From 542172111755e07231fa958dd34a0ec6e3ee0fed Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Sun, 19 Feb 2023 04:19:17 -0500 Subject: [PATCH] Fixes for 5.10 Signed-off-by: Sasha Levin --- ...oving-was-to-icl_gt_workarounds_init.patch | 66 ++++++ ...a_1408615072-wa_1407596294-should-be.patch | 63 +++++ ...fload-fill-flags-to-action-structure.patch | 221 ++++++++++++++++++ ...hecking-for-null-for-nlmsg_find_attr.patch | 43 ++++ ...et-sched-act_ctinfo-use-percpu-stats.patch | 65 ++++++ ...d-tcindex-search-key-must-be-16-bits.patch | 81 +++++++ queue-5.10/series | 6 + 7 files changed, 545 insertions(+) create mode 100644 queue-5.10/drm-i915-gen11-moving-was-to-icl_gt_workarounds_init.patch create mode 100644 queue-5.10/drm-i915-gen11-wa_1408615072-wa_1407596294-should-be.patch create mode 100644 queue-5.10/flow_offload-fill-flags-to-action-structure.patch create mode 100644 queue-5.10/i40e-add-checking-for-null-for-nlmsg_find_attr.patch create mode 100644 queue-5.10/net-sched-act_ctinfo-use-percpu-stats.patch create mode 100644 queue-5.10/net-sched-tcindex-search-key-must-be-16-bits.patch diff --git a/queue-5.10/drm-i915-gen11-moving-was-to-icl_gt_workarounds_init.patch b/queue-5.10/drm-i915-gen11-moving-was-to-icl_gt_workarounds_init.patch new file mode 100644 index 00000000000..de5510864c2 --- /dev/null +++ b/queue-5.10/drm-i915-gen11-moving-was-to-icl_gt_workarounds_init.patch @@ -0,0 +1,66 @@ +From 14842de2b3fe6290a3b2739dba4d959f7d248039 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 3 Dec 2021 20:26:03 +0530 +Subject: drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() + +From: Raviteja Goud Talla + +[ Upstream commit 67b858dd89932086ae0ee2d0ce4dd070a2c88bb3 ] + +Bspec page says "Reset: BUS", Accordingly moving w/a's: +Wa_1407352427,Wa_1406680159 to proper function icl_gt_workarounds_init() +Which will resolve guc enabling error + +v2: + - Previous patch rev2 was created by email client which caused the + Build failure, This v2 is to resolve the previous broken series + +Reviewed-by: John Harrison +Signed-off-by: Raviteja Goud Talla +Signed-off-by: John Harrison +Link: https://patchwork.freedesktop.org/patch/msgid/20211203145603.4006937-1-ravitejax.goud.talla@intel.com +Stable-dep-of: d5a1224aa68c ("drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list") +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/i915/gt/intel_workarounds.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/drivers/gpu/drm/i915/gt/intel_workarounds.c b/drivers/gpu/drm/i915/gt/intel_workarounds.c +index 4a3bde7c9f217..5c92789504d01 100644 +--- a/drivers/gpu/drm/i915/gt/intel_workarounds.c ++++ b/drivers/gpu/drm/i915/gt/intel_workarounds.c +@@ -1212,6 +1212,15 @@ icl_gt_workarounds_init(struct drm_i915_private *i915, struct i915_wa_list *wal) + GAMT_CHKN_BIT_REG, + GAMT_CHKN_DISABLE_L3_COH_PIPE); + ++ /* Wa_1407352427:icl,ehl */ ++ wa_write_or(wal, UNSLICE_UNIT_LEVEL_CLKGATE2, ++ PSDUNIT_CLKGATE_DIS); ++ ++ /* Wa_1406680159:icl,ehl */ ++ wa_write_or(wal, ++ SUBSLICE_UNIT_LEVEL_CLKGATE, ++ GWUNIT_CLKGATE_DIS); ++ + /* Wa_1607087056:icl,ehl,jsl */ + if (IS_ICELAKE(i915) || + IS_EHL_REVID(i915, EHL_REVID_A0, EHL_REVID_A0)) { +@@ -1823,15 +1832,6 @@ rcs_engine_wa_init(struct intel_engine_cs *engine, struct i915_wa_list *wal) + wa_write_or(wal, UNSLICE_UNIT_LEVEL_CLKGATE, + VSUNIT_CLKGATE_DIS | HSUNIT_CLKGATE_DIS); + +- /* Wa_1407352427:icl,ehl */ +- wa_write_or(wal, UNSLICE_UNIT_LEVEL_CLKGATE2, +- PSDUNIT_CLKGATE_DIS); +- +- /* Wa_1406680159:icl,ehl */ +- wa_write_or(wal, +- SUBSLICE_UNIT_LEVEL_CLKGATE, +- GWUNIT_CLKGATE_DIS); +- + /* + * Wa_1408767742:icl[a2..forever],ehl[all] + * Wa_1605460711:icl[a0..c0] +-- +2.39.0 + diff --git a/queue-5.10/drm-i915-gen11-wa_1408615072-wa_1407596294-should-be.patch b/queue-5.10/drm-i915-gen11-wa_1408615072-wa_1407596294-should-be.patch new file mode 100644 index 00000000000..d15571197a2 --- /dev/null +++ b/queue-5.10/drm-i915-gen11-wa_1408615072-wa_1407596294-should-be.patch @@ -0,0 +1,63 @@ +From f780233054d2b778e661c0ab389acebb485b4a70 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Feb 2023 14:28:29 -0800 +Subject: drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list + +From: Matt Roper + +[ Upstream commit d5a1224aa68c8b124a4c5c390186e571815ed390 ] + +The UNSLICE_UNIT_LEVEL_CLKGATE register programmed by this workaround +has 'BUS' style reset, indicating that it does not lose its value on +engine resets. Furthermore, this register is part of the GT forcewake +domain rather than the RENDER domain, so it should not be impacted by +RCS engine resets. As such, we should implement this on the GT +workaround list rather than an engine list. + +Bspec: 19219 +Fixes: 3551ff928744 ("drm/i915/gen11: Moving WAs to rcs_engine_wa_init()") +Signed-off-by: Matt Roper +Reviewed-by: Gustavo Sousa +Link: https://patchwork.freedesktop.org/patch/msgid/20230201222831.608281-2-matthew.d.roper@intel.com +(cherry picked from commit 5f21dc07b52eb54a908e66f5d6e05a87bcb5b049) +Signed-off-by: Rodrigo Vivi +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/i915/gt/intel_workarounds.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/drivers/gpu/drm/i915/gt/intel_workarounds.c b/drivers/gpu/drm/i915/gt/intel_workarounds.c +index 5c92789504d01..ae5cf2b55e159 100644 +--- a/drivers/gpu/drm/i915/gt/intel_workarounds.c ++++ b/drivers/gpu/drm/i915/gt/intel_workarounds.c +@@ -1212,6 +1212,13 @@ icl_gt_workarounds_init(struct drm_i915_private *i915, struct i915_wa_list *wal) + GAMT_CHKN_BIT_REG, + GAMT_CHKN_DISABLE_L3_COH_PIPE); + ++ /* ++ * Wa_1408615072:icl,ehl (vsunit) ++ * Wa_1407596294:icl,ehl (hsunit) ++ */ ++ wa_write_or(wal, UNSLICE_UNIT_LEVEL_CLKGATE, ++ VSUNIT_CLKGATE_DIS | HSUNIT_CLKGATE_DIS); ++ + /* Wa_1407352427:icl,ehl */ + wa_write_or(wal, UNSLICE_UNIT_LEVEL_CLKGATE2, + PSDUNIT_CLKGATE_DIS); +@@ -1825,13 +1832,6 @@ rcs_engine_wa_init(struct intel_engine_cs *engine, struct i915_wa_list *wal) + wa_masked_en(wal, GEN9_CSFE_CHICKEN1_RCS, + GEN11_ENABLE_32_PLANE_MODE); + +- /* +- * Wa_1408615072:icl,ehl (vsunit) +- * Wa_1407596294:icl,ehl (hsunit) +- */ +- wa_write_or(wal, UNSLICE_UNIT_LEVEL_CLKGATE, +- VSUNIT_CLKGATE_DIS | HSUNIT_CLKGATE_DIS); +- + /* + * Wa_1408767742:icl[a2..forever],ehl[all] + * Wa_1605460711:icl[a0..c0] +-- +2.39.0 + diff --git a/queue-5.10/flow_offload-fill-flags-to-action-structure.patch b/queue-5.10/flow_offload-fill-flags-to-action-structure.patch new file mode 100644 index 00000000000..30ff8adc126 --- /dev/null +++ b/queue-5.10/flow_offload-fill-flags-to-action-structure.patch @@ -0,0 +1,221 @@ +From 0a04426f98bfafc542856b8c7e4d8cd0f25d9f7c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 17 Dec 2021 19:16:17 +0100 +Subject: flow_offload: fill flags to action structure + +From: Baowen Zheng + +[ Upstream commit 40bd094d65fc9f83941b024cde7c24516f036879 ] + +Fill flags to action structure to allow user control if +the action should be offloaded to hardware or not. + +Signed-off-by: Baowen Zheng +Signed-off-by: Louis Peens +Signed-off-by: Simon Horman +Acked-by: Jamal Hadi Salim +Signed-off-by: David S. Miller +Stable-dep-of: 21c167aa0ba9 ("net/sched: act_ctinfo: use percpu stats") +Signed-off-by: Sasha Levin +--- + net/sched/act_bpf.c | 2 +- + net/sched/act_connmark.c | 2 +- + net/sched/act_ctinfo.c | 2 +- + net/sched/act_gate.c | 2 +- + net/sched/act_ife.c | 2 +- + net/sched/act_ipt.c | 2 +- + net/sched/act_mpls.c | 2 +- + net/sched/act_nat.c | 2 +- + net/sched/act_pedit.c | 2 +- + net/sched/act_police.c | 2 +- + net/sched/act_sample.c | 2 +- + net/sched/act_simple.c | 2 +- + net/sched/act_skbedit.c | 2 +- + net/sched/act_skbmod.c | 2 +- + 14 files changed, 14 insertions(+), 14 deletions(-) + +diff --git a/net/sched/act_bpf.c b/net/sched/act_bpf.c +index a4c7ba35a3438..78f1cd70c8d19 100644 +--- a/net/sched/act_bpf.c ++++ b/net/sched/act_bpf.c +@@ -307,7 +307,7 @@ static int tcf_bpf_init(struct net *net, struct nlattr *nla, + ret = tcf_idr_check_alloc(tn, &index, act, bind); + if (!ret) { + ret = tcf_idr_create(tn, index, est, act, +- &act_bpf_ops, bind, true, 0); ++ &act_bpf_ops, bind, true, flags); + if (ret < 0) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_connmark.c b/net/sched/act_connmark.c +index 31d268eedf3f9..b6576a250e851 100644 +--- a/net/sched/act_connmark.c ++++ b/net/sched/act_connmark.c +@@ -124,7 +124,7 @@ static int tcf_connmark_init(struct net *net, struct nlattr *nla, + ret = tcf_idr_check_alloc(tn, &index, a, bind); + if (!ret) { + ret = tcf_idr_create(tn, index, est, a, +- &act_connmark_ops, bind, false, 0); ++ &act_connmark_ops, bind, false, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_ctinfo.c b/net/sched/act_ctinfo.c +index 06c74f22ab98b..9bde94e7bb939 100644 +--- a/net/sched/act_ctinfo.c ++++ b/net/sched/act_ctinfo.c +@@ -212,7 +212,7 @@ static int tcf_ctinfo_init(struct net *net, struct nlattr *nla, + err = tcf_idr_check_alloc(tn, &index, a, bind); + if (!err) { + ret = tcf_idr_create(tn, index, est, a, +- &act_ctinfo_ops, bind, false, 0); ++ &act_ctinfo_ops, bind, false, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_gate.c b/net/sched/act_gate.c +index a78cb79657182..0e7568a06351b 100644 +--- a/net/sched/act_gate.c ++++ b/net/sched/act_gate.c +@@ -357,7 +357,7 @@ static int tcf_gate_init(struct net *net, struct nlattr *nla, + + if (!err) { + ret = tcf_idr_create(tn, index, est, a, +- &act_gate_ops, bind, false, 0); ++ &act_gate_ops, bind, false, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_ife.c b/net/sched/act_ife.c +index a2ddea04183af..99548b2a1bc83 100644 +--- a/net/sched/act_ife.c ++++ b/net/sched/act_ife.c +@@ -553,7 +553,7 @@ static int tcf_ife_init(struct net *net, struct nlattr *nla, + + if (!exists) { + ret = tcf_idr_create(tn, index, est, a, &act_ife_ops, +- bind, true, 0); ++ bind, true, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + kfree(p); +diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c +index 8dc3bec0d3258..080f2952cd536 100644 +--- a/net/sched/act_ipt.c ++++ b/net/sched/act_ipt.c +@@ -144,7 +144,7 @@ static int __tcf_ipt_init(struct net *net, unsigned int id, struct nlattr *nla, + + if (!exists) { + ret = tcf_idr_create(tn, index, est, a, ops, bind, +- false, 0); ++ false, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_mpls.c b/net/sched/act_mpls.c +index 09799412b2489..47b963ded4e43 100644 +--- a/net/sched/act_mpls.c ++++ b/net/sched/act_mpls.c +@@ -254,7 +254,7 @@ static int tcf_mpls_init(struct net *net, struct nlattr *nla, + + if (!exists) { + ret = tcf_idr_create(tn, index, est, a, +- &act_mpls_ops, bind, true, 0); ++ &act_mpls_ops, bind, true, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c +index 1ebd2a86d980f..8466dc25fe397 100644 +--- a/net/sched/act_nat.c ++++ b/net/sched/act_nat.c +@@ -61,7 +61,7 @@ static int tcf_nat_init(struct net *net, struct nlattr *nla, struct nlattr *est, + err = tcf_idr_check_alloc(tn, &index, a, bind); + if (!err) { + ret = tcf_idr_create(tn, index, est, a, +- &act_nat_ops, bind, false, 0); ++ &act_nat_ops, bind, false, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_pedit.c b/net/sched/act_pedit.c +index 0d5463ddfd62f..db0d3bff19eba 100644 +--- a/net/sched/act_pedit.c ++++ b/net/sched/act_pedit.c +@@ -189,7 +189,7 @@ static int tcf_pedit_init(struct net *net, struct nlattr *nla, + err = tcf_idr_check_alloc(tn, &index, a, bind); + if (!err) { + ret = tcf_idr_create(tn, index, est, a, +- &act_pedit_ops, bind, false, 0); ++ &act_pedit_ops, bind, false, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + goto out_free; +diff --git a/net/sched/act_police.c b/net/sched/act_police.c +index 3807335889590..c30cd3ecb3911 100644 +--- a/net/sched/act_police.c ++++ b/net/sched/act_police.c +@@ -87,7 +87,7 @@ static int tcf_police_init(struct net *net, struct nlattr *nla, + + if (!exists) { + ret = tcf_idr_create(tn, index, NULL, a, +- &act_police_ops, bind, true, 0); ++ &act_police_ops, bind, true, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_sample.c b/net/sched/act_sample.c +index 3ebf9ede3cf10..2f0e98bcf4945 100644 +--- a/net/sched/act_sample.c ++++ b/net/sched/act_sample.c +@@ -69,7 +69,7 @@ static int tcf_sample_init(struct net *net, struct nlattr *nla, + + if (!exists) { + ret = tcf_idr_create(tn, index, est, a, +- &act_sample_ops, bind, true, 0); ++ &act_sample_ops, bind, true, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_simple.c b/net/sched/act_simple.c +index a4f3d0f0daa96..b9bbc87a87c5b 100644 +--- a/net/sched/act_simple.c ++++ b/net/sched/act_simple.c +@@ -128,7 +128,7 @@ static int tcf_simp_init(struct net *net, struct nlattr *nla, + + if (!exists) { + ret = tcf_idr_create(tn, index, est, a, +- &act_simp_ops, bind, false, 0); ++ &act_simp_ops, bind, false, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_skbedit.c b/net/sched/act_skbedit.c +index e5f3fb8b00e32..a5661f2d93e99 100644 +--- a/net/sched/act_skbedit.c ++++ b/net/sched/act_skbedit.c +@@ -176,7 +176,7 @@ static int tcf_skbedit_init(struct net *net, struct nlattr *nla, + + if (!exists) { + ret = tcf_idr_create(tn, index, est, a, +- &act_skbedit_ops, bind, true, 0); ++ &act_skbedit_ops, bind, true, act_flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_skbmod.c b/net/sched/act_skbmod.c +index 8d17a543cc9fe..aa98dcac94b95 100644 +--- a/net/sched/act_skbmod.c ++++ b/net/sched/act_skbmod.c +@@ -147,7 +147,7 @@ static int tcf_skbmod_init(struct net *net, struct nlattr *nla, + + if (!exists) { + ret = tcf_idr_create(tn, index, est, a, +- &act_skbmod_ops, bind, true, 0); ++ &act_skbmod_ops, bind, true, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +-- +2.39.0 + diff --git a/queue-5.10/i40e-add-checking-for-null-for-nlmsg_find_attr.patch b/queue-5.10/i40e-add-checking-for-null-for-nlmsg_find_attr.patch new file mode 100644 index 00000000000..3798970603f --- /dev/null +++ b/queue-5.10/i40e-add-checking-for-null-for-nlmsg_find_attr.patch @@ -0,0 +1,43 @@ +From 34c32c325e2024b80cace9cda73f0a60d4aa558f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 9 Feb 2023 09:28:33 -0800 +Subject: i40e: Add checking for null for nlmsg_find_attr() + +From: Natalia Petrova + +[ Upstream commit 7fa0b526f865cb42aa33917fd02a92cb03746f4d ] + +The result of nlmsg_find_attr() 'br_spec' is dereferenced in +nla_for_each_nested(), but it can take NULL value in nla_find() function, +which will result in an error. + +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +Fixes: 51616018dd1b ("i40e: Add support for getlink, setlink ndo ops") +Signed-off-by: Natalia Petrova +Reviewed-by: Jesse Brandeburg +Tested-by: Gurucharan G (A Contingent worker at Intel) +Signed-off-by: Tony Nguyen +Link: https://lore.kernel.org/r/20230209172833.3596034-1-anthony.l.nguyen@intel.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c +index c4f4ee34d58a0..9e8a20a94862f 100644 +--- a/drivers/net/ethernet/intel/i40e/i40e_main.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c +@@ -12520,6 +12520,8 @@ static int i40e_ndo_bridge_setlink(struct net_device *dev, + } + + br_spec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC); ++ if (!br_spec) ++ return -EINVAL; + + nla_for_each_nested(attr, br_spec, rem) { + __u16 mode; +-- +2.39.0 + diff --git a/queue-5.10/net-sched-act_ctinfo-use-percpu-stats.patch b/queue-5.10/net-sched-act_ctinfo-use-percpu-stats.patch new file mode 100644 index 00000000000..6466f6ea1bd --- /dev/null +++ b/queue-5.10/net-sched-act_ctinfo-use-percpu-stats.patch @@ -0,0 +1,65 @@ +From 780439f4463303038f71bf071d7f6dfb115424bc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 10 Feb 2023 17:08:25 -0300 +Subject: net/sched: act_ctinfo: use percpu stats + +From: Pedro Tammela + +[ Upstream commit 21c167aa0ba943a7cac2f6969814f83bb701666b ] + +The tc action act_ctinfo was using shared stats, fix it to use percpu stats +since bstats_update() must be called with locks or with a percpu pointer argument. + +tdc results: +1..12 +ok 1 c826 - Add ctinfo action with default setting +ok 2 0286 - Add ctinfo action with dscp +ok 3 4938 - Add ctinfo action with valid cpmark and zone +ok 4 7593 - Add ctinfo action with drop control +ok 5 2961 - Replace ctinfo action zone and action control +ok 6 e567 - Delete ctinfo action with valid index +ok 7 6a91 - Delete ctinfo action with invalid index +ok 8 5232 - List ctinfo actions +ok 9 7702 - Flush ctinfo actions +ok 10 3201 - Add ctinfo action with duplicate index +ok 11 8295 - Add ctinfo action with invalid index +ok 12 3964 - Replace ctinfo action with invalid goto_chain control + +Fixes: 24ec483cec98 ("net: sched: Introduce act_ctinfo action") +Reviewed-by: Jamal Hadi Salim +Signed-off-by: Pedro Tammela +Reviewed-by: Larysa Zaremba +Link: https://lore.kernel.org/r/20230210200824.444856-1-pctammela@mojatatu.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/sched/act_ctinfo.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/net/sched/act_ctinfo.c b/net/sched/act_ctinfo.c +index 9bde94e7bb939..5aa005835c066 100644 +--- a/net/sched/act_ctinfo.c ++++ b/net/sched/act_ctinfo.c +@@ -92,7 +92,7 @@ static int tcf_ctinfo_act(struct sk_buff *skb, const struct tc_action *a, + cp = rcu_dereference_bh(ca->params); + + tcf_lastuse_update(&ca->tcf_tm); +- bstats_update(&ca->tcf_bstats, skb); ++ tcf_action_update_bstats(&ca->common, skb); + action = READ_ONCE(ca->tcf_action); + + wlen = skb_network_offset(skb); +@@ -211,8 +211,8 @@ static int tcf_ctinfo_init(struct net *net, struct nlattr *nla, + index = actparm->index; + err = tcf_idr_check_alloc(tn, &index, a, bind); + if (!err) { +- ret = tcf_idr_create(tn, index, est, a, +- &act_ctinfo_ops, bind, false, flags); ++ ret = tcf_idr_create_from_flags(tn, index, est, a, ++ &act_ctinfo_ops, bind, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +-- +2.39.0 + diff --git a/queue-5.10/net-sched-tcindex-search-key-must-be-16-bits.patch b/queue-5.10/net-sched-tcindex-search-key-must-be-16-bits.patch new file mode 100644 index 00000000000..b851b5cc5b0 --- /dev/null +++ b/queue-5.10/net-sched-tcindex-search-key-must-be-16-bits.patch @@ -0,0 +1,81 @@ +From 8d6dd6512b92c8e64411eabe1c7ddf0026f076d8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 13 Feb 2023 22:47:29 -0300 +Subject: net/sched: tcindex: search key must be 16 bits + +From: Pedro Tammela + +[ Upstream commit 42018a322bd453e38b3ffee294982243e50a484f ] + +Syzkaller found an issue where a handle greater than 16 bits would trigger +a null-ptr-deref in the imperfect hash area update. + +general protection fault, probably for non-canonical address +0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN +KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af] +CPU: 0 PID: 5070 Comm: syz-executor456 Not tainted +6.2.0-rc7-syzkaller-00112-gc68f345b7c42 #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, +BIOS Google 01/21/2023 +RIP: 0010:tcindex_set_parms+0x1a6a/0x2990 net/sched/cls_tcindex.c:509 +Code: 01 e9 e9 fe ff ff 4c 8b bd 28 fe ff ff e8 0e 57 7d f9 48 8d bb +a8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c +02 00 0f 85 94 0c 00 00 48 8b 85 f8 fd ff ff 48 8b 9b a8 00 +RSP: 0018:ffffc90003d3ef88 EFLAGS: 00010202 +RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 +RDX: 0000000000000015 RSI: ffffffff8803a102 RDI: 00000000000000a8 +RBP: ffffc90003d3f1d8 R08: 0000000000000001 R09: 0000000000000000 +R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801e2b10a8 +R13: dffffc0000000000 R14: 0000000000030000 R15: ffff888017b3be00 +FS: 00005555569af300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 000056041c6d2000 CR3: 000000002bfca000 CR4: 00000000003506f0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +Call Trace: + +tcindex_change+0x1ea/0x320 net/sched/cls_tcindex.c:572 +tc_new_tfilter+0x96e/0x2220 net/sched/cls_api.c:2155 +rtnetlink_rcv_msg+0x959/0xca0 net/core/rtnetlink.c:6132 +netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2574 +netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] +netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 +netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1942 +sock_sendmsg_nosec net/socket.c:714 [inline] +sock_sendmsg+0xd3/0x120 net/socket.c:734 +____sys_sendmsg+0x334/0x8c0 net/socket.c:2476 +___sys_sendmsg+0x110/0x1b0 net/socket.c:2530 +__sys_sendmmsg+0x18f/0x460 net/socket.c:2616 +__do_sys_sendmmsg net/socket.c:2645 [inline] +__se_sys_sendmmsg net/socket.c:2642 [inline] +__x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2642 +do_syscall_x64 arch/x86/entry/common.c:50 [inline] +do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 + +Fixes: ee059170b1f7 ("net/sched: tcindex: update imperfect hash filters respecting rcu") +Signed-off-by: Jamal Hadi Salim +Signed-off-by: Pedro Tammela +Reported-by: syzbot +Reviewed-by: Eric Dumazet +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/sched/cls_tcindex.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/sched/cls_tcindex.c b/net/sched/cls_tcindex.c +index 50bf7ec4b5b25..2c0c95204cb5a 100644 +--- a/net/sched/cls_tcindex.c ++++ b/net/sched/cls_tcindex.c +@@ -502,7 +502,7 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, + /* lookup the filter, guaranteed to exist */ + for (cf = rcu_dereference_bh_rtnl(*fp); cf; + fp = &cf->next, cf = rcu_dereference_bh_rtnl(*fp)) +- if (cf->key == handle) ++ if (cf->key == (u16)handle) + break; + + f->next = cf->next; +-- +2.39.0 + diff --git a/queue-5.10/series b/queue-5.10/series index db37dfcc91f..18d0478f370 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -44,3 +44,9 @@ ixgbe-add-double-of-vlan-header-when-computing-the-max-mtu.patch ipv6-fix-datagram-socket-connection-with-dscp.patch ipv6-fix-tcp-socket-connection-with-dscp.patch nilfs2-fix-underflow-in-second-superblock-position-calculations.patch +drm-i915-gen11-moving-was-to-icl_gt_workarounds_init.patch +drm-i915-gen11-wa_1408615072-wa_1407596294-should-be.patch +flow_offload-fill-flags-to-action-structure.patch +net-sched-act_ctinfo-use-percpu-stats.patch +i40e-add-checking-for-null-for-nlmsg_find_attr.patch +net-sched-tcindex-search-key-must-be-16-bits.patch -- 2.47.2