From c0dee37026db030cada9c32606ed486e3b01ec03 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Tue, 17 Dec 2019 10:29:47 -0500 Subject: [PATCH] fixes for 5.3 Signed-off-by: Sasha Levin --- ...64-dts-allwinner-a64-re-add-pmu-node.patch | 61 ++++++++++ ...-check-bi_size-overflow-before-merge.patch | 47 ++++++++ ...-warn-when-incrementing-refcount-on-.patch | 75 ++++++++++++ ...te-tca_kind-attribute-in-tc_chain_tm.patch | 114 ++++++++++++++++++ ...-to-set-stripe_handle-for-batch-head.patch | 45 +++++++ ...-change-discovery-state-before-plogi.patch | 44 +++++++ queue-5.3/series | 7 ++ ...-another-issue-with-mic-buffer-space.patch | 60 +++++++++ 8 files changed, 453 insertions(+) create mode 100644 queue-5.3/arm64-dts-allwinner-a64-re-add-pmu-node.patch create mode 100644 queue-5.3/block-fix-check-bi_size-overflow-before-merge.patch create mode 100644 queue-5.3/edac-ghes-do-not-warn-when-incrementing-refcount-on-.patch create mode 100644 queue-5.3/net_sched-validate-tca_kind-attribute-in-tc_chain_tm.patch create mode 100644 queue-5.3/raid5-need-to-set-stripe_handle-for-batch-head.patch create mode 100644 queue-5.3/scsi-qla2xxx-change-discovery-state-before-plogi.patch create mode 100644 queue-5.3/sunrpc-fix-another-issue-with-mic-buffer-space.patch diff --git a/queue-5.3/arm64-dts-allwinner-a64-re-add-pmu-node.patch b/queue-5.3/arm64-dts-allwinner-a64-re-add-pmu-node.patch new file mode 100644 index 00000000000..d280c6ef7d0 --- /dev/null +++ b/queue-5.3/arm64-dts-allwinner-a64-re-add-pmu-node.patch @@ -0,0 +1,61 @@ +From 25e5445c630c69bd7e3d05d327e15d095651b195 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Nov 2019 11:06:51 +0000 +Subject: arm64: dts: allwinner: a64: Re-add PMU node + +From: Andre Przywara + +[ Upstream commit 6b832a148717f1718f57805a9a4aa7f092582d15 ] + +As it was found recently, the Performance Monitoring Unit (PMU) on the +Allwinner A64 SoC was not generating (the right) interrupts. With the +SPI numbers from the manual the kernel did not receive any overflow +interrupts, so perf was not happy at all. +It turns out that the numbers were just off by 4, so the PMU interrupts +are from 148 to 151, not from 152 to 155 as the manual describes. + +This was found by playing around with U-Boot, which typically does not +use interrupts, so the GIC is fully available for experimentation: +With *every* PPI and SPI enabled, an overflowing PMU cycle counter was +found to set a bit in one of the GICD_ISPENDR registers, with careful +counting this was determined to be number 148. + +Tested with perf record and perf top on a Pine64-LTS. Also tested with +tasksetting to every core to confirm the assignment between IRQs and +cores. + +This somewhat "revert-fixes" commit ed3e9406bcbc ("arm64: dts: allwinner: +a64: Drop PMU node"). + +Fixes: 34a97fcc71c2 ("arm64: dts: allwinner: a64: Add PMU node") +Fixes: ed3e9406bcbc ("arm64: dts: allwinner: a64: Drop PMU node") +Signed-off-by: Andre Przywara +Signed-off-by: Maxime Ripard +Signed-off-by: Sasha Levin +--- + arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi b/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi +index cd92f546c4838..1d362f625a405 100644 +--- a/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi ++++ b/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi +@@ -142,6 +142,15 @@ + clock-output-names = "ext-osc32k"; + }; + ++ pmu { ++ compatible = "arm,cortex-a53-pmu"; ++ interrupts = , ++ , ++ , ++ ; ++ interrupt-affinity = <&cpu0>, <&cpu1>, <&cpu2>, <&cpu3>; ++ }; ++ + psci { + compatible = "arm,psci-0.2"; + method = "smc"; +-- +2.20.1 + diff --git a/queue-5.3/block-fix-check-bi_size-overflow-before-merge.patch b/queue-5.3/block-fix-check-bi_size-overflow-before-merge.patch new file mode 100644 index 00000000000..3afb261ef26 --- /dev/null +++ b/queue-5.3/block-fix-check-bi_size-overflow-before-merge.patch @@ -0,0 +1,47 @@ +From 1866123cb4b67207441fcb73d86a919a46b73531 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 9 Dec 2019 20:11:14 +0100 +Subject: block: fix "check bi_size overflow before merge" + +From: Andreas Gruenbacher + +[ Upstream commit cc90bc68422318eb8e75b15cd74bc8d538a7df29 ] + +This partially reverts commit e3a5d8e386c3fb973fa75f2403622a8f3640ec06. + +Commit e3a5d8e386c3 ("check bi_size overflow before merge") adds a bio_full +check to __bio_try_merge_page. This will cause __bio_try_merge_page to fail +when the last bi_io_vec has been reached. Instead, what we want here is only +the bi_size overflow check. + +Fixes: e3a5d8e386c3 ("block: check bi_size overflow before merge") +Cc: stable@vger.kernel.org # v5.4+ +Reviewed-by: Ming Lei +Signed-off-by: Andreas Gruenbacher +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + block/bio.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/block/bio.c b/block/bio.c +index 31d56e7e2ce05..853e2a2ec4d9a 100644 +--- a/block/bio.c ++++ b/block/bio.c +@@ -769,10 +769,12 @@ bool __bio_try_merge_page(struct bio *bio, struct page *page, + if (WARN_ON_ONCE(bio_flagged(bio, BIO_CLONED))) + return false; + +- if (bio->bi_vcnt > 0 && !bio_full(bio, len)) { ++ if (bio->bi_vcnt > 0) { + struct bio_vec *bv = &bio->bi_io_vec[bio->bi_vcnt - 1]; + + if (page_is_mergeable(bv, page, len, off, same_page)) { ++ if (bio->bi_iter.bi_size > UINT_MAX - len) ++ return false; + bv->bv_len += len; + bio->bi_iter.bi_size += len; + return true; +-- +2.20.1 + diff --git a/queue-5.3/edac-ghes-do-not-warn-when-incrementing-refcount-on-.patch b/queue-5.3/edac-ghes-do-not-warn-when-incrementing-refcount-on-.patch new file mode 100644 index 00000000000..10a698c1b29 --- /dev/null +++ b/queue-5.3/edac-ghes-do-not-warn-when-incrementing-refcount-on-.patch @@ -0,0 +1,75 @@ +From a52af19555691d1d3c21d16758fe15585aa6ae9a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 21 Nov 2019 21:36:57 +0000 +Subject: EDAC/ghes: Do not warn when incrementing refcount on 0 + +From: Robert Richter + +[ Upstream commit 16214bd9e43a31683a7073664b000029bba00354 ] + +The following warning from the refcount framework is seen during ghes +initialization: + + EDAC MC0: Giving out device to module ghes_edac.c controller ghes_edac: DEV ghes (INTERRUPT) + ------------[ cut here ]------------ + refcount_t: increment on 0; use-after-free. + WARNING: CPU: 36 PID: 1 at lib/refcount.c:156 refcount_inc_checked + [...] + Call trace: + refcount_inc_checked + ghes_edac_register + ghes_probe + ... + +It warns if the refcount is incremented from zero. This warning is +reasonable as a kernel object is typically created with a refcount of +one and freed once the refcount is zero. Afterwards the object would be +"used-after-free". + +For GHES, the refcount is initialized with zero, and that is why this +message is seen when initializing the first instance. However, whenever +the refcount is zero, the device will be allocated and registered. Since +the ghes_reg_mutex protects the refcount and serializes allocation and +freeing of ghes devices, a use-after-free cannot happen here. + +Instead of using refcount_inc() for the first instance, use +refcount_set(). This can be used here because the refcount is zero at +this point and can not change due to its protection by the mutex. + +Fixes: 23f61b9fc5cc ("EDAC/ghes: Fix locking and memory barrier issues") +Reported-by: John Garry +Signed-off-by: Robert Richter +Signed-off-by: Borislav Petkov +Tested-by: John Garry +Cc: +Cc: James Morse +Cc: +Cc: linux-edac +Cc: Mauro Carvalho Chehab +Cc: +Cc: Tony Luck +Cc: +Link: https://lkml.kernel.org/r/20191121213628.21244-1-rrichter@marvell.com +Signed-off-by: Sasha Levin +--- + drivers/edac/ghes_edac.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/edac/ghes_edac.c b/drivers/edac/ghes_edac.c +index 1163c382d4a55..f9c17654045a5 100644 +--- a/drivers/edac/ghes_edac.c ++++ b/drivers/edac/ghes_edac.c +@@ -566,8 +566,8 @@ int ghes_edac_register(struct ghes *ghes, struct device *dev) + ghes_pvt = pvt; + spin_unlock_irqrestore(&ghes_lock, flags); + +- /* only increment on success */ +- refcount_inc(&ghes_refcount); ++ /* only set on success */ ++ refcount_set(&ghes_refcount, 1); + + unlock: + mutex_unlock(&ghes_reg_mutex); +-- +2.20.1 + diff --git a/queue-5.3/net_sched-validate-tca_kind-attribute-in-tc_chain_tm.patch b/queue-5.3/net_sched-validate-tca_kind-attribute-in-tc_chain_tm.patch new file mode 100644 index 00000000000..af771360164 --- /dev/null +++ b/queue-5.3/net_sched-validate-tca_kind-attribute-in-tc_chain_tm.patch @@ -0,0 +1,114 @@ +From 7ef9ac4c824bb54c892917928966ef771f9ea67d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 7 Dec 2019 11:34:45 -0800 +Subject: net_sched: validate TCA_KIND attribute in tc_chain_tmplt_add() + +From: Eric Dumazet + +[ Upstream commit 2dd5616ecdcebdf5a8d007af64e040d4e9214efe ] + +Use the new tcf_proto_check_kind() helper to make sure user +provided value is well formed. + +BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:606 [inline] +BUG: KMSAN: uninit-value in string+0x4be/0x600 lib/vsprintf.c:668 +CPU: 0 PID: 12358 Comm: syz-executor.1 Not tainted 5.4.0-rc8-syzkaller #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +Call Trace: + __dump_stack lib/dump_stack.c:77 [inline] + dump_stack+0x1c9/0x220 lib/dump_stack.c:118 + kmsan_report+0x128/0x220 mm/kmsan/kmsan_report.c:108 + __msan_warning+0x64/0xc0 mm/kmsan/kmsan_instr.c:245 + string_nocheck lib/vsprintf.c:606 [inline] + string+0x4be/0x600 lib/vsprintf.c:668 + vsnprintf+0x218f/0x3210 lib/vsprintf.c:2510 + __request_module+0x2b1/0x11c0 kernel/kmod.c:143 + tcf_proto_lookup_ops+0x171/0x700 net/sched/cls_api.c:139 + tc_chain_tmplt_add net/sched/cls_api.c:2730 [inline] + tc_ctl_chain+0x1904/0x38a0 net/sched/cls_api.c:2850 + rtnetlink_rcv_msg+0x115a/0x1580 net/core/rtnetlink.c:5224 + netlink_rcv_skb+0x431/0x620 net/netlink/af_netlink.c:2477 + rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:5242 + netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline] + netlink_unicast+0xf3e/0x1020 net/netlink/af_netlink.c:1328 + netlink_sendmsg+0x110f/0x1330 net/netlink/af_netlink.c:1917 + sock_sendmsg_nosec net/socket.c:637 [inline] + sock_sendmsg net/socket.c:657 [inline] + ___sys_sendmsg+0x14ff/0x1590 net/socket.c:2311 + __sys_sendmsg net/socket.c:2356 [inline] + __do_sys_sendmsg net/socket.c:2365 [inline] + __se_sys_sendmsg+0x305/0x460 net/socket.c:2363 + __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2363 + do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 +RIP: 0033:0x45a649 +Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 +RSP: 002b:00007f0790795c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e +RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a649 +RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000006 +RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 +R10: 0000000000000000 R11: 0000000000000246 R12: 00007f07907966d4 +R13: 00000000004c8db5 R14: 00000000004df630 R15: 00000000ffffffff + +Uninit was created at: + kmsan_save_stack_with_flags mm/kmsan/kmsan.c:149 [inline] + kmsan_internal_poison_shadow+0x5c/0x110 mm/kmsan/kmsan.c:132 + kmsan_slab_alloc+0x97/0x100 mm/kmsan/kmsan_hooks.c:86 + slab_alloc_node mm/slub.c:2773 [inline] + __kmalloc_node_track_caller+0xe27/0x11a0 mm/slub.c:4381 + __kmalloc_reserve net/core/skbuff.c:141 [inline] + __alloc_skb+0x306/0xa10 net/core/skbuff.c:209 + alloc_skb include/linux/skbuff.h:1049 [inline] + netlink_alloc_large_skb net/netlink/af_netlink.c:1174 [inline] + netlink_sendmsg+0x783/0x1330 net/netlink/af_netlink.c:1892 + sock_sendmsg_nosec net/socket.c:637 [inline] + sock_sendmsg net/socket.c:657 [inline] + ___sys_sendmsg+0x14ff/0x1590 net/socket.c:2311 + __sys_sendmsg net/socket.c:2356 [inline] + __do_sys_sendmsg net/socket.c:2365 [inline] + __se_sys_sendmsg+0x305/0x460 net/socket.c:2363 + __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2363 + do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + +Fixes: 6f96c3c6904c ("net_sched: fix backward compatibility for TCA_KIND") +Signed-off-by: Eric Dumazet +Reported-by: syzbot +Acked-by: Cong Wang +Cc: Marcelo Ricardo Leitner +Cc: Jamal Hadi Salim +Cc: Jiri Pirko +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/sched/cls_api.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c +index 5c1769999a92e..758ca7e5304ca 100644 +--- a/net/sched/cls_api.c ++++ b/net/sched/cls_api.c +@@ -2854,13 +2854,19 @@ static int tc_chain_tmplt_add(struct tcf_chain *chain, struct net *net, + struct netlink_ext_ack *extack) + { + const struct tcf_proto_ops *ops; ++ char name[IFNAMSIZ]; + void *tmplt_priv; + + /* If kind is not set, user did not specify template. */ + if (!tca[TCA_KIND]) + return 0; + +- ops = tcf_proto_lookup_ops(nla_data(tca[TCA_KIND]), true, extack); ++ if (tcf_proto_check_kind(tca[TCA_KIND], name)) { ++ NL_SET_ERR_MSG(extack, "Specified TC chain template name too long"); ++ return -EINVAL; ++ } ++ ++ ops = tcf_proto_lookup_ops(name, true, extack); + if (IS_ERR(ops)) + return PTR_ERR(ops); + if (!ops->tmplt_create || !ops->tmplt_destroy || !ops->tmplt_dump) { +-- +2.20.1 + diff --git a/queue-5.3/raid5-need-to-set-stripe_handle-for-batch-head.patch b/queue-5.3/raid5-need-to-set-stripe_handle-for-batch-head.patch new file mode 100644 index 00000000000..fb245493e9e --- /dev/null +++ b/queue-5.3/raid5-need-to-set-stripe_handle-for-batch-head.patch @@ -0,0 +1,45 @@ +From 5e217b7d6f47435cf271bfc6d84e4240b2fea1cf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 27 Nov 2019 17:57:50 +0100 +Subject: raid5: need to set STRIPE_HANDLE for batch head + +From: Guoqing Jiang + +[ Upstream commit a7ede3d16808b8f3915c8572d783530a82b2f027 ] + +With commit 6ce220dd2f8ea71d6afc29b9a7524c12e39f374a ("raid5: don't set +STRIPE_HANDLE to stripe which is in batch list"), we don't want to set +STRIPE_HANDLE flag for sh which is already in batch list. + +However, the stripe which is the head of batch list should set this flag, +otherwise panic could happen inside init_stripe at BUG_ON(sh->batch_head), +it is reproducible with raid5 on top of nvdimm devices per Xiao oberserved. + +Thanks for Xiao's effort to verify the change. + +Fixes: 6ce220dd2f8ea ("raid5: don't set STRIPE_HANDLE to stripe which is in batch list") +Reported-by: Xiao Ni +Tested-by: Xiao Ni +Signed-off-by: Guoqing Jiang +Signed-off-by: Song Liu +Signed-off-by: Sasha Levin +--- + drivers/md/raid5.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c +index 7c18dfd343b4f..3ffc1ae2fe72f 100644 +--- a/drivers/md/raid5.c ++++ b/drivers/md/raid5.c +@@ -5721,7 +5721,7 @@ static bool raid5_make_request(struct mddev *mddev, struct bio * bi) + do_flush = false; + } + +- if (!sh->batch_head) ++ if (!sh->batch_head || sh == sh->batch_head) + set_bit(STRIPE_HANDLE, &sh->state); + clear_bit(STRIPE_DELAYED, &sh->state); + if ((!sh->batch_head || sh == sh->batch_head) && +-- +2.20.1 + diff --git a/queue-5.3/scsi-qla2xxx-change-discovery-state-before-plogi.patch b/queue-5.3/scsi-qla2xxx-change-discovery-state-before-plogi.patch new file mode 100644 index 00000000000..b4439ffe21f --- /dev/null +++ b/queue-5.3/scsi-qla2xxx-change-discovery-state-before-plogi.patch @@ -0,0 +1,44 @@ +From 611796ab9d3ace27b950c75b66c5ca7e7cd9ca81 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 25 Nov 2019 19:56:54 +0300 +Subject: scsi: qla2xxx: Change discovery state before PLOGI + +From: Roman Bolshakov + +[ Upstream commit 58e39a2ce4be08162c0368030cdc405f7fd849aa ] + +When a port sends PLOGI, discovery state should be changed to login +pending, otherwise RELOGIN_NEEDED bit is set in +qla24xx_handle_plogi_done_event(). RELOGIN_NEEDED triggers another PLOGI, +and it never goes out of the loop until login timer expires. + +Fixes: 8777e4314d397 ("scsi: qla2xxx: Migrate NVME N2N handling into state machine") +Fixes: 8b5292bcfcacf ("scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag") +Cc: Quinn Tran +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20191125165702.1013-6-r.bolshakov@yadro.com +Acked-by: Himanshu Madhani +Reviewed-by: Hannes Reinecke +Tested-by: Hannes Reinecke +Signed-off-by: Roman Bolshakov +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/qla2xxx/qla_init.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c +index b84afef37f70b..646fe7fe91b29 100644 +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -542,6 +542,7 @@ static int qla_post_els_plogi_work(struct scsi_qla_host *vha, fc_port_t *fcport) + + e->u.fcport.fcport = fcport; + fcport->flags |= FCF_ASYNC_ACTIVE; ++ fcport->disc_state = DSC_LOGIN_PEND; + return qla2x00_post_work(vha, e); + } + +-- +2.20.1 + diff --git a/queue-5.3/series b/queue-5.3/series index 6c167e444be..d8f8e59b622 100644 --- a/queue-5.3/series +++ b/queue-5.3/series @@ -180,3 +180,10 @@ splice-only-read-in-as-much-information-as-there-is-pipe-buffer-space.patch ext4-fix-a-bug-in-ext4_wait_for_tail_page_commit.patch blk-mq-make-sure-that-line-break-can-be-printed.patch workqueue-fix-missing-kfree-rescuer-in-destroy_workqueue.patch +raid5-need-to-set-stripe_handle-for-batch-head.patch +scsi-qla2xxx-change-discovery-state-before-plogi.patch +sunrpc-fix-another-issue-with-mic-buffer-space.patch +net_sched-validate-tca_kind-attribute-in-tc_chain_tm.patch +arm64-dts-allwinner-a64-re-add-pmu-node.patch +block-fix-check-bi_size-overflow-before-merge.patch +edac-ghes-do-not-warn-when-incrementing-refcount-on-.patch diff --git a/queue-5.3/sunrpc-fix-another-issue-with-mic-buffer-space.patch b/queue-5.3/sunrpc-fix-another-issue-with-mic-buffer-space.patch new file mode 100644 index 00000000000..e0a0c6b3fac --- /dev/null +++ b/queue-5.3/sunrpc-fix-another-issue-with-mic-buffer-space.patch @@ -0,0 +1,60 @@ +From d913dd78dda0cec2b0a79882131f5c7eb79cb7ef Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Nov 2019 08:39:07 -0500 +Subject: SUNRPC: Fix another issue with MIC buffer space + +From: Chuck Lever + +[ Upstream commit e8d70b321ecc9b23d09b8df63e38a2f73160c209 ] + +xdr_shrink_pagelen() BUG's when @len is larger than buf->page_len. +This can happen when xdr_buf_read_mic() is given an xdr_buf with +a small page array (like, only a few bytes). + +Instead, just cap the number of bytes that xdr_shrink_pagelen() +will move. + +Fixes: 5f1bc39979d ("SUNRPC: Fix buffer handling of GSS MIC ... ") +Signed-off-by: Chuck Lever +Reviewed-by: Benjamin Coddington +Signed-off-by: Trond Myklebust +Signed-off-by: Sasha Levin +--- + net/sunrpc/xdr.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c +index b256806d69cd8..db116fc8ff445 100644 +--- a/net/sunrpc/xdr.c ++++ b/net/sunrpc/xdr.c +@@ -436,13 +436,12 @@ xdr_shrink_bufhead(struct xdr_buf *buf, size_t len) + } + + /** +- * xdr_shrink_pagelen ++ * xdr_shrink_pagelen - shrinks buf->pages by up to @len bytes + * @buf: xdr_buf + * @len: bytes to remove from buf->pages + * +- * Shrinks XDR buffer's page array buf->pages by +- * 'len' bytes. The extra data is not lost, but is instead +- * moved into the tail. ++ * The extra data is not lost, but is instead moved into buf->tail. ++ * Returns the actual number of bytes moved. + */ + static unsigned int + xdr_shrink_pagelen(struct xdr_buf *buf, size_t len) +@@ -455,8 +454,8 @@ xdr_shrink_pagelen(struct xdr_buf *buf, size_t len) + + result = 0; + tail = buf->tail; +- BUG_ON (len > pglen); +- ++ if (len > buf->page_len) ++ len = buf-> page_len; + tailbuf_len = buf->buflen - buf->head->iov_len - buf->page_len; + + /* Shift the tail first */ +-- +2.20.1 + -- 2.47.3