--- /dev/null
+From 7198bfc2017644c6b92d2ecef9b8b8e0363bb5fd Mon Sep 17 00:00:00 2001
+From: Jens Axboe <axboe@kernel.dk>
+Date: Sat, 2 Apr 2022 11:40:23 -0600
+Subject: Revert "nbd: fix possible overflow on 'first_minor' in nbd_dev_add()"
+
+From: Jens Axboe <axboe@kernel.dk>
+
+commit 7198bfc2017644c6b92d2ecef9b8b8e0363bb5fd upstream.
+
+This reverts commit 6d35d04a9e18990040e87d2bbf72689252669d54.
+
+Both Gabriel and Borislav report that this commit casues a regression
+with nbd:
+
+sysfs: cannot create duplicate filename '/dev/block/43:0'
+
+Revert it before 5.18-rc1 and we'll investigage this separately in
+due time.
+
+Link: https://lore.kernel.org/all/YkiJTnFOt9bTv6A2@zn.tnic/
+Reported-by: Gabriel L. Somlo <somlo@cmu.edu>
+Reported-by: Borislav Petkov <bp@alien8.de>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/block/nbd.c | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+--- a/drivers/block/nbd.c
++++ b/drivers/block/nbd.c
+@@ -1744,6 +1744,17 @@ static struct nbd_device *nbd_dev_add(in
+ refcount_set(&nbd->refs, 0);
+ INIT_LIST_HEAD(&nbd->list);
+ disk->major = NBD_MAJOR;
++
++ /* Too big first_minor can cause duplicate creation of
++ * sysfs files/links, since index << part_shift might overflow, or
++ * MKDEV() expect that the max bits of first_minor is 20.
++ */
++ disk->first_minor = index << part_shift;
++ if (disk->first_minor < index || disk->first_minor > MINORMASK) {
++ err = -EINVAL;
++ goto out_free_work;
++ }
++
+ disk->minors = 1 << part_shift;
+ disk->fops = &nbd_fops;
+ disk->private_data = nbd;
+@@ -1848,19 +1859,8 @@ static int nbd_genl_connect(struct sk_bu
+ if (!netlink_capable(skb, CAP_SYS_ADMIN))
+ return -EPERM;
+
+- if (info->attrs[NBD_ATTR_INDEX]) {
++ if (info->attrs[NBD_ATTR_INDEX])
+ index = nla_get_u32(info->attrs[NBD_ATTR_INDEX]);
+-
+- /*
+- * Too big first_minor can cause duplicate creation of
+- * sysfs files/links, since index << part_shift might overflow, or
+- * MKDEV() expect that the max bits of first_minor is 20.
+- */
+- if (index < 0 || index > MINORMASK >> part_shift) {
+- printk(KERN_ERR "nbd: illegal input index %d\n", index);
+- return -EINVAL;
+- }
+- }
+ if (!info->attrs[NBD_ATTR_SOCKETS]) {
+ printk(KERN_ERR "nbd: must specify at least one socket\n");
+ return -EINVAL;
--- /dev/null
+From 7372971c1be5b7d4fdd8ad237798bdc1d1d54162 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Tue, 11 Jan 2022 10:19:22 +0300
+Subject: rtc: mc146818-lib: fix signedness bug in mc146818_get_time()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 7372971c1be5b7d4fdd8ad237798bdc1d1d54162 upstream.
+
+The mc146818_get_time() function returns zero on success or negative
+a error code on failure. It needs to be type int.
+
+Fixes: d35786b3a28d ("rtc: mc146818-lib: change return values of mc146818_get_time()")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Reviewed-by: Mateusz Jończyk <mat.jonczyk@o2.pl>
+Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
+Link: https://lore.kernel.org/r/20220111071922.GE11243@kili
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/rtc/rtc-mc146818-lib.c | 2 +-
+ include/linux/mc146818rtc.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/rtc/rtc-mc146818-lib.c
++++ b/drivers/rtc/rtc-mc146818-lib.c
+@@ -33,7 +33,7 @@ bool mc146818_does_rtc_work(void)
+ }
+ EXPORT_SYMBOL_GPL(mc146818_does_rtc_work);
+
+-unsigned int mc146818_get_time(struct rtc_time *time)
++int mc146818_get_time(struct rtc_time *time)
+ {
+ unsigned char ctrl;
+ unsigned long flags;
+--- a/include/linux/mc146818rtc.h
++++ b/include/linux/mc146818rtc.h
+@@ -124,7 +124,7 @@ struct cmos_rtc_board_info {
+ #endif /* ARCH_RTC_LOCATION */
+
+ bool mc146818_does_rtc_work(void);
+-unsigned int mc146818_get_time(struct rtc_time *time);
++int mc146818_get_time(struct rtc_time *time);
+ int mc146818_set_time(struct rtc_time *time);
+
+ #endif /* _MC146818RTC_H */
revert-selftests-net-add-tls-config-dependency-for-tls-selftests.patch
bpf-make-remote_port-field-in-struct-bpf_sk_lookup-16-bit-wide.patch
selftests-bpf-fix-u8-narrow-load-checks-for-bpf_sk_lookup-remote_port.patch
+rtc-mc146818-lib-fix-signedness-bug-in-mc146818_get_time.patch
+sunrpc-don-t-call-connect-more-than-once-on-a-tcp-socket.patch
+revert-nbd-fix-possible-overflow-on-first_minor-in-nbd_dev_add.patch
--- /dev/null
+From 89f42494f92f448747bd8a7ab1ae8b5d5520577d Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Wed, 16 Mar 2022 19:10:43 -0400
+Subject: SUNRPC: Don't call connect() more than once on a TCP socket
+
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+
+commit 89f42494f92f448747bd8a7ab1ae8b5d5520577d upstream.
+
+Avoid socket state races due to repeated calls to ->connect() using the
+same socket. If connect() returns 0 due to the connection having
+completed, but we are in fact in a closing state, then we may leave the
+XPRT_CONNECTING flag set on the transport.
+
+Reported-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
+Fixes: 3be232f11a3c ("SUNRPC: Prevent immediate close+reconnect")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/sunrpc/xprtsock.h | 1 +
+ net/sunrpc/xprtsock.c | 21 +++++++++++----------
+ 2 files changed, 12 insertions(+), 10 deletions(-)
+
+--- a/include/linux/sunrpc/xprtsock.h
++++ b/include/linux/sunrpc/xprtsock.h
+@@ -89,5 +89,6 @@ struct sock_xprt {
+ #define XPRT_SOCK_WAKE_WRITE (5)
+ #define XPRT_SOCK_WAKE_PENDING (6)
+ #define XPRT_SOCK_WAKE_DISCONNECT (7)
++#define XPRT_SOCK_CONNECT_SENT (8)
+
+ #endif /* _LINUX_SUNRPC_XPRTSOCK_H */
+--- a/net/sunrpc/xprtsock.c
++++ b/net/sunrpc/xprtsock.c
+@@ -2257,6 +2257,7 @@ static int xs_tcp_finish_connecting(stru
+ fallthrough;
+ case -EINPROGRESS:
+ /* SYN_SENT! */
++ set_bit(XPRT_SOCK_CONNECT_SENT, &transport->sock_state);
+ if (xprt->reestablish_timeout < XS_TCP_INIT_REEST_TO)
+ xprt->reestablish_timeout = XS_TCP_INIT_REEST_TO;
+ break;
+@@ -2282,10 +2283,14 @@ static void xs_tcp_setup_socket(struct w
+ struct rpc_xprt *xprt = &transport->xprt;
+ int status = -EIO;
+
+- if (!sock) {
+- sock = xs_create_sock(xprt, transport,
+- xs_addr(xprt)->sa_family, SOCK_STREAM,
+- IPPROTO_TCP, true);
++ if (xprt_connected(xprt))
++ goto out;
++ if (test_and_clear_bit(XPRT_SOCK_CONNECT_SENT,
++ &transport->sock_state) ||
++ !sock) {
++ xs_reset_transport(transport);
++ sock = xs_create_sock(xprt, transport, xs_addr(xprt)->sa_family,
++ SOCK_STREAM, IPPROTO_TCP, true);
+ if (IS_ERR(sock)) {
+ status = PTR_ERR(sock);
+ goto out;
+@@ -2365,13 +2370,9 @@ static void xs_connect(struct rpc_xprt *
+
+ WARN_ON_ONCE(!xprt_lock_connect(xprt, task, transport));
+
+- if (transport->sock != NULL && !xprt_connecting(xprt)) {
++ if (transport->sock != NULL) {
+ dprintk("RPC: xs_connect delayed xprt %p for %lu "
+- "seconds\n",
+- xprt, xprt->reestablish_timeout / HZ);
+-
+- /* Start by resetting any existing state */
+- xs_reset_transport(transport);
++ "seconds\n", xprt, xprt->reestablish_timeout / HZ);
+
+ delay = xprt_reconnect_delay(xprt);
+ xprt_reconnect_backoff(xprt, XS_TCP_INIT_REEST_TO);
projects / thirdparty / kernel / stable-queue.git / commitdiff
