From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 17 May 2021 10:42:44 +0000 (+0200)
Subject: 4.14-stable patches
X-Git-Tag: v5.4.120~29
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=212ecf0ff01f4bb6a09bf20903f580cf1fee8d1a;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	rdma-i40iw-avoid-panic-when-reading-back-the-irq-affinity-hint.patch
---

diff --git a/queue-4.14/rdma-i40iw-avoid-panic-when-reading-back-the-irq-affinity-hint.patch b/queue-4.14/rdma-i40iw-avoid-panic-when-reading-back-the-irq-affinity-hint.patch
new file mode 100644
index 00000000000..d29082ae101
--- /dev/null
+++ b/queue-4.14/rdma-i40iw-avoid-panic-when-reading-back-the-irq-affinity-hint.patch
@@ -0,0 +1,106 @@
+From 43731753c4b7d832775cf6b2301dd0447a5a1851 Mon Sep 17 00:00:00 2001
+From: Andrew Boyer <andrew.boyer@dell.com>
+Date: Mon, 7 May 2018 13:23:38 -0400
+Subject: RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint
+
+From: Andrew Boyer <andrew.boyer@dell.com>
+
+commit 43731753c4b7d832775cf6b2301dd0447a5a1851 upstream.
+
+The current code sets an affinity hint with a cpumask_t stored on the
+stack. This value can then be accessed through /proc/irq/*/affinity_hint/,
+causing a segfault or returning corrupt data.
+
+Move the cpumask_t into struct i40iw_msix_vector so it is available later.
+
+Backtrace:
+BUG: unable to handle kernel paging request at ffffb16e600e7c90
+IP: irq_affinity_hint_proc_show+0x60/0xf0
+PGD 17c0c6d067
+PUD 17c0c6e067
+PMD 15d4a0e067
+PTE 0
+
+Oops: 0000 [#1] SMP
+Modules linked in: ...
+CPU: 3 PID: 172543 Comm: grep Tainted: G           OE   ... #1
+Hardware name: ...
+task: ffff9a5caee08000 task.stack: ffffb16e659d8000
+RIP: 0010:irq_affinity_hint_proc_show+0x60/0xf0
+RSP: 0018:ffffb16e659dbd20 EFLAGS: 00010086
+RAX: 0000000000000246 RBX: ffffb16e659dbd20 RCX: 0000000000000000
+RDX: ffffb16e600e7c90 RSI: 0000000000000003 RDI: 0000000000000046
+RBP: ffffb16e659dbd88 R08: 0000000000000038 R09: 0000000000000001
+R10: 0000000070803079 R11: 0000000000000000 R12: ffff9a59d1d97a00
+R13: ffff9a5da47a6cd8 R14: ffff9a5da47a6c00 R15: ffff9a59d1d97a00
+FS:  00007f946c31d740(0000) GS:ffff9a5dc1800000(0000) knlGS:0000000000000000
+CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: ffffb16e600e7c90 CR3: 00000016a4339000 CR4: 00000000007406e0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+PKRU: 55555554
+Call Trace:
+ seq_read+0x12d/0x430
+ ? sched_clock_cpu+0x11/0xb0
+ proc_reg_read+0x48/0x70
+ __vfs_read+0x37/0x140
+ ? security_file_permission+0xa0/0xc0
+ vfs_read+0x96/0x140
+ SyS_read+0x58/0xc0
+ do_syscall_64+0x5a/0x190
+ entry_SYSCALL64_slow_path+0x25/0x25
+RIP: 0033:0x7f946bbc97e0
+RSP: 002b:00007ffdd0c4ae08 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
+RAX: ffffffffffffffda RBX: 000000000096b000 RCX: 00007f946bbc97e0
+RDX: 000000000096b000 RSI: 00007f946a2f0000 RDI: 0000000000000004
+RBP: 0000000000001000 R08: 00007f946a2ef011 R09: 000000000000000a
+R10: 0000000000001000 R11: 0000000000000246 R12: 00007f946a2f0000
+R13: 0000000000000004 R14: 0000000000000000 R15: 00007f946a2f0000
+Code: b9 08 00 00 00 49 89 c6 48 89 df 31 c0 4d 8d ae d8 00 00 00 f3 48 ab 4c 89 ef e8 6c 9a 56 00 49 8b 96 30 01 00 00 48 85 d2 74 3f <48> 8b 0a 48 89 4d 98 48 8b 4a 08 48 89 4d a0 48 8b 4a 10 48 89
+RIP: irq_affinity_hint_proc_show+0x60/0xf0 RSP: ffffb16e659dbd20
+CR2: ffffb16e600e7c90
+
+Fixes: 8e06af711bf2 ("i40iw: add main, hdr, status")
+Signed-off-by: Andrew Boyer <andrew.boyer@dell.com>
+Reviewed-by: Shiraz Saleem <shiraz.saleem@intel.com>
+Signed-off-by: Doug Ledford <dledford@redhat.com>
+CC: Edwin Peer <edwin.peer@broadcom.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/infiniband/hw/i40iw/i40iw.h      |    1 +
+ drivers/infiniband/hw/i40iw/i40iw_main.c |    7 +++----
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/infiniband/hw/i40iw/i40iw.h
++++ b/drivers/infiniband/hw/i40iw/i40iw.h
+@@ -210,6 +210,7 @@ struct i40iw_msix_vector {
+ 	u32 irq;
+ 	u32 cpu_affinity;
+ 	u32 ceq_id;
++	cpumask_t mask;
+ };
+ 
+ struct l2params_work {
+--- a/drivers/infiniband/hw/i40iw/i40iw_main.c
++++ b/drivers/infiniband/hw/i40iw/i40iw_main.c
+@@ -676,7 +676,6 @@ static enum i40iw_status_code i40iw_conf
+ 							 struct i40iw_msix_vector *msix_vec)
+ {
+ 	enum i40iw_status_code status;
+-	cpumask_t mask;
+ 
+ 	if (iwdev->msix_shared && !ceq_id) {
+ 		tasklet_init(&iwdev->dpc_tasklet, i40iw_dpc, (unsigned long)iwdev);
+@@ -686,9 +685,9 @@ static enum i40iw_status_code i40iw_conf
+ 		status = request_irq(msix_vec->irq, i40iw_ceq_handler, 0, "CEQ", iwceq);
+ 	}
+ 
+-	cpumask_clear(&mask);
+-	cpumask_set_cpu(msix_vec->cpu_affinity, &mask);
+-	irq_set_affinity_hint(msix_vec->irq, &mask);
++	cpumask_clear(&msix_vec->mask);
++	cpumask_set_cpu(msix_vec->cpu_affinity, &msix_vec->mask);
++	irq_set_affinity_hint(msix_vec->irq, &msix_vec->mask);
+ 
+ 	if (status) {
+ 		i40iw_pr_err("ceq irq config fail\n");
diff --git a/queue-4.14/series b/queue-4.14/series
index 5515931682d..4b1bb435472 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -295,3 +295,4 @@ mips-reinstate-platform-__div64_32-handler.patch
 mips-avoid-divu-in-__div64_32-is-result-would-be-zero.patch
 mips-avoid-handcoded-divu-in-__div64_32-altogether.patch
 thermal-core-fair-share-lock-the-thermal-zone-while-looping-over-instances.patch
+rdma-i40iw-avoid-panic-when-reading-back-the-irq-affinity-hint.patch