From 17925e92ff9ca6a56494e9b15350d1bacbd24e8e Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 30 Jan 2024 10:31:35 -0800
Subject: [PATCH] 4.19-stable patches

added patches:
	net-sched-cbs-fix-not-adding-cbs-instance-to-list.patch
---
 ...-fix-not-adding-cbs-instance-to-list.patch | 169 ++++++++++++++++++
 queue-4.19/series                             |   1 +
 2 files changed, 170 insertions(+)
 create mode 100644 queue-4.19/net-sched-cbs-fix-not-adding-cbs-instance-to-list.patch

diff --git a/queue-4.19/net-sched-cbs-fix-not-adding-cbs-instance-to-list.patch b/queue-4.19/net-sched-cbs-fix-not-adding-cbs-instance-to-list.patch
new file mode 100644
index 00000000000..d00451043d1
--- /dev/null
+++ b/queue-4.19/net-sched-cbs-fix-not-adding-cbs-instance-to-list.patch
@@ -0,0 +1,169 @@
+From 3e8b9bfa110896f95d602d8c98d5f9d67e41d78c Mon Sep 17 00:00:00 2001
+From: Vinicius Costa Gomes <vinicius.gomes@intel.com>
+Date: Mon, 23 Sep 2019 22:04:58 -0700
+Subject: net/sched: cbs: Fix not adding cbs instance to list
+
+From: Vinicius Costa Gomes <vinicius.gomes@intel.com>
+
+commit 3e8b9bfa110896f95d602d8c98d5f9d67e41d78c upstream.
+
+When removing a cbs instance when offloading is enabled, the crash
+below can be observed.
+
+The problem happens because that when offloading is enabled, the cbs
+instance is not added to the list.
+
+Also, the current code doesn't handle correctly the case when offload
+is disabled without removing the qdisc: if the link speed changes the
+credit calculations will be wrong. When we create the cbs instance
+with offloading enabled, it's not added to the notification list, when
+later we disable offloading, it's not in the list, so link speed
+changes will not affect it.
+
+The solution for both issues is the same, add the cbs instance being
+created unconditionally to the global list, even if the link state
+notification isn't useful "right now".
+
+Crash log:
+
+[518758.189866] BUG: kernel NULL pointer dereference, address: 0000000000000000
+[518758.189870] #PF: supervisor read access in kernel mode
+[518758.189871] #PF: error_code(0x0000) - not-present page
+[518758.189872] PGD 0 P4D 0
+[518758.189874] Oops: 0000 [#1] SMP PTI
+[518758.189876] CPU: 3 PID: 4825 Comm: tc Not tainted 5.2.9 #1
+[518758.189877] Hardware name: Gigabyte Technology Co., Ltd. Z390 AORUS ULTRA/Z390 AORUS ULTRA-CF, BIOS F7 03/14/2019
+[518758.189881] RIP: 0010:__list_del_entry_valid+0x29/0xa0
+[518758.189883] Code: 90 48 b8 00 01 00 00 00 00 ad de 55 48 8b 17 4c 8b 47 08 48 89 e5 48 39 c2 74 27 48 b8 00 02 00 00 00 00 ad de 49 39 c0 74 2d <49> 8b 30 48 39 fe 75 3d 48 8b 52 08 48 39 f2 75 4c b8 01 00 00 00
+[518758.189885] RSP: 0018:ffffa27e43903990 EFLAGS: 00010207
+[518758.189887] RAX: dead000000000200 RBX: ffff8bce69f0f000 RCX: 0000000000000000
+[518758.189888] RDX: 0000000000000000 RSI: ffff8bce69f0f064 RDI: ffff8bce69f0f1e0
+[518758.189890] RBP: ffffa27e43903990 R08: 0000000000000000 R09: ffff8bce69e788c0
+[518758.189891] R10: ffff8bce62acd400 R11: 00000000000003cb R12: ffff8bce69e78000
+[518758.189892] R13: ffff8bce69f0f140 R14: 0000000000000000 R15: 0000000000000000
+[518758.189894] FS:  00007fa1572c8f80(0000) GS:ffff8bce6e0c0000(0000) knlGS:0000000000000000
+[518758.189895] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[518758.189896] CR2: 0000000000000000 CR3: 000000040a398006 CR4: 00000000003606e0
+[518758.189898] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[518758.189899] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[518758.189900] Call Trace:
+[518758.189904]  cbs_destroy+0x32/0xa0 [sch_cbs]
+[518758.189906]  qdisc_destroy+0x45/0x120
+[518758.189907]  qdisc_put+0x25/0x30
+[518758.189908]  qdisc_graft+0x2c1/0x450
+[518758.189910]  tc_get_qdisc+0x1c8/0x310
+[518758.189912]  ? get_page_from_freelist+0x91a/0xcb0
+[518758.189914]  rtnetlink_rcv_msg+0x293/0x360
+[518758.189916]  ? kmem_cache_alloc_node_trace+0x178/0x260
+[518758.189918]  ? __kmalloc_node_track_caller+0x38/0x50
+[518758.189920]  ? rtnl_calcit.isra.0+0xf0/0xf0
+[518758.189922]  netlink_rcv_skb+0x48/0x110
+[518758.189923]  rtnetlink_rcv+0x10/0x20
+[518758.189925]  netlink_unicast+0x15b/0x1d0
+[518758.189926]  netlink_sendmsg+0x1ea/0x380
+[518758.189929]  sock_sendmsg+0x2f/0x40
+[518758.189930]  ___sys_sendmsg+0x295/0x2f0
+[518758.189932]  ? ___sys_recvmsg+0x151/0x1e0
+[518758.189933]  ? do_wp_page+0x7e/0x450
+[518758.189935]  __sys_sendmsg+0x48/0x80
+[518758.189937]  __x64_sys_sendmsg+0x1a/0x20
+[518758.189939]  do_syscall_64+0x53/0x1f0
+[518758.189941]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
+[518758.189942] RIP: 0033:0x7fa15755169a
+[518758.189944] Code: 48 c7 c0 ff ff ff ff eb be 0f 1f 80 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 18 b8 2e 00 00 00 c5 fc 77 0f 05 <48> 3d 00 f0 ff ff 77 5e c3 0f 1f 44 00 00 48 83 ec 28 89 54 24 1c
+[518758.189946] RSP: 002b:00007ffda58b60b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
+[518758.189948] RAX: ffffffffffffffda RBX: 000055e4b836d9a0 RCX: 00007fa15755169a
+[518758.189949] RDX: 0000000000000000 RSI: 00007ffda58b6128 RDI: 0000000000000003
+[518758.189951] RBP: 00007ffda58b6190 R08: 0000000000000001 R09: 000055e4b9d848a0
+[518758.189952] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005d654b49
+[518758.189953] R13: 0000000000000000 R14: 00007ffda58b6230 R15: 00007ffda58b6210
+[518758.189955] Modules linked in: sch_cbs sch_etf sch_mqprio netlink_diag unix_diag e1000e igb intel_pch_thermal thermal video backlight pcc_cpufreq
+[518758.189960] CR2: 0000000000000000
+[518758.189961] ---[ end trace 6a13f7aaf5376019 ]---
+[518758.189963] RIP: 0010:__list_del_entry_valid+0x29/0xa0
+[518758.189964] Code: 90 48 b8 00 01 00 00 00 00 ad de 55 48 8b 17 4c 8b 47 08 48 89 e5 48 39 c2 74 27 48 b8 00 02 00 00 00 00 ad de 49 39 c0 74 2d <49> 8b 30 48 39 fe 75 3d 48 8b 52 08 48 39 f2 75 4c b8 01 00 00 00
+[518758.189967] RSP: 0018:ffffa27e43903990 EFLAGS: 00010207
+[518758.189968] RAX: dead000000000200 RBX: ffff8bce69f0f000 RCX: 0000000000000000
+[518758.189969] RDX: 0000000000000000 RSI: ffff8bce69f0f064 RDI: ffff8bce69f0f1e0
+[518758.189971] RBP: ffffa27e43903990 R08: 0000000000000000 R09: ffff8bce69e788c0
+[518758.189972] R10: ffff8bce62acd400 R11: 00000000000003cb R12: ffff8bce69e78000
+[518758.189973] R13: ffff8bce69f0f140 R14: 0000000000000000 R15: 0000000000000000
+[518758.189975] FS:  00007fa1572c8f80(0000) GS:ffff8bce6e0c0000(0000) knlGS:0000000000000000
+[518758.189976] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[518758.189977] CR2: 0000000000000000 CR3: 000000040a398006 CR4: 00000000003606e0
+[518758.189979] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[518758.189980] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+
+Fixes: e0a7683d30e9 ("net/sched: cbs: fix port_rate miscalculation")
+Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
+Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sched/sch_cbs.c |   30 +++++++++++++-----------------
+ 1 file changed, 13 insertions(+), 17 deletions(-)
+
+--- a/net/sched/sch_cbs.c
++++ b/net/sched/sch_cbs.c
+@@ -405,7 +405,6 @@ static int cbs_init(struct Qdisc *sch, s
+ {
+ 	struct cbs_sched_data *q = qdisc_priv(sch);
+ 	struct net_device *dev = qdisc_dev(sch);
+-	int err;
+ 
+ 	if (!opt) {
+ 		NL_SET_ERR_MSG(extack, "Missing CBS qdisc options  which are mandatory");
+@@ -417,6 +416,10 @@ static int cbs_init(struct Qdisc *sch, s
+ 	if (!q->qdisc)
+ 		return -ENOMEM;
+ 
++	spin_lock(&cbs_list_lock);
++	list_add(&q->cbs_list, &cbs_list);
++	spin_unlock(&cbs_list_lock);
++
+ 	qdisc_hash_add(q->qdisc, false);
+ 
+ 	q->queue = sch->dev_queue - netdev_get_tx_queue(dev, 0);
+@@ -426,17 +429,7 @@ static int cbs_init(struct Qdisc *sch, s
+ 
+ 	qdisc_watchdog_init(&q->watchdog, sch);
+ 
+-	err = cbs_change(sch, opt, extack);
+-	if (err)
+-		return err;
+-
+-	if (!q->offload) {
+-		spin_lock(&cbs_list_lock);
+-		list_add(&q->cbs_list, &cbs_list);
+-		spin_unlock(&cbs_list_lock);
+-	}
+-
+-	return 0;
++	return cbs_change(sch, opt, extack);
+ }
+ 
+ static void cbs_destroy(struct Qdisc *sch)
+@@ -444,15 +437,18 @@ static void cbs_destroy(struct Qdisc *sc
+ 	struct cbs_sched_data *q = qdisc_priv(sch);
+ 	struct net_device *dev = qdisc_dev(sch);
+ 
+-	spin_lock(&cbs_list_lock);
+-	list_del(&q->cbs_list);
+-	spin_unlock(&cbs_list_lock);
++	/* Nothing to do if we couldn't create the underlying qdisc */
++	if (!q->qdisc)
++		return;
+ 
+ 	qdisc_watchdog_cancel(&q->watchdog);
+ 	cbs_disable_offload(dev, q);
+ 
+-	if (q->qdisc)
+-		qdisc_put(q->qdisc);
++	spin_lock(&cbs_list_lock);
++	list_del(&q->cbs_list);
++	spin_unlock(&cbs_list_lock);
++
++	qdisc_put(q->qdisc);
+ }
+ 
+ static int cbs_dump(struct Qdisc *sch, struct sk_buff *skb)
diff --git a/queue-4.19/series b/queue-4.19/series
index cc76e050bd1..9ac594f4ab2 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -46,3 +46,4 @@ gpio-eic-sprd-clear-interrupt-after-set-the-interrup.patch
 mips-call-lose_fpu-0-before-initializing-fcr31-in-mips_set_personality_nan.patch
 tick-sched-preserve-number-of-idle-sleeps-across-cpu-hotplug-events.patch
 x86-entry-ia32-ensure-s32-is-sign-extended-to-s64.patch
+net-sched-cbs-fix-not-adding-cbs-instance-to-list.patch
-- 
2.47.3