--- /dev/null
+From foo@baz Mon Jul 23 09:59:58 CEST 2018
+From: Tyler Hicks <tyhicks@canonical.com>
+Date: Thu, 5 Jul 2018 18:49:23 +0000
+Subject: ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
+
+From: Tyler Hicks <tyhicks@canonical.com>
+
+[ Upstream commit 70ba5b6db96ff7324b8cfc87e0d0383cf59c9677 ]
+
+The low and high values of the net.ipv4.ping_group_range sysctl were
+being silently forced to the default disabled state when a write to the
+sysctl contained GIDs that didn't map to the associated user namespace.
+Confusingly, the sysctl's write operation would return success and then
+a subsequent read of the sysctl would indicate that the low and high
+values are the overflowgid.
+
+This patch changes the behavior by clearly returning an error when the
+sysctl write operation receives a GID range that doesn't map to the
+associated user namespace. In such a situation, the previous value of
+the sysctl is preserved and that range will be returned in a subsequent
+read of the sysctl.
+
+Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/sysctl_net_ipv4.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/net/ipv4/sysctl_net_ipv4.c
++++ b/net/ipv4/sysctl_net_ipv4.c
+@@ -134,8 +134,9 @@ static int ipv4_ping_group_range(struct
+ if (write && ret == 0) {
+ low = make_kgid(user_ns, urange[0]);
+ high = make_kgid(user_ns, urange[1]);
+- if (!gid_valid(low) || !gid_valid(high) ||
+- (urange[1] < urange[0]) || gid_lt(high, low)) {
++ if (!gid_valid(low) || !gid_valid(high))
++ return -EINVAL;
++ if (urange[1] < urange[0] || gid_lt(high, low)) {
+ low = make_kgid(&init_user_ns, 1);
+ high = make_kgid(&init_user_ns, 0);
+ }
--- /dev/null
+From foo@baz Mon Jul 23 08:24:46 CEST 2018
+From: Stefano Brivio <sbrivio@redhat.com>
+Date: Wed, 11 Jul 2018 14:39:42 +0200
+Subject: net: Don't copy pfmemalloc flag in __copy_skb_header()
+
+From: Stefano Brivio <sbrivio@redhat.com>
+
+[ Upstream commit 8b7008620b8452728cadead460a36f64ed78c460 ]
+
+The pfmemalloc flag indicates that the skb was allocated from
+the PFMEMALLOC reserves, and the flag is currently copied on skb
+copy and clone.
+
+However, an skb copied from an skb flagged with pfmemalloc
+wasn't necessarily allocated from PFMEMALLOC reserves, and on
+the other hand an skb allocated that way might be copied from an
+skb that wasn't.
+
+So we should not copy the flag on skb copy, and rather decide
+whether to allow an skb to be associated with sockets unrelated
+to page reclaim depending only on how it was allocated.
+
+Move the pfmemalloc flag before headers_start[0] using an
+existing 1-bit hole, so that __copy_skb_header() doesn't copy
+it.
+
+When cloning, we'll now take care of this flag explicitly,
+contravening to the warning comment of __skb_clone().
+
+While at it, restore the newline usage introduced by commit
+b19372273164 ("net: reorganize sk_buff for faster
+__copy_skb_header()") to visually separate bytes used in
+bitfields after headers_start[0], that was gone after commit
+a9e419dc7be6 ("netfilter: merge ctinfo into nfct pointer storage
+area"), and describe the pfmemalloc flag in the kernel-doc
+structure comment.
+
+This doesn't change the size of sk_buff or cacheline boundaries,
+but consolidates the 15 bits hole before tc_index into a 2 bytes
+hole before csum, that could now be filled more easily.
+
+Reported-by: Patrick Talbert <ptalbert@redhat.com>
+Fixes: c93bdd0e03e8 ("netvm: allow skb allocation to use PFMEMALLOC reserves")
+Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/skbuff.h | 12 ++++++------
+ net/core/skbuff.c | 2 ++
+ 2 files changed, 8 insertions(+), 6 deletions(-)
+
+--- a/include/linux/skbuff.h
++++ b/include/linux/skbuff.h
+@@ -475,6 +475,7 @@ static inline u32 skb_mstamp_us_delta(co
+ * @hash: the packet hash
+ * @queue_mapping: Queue mapping for multiqueue devices
+ * @xmit_more: More SKBs are pending for this queue
++ * @pfmemalloc: skbuff was allocated from PFMEMALLOC reserves
+ * @ndisc_nodetype: router type (from link layer)
+ * @ooo_okay: allow the mapping of a socket to a queue to be changed
+ * @l4_hash: indicate hash is a canonical 4-tuple hash over transport
+@@ -551,8 +552,8 @@ struct sk_buff {
+ fclone:2,
+ peeked:1,
+ head_frag:1,
+- xmit_more:1;
+- /* one bit hole */
++ xmit_more:1,
++ pfmemalloc:1;
+ kmemcheck_bitfield_end(flags1);
+
+ /* fields enclosed in headers_start/headers_end are copied
+@@ -572,19 +573,18 @@ struct sk_buff {
+
+ __u8 __pkt_type_offset[0];
+ __u8 pkt_type:3;
+- __u8 pfmemalloc:1;
+ __u8 ignore_df:1;
+ __u8 nfctinfo:3;
+-
+ __u8 nf_trace:1;
++
+ __u8 ip_summed:2;
+ __u8 ooo_okay:1;
+ __u8 l4_hash:1;
+ __u8 sw_hash:1;
+ __u8 wifi_acked_valid:1;
+ __u8 wifi_acked:1;
+-
+ __u8 no_fcs:1;
++
+ /* Indicates the inner headers are valid in the skbuff. */
+ __u8 encapsulation:1;
+ __u8 encap_hdr_csum:1;
+@@ -592,11 +592,11 @@ struct sk_buff {
+ __u8 csum_complete_sw:1;
+ __u8 csum_level:2;
+ __u8 csum_bad:1;
+-
+ #ifdef CONFIG_IPV6_NDISC_NODETYPE
+ __u8 ndisc_nodetype:2;
+ #endif
+ __u8 ipvs_property:1;
++
+ __u8 inner_protocol_type:1;
+ /* 4 or 6 bit hole */
+
+--- a/net/core/skbuff.c
++++ b/net/core/skbuff.c
+@@ -780,6 +780,8 @@ static struct sk_buff *__skb_clone(struc
+ n->cloned = 1;
+ n->nohdr = 0;
+ n->peeked = 0;
++ if (skb->pfmemalloc)
++ n->pfmemalloc = 1;
+ n->destructor = NULL;
+ C(tail);
+ C(end);
--- /dev/null
+From foo@baz Mon Jul 23 09:59:58 CEST 2018
+From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
+Date: Tue, 17 Jul 2018 20:17:33 -0500
+Subject: ptp: fix missing break in switch
+
+From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
+
+[ Upstream commit 9ba8376ce1e2cbf4ce44f7e4bee1d0648e10d594 ]
+
+It seems that a *break* is missing in order to avoid falling through
+to the default case. Otherwise, checking *chan* makes no sense.
+
+Fixes: 72df7a7244c0 ("ptp: Allow reassigning calibration pin function")
+Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
+Acked-by: Richard Cochran <richardcochran@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/ptp/ptp_chardev.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/ptp/ptp_chardev.c
++++ b/drivers/ptp/ptp_chardev.c
+@@ -88,6 +88,7 @@ int ptp_set_pinfunc(struct ptp_clock *pt
+ case PTP_PF_PHYSYNC:
+ if (chan != 0)
+ return -EINVAL;
++ break;
+ default:
+ return -EINVAL;
+ }
alsa-rawmidi-change-resized-buffers-atomically.patch
arc-fix-config_swap.patch
arc-mm-allow-mprotect-to-make-stack-mappings-executable.patch
+ipv4-return-einval-when-ping_group_range-sysctl-doesn-t-map-to-user-ns.patch
+ptp-fix-missing-break-in-switch.patch
+net-don-t-copy-pfmemalloc-flag-in-__copy_skb_header.patch
+skbuff-unconditionally-copy-pfmemalloc-in-__skb_clone.patch
--- /dev/null
+From foo@baz Mon Jul 23 09:59:58 CEST 2018
+From: Stefano Brivio <sbrivio@redhat.com>
+Date: Fri, 13 Jul 2018 13:21:07 +0200
+Subject: skbuff: Unconditionally copy pfmemalloc in __skb_clone()
+
+From: Stefano Brivio <sbrivio@redhat.com>
+
+[ Upstream commit e78bfb0751d4e312699106ba7efbed2bab1a53ca ]
+
+Commit 8b7008620b84 ("net: Don't copy pfmemalloc flag in
+__copy_skb_header()") introduced a different handling for the
+pfmemalloc flag in copy and clone paths.
+
+In __skb_clone(), now, the flag is set only if it was set in the
+original skb, but not cleared if it wasn't. This is wrong and
+might lead to socket buffers being flagged with pfmemalloc even
+if the skb data wasn't allocated from pfmemalloc reserves. Copy
+the flag instead of ORing it.
+
+Reported-by: Sabrina Dubroca <sd@queasysnail.net>
+Fixes: 8b7008620b84 ("net: Don't copy pfmemalloc flag in __copy_skb_header()")
+Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
+Tested-by: Sabrina Dubroca <sd@queasysnail.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/skbuff.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/net/core/skbuff.c
++++ b/net/core/skbuff.c
+@@ -780,8 +780,7 @@ static struct sk_buff *__skb_clone(struc
+ n->cloned = 1;
+ n->nohdr = 0;
+ n->peeked = 0;
+- if (skb->pfmemalloc)
+- n->pfmemalloc = 1;
++ C(pfmemalloc);
+ n->destructor = NULL;
+ C(tail);
+ C(end);
projects / thirdparty / kernel / stable-queue.git / commitdiff
