From: Sasha Levin Date: Sun, 30 Jan 2022 03:40:54 +0000 (-0500) Subject: Fixes for 4.4 X-Git-Tag: v5.4.176~65 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0951289d3b318ee75766de6a8bb5634402ace107;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.4 Signed-off-by: Sasha Levin --- diff --git a/queue-4.4/drm-msm-fix-wrong-size-calculation.patch-1666 b/queue-4.4/drm-msm-fix-wrong-size-calculation.patch-1666 new file mode 100644 index 00000000000..9ca534b70ad --- /dev/null +++ b/queue-4.4/drm-msm-fix-wrong-size-calculation.patch-1666 @@ -0,0 +1,46 @@ +From 9d37b833dcffcf9e0c453d538e92bb9aae9b252c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 12 Jan 2022 20:33:34 +0800 +Subject: drm/msm: Fix wrong size calculation + +From: Xianting Tian + +[ Upstream commit 0a727b459ee39bd4c5ced19d6024258ac87b6b2e ] + +For example, memory-region in .dts as below, + reg = <0x0 0x50000000 0x0 0x20000000> + +We can get below values, +struct resource r; +r.start = 0x50000000; +r.end = 0x6fffffff; + +So the size should be: +size = r.end - r.start + 1 = 0x20000000 + +Signed-off-by: Xianting Tian +Fixes: 072f1f9168ed ("drm/msm: add support for "stolen" mem") +Reviewed-by: Dmitry Baryshkov +Link: https://lore.kernel.org/r/20220112123334.749776-1-xianting.tian@linux.alibaba.com +Signed-off-by: Dmitry Baryshkov +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/msm/msm_drv.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c +index 24d45fc7716c5..c9853626cec4e 100644 +--- a/drivers/gpu/drm/msm/msm_drv.c ++++ b/drivers/gpu/drm/msm/msm_drv.c +@@ -286,7 +286,7 @@ static int msm_init_vram(struct drm_device *dev) + ret = of_address_to_resource(node, 0, &r); + if (ret) + return ret; +- size = r.end - r.start; ++ size = r.end - r.start + 1; + DRM_INFO("using VRAM carveout: %lx@%pa\n", size, &r.start); + } else + #endif +-- +2.34.1 + diff --git a/queue-4.4/hwmon-lm90-reduce-maximum-conversion-rate-for-g781.patch-6020 b/queue-4.4/hwmon-lm90-reduce-maximum-conversion-rate-for-g781.patch-6020 new file mode 100644 index 00000000000..671539f533a --- /dev/null +++ b/queue-4.4/hwmon-lm90-reduce-maximum-conversion-rate-for-g781.patch-6020 @@ -0,0 +1,44 @@ +From e8b3923cc8e58f12497c89a9045624f6e79d2fa8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 6 Jan 2022 11:48:52 -0800 +Subject: hwmon: (lm90) Reduce maximum conversion rate for G781 + +From: Guenter Roeck + +[ Upstream commit a66c5ed539277b9f2363bbace0dba88b85b36c26 ] + +According to its datasheet, G781 supports a maximum conversion rate value +of 8 (62.5 ms). However, chips labeled G781 and G780 were found to only +support a maximum conversion rate value of 7 (125 ms). On the other side, +chips labeled G781-1 and G784 were found to support a conversion rate value +of 8. There is no known means to distinguish G780 from G781 or G784; all +chips report the same manufacturer ID and chip revision. +Setting the conversion rate register value to 8 on chips not supporting +it causes unexpected behavior since the real conversion rate is set to 0 +(16 seconds) if a value of 8 is written into the conversion rate register. +Limit the conversion rate register value to 7 for all G78x chips to avoid +the problem. + +Fixes: ae544f64cc7b ("hwmon: (lm90) Add support for GMT G781") +Signed-off-by: Guenter Roeck +Signed-off-by: Sasha Levin +--- + drivers/hwmon/lm90.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/hwmon/lm90.c b/drivers/hwmon/lm90.c +index 420f341272621..6f6f173aca6f2 100644 +--- a/drivers/hwmon/lm90.c ++++ b/drivers/hwmon/lm90.c +@@ -265,7 +265,7 @@ static const struct lm90_params lm90_params[] = { + .flags = LM90_HAVE_OFFSET | LM90_HAVE_REM_LIMIT_EXT + | LM90_HAVE_BROKEN_ALERT, + .alert_alarms = 0x7c, +- .max_convrate = 8, ++ .max_convrate = 7, + }, + [lm86] = { + .flags = LM90_HAVE_OFFSET | LM90_HAVE_REM_LIMIT_EXT, +-- +2.34.1 + diff --git a/queue-4.4/ipv4-avoid-using-shared-ip-generator-for-connected-s.patch-13177 b/queue-4.4/ipv4-avoid-using-shared-ip-generator-for-connected-s.patch-13177 new file mode 100644 index 00000000000..d1f6c328107 --- /dev/null +++ b/queue-4.4/ipv4-avoid-using-shared-ip-generator-for-connected-s.patch-13177 @@ -0,0 +1,70 @@ +From d4cda4d1589bcd689125b537da4339eb953e3d17 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 26 Jan 2022 17:10:22 -0800 +Subject: ipv4: avoid using shared IP generator for connected sockets + +From: Eric Dumazet + +[ Upstream commit 23f57406b82de51809d5812afd96f210f8b627f3 ] + +ip_select_ident_segs() has been very conservative about using +the connected socket private generator only for packets with IP_DF +set, claiming it was needed for some VJ compression implementations. + +As mentioned in this referenced document, this can be abused. +(Ref: Off-Path TCP Exploits of the Mixed IPID Assignment) + +Before switching to pure random IPID generation and possibly hurt +some workloads, lets use the private inet socket generator. + +Not only this will remove one vulnerability, this will also +improve performance of TCP flows using pmtudisc==IP_PMTUDISC_DONT + +Fixes: 73f156a6e8c1 ("inetpeer: get rid of ip_id_count") +Signed-off-by: Eric Dumazet +Reviewed-by: David Ahern +Reported-by: Ray Che +Cc: Willy Tarreau +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + include/net/ip.h | 21 ++++++++++----------- + 1 file changed, 10 insertions(+), 11 deletions(-) + +diff --git a/include/net/ip.h b/include/net/ip.h +index 5c9de851a9191..869fd7a136121 100644 +--- a/include/net/ip.h ++++ b/include/net/ip.h +@@ -353,19 +353,18 @@ static inline void ip_select_ident_segs(struct net *net, struct sk_buff *skb, + { + struct iphdr *iph = ip_hdr(skb); + ++ /* We had many attacks based on IPID, use the private ++ * generator as much as we can. ++ */ ++ if (sk && inet_sk(sk)->inet_daddr) { ++ iph->id = htons(inet_sk(sk)->inet_id); ++ inet_sk(sk)->inet_id += segs; ++ return; ++ } + if ((iph->frag_off & htons(IP_DF)) && !skb->ignore_df) { +- /* This is only to work around buggy Windows95/2000 +- * VJ compression implementations. If the ID field +- * does not change, they drop every other packet in +- * a TCP stream using header compression. +- */ +- if (sk && inet_sk(sk)->inet_daddr) { +- iph->id = htons(inet_sk(sk)->inet_id); +- inet_sk(sk)->inet_id += segs; +- } else { +- iph->id = 0; +- } ++ iph->id = 0; + } else { ++ /* Unfortunately we need the big hammer to get a suitable IPID */ + __ip_select_ident(net, iph, segs); + } + } +-- +2.34.1 + diff --git a/queue-4.4/ipv4-raw-lock-the-socket-in-raw_bind.patch-29646 b/queue-4.4/ipv4-raw-lock-the-socket-in-raw_bind.patch-29646 new file mode 100644 index 00000000000..9ad72bb7faf --- /dev/null +++ b/queue-4.4/ipv4-raw-lock-the-socket-in-raw_bind.patch-29646 @@ -0,0 +1,78 @@ +From 8a594c6a04839bb68af2e96b24afb2856f2ecee4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 26 Jan 2022 16:51:16 -0800 +Subject: ipv4: raw: lock the socket in raw_bind() + +From: Eric Dumazet + +[ Upstream commit 153a0d187e767c68733b8e9f46218eb1f41ab902 ] + +For some reason, raw_bind() forgot to lock the socket. + +BUG: KCSAN: data-race in __ip4_datagram_connect / raw_bind + +write to 0xffff8881170d4308 of 4 bytes by task 5466 on cpu 0: + raw_bind+0x1b0/0x250 net/ipv4/raw.c:739 + inet_bind+0x56/0xa0 net/ipv4/af_inet.c:443 + __sys_bind+0x14b/0x1b0 net/socket.c:1697 + __do_sys_bind net/socket.c:1708 [inline] + __se_sys_bind net/socket.c:1706 [inline] + __x64_sys_bind+0x3d/0x50 net/socket.c:1706 + do_syscall_x64 arch/x86/entry/common.c:50 [inline] + do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 + entry_SYSCALL_64_after_hwframe+0x44/0xae + +read to 0xffff8881170d4308 of 4 bytes by task 5468 on cpu 1: + __ip4_datagram_connect+0xb7/0x7b0 net/ipv4/datagram.c:39 + ip4_datagram_connect+0x2a/0x40 net/ipv4/datagram.c:89 + inet_dgram_connect+0x107/0x190 net/ipv4/af_inet.c:576 + __sys_connect_file net/socket.c:1900 [inline] + __sys_connect+0x197/0x1b0 net/socket.c:1917 + __do_sys_connect net/socket.c:1927 [inline] + __se_sys_connect net/socket.c:1924 [inline] + __x64_sys_connect+0x3d/0x50 net/socket.c:1924 + do_syscall_x64 arch/x86/entry/common.c:50 [inline] + do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 + entry_SYSCALL_64_after_hwframe+0x44/0xae + +value changed: 0x00000000 -> 0x0003007f + +Reported by Kernel Concurrency Sanitizer on: +CPU: 1 PID: 5468 Comm: syz-executor.5 Not tainted 5.17.0-rc1-syzkaller #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Eric Dumazet +Reported-by: syzbot +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/ipv4/raw.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c +index 24ce13a796654..65dbe1784d021 100644 +--- a/net/ipv4/raw.c ++++ b/net/ipv4/raw.c +@@ -709,6 +709,7 @@ static int raw_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) + int ret = -EINVAL; + int chk_addr_ret; + ++ lock_sock(sk); + if (sk->sk_state != TCP_CLOSE || addr_len < sizeof(struct sockaddr_in)) + goto out; + chk_addr_ret = inet_addr_type(sock_net(sk), addr->sin_addr.s_addr); +@@ -721,7 +722,9 @@ static int raw_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) + inet->inet_saddr = 0; /* Use device */ + sk_dst_reset(sk); + ret = 0; +-out: return ret; ++out: ++ release_sock(sk); ++ return ret; + } + + /* +-- +2.34.1 + diff --git a/queue-4.4/ipv4-tcp-send-zero-ipid-in-synack-messages.patch-32233 b/queue-4.4/ipv4-tcp-send-zero-ipid-in-synack-messages.patch-32233 new file mode 100644 index 00000000000..4ee4de4e1e5 --- /dev/null +++ b/queue-4.4/ipv4-tcp-send-zero-ipid-in-synack-messages.patch-32233 @@ -0,0 +1,77 @@ +From b93289fbfe878c5303853ac166986b175d3e5b30 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 26 Jan 2022 17:10:21 -0800 +Subject: ipv4: tcp: send zero IPID in SYNACK messages + +From: Eric Dumazet + +[ Upstream commit 970a5a3ea86da637471d3cd04d513a0755aba4bf ] + +In commit 431280eebed9 ("ipv4: tcp: send zero IPID for RST and +ACK sent in SYN-RECV and TIME-WAIT state") we took care of some +ctl packets sent by TCP. + +It turns out we need to use a similar strategy for SYNACK packets. + +By default, they carry IP_DF and IPID==0, but there are ways +to ask them to use the hashed IP ident generator and thus +be used to build off-path attacks. +(Ref: Off-Path TCP Exploits of the Mixed IPID Assignment) + +One of this way is to force (before listener is started) +echo 1 >/proc/sys/net/ipv4/ip_no_pmtu_disc + +Another way is using forged ICMP ICMP_FRAG_NEEDED +with a very small MTU (like 68) to force a false return from +ip_dont_fragment() + +In this patch, ip_build_and_send_pkt() uses the following +heuristics. + +1) Most SYNACK packets are smaller than IPV4_MIN_MTU and therefore +can use IP_DF regardless of the listener or route pmtu setting. + +2) In case the SYNACK packet is bigger than IPV4_MIN_MTU, +we use prandom_u32() generator instead of the IPv4 hashed ident one. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Eric Dumazet +Reported-by: Ray Che +Reviewed-by: David Ahern +Cc: Geoff Alexander +Cc: Willy Tarreau +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/ipv4/ip_output.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c +index 477540b3d3207..efd4410a73587 100644 +--- a/net/ipv4/ip_output.c ++++ b/net/ipv4/ip_output.c +@@ -155,12 +155,19 @@ int ip_build_and_send_pkt(struct sk_buff *skb, const struct sock *sk, + iph->daddr = (opt && opt->opt.srr ? opt->opt.faddr : daddr); + iph->saddr = saddr; + iph->protocol = sk->sk_protocol; +- if (ip_dont_fragment(sk, &rt->dst)) { ++ /* Do not bother generating IPID for small packets (eg SYNACK) */ ++ if (skb->len <= IPV4_MIN_MTU || ip_dont_fragment(sk, &rt->dst)) { + iph->frag_off = htons(IP_DF); + iph->id = 0; + } else { + iph->frag_off = 0; +- __ip_select_ident(net, iph, 1); ++ /* TCP packets here are SYNACK with fat IPv4/TCP options. ++ * Avoid using the hashed IP ident generator. ++ */ ++ if (sk->sk_protocol == IPPROTO_TCP) ++ iph->id = (__force __be16)prandom_u32(); ++ else ++ __ip_select_ident(net, iph, 1); + } + + if (opt && opt->opt.optlen) { +-- +2.34.1 + diff --git a/queue-4.4/net-fix-information-leakage-in-proc-net-ptype.patch-31634 b/queue-4.4/net-fix-information-leakage-in-proc-net-ptype.patch-31634 new file mode 100644 index 00000000000..06910a5c8fa --- /dev/null +++ b/queue-4.4/net-fix-information-leakage-in-proc-net-ptype.patch-31634 @@ -0,0 +1,78 @@ +From 44d88201fc8115ff58a1a0158300e8784f23945f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 18 Jan 2022 14:20:13 -0500 +Subject: net: fix information leakage in /proc/net/ptype + +From: Congyu Liu + +[ Upstream commit 47934e06b65637c88a762d9c98329ae6e3238888 ] + +In one net namespace, after creating a packet socket without binding +it to a device, users in other net namespaces can observe the new +`packet_type` added by this packet socket by reading `/proc/net/ptype` +file. This is minor information leakage as packet socket is +namespace aware. + +Add a net pointer in `packet_type` to keep the net namespace of +of corresponding packet socket. In `ptype_seq_show`, this net pointer +must be checked when it is not NULL. + +Fixes: 2feb27dbe00c ("[NETNS]: Minor information leak via /proc/net/ptype file.") +Signed-off-by: Congyu Liu +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + include/linux/netdevice.h | 1 + + net/core/net-procfs.c | 3 ++- + net/packet/af_packet.c | 2 ++ + 3 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h +index 401a404b64b93..78864ffaf0d71 100644 +--- a/include/linux/netdevice.h ++++ b/include/linux/netdevice.h +@@ -2055,6 +2055,7 @@ struct packet_type { + struct net_device *); + bool (*id_match)(struct packet_type *ptype, + struct sock *sk); ++ struct net *af_packet_net; + void *af_packet_priv; + struct list_head list; + }; +diff --git a/net/core/net-procfs.c b/net/core/net-procfs.c +index 2bf83299600a4..f284d7c5b34b7 100644 +--- a/net/core/net-procfs.c ++++ b/net/core/net-procfs.c +@@ -277,7 +277,8 @@ static int ptype_seq_show(struct seq_file *seq, void *v) + + if (v == SEQ_START_TOKEN) + seq_puts(seq, "Type Device Function\n"); +- else if (pt->dev == NULL || dev_net(pt->dev) == seq_file_net(seq)) { ++ else if ((!pt->af_packet_net || net_eq(pt->af_packet_net, seq_file_net(seq))) && ++ (!pt->dev || net_eq(dev_net(pt->dev), seq_file_net(seq)))) { + if (pt->type == htons(ETH_P_ALL)) + seq_puts(seq, "ALL "); + else +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index eac6f7eea7b51..9208bc1793028 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -1709,6 +1709,7 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags) + match->prot_hook.dev = po->prot_hook.dev; + match->prot_hook.func = packet_rcv_fanout; + match->prot_hook.af_packet_priv = match; ++ match->prot_hook.af_packet_net = read_pnet(&match->net); + match->prot_hook.id_match = match_fanout_group; + list_add(&match->list, &fanout_list); + } +@@ -3167,6 +3168,7 @@ static int packet_create(struct net *net, struct socket *sock, int protocol, + po->prot_hook.func = packet_rcv_spkt; + + po->prot_hook.af_packet_priv = sk; ++ po->prot_hook.af_packet_net = sock_net(sk); + + if (proto) { + po->prot_hook.type = proto; +-- +2.34.1 + diff --git a/queue-4.4/scsi-bnx2fc-flush-destroy_work-queue-before-calling-.patch-25453 b/queue-4.4/scsi-bnx2fc-flush-destroy_work-queue-before-calling-.patch-25453 new file mode 100644 index 00000000000..0c88963ade0 --- /dev/null +++ b/queue-4.4/scsi-bnx2fc-flush-destroy_work-queue-before-calling-.patch-25453 @@ -0,0 +1,152 @@ +From 6bb7d5329114562c0ac03e46bf69b1a82e85d14d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 14 Jan 2022 23:00:44 -0500 +Subject: scsi: bnx2fc: Flush destroy_work queue before calling + bnx2fc_interface_put() + +From: John Meneghini + +[ Upstream commit 847f9ea4c5186fdb7b84297e3eeed9e340e83fce ] + +The bnx2fc_destroy() functions are removing the interface before calling +destroy_work. This results multiple WARNings from sysfs_remove_group() as +the controller rport device attributes are removed too early. + +Replace the fcoe_port's destroy_work queue. It's not needed. + +The problem is easily reproducible with the following steps. + +Example: + + $ dmesg -w & + $ systemctl enable --now fcoe + $ fipvlan -s -c ens2f1 + $ fcoeadm -d ens2f1.802 + [ 583.464488] host2: libfc: Link down on port (7500a1) + [ 583.472651] bnx2fc: 7500a1 - rport not created Yet!! + [ 583.490468] ------------[ cut here ]------------ + [ 583.538725] sysfs group 'power' not found for kobject 'rport-2:0-0' + [ 583.568814] WARNING: CPU: 3 PID: 192 at fs/sysfs/group.c:279 sysfs_remove_group+0x6f/0x80 + [ 583.607130] Modules linked in: dm_service_time 8021q garp mrp stp llc bnx2fc cnic uio rpcsec_gss_krb5 auth_rpcgss nfsv4 ... + [ 583.942994] CPU: 3 PID: 192 Comm: kworker/3:2 Kdump: loaded Not tainted 5.14.0-39.el9.x86_64 #1 + [ 583.984105] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013 + [ 584.016535] Workqueue: fc_wq_2 fc_rport_final_delete [scsi_transport_fc] + [ 584.050691] RIP: 0010:sysfs_remove_group+0x6f/0x80 + [ 584.074725] Code: ff 5b 48 89 ef 5d 41 5c e9 ee c0 ff ff 48 89 ef e8 f6 b8 ff ff eb d1 49 8b 14 24 48 8b 33 48 c7 c7 ... + [ 584.162586] RSP: 0018:ffffb567c15afdc0 EFLAGS: 00010282 + [ 584.188225] RAX: 0000000000000000 RBX: ffffffff8eec4220 RCX: 0000000000000000 + [ 584.221053] RDX: ffff8c1586ce84c0 RSI: ffff8c1586cd7cc0 RDI: ffff8c1586cd7cc0 + [ 584.255089] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb567c15afc00 + [ 584.287954] R10: ffffb567c15afbf8 R11: ffffffff8fbe7f28 R12: ffff8c1486326400 + [ 584.322356] R13: ffff8c1486326480 R14: ffff8c1483a4a000 R15: 0000000000000004 + [ 584.355379] FS: 0000000000000000(0000) GS:ffff8c1586cc0000(0000) knlGS:0000000000000000 + [ 584.394419] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + [ 584.421123] CR2: 00007fe95a6f7840 CR3: 0000000107674002 CR4: 00000000000606e0 + [ 584.454888] Call Trace: + [ 584.466108] device_del+0xb2/0x3e0 + [ 584.481701] device_unregister+0x13/0x60 + [ 584.501306] bsg_unregister_queue+0x5b/0x80 + [ 584.522029] bsg_remove_queue+0x1c/0x40 + [ 584.541884] fc_rport_final_delete+0xf3/0x1d0 [scsi_transport_fc] + [ 584.573823] process_one_work+0x1e3/0x3b0 + [ 584.592396] worker_thread+0x50/0x3b0 + [ 584.609256] ? rescuer_thread+0x370/0x370 + [ 584.628877] kthread+0x149/0x170 + [ 584.643673] ? set_kthread_struct+0x40/0x40 + [ 584.662909] ret_from_fork+0x22/0x30 + [ 584.680002] ---[ end trace 53575ecefa942ece ]--- + +Link: https://lore.kernel.org/r/20220115040044.1013475-1-jmeneghi@redhat.com +Fixes: 0cbf32e1681d ("[SCSI] bnx2fc: Avoid calling bnx2fc_if_destroy with unnecessary locks") +Tested-by: Guangwu Zhang +Co-developed-by: Maurizio Lombardi +Signed-off-by: Maurizio Lombardi +Signed-off-by: John Meneghini +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 20 +++++--------------- + 1 file changed, 5 insertions(+), 15 deletions(-) + +diff --git a/drivers/scsi/bnx2fc/bnx2fc_fcoe.c b/drivers/scsi/bnx2fc/bnx2fc_fcoe.c +index 573aeec7a02b6..66f7f89aa0ee4 100644 +--- a/drivers/scsi/bnx2fc/bnx2fc_fcoe.c ++++ b/drivers/scsi/bnx2fc/bnx2fc_fcoe.c +@@ -79,7 +79,7 @@ static int bnx2fc_bind_pcidev(struct bnx2fc_hba *hba); + static void bnx2fc_unbind_pcidev(struct bnx2fc_hba *hba); + static struct fc_lport *bnx2fc_if_create(struct bnx2fc_interface *interface, + struct device *parent, int npiv); +-static void bnx2fc_destroy_work(struct work_struct *work); ++static void bnx2fc_port_destroy(struct fcoe_port *port); + + static struct bnx2fc_hba *bnx2fc_hba_lookup(struct net_device *phys_dev); + static struct bnx2fc_interface *bnx2fc_interface_lookup(struct net_device +@@ -855,9 +855,6 @@ static void bnx2fc_indicate_netevent(void *context, unsigned long event, + __bnx2fc_destroy(interface); + } + mutex_unlock(&bnx2fc_dev_lock); +- +- /* Ensure ALL destroy work has been completed before return */ +- flush_workqueue(bnx2fc_wq); + return; + + default: +@@ -1148,8 +1145,8 @@ static int bnx2fc_vport_destroy(struct fc_vport *vport) + mutex_unlock(&n_port->lp_mutex); + bnx2fc_free_vport(interface->hba, port->lport); + bnx2fc_port_shutdown(port->lport); ++ bnx2fc_port_destroy(port); + bnx2fc_interface_put(interface); +- queue_work(bnx2fc_wq, &port->destroy_work); + return 0; + } + +@@ -1457,7 +1454,6 @@ static struct fc_lport *bnx2fc_if_create(struct bnx2fc_interface *interface, + port->lport = lport; + port->priv = interface; + port->get_netdev = bnx2fc_netdev; +- INIT_WORK(&port->destroy_work, bnx2fc_destroy_work); + + /* Configure fcoe_port */ + rc = bnx2fc_lport_config(lport); +@@ -1582,8 +1578,8 @@ static void __bnx2fc_destroy(struct bnx2fc_interface *interface) + bnx2fc_interface_cleanup(interface); + bnx2fc_stop(interface); + list_del(&interface->list); ++ bnx2fc_port_destroy(port); + bnx2fc_interface_put(interface); +- queue_work(bnx2fc_wq, &port->destroy_work); + } + + /** +@@ -1624,15 +1620,12 @@ netdev_err: + return rc; + } + +-static void bnx2fc_destroy_work(struct work_struct *work) ++static void bnx2fc_port_destroy(struct fcoe_port *port) + { +- struct fcoe_port *port; + struct fc_lport *lport; + +- port = container_of(work, struct fcoe_port, destroy_work); + lport = port->lport; +- +- BNX2FC_HBA_DBG(lport, "Entered bnx2fc_destroy_work\n"); ++ BNX2FC_HBA_DBG(lport, "Entered %s, destroying lport %p\n", __func__, lport); + + bnx2fc_if_destroy(lport); + } +@@ -2469,9 +2462,6 @@ static void bnx2fc_ulp_exit(struct cnic_dev *dev) + __bnx2fc_destroy(interface); + mutex_unlock(&bnx2fc_dev_lock); + +- /* Ensure ALL destroy work has been completed before return */ +- flush_workqueue(bnx2fc_wq); +- + bnx2fc_ulp_stop(hba); + /* unregister cnic device */ + if (test_and_clear_bit(BNX2FC_CNIC_REGISTERED, &hba->reg_with_cnic)) +-- +2.34.1 + diff --git a/queue-4.4/series b/queue-4.4/series index 7f0d036fcf6..0dda6fddd11 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -10,3 +10,18 @@ tty-n_gsm-fix-sw-flow-control-encoding-handling.patch tty-add-support-for-brainboxes-uc-cards.patch usb-storage-add-unusual-devs-entry-for-vl817-usb-sata-bridge.patch usb-core-fix-hang-in-usb_kill_urb-by-adding-memory-barriers.patch +net-fix-information-leakage-in-proc-net-ptype.patch +hwmon-lm90-reduce-maximum-conversion-rate-for-g781.patch +ping-fix-the-sk_bound_dev_if-match-in-ping_lookup.patch +drm-msm-fix-wrong-size-calculation.patch +scsi-bnx2fc-flush-destroy_work-queue-before-calling-.patch +ipv4-raw-lock-the-socket-in-raw_bind.patch +ipv4-tcp-send-zero-ipid-in-synack-messages.patch +ipv4-avoid-using-shared-ip-generator-for-connected-s.patch +net-fix-information-leakage-in-proc-net-ptype.patch-31634 +hwmon-lm90-reduce-maximum-conversion-rate-for-g781.patch-6020 +drm-msm-fix-wrong-size-calculation.patch-1666 +scsi-bnx2fc-flush-destroy_work-queue-before-calling-.patch-25453 +ipv4-raw-lock-the-socket-in-raw_bind.patch-29646 +ipv4-tcp-send-zero-ipid-in-synack-messages.patch-32233 +ipv4-avoid-using-shared-ip-generator-for-connected-s.patch-13177