From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 15 Jun 2017 14:39:59 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v4.9.33~8
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dd7a63ee71dac6cc1fcd258ca704b1e066ce8edf;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	proc-add-a-schedule-point-in-proc_pid_readdir.patch
	r8152-avoid-start_xmit-to-schedule-napi-when-napi-is-disabled.patch
	romfs-use-different-way-to-generate-fsid-for-block-or-mtd.patch
	sctp-sctp_addr_id2transport-should-verify-the-addr-before-looking-up-assoc.patch
	tipc-ignore-requests-when-the-connection-state-is-not-connected.patch
---

diff --git a/queue-4.4/proc-add-a-schedule-point-in-proc_pid_readdir.patch b/queue-4.4/proc-add-a-schedule-point-in-proc_pid_readdir.patch
new file mode 100644
index 00000000000..1daca1d375b
--- /dev/null
+++ b/queue-4.4/proc-add-a-schedule-point-in-proc_pid_readdir.patch
@@ -0,0 +1,36 @@
+From foo@baz Thu Jun 15 16:23:46 CEST 2017
+From: Eric Dumazet <edumazet@google.com>
+Date: Tue, 24 Jan 2017 15:18:07 -0800
+Subject: proc: add a schedule point in proc_pid_readdir()
+
+From: Eric Dumazet <edumazet@google.com>
+
+
+[ Upstream commit 3ba4bceef23206349d4130ddf140819b365de7c8 ]
+
+We have seen proc_pid_readdir() invocations holding cpu for more than 50
+ms.  Add a cond_resched() to be gentle with other tasks.
+
+[akpm@linux-foundation.org: coding style fix]
+Link: http://lkml.kernel.org/r/1484238380.15816.42.camel@edumazet-glaptop3.roam.corp.google.com
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/proc/base.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/proc/base.c
++++ b/fs/proc/base.c
+@@ -3058,6 +3058,8 @@ int proc_pid_readdir(struct file *file,
+ 	     iter.tgid += 1, iter = next_tgid(ns, iter)) {
+ 		char name[PROC_NUMBUF];
+ 		int len;
++
++		cond_resched();
+ 		if (!has_pid_permissions(ns, iter.task, 2))
+ 			continue;
+ 
diff --git a/queue-4.4/r8152-avoid-start_xmit-to-schedule-napi-when-napi-is-disabled.patch b/queue-4.4/r8152-avoid-start_xmit-to-schedule-napi-when-napi-is-disabled.patch
new file mode 100644
index 00000000000..3da37de9201
--- /dev/null
+++ b/queue-4.4/r8152-avoid-start_xmit-to-schedule-napi-when-napi-is-disabled.patch
@@ -0,0 +1,71 @@
+From foo@baz Thu Jun 15 16:23:46 CEST 2017
+From: hayeswang <hayeswang@realtek.com>
+Date: Thu, 26 Jan 2017 09:38:32 +0800
+Subject: r8152: avoid start_xmit to schedule napi when napi is disabled
+
+From: hayeswang <hayeswang@realtek.com>
+
+
+[ Upstream commit de9bf29dd6e4a8a874cb92f8901aed50a9d0b1d3 ]
+
+Stop the tx when the napi is disabled to prevent napi_schedule() is
+called.
+
+Signed-off-by: Hayes Wang <hayeswang@realtek.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/usb/r8152.c |    8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/usb/r8152.c
++++ b/drivers/net/usb/r8152.c
+@@ -2993,10 +2993,13 @@ static void set_carrier(struct r8152 *tp
+ 		if (!netif_carrier_ok(netdev)) {
+ 			tp->rtl_ops.enable(tp);
+ 			set_bit(RTL8152_SET_RX_MODE, &tp->flags);
++			netif_stop_queue(netdev);
+ 			napi_disable(&tp->napi);
+ 			netif_carrier_on(netdev);
+ 			rtl_start_rx(tp);
+ 			napi_enable(&tp->napi);
++			netif_wake_queue(netdev);
++			netif_info(tp, link, netdev, "carrier on\n");
+ 		}
+ 	} else {
+ 		if (netif_carrier_ok(netdev)) {
+@@ -3004,6 +3007,7 @@ static void set_carrier(struct r8152 *tp
+ 			napi_disable(&tp->napi);
+ 			tp->rtl_ops.disable(tp);
+ 			napi_enable(&tp->napi);
++			netif_info(tp, link, netdev, "carrier off\n");
+ 		}
+ 	}
+ }
+@@ -3388,12 +3392,12 @@ static int rtl8152_pre_reset(struct usb_
+ 	if (!netif_running(netdev))
+ 		return 0;
+ 
++	netif_stop_queue(netdev);
+ 	napi_disable(&tp->napi);
+ 	clear_bit(WORK_ENABLE, &tp->flags);
+ 	usb_kill_urb(tp->intr_urb);
+ 	cancel_delayed_work_sync(&tp->schedule);
+ 	if (netif_carrier_ok(netdev)) {
+-		netif_stop_queue(netdev);
+ 		mutex_lock(&tp->control);
+ 		tp->rtl_ops.disable(tp);
+ 		mutex_unlock(&tp->control);
+@@ -3421,10 +3425,10 @@ static int rtl8152_post_reset(struct usb
+ 		rtl_start_rx(tp);
+ 		rtl8152_set_rx_mode(netdev);
+ 		mutex_unlock(&tp->control);
+-		netif_wake_queue(netdev);
+ 	}
+ 
+ 	napi_enable(&tp->napi);
++	netif_wake_queue(netdev);
+ 	usb_submit_urb(tp->intr_urb, GFP_KERNEL);
+ 
+ 	return 0;
diff --git a/queue-4.4/romfs-use-different-way-to-generate-fsid-for-block-or-mtd.patch b/queue-4.4/romfs-use-different-way-to-generate-fsid-for-block-or-mtd.patch
new file mode 100644
index 00000000000..37890b5c6af
--- /dev/null
+++ b/queue-4.4/romfs-use-different-way-to-generate-fsid-for-block-or-mtd.patch
@@ -0,0 +1,96 @@
+From foo@baz Thu Jun 15 16:23:46 CEST 2017
+From: Coly Li <colyli@suse.de>
+Date: Tue, 24 Jan 2017 15:18:46 -0800
+Subject: romfs: use different way to generate fsid for BLOCK or MTD
+
+From: Coly Li <colyli@suse.de>
+
+
+[ Upstream commit f598f82e204ec0b17797caaf1b0311c52d43fb9a ]
+
+Commit 8a59f5d25265 ("fs/romfs: return f_fsid for statfs(2)") generates
+a 64bit id from sb->s_bdev->bd_dev.  This is only correct when romfs is
+defined with CONFIG_ROMFS_ON_BLOCK.  If romfs is only defined with
+CONFIG_ROMFS_ON_MTD, sb->s_bdev is NULL, referencing sb->s_bdev->bd_dev
+will triger an oops.
+
+Richard Weinberger points out that when CONFIG_ROMFS_BACKED_BY_BOTH=y,
+both CONFIG_ROMFS_ON_BLOCK and CONFIG_ROMFS_ON_MTD are defined.
+Therefore when calling huge_encode_dev() to generate a 64bit id, I use
+the follow order to choose parameter,
+
+- CONFIG_ROMFS_ON_BLOCK defined
+  use sb->s_bdev->bd_dev
+- CONFIG_ROMFS_ON_BLOCK undefined and CONFIG_ROMFS_ON_MTD defined
+  use sb->s_dev when,
+- both CONFIG_ROMFS_ON_BLOCK and CONFIG_ROMFS_ON_MTD undefined
+  leave id as 0
+
+When CONFIG_ROMFS_ON_MTD is defined and sb->s_mtd is not NULL, sb->s_dev
+is set to a device ID generated by MTD_BLOCK_MAJOR and mtd index,
+otherwise sb->s_dev is 0.
+
+This is a try-best effort to generate a uniq file system ID, if all the
+above conditions are not meet, f_fsid of this romfs instance will be 0.
+Generally only one romfs can be built on single MTD block device, this
+method is enough to identify multiple romfs instances in a computer.
+
+Link: http://lkml.kernel.org/r/1482928596-115155-1-git-send-email-colyli@suse.de
+Signed-off-by: Coly Li <colyli@suse.de>
+Reported-by: Nong Li <nongli1031@gmail.com>
+Tested-by: Nong Li <nongli1031@gmail.com>
+Cc: Richard Weinberger <richard.weinberger@gmail.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/romfs/super.c |   23 ++++++++++++++++++++++-
+ 1 file changed, 22 insertions(+), 1 deletion(-)
+
+--- a/fs/romfs/super.c
++++ b/fs/romfs/super.c
+@@ -74,6 +74,7 @@
+ #include <linux/highmem.h>
+ #include <linux/pagemap.h>
+ #include <linux/uaccess.h>
++#include <linux/major.h>
+ #include "internal.h"
+ 
+ static struct kmem_cache *romfs_inode_cachep;
+@@ -415,7 +416,22 @@ static void romfs_destroy_inode(struct i
+ static int romfs_statfs(struct dentry *dentry, struct kstatfs *buf)
+ {
+ 	struct super_block *sb = dentry->d_sb;
+-	u64 id = huge_encode_dev(sb->s_bdev->bd_dev);
++	u64 id = 0;
++
++	/* When calling huge_encode_dev(),
++	 * use sb->s_bdev->bd_dev when,
++	 *   - CONFIG_ROMFS_ON_BLOCK defined
++	 * use sb->s_dev when,
++	 *   - CONFIG_ROMFS_ON_BLOCK undefined and
++	 *   - CONFIG_ROMFS_ON_MTD defined
++	 * leave id as 0 when,
++	 *   - CONFIG_ROMFS_ON_BLOCK undefined and
++	 *   - CONFIG_ROMFS_ON_MTD undefined
++	 */
++	if (sb->s_bdev)
++		id = huge_encode_dev(sb->s_bdev->bd_dev);
++	else if (sb->s_dev)
++		id = huge_encode_dev(sb->s_dev);
+ 
+ 	buf->f_type = ROMFS_MAGIC;
+ 	buf->f_namelen = ROMFS_MAXFN;
+@@ -488,6 +504,11 @@ static int romfs_fill_super(struct super
+ 	sb->s_flags |= MS_RDONLY | MS_NOATIME;
+ 	sb->s_op = &romfs_super_ops;
+ 
++#ifdef CONFIG_ROMFS_ON_MTD
++	/* Use same dev ID from the underlying mtdblock device */
++	if (sb->s_mtd)
++		sb->s_dev = MKDEV(MTD_BLOCK_MAJOR, sb->s_mtd->index);
++#endif
+ 	/* read the image superblock and check it */
+ 	rsb = kmalloc(512, GFP_KERNEL);
+ 	if (!rsb)
diff --git a/queue-4.4/sctp-sctp_addr_id2transport-should-verify-the-addr-before-looking-up-assoc.patch b/queue-4.4/sctp-sctp_addr_id2transport-should-verify-the-addr-before-looking-up-assoc.patch
new file mode 100644
index 00000000000..443f078dc8d
--- /dev/null
+++ b/queue-4.4/sctp-sctp_addr_id2transport-should-verify-the-addr-before-looking-up-assoc.patch
@@ -0,0 +1,45 @@
+From foo@baz Thu Jun 15 16:23:46 CEST 2017
+From: Xin Long <lucien.xin@gmail.com>
+Date: Tue, 24 Jan 2017 14:01:53 +0800
+Subject: sctp: sctp_addr_id2transport should verify the addr before looking up assoc
+
+From: Xin Long <lucien.xin@gmail.com>
+
+
+[ Upstream commit 6f29a130613191d3c6335169febe002cba00edf5 ]
+
+sctp_addr_id2transport is a function for sockopt to look up assoc by
+address. As the address is from userspace, it can be a v4-mapped v6
+address. But in sctp protocol stack, it always handles a v4-mapped
+v6 address as a v4 address. So it's necessary to convert it to a v4
+address before looking up assoc by address.
+
+This patch is to fix it by calling sctp_verify_addr in which it can do
+this conversion before calling sctp_endpoint_lookup_assoc, just like
+what sctp_sendmsg and __sctp_connect do for the address from users.
+
+Signed-off-by: Xin Long <lucien.xin@gmail.com>
+Acked-by: Neil Horman <nhorman@tuxdriver.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sctp/socket.c |    6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/net/sctp/socket.c
++++ b/net/sctp/socket.c
+@@ -235,8 +235,12 @@ static struct sctp_transport *sctp_addr_
+ 					      sctp_assoc_t id)
+ {
+ 	struct sctp_association *addr_asoc = NULL, *id_asoc = NULL;
+-	struct sctp_transport *transport;
++	struct sctp_af *af = sctp_get_af_specific(addr->ss_family);
+ 	union sctp_addr *laddr = (union sctp_addr *)addr;
++	struct sctp_transport *transport;
++
++	if (sctp_verify_addr(sk, laddr, af->sockaddr_len))
++		return NULL;
+ 
+ 	addr_asoc = sctp_endpoint_lookup_assoc(sctp_sk(sk)->ep,
+ 					       laddr,
diff --git a/queue-4.4/series b/queue-4.4/series
index c7a5c9a555c..c699656ffcb 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -36,3 +36,8 @@ ravb-unmap-descriptors-when-freeing-rings.patch
 nfs-fix-don-t-increment-lock-sequence-id-after-nfs4err_moved.patch
 r8152-re-schedule-napi-for-tx.patch
 r8152-fix-rtl8152_post_reset-function.patch
+r8152-avoid-start_xmit-to-schedule-napi-when-napi-is-disabled.patch
+sctp-sctp_addr_id2transport-should-verify-the-addr-before-looking-up-assoc.patch
+romfs-use-different-way-to-generate-fsid-for-block-or-mtd.patch
+proc-add-a-schedule-point-in-proc_pid_readdir.patch
+tipc-ignore-requests-when-the-connection-state-is-not-connected.patch
diff --git a/queue-4.4/tipc-ignore-requests-when-the-connection-state-is-not-connected.patch b/queue-4.4/tipc-ignore-requests-when-the-connection-state-is-not-connected.patch
new file mode 100644
index 00000000000..f41358bdf88
--- /dev/null
+++ b/queue-4.4/tipc-ignore-requests-when-the-connection-state-is-not-connected.patch
@@ -0,0 +1,65 @@
+From foo@baz Thu Jun 15 16:35:13 CEST 2017
+From: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com>
+Date: Tue, 24 Jan 2017 13:00:47 +0100
+Subject: tipc: ignore requests when the connection state is not CONNECTED
+
+From: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com>
+
+
+[ Upstream commit 4c887aa65d38633885010277f3482400681be719 ]
+
+In tipc_conn_sendmsg(), we first queue the request to the outqueue
+followed by the connection state check. If the connection is not
+connected, we should not queue this message.
+
+In this commit, we reject the messages if the connection state is
+not CF_CONNECTED.
+
+Acked-by: Ying Xue <ying.xue@windriver.com>
+Acked-by: Jon Maloy <jon.maloy@ericsson.com>
+Tested-by: John Thompson <thompa.atl@gmail.com>
+Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/tipc/server.c |   13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+--- a/net/tipc/server.c
++++ b/net/tipc/server.c
+@@ -452,6 +452,11 @@ int tipc_conn_sendmsg(struct tipc_server
+ 	if (!con)
+ 		return -EINVAL;
+ 
++	if (!test_bit(CF_CONNECTED, &con->flags)) {
++		conn_put(con);
++		return 0;
++	}
++
+ 	e = tipc_alloc_entry(data, len);
+ 	if (!e) {
+ 		conn_put(con);
+@@ -465,12 +470,8 @@ int tipc_conn_sendmsg(struct tipc_server
+ 	list_add_tail(&e->list, &con->outqueue);
+ 	spin_unlock_bh(&con->outqueue_lock);
+ 
+-	if (test_bit(CF_CONNECTED, &con->flags)) {
+-		if (!queue_work(s->send_wq, &con->swork))
+-			conn_put(con);
+-	} else {
++	if (!queue_work(s->send_wq, &con->swork))
+ 		conn_put(con);
+-	}
+ 	return 0;
+ }
+ 
+@@ -494,7 +495,7 @@ static void tipc_send_to_sock(struct tip
+ 	int ret;
+ 
+ 	spin_lock_bh(&con->outqueue_lock);
+-	while (1) {
++	while (test_bit(CF_CONNECTED, &con->flags)) {
+ 		e = list_entry(con->outqueue.next, struct outqueue_entry,
+ 			       list);
+ 		if ((struct list_head *) e == &con->outqueue)