From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 20 Aug 2019 21:14:30 +0000 (-0700)
Subject: 4.4-stable patches
X-Git-Tag: v4.19.68~18
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9527654a05886fdd536cd67ce84d3ff2ece36547;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	rdma-directly-cast-the-sockaddr-union-to-sockaddr.patch
	scsi-fcoe-embed-fc_rport_priv-in-fcoe_rport-structure.patch
---

diff --git a/queue-4.4/rdma-directly-cast-the-sockaddr-union-to-sockaddr.patch b/queue-4.4/rdma-directly-cast-the-sockaddr-union-to-sockaddr.patch
new file mode 100644
index 00000000000..06a3024d002
--- /dev/null
+++ b/queue-4.4/rdma-directly-cast-the-sockaddr-union-to-sockaddr.patch
@@ -0,0 +1,73 @@
+From 7d5750c0edfe886dbdee189f0c86e95c68147781 Mon Sep 17 00:00:00 2001
+From: Jason Gunthorpe <jgg@mellanox.com>
+Date: Sun, 12 May 2019 21:57:57 -0300
+Subject: RDMA: Directly cast the sockaddr union to sockaddr
+
+From: Jason Gunthorpe <jgg@mellanox.com>
+
+commit 641114d2af312d39ca9bbc2369d18a5823da51c6 upstream.
+
+gcc 9 now does allocation size tracking and thinks that passing the member
+of a union and then accessing beyond that member's bounds is an overflow.
+
+Instead of using the union member, use the entire union with a cast to
+get to the sockaddr. gcc will now know that the memory extends the full
+size of the union.
+
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/core/addr.c |   15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+--- a/drivers/infiniband/core/addr.c
++++ b/drivers/infiniband/core/addr.c
+@@ -481,14 +481,13 @@ int rdma_addr_find_dmac_by_grh(const uni
+ 	struct net_device *dev;
+ 
+ 	union {
+-		struct sockaddr     _sockaddr;
+ 		struct sockaddr_in  _sockaddr_in;
+ 		struct sockaddr_in6 _sockaddr_in6;
+ 	} sgid_addr, dgid_addr;
+ 
+ 
+-	rdma_gid2ip(&sgid_addr._sockaddr, sgid);
+-	rdma_gid2ip(&dgid_addr._sockaddr, dgid);
++	rdma_gid2ip((struct sockaddr *)&sgid_addr, sgid);
++	rdma_gid2ip((struct sockaddr *)&dgid_addr, dgid);
+ 
+ 	memset(&dev_addr, 0, sizeof(dev_addr));
+ 	dev_addr.bound_dev_if = if_index;
+@@ -496,8 +495,9 @@ int rdma_addr_find_dmac_by_grh(const uni
+ 
+ 	ctx.addr = &dev_addr;
+ 	init_completion(&ctx.comp);
+-	ret = rdma_resolve_ip(&self, &sgid_addr._sockaddr, &dgid_addr._sockaddr,
+-			&dev_addr, 1000, resolve_cb, &ctx);
++	ret = rdma_resolve_ip(&self, (struct sockaddr *)&sgid_addr,
++			      (struct sockaddr *)&dgid_addr, &dev_addr, 1000,
++			      resolve_cb, &ctx);
+ 	if (ret)
+ 		return ret;
+ 
+@@ -519,16 +519,15 @@ int rdma_addr_find_smac_by_sgid(union ib
+ 	int ret = 0;
+ 	struct rdma_dev_addr dev_addr;
+ 	union {
+-		struct sockaddr     _sockaddr;
+ 		struct sockaddr_in  _sockaddr_in;
+ 		struct sockaddr_in6 _sockaddr_in6;
+ 	} gid_addr;
+ 
+-	rdma_gid2ip(&gid_addr._sockaddr, sgid);
++	rdma_gid2ip((struct sockaddr *)&gid_addr, sgid);
+ 
+ 	memset(&dev_addr, 0, sizeof(dev_addr));
+ 	dev_addr.net = &init_net;
+-	ret = rdma_translate_ip(&gid_addr._sockaddr, &dev_addr, vlan_id);
++	ret = rdma_translate_ip((struct sockaddr *)&gid_addr, &dev_addr, vlan_id);
+ 	if (ret)
+ 		return ret;
+ 
diff --git a/queue-4.4/scsi-fcoe-embed-fc_rport_priv-in-fcoe_rport-structure.patch b/queue-4.4/scsi-fcoe-embed-fc_rport_priv-in-fcoe_rport-structure.patch
new file mode 100644
index 00000000000..7c9a71c7eac
--- /dev/null
+++ b/queue-4.4/scsi-fcoe-embed-fc_rport_priv-in-fcoe_rport-structure.patch
@@ -0,0 +1,157 @@
+From 792f95e79a75ea8195236631bb59dd51389d87ce Mon Sep 17 00:00:00 2001
+From: Hannes Reinecke <hare@suse.de>
+Date: Wed, 24 Jul 2019 11:00:55 +0200
+Subject: scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
+
+From: Hannes Reinecke <hare@suse.de>
+
+commit 023358b136d490ca91735ac6490db3741af5a8bd upstream.
+
+Gcc-9 complains for a memset across pointer boundaries, which happens as
+the code tries to allocate a flexible array on the stack.  Turns out we
+cannot do this without relying on gcc-isms, so with this patch we'll embed
+the fc_rport_priv structure into fcoe_rport, can use the normal
+'container_of' outcast, and will only have to do a memset over one
+structure.
+
+Signed-off-by: Hannes Reinecke <hare@suse.de>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/fcoe/fcoe_ctlr.c |   33 ++++++++++++++-------------------
+ drivers/scsi/libfc/fc_rport.c |    5 ++++-
+ include/scsi/libfcoe.h        |    1 +
+ 3 files changed, 19 insertions(+), 20 deletions(-)
+
+--- a/drivers/scsi/fcoe/fcoe_ctlr.c
++++ b/drivers/scsi/fcoe/fcoe_ctlr.c
+@@ -1973,7 +1973,7 @@ EXPORT_SYMBOL_GPL(fcoe_wwn_from_mac);
+  */
+ static inline struct fcoe_rport *fcoe_ctlr_rport(struct fc_rport_priv *rdata)
+ {
+-	return (struct fcoe_rport *)(rdata + 1);
++	return container_of(rdata, struct fcoe_rport, rdata);
+ }
+ 
+ /**
+@@ -2233,7 +2233,7 @@ static void fcoe_ctlr_vn_start(struct fc
+  */
+ static int fcoe_ctlr_vn_parse(struct fcoe_ctlr *fip,
+ 			      struct sk_buff *skb,
+-			      struct fc_rport_priv *rdata)
++			      struct fcoe_rport *frport)
+ {
+ 	struct fip_header *fiph;
+ 	struct fip_desc *desc = NULL;
+@@ -2241,16 +2241,12 @@ static int fcoe_ctlr_vn_parse(struct fco
+ 	struct fip_wwn_desc *wwn = NULL;
+ 	struct fip_vn_desc *vn = NULL;
+ 	struct fip_size_desc *size = NULL;
+-	struct fcoe_rport *frport;
+ 	size_t rlen;
+ 	size_t dlen;
+ 	u32 desc_mask = 0;
+ 	u32 dtype;
+ 	u8 sub;
+ 
+-	memset(rdata, 0, sizeof(*rdata) + sizeof(*frport));
+-	frport = fcoe_ctlr_rport(rdata);
+-
+ 	fiph = (struct fip_header *)skb->data;
+ 	frport->flags = ntohs(fiph->fip_flags);
+ 
+@@ -2313,15 +2309,17 @@ static int fcoe_ctlr_vn_parse(struct fco
+ 			if (dlen != sizeof(struct fip_wwn_desc))
+ 				goto len_err;
+ 			wwn = (struct fip_wwn_desc *)desc;
+-			rdata->ids.node_name = get_unaligned_be64(&wwn->fd_wwn);
++			frport->rdata.ids.node_name =
++				get_unaligned_be64(&wwn->fd_wwn);
+ 			break;
+ 		case FIP_DT_VN_ID:
+ 			if (dlen != sizeof(struct fip_vn_desc))
+ 				goto len_err;
+ 			vn = (struct fip_vn_desc *)desc;
+ 			memcpy(frport->vn_mac, vn->fd_mac, ETH_ALEN);
+-			rdata->ids.port_id = ntoh24(vn->fd_fc_id);
+-			rdata->ids.port_name = get_unaligned_be64(&vn->fd_wwpn);
++			frport->rdata.ids.port_id = ntoh24(vn->fd_fc_id);
++			frport->rdata.ids.port_name =
++				get_unaligned_be64(&vn->fd_wwpn);
+ 			break;
+ 		case FIP_DT_FC4F:
+ 			if (dlen != sizeof(struct fip_fc4_feat))
+@@ -2664,16 +2662,13 @@ static int fcoe_ctlr_vn_recv(struct fcoe
+ {
+ 	struct fip_header *fiph;
+ 	enum fip_vn2vn_subcode sub;
+-	struct {
+-		struct fc_rport_priv rdata;
+-		struct fcoe_rport frport;
+-	} buf;
++	struct fcoe_rport frport = { };
+ 	int rc;
+ 
+ 	fiph = (struct fip_header *)skb->data;
+ 	sub = fiph->fip_subcode;
+ 
+-	rc = fcoe_ctlr_vn_parse(fip, skb, &buf.rdata);
++	rc = fcoe_ctlr_vn_parse(fip, skb, &frport);
+ 	if (rc) {
+ 		LIBFCOE_FIP_DBG(fip, "vn_recv vn_parse error %d\n", rc);
+ 		goto drop;
+@@ -2682,19 +2677,19 @@ static int fcoe_ctlr_vn_recv(struct fcoe
+ 	mutex_lock(&fip->ctlr_mutex);
+ 	switch (sub) {
+ 	case FIP_SC_VN_PROBE_REQ:
+-		fcoe_ctlr_vn_probe_req(fip, &buf.rdata);
++		fcoe_ctlr_vn_probe_req(fip, &frport.rdata);
+ 		break;
+ 	case FIP_SC_VN_PROBE_REP:
+-		fcoe_ctlr_vn_probe_reply(fip, &buf.rdata);
++		fcoe_ctlr_vn_probe_reply(fip, &frport.rdata);
+ 		break;
+ 	case FIP_SC_VN_CLAIM_NOTIFY:
+-		fcoe_ctlr_vn_claim_notify(fip, &buf.rdata);
++		fcoe_ctlr_vn_claim_notify(fip, &frport.rdata);
+ 		break;
+ 	case FIP_SC_VN_CLAIM_REP:
+-		fcoe_ctlr_vn_claim_resp(fip, &buf.rdata);
++		fcoe_ctlr_vn_claim_resp(fip, &frport.rdata);
+ 		break;
+ 	case FIP_SC_VN_BEACON:
+-		fcoe_ctlr_vn_beacon(fip, &buf.rdata);
++		fcoe_ctlr_vn_beacon(fip, &frport.rdata);
+ 		break;
+ 	default:
+ 		LIBFCOE_FIP_DBG(fip, "vn_recv unknown subcode %d\n", sub);
+--- a/drivers/scsi/libfc/fc_rport.c
++++ b/drivers/scsi/libfc/fc_rport.c
+@@ -121,12 +121,15 @@ static struct fc_rport_priv *fc_rport_cr
+ 					     u32 port_id)
+ {
+ 	struct fc_rport_priv *rdata;
++	size_t rport_priv_size = sizeof(*rdata);
+ 
+ 	rdata = lport->tt.rport_lookup(lport, port_id);
+ 	if (rdata)
+ 		return rdata;
+ 
+-	rdata = kzalloc(sizeof(*rdata) + lport->rport_priv_size, GFP_KERNEL);
++	if (lport->rport_priv_size > 0)
++		rport_priv_size = lport->rport_priv_size;
++	rdata = kzalloc(rport_priv_size, GFP_KERNEL);
+ 	if (!rdata)
+ 		return NULL;
+ 
+--- a/include/scsi/libfcoe.h
++++ b/include/scsi/libfcoe.h
+@@ -236,6 +236,7 @@ struct fcoe_fcf {
+  * @vn_mac:	VN_Node assigned MAC address for data
+  */
+ struct fcoe_rport {
++	struct fc_rport_priv rdata;
+ 	unsigned long time;
+ 	u16 fcoe_len;
+ 	u16 flags;
diff --git a/queue-4.4/series b/queue-4.4/series
index 71c8336fb97..6f4cfad6fe6 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -66,3 +66,5 @@ include-linux-module.h-copy-__init-__exit-attrs-to-i.patch
 arm64-compat-allow-single-byte-watchpoints-on-all-addresses.patch
 input-psmouse-fix-build-error-of-multiple-definition.patch
 asm-generic-default-bug_on-x-to-if-x-bug.patch
+scsi-fcoe-embed-fc_rport_priv-in-fcoe_rport-structure.patch
+rdma-directly-cast-the-sockaddr-union-to-sockaddr.patch