--- /dev/null
+From 4e39a072a6a0fc422ba7da5e4336bdc295d70211 Mon Sep 17 00:00:00 2001
+From: Jason Xing <xingwanli@kuaishou.com>
+Date: Wed, 14 Apr 2021 10:34:28 +0800
+Subject: i40e: fix the panic when running bpf in xdpdrv mode
+
+From: Jason Xing <xingwanli@kuaishou.com>
+
+commit 4e39a072a6a0fc422ba7da5e4336bdc295d70211 upstream.
+
+Fix this panic by adding more rules to calculate the value of @rss_size_max
+which could be used in allocating the queues when bpf is loaded, which,
+however, could cause the failure and then trigger the NULL pointer of
+vsi->rx_rings. Prio to this fix, the machine doesn't care about how many
+cpus are online and then allocates 256 queues on the machine with 32 cpus
+online actually.
+
+Once the load of bpf begins, the log will go like this "failed to get
+tracking for 256 queues for VSI 0 err -12" and this "setup of MAIN VSI
+failed".
+
+Thus, I attach the key information of the crash-log here.
+
+BUG: unable to handle kernel NULL pointer dereference at
+0000000000000000
+RIP: 0010:i40e_xdp+0xdd/0x1b0 [i40e]
+Call Trace:
+[2160294.717292] ? i40e_reconfig_rss_queues+0x170/0x170 [i40e]
+[2160294.717666] dev_xdp_install+0x4f/0x70
+[2160294.718036] dev_change_xdp_fd+0x11f/0x230
+[2160294.718380] ? dev_disable_lro+0xe0/0xe0
+[2160294.718705] do_setlink+0xac7/0xe70
+[2160294.719035] ? __nla_parse+0xed/0x120
+[2160294.719365] rtnl_newlink+0x73b/0x860
+
+Fixes: 41c445ff0f48 ("i40e: main driver core")
+Co-developed-by: Shujin Li <lishujin@kuaishou.com>
+Signed-off-by: Shujin Li <lishujin@kuaishou.com>
+Signed-off-by: Jason Xing <xingwanli@kuaishou.com>
+Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
+Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_main.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
+@@ -11211,6 +11211,7 @@ static int i40e_sw_init(struct i40e_pf *
+ {
+ int err = 0;
+ int size;
++ u16 pow;
+
+ /* Set default capability flags */
+ pf->flags = I40E_FLAG_RX_CSUM_ENABLED |
+@@ -11229,6 +11230,11 @@ static int i40e_sw_init(struct i40e_pf *
+ pf->rss_table_size = pf->hw.func_caps.rss_table_size;
+ pf->rss_size_max = min_t(int, pf->rss_size_max,
+ pf->hw.func_caps.num_tx_qp);
++
++ /* find the next higher power-of-2 of num cpus */
++ pow = roundup_pow_of_two(num_online_cpus());
++ pf->rss_size_max = min_t(int, pf->rss_size_max, pow);
++
+ if (pf->hw.func_caps.rss) {
+ pf->flags |= I40E_FLAG_RSS_ENABLED;
+ pf->alloc_rss_size = min_t(int, pf->rss_size_max,
--- /dev/null
+From 0775ebc4cf8554bdcd2c212669a0868ab68df5c0 Mon Sep 17 00:00:00 2001
+From: Lijun Pan <lijunp213@gmail.com>
+Date: Wed, 14 Apr 2021 02:46:14 -0500
+Subject: ibmvnic: avoid calling napi_disable() twice
+
+From: Lijun Pan <lijunp213@gmail.com>
+
+commit 0775ebc4cf8554bdcd2c212669a0868ab68df5c0 upstream.
+
+__ibmvnic_open calls napi_disable without checking whether NAPI polling
+has already been disabled or not. This could cause napi_disable
+being called twice, which could generate deadlock. For example,
+the first napi_disable will spin until NAPI_STATE_SCHED is cleared
+by napi_complete_done, then set it again.
+When napi_disable is called the second time, it will loop infinitely
+because no dev->poll will be running to clear NAPI_STATE_SCHED.
+
+To prevent above scenario from happening, call ibmvnic_napi_disable()
+which checks if napi is disabled or not before calling napi_disable.
+
+Fixes: bfc32f297337 ("ibmvnic: Move resource initialization to its own routine")
+Suggested-by: Thomas Falcon <tlfalcon@linux.ibm.com>
+Signed-off-by: Lijun Pan <lijunp213@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/ibm/ibmvnic.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/net/ethernet/ibm/ibmvnic.c
++++ b/drivers/net/ethernet/ibm/ibmvnic.c
+@@ -1092,8 +1092,7 @@ static int __ibmvnic_open(struct net_dev
+
+ rc = set_link_state(adapter, IBMVNIC_LOGICAL_LNK_UP);
+ if (rc) {
+- for (i = 0; i < adapter->req_rx_queues; i++)
+- napi_disable(&adapter->napi[i]);
++ ibmvnic_napi_disable(adapter);
+ release_resources(adapter);
+ return rc;
+ }
--- /dev/null
+From d3a6abccbd272aea7dc2c6f984bb5a2c11278e44 Mon Sep 17 00:00:00 2001
+From: Lijun Pan <lijunp213@gmail.com>
+Date: Wed, 14 Apr 2021 02:46:15 -0500
+Subject: ibmvnic: remove duplicate napi_schedule call in do_reset function
+
+From: Lijun Pan <lijunp213@gmail.com>
+
+commit d3a6abccbd272aea7dc2c6f984bb5a2c11278e44 upstream.
+
+During adapter reset, do_reset/do_hard_reset calls ibmvnic_open(),
+which will calls napi_schedule if previous state is VNIC_CLOSED
+(i.e, the reset case, and "ifconfig down" case). So there is no need
+for do_reset to call napi_schedule again at the end of the function
+though napi_schedule will neglect the request if napi is already
+scheduled.
+
+Fixes: ed651a10875f ("ibmvnic: Updated reset handling")
+Signed-off-by: Lijun Pan <lijunp213@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/ibm/ibmvnic.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+--- a/drivers/net/ethernet/ibm/ibmvnic.c
++++ b/drivers/net/ethernet/ibm/ibmvnic.c
+@@ -1760,7 +1760,7 @@ static int do_reset(struct ibmvnic_adapt
+ u64 old_num_rx_queues, old_num_tx_queues;
+ u64 old_num_rx_slots, old_num_tx_slots;
+ struct net_device *netdev = adapter->netdev;
+- int i, rc;
++ int rc;
+
+ netdev_dbg(adapter->netdev, "Re-setting driver (%d)\n",
+ rwi->reset_reason);
+@@ -1878,10 +1878,6 @@ static int do_reset(struct ibmvnic_adapt
+ /* refresh device's multicast list */
+ ibmvnic_set_multi(netdev);
+
+- /* kick napi */
+- for (i = 0; i < adapter->req_rx_queues; i++)
+- napi_schedule(&adapter->napi[i]);
+-
+ if (adapter->reset_reason != VNIC_RESET_FAILOVER &&
+ adapter->reset_reason != VNIC_RESET_CHANGE_PARAM) {
+ call_netdevice_notifiers(NETDEV_NOTIFY_PEERS, netdev);
--- /dev/null
+From 7c451f3ef676c805a4b77a743a01a5c21a250a73 Mon Sep 17 00:00:00 2001
+From: Lijun Pan <lijunp213@gmail.com>
+Date: Wed, 14 Apr 2021 02:46:16 -0500
+Subject: ibmvnic: remove duplicate napi_schedule call in open function
+
+From: Lijun Pan <lijunp213@gmail.com>
+
+commit 7c451f3ef676c805a4b77a743a01a5c21a250a73 upstream.
+
+Remove the unnecessary napi_schedule() call in __ibmvnic_open() since
+interrupt_rx() calls napi_schedule_prep/__napi_schedule during every
+receive interrupt.
+
+Fixes: ed651a10875f ("ibmvnic: Updated reset handling")
+Signed-off-by: Lijun Pan <lijunp213@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/ibm/ibmvnic.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+--- a/drivers/net/ethernet/ibm/ibmvnic.c
++++ b/drivers/net/ethernet/ibm/ibmvnic.c
+@@ -1099,11 +1099,6 @@ static int __ibmvnic_open(struct net_dev
+
+ netif_tx_start_all_queues(netdev);
+
+- if (prev_state == VNIC_CLOSED) {
+- for (i = 0; i < adapter->req_rx_queues; i++)
+- napi_schedule(&adapter->napi[i]);
+- }
+-
+ adapter->state = VNIC_OPEN;
+ return rc;
+ }
--- /dev/null
+From 31457db3750c0b0ed229d836f2609fdb8a5b790e Mon Sep 17 00:00:00 2001
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Date: Sun, 11 Apr 2021 11:02:08 +0200
+Subject: net: davicom: Fix regulator not turned off on failed probe
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+commit 31457db3750c0b0ed229d836f2609fdb8a5b790e upstream.
+
+When the probe fails, we must disable the regulator that was previously
+enabled.
+
+This patch is a follow-up to commit ac88c531a5b3
+("net: davicom: Fix regulator not turned off on failed probe") which missed
+one case.
+
+Fixes: 7994fe55a4a2 ("dm9000: Add regulator and reset support to dm9000")
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/davicom/dm9000.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/ethernet/davicom/dm9000.c
++++ b/drivers/net/ethernet/davicom/dm9000.c
+@@ -1482,8 +1482,10 @@ dm9000_probe(struct platform_device *pde
+
+ /* Init network device */
+ ndev = alloc_etherdev(sizeof(struct board_info));
+- if (!ndev)
+- return -ENOMEM;
++ if (!ndev) {
++ ret = -ENOMEM;
++ goto out_regulator_disable;
++ }
+
+ SET_NETDEV_DEV(ndev, &pdev->dev);
+
--- /dev/null
+From 941ea91e87a6e879ed82dad4949f6234f2702bec Mon Sep 17 00:00:00 2001
+From: Hristo Venev <hristo@venev.name>
+Date: Mon, 12 Apr 2021 20:41:17 +0300
+Subject: net: ip6_tunnel: Unregister catch-all devices
+
+From: Hristo Venev <hristo@venev.name>
+
+commit 941ea91e87a6e879ed82dad4949f6234f2702bec upstream.
+
+Similarly to the sit case, we need to remove the tunnels with no
+addresses that have been moved to another network namespace.
+
+Fixes: 0bd8762824e73 ("ip6tnl: add x-netns support")
+Signed-off-by: Hristo Venev <hristo@venev.name>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/ip6_tunnel.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/net/ipv6/ip6_tunnel.c
++++ b/net/ipv6/ip6_tunnel.c
+@@ -2222,6 +2222,16 @@ static void __net_exit ip6_tnl_destroy_t
+ t = rtnl_dereference(t->next);
+ }
+ }
++
++ t = rtnl_dereference(ip6n->tnls_wc[0]);
++ while (t) {
++ /* If dev is in the same netns, it has already
++ * been added to the list by the previous loop.
++ */
++ if (!net_eq(dev_net(t->dev), net))
++ unregister_netdevice_queue(t->dev, list);
++ t = rtnl_dereference(t->next);
++ }
+ }
+
+ static int __net_init ip6_tnl_init_net(struct net *net)
--- /dev/null
+From 610f8c0fc8d46e0933955ce13af3d64484a4630a Mon Sep 17 00:00:00 2001
+From: Hristo Venev <hristo@venev.name>
+Date: Mon, 12 Apr 2021 20:41:16 +0300
+Subject: net: sit: Unregister catch-all devices
+
+From: Hristo Venev <hristo@venev.name>
+
+commit 610f8c0fc8d46e0933955ce13af3d64484a4630a upstream.
+
+A sit interface created without a local or a remote address is linked
+into the `sit_net::tunnels_wc` list of its original namespace. When
+deleting a network namespace, delete the devices that have been moved.
+
+The following script triggers a null pointer dereference if devices
+linked in a deleted `sit_net` remain:
+
+ for i in `seq 1 30`; do
+ ip netns add ns-test
+ ip netns exec ns-test ip link add dev veth0 type veth peer veth1
+ ip netns exec ns-test ip link add dev sit$i type sit dev veth0
+ ip netns exec ns-test ip link set dev sit$i netns $$
+ ip netns del ns-test
+ done
+ for i in `seq 1 30`; do
+ ip link del dev sit$i
+ done
+
+Fixes: 5e6700b3bf98f ("sit: add support of x-netns")
+Signed-off-by: Hristo Venev <hristo@venev.name>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/sit.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/ipv6/sit.c
++++ b/net/ipv6/sit.c
+@@ -1818,9 +1818,9 @@ static void __net_exit sit_destroy_tunne
+ if (dev->rtnl_link_ops == &sit_link_ops)
+ unregister_netdevice_queue(dev, head);
+
+- for (prio = 1; prio < 4; prio++) {
++ for (prio = 0; prio < 4; prio++) {
+ int h;
+- for (h = 0; h < IP6_SIT_HASH_SIZE; h++) {
++ for (h = 0; h < (prio ? IP6_SIT_HASH_SIZE : 1); h++) {
+ struct ip_tunnel *t;
+
+ t = rtnl_dereference(sitn->tunnels[prio][h]);
--- /dev/null
+From fbea31808ca124dd73ff6bb1e67c9af4607c3e32 Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Wed, 31 Mar 2021 01:04:45 +0200
+Subject: netfilter: conntrack: do not print icmpv6 as unknown via /proc
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit fbea31808ca124dd73ff6bb1e67c9af4607c3e32 upstream.
+
+/proc/net/nf_conntrack shows icmpv6 as unknown.
+
+Fixes: 09ec82f5af99 ("netfilter: conntrack: remove protocol name from l4proto struct")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nf_conntrack_standalone.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/netfilter/nf_conntrack_standalone.c
++++ b/net/netfilter/nf_conntrack_standalone.c
+@@ -262,6 +262,7 @@ static const char* l4proto_name(u16 prot
+ case IPPROTO_GRE: return "gre";
+ case IPPROTO_SCTP: return "sctp";
+ case IPPROTO_UDPLITE: return "udplite";
++ case IPPROTO_ICMPV6: return "icmpv6";
+ }
+
+ return "unknown";
--- /dev/null
+From b895bdf5d643b6feb7c60856326dd4feb6981560 Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Fri, 9 Apr 2021 08:49:39 -0700
+Subject: netfilter: nft_limit: avoid possible divide error in nft_limit_init
+
+From: Eric Dumazet <edumazet@google.com>
+
+commit b895bdf5d643b6feb7c60856326dd4feb6981560 upstream.
+
+div_u64() divides u64 by u32.
+
+nft_limit_init() wants to divide u64 by u64, use the appropriate
+math function (div64_u64)
+
+divide error: 0000 [#1] PREEMPT SMP KASAN
+CPU: 1 PID: 8390 Comm: syz-executor188 Not tainted 5.12.0-rc4-syzkaller #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+RIP: 0010:div_u64_rem include/linux/math64.h:28 [inline]
+RIP: 0010:div_u64 include/linux/math64.h:127 [inline]
+RIP: 0010:nft_limit_init+0x2a2/0x5e0 net/netfilter/nft_limit.c:85
+Code: ef 4c 01 eb 41 0f 92 c7 48 89 de e8 38 a5 22 fa 4d 85 ff 0f 85 97 02 00 00 e8 ea 9e 22 fa 4c 0f af f3 45 89 ed 31 d2 4c 89 f0 <49> f7 f5 49 89 c6 e8 d3 9e 22 fa 48 8d 7d 48 48 b8 00 00 00 00 00
+RSP: 0018:ffffc90009447198 EFLAGS: 00010246
+RAX: 0000000000000000 RBX: 0000200000000000 RCX: 0000000000000000
+RDX: 0000000000000000 RSI: ffffffff875152e6 RDI: 0000000000000003
+RBP: ffff888020f80908 R08: 0000200000000000 R09: 0000000000000000
+R10: ffffffff875152d8 R11: 0000000000000000 R12: ffffc90009447270
+R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
+FS: 000000000097a300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00000000200001c4 CR3: 0000000026a52000 CR4: 00000000001506e0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ nf_tables_newexpr net/netfilter/nf_tables_api.c:2675 [inline]
+ nft_expr_init+0x145/0x2d0 net/netfilter/nf_tables_api.c:2713
+ nft_set_elem_expr_alloc+0x27/0x280 net/netfilter/nf_tables_api.c:5160
+ nf_tables_newset+0x1997/0x3150 net/netfilter/nf_tables_api.c:4321
+ nfnetlink_rcv_batch+0x85a/0x21b0 net/netfilter/nfnetlink.c:456
+ nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:580 [inline]
+ nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:598
+ netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
+ netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
+ netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
+ sock_sendmsg_nosec net/socket.c:654 [inline]
+ sock_sendmsg+0xcf/0x120 net/socket.c:674
+ ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
+ ___sys_sendmsg+0xf3/0x170 net/socket.c:2404
+ __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
+ do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
+ entry_SYSCALL_64_after_hwframe+0x44/0xae
+
+Fixes: c26844eda9d4 ("netfilter: nf_tables: Fix nft limit burst handling")
+Fixes: 3e0f64b7dd31 ("netfilter: nft_limit: fix packet ratelimiting")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Diagnosed-by: Luigi Rizzo <lrizzo@google.com>
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nft_limit.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/netfilter/nft_limit.c
++++ b/net/netfilter/nft_limit.c
+@@ -79,13 +79,13 @@ static int nft_limit_init(struct nft_lim
+ return -EOVERFLOW;
+
+ if (pkts) {
+- tokens = div_u64(limit->nsecs, limit->rate) * limit->burst;
++ tokens = div64_u64(limit->nsecs, limit->rate) * limit->burst;
+ } else {
+ /* The token bucket size limits the number of tokens can be
+ * accumulated. tokens_max specifies the bucket size.
+ * tokens_max = unit * (rate + burst) / rate.
+ */
+- tokens = div_u64(limit->nsecs * (limit->rate + limit->burst),
++ tokens = div64_u64(limit->nsecs * (limit->rate + limit->burst),
+ limit->rate);
+ }
+
--- /dev/null
+From 176ddd89171ddcf661862d90c5d257877f7326d6 Mon Sep 17 00:00:00 2001
+From: Jolly Shah <jollys@google.com>
+Date: Thu, 18 Mar 2021 15:56:32 -0700
+Subject: scsi: libsas: Reset num_scatter if libata marks qc as NODATA
+
+From: Jolly Shah <jollys@google.com>
+
+commit 176ddd89171ddcf661862d90c5d257877f7326d6 upstream.
+
+When the cache_type for the SCSI device is changed, the SCSI layer issues a
+MODE_SELECT command. The caching mode details are communicated via a
+request buffer associated with the SCSI command with data direction set as
+DMA_TO_DEVICE (scsi_mode_select()). When this command reaches the libata
+layer, as a part of generic initial setup, libata layer sets up the
+scatterlist for the command using the SCSI command (ata_scsi_qc_new()).
+This command is then translated by the libata layer into
+ATA_CMD_SET_FEATURES (ata_scsi_mode_select_xlat()). The libata layer treats
+this as a non-data command (ata_mselect_caching()), since it only needs an
+ATA taskfile to pass the caching on/off information to the device. It does
+not need the scatterlist that has been setup, so it does not perform
+dma_map_sg() on the scatterlist (ata_qc_issue()). Unfortunately, when this
+command reaches the libsas layer (sas_ata_qc_issue()), libsas layer sees it
+as a non-data command with a scatterlist. It cannot extract the correct DMA
+length since the scatterlist has not been mapped with dma_map_sg() for a
+DMA operation. When this partially constructed SAS task reaches pm80xx
+LLDD, it results in the following warning:
+
+"pm80xx_chip_sata_req 6058: The sg list address
+start_addr=0x0000000000000000 data_len=0x0end_addr_high=0xffffffff
+end_addr_low=0xffffffff has crossed 4G boundary"
+
+Update libsas to handle ATA non-data commands separately so num_scatter and
+total_xfer_len remain 0.
+
+Link: https://lore.kernel.org/r/20210318225632.2481291-1-jollys@google.com
+Fixes: 53de092f47ff ("scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA")
+Tested-by: Luo Jiaxing <luojiaxing@huawei.com>
+Reviewed-by: John Garry <john.garry@huawei.com>
+Signed-off-by: Jolly Shah <jollys@google.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/libsas/sas_ata.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+--- a/drivers/scsi/libsas/sas_ata.c
++++ b/drivers/scsi/libsas/sas_ata.c
+@@ -215,18 +215,17 @@ static unsigned int sas_ata_qc_issue(str
+ memcpy(task->ata_task.atapi_packet, qc->cdb, qc->dev->cdb_len);
+ task->total_xfer_len = qc->nbytes;
+ task->num_scatter = qc->n_elem;
++ task->data_dir = qc->dma_dir;
++ } else if (qc->tf.protocol == ATA_PROT_NODATA) {
++ task->data_dir = DMA_NONE;
+ } else {
+ for_each_sg(qc->sg, sg, qc->n_elem, si)
+ xfer += sg_dma_len(sg);
+
+ task->total_xfer_len = xfer;
+ task->num_scatter = si;
+- }
+-
+- if (qc->tf.protocol == ATA_PROT_NODATA)
+- task->data_dir = DMA_NONE;
+- else
+ task->data_dir = qc->dma_dir;
++ }
+ task->scatter = qc->sg;
+ task->ata_task.retry_count = 1;
+ task->task_state_flags = SAS_TASK_STATE_PENDING;
readdir-make-sure-to-verify-directory-entry-for-legacy-interfaces-too.patch
arm64-fix-inline-asm-in-load_unaligned_zeropad.patch
arm64-alternatives-move-length-validation-in-alternative_-insn-endif.patch
+scsi-libsas-reset-num_scatter-if-libata-marks-qc-as-nodata.patch
+netfilter-conntrack-do-not-print-icmpv6-as-unknown-via-proc.patch
+netfilter-nft_limit-avoid-possible-divide-error-in-nft_limit_init.patch
+net-davicom-fix-regulator-not-turned-off-on-failed-probe.patch
+net-sit-unregister-catch-all-devices.patch
+net-ip6_tunnel-unregister-catch-all-devices.patch
+i40e-fix-the-panic-when-running-bpf-in-xdpdrv-mode.patch
+ibmvnic-avoid-calling-napi_disable-twice.patch
+ibmvnic-remove-duplicate-napi_schedule-call-in-do_reset-function.patch
+ibmvnic-remove-duplicate-napi_schedule-call-in-open-function.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
