From: Greg Kroah-Hartman Date: Sun, 18 Apr 2021 12:50:43 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v5.4.114~24 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dfe62407cb0642f96715935b763efa5f9888261a;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: i40e-fix-the-panic-when-running-bpf-in-xdpdrv-mode.patch ibmvnic-avoid-calling-napi_disable-twice.patch ibmvnic-remove-duplicate-napi_schedule-call-in-do_reset-function.patch ibmvnic-remove-duplicate-napi_schedule-call-in-open-function.patch net-davicom-fix-regulator-not-turned-off-on-failed-probe.patch net-sit-unregister-catch-all-devices.patch netfilter-conntrack-do-not-print-icmpv6-as-unknown-via-proc.patch netfilter-nft_limit-avoid-possible-divide-error-in-nft_limit_init.patch scsi-libsas-reset-num_scatter-if-libata-marks-qc-as-nodata.patch --- diff --git a/queue-4.14/i40e-fix-the-panic-when-running-bpf-in-xdpdrv-mode.patch b/queue-4.14/i40e-fix-the-panic-when-running-bpf-in-xdpdrv-mode.patch new file mode 100644 index 00000000000..28e75b28f14 --- /dev/null +++ b/queue-4.14/i40e-fix-the-panic-when-running-bpf-in-xdpdrv-mode.patch @@ -0,0 +1,68 @@ +From 4e39a072a6a0fc422ba7da5e4336bdc295d70211 Mon Sep 17 00:00:00 2001 +From: Jason Xing +Date: Wed, 14 Apr 2021 10:34:28 +0800 +Subject: i40e: fix the panic when running bpf in xdpdrv mode + +From: Jason Xing + +commit 4e39a072a6a0fc422ba7da5e4336bdc295d70211 upstream. + +Fix this panic by adding more rules to calculate the value of @rss_size_max +which could be used in allocating the queues when bpf is loaded, which, +however, could cause the failure and then trigger the NULL pointer of +vsi->rx_rings. Prio to this fix, the machine doesn't care about how many +cpus are online and then allocates 256 queues on the machine with 32 cpus +online actually. + +Once the load of bpf begins, the log will go like this "failed to get +tracking for 256 queues for VSI 0 err -12" and this "setup of MAIN VSI +failed". + +Thus, I attach the key information of the crash-log here. + +BUG: unable to handle kernel NULL pointer dereference at +0000000000000000 +RIP: 0010:i40e_xdp+0xdd/0x1b0 [i40e] +Call Trace: +[2160294.717292] ? i40e_reconfig_rss_queues+0x170/0x170 [i40e] +[2160294.717666] dev_xdp_install+0x4f/0x70 +[2160294.718036] dev_change_xdp_fd+0x11f/0x230 +[2160294.718380] ? dev_disable_lro+0xe0/0xe0 +[2160294.718705] do_setlink+0xac7/0xe70 +[2160294.719035] ? __nla_parse+0xed/0x120 +[2160294.719365] rtnl_newlink+0x73b/0x860 + +Fixes: 41c445ff0f48 ("i40e: main driver core") +Co-developed-by: Shujin Li +Signed-off-by: Shujin Li +Signed-off-by: Jason Xing +Reviewed-by: Jesse Brandeburg +Acked-by: Jesper Dangaard Brouer +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/i40e/i40e_main.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/net/ethernet/intel/i40e/i40e_main.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c +@@ -8941,6 +8941,7 @@ static int i40e_sw_init(struct i40e_pf * + { + int err = 0; + int size; ++ u16 pow; + + /* Set default capability flags */ + pf->flags = I40E_FLAG_RX_CSUM_ENABLED | +@@ -8959,6 +8960,11 @@ static int i40e_sw_init(struct i40e_pf * + pf->rss_table_size = pf->hw.func_caps.rss_table_size; + pf->rss_size_max = min_t(int, pf->rss_size_max, + pf->hw.func_caps.num_tx_qp); ++ ++ /* find the next higher power-of-2 of num cpus */ ++ pow = roundup_pow_of_two(num_online_cpus()); ++ pf->rss_size_max = min_t(int, pf->rss_size_max, pow); ++ + if (pf->hw.func_caps.rss) { + pf->flags |= I40E_FLAG_RSS_ENABLED; + pf->alloc_rss_size = min_t(int, pf->rss_size_max, diff --git a/queue-4.14/ibmvnic-avoid-calling-napi_disable-twice.patch b/queue-4.14/ibmvnic-avoid-calling-napi_disable-twice.patch new file mode 100644 index 00000000000..ae6cb4aa1d3 --- /dev/null +++ b/queue-4.14/ibmvnic-avoid-calling-napi_disable-twice.patch @@ -0,0 +1,41 @@ +From 0775ebc4cf8554bdcd2c212669a0868ab68df5c0 Mon Sep 17 00:00:00 2001 +From: Lijun Pan +Date: Wed, 14 Apr 2021 02:46:14 -0500 +Subject: ibmvnic: avoid calling napi_disable() twice + +From: Lijun Pan + +commit 0775ebc4cf8554bdcd2c212669a0868ab68df5c0 upstream. + +__ibmvnic_open calls napi_disable without checking whether NAPI polling +has already been disabled or not. This could cause napi_disable +being called twice, which could generate deadlock. For example, +the first napi_disable will spin until NAPI_STATE_SCHED is cleared +by napi_complete_done, then set it again. +When napi_disable is called the second time, it will loop infinitely +because no dev->poll will be running to clear NAPI_STATE_SCHED. + +To prevent above scenario from happening, call ibmvnic_napi_disable() +which checks if napi is disabled or not before calling napi_disable. + +Fixes: bfc32f297337 ("ibmvnic: Move resource initialization to its own routine") +Suggested-by: Thomas Falcon +Signed-off-by: Lijun Pan +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/ibm/ibmvnic.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/net/ethernet/ibm/ibmvnic.c ++++ b/drivers/net/ethernet/ibm/ibmvnic.c +@@ -891,8 +891,7 @@ static int __ibmvnic_open(struct net_dev + + rc = set_link_state(adapter, IBMVNIC_LOGICAL_LNK_UP); + if (rc) { +- for (i = 0; i < adapter->req_rx_queues; i++) +- napi_disable(&adapter->napi[i]); ++ ibmvnic_napi_disable(adapter); + release_resources(adapter); + return rc; + } diff --git a/queue-4.14/ibmvnic-remove-duplicate-napi_schedule-call-in-do_reset-function.patch b/queue-4.14/ibmvnic-remove-duplicate-napi_schedule-call-in-do_reset-function.patch new file mode 100644 index 00000000000..96161fc179a --- /dev/null +++ b/queue-4.14/ibmvnic-remove-duplicate-napi_schedule-call-in-do_reset-function.patch @@ -0,0 +1,46 @@ +From d3a6abccbd272aea7dc2c6f984bb5a2c11278e44 Mon Sep 17 00:00:00 2001 +From: Lijun Pan +Date: Wed, 14 Apr 2021 02:46:15 -0500 +Subject: ibmvnic: remove duplicate napi_schedule call in do_reset function + +From: Lijun Pan + +commit d3a6abccbd272aea7dc2c6f984bb5a2c11278e44 upstream. + +During adapter reset, do_reset/do_hard_reset calls ibmvnic_open(), +which will calls napi_schedule if previous state is VNIC_CLOSED +(i.e, the reset case, and "ifconfig down" case). So there is no need +for do_reset to call napi_schedule again at the end of the function +though napi_schedule will neglect the request if napi is already +scheduled. + +Fixes: ed651a10875f ("ibmvnic: Updated reset handling") +Signed-off-by: Lijun Pan +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/ibm/ibmvnic.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +--- a/drivers/net/ethernet/ibm/ibmvnic.c ++++ b/drivers/net/ethernet/ibm/ibmvnic.c +@@ -1431,7 +1431,7 @@ static int do_reset(struct ibmvnic_adapt + struct ibmvnic_rwi *rwi, u32 reset_state) + { + struct net_device *netdev = adapter->netdev; +- int i, rc; ++ int rc; + + netdev_dbg(adapter->netdev, "Re-setting driver (%d)\n", + rwi->reset_reason); +@@ -1496,10 +1496,6 @@ static int do_reset(struct ibmvnic_adapt + /* refresh device's multicast list */ + ibmvnic_set_multi(netdev); + +- /* kick napi */ +- for (i = 0; i < adapter->req_rx_queues; i++) +- napi_schedule(&adapter->napi[i]); +- + if (adapter->reset_reason != VNIC_RESET_FAILOVER) + netdev_notify_peers(netdev); + diff --git a/queue-4.14/ibmvnic-remove-duplicate-napi_schedule-call-in-open-function.patch b/queue-4.14/ibmvnic-remove-duplicate-napi_schedule-call-in-open-function.patch new file mode 100644 index 00000000000..d69fabdd423 --- /dev/null +++ b/queue-4.14/ibmvnic-remove-duplicate-napi_schedule-call-in-open-function.patch @@ -0,0 +1,35 @@ +From 7c451f3ef676c805a4b77a743a01a5c21a250a73 Mon Sep 17 00:00:00 2001 +From: Lijun Pan +Date: Wed, 14 Apr 2021 02:46:16 -0500 +Subject: ibmvnic: remove duplicate napi_schedule call in open function + +From: Lijun Pan + +commit 7c451f3ef676c805a4b77a743a01a5c21a250a73 upstream. + +Remove the unnecessary napi_schedule() call in __ibmvnic_open() since +interrupt_rx() calls napi_schedule_prep/__napi_schedule during every +receive interrupt. + +Fixes: ed651a10875f ("ibmvnic: Updated reset handling") +Signed-off-by: Lijun Pan +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/ibm/ibmvnic.c | 5 ----- + 1 file changed, 5 deletions(-) + +--- a/drivers/net/ethernet/ibm/ibmvnic.c ++++ b/drivers/net/ethernet/ibm/ibmvnic.c +@@ -898,11 +898,6 @@ static int __ibmvnic_open(struct net_dev + + netif_tx_start_all_queues(netdev); + +- if (prev_state == VNIC_CLOSED) { +- for (i = 0; i < adapter->req_rx_queues; i++) +- napi_schedule(&adapter->napi[i]); +- } +- + adapter->state = VNIC_OPEN; + return rc; + } diff --git a/queue-4.14/net-davicom-fix-regulator-not-turned-off-on-failed-probe.patch b/queue-4.14/net-davicom-fix-regulator-not-turned-off-on-failed-probe.patch new file mode 100644 index 00000000000..fbe60472ca1 --- /dev/null +++ b/queue-4.14/net-davicom-fix-regulator-not-turned-off-on-failed-probe.patch @@ -0,0 +1,39 @@ +From 31457db3750c0b0ed229d836f2609fdb8a5b790e Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Sun, 11 Apr 2021 11:02:08 +0200 +Subject: net: davicom: Fix regulator not turned off on failed probe + +From: Christophe JAILLET + +commit 31457db3750c0b0ed229d836f2609fdb8a5b790e upstream. + +When the probe fails, we must disable the regulator that was previously +enabled. + +This patch is a follow-up to commit ac88c531a5b3 +("net: davicom: Fix regulator not turned off on failed probe") which missed +one case. + +Fixes: 7994fe55a4a2 ("dm9000: Add regulator and reset support to dm9000") +Signed-off-by: Christophe JAILLET +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/davicom/dm9000.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/net/ethernet/davicom/dm9000.c ++++ b/drivers/net/ethernet/davicom/dm9000.c +@@ -1482,8 +1482,10 @@ dm9000_probe(struct platform_device *pde + + /* Init network device */ + ndev = alloc_etherdev(sizeof(struct board_info)); +- if (!ndev) +- return -ENOMEM; ++ if (!ndev) { ++ ret = -ENOMEM; ++ goto out_regulator_disable; ++ } + + SET_NETDEV_DEV(ndev, &pdev->dev); + diff --git a/queue-4.14/net-sit-unregister-catch-all-devices.patch b/queue-4.14/net-sit-unregister-catch-all-devices.patch new file mode 100644 index 00000000000..d0146e03a3d --- /dev/null +++ b/queue-4.14/net-sit-unregister-catch-all-devices.patch @@ -0,0 +1,49 @@ +From 610f8c0fc8d46e0933955ce13af3d64484a4630a Mon Sep 17 00:00:00 2001 +From: Hristo Venev +Date: Mon, 12 Apr 2021 20:41:16 +0300 +Subject: net: sit: Unregister catch-all devices + +From: Hristo Venev + +commit 610f8c0fc8d46e0933955ce13af3d64484a4630a upstream. + +A sit interface created without a local or a remote address is linked +into the `sit_net::tunnels_wc` list of its original namespace. When +deleting a network namespace, delete the devices that have been moved. + +The following script triggers a null pointer dereference if devices +linked in a deleted `sit_net` remain: + + for i in `seq 1 30`; do + ip netns add ns-test + ip netns exec ns-test ip link add dev veth0 type veth peer veth1 + ip netns exec ns-test ip link add dev sit$i type sit dev veth0 + ip netns exec ns-test ip link set dev sit$i netns $$ + ip netns del ns-test + done + for i in `seq 1 30`; do + ip link del dev sit$i + done + +Fixes: 5e6700b3bf98f ("sit: add support of x-netns") +Signed-off-by: Hristo Venev +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv6/sit.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/ipv6/sit.c ++++ b/net/ipv6/sit.c +@@ -1804,9 +1804,9 @@ static void __net_exit sit_destroy_tunne + if (dev->rtnl_link_ops == &sit_link_ops) + unregister_netdevice_queue(dev, head); + +- for (prio = 1; prio < 4; prio++) { ++ for (prio = 0; prio < 4; prio++) { + int h; +- for (h = 0; h < IP6_SIT_HASH_SIZE; h++) { ++ for (h = 0; h < (prio ? IP6_SIT_HASH_SIZE : 1); h++) { + struct ip_tunnel *t; + + t = rtnl_dereference(sitn->tunnels[prio][h]); diff --git a/queue-4.14/netfilter-conntrack-do-not-print-icmpv6-as-unknown-via-proc.patch b/queue-4.14/netfilter-conntrack-do-not-print-icmpv6-as-unknown-via-proc.patch new file mode 100644 index 00000000000..850725f3855 --- /dev/null +++ b/queue-4.14/netfilter-conntrack-do-not-print-icmpv6-as-unknown-via-proc.patch @@ -0,0 +1,28 @@ +From fbea31808ca124dd73ff6bb1e67c9af4607c3e32 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso +Date: Wed, 31 Mar 2021 01:04:45 +0200 +Subject: netfilter: conntrack: do not print icmpv6 as unknown via /proc + +From: Pablo Neira Ayuso + +commit fbea31808ca124dd73ff6bb1e67c9af4607c3e32 upstream. + +/proc/net/nf_conntrack shows icmpv6 as unknown. + +Fixes: 09ec82f5af99 ("netfilter: conntrack: remove protocol name from l4proto struct") +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman +--- + net/netfilter/nf_conntrack_standalone.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/netfilter/nf_conntrack_standalone.c ++++ b/net/netfilter/nf_conntrack_standalone.c +@@ -272,6 +272,7 @@ static const char* l4proto_name(u16 prot + case IPPROTO_GRE: return "gre"; + case IPPROTO_SCTP: return "sctp"; + case IPPROTO_UDPLITE: return "udplite"; ++ case IPPROTO_ICMPV6: return "icmpv6"; + } + + return "unknown"; diff --git a/queue-4.14/netfilter-nft_limit-avoid-possible-divide-error-in-nft_limit_init.patch b/queue-4.14/netfilter-nft_limit-avoid-possible-divide-error-in-nft_limit_init.patch new file mode 100644 index 00000000000..6952f5f79cb --- /dev/null +++ b/queue-4.14/netfilter-nft_limit-avoid-possible-divide-error-in-nft_limit_init.patch @@ -0,0 +1,80 @@ +From b895bdf5d643b6feb7c60856326dd4feb6981560 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Fri, 9 Apr 2021 08:49:39 -0700 +Subject: netfilter: nft_limit: avoid possible divide error in nft_limit_init + +From: Eric Dumazet + +commit b895bdf5d643b6feb7c60856326dd4feb6981560 upstream. + +div_u64() divides u64 by u32. + +nft_limit_init() wants to divide u64 by u64, use the appropriate +math function (div64_u64) + +divide error: 0000 [#1] PREEMPT SMP KASAN +CPU: 1 PID: 8390 Comm: syz-executor188 Not tainted 5.12.0-rc4-syzkaller #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +RIP: 0010:div_u64_rem include/linux/math64.h:28 [inline] +RIP: 0010:div_u64 include/linux/math64.h:127 [inline] +RIP: 0010:nft_limit_init+0x2a2/0x5e0 net/netfilter/nft_limit.c:85 +Code: ef 4c 01 eb 41 0f 92 c7 48 89 de e8 38 a5 22 fa 4d 85 ff 0f 85 97 02 00 00 e8 ea 9e 22 fa 4c 0f af f3 45 89 ed 31 d2 4c 89 f0 <49> f7 f5 49 89 c6 e8 d3 9e 22 fa 48 8d 7d 48 48 b8 00 00 00 00 00 +RSP: 0018:ffffc90009447198 EFLAGS: 00010246 +RAX: 0000000000000000 RBX: 0000200000000000 RCX: 0000000000000000 +RDX: 0000000000000000 RSI: ffffffff875152e6 RDI: 0000000000000003 +RBP: ffff888020f80908 R08: 0000200000000000 R09: 0000000000000000 +R10: ffffffff875152d8 R11: 0000000000000000 R12: ffffc90009447270 +R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 +FS: 000000000097a300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 00000000200001c4 CR3: 0000000026a52000 CR4: 00000000001506e0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +Call Trace: + nf_tables_newexpr net/netfilter/nf_tables_api.c:2675 [inline] + nft_expr_init+0x145/0x2d0 net/netfilter/nf_tables_api.c:2713 + nft_set_elem_expr_alloc+0x27/0x280 net/netfilter/nf_tables_api.c:5160 + nf_tables_newset+0x1997/0x3150 net/netfilter/nf_tables_api.c:4321 + nfnetlink_rcv_batch+0x85a/0x21b0 net/netfilter/nfnetlink.c:456 + nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:580 [inline] + nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:598 + netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] + netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338 + netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927 + sock_sendmsg_nosec net/socket.c:654 [inline] + sock_sendmsg+0xcf/0x120 net/socket.c:674 + ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350 + ___sys_sendmsg+0xf3/0x170 net/socket.c:2404 + __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433 + do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 + entry_SYSCALL_64_after_hwframe+0x44/0xae + +Fixes: c26844eda9d4 ("netfilter: nf_tables: Fix nft limit burst handling") +Fixes: 3e0f64b7dd31 ("netfilter: nft_limit: fix packet ratelimiting") +Signed-off-by: Eric Dumazet +Diagnosed-by: Luigi Rizzo +Reported-by: syzbot +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman +--- + net/netfilter/nft_limit.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/netfilter/nft_limit.c ++++ b/net/netfilter/nft_limit.c +@@ -79,13 +79,13 @@ static int nft_limit_init(struct nft_lim + return -EOVERFLOW; + + if (pkts) { +- tokens = div_u64(limit->nsecs, limit->rate) * limit->burst; ++ tokens = div64_u64(limit->nsecs, limit->rate) * limit->burst; + } else { + /* The token bucket size limits the number of tokens can be + * accumulated. tokens_max specifies the bucket size. + * tokens_max = unit * (rate + burst) / rate. + */ +- tokens = div_u64(limit->nsecs * (limit->rate + limit->burst), ++ tokens = div64_u64(limit->nsecs * (limit->rate + limit->burst), + limit->rate); + } + diff --git a/queue-4.14/scsi-libsas-reset-num_scatter-if-libata-marks-qc-as-nodata.patch b/queue-4.14/scsi-libsas-reset-num_scatter-if-libata-marks-qc-as-nodata.patch new file mode 100644 index 00000000000..a54703e4adb --- /dev/null +++ b/queue-4.14/scsi-libsas-reset-num_scatter-if-libata-marks-qc-as-nodata.patch @@ -0,0 +1,70 @@ +From 176ddd89171ddcf661862d90c5d257877f7326d6 Mon Sep 17 00:00:00 2001 +From: Jolly Shah +Date: Thu, 18 Mar 2021 15:56:32 -0700 +Subject: scsi: libsas: Reset num_scatter if libata marks qc as NODATA + +From: Jolly Shah + +commit 176ddd89171ddcf661862d90c5d257877f7326d6 upstream. + +When the cache_type for the SCSI device is changed, the SCSI layer issues a +MODE_SELECT command. The caching mode details are communicated via a +request buffer associated with the SCSI command with data direction set as +DMA_TO_DEVICE (scsi_mode_select()). When this command reaches the libata +layer, as a part of generic initial setup, libata layer sets up the +scatterlist for the command using the SCSI command (ata_scsi_qc_new()). +This command is then translated by the libata layer into +ATA_CMD_SET_FEATURES (ata_scsi_mode_select_xlat()). The libata layer treats +this as a non-data command (ata_mselect_caching()), since it only needs an +ATA taskfile to pass the caching on/off information to the device. It does +not need the scatterlist that has been setup, so it does not perform +dma_map_sg() on the scatterlist (ata_qc_issue()). Unfortunately, when this +command reaches the libsas layer (sas_ata_qc_issue()), libsas layer sees it +as a non-data command with a scatterlist. It cannot extract the correct DMA +length since the scatterlist has not been mapped with dma_map_sg() for a +DMA operation. When this partially constructed SAS task reaches pm80xx +LLDD, it results in the following warning: + +"pm80xx_chip_sata_req 6058: The sg list address +start_addr=0x0000000000000000 data_len=0x0end_addr_high=0xffffffff +end_addr_low=0xffffffff has crossed 4G boundary" + +Update libsas to handle ATA non-data commands separately so num_scatter and +total_xfer_len remain 0. + +Link: https://lore.kernel.org/r/20210318225632.2481291-1-jollys@google.com +Fixes: 53de092f47ff ("scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA") +Tested-by: Luo Jiaxing +Reviewed-by: John Garry +Signed-off-by: Jolly Shah +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/libsas/sas_ata.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +--- a/drivers/scsi/libsas/sas_ata.c ++++ b/drivers/scsi/libsas/sas_ata.c +@@ -219,18 +219,17 @@ static unsigned int sas_ata_qc_issue(str + memcpy(task->ata_task.atapi_packet, qc->cdb, qc->dev->cdb_len); + task->total_xfer_len = qc->nbytes; + task->num_scatter = qc->n_elem; ++ task->data_dir = qc->dma_dir; ++ } else if (qc->tf.protocol == ATA_PROT_NODATA) { ++ task->data_dir = DMA_NONE; + } else { + for_each_sg(qc->sg, sg, qc->n_elem, si) + xfer += sg_dma_len(sg); + + task->total_xfer_len = xfer; + task->num_scatter = si; +- } +- +- if (qc->tf.protocol == ATA_PROT_NODATA) +- task->data_dir = DMA_NONE; +- else + task->data_dir = qc->dma_dir; ++ } + task->scatter = qc->sg; + task->ata_task.retry_count = 1; + task->task_state_flags = SAS_TASK_STATE_PENDING; diff --git a/queue-4.14/series b/queue-4.14/series index c6584784f54..1f368b3c287 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -23,3 +23,12 @@ hid-wacom-set-ev_key-and-ev_abs-only-for-non-hid_generic-type-of-devices.patch readdir-make-sure-to-verify-directory-entry-for-legacy-interfaces-too.patch arm64-fix-inline-asm-in-load_unaligned_zeropad.patch arm64-alternatives-move-length-validation-in-alternative_-insn-endif.patch +scsi-libsas-reset-num_scatter-if-libata-marks-qc-as-nodata.patch +netfilter-conntrack-do-not-print-icmpv6-as-unknown-via-proc.patch +netfilter-nft_limit-avoid-possible-divide-error-in-nft_limit_init.patch +net-davicom-fix-regulator-not-turned-off-on-failed-probe.patch +net-sit-unregister-catch-all-devices.patch +i40e-fix-the-panic-when-running-bpf-in-xdpdrv-mode.patch +ibmvnic-avoid-calling-napi_disable-twice.patch +ibmvnic-remove-duplicate-napi_schedule-call-in-do_reset-function.patch +ibmvnic-remove-duplicate-napi_schedule-call-in-open-function.patch