From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 10 Apr 2021 13:47:26 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v4.19.187~74
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4901a84ba494c04ef51aa0acad08ff37d27f6587;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	fs-direct-io-fix-missing-sdio-boundary.patch
	ia64-fix-user_stack_pointer-for-ptrace.patch
	net-ipv6-check-for-validity-before-dereferencing-cfg-fc_nlinfo.nlh.patch
	parisc-parisc-agp-requires-sba-iommu-driver.patch
---

diff --git a/queue-4.4/fs-direct-io-fix-missing-sdio-boundary.patch b/queue-4.4/fs-direct-io-fix-missing-sdio-boundary.patch
new file mode 100644
index 00000000000..5bc1f680229
--- /dev/null
+++ b/queue-4.4/fs-direct-io-fix-missing-sdio-boundary.patch
@@ -0,0 +1,58 @@
+From df41872b68601059dd4a84858952dcae58acd331 Mon Sep 17 00:00:00 2001
+From: Jack Qiu <jack.qiu@huawei.com>
+Date: Fri, 9 Apr 2021 13:27:35 -0700
+Subject: fs: direct-io: fix missing sdio->boundary
+
+From: Jack Qiu <jack.qiu@huawei.com>
+
+commit df41872b68601059dd4a84858952dcae58acd331 upstream.
+
+I encountered a hung task issue, but not a performance one.  I run DIO
+on a device (need lba continuous, for example open channel ssd), maybe
+hungtask in below case:
+
+  DIO:						Checkpoint:
+  get addr A(at boundary), merge into BIO,
+  no submit because boundary missing
+						flush dirty data(get addr A+1), wait IO(A+1)
+						writeback timeout, because DIO(A) didn't submit
+  get addr A+2 fail, because checkpoint is doing
+
+dio_send_cur_page() may clear sdio->boundary, so prevent it from missing
+a boundary.
+
+Link: https://lkml.kernel.org/r/20210322042253.38312-1-jack.qiu@huawei.com
+Fixes: b1058b981272 ("direct-io: submit bio after boundary buffer is added to it")
+Signed-off-by: Jack Qiu <jack.qiu@huawei.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/direct-io.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/direct-io.c
++++ b/fs/direct-io.c
+@@ -780,6 +780,7 @@ submit_page_section(struct dio *dio, str
+ 		    struct buffer_head *map_bh)
+ {
+ 	int ret = 0;
++	int boundary = sdio->boundary;	/* dio_send_cur_page may clear it */
+ 
+ 	if (dio->rw & WRITE) {
+ 		/*
+@@ -818,10 +819,10 @@ submit_page_section(struct dio *dio, str
+ 	sdio->cur_page_fs_offset = sdio->block_in_file << sdio->blkbits;
+ out:
+ 	/*
+-	 * If sdio->boundary then we want to schedule the IO now to
++	 * If boundary then we want to schedule the IO now to
+ 	 * avoid metadata seeks.
+ 	 */
+-	if (sdio->boundary) {
++	if (boundary) {
+ 		ret = dio_send_cur_page(dio, sdio, map_bh);
+ 		if (sdio->bio)
+ 			dio_bio_submit(dio, sdio);
diff --git a/queue-4.4/ia64-fix-user_stack_pointer-for-ptrace.patch b/queue-4.4/ia64-fix-user_stack_pointer-for-ptrace.patch
new file mode 100644
index 00000000000..538eece150d
--- /dev/null
+++ b/queue-4.4/ia64-fix-user_stack_pointer-for-ptrace.patch
@@ -0,0 +1,71 @@
+From 7ad1e366167837daeb93d0bacb57dee820b0b898 Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <slyfox@gentoo.org>
+Date: Fri, 9 Apr 2021 13:27:32 -0700
+Subject: ia64: fix user_stack_pointer() for ptrace()
+
+From: Sergei Trofimovich <slyfox@gentoo.org>
+
+commit 7ad1e366167837daeb93d0bacb57dee820b0b898 upstream.
+
+ia64 has two stacks:
+
+ - memory stack (or stack), pointed at by by r12
+
+ - register backing store (register stack), pointed at by
+   ar.bsp/ar.bspstore with complications around dirty
+   register frame on CPU.
+
+In [1] Dmitry noticed that PTRACE_GET_SYSCALL_INFO returns the register
+stack instead memory stack.
+
+The bug comes from the fact that user_stack_pointer() and
+current_user_stack_pointer() don't return the same register:
+
+  ulong user_stack_pointer(struct pt_regs *regs) { return regs->ar_bspstore; }
+  #define current_user_stack_pointer() (current_pt_regs()->r12)
+
+The change gets both back in sync.
+
+I think ptrace(PTRACE_GET_SYSCALL_INFO) is the only affected user by
+this bug on ia64.
+
+The change fixes 'rt_sigreturn.gen.test' strace test where it was
+observed initially.
+
+Link: https://bugs.gentoo.org/769614 [1]
+Link: https://lkml.kernel.org/r/20210331084447.2561532-1-slyfox@gentoo.org
+Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
+Reported-by: Dmitry V. Levin <ldv@altlinux.org>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/ia64/include/asm/ptrace.h |    8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+--- a/arch/ia64/include/asm/ptrace.h
++++ b/arch/ia64/include/asm/ptrace.h
+@@ -53,8 +53,7 @@
+ 
+ static inline unsigned long user_stack_pointer(struct pt_regs *regs)
+ {
+-	/* FIXME: should this be bspstore + nr_dirty regs? */
+-	return regs->ar_bspstore;
++	return regs->r12;
+ }
+ 
+ static inline int is_syscall_success(struct pt_regs *regs)
+@@ -78,11 +77,6 @@ static inline long regs_return_value(str
+ 	unsigned long __ip = instruction_pointer(regs);			\
+ 	(__ip & ~3UL) + ((__ip & 3UL) << 2);				\
+ })
+-/*
+- * Why not default?  Because user_stack_pointer() on ia64 gives register
+- * stack backing store instead...
+- */
+-#define current_user_stack_pointer() (current_pt_regs()->r12)
+ 
+   /* given a pointer to a task_struct, return the user's pt_regs */
+ # define task_pt_regs(t)		(((struct pt_regs *) ((char *) (t) + IA64_STK_OFFSET)) - 1)
diff --git a/queue-4.4/net-ipv6-check-for-validity-before-dereferencing-cfg-fc_nlinfo.nlh.patch b/queue-4.4/net-ipv6-check-for-validity-before-dereferencing-cfg-fc_nlinfo.nlh.patch
new file mode 100644
index 00000000000..98f9f2cdbed
--- /dev/null
+++ b/queue-4.4/net-ipv6-check-for-validity-before-dereferencing-cfg-fc_nlinfo.nlh.patch
@@ -0,0 +1,39 @@
+From 864db232dc7036aa2de19749c3d5be0143b24f8f Mon Sep 17 00:00:00 2001
+From: Muhammad Usama Anjum <musamaanjum@gmail.com>
+Date: Fri, 9 Apr 2021 03:01:29 +0500
+Subject: net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh
+
+From: Muhammad Usama Anjum <musamaanjum@gmail.com>
+
+commit 864db232dc7036aa2de19749c3d5be0143b24f8f upstream.
+
+nlh is being checked for validtity two times when it is dereferenced in
+this function. Check for validity again when updating the flags through
+nlh pointer to make the dereferencing safe.
+
+CC: <stable@vger.kernel.org>
+Addresses-Coverity: ("NULL pointer dereference")
+Signed-off-by: Muhammad Usama Anjum <musamaanjum@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/route.c |    8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/net/ipv6/route.c
++++ b/net/ipv6/route.c
+@@ -2980,9 +2980,11 @@ static int ip6_route_multipath_add(struc
+ 		 * nexthops have been replaced by first new, the rest should
+ 		 * be added to it.
+ 		 */
+-		cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL |
+-						     NLM_F_REPLACE);
+-		cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE;
++		if (cfg->fc_nlinfo.nlh) {
++			cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL |
++							     NLM_F_REPLACE);
++			cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE;
++		}
+ 		nhn++;
+ 	}
+ 
diff --git a/queue-4.4/parisc-parisc-agp-requires-sba-iommu-driver.patch b/queue-4.4/parisc-parisc-agp-requires-sba-iommu-driver.patch
new file mode 100644
index 00000000000..2a3c5186b0d
--- /dev/null
+++ b/queue-4.4/parisc-parisc-agp-requires-sba-iommu-driver.patch
@@ -0,0 +1,31 @@
+From 9054284e8846b0105aad43a4e7174ca29fffbc44 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Tue, 6 Apr 2021 11:32:52 +0200
+Subject: parisc: parisc-agp requires SBA IOMMU driver
+
+From: Helge Deller <deller@gmx.de>
+
+commit 9054284e8846b0105aad43a4e7174ca29fffbc44 upstream.
+
+Add a dependency to the SBA IOMMU driver to avoid:
+ERROR: modpost: "sba_list" [drivers/char/agp/parisc-agp.ko] undefined!
+
+Reported-by: kernel test robot <lkp@intel.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Helge Deller <deller@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/char/agp/Kconfig |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/char/agp/Kconfig
++++ b/drivers/char/agp/Kconfig
+@@ -124,7 +124,7 @@ config AGP_HP_ZX1
+ 
+ config AGP_PARISC
+ 	tristate "HP Quicksilver AGP support"
+-	depends on AGP && PARISC && 64BIT
++	depends on AGP && PARISC && 64BIT && IOMMU_SBA
+ 	help
+ 	  This option gives you AGP GART support for the HP Quicksilver
+ 	  AGP bus adapter on HP PA-RISC machines (Ok, just on the C8000
diff --git a/queue-4.4/series b/queue-4.4/series
index fd227612e7a..75fc700c046 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -5,3 +5,7 @@ nfc-fix-refcount-leak-in-llcp_sock_connect.patch
 nfc-fix-memory-leak-in-llcp_sock_connect.patch
 nfc-avoid-endless-loops-caused-by-repeated-llcp_sock_connect.patch
 xen-evtchn-change-irq_info-lock-to-raw_spinlock_t.patch
+net-ipv6-check-for-validity-before-dereferencing-cfg-fc_nlinfo.nlh.patch
+ia64-fix-user_stack_pointer-for-ptrace.patch
+fs-direct-io-fix-missing-sdio-boundary.patch
+parisc-parisc-agp-requires-sba-iommu-driver.patch