From 13a26d344c0fdfc9b71d0b9f62cb5309d4b5543b Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 22 Apr 2025 14:50:08 +0200 Subject: [PATCH] 5.4-stable patches added patches: rdma-srpt-support-specifying-the-srpt_service_guid-parameter.patch virtio-net-add-validation-for-used-length.patch --- ...ying-the-srpt_service_guid-parameter.patch | 60 +++++++++++++++ queue-5.4/series | 2 + ...o-net-add-validation-for-used-length.patch | 77 +++++++++++++++++++ 3 files changed, 139 insertions(+) create mode 100644 queue-5.4/rdma-srpt-support-specifying-the-srpt_service_guid-parameter.patch create mode 100644 queue-5.4/virtio-net-add-validation-for-used-length.patch diff --git a/queue-5.4/rdma-srpt-support-specifying-the-srpt_service_guid-parameter.patch b/queue-5.4/rdma-srpt-support-specifying-the-srpt_service_guid-parameter.patch new file mode 100644 index 0000000000..a484702e1d --- /dev/null +++ b/queue-5.4/rdma-srpt-support-specifying-the-srpt_service_guid-parameter.patch @@ -0,0 +1,60 @@ +From fdfa083549de5d50ebf7f6811f33757781e838c0 Mon Sep 17 00:00:00 2001 +From: Bart Van Assche +Date: Sun, 4 Feb 2024 16:42:07 -0800 +Subject: RDMA/srpt: Support specifying the srpt_service_guid parameter + +From: Bart Van Assche + +commit fdfa083549de5d50ebf7f6811f33757781e838c0 upstream. + +Make loading ib_srpt with this parameter set work. The current behavior is +that setting that parameter while loading the ib_srpt kernel module +triggers the following kernel crash: + +BUG: kernel NULL pointer dereference, address: 0000000000000000 +Call Trace: + + parse_one+0x18c/0x1d0 + parse_args+0xe1/0x230 + load_module+0x8de/0xa60 + init_module_from_file+0x8b/0xd0 + idempotent_init_module+0x181/0x240 + __x64_sys_finit_module+0x5a/0xb0 + do_syscall_64+0x5f/0xe0 + entry_SYSCALL_64_after_hwframe+0x6e/0x76 + +Cc: LiHonggang +Reported-by: LiHonggang +Fixes: a42d985bd5b2 ("ib_srpt: Initial SRP Target merge for v3.3-rc1") +Signed-off-by: Bart Van Assche +Link: https://lore.kernel.org/r/20240205004207.17031-1-bvanassche@acm.org +Signed-off-by: Leon Romanovsky +[ Alok: Backport to 5.4.y since the commit has already been backported to + 5.15y, 5.10.y, and 4.19.y ] +Signed-off-by: Alok Tiwari +Signed-off-by: Greg Kroah-Hartman +--- + drivers/infiniband/ulp/srpt/ib_srpt.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/drivers/infiniband/ulp/srpt/ib_srpt.c ++++ b/drivers/infiniband/ulp/srpt/ib_srpt.c +@@ -79,12 +79,16 @@ module_param(srpt_srq_size, int, 0444); + MODULE_PARM_DESC(srpt_srq_size, + "Shared receive queue (SRQ) size."); + ++static int srpt_set_u64_x(const char *buffer, const struct kernel_param *kp) ++{ ++ return kstrtou64(buffer, 16, (u64 *)kp->arg); ++} + static int srpt_get_u64_x(char *buffer, const struct kernel_param *kp) + { + return sprintf(buffer, "0x%016llx", *(u64 *)kp->arg); + } +-module_param_call(srpt_service_guid, NULL, srpt_get_u64_x, &srpt_service_guid, +- 0444); ++module_param_call(srpt_service_guid, srpt_set_u64_x, srpt_get_u64_x, ++ &srpt_service_guid, 0444); + MODULE_PARM_DESC(srpt_service_guid, + "Using this value for ioc_guid, id_ext, and cm_listen_id instead of using the node_guid of the first HCA."); + diff --git a/queue-5.4/series b/queue-5.4/series index e541a42e7e..d64f743157 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -119,3 +119,5 @@ nvmet-fc-remove-unused-functions.patch mmc-cqhci-fix-checking-of-cqhci_halt-state.patch net-openvswitch-fix-race-on-port-output.patch openvswitch-fix-lockup-on-tx-to-unregistering-netdev-with-carrier.patch +rdma-srpt-support-specifying-the-srpt_service_guid-parameter.patch +virtio-net-add-validation-for-used-length.patch diff --git a/queue-5.4/virtio-net-add-validation-for-used-length.patch b/queue-5.4/virtio-net-add-validation-for-used-length.patch new file mode 100644 index 0000000000..57a325526f --- /dev/null +++ b/queue-5.4/virtio-net-add-validation-for-used-length.patch @@ -0,0 +1,77 @@ +From ad993a95c508417acdeb15244109e009e50d8758 Mon Sep 17 00:00:00 2001 +From: Xie Yongji +Date: Mon, 31 May 2021 21:58:52 +0800 +Subject: virtio-net: Add validation for used length + +From: Xie Yongji + +commit ad993a95c508417acdeb15244109e009e50d8758 upstream. + +This adds validation for used length (might come +from an untrusted device) to avoid data corruption +or loss. + +Signed-off-by: Xie Yongji +Acked-by: Jason Wang +Link: https://lore.kernel.org/r/20210531135852.113-1-xieyongji@bytedance.com +Signed-off-by: Jakub Kicinski +[ Larry: backport to 5.4.y. Minor conflict resolved due to missing commit 9ce6146ec7b50 + virtio_net: Add XDP frame size in two code paths ] +Signed-off-by: Larry Bassel +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/virtio_net.c | 22 ++++++++++++++-------- + 1 file changed, 14 insertions(+), 8 deletions(-) + +--- a/drivers/net/virtio_net.c ++++ b/drivers/net/virtio_net.c +@@ -717,6 +717,12 @@ static struct sk_buff *receive_small(str + len -= vi->hdr_len; + stats->bytes += len; + ++ if (unlikely(len > GOOD_PACKET_LEN)) { ++ pr_debug("%s: rx error: len %u exceeds max size %d\n", ++ dev->name, len, GOOD_PACKET_LEN); ++ dev->stats.rx_length_errors++; ++ goto err_len; ++ } + rcu_read_lock(); + xdp_prog = rcu_dereference(rq->xdp_prog); + if (xdp_prog) { +@@ -819,6 +825,7 @@ err: + err_xdp: + rcu_read_unlock(); + stats->xdp_drops++; ++err_len: + stats->drops++; + put_page(page); + xdp_xmit: +@@ -871,6 +878,13 @@ static struct sk_buff *receive_mergeable + head_skb = NULL; + stats->bytes += len - vi->hdr_len; + ++ truesize = mergeable_ctx_to_truesize(ctx); ++ if (unlikely(len > truesize)) { ++ pr_debug("%s: rx error: len %u exceeds truesize %lu\n", ++ dev->name, len, (unsigned long)ctx); ++ dev->stats.rx_length_errors++; ++ goto err_skb; ++ } + rcu_read_lock(); + xdp_prog = rcu_dereference(rq->xdp_prog); + if (xdp_prog) { +@@ -990,14 +1004,6 @@ static struct sk_buff *receive_mergeable + } + rcu_read_unlock(); + +- truesize = mergeable_ctx_to_truesize(ctx); +- if (unlikely(len > truesize)) { +- pr_debug("%s: rx error: len %u exceeds truesize %lu\n", +- dev->name, len, (unsigned long)ctx); +- dev->stats.rx_length_errors++; +- goto err_skb; +- } +- + head_skb = page_to_skb(vi, rq, page, offset, len, truesize, !xdp_prog, + metasize); + curr_skb = head_skb; -- 2.47.3