From fbd5ae62b3edc287c7d802657e1d99db3325ff6b Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 4 Nov 2019 14:31:50 +0100
Subject: [PATCH] drop blackhole_netdev-fix-syzkaller-reported-issue.patch from
 4.19 4.14

---
 ..._netdev-fix-syzkaller-reported-issue.patch | 113 ------------------
 queue-4.14/series                             |   1 -
 ..._netdev-fix-syzkaller-reported-issue.patch | 113 ------------------
 queue-4.19/series                             |   1 -
 4 files changed, 228 deletions(-)
 delete mode 100644 queue-4.14/blackhole_netdev-fix-syzkaller-reported-issue.patch
 delete mode 100644 queue-4.19/blackhole_netdev-fix-syzkaller-reported-issue.patch

diff --git a/queue-4.14/blackhole_netdev-fix-syzkaller-reported-issue.patch b/queue-4.14/blackhole_netdev-fix-syzkaller-reported-issue.patch
deleted file mode 100644
index bcf8a0b9674..00000000000
--- a/queue-4.14/blackhole_netdev-fix-syzkaller-reported-issue.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From b0818f80c8c1bc215bba276bd61c216014fab23b Mon Sep 17 00:00:00 2001
-From: Mahesh Bandewar <maheshb@google.com>
-Date: Fri, 11 Oct 2019 18:14:55 -0700
-Subject: blackhole_netdev: fix syzkaller reported issue
-
-From: Mahesh Bandewar <maheshb@google.com>
-
-commit b0818f80c8c1bc215bba276bd61c216014fab23b upstream.
-
-While invalidating the dst, we assign backhole_netdev instead of
-loopback device. However, this device does not have idev pointer
-and hence no ip6_ptr even if IPv6 is enabled. Possibly this has
-triggered the syzbot reported crash.
-
-The syzbot report does not have reproducer, however, this is the
-only device that doesn't have matching idev created.
-
-Crash instruction is :
-
-static inline bool ip6_ignore_linkdown(const struct net_device *dev)
-{
-        const struct inet6_dev *idev = __in6_dev_get(dev);
-
-        return !!idev->cnf.ignore_routes_with_linkdown; <= crash
-}
-
-Also ipv6 always assumes presence of idev and never checks for it
-being NULL (as does the above referenced code). So adding a idev
-for the blackhole_netdev to avoid this class of crashes in the future.
-
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- net/ipv6/addrconf.c |    7 ++++++-
- net/ipv6/route.c    |   15 ++++++---------
- 2 files changed, 12 insertions(+), 10 deletions(-)
-
---- a/net/ipv6/addrconf.c
-+++ b/net/ipv6/addrconf.c
-@@ -6550,7 +6550,7 @@ static struct rtnl_af_ops inet6_ops __re
- 
- int __init addrconf_init(void)
- {
--	struct inet6_dev *idev;
-+	struct inet6_dev *idev, *bdev;
- 	int i, err;
- 
- 	err = ipv6_addr_label_init();
-@@ -6590,10 +6590,14 @@ int __init addrconf_init(void)
- 	 */
- 	rtnl_lock();
- 	idev = ipv6_add_dev(init_net.loopback_dev);
-+	bdev = ipv6_add_dev(blackhole_netdev);
- 	rtnl_unlock();
- 	if (IS_ERR(idev)) {
- 		err = PTR_ERR(idev);
- 		goto errlo;
-+	} else if (IS_ERR(bdev)) {
-+		err = PTR_ERR(bdev);
-+		goto errlo;
- 	}
- 
- 	ip6_route_init_special_entries();
-@@ -6660,6 +6664,7 @@ void addrconf_cleanup(void)
- 		addrconf_ifdown(dev, 1);
- 	}
- 	addrconf_ifdown(init_net.loopback_dev, 2);
-+	addrconf_ifdown(blackhole_netdev, 2);
- 
- 	/*
- 	 *	Check hash table.
---- a/net/ipv6/route.c
-+++ b/net/ipv6/route.c
-@@ -148,10 +148,9 @@ static void rt6_uncached_list_del(struct
- 
- static void rt6_uncached_list_flush_dev(struct net *net, struct net_device *dev)
- {
--	struct net_device *loopback_dev = net->loopback_dev;
- 	int cpu;
- 
--	if (dev == loopback_dev)
-+	if (dev == net->loopback_dev)
- 		return;
- 
- 	for_each_possible_cpu(cpu) {
-@@ -164,7 +163,7 @@ static void rt6_uncached_list_flush_dev(
- 			struct net_device *rt_dev = rt->dst.dev;
- 
- 			if (rt_idev->dev == dev) {
--				rt->rt6i_idev = in6_dev_get(loopback_dev);
-+				rt->rt6i_idev = in6_dev_get(blackhole_netdev);
- 				in6_dev_put(rt_idev);
- 			}
- 
-@@ -414,13 +413,11 @@ static void ip6_dst_ifdown(struct dst_en
- {
- 	struct rt6_info *rt = (struct rt6_info *)dst;
- 	struct inet6_dev *idev = rt->rt6i_idev;
--	struct net_device *loopback_dev =
--		dev_net(dev)->loopback_dev;
- 
--	if (idev && idev->dev != loopback_dev) {
--		struct inet6_dev *loopback_idev = in6_dev_get(loopback_dev);
--		if (loopback_idev) {
--			rt->rt6i_idev = loopback_idev;
-+	if (idev && idev->dev != dev_net(dev)->loopback_dev) {
-+		struct inet6_dev *ibdev = in6_dev_get(blackhole_netdev);
-+		if (ibdev) {
-+			rt->rt6i_idev = ibdev;
- 			in6_dev_put(idev);
- 		}
- 	}
diff --git a/queue-4.14/series b/queue-4.14/series
index 093667d31bb..9233b4d161a 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -86,7 +86,6 @@ llc-fix-sk_buff-leak-in-llc_conn_service.patch
 rxrpc-fix-call-ref-leak.patch
 nfc-pn533-fix-use-after-free-and-memleaks.patch
 bonding-fix-potential-null-deref-in-bond_update_slave_arr.patch
-blackhole_netdev-fix-syzkaller-reported-issue.patch
 net-usb-sr9800-fix-uninitialized-local-variable.patch
 sch_netem-fix-rcu-splat-in-netem_enqueue.patch
 sctp-fix-the-issue-that-flags-are-ignored-when-using-kernel_connect.patch
diff --git a/queue-4.19/blackhole_netdev-fix-syzkaller-reported-issue.patch b/queue-4.19/blackhole_netdev-fix-syzkaller-reported-issue.patch
deleted file mode 100644
index a6f9719361c..00000000000
--- a/queue-4.19/blackhole_netdev-fix-syzkaller-reported-issue.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From b0818f80c8c1bc215bba276bd61c216014fab23b Mon Sep 17 00:00:00 2001
-From: Mahesh Bandewar <maheshb@google.com>
-Date: Fri, 11 Oct 2019 18:14:55 -0700
-Subject: blackhole_netdev: fix syzkaller reported issue
-
-From: Mahesh Bandewar <maheshb@google.com>
-
-commit b0818f80c8c1bc215bba276bd61c216014fab23b upstream.
-
-While invalidating the dst, we assign backhole_netdev instead of
-loopback device. However, this device does not have idev pointer
-and hence no ip6_ptr even if IPv6 is enabled. Possibly this has
-triggered the syzbot reported crash.
-
-The syzbot report does not have reproducer, however, this is the
-only device that doesn't have matching idev created.
-
-Crash instruction is :
-
-static inline bool ip6_ignore_linkdown(const struct net_device *dev)
-{
-        const struct inet6_dev *idev = __in6_dev_get(dev);
-
-        return !!idev->cnf.ignore_routes_with_linkdown; <= crash
-}
-
-Also ipv6 always assumes presence of idev and never checks for it
-being NULL (as does the above referenced code). So adding a idev
-for the blackhole_netdev to avoid this class of crashes in the future.
-
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- net/ipv6/addrconf.c |    7 ++++++-
- net/ipv6/route.c    |   15 ++++++---------
- 2 files changed, 12 insertions(+), 10 deletions(-)
-
---- a/net/ipv6/addrconf.c
-+++ b/net/ipv6/addrconf.c
-@@ -6704,7 +6704,7 @@ static struct rtnl_af_ops inet6_ops __re
- 
- int __init addrconf_init(void)
- {
--	struct inet6_dev *idev;
-+	struct inet6_dev *idev, *bdev;
- 	int i, err;
- 
- 	err = ipv6_addr_label_init();
-@@ -6744,10 +6744,14 @@ int __init addrconf_init(void)
- 	 */
- 	rtnl_lock();
- 	idev = ipv6_add_dev(init_net.loopback_dev);
-+	bdev = ipv6_add_dev(blackhole_netdev);
- 	rtnl_unlock();
- 	if (IS_ERR(idev)) {
- 		err = PTR_ERR(idev);
- 		goto errlo;
-+	} else if (IS_ERR(bdev)) {
-+		err = PTR_ERR(bdev);
-+		goto errlo;
- 	}
- 
- 	ip6_route_init_special_entries();
-@@ -6832,6 +6836,7 @@ void addrconf_cleanup(void)
- 		addrconf_ifdown(dev, 1);
- 	}
- 	addrconf_ifdown(init_net.loopback_dev, 2);
-+	addrconf_ifdown(blackhole_netdev, 2);
- 
- 	/*
- 	 *	Check hash table.
---- a/net/ipv6/route.c
-+++ b/net/ipv6/route.c
-@@ -158,10 +158,9 @@ void rt6_uncached_list_del(struct rt6_in
- 
- static void rt6_uncached_list_flush_dev(struct net *net, struct net_device *dev)
- {
--	struct net_device *loopback_dev = net->loopback_dev;
- 	int cpu;
- 
--	if (dev == loopback_dev)
-+	if (dev == net->loopback_dev)
- 		return;
- 
- 	for_each_possible_cpu(cpu) {
-@@ -174,7 +173,7 @@ static void rt6_uncached_list_flush_dev(
- 			struct net_device *rt_dev = rt->dst.dev;
- 
- 			if (rt_idev->dev == dev) {
--				rt->rt6i_idev = in6_dev_get(loopback_dev);
-+				rt->rt6i_idev = in6_dev_get(blackhole_netdev);
- 				in6_dev_put(rt_idev);
- 			}
- 
-@@ -391,13 +390,11 @@ static void ip6_dst_ifdown(struct dst_en
- {
- 	struct rt6_info *rt = (struct rt6_info *)dst;
- 	struct inet6_dev *idev = rt->rt6i_idev;
--	struct net_device *loopback_dev =
--		dev_net(dev)->loopback_dev;
- 
--	if (idev && idev->dev != loopback_dev) {
--		struct inet6_dev *loopback_idev = in6_dev_get(loopback_dev);
--		if (loopback_idev) {
--			rt->rt6i_idev = loopback_idev;
-+	if (idev && idev->dev != dev_net(dev)->loopback_dev) {
-+		struct inet6_dev *ibdev = in6_dev_get(blackhole_netdev);
-+		if (ibdev) {
-+			rt->rt6i_idev = ibdev;
- 			in6_dev_put(idev);
- 		}
- 	}
diff --git a/queue-4.19/series b/queue-4.19/series
index 97c197f6bf0..865084917ae 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -139,6 +139,5 @@ rxrpc-rxrpc_peer-needs-to-hold-a-ref-on-the-rxrpc_local-record.patch
 rxrpc-fix-trace-after-put-looking-at-the-put-peer-record.patch
 nfc-pn533-fix-use-after-free-and-memleaks.patch
 bonding-fix-potential-null-deref-in-bond_update_slave_arr.patch
-blackhole_netdev-fix-syzkaller-reported-issue.patch
 net-usb-sr9800-fix-uninitialized-local-variable.patch
 sch_netem-fix-rcu-splat-in-netem_enqueue.patch
-- 
2.47.2