From 078790396da99ef2efa3b01cd7ba42a080da8e07 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 26 Jun 2020 16:28:56 +0200
Subject: [PATCH] 4.14-stable patches

added patches:
	block-bio-integrity-don-t-free-buf-if-bio_integrity_add_page-failed.patch
	net-be-more-gentle-about-silly-gso-requests-coming-from-user.patch
	scsi-scsi_devinfo-handle-non-terminated-strings.patch
---
 ...buf-if-bio_integrity_add_page-failed.patch | 37 ++++++++++
 ...-silly-gso-requests-coming-from-user.patch | 71 +++++++++++++++++++
 ...evinfo-handle-non-terminated-strings.patch | 44 ++++++++++++
 queue-4.14/series                             |  3 +
 queue-4.19/series                             |  3 +
 queue-5.4/series                              |  1 +
 queue-5.7/series                              |  2 +
 7 files changed, 161 insertions(+)
 create mode 100644 queue-4.14/block-bio-integrity-don-t-free-buf-if-bio_integrity_add_page-failed.patch
 create mode 100644 queue-4.14/net-be-more-gentle-about-silly-gso-requests-coming-from-user.patch
 create mode 100644 queue-4.14/scsi-scsi_devinfo-handle-non-terminated-strings.patch
 create mode 100644 queue-4.14/series
 create mode 100644 queue-4.19/series
 create mode 100644 queue-5.4/series
 create mode 100644 queue-5.7/series

diff --git a/queue-4.14/block-bio-integrity-don-t-free-buf-if-bio_integrity_add_page-failed.patch b/queue-4.14/block-bio-integrity-don-t-free-buf-if-bio_integrity_add_page-failed.patch
new file mode 100644
index 00000000000..552345eba3e
--- /dev/null
+++ b/queue-4.14/block-bio-integrity-don-t-free-buf-if-bio_integrity_add_page-failed.patch
@@ -0,0 +1,37 @@
+From a75ca9303175d36af93c0937dd9b1a6422908b8d Mon Sep 17 00:00:00 2001
+From: yu kuai <yukuai3@huawei.com>
+Date: Mon, 1 Jun 2020 20:38:56 +0800
+Subject: block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed
+
+From: yu kuai <yukuai3@huawei.com>
+
+commit a75ca9303175d36af93c0937dd9b1a6422908b8d upstream.
+
+commit e7bf90e5afe3 ("block/bio-integrity: fix a memory leak bug") added
+a kfree() for 'buf' if bio_integrity_add_page() returns '0'. However,
+the object will be freed in bio_integrity_free() since 'bio->bi_opf' and
+'bio->bi_integrity' were set previousy in bio_integrity_alloc().
+
+Fixes: commit e7bf90e5afe3 ("block/bio-integrity: fix a memory leak bug")
+Signed-off-by: yu kuai <yukuai3@huawei.com>
+Reviewed-by: Ming Lei <ming.lei@redhat.com>
+Reviewed-by: Bob Liu <bob.liu@oracle.com>
+Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ block/bio-integrity.c |    1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/block/bio-integrity.c
++++ b/block/bio-integrity.c
+@@ -315,7 +315,6 @@ bool bio_integrity_prep(struct bio *bio)
+ 
+ 		if (ret == 0) {
+ 			printk(KERN_ERR "could not attach integrity payload\n");
+-			kfree(buf);
+ 			status = BLK_STS_RESOURCE;
+ 			goto err_end_io;
+ 		}
diff --git a/queue-4.14/net-be-more-gentle-about-silly-gso-requests-coming-from-user.patch b/queue-4.14/net-be-more-gentle-about-silly-gso-requests-coming-from-user.patch
new file mode 100644
index 00000000000..d8a258352d3
--- /dev/null
+++ b/queue-4.14/net-be-more-gentle-about-silly-gso-requests-coming-from-user.patch
@@ -0,0 +1,71 @@
+From 7c6d2ecbda83150b2036a2b36b21381ad4667762 Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Thu, 28 May 2020 14:57:47 -0700
+Subject: net: be more gentle about silly gso requests coming from user
+
+From: Eric Dumazet <edumazet@google.com>
+
+commit 7c6d2ecbda83150b2036a2b36b21381ad4667762 upstream.
+
+Recent change in virtio_net_hdr_to_skb() broke some packetdrill tests.
+
+When --mss=XXX option is set, packetdrill always provide gso_type & gso_size
+for its inbound packets, regardless of packet size.
+
+	if (packet->tcp && packet->mss) {
+		if (packet->ipv4)
+			gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV4;
+		else
+			gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV6;
+		gso.gso_size = packet->mss;
+	}
+
+Since many other programs could do the same, relax virtio_net_hdr_to_skb()
+to no longer return an error, but instead ignore gso settings.
+
+This keeps Willem intent to make sure no malicious packet could
+reach gso stack.
+
+Note that TCP stack has a special logic in tcp_set_skb_tso_segs()
+to clear gso_size for small packets.
+
+Fixes: 6dd912f82680 ("net: check untrusted gso_size at kernel entry")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Willem de Bruijn <willemb@google.com>
+Acked-by: Willem de Bruijn <willemb@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/virtio_net.h |   17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+--- a/include/linux/virtio_net.h
++++ b/include/linux/virtio_net.h
+@@ -107,16 +107,17 @@ retry:
+ 
+ 	if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) {
+ 		u16 gso_size = __virtio16_to_cpu(little_endian, hdr->gso_size);
++		struct skb_shared_info *shinfo = skb_shinfo(skb);
+ 
+-		if (skb->len - p_off <= gso_size)
+-			return -EINVAL;
++		/* Too small packets are not really GSO ones. */
++		if (skb->len - p_off > gso_size) {
++			shinfo->gso_size = gso_size;
++			shinfo->gso_type = gso_type;
+ 
+-		skb_shinfo(skb)->gso_size = gso_size;
+-		skb_shinfo(skb)->gso_type = gso_type;
+-
+-		/* Header must be checked, and gso_segs computed. */
+-		skb_shinfo(skb)->gso_type |= SKB_GSO_DODGY;
+-		skb_shinfo(skb)->gso_segs = 0;
++			/* Header must be checked, and gso_segs computed. */
++			shinfo->gso_type |= SKB_GSO_DODGY;
++			shinfo->gso_segs = 0;
++		}
+ 	}
+ 
+ 	return 0;
diff --git a/queue-4.14/scsi-scsi_devinfo-handle-non-terminated-strings.patch b/queue-4.14/scsi-scsi_devinfo-handle-non-terminated-strings.patch
new file mode 100644
index 00000000000..04691304d01
--- /dev/null
+++ b/queue-4.14/scsi-scsi_devinfo-handle-non-terminated-strings.patch
@@ -0,0 +1,44 @@
+From ba69ead9e9e9bb3cec5faf03526c36764ac8942a Mon Sep 17 00:00:00 2001
+From: Martin Wilck <mwilck@suse.com>
+Date: Mon, 27 Nov 2017 23:47:34 +0100
+Subject: scsi: scsi_devinfo: handle non-terminated strings
+
+From: Martin Wilck <mwilck@suse.com>
+
+commit ba69ead9e9e9bb3cec5faf03526c36764ac8942a upstream.
+
+devinfo->vendor and devinfo->model aren't necessarily
+zero-terminated.
+
+Fixes: b8018b973c7c "scsi_devinfo: fixup string compare"
+Signed-off-by: Martin Wilck <mwilck@suse.com>
+Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/scsi_devinfo.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/scsi/scsi_devinfo.c
++++ b/drivers/scsi/scsi_devinfo.c
+@@ -449,7 +449,8 @@ static struct scsi_dev_info_list *scsi_d
+ 			/*
+ 			 * vendor strings must be an exact match
+ 			 */
+-			if (vmax != strlen(devinfo->vendor) ||
++			if (vmax != strnlen(devinfo->vendor,
++					    sizeof(devinfo->vendor)) ||
+ 			    memcmp(devinfo->vendor, vskip, vmax))
+ 				continue;
+ 
+@@ -457,7 +458,7 @@ static struct scsi_dev_info_list *scsi_d
+ 			 * @model specifies the full string, and
+ 			 * must be larger or equal to devinfo->model
+ 			 */
+-			mlen = strlen(devinfo->model);
++			mlen = strnlen(devinfo->model, sizeof(devinfo->model));
+ 			if (mmax < mlen || memcmp(devinfo->model, mskip, mlen))
+ 				continue;
+ 			return devinfo;
diff --git a/queue-4.14/series b/queue-4.14/series
new file mode 100644
index 00000000000..51bf30c79fb
--- /dev/null
+++ b/queue-4.14/series
@@ -0,0 +1,3 @@
+scsi-scsi_devinfo-handle-non-terminated-strings.patch
+net-be-more-gentle-about-silly-gso-requests-coming-from-user.patch
+block-bio-integrity-don-t-free-buf-if-bio_integrity_add_page-failed.patch
diff --git a/queue-4.19/series b/queue-4.19/series
new file mode 100644
index 00000000000..dfcd55736fe
--- /dev/null
+++ b/queue-4.19/series
@@ -0,0 +1,3 @@
+net-be-more-gentle-about-silly-gso-requests-coming-from-user.patch
+block-bio-integrity-don-t-free-buf-if-bio_integrity_add_page-failed.patch
+fanotify-fix-ignore-mask-logic-for-events-on-child-and-on-dir.patch
diff --git a/queue-5.4/series b/queue-5.4/series
new file mode 100644
index 00000000000..1ab482d4a03
--- /dev/null
+++ b/queue-5.4/series
@@ -0,0 +1 @@
+block-bio-integrity-don-t-free-buf-if-bio_integrity_add_page-failed.patch
diff --git a/queue-5.7/series b/queue-5.7/series
new file mode 100644
index 00000000000..527592dfea3
--- /dev/null
+++ b/queue-5.7/series
@@ -0,0 +1,2 @@
+spi-spi-fsl-dspi-free-dma-memory-with-matching-function.patch
+block-bio-integrity-don-t-free-buf-if-bio_integrity_add_page-failed.patch
-- 
2.47.3