From 465fecf88fadaeadc6041403f7fd7fe5fda4f4a1 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 29 Sep 2025 13:46:45 +0200 Subject: [PATCH] 6.6-stable patches added patches: arm-dts-socfpga-sodia-fix-mdio-bus-probe-and-phy-address.patch crypto-af_alg-fix-incorrect-boolean-values-in-af_alg_ctx.patch hid-asus-add-support-for-missing-px-series-fn-keys.patch i40e-add-mask-to-apply-valid-bits-for-itr_idx.patch i40e-add-max-boundary-check-for-vf-filters.patch i40e-fix-idx-validation-in-config-queues-msg.patch i40e-fix-idx-validation-in-i40e_validate_queue_map.patch i40e-fix-input-validation-logic-for-action_meta.patch i40e-fix-validation-of-vf-state-in-get-resources.patch i40e-improve-vf-mac-filters-accounting.patch tracing-dynevent-add-a-missing-lockdown-check-on-dynevent.patch --- ...a-fix-mdio-bus-probe-and-phy-address.patch | 43 ++++ ...correct-boolean-values-in-af_alg_ctx.patch | 43 ++++ ...upport-for-missing-px-series-fn-keys.patch | 32 +++ ...mask-to-apply-valid-bits-for-itr_idx.patch | 41 ++++ ...dd-max-boundary-check-for-vf-filters.patch | 50 +++++ ...-idx-validation-in-config-queues-msg.patch | 45 +++++ ...alidation-in-i40e_validate_queue_map.patch | 40 ++++ ...put-validation-logic-for-action_meta.patch | 35 ++++ ...idation-of-vf-state-in-get-resources.patch | 72 +++++++ ...0e-improve-vf-mac-filters-accounting.patch | 183 ++++++++++++++++++ queue-6.6/series | 11 ++ ...a-missing-lockdown-check-on-dynevent.patch | 36 ++++ 12 files changed, 631 insertions(+) create mode 100644 queue-6.6/arm-dts-socfpga-sodia-fix-mdio-bus-probe-and-phy-address.patch create mode 100644 queue-6.6/crypto-af_alg-fix-incorrect-boolean-values-in-af_alg_ctx.patch create mode 100644 queue-6.6/hid-asus-add-support-for-missing-px-series-fn-keys.patch create mode 100644 queue-6.6/i40e-add-mask-to-apply-valid-bits-for-itr_idx.patch create mode 100644 queue-6.6/i40e-add-max-boundary-check-for-vf-filters.patch create mode 100644 queue-6.6/i40e-fix-idx-validation-in-config-queues-msg.patch create mode 100644 queue-6.6/i40e-fix-idx-validation-in-i40e_validate_queue_map.patch create mode 100644 queue-6.6/i40e-fix-input-validation-logic-for-action_meta.patch create mode 100644 queue-6.6/i40e-fix-validation-of-vf-state-in-get-resources.patch create mode 100644 queue-6.6/i40e-improve-vf-mac-filters-accounting.patch create mode 100644 queue-6.6/tracing-dynevent-add-a-missing-lockdown-check-on-dynevent.patch diff --git a/queue-6.6/arm-dts-socfpga-sodia-fix-mdio-bus-probe-and-phy-address.patch b/queue-6.6/arm-dts-socfpga-sodia-fix-mdio-bus-probe-and-phy-address.patch new file mode 100644 index 0000000000..0137e7ce51 --- /dev/null +++ b/queue-6.6/arm-dts-socfpga-sodia-fix-mdio-bus-probe-and-phy-address.patch @@ -0,0 +1,43 @@ +From ea9da67e2add7bd5f1e4b38dc2404480e711f4d8 Mon Sep 17 00:00:00 2001 +From: Nobuhiro Iwamatsu +Date: Thu, 21 Nov 2024 16:13:25 +0900 +Subject: ARM: dts: socfpga: sodia: Fix mdio bus probe and PHY address + +From: Nobuhiro Iwamatsu + +commit ea9da67e2add7bd5f1e4b38dc2404480e711f4d8 upstream. + +On SoCFPGA/Sodia board, mdio bus cannot be probed, so the PHY cannot be +found and the network device does not work. + +``` +stmmaceth ff702000.ethernet eth0: __stmmac_open: Cannot attach to PHY (error: -19) +``` + +To probe the mdio bus, add "snps,dwmac-mdio" as compatible string of the +mdio bus. Also the PHY address connected to this board is 4. Therefore, +change to 4. + +Cc: stable@vger.kernel.org # 6.3+ +Signed-off-by: Nobuhiro Iwamatsu +Signed-off-by: Dinh Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/boot/dts/intel/socfpga/socfpga_cyclone5_sodia.dts | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/arch/arm/boot/dts/intel/socfpga/socfpga_cyclone5_sodia.dts ++++ b/arch/arm/boot/dts/intel/socfpga/socfpga_cyclone5_sodia.dts +@@ -66,8 +66,10 @@ + mdio0 { + #address-cells = <1>; + #size-cells = <0>; +- phy0: ethernet-phy@0 { +- reg = <0>; ++ compatible = "snps,dwmac-mdio"; ++ ++ phy0: ethernet-phy@4 { ++ reg = <4>; + rxd0-skew-ps = <0>; + rxd1-skew-ps = <0>; + rxd2-skew-ps = <0>; diff --git a/queue-6.6/crypto-af_alg-fix-incorrect-boolean-values-in-af_alg_ctx.patch b/queue-6.6/crypto-af_alg-fix-incorrect-boolean-values-in-af_alg_ctx.patch new file mode 100644 index 0000000000..921225f4bd --- /dev/null +++ b/queue-6.6/crypto-af_alg-fix-incorrect-boolean-values-in-af_alg_ctx.patch @@ -0,0 +1,43 @@ +From d0ca0df179c4b21e2a6c4a4fb637aa8fa14575cb Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Wed, 24 Sep 2025 13:18:22 -0700 +Subject: crypto: af_alg - Fix incorrect boolean values in af_alg_ctx + +From: Eric Biggers + +commit d0ca0df179c4b21e2a6c4a4fb637aa8fa14575cb upstream. + +Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in +af_alg_sendmsg") changed some fields from bool to 1-bit bitfields of +type u32. + +However, some assignments to these fields, specifically 'more' and +'merge', assign values greater than 1. These relied on C's implicit +conversion to bool, such that zero becomes false and nonzero becomes +true. + +With a 1-bit bitfields of type u32 instead, mod 2 of the value is taken +instead, resulting in 0 being assigned in some cases when 1 was intended. + +Fix this by restoring the bool type. + +Fixes: 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg") +Cc: stable@vger.kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + include/crypto/if_alg.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/crypto/if_alg.h ++++ b/include/crypto/if_alg.h +@@ -150,7 +150,7 @@ struct af_alg_ctx { + size_t used; + atomic_t rcvused; + +- u32 more:1, ++ bool more:1, + merge:1, + enc:1, + write:1, diff --git a/queue-6.6/hid-asus-add-support-for-missing-px-series-fn-keys.patch b/queue-6.6/hid-asus-add-support-for-missing-px-series-fn-keys.patch new file mode 100644 index 0000000000..dd312e238d --- /dev/null +++ b/queue-6.6/hid-asus-add-support-for-missing-px-series-fn-keys.patch @@ -0,0 +1,32 @@ +From 831f70a5b93bd2d9e858ced2c12fab5766ede5e7 Mon Sep 17 00:00:00 2001 +From: Amit Chaudhari +Date: Tue, 19 Aug 2025 17:49:19 -0400 +Subject: HID: asus: add support for missing PX series fn keys + +From: Amit Chaudhari + +commit 831f70a5b93bd2d9e858ced2c12fab5766ede5e7 upstream. + +Add support for missing hotkey keycodes affecting Asus PX13 and PX16 families +so userspace can use them. + +Signed-off-by: Amit Chaudhari +Signed-off-by: Jiri Kosina +Signed-off-by: Greg Kroah-Hartman +--- + drivers/hid/hid-asus.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/hid/hid-asus.c ++++ b/drivers/hid/hid-asus.c +@@ -869,7 +869,10 @@ static int asus_input_mapping(struct hid + case 0xc4: asus_map_key_clear(KEY_KBDILLUMUP); break; + case 0xc5: asus_map_key_clear(KEY_KBDILLUMDOWN); break; + case 0xc7: asus_map_key_clear(KEY_KBDILLUMTOGGLE); break; ++ case 0x4e: asus_map_key_clear(KEY_FN_ESC); break; ++ case 0x7e: asus_map_key_clear(KEY_EMOJI_PICKER); break; + ++ case 0x8b: asus_map_key_clear(KEY_PROG1); break; /* ProArt Creator Hub key */ + case 0x6b: asus_map_key_clear(KEY_F21); break; /* ASUS touchpad toggle */ + case 0x38: asus_map_key_clear(KEY_PROG1); break; /* ROG key */ + case 0xba: asus_map_key_clear(KEY_PROG2); break; /* Fn+C ASUS Splendid */ diff --git a/queue-6.6/i40e-add-mask-to-apply-valid-bits-for-itr_idx.patch b/queue-6.6/i40e-add-mask-to-apply-valid-bits-for-itr_idx.patch new file mode 100644 index 0000000000..fad05c02a6 --- /dev/null +++ b/queue-6.6/i40e-add-mask-to-apply-valid-bits-for-itr_idx.patch @@ -0,0 +1,41 @@ +From eac04428abe9f9cb203ffae4600791ea1d24eb18 Mon Sep 17 00:00:00 2001 +From: Lukasz Czapnik +Date: Wed, 13 Aug 2025 12:45:17 +0200 +Subject: i40e: add mask to apply valid bits for itr_idx + +From: Lukasz Czapnik + +commit eac04428abe9f9cb203ffae4600791ea1d24eb18 upstream. + +The ITR index (itr_idx) is only 2 bits wide. When constructing the +register value for QINT_RQCTL, all fields are ORed together. Without +masking, higher bits from itr_idx may overwrite adjacent fields in the +register. + +Apply I40E_QINT_RQCTL_ITR_INDX_MASK to ensure only the intended bits are +set. + +Fixes: 5c3c48ac6bf5 ("i40e: implement virtual device interface") +Cc: stable@vger.kernel.org +Signed-off-by: Lukasz Czapnik +Reviewed-by: Aleksandr Loktionov +Signed-off-by: Przemek Kitszel +Reviewed-by: Simon Horman +Tested-by: Rafal Romanowski +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c +@@ -448,7 +448,7 @@ static void i40e_config_irq_link_list(st + (qtype << I40E_QINT_RQCTL_NEXTQ_TYPE_SHIFT) | + (pf_queue_id << I40E_QINT_RQCTL_NEXTQ_INDX_SHIFT) | + BIT(I40E_QINT_RQCTL_CAUSE_ENA_SHIFT) | +- (itr_idx << I40E_QINT_RQCTL_ITR_INDX_SHIFT); ++ FIELD_PREP(I40E_QINT_RQCTL_ITR_INDX_MASK, itr_idx); + wr32(hw, reg_idx, reg); + } + diff --git a/queue-6.6/i40e-add-max-boundary-check-for-vf-filters.patch b/queue-6.6/i40e-add-max-boundary-check-for-vf-filters.patch new file mode 100644 index 0000000000..464a6f7525 --- /dev/null +++ b/queue-6.6/i40e-add-max-boundary-check-for-vf-filters.patch @@ -0,0 +1,50 @@ +From cb79fa7118c150c3c76a327894bb2eb878c02619 Mon Sep 17 00:00:00 2001 +From: Lukasz Czapnik +Date: Wed, 13 Aug 2025 12:45:16 +0200 +Subject: i40e: add max boundary check for VF filters + +From: Lukasz Czapnik + +commit cb79fa7118c150c3c76a327894bb2eb878c02619 upstream. + +There is no check for max filters that VF can request. Add it. + +Fixes: e284fc280473 ("i40e: Add and delete cloud filter") +Cc: stable@vger.kernel.org +Signed-off-by: Lukasz Czapnik +Reviewed-by: Aleksandr Loktionov +Signed-off-by: Przemek Kitszel +Reviewed-by: Simon Horman +Tested-by: Rafal Romanowski +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c +@@ -3898,6 +3898,8 @@ err: + aq_ret); + } + ++#define I40E_MAX_VF_CLOUD_FILTER 0xFF00 ++ + /** + * i40e_vc_add_cloud_filter + * @vf: pointer to the VF info +@@ -3937,6 +3939,14 @@ static int i40e_vc_add_cloud_filter(stru + goto err_out; + } + ++ if (vf->num_cloud_filters >= I40E_MAX_VF_CLOUD_FILTER) { ++ dev_warn(&pf->pdev->dev, ++ "VF %d: Max number of filters reached, can't apply cloud filter\n", ++ vf->vf_id); ++ aq_ret = -ENOSPC; ++ goto err_out; ++ } ++ + cfilter = kzalloc(sizeof(*cfilter), GFP_KERNEL); + if (!cfilter) { + aq_ret = -ENOMEM; diff --git a/queue-6.6/i40e-fix-idx-validation-in-config-queues-msg.patch b/queue-6.6/i40e-fix-idx-validation-in-config-queues-msg.patch new file mode 100644 index 0000000000..9a2b84535b --- /dev/null +++ b/queue-6.6/i40e-fix-idx-validation-in-config-queues-msg.patch @@ -0,0 +1,45 @@ +From f1ad24c5abe1eaef69158bac1405a74b3c365115 Mon Sep 17 00:00:00 2001 +From: Lukasz Czapnik +Date: Wed, 13 Aug 2025 12:45:13 +0200 +Subject: i40e: fix idx validation in config queues msg + +From: Lukasz Czapnik + +commit f1ad24c5abe1eaef69158bac1405a74b3c365115 upstream. + +Ensure idx is within range of active/initialized TCs when iterating over +vf->ch[idx] in i40e_vc_config_queues_msg(). + +Fixes: c27eac48160d ("i40e: Enable ADq and create queue channel/s on VF") +Cc: stable@vger.kernel.org +Signed-off-by: Lukasz Czapnik +Reviewed-by: Aleksandr Loktionov +Signed-off-by: Przemek Kitszel +Reviewed-by: Simon Horman +Tested-by: Kamakshi Nellore (A Contingent Worker at Intel) +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c +@@ -2390,7 +2390,7 @@ static int i40e_vc_config_queues_msg(str + } + + if (vf->adq_enabled) { +- if (idx >= ARRAY_SIZE(vf->ch)) { ++ if (idx >= vf->num_tc) { + aq_ret = -ENODEV; + goto error_param; + } +@@ -2411,7 +2411,7 @@ static int i40e_vc_config_queues_msg(str + * to its appropriate VSIs based on TC mapping + */ + if (vf->adq_enabled) { +- if (idx >= ARRAY_SIZE(vf->ch)) { ++ if (idx >= vf->num_tc) { + aq_ret = -ENODEV; + goto error_param; + } diff --git a/queue-6.6/i40e-fix-idx-validation-in-i40e_validate_queue_map.patch b/queue-6.6/i40e-fix-idx-validation-in-i40e_validate_queue_map.patch new file mode 100644 index 0000000000..c81be3880f --- /dev/null +++ b/queue-6.6/i40e-fix-idx-validation-in-i40e_validate_queue_map.patch @@ -0,0 +1,40 @@ +From aa68d3c3ac8d1dcec40d52ae27e39f6d32207009 Mon Sep 17 00:00:00 2001 +From: Lukasz Czapnik +Date: Wed, 13 Aug 2025 12:45:12 +0200 +Subject: i40e: fix idx validation in i40e_validate_queue_map + +From: Lukasz Czapnik + +commit aa68d3c3ac8d1dcec40d52ae27e39f6d32207009 upstream. + +Ensure idx is within range of active/initialized TCs when iterating over +vf->ch[idx] in i40e_validate_queue_map(). + +Fixes: c27eac48160d ("i40e: Enable ADq and create queue channel/s on VF") +Cc: stable@vger.kernel.org +Signed-off-by: Lukasz Czapnik +Reviewed-by: Aleksandr Loktionov +Signed-off-by: Przemek Kitszel +Reviewed-by: Simon Horman +Tested-by: Kamakshi Nellore (A Contingent Worker at Intel) +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c +@@ -2461,8 +2461,10 @@ static int i40e_validate_queue_map(struc + u16 vsi_queue_id, queue_id; + + for_each_set_bit(vsi_queue_id, &queuemap, I40E_MAX_VSI_QP) { +- if (vf->adq_enabled) { +- vsi_id = vf->ch[vsi_queue_id / I40E_MAX_VF_VSI].vsi_id; ++ u16 idx = vsi_queue_id / I40E_MAX_VF_VSI; ++ ++ if (vf->adq_enabled && idx < vf->num_tc) { ++ vsi_id = vf->ch[idx].vsi_id; + queue_id = (vsi_queue_id % I40E_DEFAULT_QUEUES_PER_VF); + } else { + queue_id = vsi_queue_id; diff --git a/queue-6.6/i40e-fix-input-validation-logic-for-action_meta.patch b/queue-6.6/i40e-fix-input-validation-logic-for-action_meta.patch new file mode 100644 index 0000000000..ee2f12f917 --- /dev/null +++ b/queue-6.6/i40e-fix-input-validation-logic-for-action_meta.patch @@ -0,0 +1,35 @@ +From 9739d5830497812b0bdeaee356ddefbe60830b88 Mon Sep 17 00:00:00 2001 +From: Lukasz Czapnik +Date: Wed, 13 Aug 2025 12:45:14 +0200 +Subject: i40e: fix input validation logic for action_meta + +From: Lukasz Czapnik + +commit 9739d5830497812b0bdeaee356ddefbe60830b88 upstream. + +Fix condition to check 'greater or equal' to prevent OOB dereference. + +Fixes: e284fc280473 ("i40e: Add and delete cloud filter") +Cc: stable@vger.kernel.org +Signed-off-by: Lukasz Czapnik +Reviewed-by: Aleksandr Loktionov +Signed-off-by: Przemek Kitszel +Reviewed-by: Simon Horman +Tested-by: Rafal Romanowski +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c +@@ -3595,7 +3595,7 @@ static int i40e_validate_cloud_filter(st + + /* action_meta is TC number here to which the filter is applied */ + if (!tc_filter->action_meta || +- tc_filter->action_meta > vf->num_tc) { ++ tc_filter->action_meta >= vf->num_tc) { + dev_info(&pf->pdev->dev, "VF %d: Invalid TC number %u\n", + vf->vf_id, tc_filter->action_meta); + goto err; diff --git a/queue-6.6/i40e-fix-validation-of-vf-state-in-get-resources.patch b/queue-6.6/i40e-fix-validation-of-vf-state-in-get-resources.patch new file mode 100644 index 0000000000..16ce57b305 --- /dev/null +++ b/queue-6.6/i40e-fix-validation-of-vf-state-in-get-resources.patch @@ -0,0 +1,72 @@ +From 877b7e6ffc23766448236e8732254534c518ba42 Mon Sep 17 00:00:00 2001 +From: Lukasz Czapnik +Date: Wed, 13 Aug 2025 12:45:15 +0200 +Subject: i40e: fix validation of VF state in get resources + +From: Lukasz Czapnik + +commit 877b7e6ffc23766448236e8732254534c518ba42 upstream. + +VF state I40E_VF_STATE_ACTIVE is not the only state in which +VF is actually active so it should not be used to determine +if a VF is allowed to obtain resources. + +Use I40E_VF_STATE_RESOURCES_LOADED that is set only in +i40e_vc_get_vf_resources_msg() and cleared during reset. + +Fixes: 61125b8be85d ("i40e: Fix failed opcode appearing if handling messages from VF") +Cc: stable@vger.kernel.org +Signed-off-by: Lukasz Czapnik +Reviewed-by: Aleksandr Loktionov +Signed-off-by: Przemek Kitszel +Reviewed-by: Simon Horman +Tested-by: Rafal Romanowski +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 7 ++++++- + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 ++- + 2 files changed, 8 insertions(+), 2 deletions(-) + +--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c +@@ -1459,6 +1459,7 @@ static void i40e_trigger_vf_reset(struct + * functions that may still be running at this point. + */ + clear_bit(I40E_VF_STATE_INIT, &vf->vf_states); ++ clear_bit(I40E_VF_STATE_RESOURCES_LOADED, &vf->vf_states); + + /* In the case of a VFLR, the HW has already reset the VF and we + * just need to clean up, so don't hit the VFRTRIG register. +@@ -2125,7 +2126,10 @@ static int i40e_vc_get_vf_resources_msg( + size_t len = 0; + int ret; + +- if (!i40e_sync_vf_state(vf, I40E_VF_STATE_INIT)) { ++ i40e_sync_vf_state(vf, I40E_VF_STATE_INIT); ++ ++ if (!test_bit(I40E_VF_STATE_INIT, &vf->vf_states) || ++ test_bit(I40E_VF_STATE_RESOURCES_LOADED, &vf->vf_states)) { + aq_ret = -EINVAL; + goto err; + } +@@ -2228,6 +2232,7 @@ static int i40e_vc_get_vf_resources_msg( + vf->default_lan_addr.addr); + } + set_bit(I40E_VF_STATE_ACTIVE, &vf->vf_states); ++ set_bit(I40E_VF_STATE_RESOURCES_LOADED, &vf->vf_states); + + err: + /* send the response back to the VF */ +--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h ++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h +@@ -41,7 +41,8 @@ enum i40e_vf_states { + I40E_VF_STATE_MC_PROMISC, + I40E_VF_STATE_UC_PROMISC, + I40E_VF_STATE_PRE_ENABLE, +- I40E_VF_STATE_RESETTING ++ I40E_VF_STATE_RESETTING, ++ I40E_VF_STATE_RESOURCES_LOADED, + }; + + /* VF capabilities */ diff --git a/queue-6.6/i40e-improve-vf-mac-filters-accounting.patch b/queue-6.6/i40e-improve-vf-mac-filters-accounting.patch new file mode 100644 index 0000000000..f31e0312b0 --- /dev/null +++ b/queue-6.6/i40e-improve-vf-mac-filters-accounting.patch @@ -0,0 +1,183 @@ +From b99dd77076bd3fddac6f7f1cbfa081c38fde17f5 Mon Sep 17 00:00:00 2001 +From: Lukasz Czapnik +Date: Wed, 13 Aug 2025 12:45:18 +0200 +Subject: i40e: improve VF MAC filters accounting + +From: Lukasz Czapnik + +commit b99dd77076bd3fddac6f7f1cbfa081c38fde17f5 upstream. + +When adding new VM MAC, driver checks only *active* filters in +vsi->mac_filter_hash. Each MAC, even in non-active state is using resources. + +To determine number of MACs VM uses, count VSI filters in *any* state. + +Add i40e_count_all_filters() to simply count all filters, and rename +i40e_count_filters() to i40e_count_active_filters() to avoid ambiguity. + +Fixes: cfb1d572c986 ("i40e: Add ensurance of MacVlan resources for every trusted VF") +Cc: stable@vger.kernel.org +Signed-off-by: Lukasz Czapnik +Reviewed-by: Aleksandr Loktionov +Signed-off-by: Przemek Kitszel +Reviewed-by: Simon Horman +Tested-by: Rafal Romanowski +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/i40e/i40e.h | 3 + drivers/net/ethernet/intel/i40e/i40e_main.c | 26 +++++++- + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 65 ++++++++------------- + 3 files changed, 50 insertions(+), 44 deletions(-) + +--- a/drivers/net/ethernet/intel/i40e/i40e.h ++++ b/drivers/net/ethernet/intel/i40e/i40e.h +@@ -1228,7 +1228,8 @@ struct i40e_mac_filter *i40e_add_mac_fil + const u8 *macaddr); + int i40e_del_mac_filter(struct i40e_vsi *vsi, const u8 *macaddr); + bool i40e_is_vsi_in_vlan(struct i40e_vsi *vsi); +-int i40e_count_filters(struct i40e_vsi *vsi); ++int i40e_count_all_filters(struct i40e_vsi *vsi); ++int i40e_count_active_filters(struct i40e_vsi *vsi); + struct i40e_mac_filter *i40e_find_mac(struct i40e_vsi *vsi, const u8 *macaddr); + void i40e_vlan_stripping_enable(struct i40e_vsi *vsi); + static inline bool i40e_is_sw_dcb(struct i40e_pf *pf) +--- a/drivers/net/ethernet/intel/i40e/i40e_main.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c +@@ -1247,12 +1247,30 @@ void i40e_update_stats(struct i40e_vsi * + } + + /** +- * i40e_count_filters - counts VSI mac filters ++ * i40e_count_all_filters - counts VSI MAC filters + * @vsi: the VSI to be searched + * +- * Returns count of mac filters +- **/ +-int i40e_count_filters(struct i40e_vsi *vsi) ++ * Return: count of MAC filters in any state. ++ */ ++int i40e_count_all_filters(struct i40e_vsi *vsi) ++{ ++ struct i40e_mac_filter *f; ++ struct hlist_node *h; ++ int bkt, cnt = 0; ++ ++ hash_for_each_safe(vsi->mac_filter_hash, bkt, h, f, hlist) ++ cnt++; ++ ++ return cnt; ++} ++ ++/** ++ * i40e_count_active_filters - counts VSI MAC filters ++ * @vsi: the VSI to be searched ++ * ++ * Return: count of active MAC filters. ++ */ ++int i40e_count_active_filters(struct i40e_vsi *vsi) + { + struct i40e_mac_filter *f; + struct hlist_node *h; +--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c +@@ -2857,24 +2857,6 @@ error_param: + (u8 *)&stats, sizeof(stats)); + } + +-/** +- * i40e_can_vf_change_mac +- * @vf: pointer to the VF info +- * +- * Return true if the VF is allowed to change its MAC filters, false otherwise +- */ +-static bool i40e_can_vf_change_mac(struct i40e_vf *vf) +-{ +- /* If the VF MAC address has been set administratively (via the +- * ndo_set_vf_mac command), then deny permission to the VF to +- * add/delete unicast MAC addresses, unless the VF is trusted +- */ +- if (vf->pf_set_mac && !vf->trusted) +- return false; +- +- return true; +-} +- + #define I40E_MAX_MACVLAN_PER_HW 3072 + #define I40E_MAX_MACVLAN_PER_PF(num_ports) (I40E_MAX_MACVLAN_PER_HW / \ + (num_ports)) +@@ -2913,8 +2895,10 @@ static inline int i40e_check_vf_permissi + struct i40e_pf *pf = vf->pf; + struct i40e_vsi *vsi = pf->vsi[vf->lan_vsi_idx]; + struct i40e_hw *hw = &pf->hw; +- int mac2add_cnt = 0; +- int i; ++ int i, mac_add_max, mac_add_cnt = 0; ++ bool vf_trusted; ++ ++ vf_trusted = test_bit(I40E_VIRTCHNL_VF_CAP_PRIVILEGE, &vf->vf_caps); + + for (i = 0; i < al->num_elements; i++) { + struct i40e_mac_filter *f; +@@ -2934,9 +2918,8 @@ static inline int i40e_check_vf_permissi + * The VF may request to set the MAC address filter already + * assigned to it so do not return an error in that case. + */ +- if (!i40e_can_vf_change_mac(vf) && +- !is_multicast_ether_addr(addr) && +- !ether_addr_equal(addr, vf->default_lan_addr.addr)) { ++ if (!vf_trusted && !is_multicast_ether_addr(addr) && ++ vf->pf_set_mac && !ether_addr_equal(addr, vf->default_lan_addr.addr)) { + dev_err(&pf->pdev->dev, + "VF attempting to override administratively set MAC address, bring down and up the VF interface to resume normal operation\n"); + return -EPERM; +@@ -2945,29 +2928,33 @@ static inline int i40e_check_vf_permissi + /*count filters that really will be added*/ + f = i40e_find_mac(vsi, addr); + if (!f) +- ++mac2add_cnt; ++ ++mac_add_cnt; + } + + /* If this VF is not privileged, then we can't add more than a limited +- * number of addresses. Check to make sure that the additions do not +- * push us over the limit. +- */ +- if (!test_bit(I40E_VIRTCHNL_VF_CAP_PRIVILEGE, &vf->vf_caps)) { +- if ((i40e_count_filters(vsi) + mac2add_cnt) > +- I40E_VC_MAX_MAC_ADDR_PER_VF) { +- dev_err(&pf->pdev->dev, +- "Cannot add more MAC addresses, VF is not trusted, switch the VF to trusted to add more functionality\n"); +- return -EPERM; +- } +- /* If this VF is trusted, it can use more resources than untrusted. ++ * number of addresses. ++ * ++ * If this VF is trusted, it can use more resources than untrusted. + * However to ensure that every trusted VF has appropriate number of + * resources, divide whole pool of resources per port and then across + * all VFs. + */ +- } else { +- if ((i40e_count_filters(vsi) + mac2add_cnt) > +- I40E_VC_MAX_MACVLAN_PER_TRUSTED_VF(pf->num_alloc_vfs, +- hw->num_ports)) { ++ if (!vf_trusted) ++ mac_add_max = I40E_VC_MAX_MAC_ADDR_PER_VF; ++ else ++ mac_add_max = I40E_VC_MAX_MACVLAN_PER_TRUSTED_VF(pf->num_alloc_vfs, hw->num_ports); ++ ++ /* VF can replace all its filters in one step, in this case mac_add_max ++ * will be added as active and another mac_add_max will be in ++ * a to-be-removed state. Account for that. ++ */ ++ if ((i40e_count_active_filters(vsi) + mac_add_cnt) > mac_add_max || ++ (i40e_count_all_filters(vsi) + mac_add_cnt) > 2 * mac_add_max) { ++ if (!vf_trusted) { ++ dev_err(&pf->pdev->dev, ++ "Cannot add more MAC addresses, VF is not trusted, switch the VF to trusted to add more functionality\n"); ++ return -EPERM; ++ } else { + dev_err(&pf->pdev->dev, + "Cannot add more MAC addresses, trusted VF exhausted it's resources\n"); + return -EPERM; diff --git a/queue-6.6/series b/queue-6.6/series index eb7e72f8ab..a8ae663189 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -52,3 +52,14 @@ octeontx2-pf-fix-potential-use-after-free-in-otx2_tc.patch drm-gma500-fix-null-dereference-in-hdmi-teardown.patch futex-prevent-use-after-free-during-requeue-pi.patch smb-client-fix-wrong-index-reference-in-smb2_compoun.patch +hid-asus-add-support-for-missing-px-series-fn-keys.patch +i40e-fix-idx-validation-in-i40e_validate_queue_map.patch +i40e-fix-idx-validation-in-config-queues-msg.patch +i40e-fix-input-validation-logic-for-action_meta.patch +i40e-fix-validation-of-vf-state-in-get-resources.patch +i40e-add-max-boundary-check-for-vf-filters.patch +i40e-add-mask-to-apply-valid-bits-for-itr_idx.patch +i40e-improve-vf-mac-filters-accounting.patch +crypto-af_alg-fix-incorrect-boolean-values-in-af_alg_ctx.patch +tracing-dynevent-add-a-missing-lockdown-check-on-dynevent.patch +arm-dts-socfpga-sodia-fix-mdio-bus-probe-and-phy-address.patch diff --git a/queue-6.6/tracing-dynevent-add-a-missing-lockdown-check-on-dynevent.patch b/queue-6.6/tracing-dynevent-add-a-missing-lockdown-check-on-dynevent.patch new file mode 100644 index 0000000000..17ea364abb --- /dev/null +++ b/queue-6.6/tracing-dynevent-add-a-missing-lockdown-check-on-dynevent.patch @@ -0,0 +1,36 @@ +From 456c32e3c4316654f95f9d49c12cbecfb77d5660 Mon Sep 17 00:00:00 2001 +From: "Masami Hiramatsu (Google)" +Date: Fri, 19 Sep 2025 10:15:56 +0900 +Subject: tracing: dynevent: Add a missing lockdown check on dynevent + +From: Masami Hiramatsu (Google) + +commit 456c32e3c4316654f95f9d49c12cbecfb77d5660 upstream. + +Since dynamic_events interface on tracefs is compatible with +kprobe_events and uprobe_events, it should also check the lockdown +status and reject if it is set. + +Link: https://lore.kernel.org/all/175824455687.45175.3734166065458520748.stgit@devnote2/ + +Fixes: 17911ff38aa5 ("tracing: Add locked_down checks to the open calls of files created for tracefs") +Signed-off-by: Masami Hiramatsu (Google) +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/trace_dynevent.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/kernel/trace/trace_dynevent.c ++++ b/kernel/trace/trace_dynevent.c +@@ -239,6 +239,10 @@ static int dyn_event_open(struct inode * + { + int ret; + ++ ret = security_locked_down(LOCKDOWN_TRACEFS); ++ if (ret) ++ return ret; ++ + ret = tracing_check_open_get_tr(NULL); + if (ret) + return ret; -- 2.47.3