From: Sasha Levin Date: Wed, 16 Mar 2022 14:51:47 +0000 (-0400) Subject: Fixes for 4.9 X-Git-Tag: v5.4.186~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b08f762efe4c0cfd438045c75b4a79d5350b85c4;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.9 Signed-off-by: Sasha Levin --- diff --git a/queue-4.9/arm-9178-1-fix-unmet-dependency-on-bitreverse-for-ha.patch b/queue-4.9/arm-9178-1-fix-unmet-dependency-on-bitreverse-for-ha.patch new file mode 100644 index 00000000000..f9e41c242fe --- /dev/null +++ b/queue-4.9/arm-9178-1-fix-unmet-dependency-on-bitreverse-for-ha.patch @@ -0,0 +1,51 @@ +From c253ce91e7aaabe4f30c7be2c94ee1e3acde6f86 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 17 Jan 2022 05:09:40 +0100 +Subject: ARM: 9178/1: fix unmet dependency on BITREVERSE for + HAVE_ARCH_BITREVERSE + +From: Julian Braha + +[ Upstream commit 11c57c3ba94da74c3446924260e34e0b1950b5d7 ] + +Resending this to properly add it to the patch tracker - thanks for letting +me know, Arnd :) + +When ARM is enabled, and BITREVERSE is disabled, +Kbuild gives the following warning: + +WARNING: unmet direct dependencies detected for HAVE_ARCH_BITREVERSE + Depends on [n]: BITREVERSE [=n] + Selected by [y]: + - ARM [=y] && (CPU_32v7M [=n] || CPU_32v7 [=y]) && !CPU_32v6 [=n] + +This is because ARM selects HAVE_ARCH_BITREVERSE +without selecting BITREVERSE, despite +HAVE_ARCH_BITREVERSE depending on BITREVERSE. + +This unmet dependency bug was found by Kismet, +a static analysis tool for Kconfig. Please advise if this +is not the appropriate solution. + +Signed-off-by: Julian Braha +Signed-off-by: Russell King (Oracle) +Signed-off-by: Sasha Levin +--- + lib/Kconfig | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/lib/Kconfig b/lib/Kconfig +index 260a80e313b9..600759707ffe 100644 +--- a/lib/Kconfig ++++ b/lib/Kconfig +@@ -16,7 +16,6 @@ config BITREVERSE + config HAVE_ARCH_BITREVERSE + bool + default n +- depends on BITREVERSE + help + This option enables the use of hardware bit-reversal instructions on + architectures which support such operations. +-- +2.34.1 + diff --git a/queue-4.9/arm-dts-rockchip-fix-a-typo-on-rk3288-crypto-control.patch b/queue-4.9/arm-dts-rockchip-fix-a-typo-on-rk3288-crypto-control.patch new file mode 100644 index 00000000000..74756aca029 --- /dev/null +++ b/queue-4.9/arm-dts-rockchip-fix-a-typo-on-rk3288-crypto-control.patch @@ -0,0 +1,37 @@ +From 4785de0f25db639cf4d014608f5cb14ee77c35d8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 9 Feb 2022 12:03:55 +0000 +Subject: ARM: dts: rockchip: fix a typo on rk3288 crypto-controller + +From: Corentin Labbe + +[ Upstream commit 3916c3619599a3970d3e6f98fb430b7c46266ada ] + +crypto-controller had a typo, fix it. +In the same time, rename it to just crypto + +Signed-off-by: Corentin Labbe +Acked-by: Krzysztof Kozlowski +Link: https://lore.kernel.org/r/20220209120355.1985707-1-clabbe@baylibre.com +Signed-off-by: Heiko Stuebner +Signed-off-by: Sasha Levin +--- + arch/arm/boot/dts/rk3288.dtsi | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm/boot/dts/rk3288.dtsi b/arch/arm/boot/dts/rk3288.dtsi +index 7b727d738b69..4702aa980ef8 100644 +--- a/arch/arm/boot/dts/rk3288.dtsi ++++ b/arch/arm/boot/dts/rk3288.dtsi +@@ -918,7 +918,7 @@ + status = "disabled"; + }; + +- crypto: cypto-controller@ff8a0000 { ++ crypto: crypto@ff8a0000 { + compatible = "rockchip,rk3288-crypto"; + reg = <0xff8a0000 0x4000>; + interrupts = ; +-- +2.34.1 + diff --git a/queue-4.9/atm-firestream-check-the-return-value-of-ioremap-in-.patch b/queue-4.9/atm-firestream-check-the-return-value-of-ioremap-in-.patch new file mode 100644 index 00000000000..3d051a334c8 --- /dev/null +++ b/queue-4.9/atm-firestream-check-the-return-value-of-ioremap-in-.patch @@ -0,0 +1,36 @@ +From bcc74ce63ecc140822045b4a15f4fd09309b544e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 25 Feb 2022 04:52:30 -0800 +Subject: atm: firestream: check the return value of ioremap() in fs_init() + +From: Jia-Ju Bai + +[ Upstream commit d4e26aaea7f82ba884dcb4acfe689406bc092dc3 ] + +The function ioremap() in fs_init() can fail, so its return value should +be checked. + +Reported-by: TOTE Robot +Signed-off-by: Jia-Ju Bai +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/atm/firestream.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/atm/firestream.c b/drivers/atm/firestream.c +index 7cb2b863e653..7d74b7e1a837 100644 +--- a/drivers/atm/firestream.c ++++ b/drivers/atm/firestream.c +@@ -1692,6 +1692,8 @@ static int fs_init(struct fs_dev *dev) + dev->hw_base = pci_resource_start(pci_dev, 0); + + dev->base = ioremap(dev->hw_base, 0x1000); ++ if (!dev->base) ++ return 1; + + reset_chip (dev); + +-- +2.34.1 + diff --git a/queue-4.9/bnx2-fix-an-error-message.patch b/queue-4.9/bnx2-fix-an-error-message.patch new file mode 100644 index 00000000000..5b7dc199e46 --- /dev/null +++ b/queue-4.9/bnx2-fix-an-error-message.patch @@ -0,0 +1,34 @@ +From 21897ffc9d36e8bd988f31e946204ff4f537a1d2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Mar 2022 21:21:15 +0100 +Subject: bnx2: Fix an error message + +From: Christophe JAILLET + +[ Upstream commit 8ccffe9ac3239e549beaa0a9d5e1a1eac94e866c ] + +Fix an error message and report the correct failing function. + +Signed-off-by: Christophe JAILLET +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/broadcom/bnx2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/broadcom/bnx2.c b/drivers/net/ethernet/broadcom/bnx2.c +index e15e487c14dd..94f8c2824649 100644 +--- a/drivers/net/ethernet/broadcom/bnx2.c ++++ b/drivers/net/ethernet/broadcom/bnx2.c +@@ -8238,7 +8238,7 @@ bnx2_init_board(struct pci_dev *pdev, struct net_device *dev) + rc = pci_set_consistent_dma_mask(pdev, persist_dma_mask); + if (rc) { + dev_err(&pdev->dev, +- "pci_set_consistent_dma_mask failed, aborting\n"); ++ "dma_set_coherent_mask failed, aborting\n"); + goto err_out_unmap; + } + } else if ((rc = pci_set_dma_mask(pdev, DMA_BIT_MASK(32))) != 0) { +-- +2.34.1 + diff --git a/queue-4.9/can-rcar_canfd-rcar_canfd_channel_probe-register-the.patch b/queue-4.9/can-rcar_canfd-rcar_canfd_channel_probe-register-the.patch new file mode 100644 index 00000000000..ab3ac5a5945 --- /dev/null +++ b/queue-4.9/can-rcar_canfd-rcar_canfd_channel_probe-register-the.patch @@ -0,0 +1,51 @@ +From 2797afc90fc4856447c2afabf17f8cdd58992869 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 21 Feb 2022 22:59:35 +0000 +Subject: can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device + when fully ready + +From: Lad Prabhakar + +[ Upstream commit c5048a7b2c23ab589f3476a783bd586b663eda5b ] + +Register the CAN device only when all the necessary initialization is +completed. This patch makes sure all the data structures and locks are +initialized before registering the CAN device. + +Link: https://lore.kernel.org/all/20220221225935.12300-1-prabhakar.mahadev-lad.rj@bp.renesas.com +Reported-by: Pavel Machek +Signed-off-by: Lad Prabhakar +Reviewed-by: Pavel Machek +Reviewed-by: Ulrich Hecht +Signed-off-by: Marc Kleine-Budde +Signed-off-by: Sasha Levin +--- + drivers/net/can/rcar/rcar_canfd.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/can/rcar/rcar_canfd.c b/drivers/net/can/rcar/rcar_canfd.c +index 43cdd5544b0c..a127c853a4e9 100644 +--- a/drivers/net/can/rcar/rcar_canfd.c ++++ b/drivers/net/can/rcar/rcar_canfd.c +@@ -1601,15 +1601,15 @@ static int rcar_canfd_channel_probe(struct rcar_canfd_global *gpriv, u32 ch, + + netif_napi_add(ndev, &priv->napi, rcar_canfd_rx_poll, + RCANFD_NAPI_WEIGHT); ++ spin_lock_init(&priv->tx_lock); ++ devm_can_led_init(ndev); ++ gpriv->ch[priv->channel] = priv; + err = register_candev(ndev); + if (err) { + dev_err(&pdev->dev, + "register_candev() failed, error %d\n", err); + goto fail_candev; + } +- spin_lock_init(&priv->tx_lock); +- devm_can_led_init(ndev); +- gpriv->ch[priv->channel] = priv; + dev_info(&pdev->dev, "device registered (channel %u)\n", priv->channel); + return 0; + +-- +2.34.1 + diff --git a/queue-4.9/kselftest-vm-fix-tests-build-with-old-libc.patch b/queue-4.9/kselftest-vm-fix-tests-build-with-old-libc.patch new file mode 100644 index 00000000000..65354bb3f17 --- /dev/null +++ b/queue-4.9/kselftest-vm-fix-tests-build-with-old-libc.patch @@ -0,0 +1,47 @@ +From aab58a053f065551d0dbbc5b894c6cf6bc24fbfe Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 4 Mar 2022 20:29:04 -0800 +Subject: kselftest/vm: fix tests build with old libc + +From: Chengming Zhou + +[ Upstream commit b773827e361952b3f53ac6fa4c4e39ccd632102e ] + +The error message when I build vm tests on debian10 (GLIBC 2.28): + + userfaultfd.c: In function `userfaultfd_pagemap_test': + userfaultfd.c:1393:37: error: `MADV_PAGEOUT' undeclared (first use + in this function); did you mean `MADV_RANDOM'? + if (madvise(area_dst, test_pgsize, MADV_PAGEOUT)) + ^~~~~~~~~~~~ + MADV_RANDOM + +This patch includes these newer definitions from UAPI linux/mman.h, is +useful to fix tests build on systems without these definitions in glibc +sys/mman.h. + +Link: https://lkml.kernel.org/r/20220227055330.43087-2-zhouchengming@bytedance.com +Signed-off-by: Chengming Zhou +Reviewed-by: Shuah Khan +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/vm/userfaultfd.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tools/testing/selftests/vm/userfaultfd.c b/tools/testing/selftests/vm/userfaultfd.c +index d77ed41b2094..1f89d3dd8295 100644 +--- a/tools/testing/selftests/vm/userfaultfd.c ++++ b/tools/testing/selftests/vm/userfaultfd.c +@@ -60,6 +60,7 @@ + #include + #include + #include ++#include + #include + #include + #include +-- +2.34.1 + diff --git a/queue-4.9/mips-smp-fill-in-sibling-and-core-maps-earlier.patch b/queue-4.9/mips-smp-fill-in-sibling-and-core-maps-earlier.patch new file mode 100644 index 00000000000..41da003d84b --- /dev/null +++ b/queue-4.9/mips-smp-fill-in-sibling-and-core-maps-earlier.patch @@ -0,0 +1,107 @@ +From b885903cd0cc076e9369b9551fcf5959b0503fcb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 12 Feb 2022 22:21:11 +0000 +Subject: MIPS: smp: fill in sibling and core maps earlier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Alexander Lobakin + +[ Upstream commit f2703def339c793674010cc9f01bfe4980231808 ] + +After enabling CONFIG_SCHED_CORE (landed during 5.14 cycle), +2-core 2-thread-per-core interAptiv (CPS-driven) started emitting +the following: + +[ 0.025698] CPU1 revision is: 0001a120 (MIPS interAptiv (multi)) +[ 0.048183] ------------[ cut here ]------------ +[ 0.048187] WARNING: CPU: 1 PID: 0 at kernel/sched/core.c:6025 sched_core_cpu_starting+0x198/0x240 +[ 0.048220] Modules linked in: +[ 0.048233] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.17.0-rc3+ #35 b7b319f24073fd9a3c2aa7ad15fb7993eec0b26f +[ 0.048247] Stack : 817f0000 00000004 327804c8 810eb050 00000000 00000004 00000000 c314fdd1 +[ 0.048278] 830cbd64 819c0000 81800000 817f0000 83070bf4 00000001 830cbd08 00000000 +[ 0.048307] 00000000 00000000 815fcbc4 00000000 00000000 00000000 00000000 00000000 +[ 0.048334] 00000000 00000000 00000000 00000000 817f0000 00000000 00000000 817f6f34 +[ 0.048361] 817f0000 818a3c00 817f0000 00000004 00000000 00000000 4dc33260 0018c933 +[ 0.048389] ... +[ 0.048396] Call Trace: +[ 0.048399] [<8105a7bc>] show_stack+0x3c/0x140 +[ 0.048424] [<8131c2a0>] dump_stack_lvl+0x60/0x80 +[ 0.048440] [<8108b5c0>] __warn+0xc0/0xf4 +[ 0.048454] [<8108b658>] warn_slowpath_fmt+0x64/0x10c +[ 0.048467] [<810bd418>] sched_core_cpu_starting+0x198/0x240 +[ 0.048483] [<810c6514>] sched_cpu_starting+0x14/0x80 +[ 0.048497] [<8108c0f8>] cpuhp_invoke_callback_range+0x78/0x140 +[ 0.048510] [<8108d914>] notify_cpu_starting+0x94/0x140 +[ 0.048523] [<8106593c>] start_secondary+0xbc/0x280 +[ 0.048539] +[ 0.048543] ---[ end trace 0000000000000000 ]--- +[ 0.048636] Synchronize counters for CPU 1: done. + +...for each but CPU 0/boot. +Basic debug printks right before the mentioned line say: + +[ 0.048170] CPU: 1, smt_mask: + +So smt_mask, which is sibling mask obviously, is empty when entering +the function. +This is critical, as sched_core_cpu_starting() calculates +core-scheduling parameters only once per CPU start, and it's crucial +to have all the parameters filled in at that moment (at least it +uses cpu_smt_mask() which in fact is `&cpu_sibling_map[cpu]` on +MIPS). + +A bit of debugging led me to that set_cpu_sibling_map() performing +the actual map calculation, was being invocated after +notify_cpu_start(), and exactly the latter function starts CPU HP +callback round (sched_core_cpu_starting() is basically a CPU HP +callback). +While the flow is same on ARM64 (maps after the notifier, although +before calling set_cpu_online()), x86 started calculating sibling +maps earlier than starting the CPU HP callbacks in Linux 4.14 (see +[0] for the reference). Neither me nor my brief tests couldn't find +any potential caveats in calculating the maps right after performing +delay calibration, but the WARN splat is now gone. +The very same debug prints now yield exactly what I expected from +them: + +[ 0.048433] CPU: 1, smt_mask: 0-1 + +[0] https://git.kernel.org/pub/scm/linux/kernel/git/mips/linux.git/commit/?id=76ce7cfe35ef + +Signed-off-by: Alexander Lobakin +Reviewed-by: Philippe Mathieu-Daudé +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Sasha Levin +--- + arch/mips/kernel/smp.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/arch/mips/kernel/smp.c b/arch/mips/kernel/smp.c +index 95ba4271af6a..01aa8d6da4b9 100644 +--- a/arch/mips/kernel/smp.c ++++ b/arch/mips/kernel/smp.c +@@ -369,6 +369,9 @@ asmlinkage void start_secondary(void) + cpu = smp_processor_id(); + cpu_data[cpu].udelay_val = loops_per_jiffy; + ++ set_cpu_sibling_map(cpu); ++ set_cpu_core_map(cpu); ++ + cpumask_set_cpu(cpu, &cpu_coherent_mask); + notify_cpu_starting(cpu); + +@@ -380,9 +383,6 @@ asmlinkage void start_secondary(void) + /* The CPU is running and counters synchronised, now mark it online */ + set_cpu_online(cpu, true); + +- set_cpu_sibling_map(cpu); +- set_cpu_core_map(cpu); +- + calculate_cpu_foreign_map(); + + /* +-- +2.34.1 + diff --git a/queue-4.9/nl80211-update-bss-channel-on-channel-switch-for-p2p.patch b/queue-4.9/nl80211-update-bss-channel-on-channel-switch-for-p2p.patch new file mode 100644 index 00000000000..e6c39a6dcd0 --- /dev/null +++ b/queue-4.9/nl80211-update-bss-channel-on-channel-switch-for-p2p.patch @@ -0,0 +1,42 @@ +From 0e92b7cb65408445a2a0c90572ff235eac8d3381 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Mar 2022 11:33:20 +0530 +Subject: nl80211: Update bss channel on channel switch for P2P_CLIENT + +From: Sreeramya Soratkal + +[ Upstream commit e50b88c4f076242358b66ddb67482b96947438f2 ] + +The wdev channel information is updated post channel switch only for +the station mode and not for the other modes. Due to this, the P2P client +still points to the old value though it moved to the new channel +when the channel change is induced from the P2P GO. + +Update the bss channel after CSA channel switch completion for P2P client +interface as well. + +Signed-off-by: Sreeramya Soratkal +Link: https://lore.kernel.org/r/1646114600-31479-1-git-send-email-quic_ssramya@quicinc.com +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/wireless/nl80211.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c +index ab8bca39afa3..562e138deba2 100644 +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -14068,7 +14068,8 @@ void cfg80211_ch_switch_notify(struct net_device *dev, + wdev->chandef = *chandef; + wdev->preset_chandef = *chandef; + +- if (wdev->iftype == NL80211_IFTYPE_STATION && ++ if ((wdev->iftype == NL80211_IFTYPE_STATION || ++ wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) && + !WARN_ON(!wdev->current_bss)) + wdev->current_bss->pub.channel = chandef->chan; + +-- +2.34.1 + diff --git a/queue-4.9/series b/queue-4.9/series index e69de29bb2d..1f31d1d8b55 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -0,0 +1,11 @@ +xfrm-fix-xfrm-migrate-issues-when-address-family-cha.patch +arm-dts-rockchip-fix-a-typo-on-rk3288-crypto-control.patch +mips-smp-fill-in-sibling-and-core-maps-earlier.patch +arm-9178-1-fix-unmet-dependency-on-bitreverse-for-ha.patch +can-rcar_canfd-rcar_canfd_channel_probe-register-the.patch +atm-firestream-check-the-return-value-of-ioremap-in-.patch +nl80211-update-bss-channel-on-channel-switch-for-p2p.patch +tcp-make-tcp_read_sock-more-robust.patch +sfc-extend-the-locking-on-mcdi-seqno.patch +bnx2-fix-an-error-message.patch +kselftest-vm-fix-tests-build-with-old-libc.patch diff --git a/queue-4.9/sfc-extend-the-locking-on-mcdi-seqno.patch b/queue-4.9/sfc-extend-the-locking-on-mcdi-seqno.patch new file mode 100644 index 00000000000..55f195b8c39 --- /dev/null +++ b/queue-4.9/sfc-extend-the-locking-on-mcdi-seqno.patch @@ -0,0 +1,40 @@ +From 8d99c817243b67a250db6c5a15e182938fdbcc2e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Mar 2022 23:28:22 +0100 +Subject: sfc: extend the locking on mcdi->seqno + +From: Niels Dossche + +[ Upstream commit f1fb205efb0ccca55626fd4ef38570dd16b44719 ] + +seqno could be read as a stale value outside of the lock. The lock is +already acquired to protect the modification of seqno against a possible +race condition. Place the reading of this value also inside this locking +to protect it against a possible race condition. + +Signed-off-by: Niels Dossche +Acked-by: Martin Habets +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/sfc/mcdi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/sfc/mcdi.c b/drivers/net/ethernet/sfc/mcdi.c +index 241520943ada..221798499e24 100644 +--- a/drivers/net/ethernet/sfc/mcdi.c ++++ b/drivers/net/ethernet/sfc/mcdi.c +@@ -162,9 +162,9 @@ static void efx_mcdi_send_request(struct efx_nic *efx, unsigned cmd, + /* Serialise with efx_mcdi_ev_cpl() and efx_mcdi_ev_death() */ + spin_lock_bh(&mcdi->iface_lock); + ++mcdi->seqno; ++ seqno = mcdi->seqno & SEQ_MASK; + spin_unlock_bh(&mcdi->iface_lock); + +- seqno = mcdi->seqno & SEQ_MASK; + xflags = 0; + if (mcdi->mode == MCDI_MODE_EVENTS) + xflags |= MCDI_HEADER_XFLAGS_EVREQ; +-- +2.34.1 + diff --git a/queue-4.9/tcp-make-tcp_read_sock-more-robust.patch b/queue-4.9/tcp-make-tcp_read_sock-more-robust.patch new file mode 100644 index 00000000000..f393f8df46f --- /dev/null +++ b/queue-4.9/tcp-make-tcp_read_sock-more-robust.patch @@ -0,0 +1,50 @@ +From ebd454aa7e4cad08ae613f9b4171a8ebbe3eecdd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Mar 2022 08:17:23 -0800 +Subject: tcp: make tcp_read_sock() more robust + +From: Eric Dumazet + +[ Upstream commit e3d5ea2c011ecb16fb94c56a659364e6b30fac94 ] + +If recv_actor() returns an incorrect value, tcp_read_sock() +might loop forever. + +Instead, issue a one time warning and make sure to make progress. + +Signed-off-by: Eric Dumazet +Acked-by: John Fastabend +Acked-by: Jakub Sitnicki +Acked-by: Daniel Borkmann +Link: https://lore.kernel.org/r/20220302161723.3910001-2-eric.dumazet@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/ipv4/tcp.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c +index aeda018e4c49..6dfb964e1ad8 100644 +--- a/net/ipv4/tcp.c ++++ b/net/ipv4/tcp.c +@@ -1561,11 +1561,13 @@ int tcp_read_sock(struct sock *sk, read_descriptor_t *desc, + if (!copied) + copied = used; + break; +- } else if (used <= len) { +- seq += used; +- copied += used; +- offset += used; + } ++ if (WARN_ON_ONCE(used > len)) ++ used = len; ++ seq += used; ++ copied += used; ++ offset += used; ++ + /* If recv_actor drops the lock (e.g. TCP splice + * receive) the skb pointer might be invalid when + * getting here: tcp_collapse might have deleted it +-- +2.34.1 + diff --git a/queue-4.9/xfrm-fix-xfrm-migrate-issues-when-address-family-cha.patch b/queue-4.9/xfrm-fix-xfrm-migrate-issues-when-address-family-cha.patch new file mode 100644 index 00000000000..abd591fd536 --- /dev/null +++ b/queue-4.9/xfrm-fix-xfrm-migrate-issues-when-address-family-cha.patch @@ -0,0 +1,58 @@ +From 675b6907c5f80b571664df09c44f7c974afdf961 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 18 Jan 2022 16:00:14 -0800 +Subject: xfrm: Fix xfrm migrate issues when address family changes + +From: Yan Yan + +[ Upstream commit e03c3bba351f99ad932e8f06baa9da1afc418e02 ] + +xfrm_migrate cannot handle address family change of an xfrm_state. +The symptons are the xfrm_state will be migrated to a wrong address, +and sending as well as receiving packets wil be broken. + +This commit fixes it by breaking the original xfrm_state_clone +method into two steps so as to update the props.family before +running xfrm_init_state. As the result, xfrm_state's inner mode, +outer mode, type and IP header length in xfrm_state_migrate can +be updated with the new address family. + +Tested with additions to Android's kernel unit test suite: +https://android-review.googlesource.com/c/kernel/tests/+/1885354 + +Signed-off-by: Yan Yan +Signed-off-by: Steffen Klassert +Signed-off-by: Sasha Levin +--- + net/xfrm/xfrm_state.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c +index 4d19f2ff6e05..73b4e7c0d336 100644 +--- a/net/xfrm/xfrm_state.c ++++ b/net/xfrm/xfrm_state.c +@@ -1238,9 +1238,6 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig) + + memcpy(&x->mark, &orig->mark, sizeof(x->mark)); + +- if (xfrm_init_state(x) < 0) +- goto error; +- + x->props.flags = orig->props.flags; + x->props.extra_flags = orig->props.extra_flags; + +@@ -1317,6 +1314,11 @@ struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, + if (!xc) + return NULL; + ++ xc->props.family = m->new_family; ++ ++ if (xfrm_init_state(xc) < 0) ++ goto error; ++ + memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr)); + memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr)); + +-- +2.34.1 +