--- /dev/null
+From 0271973ca04afeb73ba95854899ba2ad8bcf4d87 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 11 Sep 2019 17:42:28 +0100
+Subject: Btrfs: fix missing error return if writeback for extent buffer never
+ started
+
+From: Filipe Manana <fdmanana@suse.com>
+
+[ Upstream commit 0607eb1d452d45c5ac4c745a9e9e0d95152ea9d0 ]
+
+If lock_extent_buffer_for_io() fails, it returns a negative value, but its
+caller btree_write_cache_pages() ignores such error. This means that a
+call to flush_write_bio(), from lock_extent_buffer_for_io(), might have
+failed. We should make btree_write_cache_pages() notice such error values
+and stop immediatelly, making sure filemap_fdatawrite_range() returns an
+error to the transaction commit path. A failure from flush_write_bio()
+should also result in the endio callback end_bio_extent_buffer_writepage()
+being invoked, which sets the BTRFS_FS_*_ERR bits appropriately, so that
+there's no risk a transaction or log commit doesn't catch a writeback
+failure.
+
+Reviewed-by: Josef Bacik <josef@toxicpanda.com>
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/btrfs/extent_io.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
+index 97a80238fdee3..b28bc7690d4b3 100644
+--- a/fs/btrfs/extent_io.c
++++ b/fs/btrfs/extent_io.c
+@@ -4000,6 +4000,10 @@ int btree_write_cache_pages(struct address_space *mapping,
+ if (!ret) {
+ free_extent_buffer(eb);
+ continue;
++ } else if (ret < 0) {
++ done = 1;
++ free_extent_buffer(eb);
++ break;
+ }
+
+ ret = write_one_eb(eb, fs_info, wbc, &epd);
+--
+2.27.0
+
--- /dev/null
+From d7ecaf473281fb0f96ada3ad3d065811f3d2e3ca Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 16 Sep 2020 05:19:35 -0400
+Subject: geneve: add transport ports in route lookup for geneve
+
+From: Mark Gray <mark.d.gray@redhat.com>
+
+commit 34beb21594519ce64a55a498c2fe7d567bc1ca20 upstream.
+
+This patch adds transport ports information for route lookup so that
+IPsec can select Geneve tunnel traffic to do encryption. This is
+needed for OVS/OVN IPsec with encrypted Geneve tunnels.
+
+This can be tested by configuring a host-host VPN using an IKE
+daemon and specifying port numbers. For example, for an
+Openswan-type configuration, the following parameters should be
+configured on both hosts and IPsec set up as-per normal:
+
+$ cat /etc/ipsec.conf
+
+conn in
+...
+left=$IP1
+right=$IP2
+...
+leftprotoport=udp/6081
+rightprotoport=udp
+...
+conn out
+...
+left=$IP1
+right=$IP2
+...
+leftprotoport=udp
+rightprotoport=udp/6081
+...
+
+The tunnel can then be setup using "ip" on both hosts (but
+changing the relevant IP addresses):
+
+$ ip link add tun type geneve id 1000 remote $IP2
+$ ip addr add 192.168.0.1/24 dev tun
+$ ip link set tun up
+
+This can then be tested by pinging from $IP1:
+
+$ ping 192.168.0.2
+
+Without this patch the traffic is unencrypted on the wire.
+
+Fixes: 2d07dc79fe04 ("geneve: add initial netdev driver for GENEVE tunnels")
+Signed-off-by: Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com>
+Signed-off-by: Mark Gray <mark.d.gray@redhat.com>
+Reviewed-by: Greg Rose <gvrose8192@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+[bwh: Backported to 4.4:
+ - Use geneve->dst_port instead of geneve->cfg.info.key.tp_dst
+ - Adjust context]
+Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/geneve.c | 36 ++++++++++++++++++++++++++----------
+ 1 file changed, 26 insertions(+), 10 deletions(-)
+
+diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
+index ec13e2ae6d16e..ee38299f9c578 100644
+--- a/drivers/net/geneve.c
++++ b/drivers/net/geneve.c
+@@ -711,7 +711,8 @@ static int geneve6_build_skb(struct dst_entry *dst, struct sk_buff *skb,
+ static struct rtable *geneve_get_v4_rt(struct sk_buff *skb,
+ struct net_device *dev,
+ struct flowi4 *fl4,
+- struct ip_tunnel_info *info)
++ struct ip_tunnel_info *info,
++ __be16 dport, __be16 sport)
+ {
+ struct geneve_dev *geneve = netdev_priv(dev);
+ struct rtable *rt = NULL;
+@@ -720,6 +721,8 @@ static struct rtable *geneve_get_v4_rt(struct sk_buff *skb,
+ memset(fl4, 0, sizeof(*fl4));
+ fl4->flowi4_mark = skb->mark;
+ fl4->flowi4_proto = IPPROTO_UDP;
++ fl4->fl4_dport = dport;
++ fl4->fl4_sport = sport;
+
+ if (info) {
+ fl4->daddr = info->key.u.ipv4.dst;
+@@ -754,7 +757,8 @@ static struct rtable *geneve_get_v4_rt(struct sk_buff *skb,
+ static struct dst_entry *geneve_get_v6_dst(struct sk_buff *skb,
+ struct net_device *dev,
+ struct flowi6 *fl6,
+- struct ip_tunnel_info *info)
++ struct ip_tunnel_info *info,
++ __be16 dport, __be16 sport)
+ {
+ struct geneve_dev *geneve = netdev_priv(dev);
+ struct geneve_sock *gs6 = geneve->sock6;
+@@ -764,6 +768,8 @@ static struct dst_entry *geneve_get_v6_dst(struct sk_buff *skb,
+ memset(fl6, 0, sizeof(*fl6));
+ fl6->flowi6_mark = skb->mark;
+ fl6->flowi6_proto = IPPROTO_UDP;
++ fl6->fl6_dport = dport;
++ fl6->fl6_sport = sport;
+
+ if (info) {
+ fl6->daddr = info->key.u.ipv6.dst;
+@@ -834,13 +840,14 @@ static netdev_tx_t geneve_xmit_skb(struct sk_buff *skb, struct net_device *dev,
+ goto tx_error;
+ }
+
+- rt = geneve_get_v4_rt(skb, dev, &fl4, info);
++ sport = udp_flow_src_port(geneve->net, skb, 1, USHRT_MAX, true);
++ rt = geneve_get_v4_rt(skb, dev, &fl4, info,
++ geneve->dst_port, sport);
+ if (IS_ERR(rt)) {
+ err = PTR_ERR(rt);
+ goto tx_error;
+ }
+
+- sport = udp_flow_src_port(geneve->net, skb, 1, USHRT_MAX, true);
+ skb_reset_mac_header(skb);
+
+ if (info) {
+@@ -916,13 +923,14 @@ static netdev_tx_t geneve6_xmit_skb(struct sk_buff *skb, struct net_device *dev,
+ }
+ }
+
+- dst = geneve_get_v6_dst(skb, dev, &fl6, info);
++ sport = udp_flow_src_port(geneve->net, skb, 1, USHRT_MAX, true);
++ dst = geneve_get_v6_dst(skb, dev, &fl6, info,
++ geneve->dst_port, sport);
+ if (IS_ERR(dst)) {
+ err = PTR_ERR(dst);
+ goto tx_error;
+ }
+
+- sport = udp_flow_src_port(geneve->net, skb, 1, USHRT_MAX, true);
+ skb_reset_mac_header(skb);
+
+ if (info) {
+@@ -1011,9 +1019,14 @@ static int geneve_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
+ struct dst_entry *dst;
+ struct flowi6 fl6;
+ #endif
++ __be16 sport;
+
+ if (ip_tunnel_info_af(info) == AF_INET) {
+- rt = geneve_get_v4_rt(skb, dev, &fl4, info);
++ sport = udp_flow_src_port(geneve->net, skb,
++ 1, USHRT_MAX, true);
++
++ rt = geneve_get_v4_rt(skb, dev, &fl4, info,
++ geneve->dst_port, sport);
+ if (IS_ERR(rt))
+ return PTR_ERR(rt);
+
+@@ -1021,7 +1034,11 @@ static int geneve_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
+ info->key.u.ipv4.src = fl4.saddr;
+ #if IS_ENABLED(CONFIG_IPV6)
+ } else if (ip_tunnel_info_af(info) == AF_INET6) {
+- dst = geneve_get_v6_dst(skb, dev, &fl6, info);
++ sport = udp_flow_src_port(geneve->net, skb,
++ 1, USHRT_MAX, true);
++
++ dst = geneve_get_v6_dst(skb, dev, &fl6, info,
++ geneve->dst_port, sport);
+ if (IS_ERR(dst))
+ return PTR_ERR(dst);
+
+@@ -1032,8 +1049,7 @@ static int geneve_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
+ return -EINVAL;
+ }
+
+- info->key.tp_src = udp_flow_src_port(geneve->net, skb,
+- 1, USHRT_MAX, true);
++ info->key.tp_src = sport;
+ info->key.tp_dst = geneve->dst_port;
+ return 0;
+ }
+--
+2.27.0
+
--- /dev/null
+From 1dd0ef4aecb53370b3495701a553a32c62f7d68b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 15 Apr 2019 14:43:07 -0700
+Subject: i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
+
+From: Martyna Szapar <martyna.szapar@intel.com>
+
+commit 24474f2709af6729b9b1da1c5e160ab62e25e3a4 upstream.
+
+Fixed possible memory leak in i40e_vc_add_cloud_filter function:
+cfilter is being allocated and in some error conditions
+the function returns without freeing the memory.
+
+Fix of integer truncation from u16 (type of queue_id value) to u8
+when calling i40e_vc_isvalid_queue_id function.
+
+Signed-off-by: Martyna Szapar <martyna.szapar@intel.com>
+Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
+[bwh: Backported to 4.4: i40e_vc_add_cloud_filter() does not exist
+ but the integer truncation is still possible]
+Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+index 18e10357f1d0b..b4b4d46da1734 100644
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+@@ -188,7 +188,7 @@ static inline bool i40e_vc_isvalid_vsi_id(struct i40e_vf *vf, u16 vsi_id)
+ * check for the valid queue id
+ **/
+ static inline bool i40e_vc_isvalid_queue_id(struct i40e_vf *vf, u16 vsi_id,
+- u8 qid)
++ u16 qid)
+ {
+ struct i40e_pf *pf = vf->pf;
+ struct i40e_vsi *vsi = i40e_find_vsi_from_id(pf, vsi_id);
+--
+2.27.0
+
--- /dev/null
+From 9725725b51945b642b99ffcf8b5a85f3e8c073ff Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 29 Mar 2019 15:08:37 -0700
+Subject: i40e: Wrong truncation from u16 to u8
+
+From: Grzegorz Siwik <grzegorz.siwik@intel.com>
+
+commit c004804dceee9ca384d97d9857ea2e2795c2651d upstream.
+
+In this patch fixed wrong truncation method from u16 to u8 during
+validation.
+
+It was changed by changing u8 to u32 parameter in method declaration
+and arguments were changed to u32.
+
+Signed-off-by: Grzegorz Siwik <grzegorz.siwik@intel.com>
+Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
+Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
+Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+index cdb263875efb3..18e10357f1d0b 100644
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+@@ -203,7 +203,7 @@ static inline bool i40e_vc_isvalid_queue_id(struct i40e_vf *vf, u16 vsi_id,
+ *
+ * check for the valid vector id
+ **/
+-static inline bool i40e_vc_isvalid_vector_id(struct i40e_vf *vf, u8 vector_id)
++static inline bool i40e_vc_isvalid_vector_id(struct i40e_vf *vf, u32 vector_id)
+ {
+ struct i40e_pf *pf = vf->pf;
+
+--
+2.27.0
+
--- /dev/null
+From 409b382688e1000eb0185d7bf9677347b462cfe1 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 2 Oct 2019 13:42:06 +0100
+Subject: pinctrl: devicetree: Avoid taking direct reference to device name
+ string
+
+From: Will Deacon <will@kernel.org>
+
+commit be4c60b563edee3712d392aaeb0943a768df7023 upstream.
+
+When populating the pinctrl mapping table entries for a device, the
+'dev_name' field for each entry is initialised to point directly at the
+string returned by 'dev_name()' for the device and subsequently used by
+'create_pinctrl()' when looking up the mappings for the device being
+probed.
+
+This is unreliable in the presence of calls to 'dev_set_name()', which may
+reallocate the device name string leaving the pinctrl mappings with a
+dangling reference. This then leads to a use-after-free every time the
+name is dereferenced by a device probe:
+
+ | BUG: KASAN: invalid-access in strcmp+0x20/0x64
+ | Read of size 1 at addr 13ffffc153494b00 by task modprobe/590
+ | Pointer tag: [13], memory tag: [fe]
+ |
+ | Call trace:
+ | __kasan_report+0x16c/0x1dc
+ | kasan_report+0x10/0x18
+ | check_memory_region
+ | __hwasan_load1_noabort+0x4c/0x54
+ | strcmp+0x20/0x64
+ | create_pinctrl+0x18c/0x7f4
+ | pinctrl_get+0x90/0x114
+ | devm_pinctrl_get+0x44/0x98
+ | pinctrl_bind_pins+0x5c/0x450
+ | really_probe+0x1c8/0x9a4
+ | driver_probe_device+0x120/0x1d8
+
+Follow the example of sysfs, and duplicate the device name string before
+stashing it away in the pinctrl mapping entries.
+
+Cc: Linus Walleij <linus.walleij@linaro.org>
+Reported-by: Elena Petrova <lenaptr@google.com>
+Tested-by: Elena Petrova <lenaptr@google.com>
+Signed-off-by: Will Deacon <will@kernel.org>
+Link: https://lore.kernel.org/r/20191002124206.22928-1-will@kernel.org
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+[bwh: Backported to 4.4: adjust context]
+Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/pinctrl/devicetree.c | 26 ++++++++++++++++++++------
+ 1 file changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/pinctrl/devicetree.c b/drivers/pinctrl/devicetree.c
+index fe04e748dfe4b..eb8c29f3e16ef 100644
+--- a/drivers/pinctrl/devicetree.c
++++ b/drivers/pinctrl/devicetree.c
+@@ -40,6 +40,13 @@ struct pinctrl_dt_map {
+ static void dt_free_map(struct pinctrl_dev *pctldev,
+ struct pinctrl_map *map, unsigned num_maps)
+ {
++ int i;
++
++ for (i = 0; i < num_maps; ++i) {
++ kfree_const(map[i].dev_name);
++ map[i].dev_name = NULL;
++ }
++
+ if (pctldev) {
+ const struct pinctrl_ops *ops = pctldev->desc->pctlops;
+ ops->dt_free_map(pctldev, map, num_maps);
+@@ -73,7 +80,13 @@ static int dt_remember_or_free_map(struct pinctrl *p, const char *statename,
+
+ /* Initialize common mapping table entry fields */
+ for (i = 0; i < num_maps; i++) {
+- map[i].dev_name = dev_name(p->dev);
++ const char *devname;
++
++ devname = kstrdup_const(dev_name(p->dev), GFP_KERNEL);
++ if (!devname)
++ goto err_free_map;
++
++ map[i].dev_name = devname;
+ map[i].name = statename;
+ if (pctldev)
+ map[i].ctrl_dev_name = dev_name(pctldev->dev);
+@@ -81,11 +94,8 @@ static int dt_remember_or_free_map(struct pinctrl *p, const char *statename,
+
+ /* Remember the converted mapping table entries */
+ dt_map = kzalloc(sizeof(*dt_map), GFP_KERNEL);
+- if (!dt_map) {
+- dev_err(p->dev, "failed to alloc struct pinctrl_dt_map\n");
+- dt_free_map(pctldev, map, num_maps);
+- return -ENOMEM;
+- }
++ if (!dt_map)
++ goto err_free_map;
+
+ dt_map->pctldev = pctldev;
+ dt_map->map = map;
+@@ -93,6 +103,10 @@ static int dt_remember_or_free_map(struct pinctrl *p, const char *statename,
+ list_add_tail(&dt_map->node, &p->dt_maps);
+
+ return pinctrl_register_map(map, num_maps, false);
++
++err_free_map:
++ dt_free_map(pctldev, map, num_maps);
++ return -ENOMEM;
+ }
+
+ struct pinctrl_dev *of_pinctrl_get(struct device_node *np)
+--
+2.27.0
+
can-can_create_echo_skb-fix-echo-skb-generation-alwa.patch
can-peak_usb-add-range-checking-in-decode-operations.patch
can-peak_usb-peak_usb_get_ts_time-fix-timestamp-wrap.patch
+btrfs-fix-missing-error-return-if-writeback-for-exte.patch
+pinctrl-devicetree-avoid-taking-direct-reference-to-.patch
+i40e-wrong-truncation-from-u16-to-u8.patch
+i40e-fix-of-memory-leak-and-integer-truncation-in-i4.patch
+geneve-add-transport-ports-in-route-lookup-for-genev.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
