--- /dev/null
+From a75ca9303175d36af93c0937dd9b1a6422908b8d Mon Sep 17 00:00:00 2001
+From: yu kuai <yukuai3@huawei.com>
+Date: Mon, 1 Jun 2020 20:38:56 +0800
+Subject: block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed
+
+From: yu kuai <yukuai3@huawei.com>
+
+commit a75ca9303175d36af93c0937dd9b1a6422908b8d upstream.
+
+commit e7bf90e5afe3 ("block/bio-integrity: fix a memory leak bug") added
+a kfree() for 'buf' if bio_integrity_add_page() returns '0'. However,
+the object will be freed in bio_integrity_free() since 'bio->bi_opf' and
+'bio->bi_integrity' were set previousy in bio_integrity_alloc().
+
+Fixes: commit e7bf90e5afe3 ("block/bio-integrity: fix a memory leak bug")
+Signed-off-by: yu kuai <yukuai3@huawei.com>
+Reviewed-by: Ming Lei <ming.lei@redhat.com>
+Reviewed-by: Bob Liu <bob.liu@oracle.com>
+Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ block/bio-integrity.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/block/bio-integrity.c
++++ b/block/bio-integrity.c
+@@ -315,7 +315,6 @@ bool bio_integrity_prep(struct bio *bio)
+
+ if (ret == 0) {
+ printk(KERN_ERR "could not attach integrity payload\n");
+- kfree(buf);
+ status = BLK_STS_RESOURCE;
+ goto err_end_io;
+ }
--- /dev/null
+From 7c6d2ecbda83150b2036a2b36b21381ad4667762 Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Thu, 28 May 2020 14:57:47 -0700
+Subject: net: be more gentle about silly gso requests coming from user
+
+From: Eric Dumazet <edumazet@google.com>
+
+commit 7c6d2ecbda83150b2036a2b36b21381ad4667762 upstream.
+
+Recent change in virtio_net_hdr_to_skb() broke some packetdrill tests.
+
+When --mss=XXX option is set, packetdrill always provide gso_type & gso_size
+for its inbound packets, regardless of packet size.
+
+ if (packet->tcp && packet->mss) {
+ if (packet->ipv4)
+ gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV4;
+ else
+ gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV6;
+ gso.gso_size = packet->mss;
+ }
+
+Since many other programs could do the same, relax virtio_net_hdr_to_skb()
+to no longer return an error, but instead ignore gso settings.
+
+This keeps Willem intent to make sure no malicious packet could
+reach gso stack.
+
+Note that TCP stack has a special logic in tcp_set_skb_tso_segs()
+to clear gso_size for small packets.
+
+Fixes: 6dd912f82680 ("net: check untrusted gso_size at kernel entry")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Willem de Bruijn <willemb@google.com>
+Acked-by: Willem de Bruijn <willemb@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/virtio_net.h | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+--- a/include/linux/virtio_net.h
++++ b/include/linux/virtio_net.h
+@@ -107,16 +107,17 @@ retry:
+
+ if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) {
+ u16 gso_size = __virtio16_to_cpu(little_endian, hdr->gso_size);
++ struct skb_shared_info *shinfo = skb_shinfo(skb);
+
+- if (skb->len - p_off <= gso_size)
+- return -EINVAL;
++ /* Too small packets are not really GSO ones. */
++ if (skb->len - p_off > gso_size) {
++ shinfo->gso_size = gso_size;
++ shinfo->gso_type = gso_type;
+
+- skb_shinfo(skb)->gso_size = gso_size;
+- skb_shinfo(skb)->gso_type = gso_type;
+-
+- /* Header must be checked, and gso_segs computed. */
+- skb_shinfo(skb)->gso_type |= SKB_GSO_DODGY;
+- skb_shinfo(skb)->gso_segs = 0;
++ /* Header must be checked, and gso_segs computed. */
++ shinfo->gso_type |= SKB_GSO_DODGY;
++ shinfo->gso_segs = 0;
++ }
+ }
+
+ return 0;
--- /dev/null
+From ba69ead9e9e9bb3cec5faf03526c36764ac8942a Mon Sep 17 00:00:00 2001
+From: Martin Wilck <mwilck@suse.com>
+Date: Mon, 27 Nov 2017 23:47:34 +0100
+Subject: scsi: scsi_devinfo: handle non-terminated strings
+
+From: Martin Wilck <mwilck@suse.com>
+
+commit ba69ead9e9e9bb3cec5faf03526c36764ac8942a upstream.
+
+devinfo->vendor and devinfo->model aren't necessarily
+zero-terminated.
+
+Fixes: b8018b973c7c "scsi_devinfo: fixup string compare"
+Signed-off-by: Martin Wilck <mwilck@suse.com>
+Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/scsi_devinfo.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/scsi/scsi_devinfo.c
++++ b/drivers/scsi/scsi_devinfo.c
+@@ -449,7 +449,8 @@ static struct scsi_dev_info_list *scsi_d
+ /*
+ * vendor strings must be an exact match
+ */
+- if (vmax != strlen(devinfo->vendor) ||
++ if (vmax != strnlen(devinfo->vendor,
++ sizeof(devinfo->vendor)) ||
+ memcmp(devinfo->vendor, vskip, vmax))
+ continue;
+
+@@ -457,7 +458,7 @@ static struct scsi_dev_info_list *scsi_d
+ * @model specifies the full string, and
+ * must be larger or equal to devinfo->model
+ */
+- mlen = strlen(devinfo->model);
++ mlen = strnlen(devinfo->model, sizeof(devinfo->model));
+ if (mmax < mlen || memcmp(devinfo->model, mskip, mlen))
+ continue;
+ return devinfo;
--- /dev/null
+scsi-scsi_devinfo-handle-non-terminated-strings.patch
+net-be-more-gentle-about-silly-gso-requests-coming-from-user.patch
+block-bio-integrity-don-t-free-buf-if-bio_integrity_add_page-failed.patch
--- /dev/null
+net-be-more-gentle-about-silly-gso-requests-coming-from-user.patch
+block-bio-integrity-don-t-free-buf-if-bio_integrity_add_page-failed.patch
+fanotify-fix-ignore-mask-logic-for-events-on-child-and-on-dir.patch
--- /dev/null
+block-bio-integrity-don-t-free-buf-if-bio_integrity_add_page-failed.patch
--- /dev/null
+spi-spi-fsl-dspi-free-dma-memory-with-matching-function.patch
+block-bio-integrity-don-t-free-buf-if-bio_integrity_add_page-failed.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
