/qed-display-vf-trust-config.patch
new file mode 100644 (file)
index 0000000..ad55639
--- /dev/null
+++ b/queue-5.4/qed-display-vf-trust-config.patch
@@ -0,0 +1,32 @@
+From 4e6e6bec7440b9b76f312f28b1f4e944eebb3abc Mon Sep 17 00:00:00 2001
+From: Manish Chopra <manishc@marvell.com>
+Date: Wed, 2 Mar 2022 02:52:21 -0800
+Subject: qed: display VF trust config
+
+From: Manish Chopra <manishc@marvell.com>
+
+commit 4e6e6bec7440b9b76f312f28b1f4e944eebb3abc upstream.
+
+Driver does support SR-IOV VFs trust configuration but
+it does not display it when queried via ip link utility.
+
+Cc: stable@vger.kernel.org
+Fixes: f990c82c385b ("qed*: Add support for ndo_set_vf_trust")
+Signed-off-by: Manish Chopra <manishc@marvell.com>
+Signed-off-by: Ariel Elior <aelior@marvell.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/qlogic/qed/qed_sriov.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/ethernet/qlogic/qed/qed_sriov.c
++++ b/drivers/net/ethernet/qlogic/qed/qed_sriov.c
+@@ -4717,6 +4717,7 @@ static int qed_get_vf_config(struct qed_
+       tx_rate = vf_info->tx_rate;
+       ivi->max_tx_rate = tx_rate ? tx_rate : link.speed;
+       ivi->min_tx_rate = qed_iov_get_vf_min_rate(hwfn, vf_id);
++      ivi->trusted = vf_info->is_trusted_request;
+ 
+       return 0;
+ }

diff --git a/queue-5.4/qed-validate-and-restrict-untrusted-vfs-vlan-promisc-mode.patch b/queue-5.4/qed-validate-and-restrict-untrusted-vfs-vlan-promisc-mode.patch
new file mode 100644 (file)
index 0000000..455d853
--- /dev/null
+++ b/queue-5.4/qed-validate-and-restrict-untrusted-vfs-vlan-promisc-mode.patch
@@ -0,0 +1,108 @@
+From cbcc44db2cf7b836896733acc0e5ea966136ed22 Mon Sep 17 00:00:00 2001
+From: Manish Chopra <manishc@marvell.com>
+Date: Wed, 2 Mar 2022 02:52:22 -0800
+Subject: qed: validate and restrict untrusted VFs vlan promisc mode
+
+From: Manish Chopra <manishc@marvell.com>
+
+commit cbcc44db2cf7b836896733acc0e5ea966136ed22 upstream.
+
+Today when VFs are put in promiscuous mode, they can request PF
+to configure device for them to receive all VLANs traffic regardless
+of what vlan is configured by the PF (via ip link) and PF allows this
+config request regardless of whether VF is trusted or not.
+
+From security POV, when VLAN is configured for VF through PF (via ip link),
+honour such config requests from VF only when they are configured to be
+trusted, otherwise restrict such VFs vlan promisc mode config.
+
+Cc: stable@vger.kernel.org
+Fixes: f990c82c385b ("qed*: Add support for ndo_set_vf_trust")
+Signed-off-by: Manish Chopra <manishc@marvell.com>
+Signed-off-by: Ariel Elior <aelior@marvell.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/qlogic/qed/qed_sriov.c |   28 ++++++++++++++++++++++++++--
+ drivers/net/ethernet/qlogic/qed/qed_sriov.h |    1 +
+ 2 files changed, 27 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/ethernet/qlogic/qed/qed_sriov.c
++++ b/drivers/net/ethernet/qlogic/qed/qed_sriov.c
+@@ -3003,12 +3003,16 @@ static int qed_iov_pre_update_vport(stru
+       u8 mask = QED_ACCEPT_UCAST_UNMATCHED | QED_ACCEPT_MCAST_UNMATCHED;
+       struct qed_filter_accept_flags *flags = &params->accept_flags;
+       struct qed_public_vf_info *vf_info;
++      u16 tlv_mask;
++
++      tlv_mask = BIT(QED_IOV_VP_UPDATE_ACCEPT_PARAM) |
++                 BIT(QED_IOV_VP_UPDATE_ACCEPT_ANY_VLAN);
+ 
+       /* Untrusted VFs can't even be trusted to know that fact.
+        * Simply indicate everything is configured fine, and trace
+        * configuration 'behind their back'.
+        */
+-      if (!(*tlvs & BIT(QED_IOV_VP_UPDATE_ACCEPT_PARAM)))
++      if (!(*tlvs & tlv_mask))
+               return 0;
+ 
+       vf_info = qed_iov_get_public_vf_info(hwfn, vfid, true);
+@@ -3025,6 +3029,13 @@ static int qed_iov_pre_update_vport(stru
+                       flags->tx_accept_filter &= ~mask;
+       }
+ 
++      if (params->update_accept_any_vlan_flg) {
++              vf_info->accept_any_vlan = params->accept_any_vlan;
++
++              if (vf_info->forced_vlan && !vf_info->is_trusted_configured)
++                      params->accept_any_vlan = false;
++      }
++
+       return 0;
+ }
+ 
+@@ -5148,6 +5159,12 @@ static void qed_iov_handle_trust_change(
+ 
+               params.update_ctl_frame_check = 1;
+               params.mac_chk_en = !vf_info->is_trusted_configured;
++              params.update_accept_any_vlan_flg = 0;
++
++              if (vf_info->accept_any_vlan && vf_info->forced_vlan) {
++                      params.update_accept_any_vlan_flg = 1;
++                      params.accept_any_vlan = vf_info->accept_any_vlan;
++              }
+ 
+               if (vf_info->rx_accept_mode & mask) {
+                       flags->update_rx_mode_config = 1;
+@@ -5163,13 +5180,20 @@ static void qed_iov_handle_trust_change(
+               if (!vf_info->is_trusted_configured) {
+                       flags->rx_accept_filter &= ~mask;
+                       flags->tx_accept_filter &= ~mask;
++                      params.accept_any_vlan = false;
+               }
+ 
+               if (flags->update_rx_mode_config ||
+                   flags->update_tx_mode_config ||
+-                  params.update_ctl_frame_check)
++                  params.update_ctl_frame_check ||
++                  params.update_accept_any_vlan_flg) {
++                      DP_VERBOSE(hwfn, QED_MSG_IOV,
++                                 "vport update config for %s VF[abs 0x%x rel 0x%x]\n",
++                                 vf_info->is_trusted_configured ? "trusted" : "untrusted",
++                                 vf->abs_vf_id, vf->relative_vf_id);
+                       qed_sp_vport_update(hwfn, &params,
+                                           QED_SPQ_MODE_EBLOCK, NULL);
++              }
+       }
+ }
+ 
+--- a/drivers/net/ethernet/qlogic/qed/qed_sriov.h
++++ b/drivers/net/ethernet/qlogic/qed/qed_sriov.h
+@@ -88,6 +88,7 @@ struct qed_public_vf_info {
+       bool is_trusted_request;
+       u8 rx_accept_mode;
+       u8 tx_accept_mode;
++      bool accept_any_vlan;
+ };
+ 
+ struct qed_iov_vf_init_params {

diff --git a/queue-5.4/scsi-libsas-fix-sas_ata_qc_issue-handling-of-ncq-non-data-commands.patch b/queue-5.4/scsi-libsas-fix-sas_ata_qc_issue-handling-of-ncq-non-data-commands.patch
new file mode 100644 (file)
index 0000000..e48dc9a
--- /dev/null
+++ b/queue-5.4/scsi-libsas-fix-sas_ata_qc_issue-handling-of-ncq-non-data-commands.patch
@@ -0,0 +1,41 @@
+From 8454563e4c2aafbfb81a383ab423ea8b9b430a25 Mon Sep 17 00:00:00 2001
+From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
+Date: Sun, 20 Feb 2022 12:17:40 +0900
+Subject: scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
+
+From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
+
+commit 8454563e4c2aafbfb81a383ab423ea8b9b430a25 upstream.
+
+To detect for the DMA_NONE (no data transfer) DMA direction,
+sas_ata_qc_issue() tests if the command protocol is ATA_PROT_NODATA.  This
+test does not include the ATA_CMD_NCQ_NON_DATA command as this command
+protocol is defined as ATA_PROT_NCQ_NODATA (equal to ATA_PROT_FLAG_NCQ) and
+not as ATA_PROT_NODATA.
+
+To include both NCQ and non-NCQ commands when testing for the DMA_NONE DMA
+direction, use "!ata_is_data()".
+
+Link: https://lore.kernel.org/r/20220220031810.738362-2-damien.lemoal@opensource.wdc.com
+Fixes: 176ddd89171d ("scsi: libsas: Reset num_scatter if libata marks qc as NODATA")
+Cc: stable@vger.kernel.org
+Reviewed-by: John Garry <john.garry@huawei.com>
+Reviewed-by: Jack Wang <jinpu.wang@ionos.com>
+Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/libsas/sas_ata.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/scsi/libsas/sas_ata.c
++++ b/drivers/scsi/libsas/sas_ata.c
+@@ -201,7 +201,7 @@ static unsigned int sas_ata_qc_issue(str
+               task->total_xfer_len = qc->nbytes;
+               task->num_scatter = qc->n_elem;
+               task->data_dir = qc->dma_dir;
+-      } else if (qc->tf.protocol == ATA_PROT_NODATA) {
++      } else if (!ata_is_data(qc->tf.protocol)) {
+               task->data_dir = DMA_NONE;
+       } else {
+               for_each_sg(qc->sg, sg, qc->n_elem, si)

diff --git a/queue-5.4/series b/queue-5.4/series
index 5c9cc7755c1397d245d1210f42db292aedcc296c..e8085d590bcd051a6c3f452fb9791423c4ffe099 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -47,3 +47,6 @@ jffs2-fix-memory-leak-in-jffs2_scan_medium.patch
 mm-pages_alloc.c-don-t-create-zone_movable-beyond-the-end-of-a-node.patch
 mm-invalidate-hwpoison-page-cache-page-in-fault-path.patch
 mempolicy-mbind_range-set_policy-after-vma_merge.patch
+scsi-libsas-fix-sas_ata_qc_issue-handling-of-ncq-non-data-commands.patch
+qed-display-vf-trust-config.patch
+qed-validate-and-restrict-untrusted-vfs-vlan-promisc-mode.patch