From: Sasha Levin Date: Fri, 12 May 2023 06:32:40 +0000 (-0400) Subject: Fixes for 4.14 X-Git-Tag: v4.14.315~102 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dbc660c2d28fda354daba7a0806fc6796b115b95;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.14 Signed-off-by: Sasha Levin --- diff --git a/queue-4.14/af_packet-don-t-send-zero-byte-data-in-packet_sendms.patch b/queue-4.14/af_packet-don-t-send-zero-byte-data-in-packet_sendms.patch new file mode 100644 index 00000000000..5072c70084d --- /dev/null +++ b/queue-4.14/af_packet-don-t-send-zero-byte-data-in-packet_sendms.patch @@ -0,0 +1,111 @@ +From 4c5ef3791ca43581f2853e54b17ab5c21be72a1c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 1 May 2023 13:28:57 -0700 +Subject: af_packet: Don't send zero-byte data in packet_sendmsg_spkt(). + +From: Kuniyuki Iwashima + +[ Upstream commit 6a341729fb31b4c5df9f74f24b4b1c98410c9b87 ] + +syzkaller reported a warning below [0]. + +We can reproduce it by sending 0-byte data from the (AF_PACKET, +SOCK_PACKET) socket via some devices whose dev->hard_header_len +is 0. + + struct sockaddr_pkt addr = { + .spkt_family = AF_PACKET, + .spkt_device = "tun0", + }; + int fd; + + fd = socket(AF_PACKET, SOCK_PACKET, 0); + sendto(fd, NULL, 0, 0, (struct sockaddr *)&addr, sizeof(addr)); + +We have a similar fix for the (AF_PACKET, SOCK_RAW) socket as +commit dc633700f00f ("net/af_packet: check len when min_header_len +equals to 0"). + +Let's add the same test for the SOCK_PACKET socket. + +[0]: +skb_assert_len +WARNING: CPU: 1 PID: 19945 at include/linux/skbuff.h:2552 skb_assert_len include/linux/skbuff.h:2552 [inline] +WARNING: CPU: 1 PID: 19945 at include/linux/skbuff.h:2552 __dev_queue_xmit+0x1f26/0x31d0 net/core/dev.c:4159 +Modules linked in: +CPU: 1 PID: 19945 Comm: syz-executor.0 Not tainted 6.3.0-rc7-02330-gca6270c12e20 #1 +Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 +RIP: 0010:skb_assert_len include/linux/skbuff.h:2552 [inline] +RIP: 0010:__dev_queue_xmit+0x1f26/0x31d0 net/core/dev.c:4159 +Code: 89 de e8 1d a2 85 fd 84 db 75 21 e8 64 a9 85 fd 48 c7 c6 80 2a 1f 86 48 c7 c7 c0 06 1f 86 c6 05 23 cf 27 04 01 e8 fa ee 56 fd <0f> 0b e8 43 a9 85 fd 0f b6 1d 0f cf 27 04 31 ff 89 de e8 e3 a1 85 +RSP: 0018:ffff8880217af6e0 EFLAGS: 00010282 +RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc90001133000 +RDX: 0000000000040000 RSI: ffffffff81186922 RDI: 0000000000000001 +RBP: ffff8880217af8b0 R08: 0000000000000001 R09: 0000000000000000 +R10: 0000000000000001 R11: 0000000000000001 R12: ffff888030045640 +R13: ffff8880300456b0 R14: ffff888030045650 R15: ffff888030045718 +FS: 00007fc5864da640(0000) GS:ffff88806cd00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 0000000020005740 CR3: 000000003f856003 CR4: 0000000000770ee0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +PKRU: 55555554 +Call Trace: + + dev_queue_xmit include/linux/netdevice.h:3085 [inline] + packet_sendmsg_spkt+0xc4b/0x1230 net/packet/af_packet.c:2066 + sock_sendmsg_nosec net/socket.c:724 [inline] + sock_sendmsg+0x1b4/0x200 net/socket.c:747 + ____sys_sendmsg+0x331/0x970 net/socket.c:2503 + ___sys_sendmsg+0x11d/0x1c0 net/socket.c:2557 + __sys_sendmmsg+0x18c/0x430 net/socket.c:2643 + __do_sys_sendmmsg net/socket.c:2672 [inline] + __se_sys_sendmmsg net/socket.c:2669 [inline] + __x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2669 + do_syscall_x64 arch/x86/entry/common.c:50 [inline] + do_syscall_64+0x3c/0x90 arch/x86/entry/common.c:80 + entry_SYSCALL_64_after_hwframe+0x72/0xdc +RIP: 0033:0x7fc58791de5d +Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48 +RSP: 002b:00007fc5864d9cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 +RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007fc58791de5d +RDX: 0000000000000001 RSI: 0000000020005740 RDI: 0000000000000004 +RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000 +R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 +R13: 000000000000000b R14: 00007fc58797e530 R15: 0000000000000000 + +---[ end trace 0000000000000000 ]--- +skb len=0 headroom=16 headlen=0 tailroom=304 +mac=(16,0) net=(16,-1) trans=-1 +shinfo(txflags=0 nr_frags=0 gso(size=0 type=0 segs=0)) +csum(0x0 ip_summed=0 complete_sw=0 valid=0 level=0) +hash(0x0 sw=0 l4=0) proto=0x0000 pkttype=0 iif=0 +dev name=sit0 feat=0x00000006401d7869 +sk family=17 type=10 proto=0 + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Reported-by: syzbot +Signed-off-by: Kuniyuki Iwashima +Reviewed-by: Willem de Bruijn +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/packet/af_packet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index 8b44ad304a656..2089da69da103 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -1995,7 +1995,7 @@ static int packet_sendmsg_spkt(struct socket *sock, struct msghdr *msg, + goto retry; + } + +- if (!dev_validate_header(dev, skb->data, len)) { ++ if (!dev_validate_header(dev, skb->data, len) || !skb->len) { + err = -EINVAL; + goto out_unlock; + } +-- +2.39.2 + diff --git a/queue-4.14/alsa-caiaq-input-add-error-handling-for-unsupported-.patch b/queue-4.14/alsa-caiaq-input-add-error-handling-for-unsupported-.patch new file mode 100644 index 00000000000..be53c957c53 --- /dev/null +++ b/queue-4.14/alsa-caiaq-input-add-error-handling-for-unsupported-.patch @@ -0,0 +1,44 @@ +From 8e428469b86616990d97a62025302c2dbc0e9257 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 4 May 2023 14:50:53 +0800 +Subject: ALSA: caiaq: input: Add error handling for unsupported input methods + in `snd_usb_caiaq_input_init` + +From: Ruliang Lin + +[ Upstream commit 0d727e1856ef22dd9337199430258cb64cbbc658 ] + +Smatch complains that: +snd_usb_caiaq_input_init() warn: missing error code 'ret' + +This patch adds a new case to handle the situation where the +device does not support any input methods in the +`snd_usb_caiaq_input_init` function. It returns an `-EINVAL` error code +to indicate that no input methods are supported on the device. + +Fixes: 523f1dce3743 ("[ALSA] Add Native Instrument usb audio device support") +Signed-off-by: Ruliang Lin +Reviewed-by: Dongliang Mu +Acked-by: Daniel Mack +Link: https://lore.kernel.org/r/20230504065054.3309-1-u202112092@hust.edu.cn +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +--- + sound/usb/caiaq/input.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sound/usb/caiaq/input.c b/sound/usb/caiaq/input.c +index 4b3fb91deecdf..0898d2dd14e40 100644 +--- a/sound/usb/caiaq/input.c ++++ b/sound/usb/caiaq/input.c +@@ -808,6 +808,7 @@ int snd_usb_caiaq_input_init(struct snd_usb_caiaqdev *cdev) + + default: + /* no input methods supported on this device */ ++ ret = -EINVAL; + goto exit_free_idev; + } + +-- +2.39.2 + diff --git a/queue-4.14/net-sched-act_mirred-add-carrier-check.patch b/queue-4.14/net-sched-act_mirred-add-carrier-check.patch new file mode 100644 index 00000000000..2ea0c4c8a96 --- /dev/null +++ b/queue-4.14/net-sched-act_mirred-add-carrier-check.patch @@ -0,0 +1,49 @@ +From 1d4cde8a39076d95fb5375e4f1de724e731bf716 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 26 Apr 2023 15:19:40 +0000 +Subject: net/sched: act_mirred: Add carrier check + +From: Victor Nogueira + +[ Upstream commit 526f28bd0fbdc699cda31426928802650c1528e5 ] + +There are cases where the device is adminstratively UP, but operationally +down. For example, we have a physical device (Nvidia ConnectX-6 Dx, 25Gbps) +who's cable was pulled out, here is its ip link output: + +5: ens2f1: mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000 + link/ether b8:ce:f6:4b:68:35 brd ff:ff:ff:ff:ff:ff + altname enp179s0f1np1 + +As you can see, it's administratively UP but operationally down. +In this case, sending a packet to this port caused a nasty kernel hang (so +nasty that we were unable to capture it). Aborting a transmit based on +operational status (in addition to administrative status) fixes the issue. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Acked-by: Jamal Hadi Salim +Signed-off-by: Victor Nogueira +v1->v2: Add fixes tag +v2->v3: Remove blank line between tags + add change log, suggested by Leon +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/sched/act_mirred.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c +index dcfaa4f9c7c5b..0a032c4d26b86 100644 +--- a/net/sched/act_mirred.c ++++ b/net/sched/act_mirred.c +@@ -181,7 +181,7 @@ static int tcf_mirred(struct sk_buff *skb, const struct tc_action *a, + goto out; + } + +- if (unlikely(!(dev->flags & IFF_UP))) { ++ if (unlikely(!(dev->flags & IFF_UP)) || !netif_carrier_ok(dev)) { + net_notice_ratelimited("tc mirred to Houston: device %s is down\n", + dev->name); + goto out; +-- +2.39.2 + diff --git a/queue-4.14/perf-map-delete-two-variable-initialisations-before-.patch b/queue-4.14/perf-map-delete-two-variable-initialisations-before-.patch new file mode 100644 index 00000000000..915b000b324 --- /dev/null +++ b/queue-4.14/perf-map-delete-two-variable-initialisations-before-.patch @@ -0,0 +1,60 @@ +From cd584e0ac59fae5d58a2c061fa85e04850a0e913 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 13 Apr 2023 14:46:39 +0200 +Subject: perf map: Delete two variable initialisations before null pointer + checks in sort__sym_from_cmp() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Markus Elfring + +[ Upstream commit c160118a90d4acf335993d8d59b02ae2147a524e ] + +Addresses of two data structure members were determined before +corresponding null pointer checks in the implementation of the function +“sort__sym_from_cmp”. + +Thus avoid the risk for undefined behaviour by removing extra +initialisations for the local variables “from_l” and “from_r” (also +because they were already reassigned with the same value behind this +pointer check). + +This issue was detected by using the Coccinelle software. + +Fixes: 1b9e97a2a95e4941 ("perf tools: Fix report -F symbol_from for data without branch info") +Signed-off-by: +Acked-by: Ian Rogers +Cc: Adrian Hunter +Cc: Alexander Shishkin +Cc: Andi Kleen +Cc: German Gomez +Cc: Ingo Molnar +Cc: Jiri Olsa +Cc: Kan Liang +Cc: Mark Rutland +Cc: Namhyung Kim +Link: https://lore.kernel.org/cocci/54a21fea-64e3-de67-82ef-d61b90ffad05@web.de/ +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/sort.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/tools/perf/util/sort.c b/tools/perf/util/sort.c +index cd870129131e1..4fe2f3f92ab11 100644 +--- a/tools/perf/util/sort.c ++++ b/tools/perf/util/sort.c +@@ -753,8 +753,7 @@ static int hist_entry__dso_to_filter(struct hist_entry *he, int type, + static int64_t + sort__sym_from_cmp(struct hist_entry *left, struct hist_entry *right) + { +- struct addr_map_symbol *from_l = &left->branch_info->from; +- struct addr_map_symbol *from_r = &right->branch_info->from; ++ struct addr_map_symbol *from_l, *from_r; + + if (!left->branch_info || !right->branch_info) + return cmp_null(left->branch_info, right->branch_info); +-- +2.39.2 + diff --git a/queue-4.14/perf-symbols-fix-return-incorrect-build_id-size-in-e.patch b/queue-4.14/perf-symbols-fix-return-incorrect-build_id-size-in-e.patch new file mode 100644 index 00000000000..d3e3cbc1c91 --- /dev/null +++ b/queue-4.14/perf-symbols-fix-return-incorrect-build_id-size-in-e.patch @@ -0,0 +1,52 @@ +From 442daf95e0651a5f6d02885811a87924acc32804 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 27 Apr 2023 01:28:41 +0000 +Subject: perf symbols: Fix return incorrect build_id size in + elf_read_build_id() + +From: Yang Jihong + +[ Upstream commit 1511e4696acb715a4fe48be89e1e691daec91c0e ] + +In elf_read_build_id(), if gnu build_id is found, should return the size of +the actually copied data. If descsz is greater thanBuild_ID_SIZE, +write_buildid data access may occur. + +Fixes: be96ea8ffa788dcc ("perf symbols: Fix issue with binaries using 16-bytes buildids (v2)") +Reported-by: Will Ochowicz +Signed-off-by: Yang Jihong +Tested-by: Will Ochowicz +Acked-by: Adrian Hunter +Cc: Alexander Shishkin +Cc: Ian Rogers +Cc: Ingo Molnar +Cc: Jiri Olsa +Cc: Leo Yan +Cc: Mark Rutland +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Stephane Eranian +Link: https://lore.kernel.org/lkml/CWLP265MB49702F7BA3D6D8F13E4B1A719C649@CWLP265MB4970.GBRP265.PROD.OUTLOOK.COM/T/ +Link: https://lore.kernel.org/r/20230427012841.231729-1-yangjihong1@huawei.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/symbol-elf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c +index 866a61d662510..1071a276f4fdb 100644 +--- a/tools/perf/util/symbol-elf.c ++++ b/tools/perf/util/symbol-elf.c +@@ -504,7 +504,7 @@ static int elf_read_build_id(Elf *elf, void *bf, size_t size) + size_t sz = min(size, descsz); + memcpy(bf, ptr, sz); + memset(bf + sz, 0, size - sz); +- err = descsz; ++ err = sz; + break; + } + } +-- +2.39.2 + diff --git a/queue-4.14/perf-vendor-events-power9-remove-utf-8-characters-fr.patch b/queue-4.14/perf-vendor-events-power9-remove-utf-8-characters-fr.patch new file mode 100644 index 00000000000..930cf08882e --- /dev/null +++ b/queue-4.14/perf-vendor-events-power9-remove-utf-8-characters-fr.patch @@ -0,0 +1,108 @@ +From ee4716294ab4ee42342b2aecac2495e67c4e7ddd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 28 Mar 2023 16:59:08 +0530 +Subject: perf vendor events power9: Remove UTF-8 characters from JSON files + +From: Kajol Jain + +[ Upstream commit 5d9df8731c0941f3add30f96745a62586a0c9d52 ] + +Commit 3c22ba5243040c13 ("perf vendor events powerpc: Update POWER9 +events") added and updated power9 PMU JSON events. However some of the +JSON events which are part of other.json and pipeline.json files, +contains UTF-8 characters in their brief description. Having UTF-8 +character could breaks the perf build on some distros. + +Fix this issue by removing the UTF-8 characters from other.json and +pipeline.json files. + +Result without the fix: + + [command]# file -i pmu-events/arch/powerpc/power9/* + pmu-events/arch/powerpc/power9/cache.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/floating-point.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/frontend.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/marked.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/memory.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/metrics.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/nest_metrics.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/other.json: application/json; charset=utf-8 + pmu-events/arch/powerpc/power9/pipeline.json: application/json; charset=utf-8 + pmu-events/arch/powerpc/power9/pmc.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/translation.json: application/json; charset=us-ascii + [command]# + +Result with the fix: + + [command]# file -i pmu-events/arch/powerpc/power9/* + pmu-events/arch/powerpc/power9/cache.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/floating-point.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/frontend.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/marked.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/memory.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/metrics.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/nest_metrics.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/other.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/pipeline.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/pmc.json: application/json; charset=us-ascii + pmu-events/arch/powerpc/power9/translation.json: application/json; charset=us-ascii + [command]# + +Fixes: 3c22ba5243040c13 ("perf vendor events powerpc: Update POWER9 events") +Reported-by: Arnaldo Carvalho de Melo +Signed-off-by: Kajol Jain +Acked-by: Ian Rogers +Tested-by: Arnaldo Carvalho de Melo +Cc: Athira Rajeev +Cc: Disha Goel +Cc: Jiri Olsa +Cc: Madhavan Srinivasan +Cc: Sukadev Bhattiprolu +Cc: linuxppc-dev@lists.ozlabs.org +Link: https://lore.kernel.org/lkml/ZBxP77deq7ikTxwG@kernel.org/ +Link: https://lore.kernel.org/r/20230328112908.113158-1-kjain@linux.ibm.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/pmu-events/arch/powerpc/power9/other.json | 4 ++-- + tools/perf/pmu-events/arch/powerpc/power9/pipeline.json | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tools/perf/pmu-events/arch/powerpc/power9/other.json b/tools/perf/pmu-events/arch/powerpc/power9/other.json +index 54cc3be00fc2d..0048c27d75f35 100644 +--- a/tools/perf/pmu-events/arch/powerpc/power9/other.json ++++ b/tools/perf/pmu-events/arch/powerpc/power9/other.json +@@ -1452,7 +1452,7 @@ + {, + "EventCode": "0x45054", + "EventName": "PM_FMA_CMPL", +- "BriefDescription": "two flops operation completed (fmadd, fnmadd, fmsub, fnmsub) Scalar instructions only. " ++ "BriefDescription": "two flops operation completed (fmadd, fnmadd, fmsub, fnmsub) Scalar instructions only." + }, + {, + "EventCode": "0x5090", +@@ -2067,7 +2067,7 @@ + {, + "EventCode": "0xC0BC", + "EventName": "PM_LSU_FLUSH_OTHER", +- "BriefDescription": "Other LSU flushes including: Sync (sync ack from L2 caused search of LRQ for oldest snooped load, This will either signal a Precise Flush of the oldest snooped loa or a Flush Next PPC); Data Valid Flush Next (several cases of this, one example is store and reload are lined up such that a store-hit-reload scenario exists and the CDF has already launched and has gotten bad/stale data); Bad Data Valid Flush Next (might be a few cases of this, one example is a larxa (D$ hit) return data and dval but can't allocate to LMQ (LMQ full or other reason). Already gave dval but can't watch it for snoop_hit_larx. Need to take the “bad dval” back and flush all younger ops)" ++ "BriefDescription": "Other LSU flushes including: Sync (sync ack from L2 caused search of LRQ for oldest snooped load, This will either signal a Precise Flush of the oldest snooped loa or a Flush Next PPC); Data Valid Flush Next (several cases of this, one example is store and reload are lined up such that a store-hit-reload scenario exists and the CDF has already launched and has gotten bad/stale data); Bad Data Valid Flush Next (might be a few cases of this, one example is a larxa (D$ hit) return data and dval but can't allocate to LMQ (LMQ full or other reason). Already gave dval but can't watch it for snoop_hit_larx. Need to take the 'bad dval' back and flush all younger ops)" + }, + {, + "EventCode": "0x5094", +diff --git a/tools/perf/pmu-events/arch/powerpc/power9/pipeline.json b/tools/perf/pmu-events/arch/powerpc/power9/pipeline.json +index bc2db636dabf1..876292f69e1f6 100644 +--- a/tools/perf/pmu-events/arch/powerpc/power9/pipeline.json ++++ b/tools/perf/pmu-events/arch/powerpc/power9/pipeline.json +@@ -462,7 +462,7 @@ + {, + "EventCode": "0x4D052", + "EventName": "PM_2FLOP_CMPL", +- "BriefDescription": "DP vector version of fmul, fsub, fcmp, fsel, fabs, fnabs, fres ,fsqrte, fneg " ++ "BriefDescription": "DP vector version of fmul, fsub, fcmp, fsel, fabs, fnabs, fres ,fsqrte, fneg" + }, + {, + "EventCode": "0x1F142", +-- +2.39.2 + diff --git a/queue-4.14/series b/queue-4.14/series index e189c22a43c..a40307871e0 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -86,3 +86,11 @@ netfilter-nft_hash-fix-nft_hash_deactivate.patch netfilter-nf_tables-use-after-free-in-failing-rule-w.patch netfilter-nf_tables-bogus-ebusy-when-deleting-set-af.patch netfilter-nf_tables-deactivate-anonymous-set-from-pr.patch +sit-update-dev-needed_headroom-in-ipip6_tunnel_bind_.patch +writeback-fix-call-of-incorrect-macro.patch +net-sched-act_mirred-add-carrier-check.patch +af_packet-don-t-send-zero-byte-data-in-packet_sendms.patch +alsa-caiaq-input-add-error-handling-for-unsupported-.patch +perf-vendor-events-power9-remove-utf-8-characters-fr.patch +perf-map-delete-two-variable-initialisations-before-.patch +perf-symbols-fix-return-incorrect-build_id-size-in-e.patch diff --git a/queue-4.14/sit-update-dev-needed_headroom-in-ipip6_tunnel_bind_.patch b/queue-4.14/sit-update-dev-needed_headroom-in-ipip6_tunnel_bind_.patch new file mode 100644 index 00000000000..6b7e50d4452 --- /dev/null +++ b/queue-4.14/sit-update-dev-needed_headroom-in-ipip6_tunnel_bind_.patch @@ -0,0 +1,69 @@ +From fa5777d371ad64ae42805138b3a055d0bcfd0e09 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 26 Apr 2023 23:00:06 -0700 +Subject: sit: update dev->needed_headroom in ipip6_tunnel_bind_dev() + +From: Cong Wang + +[ Upstream commit c88f8d5cd95fd039cff95d682b8e71100c001df0 ] + +When a tunnel device is bound with the underlying device, its +dev->needed_headroom needs to be updated properly. IPv4 tunnels +already do the same in ip_tunnel_bind_dev(). Otherwise we may +not have enough header room for skb, especially after commit +b17f709a2401 ("gue: TX support for using remote checksum offload option"). + +Fixes: 32b8a8e59c9c ("sit: add IPv4 over IPv4 support") +Reported-by: Palash Oswal +Link: https://lore.kernel.org/netdev/CAGyP=7fDcSPKu6nttbGwt7RXzE3uyYxLjCSE97J64pRxJP8jPA@mail.gmail.com/ +Cc: Kuniyuki Iwashima +Cc: Eric Dumazet +Signed-off-by: Cong Wang +Reviewed-by: Eric Dumazet +Reviewed-by: Kuniyuki Iwashima +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/ipv6/sit.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c +index e5baf5e4782b0..f24a6cd0d15a3 100644 +--- a/net/ipv6/sit.c ++++ b/net/ipv6/sit.c +@@ -1039,12 +1039,13 @@ static netdev_tx_t sit_tunnel_xmit(struct sk_buff *skb, + + static void ipip6_tunnel_bind_dev(struct net_device *dev) + { ++ struct ip_tunnel *tunnel = netdev_priv(dev); ++ int t_hlen = tunnel->hlen + sizeof(struct iphdr); + struct net_device *tdev = NULL; +- struct ip_tunnel *tunnel; ++ int hlen = LL_MAX_HEADER; + const struct iphdr *iph; + struct flowi4 fl4; + +- tunnel = netdev_priv(dev); + iph = &tunnel->parms.iph; + + if (iph->daddr) { +@@ -1067,14 +1068,15 @@ static void ipip6_tunnel_bind_dev(struct net_device *dev) + tdev = __dev_get_by_index(tunnel->net, tunnel->parms.link); + + if (tdev && !netif_is_l3_master(tdev)) { +- int t_hlen = tunnel->hlen + sizeof(struct iphdr); + int mtu; + + mtu = tdev->mtu - t_hlen; + if (mtu < IPV6_MIN_MTU) + mtu = IPV6_MIN_MTU; + WRITE_ONCE(dev->mtu, mtu); ++ hlen = tdev->hard_header_len + tdev->needed_headroom; + } ++ dev->needed_headroom = t_hlen + hlen; + } + + static void ipip6_tunnel_update(struct ip_tunnel *t, struct ip_tunnel_parm *p, +-- +2.39.2 + diff --git a/queue-4.14/writeback-fix-call-of-incorrect-macro.patch b/queue-4.14/writeback-fix-call-of-incorrect-macro.patch new file mode 100644 index 00000000000..cf78572bfc8 --- /dev/null +++ b/queue-4.14/writeback-fix-call-of-incorrect-macro.patch @@ -0,0 +1,41 @@ +From 01d00358d118457b896e5fa3322367ec134ff883 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 19 Jan 2023 13:44:43 +0300 +Subject: writeback: fix call of incorrect macro + +From: Maxim Korotkov + +[ Upstream commit 3e46c89c74f2c38e5337d2cf44b0b551adff1cb4 ] + + the variable 'history' is of type u16, it may be an error + that the hweight32 macro was used for it + I guess macro hweight16 should be used + +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +Fixes: 2a81490811d0 ("writeback: implement foreign cgroup inode detection") +Signed-off-by: Maxim Korotkov +Reviewed-by: Jan Kara +Link: https://lore.kernel.org/r/20230119104443.3002-1-korotkov.maxim.s@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + fs/fs-writeback.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c +index be6096f195c5a..05e2fbe892199 100644 +--- a/fs/fs-writeback.c ++++ b/fs/fs-writeback.c +@@ -702,7 +702,7 @@ void wbc_detach_inode(struct writeback_control *wbc) + * is okay. The main goal is avoiding keeping an inode on + * the wrong wb for an extended period of time. + */ +- if (hweight32(history) > WB_FRN_HIST_THR_SLOTS) ++ if (hweight16(history) > WB_FRN_HIST_THR_SLOTS) + inode_switch_wbs(inode, max_id); + } + +-- +2.39.2 +