From: Greg Kroah-Hartman Date: Fri, 1 Apr 2022 15:36:24 +0000 (+0200) Subject: 5.4-stable patches X-Git-Tag: v4.14.275~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=425295ff07a13b16d6b7f94574f85b4b097244a8;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: qed-display-vf-trust-config.patch qed-validate-and-restrict-untrusted-vfs-vlan-promisc-mode.patch scsi-libsas-fix-sas_ata_qc_issue-handling-of-ncq-non-data-commands.patch --- diff --git a/queue-5.4/qed-display-vf-trust-config.patch b/queue-5.4/qed-display-vf-trust-config.patch new file mode 100644 index 00000000000..ad556390b15 --- /dev/null +++ b/queue-5.4/qed-display-vf-trust-config.patch @@ -0,0 +1,32 @@ +From 4e6e6bec7440b9b76f312f28b1f4e944eebb3abc Mon Sep 17 00:00:00 2001 +From: Manish Chopra +Date: Wed, 2 Mar 2022 02:52:21 -0800 +Subject: qed: display VF trust config + +From: Manish Chopra + +commit 4e6e6bec7440b9b76f312f28b1f4e944eebb3abc upstream. + +Driver does support SR-IOV VFs trust configuration but +it does not display it when queried via ip link utility. + +Cc: stable@vger.kernel.org +Fixes: f990c82c385b ("qed*: Add support for ndo_set_vf_trust") +Signed-off-by: Manish Chopra +Signed-off-by: Ariel Elior +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/qlogic/qed/qed_sriov.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/ethernet/qlogic/qed/qed_sriov.c ++++ b/drivers/net/ethernet/qlogic/qed/qed_sriov.c +@@ -4717,6 +4717,7 @@ static int qed_get_vf_config(struct qed_ + tx_rate = vf_info->tx_rate; + ivi->max_tx_rate = tx_rate ? tx_rate : link.speed; + ivi->min_tx_rate = qed_iov_get_vf_min_rate(hwfn, vf_id); ++ ivi->trusted = vf_info->is_trusted_request; + + return 0; + } diff --git a/queue-5.4/qed-validate-and-restrict-untrusted-vfs-vlan-promisc-mode.patch b/queue-5.4/qed-validate-and-restrict-untrusted-vfs-vlan-promisc-mode.patch new file mode 100644 index 00000000000..455d8536ad3 --- /dev/null +++ b/queue-5.4/qed-validate-and-restrict-untrusted-vfs-vlan-promisc-mode.patch @@ -0,0 +1,108 @@ +From cbcc44db2cf7b836896733acc0e5ea966136ed22 Mon Sep 17 00:00:00 2001 +From: Manish Chopra +Date: Wed, 2 Mar 2022 02:52:22 -0800 +Subject: qed: validate and restrict untrusted VFs vlan promisc mode + +From: Manish Chopra + +commit cbcc44db2cf7b836896733acc0e5ea966136ed22 upstream. + +Today when VFs are put in promiscuous mode, they can request PF +to configure device for them to receive all VLANs traffic regardless +of what vlan is configured by the PF (via ip link) and PF allows this +config request regardless of whether VF is trusted or not. + +From security POV, when VLAN is configured for VF through PF (via ip link), +honour such config requests from VF only when they are configured to be +trusted, otherwise restrict such VFs vlan promisc mode config. + +Cc: stable@vger.kernel.org +Fixes: f990c82c385b ("qed*: Add support for ndo_set_vf_trust") +Signed-off-by: Manish Chopra +Signed-off-by: Ariel Elior +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/qlogic/qed/qed_sriov.c | 28 ++++++++++++++++++++++++++-- + drivers/net/ethernet/qlogic/qed/qed_sriov.h | 1 + + 2 files changed, 27 insertions(+), 2 deletions(-) + +--- a/drivers/net/ethernet/qlogic/qed/qed_sriov.c ++++ b/drivers/net/ethernet/qlogic/qed/qed_sriov.c +@@ -3003,12 +3003,16 @@ static int qed_iov_pre_update_vport(stru + u8 mask = QED_ACCEPT_UCAST_UNMATCHED | QED_ACCEPT_MCAST_UNMATCHED; + struct qed_filter_accept_flags *flags = ¶ms->accept_flags; + struct qed_public_vf_info *vf_info; ++ u16 tlv_mask; ++ ++ tlv_mask = BIT(QED_IOV_VP_UPDATE_ACCEPT_PARAM) | ++ BIT(QED_IOV_VP_UPDATE_ACCEPT_ANY_VLAN); + + /* Untrusted VFs can't even be trusted to know that fact. + * Simply indicate everything is configured fine, and trace + * configuration 'behind their back'. + */ +- if (!(*tlvs & BIT(QED_IOV_VP_UPDATE_ACCEPT_PARAM))) ++ if (!(*tlvs & tlv_mask)) + return 0; + + vf_info = qed_iov_get_public_vf_info(hwfn, vfid, true); +@@ -3025,6 +3029,13 @@ static int qed_iov_pre_update_vport(stru + flags->tx_accept_filter &= ~mask; + } + ++ if (params->update_accept_any_vlan_flg) { ++ vf_info->accept_any_vlan = params->accept_any_vlan; ++ ++ if (vf_info->forced_vlan && !vf_info->is_trusted_configured) ++ params->accept_any_vlan = false; ++ } ++ + return 0; + } + +@@ -5148,6 +5159,12 @@ static void qed_iov_handle_trust_change( + + params.update_ctl_frame_check = 1; + params.mac_chk_en = !vf_info->is_trusted_configured; ++ params.update_accept_any_vlan_flg = 0; ++ ++ if (vf_info->accept_any_vlan && vf_info->forced_vlan) { ++ params.update_accept_any_vlan_flg = 1; ++ params.accept_any_vlan = vf_info->accept_any_vlan; ++ } + + if (vf_info->rx_accept_mode & mask) { + flags->update_rx_mode_config = 1; +@@ -5163,13 +5180,20 @@ static void qed_iov_handle_trust_change( + if (!vf_info->is_trusted_configured) { + flags->rx_accept_filter &= ~mask; + flags->tx_accept_filter &= ~mask; ++ params.accept_any_vlan = false; + } + + if (flags->update_rx_mode_config || + flags->update_tx_mode_config || +- params.update_ctl_frame_check) ++ params.update_ctl_frame_check || ++ params.update_accept_any_vlan_flg) { ++ DP_VERBOSE(hwfn, QED_MSG_IOV, ++ "vport update config for %s VF[abs 0x%x rel 0x%x]\n", ++ vf_info->is_trusted_configured ? "trusted" : "untrusted", ++ vf->abs_vf_id, vf->relative_vf_id); + qed_sp_vport_update(hwfn, ¶ms, + QED_SPQ_MODE_EBLOCK, NULL); ++ } + } + } + +--- a/drivers/net/ethernet/qlogic/qed/qed_sriov.h ++++ b/drivers/net/ethernet/qlogic/qed/qed_sriov.h +@@ -88,6 +88,7 @@ struct qed_public_vf_info { + bool is_trusted_request; + u8 rx_accept_mode; + u8 tx_accept_mode; ++ bool accept_any_vlan; + }; + + struct qed_iov_vf_init_params { diff --git a/queue-5.4/scsi-libsas-fix-sas_ata_qc_issue-handling-of-ncq-non-data-commands.patch b/queue-5.4/scsi-libsas-fix-sas_ata_qc_issue-handling-of-ncq-non-data-commands.patch new file mode 100644 index 00000000000..e48dc9a7217 --- /dev/null +++ b/queue-5.4/scsi-libsas-fix-sas_ata_qc_issue-handling-of-ncq-non-data-commands.patch @@ -0,0 +1,41 @@ +From 8454563e4c2aafbfb81a383ab423ea8b9b430a25 Mon Sep 17 00:00:00 2001 +From: Damien Le Moal +Date: Sun, 20 Feb 2022 12:17:40 +0900 +Subject: scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands + +From: Damien Le Moal + +commit 8454563e4c2aafbfb81a383ab423ea8b9b430a25 upstream. + +To detect for the DMA_NONE (no data transfer) DMA direction, +sas_ata_qc_issue() tests if the command protocol is ATA_PROT_NODATA. This +test does not include the ATA_CMD_NCQ_NON_DATA command as this command +protocol is defined as ATA_PROT_NCQ_NODATA (equal to ATA_PROT_FLAG_NCQ) and +not as ATA_PROT_NODATA. + +To include both NCQ and non-NCQ commands when testing for the DMA_NONE DMA +direction, use "!ata_is_data()". + +Link: https://lore.kernel.org/r/20220220031810.738362-2-damien.lemoal@opensource.wdc.com +Fixes: 176ddd89171d ("scsi: libsas: Reset num_scatter if libata marks qc as NODATA") +Cc: stable@vger.kernel.org +Reviewed-by: John Garry +Reviewed-by: Jack Wang +Signed-off-by: Damien Le Moal +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/libsas/sas_ata.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/libsas/sas_ata.c ++++ b/drivers/scsi/libsas/sas_ata.c +@@ -201,7 +201,7 @@ static unsigned int sas_ata_qc_issue(str + task->total_xfer_len = qc->nbytes; + task->num_scatter = qc->n_elem; + task->data_dir = qc->dma_dir; +- } else if (qc->tf.protocol == ATA_PROT_NODATA) { ++ } else if (!ata_is_data(qc->tf.protocol)) { + task->data_dir = DMA_NONE; + } else { + for_each_sg(qc->sg, sg, qc->n_elem, si) diff --git a/queue-5.4/series b/queue-5.4/series index 5c9cc7755c1..e8085d590bc 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -47,3 +47,6 @@ jffs2-fix-memory-leak-in-jffs2_scan_medium.patch mm-pages_alloc.c-don-t-create-zone_movable-beyond-the-end-of-a-node.patch mm-invalidate-hwpoison-page-cache-page-in-fault-path.patch mempolicy-mbind_range-set_policy-after-vma_merge.patch +scsi-libsas-fix-sas_ata_qc_issue-handling-of-ncq-non-data-commands.patch +qed-display-vf-trust-config.patch +qed-validate-and-restrict-untrusted-vfs-vlan-promisc-mode.patch