From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 30 Jul 2018 12:16:43 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v4.17.12~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5f5d21acc97f8213afe8ac7be94d4f5ae0ec25e9;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	rdma-uverbs-protect-from-attempts-to-create-flows-on-unsupported-qp.patch
---

diff --git a/queue-4.9/rdma-uverbs-protect-from-attempts-to-create-flows-on-unsupported-qp.patch b/queue-4.9/rdma-uverbs-protect-from-attempts-to-create-flows-on-unsupported-qp.patch
new file mode 100644
index 00000000000..d54a22cf8d3
--- /dev/null
+++ b/queue-4.9/rdma-uverbs-protect-from-attempts-to-create-flows-on-unsupported-qp.patch
@@ -0,0 +1,44 @@
+From 940efcc8889f0d15567eb07fc9fd69b06e366aa5 Mon Sep 17 00:00:00 2001
+From: Leon Romanovsky <leonro@mellanox.com>
+Date: Sun, 24 Jun 2018 11:23:42 +0300
+Subject: RDMA/uverbs: Protect from attempts to create flows on unsupported QP
+
+From: Leon Romanovsky <leonro@mellanox.com>
+
+commit 940efcc8889f0d15567eb07fc9fd69b06e366aa5 upstream.
+
+Flows can be created on UD and RAW_PACKET QP types. Attempts to provide
+other QP types as an input causes to various unpredictable failures.
+
+The reason is that in order to support all various types (e.g. XRC), we
+are supposed to use real_qp handle and not qp handle and expect to
+driver/FW to fail such (XRC) flows. The simpler and safer variant is to
+ban all QP types except UD and RAW_PACKET, instead of relying on
+driver/FW.
+
+Cc: <stable@vger.kernel.org> # 3.11
+Fixes: 436f2ad05a0b ("IB/core: Export ib_create/destroy_flow through uverbs")
+Cc: syzkaller <syzkaller@googlegroups.com>
+Reported-by: Noa Osherovich <noaos@mellanox.com>
+Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/infiniband/core/uverbs_cmd.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/infiniband/core/uverbs_cmd.c
++++ b/drivers/infiniband/core/uverbs_cmd.c
+@@ -3725,6 +3725,11 @@ int ib_uverbs_ex_create_flow(struct ib_u
+ 		goto err_uobj;
+ 	}
+ 
++	if (qp->qp_type != IB_QPT_UD && qp->qp_type != IB_QPT_RAW_PACKET) {
++		err = -EINVAL;
++		goto err_put;
++	}
++
+ 	flow_attr = kzalloc(sizeof(*flow_attr) + cmd.flow_attr.num_of_specs *
+ 			    sizeof(union ib_flow_spec), GFP_KERNEL);
+ 	if (!flow_attr) {
diff --git a/queue-4.9/series b/queue-4.9/series
index b71c0096310..d8d1e708cc6 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -90,7 +90,6 @@ arm-dts-sh73a0-add-missing-interrupt-affinity-to-pmu-node.patch
 nvmem-properly-handle-returned-value-nvmem_reg_read.patch
 tty-fix-data-race-in-tty_insert_flip_string_fixed_flag.patch
 dma-iommu-fix-compilation-when-config_iommu_dma.patch
-tick-prefer-a-lower-rating-device-only-if-it-s-cpu-local-device.patch
 media-rcar_jpu-add-missing-clk_disable_unprepare-on-error-in-jpu_open.patch
 libata-fix-command-retry-decision.patch
 media-media-device-fix-ioctl-function-types.patch
@@ -138,3 +137,4 @@ random-mix-rdrand-with-entropy-sent-in-from-userspace.patch
 squashfs-be-more-careful-about-metadata-corruption.patch
 ext4-fix-inline-data-updates-with-checksums-enabled.patch
 ext4-check-for-allocation-block-validity-with-block-group-locked.patch
+rdma-uverbs-protect-from-attempts-to-create-flows-on-unsupported-qp.patch
diff --git a/queue-4.9/tick-prefer-a-lower-rating-device-only-if-it-s-cpu-local-device.patch b/queue-4.9/tick-prefer-a-lower-rating-device-only-if-it-s-cpu-local-device.patch
deleted file mode 100644
index 6c3b77000f5..00000000000
--- a/queue-4.9/tick-prefer-a-lower-rating-device-only-if-it-s-cpu-local-device.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From foo@baz Sat Jul 28 10:48:22 CEST 2018
-From: Sudeep Holla <sudeep.holla@arm.com>
-Date: Wed, 9 May 2018 17:02:08 +0100
-Subject: tick: Prefer a lower rating device only if it's CPU local device
-
-From: Sudeep Holla <sudeep.holla@arm.com>
-
-[ Upstream commit 1332a90558013ae4242e3dd7934bdcdeafb06c0d ]
-
-Checking the equality of cpumask for both new and old tick device doesn't
-ensure that it's CPU local device. This will cause issue if a low rating
-clockevent tick device is registered first followed by the registration
-of higher rating clockevent tick device.
-
-In such case, clockevents_released list will never get emptied as both
-the devices get selected as preferred one and we will loop forever in
-clockevents_notify_released.
-
-Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: Frederic Weisbecker <fweisbec@gmail.com>
-Link: https://lkml.kernel.org/r/1525881728-4858-1-git-send-email-sudeep.holla@arm.com
-Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- kernel/time/tick-common.c |    3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
---- a/kernel/time/tick-common.c
-+++ b/kernel/time/tick-common.c
-@@ -277,7 +277,8 @@ static bool tick_check_preferred(struct
- 	 */
- 	return !curdev ||
- 		newdev->rating > curdev->rating ||
--	       !cpumask_equal(curdev->cpumask, newdev->cpumask);
-+	       (!cpumask_equal(curdev->cpumask, newdev->cpumask) &&
-+	        !tick_check_percpu(curdev, newdev, smp_processor_id()));
- }
- 
- /*