From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 29 Jan 2022 14:48:02 +0000 (+0100)
Subject: 5.4-stable patches
X-Git-Tag: v5.4.176~84
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5d89b6522a9e1a0dbb1bf976d243ea1d08379bf5;p=thirdparty%2Fkernel%2Fstable-queue.git

5.4-stable patches

added patches:
	arm64-errata-fix-exec-handling-in-erratum-1418040-workaround.patch
	netfilter-nft_payload-do-not-update-layer-4-checksum-when-mangling-fragments.patch
---

diff --git a/queue-5.4/arm64-errata-fix-exec-handling-in-erratum-1418040-workaround.patch b/queue-5.4/arm64-errata-fix-exec-handling-in-erratum-1418040-workaround.patch
new file mode 100644
index 00000000000..f3ae598e77f
--- /dev/null
+++ b/queue-5.4/arm64-errata-fix-exec-handling-in-erratum-1418040-workaround.patch
@@ -0,0 +1,102 @@
+From 38e0257e0e6f4fef2aa2966b089b56a8b1cfb75c Mon Sep 17 00:00:00 2001
+From: D Scott Phillips <scott@os.amperecomputing.com>
+Date: Mon, 20 Dec 2021 15:41:14 -0800
+Subject: arm64: errata: Fix exec handling in erratum 1418040 workaround
+
+From: D Scott Phillips <scott@os.amperecomputing.com>
+
+commit 38e0257e0e6f4fef2aa2966b089b56a8b1cfb75c upstream.
+
+The erratum 1418040 workaround enables CNTVCT_EL1 access trapping in EL0
+when executing compat threads. The workaround is applied when switching
+between tasks, but the need for the workaround could also change at an
+exec(), when a non-compat task execs a compat binary or vice versa. Apply
+the workaround in arch_setup_new_exec().
+
+This leaves a small window of time between SET_PERSONALITY and
+arch_setup_new_exec where preemption could occur and confuse the old
+workaround logic that compares TIF_32BIT between prev and next. Instead, we
+can just read cntkctl to make sure it's in the state that the next task
+needs. I measured cntkctl read time to be about the same as a mov from a
+general-purpose register on N1. Update the workaround logic to examine the
+current value of cntkctl instead of the previous task's compat state.
+
+Fixes: d49f7d7376d0 ("arm64: Move handling of erratum 1418040 into C code")
+Cc: <stable@vger.kernel.org> # 5.9.x
+Signed-off-by: D Scott Phillips <scott@os.amperecomputing.com>
+Reviewed-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/20211220234114.3926-1-scott@os.amperecomputing.com
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/kernel/process.c |   39 ++++++++++++++++-----------------------
+ 1 file changed, 16 insertions(+), 23 deletions(-)
+
+--- a/arch/arm64/kernel/process.c
++++ b/arch/arm64/kernel/process.c
+@@ -500,34 +500,26 @@ static void entry_task_switch(struct tas
+ 
+ /*
+  * ARM erratum 1418040 handling, affecting the 32bit view of CNTVCT.
+- * Assuming the virtual counter is enabled at the beginning of times:
+- *
+- * - disable access when switching from a 64bit task to a 32bit task
+- * - enable access when switching from a 32bit task to a 64bit task
++ * Ensure access is disabled when switching to a 32bit task, ensure
++ * access is enabled when switching to a 64bit task.
+  */
+-static void erratum_1418040_thread_switch(struct task_struct *prev,
+-					  struct task_struct *next)
++static void erratum_1418040_thread_switch(struct task_struct *next)
+ {
+-	bool prev32, next32;
+-	u64 val;
+-
+-	if (!IS_ENABLED(CONFIG_ARM64_ERRATUM_1418040))
+-		return;
+-
+-	prev32 = is_compat_thread(task_thread_info(prev));
+-	next32 = is_compat_thread(task_thread_info(next));
+-
+-	if (prev32 == next32 || !this_cpu_has_cap(ARM64_WORKAROUND_1418040))
++	if (!IS_ENABLED(CONFIG_ARM64_ERRATUM_1418040) ||
++	    !this_cpu_has_cap(ARM64_WORKAROUND_1418040))
+ 		return;
+ 
+-	val = read_sysreg(cntkctl_el1);
+-
+-	if (!next32)
+-		val |= ARCH_TIMER_USR_VCT_ACCESS_EN;
++	if (is_compat_thread(task_thread_info(next)))
++		sysreg_clear_set(cntkctl_el1, ARCH_TIMER_USR_VCT_ACCESS_EN, 0);
+ 	else
+-		val &= ~ARCH_TIMER_USR_VCT_ACCESS_EN;
++		sysreg_clear_set(cntkctl_el1, 0, ARCH_TIMER_USR_VCT_ACCESS_EN);
++}
+ 
+-	write_sysreg(val, cntkctl_el1);
++static void erratum_1418040_new_exec(void)
++{
++	preempt_disable();
++	erratum_1418040_thread_switch(current);
++	preempt_enable();
+ }
+ 
+ /*
+@@ -546,7 +538,7 @@ __notrace_funcgraph struct task_struct *
+ 	uao_thread_switch(next);
+ 	ptrauth_thread_switch(next);
+ 	ssbs_thread_switch(next);
+-	erratum_1418040_thread_switch(prev, next);
++	erratum_1418040_thread_switch(next);
+ 
+ 	/*
+ 	 * Complete any pending TLB or cache maintenance on this CPU in case
+@@ -605,6 +597,7 @@ void arch_setup_new_exec(void)
+ 	current->mm->context.flags = is_compat_task() ? MMCF_AARCH32 : 0;
+ 
+ 	ptrauth_thread_init_user(current);
++	erratum_1418040_new_exec();
+ }
+ 
+ #ifdef CONFIG_ARM64_TAGGED_ADDR_ABI
diff --git a/queue-5.4/netfilter-nft_payload-do-not-update-layer-4-checksum-when-mangling-fragments.patch b/queue-5.4/netfilter-nft_payload-do-not-update-layer-4-checksum-when-mangling-fragments.patch
new file mode 100644
index 00000000000..44eb40e0b08
--- /dev/null
+++ b/queue-5.4/netfilter-nft_payload-do-not-update-layer-4-checksum-when-mangling-fragments.patch
@@ -0,0 +1,33 @@
+From 4e1860a3863707e8177329c006d10f9e37e097a8 Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Wed, 5 Jan 2022 16:09:57 +0100
+Subject: netfilter: nft_payload: do not update layer 4 checksum when mangling fragments
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 4e1860a3863707e8177329c006d10f9e37e097a8 upstream.
+
+IP fragments do not come with the transport header, hence skip bogus
+layer 4 checksum updates.
+
+Fixes: 1814096980bb ("netfilter: nft_payload: layer 4 checksum adjustment for pseudoheader fields")
+Reported-and-tested-by: Steffen Weinreich <steve@weinreich.org>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nft_payload.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/net/netfilter/nft_payload.c
++++ b/net/netfilter/nft_payload.c
+@@ -420,6 +420,9 @@ static int nft_payload_l4csum_offset(con
+ 				     struct sk_buff *skb,
+ 				     unsigned int *l4csum_offset)
+ {
++	if (pkt->xt.fragoff)
++		return -1;
++
+ 	switch (pkt->tprot) {
+ 	case IPPROTO_TCP:
+ 		*l4csum_offset = offsetof(struct tcphdr, check);
diff --git a/queue-5.4/series b/queue-5.4/series
index b3663b2d93c..3fba4af93d1 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -8,3 +8,5 @@ tracing-histogram-fix-a-potential-memory-leak-for-kstrdup.patch
 tracing-don-t-inc-err_log-entry-count-if-entry-allocation-fails.patch
 fsnotify-fix-fsnotify-hooks-in-pseudo-filesystems.patch
 drm-etnaviv-relax-submit-size-limits.patch
+arm64-errata-fix-exec-handling-in-erratum-1418040-workaround.patch
+netfilter-nft_payload-do-not-update-layer-4-checksum-when-mangling-fragments.patch