4.19-stable patches

added patches:
	bnx2x-fix-null-pointer-dereference-in-bnx2x_del_all_vlans-on-some-hw.patch

diff --git a/queue-4.19/bnx2x-fix-null-pointer-dereference-in-bnx2x_del_all_vlans-on-some-hw.patch b/queue-4.19/bnx2x-fix-null-pointer-dereference-in-bnx2x_del_all_vlans-on-some-hw.patch
new file mode 100644 (file)
index 0000000..9e4b7c2
--- /dev/null
+++ b/queue-4.19/bnx2x-fix-null-pointer-dereference-in-bnx2x_del_all_vlans-on-some-hw.patch
@@ -0,0 +1,105 @@
+From 38355a5f9a22bfa5bd5b1bb79805aca39fa53729 Mon Sep 17 00:00:00 2001
+From: Ivan Mironov <mironov.ivan@gmail.com>
+Date: Mon, 24 Dec 2018 20:13:05 +0500
+Subject: bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw
+
+From: Ivan Mironov <mironov.ivan@gmail.com>
+
+commit 38355a5f9a22bfa5bd5b1bb79805aca39fa53729 upstream.
+
+This happened when I tried to boot normal Fedora 29 system with latest
+available kernel (from fedora rawhide, plus some unrelated custom
+patches):
+
+       BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
+       PGD 0 P4D 0
+       Oops: 0010 [#1] SMP PTI
+       CPU: 6 PID: 1422 Comm: libvirtd Tainted: G          I       4.20.0-0.rc7.git3.hpsa2.1.fc29.x86_64 #1
+       Hardware name: HP ProLiant BL460c G6, BIOS I24 05/21/2018
+       RIP: 0010:          (null)
+       Code: Bad RIP value.
+       RSP: 0018:ffffa47ccdc9fbe0 EFLAGS: 00010246
+       RAX: 0000000000000000 RBX: 00000000000003e8 RCX: ffffa47ccdc9fbf8
+       RDX: ffffa47ccdc9fc00 RSI: ffff97d9ee7b01f8 RDI: ffff97d9f0150b80
+       RBP: ffff97d9f0150b80 R08: 0000000000000000 R09: 0000000000000000
+       R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000003
+       R13: ffff97d9ef1e53e8 R14: 0000000000000009 R15: ffff97d9f0ac6730
+       FS:  00007f4d224ef700(0000) GS:ffff97d9fa200000(0000) knlGS:0000000000000000
+       CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+       CR2: ffffffffffffffd6 CR3: 00000011ece52006 CR4: 00000000000206e0
+       Call Trace:
+        ? bnx2x_chip_cleanup+0x195/0x610 [bnx2x]
+        ? bnx2x_nic_unload+0x1e2/0x8f0 [bnx2x]
+        ? bnx2x_reload_if_running+0x24/0x40 [bnx2x]
+        ? bnx2x_set_features+0x79/0xa0 [bnx2x]
+        ? __netdev_update_features+0x244/0x9e0
+        ? netlink_broadcast_filtered+0x136/0x4b0
+        ? netdev_update_features+0x22/0x60
+        ? dev_disable_lro+0x1c/0xe0
+        ? devinet_sysctl_forward+0x1c6/0x211
+        ? proc_sys_call_handler+0xab/0x100
+        ? __vfs_write+0x36/0x1a0
+        ? rcu_read_lock_sched_held+0x79/0x80
+        ? rcu_sync_lockdep_assert+0x2e/0x60
+        ? __sb_start_write+0x14c/0x1b0
+        ? vfs_write+0x159/0x1c0
+        ? vfs_write+0xba/0x1c0
+        ? ksys_write+0x52/0xc0
+        ? do_syscall_64+0x60/0x1f0
+        ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+After some investigation I figured out that recently added cleanup code
+tries to call VLAN filtering de-initialization function which exist only
+for newer hardware. Corresponding function pointer is not
+set (== 0) for older hardware, namely these chips:
+
+       #define CHIP_NUM_57710                  0x164e
+       #define CHIP_NUM_57711                  0x164f
+       #define CHIP_NUM_57711E                 0x1650
+
+And I have one of those in my test system:
+
+       Broadcom Inc. and subsidiaries NetXtreme II BCM57711E 10-Gigabit PCIe [14e4:1650]
+
+Function bnx2x_init_vlan_mac_fp_objs() from
+drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h decides whether to
+initialize relevant pointers in bnx2x_sp_objs.vlan_obj or not.
+
+This regression was introduced after v4.20-rc7, and still exists in v4.20
+release.
+
+Fixes: 04f05230c5c13 ("bnx2x: Remove configured vlans as part of unload sequence.")
+Signed-off-by: Ivan Mironov <mironov.ivan@gmail.com>
+Signed-off-by: Ivan Mironov <mironov.ivan@gmail.com>
+Acked-by: Sudarsana Kalluru <Sudarsana.Kalluru@cavium.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c |   14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+@@ -9347,10 +9347,16 @@ void bnx2x_chip_cleanup(struct bnx2x *bp
+               BNX2X_ERR("Failed to schedule DEL commands for UC MACs list: %d\n",
+                         rc);
+ 
+-      /* Remove all currently configured VLANs */
+-      rc = bnx2x_del_all_vlans(bp);
+-      if (rc < 0)
+-              BNX2X_ERR("Failed to delete all VLANs\n");
++      /* The whole *vlan_obj structure may be not initialized if VLAN
++       * filtering offload is not supported by hardware. Currently this is
++       * true for all hardware covered by CHIP_IS_E1x().
++       */
++      if (!CHIP_IS_E1x(bp)) {
++              /* Remove all currently configured VLANs */
++              rc = bnx2x_del_all_vlans(bp);
++              if (rc < 0)
++                      BNX2X_ERR("Failed to delete all VLANs\n");
++      }
+ 
+       /* Disable LLH */
+       if (!CHIP_IS_E1(bp))

diff --git a/queue-4.19/series b/queue-4.19/series
index a656ce500ae72ed46392d9879108816461c338f5..cb549109196dcc3be57563601950506d3c940d9e 100644 (file)
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -146,3 +146,4 @@ drm-nouveau-drm-nouveau-check-rc-from-drm_dp_mst_topology_mgr_resume.patch
 drm-vc4-set-is_yuv-to-false-when-num_planes-1.patch
 drm-rockchip-psr-do-not-dereference-encoder-before-it-is-null-checked.patch
 drm-amd-display-fix-unintialized-max_bpc-state-values.patch
+bnx2x-fix-null-pointer-dereference-in-bnx2x_del_all_vlans-on-some-hw.patch