--- /dev/null
+From 849adec41203ac5837c40c2d7e08490ffdef3c2c Mon Sep 17 00:00:00 2001
+From: Will Deacon <will@kernel.org>
+Date: Mon, 29 Jul 2019 11:06:17 +0100
+Subject: arm64: compat: Allow single-byte watchpoints on all addresses
+
+From: Will Deacon <will@kernel.org>
+
+commit 849adec41203ac5837c40c2d7e08490ffdef3c2c upstream.
+
+Commit d968d2b801d8 ("ARM: 7497/1: hw_breakpoint: allow single-byte
+watchpoints on all addresses") changed the validation requirements for
+hardware watchpoints on arch/arm/. Update our compat layer to implement
+the same relaxation.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/kernel/hw_breakpoint.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/arch/arm64/kernel/hw_breakpoint.c
++++ b/arch/arm64/kernel/hw_breakpoint.c
+@@ -548,13 +548,14 @@ int arch_validate_hwbkpt_settings(struct
+ /* Aligned */
+ break;
+ case 1:
+- /* Allow single byte watchpoint. */
+- if (info->ctrl.len == ARM_BREAKPOINT_LEN_1)
+- break;
+ case 2:
+ /* Allow halfword watchpoints and breakpoints. */
+ if (info->ctrl.len == ARM_BREAKPOINT_LEN_2)
+ break;
++ case 3:
++ /* Allow single byte watchpoint. */
++ if (info->ctrl.len == ARM_BREAKPOINT_LEN_1)
++ break;
+ default:
+ return -EINVAL;
+ }
--- /dev/null
+From b6143d10d23ebb4a77af311e8b8b7f019d0163e6 Mon Sep 17 00:00:00 2001
+From: Will Deacon <will@kernel.org>
+Date: Fri, 16 Aug 2019 14:57:43 +0100
+Subject: arm64: ftrace: Ensure module ftrace trampoline is coherent with I-side
+
+From: Will Deacon <will@kernel.org>
+
+commit b6143d10d23ebb4a77af311e8b8b7f019d0163e6 upstream.
+
+The initial support for dynamic ftrace trampolines in modules made use
+of an indirect branch which loaded its target from the beginning of
+a special section (e71a4e1bebaf7 ("arm64: ftrace: add support for far
+branches to dynamic ftrace")). Since no instructions were being patched,
+no cache maintenance was needed. However, later in be0f272bfc83 ("arm64:
+ftrace: emit ftrace-mod.o contents through code") this code was reworked
+to output the trampoline instructions directly into the PLT entry but,
+unfortunately, the necessary cache maintenance was overlooked.
+
+Add a call to __flush_icache_range() after writing the new trampoline
+instructions but before patching in the branch to the trampoline.
+
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: James Morse <james.morse@arm.com>
+Cc: <stable@vger.kernel.org>
+Fixes: be0f272bfc83 ("arm64: ftrace: emit ftrace-mod.o contents through code")
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ arch/arm64/kernel/ftrace.c | 21 ++++++++++++---------
+ 1 file changed, 12 insertions(+), 9 deletions(-)
+
+--- a/arch/arm64/kernel/ftrace.c
++++ b/arch/arm64/kernel/ftrace.c
+@@ -76,7 +76,7 @@ int ftrace_make_call(struct dyn_ftrace *
+
+ if (offset < -SZ_128M || offset >= SZ_128M) {
+ #ifdef CONFIG_ARM64_MODULE_PLTS
+- struct plt_entry trampoline;
++ struct plt_entry trampoline, *dst;
+ struct module *mod;
+
+ /*
+@@ -104,24 +104,27 @@ int ftrace_make_call(struct dyn_ftrace *
+ * is added in the future, but for now, the pr_err() below
+ * deals with a theoretical issue only.
+ */
++ dst = mod->arch.ftrace_trampoline;
+ trampoline = get_plt_entry(addr);
+- if (!plt_entries_equal(mod->arch.ftrace_trampoline,
+- &trampoline)) {
+- if (!plt_entries_equal(mod->arch.ftrace_trampoline,
+- &(struct plt_entry){})) {
++ if (!plt_entries_equal(dst, &trampoline)) {
++ if (!plt_entries_equal(dst, &(struct plt_entry){})) {
+ pr_err("ftrace: far branches to multiple entry points unsupported inside a single module\n");
+ return -EINVAL;
+ }
+
+ /* point the trampoline to our ftrace entry point */
+ module_disable_ro(mod);
+- *mod->arch.ftrace_trampoline = trampoline;
++ *dst = trampoline;
+ module_enable_ro(mod, true);
+
+- /* update trampoline before patching in the branch */
+- smp_wmb();
++ /*
++ * Ensure updated trampoline is visible to instruction
++ * fetch before we patch in the branch.
++ */
++ flush_icache_range((unsigned long)&dst[0],
++ (unsigned long)&dst[1]);
+ }
+- addr = (unsigned long)(void *)mod->arch.ftrace_trampoline;
++ addr = (unsigned long)dst;
+ #else /* CONFIG_ARM64_MODULE_PLTS */
+ return -EINVAL;
+ #endif /* CONFIG_ARM64_MODULE_PLTS */
--- /dev/null
+From 656c8e9cc1badbc18eefe6ba01d33ebbcae61b9a Mon Sep 17 00:00:00 2001
+From: Dirk Morris <dmorris@metaloft.com>
+Date: Thu, 8 Aug 2019 13:57:51 -0700
+Subject: netfilter: conntrack: Use consistent ct id hash calculation
+
+From: Dirk Morris <dmorris@metaloft.com>
+
+commit 656c8e9cc1badbc18eefe6ba01d33ebbcae61b9a upstream.
+
+Change ct id hash calculation to only use invariants.
+
+Currently the ct id hash calculation is based on some fields that can
+change in the lifetime on a conntrack entry in some corner cases. The
+current hash uses the whole tuple which contains an hlist pointer which
+will change when the conntrack is placed on the dying list resulting in
+a ct id change.
+
+This patch also removes the reply-side tuple and extension pointer from
+the hash calculation so that the ct id will will not change from
+initialization until confirmation.
+
+Fixes: 3c79107631db1f7 ("netfilter: ctnetlink: don't use conntrack/expect object addresses as id")
+Signed-off-by: Dirk Morris <dmorris@metaloft.com>
+Acked-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nf_conntrack_core.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+--- a/net/netfilter/nf_conntrack_core.c
++++ b/net/netfilter/nf_conntrack_core.c
+@@ -307,13 +307,12 @@ EXPORT_SYMBOL_GPL(nf_ct_invert_tuple);
+ * table location, we assume id gets exposed to userspace.
+ *
+ * Following nf_conn items do not change throughout lifetime
+- * of the nf_conn after it has been committed to main hash table:
++ * of the nf_conn:
+ *
+ * 1. nf_conn address
+- * 2. nf_conn->ext address
+- * 3. nf_conn->master address (normally NULL)
+- * 4. tuple
+- * 5. the associated net namespace
++ * 2. nf_conn->master address (normally NULL)
++ * 3. the associated net namespace
++ * 4. the original direction tuple
+ */
+ u32 nf_ct_get_id(const struct nf_conn *ct)
+ {
+@@ -323,9 +322,10 @@ u32 nf_ct_get_id(const struct nf_conn *c
+ net_get_random_once(&ct_id_seed, sizeof(ct_id_seed));
+
+ a = (unsigned long)ct;
+- b = (unsigned long)ct->master ^ net_hash_mix(nf_ct_net(ct));
+- c = (unsigned long)ct->ext;
+- d = (unsigned long)siphash(&ct->tuplehash, sizeof(ct->tuplehash),
++ b = (unsigned long)ct->master;
++ c = (unsigned long)nf_ct_net(ct);
++ d = (unsigned long)siphash(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
++ sizeof(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple),
+ &ct_id_seed);
+ #ifdef CONFIG_64BIT
+ return siphash_4u64((u64)a, (u64)b, (u64)c, (u64)d, &ct_id_seed);
usb-serial-option-add-motorola-modem-uarts.patch
bpf-fix-bpf_jit_limit-knob-for-page_size-64k.patch
revert-tcp-clear-sk_send_head-after-purging-the-writ.patch
+arm64-compat-allow-single-byte-watchpoints-on-all-addresses.patch
+arm64-ftrace-ensure-module-ftrace-trampoline-is-coherent-with-i-side.patch
+netfilter-conntrack-use-consistent-ct-id-hash-calculation.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
