From: Greg Kroah-Hartman Date: Mon, 30 Jan 2023 11:57:53 +0000 (+0100) Subject: 5.15-stable patches X-Git-Tag: v5.10.166~17 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3e43310063ccda2acf1f423a550eaa2557db2b00;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: netfilter-conntrack-unify-established-states-for-sctp-paths.patch perf-x86-amd-fix-potential-integer-overflow-on-shift-of-a-int.patch x86-i8259-mark-legacy-pic-interrupts-with-irq_level.patch --- diff --git a/queue-5.15/netfilter-conntrack-unify-established-states-for-sctp-paths.patch b/queue-5.15/netfilter-conntrack-unify-established-states-for-sctp-paths.patch new file mode 100644 index 00000000000..3b4b1fd1b8b --- /dev/null +++ b/queue-5.15/netfilter-conntrack-unify-established-states-for-sctp-paths.patch @@ -0,0 +1,244 @@ +From a44b7651489f26271ac784b70895e8a85d0cebf4 Mon Sep 17 00:00:00 2001 +From: Sriram Yagnaraman +Date: Tue, 24 Jan 2023 02:47:21 +0100 +Subject: netfilter: conntrack: unify established states for SCTP paths + +From: Sriram Yagnaraman + +commit a44b7651489f26271ac784b70895e8a85d0cebf4 upstream. + +An SCTP endpoint can start an association through a path and tear it +down over another one. That means the initial path will not see the +shutdown sequence, and the conntrack entry will remain in ESTABLISHED +state for 5 days. + +By merging the HEARTBEAT_ACKED and ESTABLISHED states into one +ESTABLISHED state, there remains no difference between a primary or +secondary path. The timeout for the merged ESTABLISHED state is set to +210 seconds (hb_interval * max_path_retrans + rto_max). So, even if a +path doesn't see the shutdown sequence, it will expire in a reasonable +amount of time. + +With this change in place, there is now more than one state from which +we can transition to ESTABLISHED, COOKIE_ECHOED and HEARTBEAT_SENT, so +handle the setting of ASSURED bit whenever a state change has happened +and the new state is ESTABLISHED. Removed the check for dir==REPLY since +the transition to ESTABLISHED can happen only in the reply direction. + +Fixes: 9fb9cbb1082d ("[NETFILTER]: Add nf_conntrack subsystem.") +Signed-off-by: Sriram Yagnaraman +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman +--- + include/uapi/linux/netfilter/nf_conntrack_sctp.h | 2 + include/uapi/linux/netfilter/nfnetlink_cttimeout.h | 2 + net/netfilter/nf_conntrack_proto_sctp.c | 93 ++++++++------------- + net/netfilter/nf_conntrack_standalone.c | 8 - + 4 files changed, 41 insertions(+), 64 deletions(-) + +--- a/include/uapi/linux/netfilter/nf_conntrack_sctp.h ++++ b/include/uapi/linux/netfilter/nf_conntrack_sctp.h +@@ -15,7 +15,7 @@ enum sctp_conntrack { + SCTP_CONNTRACK_SHUTDOWN_RECD, + SCTP_CONNTRACK_SHUTDOWN_ACK_SENT, + SCTP_CONNTRACK_HEARTBEAT_SENT, +- SCTP_CONNTRACK_HEARTBEAT_ACKED, ++ SCTP_CONNTRACK_HEARTBEAT_ACKED, /* no longer used */ + SCTP_CONNTRACK_MAX + }; + +--- a/include/uapi/linux/netfilter/nfnetlink_cttimeout.h ++++ b/include/uapi/linux/netfilter/nfnetlink_cttimeout.h +@@ -94,7 +94,7 @@ enum ctattr_timeout_sctp { + CTA_TIMEOUT_SCTP_SHUTDOWN_RECD, + CTA_TIMEOUT_SCTP_SHUTDOWN_ACK_SENT, + CTA_TIMEOUT_SCTP_HEARTBEAT_SENT, +- CTA_TIMEOUT_SCTP_HEARTBEAT_ACKED, ++ CTA_TIMEOUT_SCTP_HEARTBEAT_ACKED, /* no longer used */ + __CTA_TIMEOUT_SCTP_MAX + }; + #define CTA_TIMEOUT_SCTP_MAX (__CTA_TIMEOUT_SCTP_MAX - 1) +--- a/net/netfilter/nf_conntrack_proto_sctp.c ++++ b/net/netfilter/nf_conntrack_proto_sctp.c +@@ -27,22 +27,16 @@ + #include + #include + +-/* FIXME: Examine ipfilter's timeouts and conntrack transitions more +- closely. They're more complex. --RR +- +- And so for me for SCTP :D -Kiran */ +- + static const char *const sctp_conntrack_names[] = { +- "NONE", +- "CLOSED", +- "COOKIE_WAIT", +- "COOKIE_ECHOED", +- "ESTABLISHED", +- "SHUTDOWN_SENT", +- "SHUTDOWN_RECD", +- "SHUTDOWN_ACK_SENT", +- "HEARTBEAT_SENT", +- "HEARTBEAT_ACKED", ++ [SCTP_CONNTRACK_NONE] = "NONE", ++ [SCTP_CONNTRACK_CLOSED] = "CLOSED", ++ [SCTP_CONNTRACK_COOKIE_WAIT] = "COOKIE_WAIT", ++ [SCTP_CONNTRACK_COOKIE_ECHOED] = "COOKIE_ECHOED", ++ [SCTP_CONNTRACK_ESTABLISHED] = "ESTABLISHED", ++ [SCTP_CONNTRACK_SHUTDOWN_SENT] = "SHUTDOWN_SENT", ++ [SCTP_CONNTRACK_SHUTDOWN_RECD] = "SHUTDOWN_RECD", ++ [SCTP_CONNTRACK_SHUTDOWN_ACK_SENT] = "SHUTDOWN_ACK_SENT", ++ [SCTP_CONNTRACK_HEARTBEAT_SENT] = "HEARTBEAT_SENT", + }; + + #define SECS * HZ +@@ -54,12 +48,11 @@ static const unsigned int sctp_timeouts[ + [SCTP_CONNTRACK_CLOSED] = 10 SECS, + [SCTP_CONNTRACK_COOKIE_WAIT] = 3 SECS, + [SCTP_CONNTRACK_COOKIE_ECHOED] = 3 SECS, +- [SCTP_CONNTRACK_ESTABLISHED] = 5 DAYS, ++ [SCTP_CONNTRACK_ESTABLISHED] = 210 SECS, + [SCTP_CONNTRACK_SHUTDOWN_SENT] = 300 SECS / 1000, + [SCTP_CONNTRACK_SHUTDOWN_RECD] = 300 SECS / 1000, + [SCTP_CONNTRACK_SHUTDOWN_ACK_SENT] = 3 SECS, + [SCTP_CONNTRACK_HEARTBEAT_SENT] = 30 SECS, +- [SCTP_CONNTRACK_HEARTBEAT_ACKED] = 210 SECS, + }; + + #define SCTP_FLAG_HEARTBEAT_VTAG_FAILED 1 +@@ -73,7 +66,6 @@ static const unsigned int sctp_timeouts[ + #define sSR SCTP_CONNTRACK_SHUTDOWN_RECD + #define sSA SCTP_CONNTRACK_SHUTDOWN_ACK_SENT + #define sHS SCTP_CONNTRACK_HEARTBEAT_SENT +-#define sHA SCTP_CONNTRACK_HEARTBEAT_ACKED + #define sIV SCTP_CONNTRACK_MAX + + /* +@@ -96,9 +88,6 @@ SHUTDOWN_ACK_SENT - We have seen a SHUTD + CLOSED - We have seen a SHUTDOWN_COMPLETE chunk in the direction of + the SHUTDOWN chunk. Connection is closed. + HEARTBEAT_SENT - We have seen a HEARTBEAT in a new flow. +-HEARTBEAT_ACKED - We have seen a HEARTBEAT-ACK in the direction opposite to +- that of the HEARTBEAT chunk. Secondary connection is +- established. + */ + + /* TODO +@@ -115,33 +104,33 @@ cookie echoed to closed. + static const u8 sctp_conntracks[2][11][SCTP_CONNTRACK_MAX] = { + { + /* ORIGINAL */ +-/* sNO, sCL, sCW, sCE, sES, sSS, sSR, sSA, sHS, sHA */ +-/* init */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA, sCW, sHA}, +-/* init_ack */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA, sCL, sHA}, +-/* abort */ {sCL, sCL, sCL, sCL, sCL, sCL, sCL, sCL, sCL, sCL}, +-/* shutdown */ {sCL, sCL, sCW, sCE, sSS, sSS, sSR, sSA, sCL, sSS}, +-/* shutdown_ack */ {sSA, sCL, sCW, sCE, sES, sSA, sSA, sSA, sSA, sHA}, +-/* error */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA, sCL, sHA},/* Can't have Stale cookie*/ +-/* cookie_echo */ {sCL, sCL, sCE, sCE, sES, sSS, sSR, sSA, sCL, sHA},/* 5.2.4 - Big TODO */ +-/* cookie_ack */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA, sCL, sHA},/* Can't come in orig dir */ +-/* shutdown_comp*/ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sCL, sCL, sHA}, +-/* heartbeat */ {sHS, sCL, sCW, sCE, sES, sSS, sSR, sSA, sHS, sHA}, +-/* heartbeat_ack*/ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA, sHS, sHA} ++/* sNO, sCL, sCW, sCE, sES, sSS, sSR, sSA, sHS */ ++/* init */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA, sCW}, ++/* init_ack */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA, sCL}, ++/* abort */ {sCL, sCL, sCL, sCL, sCL, sCL, sCL, sCL, sCL}, ++/* shutdown */ {sCL, sCL, sCW, sCE, sSS, sSS, sSR, sSA, sCL}, ++/* shutdown_ack */ {sSA, sCL, sCW, sCE, sES, sSA, sSA, sSA, sSA}, ++/* error */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA, sCL},/* Can't have Stale cookie*/ ++/* cookie_echo */ {sCL, sCL, sCE, sCE, sES, sSS, sSR, sSA, sCL},/* 5.2.4 - Big TODO */ ++/* cookie_ack */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA, sCL},/* Can't come in orig dir */ ++/* shutdown_comp*/ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sCL, sCL}, ++/* heartbeat */ {sHS, sCL, sCW, sCE, sES, sSS, sSR, sSA, sHS}, ++/* heartbeat_ack*/ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA, sHS}, + }, + { + /* REPLY */ +-/* sNO, sCL, sCW, sCE, sES, sSS, sSR, sSA, sHS, sHA */ +-/* init */ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA, sIV, sHA},/* INIT in sCL Big TODO */ +-/* init_ack */ {sIV, sCW, sCW, sCE, sES, sSS, sSR, sSA, sIV, sHA}, +-/* abort */ {sIV, sCL, sCL, sCL, sCL, sCL, sCL, sCL, sIV, sCL}, +-/* shutdown */ {sIV, sCL, sCW, sCE, sSR, sSS, sSR, sSA, sIV, sSR}, +-/* shutdown_ack */ {sIV, sCL, sCW, sCE, sES, sSA, sSA, sSA, sIV, sHA}, +-/* error */ {sIV, sCL, sCW, sCL, sES, sSS, sSR, sSA, sIV, sHA}, +-/* cookie_echo */ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA, sIV, sHA},/* Can't come in reply dir */ +-/* cookie_ack */ {sIV, sCL, sCW, sES, sES, sSS, sSR, sSA, sIV, sHA}, +-/* shutdown_comp*/ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sCL, sIV, sHA}, +-/* heartbeat */ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA, sHS, sHA}, +-/* heartbeat_ack*/ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA, sHA, sHA} ++/* sNO, sCL, sCW, sCE, sES, sSS, sSR, sSA, sHS */ ++/* init */ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA, sIV},/* INIT in sCL Big TODO */ ++/* init_ack */ {sIV, sCW, sCW, sCE, sES, sSS, sSR, sSA, sIV}, ++/* abort */ {sIV, sCL, sCL, sCL, sCL, sCL, sCL, sCL, sIV}, ++/* shutdown */ {sIV, sCL, sCW, sCE, sSR, sSS, sSR, sSA, sIV}, ++/* shutdown_ack */ {sIV, sCL, sCW, sCE, sES, sSA, sSA, sSA, sIV}, ++/* error */ {sIV, sCL, sCW, sCL, sES, sSS, sSR, sSA, sIV}, ++/* cookie_echo */ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA, sIV},/* Can't come in reply dir */ ++/* cookie_ack */ {sIV, sCL, sCW, sES, sES, sSS, sSR, sSA, sIV}, ++/* shutdown_comp*/ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sCL, sIV}, ++/* heartbeat */ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA, sHS}, ++/* heartbeat_ack*/ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA, sES}, + } + }; + +@@ -508,8 +497,12 @@ int nf_conntrack_sctp_packet(struct nf_c + } + + ct->proto.sctp.state = new_state; +- if (old_state != new_state) ++ if (old_state != new_state) { + nf_conntrack_event_cache(IPCT_PROTOINFO, ct); ++ if (new_state == SCTP_CONNTRACK_ESTABLISHED && ++ !test_and_set_bit(IPS_ASSURED_BIT, &ct->status)) ++ nf_conntrack_event_cache(IPCT_ASSURED, ct); ++ } + } + spin_unlock_bh(&ct->lock); + +@@ -523,14 +516,6 @@ int nf_conntrack_sctp_packet(struct nf_c + + nf_ct_refresh_acct(ct, ctinfo, skb, timeouts[new_state]); + +- if (old_state == SCTP_CONNTRACK_COOKIE_ECHOED && +- dir == IP_CT_DIR_REPLY && +- new_state == SCTP_CONNTRACK_ESTABLISHED) { +- pr_debug("Setting assured bit\n"); +- set_bit(IPS_ASSURED_BIT, &ct->status); +- nf_conntrack_event_cache(IPCT_ASSURED, ct); +- } +- + return NF_ACCEPT; + + out_unlock: +--- a/net/netfilter/nf_conntrack_standalone.c ++++ b/net/netfilter/nf_conntrack_standalone.c +@@ -599,7 +599,6 @@ enum nf_ct_sysctl_index { + NF_SYSCTL_CT_PROTO_TIMEOUT_SCTP_SHUTDOWN_RECD, + NF_SYSCTL_CT_PROTO_TIMEOUT_SCTP_SHUTDOWN_ACK_SENT, + NF_SYSCTL_CT_PROTO_TIMEOUT_SCTP_HEARTBEAT_SENT, +- NF_SYSCTL_CT_PROTO_TIMEOUT_SCTP_HEARTBEAT_ACKED, + #endif + #ifdef CONFIG_NF_CT_PROTO_DCCP + NF_SYSCTL_CT_PROTO_TIMEOUT_DCCP_REQUEST, +@@ -892,12 +891,6 @@ static struct ctl_table nf_ct_sysctl_tab + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, +- [NF_SYSCTL_CT_PROTO_TIMEOUT_SCTP_HEARTBEAT_ACKED] = { +- .procname = "nf_conntrack_sctp_timeout_heartbeat_acked", +- .maxlen = sizeof(unsigned int), +- .mode = 0644, +- .proc_handler = proc_dointvec_jiffies, +- }, + #endif + #ifdef CONFIG_NF_CT_PROTO_DCCP + [NF_SYSCTL_CT_PROTO_TIMEOUT_DCCP_REQUEST] = { +@@ -1041,7 +1034,6 @@ static void nf_conntrack_standalone_init + XASSIGN(SHUTDOWN_RECD, sn); + XASSIGN(SHUTDOWN_ACK_SENT, sn); + XASSIGN(HEARTBEAT_SENT, sn); +- XASSIGN(HEARTBEAT_ACKED, sn); + #undef XASSIGN + #endif + } diff --git a/queue-5.15/perf-x86-amd-fix-potential-integer-overflow-on-shift-of-a-int.patch b/queue-5.15/perf-x86-amd-fix-potential-integer-overflow-on-shift-of-a-int.patch new file mode 100644 index 00000000000..0970e34fb6b --- /dev/null +++ b/queue-5.15/perf-x86-amd-fix-potential-integer-overflow-on-shift-of-a-int.patch @@ -0,0 +1,36 @@ +From 08245672cdc6505550d1a5020603b0a8d4a6dcc7 Mon Sep 17 00:00:00 2001 +From: Colin Ian King +Date: Fri, 2 Dec 2022 13:51:49 +0000 +Subject: perf/x86/amd: fix potential integer overflow on shift of a int + +From: Colin Ian King + +commit 08245672cdc6505550d1a5020603b0a8d4a6dcc7 upstream. + +The left shift of int 32 bit integer constant 1 is evaluated using 32 bit +arithmetic and then passed as a 64 bit function argument. In the case where +i is 32 or more this can lead to an overflow. Avoid this by shifting +using the BIT_ULL macro instead. + +Fixes: 471af006a747 ("perf/x86/amd: Constrain Large Increment per Cycle events") +Signed-off-by: Colin Ian King +Signed-off-by: Peter Zijlstra (Intel) +Acked-by: Ian Rogers +Acked-by: Kim Phillips +Link: https://lore.kernel.org/r/20221202135149.1797974-1-colin.i.king@gmail.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/events/amd/core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/events/amd/core.c ++++ b/arch/x86/events/amd/core.c +@@ -976,7 +976,7 @@ static int __init amd_core_pmu_init(void + * numbered counter following it. + */ + for (i = 0; i < x86_pmu.num_counters - 1; i += 2) +- even_ctr_mask |= 1 << i; ++ even_ctr_mask |= BIT_ULL(i); + + pair_constraint = (struct event_constraint) + __EVENT_CONSTRAINT(0, even_ctr_mask, 0, diff --git a/queue-5.15/series b/queue-5.15/series index 4b836fd5a1a..5e643ab73bb 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -199,3 +199,6 @@ cpufreq-move-to_gov_attr_set-to-cpufreq.h.patch cpufreq-governor-use-kobject-release-method-to-free-dbs_data.patch kbuild-allow-kernel-installation-packaging-to-override-pkg-config.patch block-fix-and-cleanup-bio_check_ro.patch +x86-i8259-mark-legacy-pic-interrupts-with-irq_level.patch +netfilter-conntrack-unify-established-states-for-sctp-paths.patch +perf-x86-amd-fix-potential-integer-overflow-on-shift-of-a-int.patch diff --git a/queue-5.15/x86-i8259-mark-legacy-pic-interrupts-with-irq_level.patch b/queue-5.15/x86-i8259-mark-legacy-pic-interrupts-with-irq_level.patch new file mode 100644 index 00000000000..3ca0af2d6d7 --- /dev/null +++ b/queue-5.15/x86-i8259-mark-legacy-pic-interrupts-with-irq_level.patch @@ -0,0 +1,61 @@ +From 5fa55950729d0762a787451dc52862c3f850f859 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Mon, 9 Jan 2023 22:57:13 +0100 +Subject: x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL + +From: Thomas Gleixner + +commit 5fa55950729d0762a787451dc52862c3f850f859 upstream. + +Baoquan reported that after triggering a crash the subsequent crash-kernel +fails to boot about half of the time. It triggers a NULL pointer +dereference in the periodic tick code. + +This happens because the legacy timer interrupt (IRQ0) is resent in +software which happens in soft interrupt (tasklet) context. In this context +get_irq_regs() returns NULL which leads to the NULL pointer dereference. + +The reason for the resend is a spurious APIC interrupt on the IRQ0 vector +which is captured and leads to a resend when the legacy timer interrupt is +enabled. This is wrong because the legacy PIC interrupts are level +triggered and therefore should never be resent in software, but nothing +ever sets the IRQ_LEVEL flag on those interrupts, so the core code does not +know about their trigger type. + +Ensure that IRQ_LEVEL is set when the legacy PCI interrupts are set up. + +Fixes: a4633adcdbc1 ("[PATCH] genirq: add genirq sw IRQ-retrigger") +Reported-by: Baoquan He +Signed-off-by: Thomas Gleixner +Tested-by: Baoquan He +Link: https://lore.kernel.org/r/87mt6rjrra.ffs@tglx +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/i8259.c | 1 + + arch/x86/kernel/irqinit.c | 4 +++- + 2 files changed, 4 insertions(+), 1 deletion(-) + +--- a/arch/x86/kernel/i8259.c ++++ b/arch/x86/kernel/i8259.c +@@ -114,6 +114,7 @@ static void make_8259A_irq(unsigned int + disable_irq_nosync(irq); + io_apic_irqs &= ~(1<init(0); + +- for (i = 0; i < nr_legacy_irqs(); i++) ++ for (i = 0; i < nr_legacy_irqs(); i++) { + irq_set_chip_and_handler(i, chip, handle_level_irq); ++ irq_set_status_flags(i, IRQ_LEVEL); ++ } + } + + void __init init_IRQ(void)