From: Sasha Levin <sashal@kernel.org>
Date: Mon, 21 Dec 2020 21:02:46 +0000 (-0500)
Subject: Fixes for 4.4
X-Git-Tag: v5.10.3~23
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3a366002a436001ed2240f9b605d4556640fb42c;p=thirdparty%2Fkernel%2Fstable-queue.git

Fixes for 4.4

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-4.4/can-softing-softing_netdev_open-fix-error-handling.patch b/queue-4.4/can-softing-softing_netdev_open-fix-error-handling.patch
new file mode 100644
index 00000000000..1a77c0a6216
--- /dev/null
+++ b/queue-4.4/can-softing-softing_netdev_open-fix-error-handling.patch
@@ -0,0 +1,47 @@
+From f2cbd39dedb8777d565ea559367426d4844938ed Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 4 Dec 2020 14:35:06 +0100
+Subject: can: softing: softing_netdev_open(): fix error handling
+
+From: Zhang Qilong <zhangqilong3@huawei.com>
+
+[ Upstream commit 4d1be581ec6b92a338bb7ed23e1381f45ddf336f ]
+
+If softing_netdev_open() fails, we should call close_candev() to avoid
+reference leak.
+
+Fixes: 03fd3cf5a179d ("can: add driver for Softing card")
+Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
+Acked-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
+Link: https://lore.kernel.org/r/20201202151632.1343786-1-zhangqilong3@huawei.com
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Link: https://lore.kernel.org/r/20201204133508.742120-2-mkl@pengutronix.de
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/can/softing/softing_main.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/can/softing/softing_main.c b/drivers/net/can/softing/softing_main.c
+index 7621f91a8a209..fd48770ba7920 100644
+--- a/drivers/net/can/softing/softing_main.c
++++ b/drivers/net/can/softing/softing_main.c
+@@ -393,8 +393,13 @@ static int softing_netdev_open(struct net_device *ndev)
+ 
+ 	/* check or determine and set bittime */
+ 	ret = open_candev(ndev);
+-	if (!ret)
+-		ret = softing_startstop(ndev, 1);
++	if (ret)
++		return ret;
++
++	ret = softing_startstop(ndev, 1);
++	if (ret < 0)
++		close_candev(ndev);
++
+ 	return ret;
+ }
+ 
+-- 
+2.27.0
+
diff --git a/queue-4.4/dm-table-remove-bug_on-in_interrupt.patch b/queue-4.4/dm-table-remove-bug_on-in_interrupt.patch
new file mode 100644
index 00000000000..bf7cf61e09c
--- /dev/null
+++ b/queue-4.4/dm-table-remove-bug_on-in_interrupt.patch
@@ -0,0 +1,45 @@
+From b0fcc437299bc188fd71e7634dd1ab3f101fa2c3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 13 Nov 2020 15:19:10 +0100
+Subject: dm table: Remove BUG_ON(in_interrupt())
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+[ Upstream commit e7b624183d921b49ef0a96329f21647d38865ee9 ]
+
+The BUG_ON(in_interrupt()) in dm_table_event() is a historic leftover from
+a rework of the dm table code which changed the calling context.
+
+Issuing a BUG for a wrong calling context is frowned upon and
+in_interrupt() is deprecated and only covering parts of the wrong
+contexts. The sanity check for the context is covered by
+CONFIG_DEBUG_ATOMIC_SLEEP and other debug facilities already.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/md/dm-table.c | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c
+index 466158d06ab1b..8eed39dc2036a 100644
+--- a/drivers/md/dm-table.c
++++ b/drivers/md/dm-table.c
+@@ -1154,12 +1154,6 @@ void dm_table_event_callback(struct dm_table *t,
+ 
+ void dm_table_event(struct dm_table *t)
+ {
+-	/*
+-	 * You can no longer call dm_table_event() from interrupt
+-	 * context, use a bottom half instead.
+-	 */
+-	BUG_ON(in_interrupt());
+-
+ 	mutex_lock(&_event_lock);
+ 	if (t->event_fn)
+ 		t->event_fn(t->event_context);
+-- 
+2.27.0
+
diff --git a/queue-4.4/rdma-cm-fix-an-attempt-to-use-non-valid-pointer-when.patch b/queue-4.4/rdma-cm-fix-an-attempt-to-use-non-valid-pointer-when.patch
new file mode 100644
index 00000000000..b3402d8aec4
--- /dev/null
+++ b/queue-4.4/rdma-cm-fix-an-attempt-to-use-non-valid-pointer-when.patch
@@ -0,0 +1,79 @@
+From 3abebffeaa744d264796a847ccea4f7e91fedfcf Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 4 Dec 2020 08:42:05 +0200
+Subject: RDMA/cm: Fix an attempt to use non-valid pointer when cleaning
+ timewait
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Leon Romanovsky <leonro@nvidia.com>
+
+[ Upstream commit 340b940ea0ed12d9adbb8f72dea17d516b2019e8 ]
+
+If cm_create_timewait_info() fails, the timewait_info pointer will contain
+an error value and will be used in cm_remove_remote() later.
+
+  general protection fault, probably for non-canonical address 0xdffffc0000000024: 0000 [#1] SMP KASAN PTI
+  KASAN: null-ptr-deref in range [0×0000000000000120-0×0000000000000127]
+  CPU: 2 PID: 12446 Comm: syz-executor.3 Not tainted 5.10.0-rc5-5d4c0742a60e #27
+  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
+  RIP: 0010:cm_remove_remote.isra.0+0x24/0×170 drivers/infiniband/core/cm.c:978
+  Code: 84 00 00 00 00 00 41 54 55 53 48 89 fb 48 8d ab 2d 01 00 00 e8 7d bf 4b fe 48 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 48 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f 85 fc 00 00 00
+  RSP: 0018:ffff888013127918 EFLAGS: 00010006
+  RAX: dffffc0000000000 RBX: fffffffffffffff4 RCX: ffffc9000a18b000
+  RDX: 0000000000000024 RSI: ffffffff82edc573 RDI: fffffffffffffff4
+  RBP: 0000000000000121 R08: 0000000000000001 R09: ffffed1002624f1d
+  R10: 0000000000000003 R11: ffffed1002624f1c R12: ffff888107760c70
+  R13: ffff888107760c40 R14: fffffffffffffff4 R15: ffff888107760c9c
+  FS:  00007fe1ffcc1700(0000) GS:ffff88811a600000(0000) knlGS:0000000000000000
+  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+  CR2: 0000001b2ff21000 CR3: 000000010f504001 CR4: 0000000000370ee0
+  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+  Call Trace:
+   cm_destroy_id+0x189/0×15b0 drivers/infiniband/core/cm.c:1155
+   cma_connect_ib drivers/infiniband/core/cma.c:4029 [inline]
+   rdma_connect_locked+0x1100/0×17c0 drivers/infiniband/core/cma.c:4107
+   rdma_connect+0x2a/0×40 drivers/infiniband/core/cma.c:4140
+   ucma_connect+0x277/0×340 drivers/infiniband/core/ucma.c:1069
+   ucma_write+0x236/0×2f0 drivers/infiniband/core/ucma.c:1724
+   vfs_write+0x220/0×830 fs/read_write.c:603
+   ksys_write+0x1df/0×240 fs/read_write.c:658
+   do_syscall_64+0x33/0×40 arch/x86/entry/common.c:46
+   entry_SYSCALL_64_after_hwframe+0x44/0xa9
+
+Fixes: a977049dacde ("[PATCH] IB: Add the kernel CM implementation")
+Link: https://lore.kernel.org/r/20201204064205.145795-1-leon@kernel.org
+Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
+Reported-by: Amit Matityahu <mitm@nvidia.com>
+Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
+Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/infiniband/core/cm.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c
+index 53c622c99ee40..ba713bc27c5f9 100644
+--- a/drivers/infiniband/core/cm.c
++++ b/drivers/infiniband/core/cm.c
+@@ -1252,6 +1252,7 @@ int ib_send_cm_req(struct ib_cm_id *cm_id,
+ 							    id.local_id);
+ 	if (IS_ERR(cm_id_priv->timewait_info)) {
+ 		ret = PTR_ERR(cm_id_priv->timewait_info);
++		cm_id_priv->timewait_info = NULL;
+ 		goto out;
+ 	}
+ 
+@@ -1681,6 +1682,7 @@ static int cm_req_handler(struct cm_work *work)
+ 							    id.local_id);
+ 	if (IS_ERR(cm_id_priv->timewait_info)) {
+ 		ret = PTR_ERR(cm_id_priv->timewait_info);
++		cm_id_priv->timewait_info = NULL;
+ 		goto destroy;
+ 	}
+ 	cm_id_priv->timewait_info->work.remote_id = req_msg->local_comm_id;
+-- 
+2.27.0
+
diff --git a/queue-4.4/scsi-bnx2i-requires-mmu.patch b/queue-4.4/scsi-bnx2i-requires-mmu.patch
new file mode 100644
index 00000000000..a7b8b9903dc
--- /dev/null
+++ b/queue-4.4/scsi-bnx2i-requires-mmu.patch
@@ -0,0 +1,52 @@
+From 279546f0bd1da24b5452fceabed182cf97f417ae Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 28 Nov 2020 23:09:16 -0800
+Subject: scsi: bnx2i: Requires MMU
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+[ Upstream commit 2d586494c4a001312650f0b919d534e429dd1e09 ]
+
+The SCSI_BNX2_ISCSI kconfig symbol selects CNIC and CNIC selects UIO, which
+depends on MMU.
+
+Since 'select' does not follow dependency chains, add the same MMU
+dependency to SCSI_BNX2_ISCSI.
+
+Quietens this kconfig warning:
+
+WARNING: unmet direct dependencies detected for CNIC
+  Depends on [n]: NETDEVICES [=y] && ETHERNET [=y] && NET_VENDOR_BROADCOM [=y] && PCI [=y] && (IPV6 [=m] || IPV6 [=m]=n) && MMU [=n]
+  Selected by [m]:
+  - SCSI_BNX2_ISCSI [=m] && SCSI_LOWLEVEL [=y] && SCSI [=y] && NET [=y] && PCI [=y] && (IPV6 [=m] || IPV6 [=m]=n)
+
+Link: https://lore.kernel.org/r/20201129070916.3919-1-rdunlap@infradead.org
+Fixes: cf4e6363859d ("[SCSI] bnx2i: Add bnx2i iSCSI driver.")
+Cc: linux-scsi@vger.kernel.org
+Cc: Nilesh Javali <njavali@marvell.com>
+Cc: Manish Rangankar <mrangankar@marvell.com>
+Cc: GR-QLogic-Storage-Upstream@marvell.com
+Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
+Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/bnx2i/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/scsi/bnx2i/Kconfig b/drivers/scsi/bnx2i/Kconfig
+index ba30ff86d5818..b27a3738d940c 100644
+--- a/drivers/scsi/bnx2i/Kconfig
++++ b/drivers/scsi/bnx2i/Kconfig
+@@ -3,6 +3,7 @@ config SCSI_BNX2_ISCSI
+ 	depends on NET
+ 	depends on PCI
+ 	depends on (IPV6 || IPV6=n)
++	depends on MMU
+ 	select SCSI_ISCSI_ATTRS
+ 	select NETDEVICES
+ 	select ETHERNET
+-- 
+2.27.0
+
diff --git a/queue-4.4/series b/queue-4.4/series
index b690c5142ff..dbd5c99ed95 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -19,3 +19,7 @@ usb-sisusbvga-make-console-support-depend-on-broken.patch
 alsa-pcm-oss-fix-potential-out-of-bounds-shift.patch
 serial-8250_omap-avoid-fifo-corruption-caused-by-mdr1-access.patch
 usb-serial-cp210x-enable-usb-generic-throttle-unthrottle.patch
+scsi-bnx2i-requires-mmu.patch
+can-softing-softing_netdev_open-fix-error-handling.patch
+rdma-cm-fix-an-attempt-to-use-non-valid-pointer-when.patch
+dm-table-remove-bug_on-in_interrupt.patch