From: Greg Kroah-Hartman Date: Mon, 16 Mar 2020 14:28:38 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v4.19.111~20 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4188834a1e4e530b40486a9be39d3dcb9a8d1a47;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: i2c-acpi-put-device-when-verifying-client-fails.patch iommu-amd-fix-iommu-avic-not-properly-update-the-is_run-bit-in-irte.patch iommu-vt-d-fix-the-wrong-printing-in-rhsa-parsing.patch iommu-vt-d-ignore-devices-with-out-of-spec-domain-number.patch netfilter-nf_tables-dump-nfta_chain_flags-attribute.patch netfilter-nft_chain_nat-inet-family-is-missing-module-ownership.patch netfilter-nft_payload-add-missing-attribute-validation-for-payload-csum-flags.patch netfilter-nft_tunnel-add-missing-attribute-validation-for-tunnels.patch --- diff --git a/queue-5.4/i2c-acpi-put-device-when-verifying-client-fails.patch b/queue-5.4/i2c-acpi-put-device-when-verifying-client-fails.patch new file mode 100644 index 00000000000..21600a7d4a1 --- /dev/null +++ b/queue-5.4/i2c-acpi-put-device-when-verifying-client-fails.patch @@ -0,0 +1,46 @@ +From 8daee952b4389729358665fb91949460641659d4 Mon Sep 17 00:00:00 2001 +From: Wolfram Sang +Date: Thu, 12 Mar 2020 14:32:44 +0100 +Subject: i2c: acpi: put device when verifying client fails + +From: Wolfram Sang + +commit 8daee952b4389729358665fb91949460641659d4 upstream. + +i2c_verify_client() can fail, so we need to put the device when that +happens. + +Fixes: 525e6fabeae2 ("i2c / ACPI: add support for ACPI reconfigure notifications") +Reported-by: Geert Uytterhoeven +Signed-off-by: Wolfram Sang +Reviewed-by: Geert Uytterhoeven +Reviewed-by: Andy Shevchenko +Acked-by: Mika Westerberg +Signed-off-by: Wolfram Sang +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/i2c/i2c-core-acpi.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/drivers/i2c/i2c-core-acpi.c ++++ b/drivers/i2c/i2c-core-acpi.c +@@ -394,9 +394,17 @@ EXPORT_SYMBOL_GPL(i2c_acpi_find_adapter_ + static struct i2c_client *i2c_acpi_find_client_by_adev(struct acpi_device *adev) + { + struct device *dev; ++ struct i2c_client *client; + + dev = bus_find_device_by_acpi_dev(&i2c_bus_type, adev); +- return dev ? i2c_verify_client(dev) : NULL; ++ if (!dev) ++ return NULL; ++ ++ client = i2c_verify_client(dev); ++ if (!client) ++ put_device(dev); ++ ++ return client; + } + + static int i2c_acpi_notify(struct notifier_block *nb, unsigned long value, diff --git a/queue-5.4/iommu-amd-fix-iommu-avic-not-properly-update-the-is_run-bit-in-irte.patch b/queue-5.4/iommu-amd-fix-iommu-avic-not-properly-update-the-is_run-bit-in-irte.patch new file mode 100644 index 00000000000..a6505bc7409 --- /dev/null +++ b/queue-5.4/iommu-amd-fix-iommu-avic-not-properly-update-the-is_run-bit-in-irte.patch @@ -0,0 +1,50 @@ +From 730ad0ede130015a773229573559e97ba0943065 Mon Sep 17 00:00:00 2001 +From: Suravee Suthikulpanit +Date: Thu, 12 Mar 2020 05:18:39 -0500 +Subject: iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE + +From: Suravee Suthikulpanit + +commit 730ad0ede130015a773229573559e97ba0943065 upstream. + +Commit b9c6ff94e43a ("iommu/amd: Re-factor guest virtual APIC +(de-)activation code") accidentally left out the ir_data pointer when +calling modity_irte_ga(), which causes the function amd_iommu_update_ga() +to return prematurely due to struct amd_ir_data.ref is NULL and +the "is_run" bit of IRTE does not get updated properly. + +This results in bad I/O performance since IOMMU AVIC always generate GA Log +entry and notify IOMMU driver and KVM when it receives interrupt from the +PCI pass-through device instead of directly inject interrupt to the vCPU. + +Fixes by passing ir_data when calling modify_irte_ga() as done previously. + +Fixes: b9c6ff94e43a ("iommu/amd: Re-factor guest virtual APIC (de-)activation code") +Signed-off-by: Suravee Suthikulpanit +Signed-off-by: Joerg Roedel +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/iommu/amd_iommu.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/iommu/amd_iommu.c ++++ b/drivers/iommu/amd_iommu.c +@@ -4421,7 +4421,7 @@ int amd_iommu_activate_guest_mode(void * + entry->lo.fields_vapic.ga_tag = ir_data->ga_tag; + + return modify_irte_ga(ir_data->irq_2_irte.devid, +- ir_data->irq_2_irte.index, entry, NULL); ++ ir_data->irq_2_irte.index, entry, ir_data); + } + EXPORT_SYMBOL(amd_iommu_activate_guest_mode); + +@@ -4447,7 +4447,7 @@ int amd_iommu_deactivate_guest_mode(void + APICID_TO_IRTE_DEST_HI(cfg->dest_apicid); + + return modify_irte_ga(ir_data->irq_2_irte.devid, +- ir_data->irq_2_irte.index, entry, NULL); ++ ir_data->irq_2_irte.index, entry, ir_data); + } + EXPORT_SYMBOL(amd_iommu_deactivate_guest_mode); + diff --git a/queue-5.4/iommu-vt-d-fix-the-wrong-printing-in-rhsa-parsing.patch b/queue-5.4/iommu-vt-d-fix-the-wrong-printing-in-rhsa-parsing.patch new file mode 100644 index 00000000000..15cfe875b8b --- /dev/null +++ b/queue-5.4/iommu-vt-d-fix-the-wrong-printing-in-rhsa-parsing.patch @@ -0,0 +1,36 @@ +From b0bb0c22c4db623f2e7b1a471596fbf1c22c6dc5 Mon Sep 17 00:00:00 2001 +From: Zhenzhong Duan +Date: Thu, 12 Mar 2020 14:09:54 +0800 +Subject: iommu/vt-d: Fix the wrong printing in RHSA parsing + +From: Zhenzhong Duan + +commit b0bb0c22c4db623f2e7b1a471596fbf1c22c6dc5 upstream. + +When base address in RHSA structure doesn't match base address in +each DRHD structure, the base address in last DRHD is printed out. + +This doesn't make sense when there are multiple DRHD units, fix it +by printing the buggy RHSA's base address. + +Signed-off-by: Lu Baolu +Signed-off-by: Zhenzhong Duan +Fixes: fd0c8894893cb ("intel-iommu: Set a more specific taint flag for invalid BIOS DMAR tables") +Signed-off-by: Joerg Roedel +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/iommu/dmar.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/iommu/dmar.c ++++ b/drivers/iommu/dmar.c +@@ -475,7 +475,7 @@ static int dmar_parse_one_rhsa(struct ac + pr_warn(FW_BUG + "Your BIOS is broken; RHSA refers to non-existent DMAR unit at %llx\n" + "BIOS vendor: %s; Ver: %s; Product Version: %s\n", +- drhd->reg_base_addr, ++ rhsa->base_address, + dmi_get_system_info(DMI_BIOS_VENDOR), + dmi_get_system_info(DMI_BIOS_VERSION), + dmi_get_system_info(DMI_PRODUCT_VERSION)); diff --git a/queue-5.4/iommu-vt-d-ignore-devices-with-out-of-spec-domain-number.patch b/queue-5.4/iommu-vt-d-ignore-devices-with-out-of-spec-domain-number.patch new file mode 100644 index 00000000000..e37dc6f7205 --- /dev/null +++ b/queue-5.4/iommu-vt-d-ignore-devices-with-out-of-spec-domain-number.patch @@ -0,0 +1,70 @@ +From da72a379b2ec0bad3eb265787f7008bead0b040c Mon Sep 17 00:00:00 2001 +From: Daniel Drake +Date: Thu, 12 Mar 2020 14:09:55 +0800 +Subject: iommu/vt-d: Ignore devices with out-of-spec domain number +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Daniel Drake + +commit da72a379b2ec0bad3eb265787f7008bead0b040c upstream. + +VMD subdevices are created with a PCI domain ID of 0x10000 or +higher. + +These subdevices are also handled like all other PCI devices by +dmar_pci_bus_notifier(). + +However, when dmar_alloc_pci_notify_info() take records of such devices, +it will truncate the domain ID to a u16 value (in info->seg). +The device at (e.g.) 10000:00:02.0 is then treated by the DMAR code as if +it is 0000:00:02.0. + +In the unlucky event that a real device also exists at 0000:00:02.0 and +also has a device-specific entry in the DMAR table, +dmar_insert_dev_scope() will crash on: +   BUG_ON(i >= devices_cnt); + +That's basically a sanity check that only one PCI device matches a +single DMAR entry; in this case we seem to have two matching devices. + +Fix this by ignoring devices that have a domain number higher than +what can be looked up in the DMAR table. + +This problem was carefully diagnosed by Jian-Hong Pan. + +Signed-off-by: Lu Baolu +Signed-off-by: Daniel Drake +Fixes: 59ce0515cdaf3 ("iommu/vt-d: Update DRHD/RMRR/ATSR device scope caches when PCI hotplug happens") +Signed-off-by: Joerg Roedel +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/iommu/dmar.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/drivers/iommu/dmar.c ++++ b/drivers/iommu/dmar.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -128,6 +129,13 @@ dmar_alloc_pci_notify_info(struct pci_de + + BUG_ON(dev->is_virtfn); + ++ /* ++ * Ignore devices that have a domain number higher than what can ++ * be looked up in DMAR, e.g. VMD subdevices with domain 0x10000 ++ */ ++ if (pci_domain_nr(dev->bus) > U16_MAX) ++ return NULL; ++ + /* Only generate path[] for device addition event */ + if (event == BUS_NOTIFY_ADD_DEVICE) + for (tmp = dev; tmp; tmp = tmp->bus->self) diff --git a/queue-5.4/netfilter-nf_tables-dump-nfta_chain_flags-attribute.patch b/queue-5.4/netfilter-nf_tables-dump-nfta_chain_flags-attribute.patch new file mode 100644 index 00000000000..3e3f436b7bf --- /dev/null +++ b/queue-5.4/netfilter-nf_tables-dump-nfta_chain_flags-attribute.patch @@ -0,0 +1,34 @@ +From d78008de6103c708171baff9650a7862645d23b0 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso +Date: Tue, 3 Mar 2020 15:02:45 +0100 +Subject: netfilter: nf_tables: dump NFTA_CHAIN_FLAGS attribute + +From: Pablo Neira Ayuso + +commit d78008de6103c708171baff9650a7862645d23b0 upstream. + +Missing NFTA_CHAIN_FLAGS netlink attribute when dumping basechain +definitions. + +Fixes: c9626a2cbdb2 ("netfilter: nf_tables: add hardware offload support") +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nf_tables_api.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -1309,6 +1309,11 @@ static int nf_tables_fill_chain_info(str + lockdep_commit_lock_is_held(net)); + if (nft_dump_stats(skb, stats)) + goto nla_put_failure; ++ ++ if ((chain->flags & NFT_CHAIN_HW_OFFLOAD) && ++ nla_put_be32(skb, NFTA_CHAIN_FLAGS, ++ htonl(NFT_CHAIN_HW_OFFLOAD))) ++ goto nla_put_failure; + } + + if (nla_put_be32(skb, NFTA_CHAIN_USE, htonl(chain->use))) diff --git a/queue-5.4/netfilter-nft_chain_nat-inet-family-is-missing-module-ownership.patch b/queue-5.4/netfilter-nft_chain_nat-inet-family-is-missing-module-ownership.patch new file mode 100644 index 00000000000..b6c61e77814 --- /dev/null +++ b/queue-5.4/netfilter-nft_chain_nat-inet-family-is-missing-module-ownership.patch @@ -0,0 +1,60 @@ +From 6a42cefb25d8bdc1b391f4a53c78c32164eea2dd Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso +Date: Fri, 6 Mar 2020 17:37:28 +0100 +Subject: netfilter: nft_chain_nat: inet family is missing module ownership + +From: Pablo Neira Ayuso + +commit 6a42cefb25d8bdc1b391f4a53c78c32164eea2dd upstream. + +Set owner to THIS_MODULE, otherwise the nft_chain_nat module might be +removed while there are still inet/nat chains in place. + +[ 117.942096] BUG: unable to handle page fault for address: ffffffffa0d5e040 +[ 117.942101] #PF: supervisor read access in kernel mode +[ 117.942103] #PF: error_code(0x0000) - not-present page +[ 117.942106] PGD 200c067 P4D 200c067 PUD 200d063 PMD 3dc909067 PTE 0 +[ 117.942113] Oops: 0000 [#1] PREEMPT SMP PTI +[ 117.942118] CPU: 3 PID: 27 Comm: kworker/3:0 Not tainted 5.6.0-rc3+ #348 +[ 117.942133] Workqueue: events nf_tables_trans_destroy_work [nf_tables] +[ 117.942145] RIP: 0010:nf_tables_chain_destroy.isra.0+0x94/0x15a [nf_tables] +[ 117.942149] Code: f6 45 54 01 0f 84 d1 00 00 00 80 3b 05 74 44 48 8b 75 e8 48 c7 c7 72 be de a0 e8 56 e6 2d e0 48 8b 45 e8 48 c7 c7 7f be de a0 <48> 8b 30 e8 43 e6 2d e0 48 8b 45 e8 48 8b 40 10 48 85 c0 74 5b 8b +[ 117.942152] RSP: 0018:ffffc9000015be10 EFLAGS: 00010292 +[ 117.942155] RAX: ffffffffa0d5e040 RBX: ffff88840be87fc2 RCX: 0000000000000007 +[ 117.942158] RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffffffffa0debe7f +[ 117.942160] RBP: ffff888403b54b50 R08: 0000000000001482 R09: 0000000000000004 +[ 117.942162] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8883eda7e540 +[ 117.942164] R13: dead000000000122 R14: dead000000000100 R15: ffff888403b3db80 +[ 117.942167] FS: 0000000000000000(0000) GS:ffff88840e4c0000(0000) knlGS:0000000000000000 +[ 117.942169] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 117.942172] CR2: ffffffffa0d5e040 CR3: 00000003e4c52002 CR4: 00000000001606e0 +[ 117.942174] Call Trace: +[ 117.942188] nf_tables_trans_destroy_work.cold+0xd/0x12 [nf_tables] +[ 117.942196] process_one_work+0x1d6/0x3b0 +[ 117.942200] worker_thread+0x45/0x3c0 +[ 117.942203] ? process_one_work+0x3b0/0x3b0 +[ 117.942210] kthread+0x112/0x130 +[ 117.942214] ? kthread_create_worker_on_cpu+0x40/0x40 +[ 117.942221] ret_from_fork+0x35/0x40 + +nf_tables_chain_destroy() crashes on module_put() because the module is +gone. + +Fixes: d164385ec572 ("netfilter: nat: add inet family nat support") +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nft_chain_nat.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/netfilter/nft_chain_nat.c ++++ b/net/netfilter/nft_chain_nat.c +@@ -89,6 +89,7 @@ static const struct nft_chain_type nft_c + .name = "nat", + .type = NFT_CHAIN_T_NAT, + .family = NFPROTO_INET, ++ .owner = THIS_MODULE, + .hook_mask = (1 << NF_INET_PRE_ROUTING) | + (1 << NF_INET_LOCAL_IN) | + (1 << NF_INET_LOCAL_OUT) | diff --git a/queue-5.4/netfilter-nft_payload-add-missing-attribute-validation-for-payload-csum-flags.patch b/queue-5.4/netfilter-nft_payload-add-missing-attribute-validation-for-payload-csum-flags.patch new file mode 100644 index 00000000000..812a96f2ef6 --- /dev/null +++ b/queue-5.4/netfilter-nft_payload-add-missing-attribute-validation-for-payload-csum-flags.patch @@ -0,0 +1,31 @@ +From 9d6effb2f1523eb84516e44213c00f2fd9e6afff Mon Sep 17 00:00:00 2001 +From: Jakub Kicinski +Date: Mon, 2 Mar 2020 21:08:32 -0800 +Subject: netfilter: nft_payload: add missing attribute validation for payload csum flags + +From: Jakub Kicinski + +commit 9d6effb2f1523eb84516e44213c00f2fd9e6afff upstream. + +Add missing attribute validation for NFTA_PAYLOAD_CSUM_FLAGS +to the netlink policy. + +Fixes: 1814096980bb ("netfilter: nft_payload: layer 4 checksum adjustment for pseudoheader fields") +Signed-off-by: Jakub Kicinski +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nft_payload.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/netfilter/nft_payload.c ++++ b/net/netfilter/nft_payload.c +@@ -121,6 +121,7 @@ static const struct nla_policy nft_paylo + [NFTA_PAYLOAD_LEN] = { .type = NLA_U32 }, + [NFTA_PAYLOAD_CSUM_TYPE] = { .type = NLA_U32 }, + [NFTA_PAYLOAD_CSUM_OFFSET] = { .type = NLA_U32 }, ++ [NFTA_PAYLOAD_CSUM_FLAGS] = { .type = NLA_U32 }, + }; + + static int nft_payload_init(const struct nft_ctx *ctx, diff --git a/queue-5.4/netfilter-nft_tunnel-add-missing-attribute-validation-for-tunnels.patch b/queue-5.4/netfilter-nft_tunnel-add-missing-attribute-validation-for-tunnels.patch new file mode 100644 index 00000000000..b47b1bbddfe --- /dev/null +++ b/queue-5.4/netfilter-nft_tunnel-add-missing-attribute-validation-for-tunnels.patch @@ -0,0 +1,32 @@ +From 88a637719a1570705c02cacb3297af164b1714e7 Mon Sep 17 00:00:00 2001 +From: Jakub Kicinski +Date: Mon, 2 Mar 2020 21:08:33 -0800 +Subject: netfilter: nft_tunnel: add missing attribute validation for tunnels + +From: Jakub Kicinski + +commit 88a637719a1570705c02cacb3297af164b1714e7 upstream. + +Add missing attribute validation for tunnel source and +destination ports to the netlink policy. + +Fixes: af308b94a2a4 ("netfilter: nf_tables: add tunnel support") +Signed-off-by: Jakub Kicinski +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nft_tunnel.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/netfilter/nft_tunnel.c ++++ b/net/netfilter/nft_tunnel.c +@@ -339,6 +339,8 @@ static const struct nla_policy nft_tunne + [NFTA_TUNNEL_KEY_FLAGS] = { .type = NLA_U32, }, + [NFTA_TUNNEL_KEY_TOS] = { .type = NLA_U8, }, + [NFTA_TUNNEL_KEY_TTL] = { .type = NLA_U8, }, ++ [NFTA_TUNNEL_KEY_SPORT] = { .type = NLA_U16, }, ++ [NFTA_TUNNEL_KEY_DPORT] = { .type = NLA_U16, }, + [NFTA_TUNNEL_KEY_OPTS] = { .type = NLA_NESTED, }, + }; + diff --git a/queue-5.4/series b/queue-5.4/series index 1a62ea8d97e..8ed0157b6dd 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -111,3 +111,11 @@ nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch nl80211-add-missing-attribute-validation-for-channel-switch.patch perf-bench-futex-wake-restore-thread-count-default-to-online-cpu-count.patch netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch +netfilter-nft_payload-add-missing-attribute-validation-for-payload-csum-flags.patch +netfilter-nft_tunnel-add-missing-attribute-validation-for-tunnels.patch +netfilter-nf_tables-dump-nfta_chain_flags-attribute.patch +netfilter-nft_chain_nat-inet-family-is-missing-module-ownership.patch +iommu-vt-d-fix-the-wrong-printing-in-rhsa-parsing.patch +iommu-vt-d-ignore-devices-with-out-of-spec-domain-number.patch +i2c-acpi-put-device-when-verifying-client-fails.patch +iommu-amd-fix-iommu-avic-not-properly-update-the-is_run-bit-in-irte.patch