From 6cc4d8db51801133730677290062b82e5e10cb37 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Wed, 1 Jan 2020 11:34:41 -0500 Subject: [PATCH] fixes for 4.19 Signed-off-by: Sasha Levin --- ...de-error-message-for-single-cmd-fall.patch | 42 +++++++++++ ...ve-backup-transition-after-link-fail.patch | 52 ++++++++++++++ ...ompiler-warning-when-only-cbpf-is-pr.patch | 69 +++++++++++++++++++ ...-nf_queue-enqueue-skbs-with-null-dst.patch | 44 ++++++++++++ queue-4.19/series | 5 ++ ...ibly-incorrect-severity-calculation-.patch | 51 ++++++++++++++ 6 files changed, 263 insertions(+) create mode 100644 queue-4.19/alsa-hda-downgrade-error-message-for-single-cmd-fall.patch create mode 100644 queue-4.19/bonding-fix-active-backup-transition-after-link-fail.patch create mode 100644 queue-4.19/net-sysctl-fix-compiler-warning-when-only-cbpf-is-pr.patch create mode 100644 queue-4.19/netfilter-nf_queue-enqueue-skbs-with-null-dst.patch create mode 100644 queue-4.19/x86-mce-fix-possibly-incorrect-severity-calculation-.patch diff --git a/queue-4.19/alsa-hda-downgrade-error-message-for-single-cmd-fall.patch b/queue-4.19/alsa-hda-downgrade-error-message-for-single-cmd-fall.patch new file mode 100644 index 00000000000..c320e6f6c72 --- /dev/null +++ b/queue-4.19/alsa-hda-downgrade-error-message-for-single-cmd-fall.patch @@ -0,0 +1,42 @@ +From 3d46cddc25081511130cc22e6a3886790fdb6428 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 16 Dec 2019 16:12:24 +0100 +Subject: ALSA: hda - Downgrade error message for single-cmd fallback + +From: Takashi Iwai + +[ Upstream commit 475feec0c41ad71cb7d02f0310e56256606b57c5 ] + +We made the error message for the CORB/RIRB communication clearer by +upgrading to dev_WARN() so that user can notice better. But this +struck us like a boomerang: now it caught syzbot and reported back as +a fatal issue although it's not really any too serious bug that worth +for stopping the whole system. + +OK, OK, let's be softy, downgrade it to the standard dev_err() again. + +Fixes: dd65f7e19c69 ("ALSA: hda - Show the fatal CORB/RIRB error more clearly") +Reported-by: syzbot+b3028ac3933f5c466389@syzkaller.appspotmail.com +Link: https://lore.kernel.org/r/20191216151224.30013-1-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +--- + sound/pci/hda/hda_controller.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sound/pci/hda/hda_controller.c b/sound/pci/hda/hda_controller.c +index 8fcb421193e0..fa261b27d858 100644 +--- a/sound/pci/hda/hda_controller.c ++++ b/sound/pci/hda/hda_controller.c +@@ -883,7 +883,7 @@ static int azx_rirb_get_response(struct hdac_bus *bus, unsigned int addr, + return -EAGAIN; /* give a chance to retry */ + } + +- dev_WARN(chip->card->dev, ++ dev_err(chip->card->dev, + "azx_get_response timeout, switching to single_cmd mode: last cmd=0x%08x\n", + bus->last_cmd[addr]); + chip->single_cmd = 1; +-- +2.20.1 + diff --git a/queue-4.19/bonding-fix-active-backup-transition-after-link-fail.patch b/queue-4.19/bonding-fix-active-backup-transition-after-link-fail.patch new file mode 100644 index 00000000000..902041c7f46 --- /dev/null +++ b/queue-4.19/bonding-fix-active-backup-transition-after-link-fail.patch @@ -0,0 +1,52 @@ +From a13b83670f2f24070973f3bcb78f85aa3c031cd4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 6 Dec 2019 15:44:55 -0800 +Subject: bonding: fix active-backup transition after link failure + +From: Mahesh Bandewar + +[ Upstream commit 5d485ed88d48f8101a2067348e267c0aaf4ed486 ] + +After the recent fix in commit 1899bb325149 ("bonding: fix state +transition issue in link monitoring"), the active-backup mode with +miimon initially come-up fine but after a link-failure, both members +transition into backup state. + +Following steps to reproduce the scenario (eth1 and eth2 are the +slaves of the bond): + + ip link set eth1 up + ip link set eth2 down + sleep 1 + ip link set eth2 up + ip link set eth1 down + cat /sys/class/net/eth1/bonding_slave/state + cat /sys/class/net/eth2/bonding_slave/state + +Fixes: 1899bb325149 ("bonding: fix state transition issue in link monitoring") +CC: Jay Vosburgh +Signed-off-by: Mahesh Bandewar +Acked-by: Jay Vosburgh +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/bonding/bond_main.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c +index 9b8143dca512..f57b86f1373d 100644 +--- a/drivers/net/bonding/bond_main.c ++++ b/drivers/net/bonding/bond_main.c +@@ -2223,9 +2223,6 @@ static void bond_miimon_commit(struct bonding *bond) + } else if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP) { + /* make it immediately active */ + bond_set_active_slave(slave); +- } else if (slave != primary) { +- /* prevent it from being the active one */ +- bond_set_backup_slave(slave); + } + + netdev_info(bond->dev, "link status definitely up for interface %s, %u Mbps %s duplex\n", +-- +2.20.1 + diff --git a/queue-4.19/net-sysctl-fix-compiler-warning-when-only-cbpf-is-pr.patch b/queue-4.19/net-sysctl-fix-compiler-warning-when-only-cbpf-is-pr.patch new file mode 100644 index 00000000000..4f0eddc443a --- /dev/null +++ b/queue-4.19/net-sysctl-fix-compiler-warning-when-only-cbpf-is-pr.patch @@ -0,0 +1,69 @@ +From 57a72b38fe594c1d0545eacb029097f23b342b08 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 18 Dec 2019 12:18:21 +0300 +Subject: net, sysctl: Fix compiler warning when only cBPF is present +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Alexander Lobakin + +[ Upstream commit 1148f9adbe71415836a18a36c1b4ece999ab0973 ] + +proc_dointvec_minmax_bpf_restricted() has been firstly introduced +in commit 2e4a30983b0f ("bpf: restrict access to core bpf sysctls") +under CONFIG_HAVE_EBPF_JIT. Then, this ifdef has been removed in +ede95a63b5e8 ("bpf: add bpf_jit_limit knob to restrict unpriv +allocations"), because a new sysctl, bpf_jit_limit, made use of it. +Finally, this parameter has become long instead of integer with +fdadd04931c2 ("bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K") +and thus, a new proc_dolongvec_minmax_bpf_restricted() has been +added. + +With this last change, we got back to that +proc_dointvec_minmax_bpf_restricted() is used only under +CONFIG_HAVE_EBPF_JIT, but the corresponding ifdef has not been +brought back. + +So, in configurations like CONFIG_BPF_JIT=y && CONFIG_HAVE_EBPF_JIT=n +since v4.20 we have: + + CC net/core/sysctl_net_core.o +net/core/sysctl_net_core.c:292:1: warning: ‘proc_dointvec_minmax_bpf_restricted’ defined but not used [-Wunused-function] + 292 | proc_dointvec_minmax_bpf_restricted(struct ctl_table *table, int write, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Suppress this by guarding it with CONFIG_HAVE_EBPF_JIT again. + +Fixes: fdadd04931c2 ("bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K") +Signed-off-by: Alexander Lobakin +Signed-off-by: Daniel Borkmann +Link: https://lore.kernel.org/bpf/20191218091821.7080-1-alobakin@dlink.ru +Signed-off-by: Sasha Levin +--- + net/core/sysctl_net_core.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c +index d67ec17f2cc8..6cec08cd0bb9 100644 +--- a/net/core/sysctl_net_core.c ++++ b/net/core/sysctl_net_core.c +@@ -281,6 +281,7 @@ static int proc_dointvec_minmax_bpf_enable(struct ctl_table *table, int write, + return ret; + } + ++# ifdef CONFIG_HAVE_EBPF_JIT + static int + proc_dointvec_minmax_bpf_restricted(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, +@@ -291,6 +292,7 @@ proc_dointvec_minmax_bpf_restricted(struct ctl_table *table, int write, + + return proc_dointvec_minmax(table, write, buffer, lenp, ppos); + } ++# endif /* CONFIG_HAVE_EBPF_JIT */ + + static int + proc_dolongvec_minmax_bpf_restricted(struct ctl_table *table, int write, +-- +2.20.1 + diff --git a/queue-4.19/netfilter-nf_queue-enqueue-skbs-with-null-dst.patch b/queue-4.19/netfilter-nf_queue-enqueue-skbs-with-null-dst.patch new file mode 100644 index 00000000000..00c75b17972 --- /dev/null +++ b/queue-4.19/netfilter-nf_queue-enqueue-skbs-with-null-dst.patch @@ -0,0 +1,44 @@ +From f5b1f11e38a3550a9704f9fa4bcb4f9a02271bfd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 2 Dec 2019 19:54:30 +0100 +Subject: netfilter: nf_queue: enqueue skbs with NULL dst + +From: Marco Oliverio + +[ Upstream commit 0b9173f4688dfa7c5d723426be1d979c24ce3d51 ] + +Bridge packets that are forwarded have skb->dst == NULL and get +dropped by the check introduced by +b60a77386b1d4868f72f6353d35dabe5fbe981f2 (net: make skb_dst_force +return true when dst is refcounted). + +To fix this we check skb_dst() before skb_dst_force(), so we don't +drop skb packet with dst == NULL. This holds also for skb at the +PRE_ROUTING hook so we remove the second check. + +Fixes: b60a77386b1d ("net: make skb_dst_force return true when dst is refcounted") +Signed-off-by: Marco Oliverio +Signed-off-by: Rocco Folino +Acked-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Sasha Levin +--- + net/netfilter/nf_queue.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c +index a96a8c16baf9..ee6d98355081 100644 +--- a/net/netfilter/nf_queue.c ++++ b/net/netfilter/nf_queue.c +@@ -174,7 +174,7 @@ static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, + goto err; + } + +- if (!skb_dst_force(skb) && state->hook != NF_INET_PRE_ROUTING) { ++ if (skb_dst(skb) && !skb_dst_force(skb)) { + status = -ENETDOWN; + goto err; + } +-- +2.20.1 + diff --git a/queue-4.19/series b/queue-4.19/series index ce5a1c4ea84..2122935ea17 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -71,3 +71,8 @@ mailbox-imx-fix-tx-doorbell-shutdown-path.patch kernel-sysctl-make-drop_caches-write-only.patch userfaultfd-require-cap_sys_ptrace-for-uffd_feature_.patch revert-powerpc-vcpu-assume-dedicated-processors-as-non-preempt.patch +x86-mce-fix-possibly-incorrect-severity-calculation-.patch +net-sysctl-fix-compiler-warning-when-only-cbpf-is-pr.patch +netfilter-nf_queue-enqueue-skbs-with-null-dst.patch +alsa-hda-downgrade-error-message-for-single-cmd-fall.patch +bonding-fix-active-backup-transition-after-link-fail.patch diff --git a/queue-4.19/x86-mce-fix-possibly-incorrect-severity-calculation-.patch b/queue-4.19/x86-mce-fix-possibly-incorrect-severity-calculation-.patch new file mode 100644 index 00000000000..2287f76bdc9 --- /dev/null +++ b/queue-4.19/x86-mce-fix-possibly-incorrect-severity-calculation-.patch @@ -0,0 +1,51 @@ +From fe90fd81ccf1c7c38dcd367cfacdf0593600941e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 10 Dec 2019 01:07:30 +0100 +Subject: x86/mce: Fix possibly incorrect severity calculation on AMD +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Jan H. Schönherr + +[ Upstream commit a3a57ddad061acc90bef39635caf2b2330ce8f21 ] + +The function mce_severity_amd_smca() requires m->bank to be initialized +for correct operation. Fix the one case, where mce_severity() is called +without doing so. + +Fixes: 6bda529ec42e ("x86/mce: Grade uncorrected errors for SMCA-enabled systems") +Fixes: d28af26faa0b ("x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out()") +Signed-off-by: Jan H. Schönherr +Signed-off-by: Borislav Petkov +Reviewed-by: Tony Luck +Cc: "H. Peter Anvin" +Cc: Ingo Molnar +Cc: linux-edac +Cc: +Cc: Thomas Gleixner +Cc: x86-ml +Cc: Yazen Ghannam +Link: https://lkml.kernel.org/r/20191210000733.17979-4-jschoenh@amazon.de +Signed-off-by: Sasha Levin +--- + arch/x86/kernel/cpu/mcheck/mce.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c +index 87ed8462a5c7..1f69b12d5bb8 100644 +--- a/arch/x86/kernel/cpu/mcheck/mce.c ++++ b/arch/x86/kernel/cpu/mcheck/mce.c +@@ -812,8 +812,8 @@ static int mce_no_way_out(struct mce *m, char **msg, unsigned long *validp, + if (quirk_no_way_out) + quirk_no_way_out(i, m, regs); + ++ m->bank = i; + if (mce_severity(m, mca_cfg.tolerant, &tmp, true) >= MCE_PANIC_SEVERITY) { +- m->bank = i; + mce_read_aux(m, i); + *msg = tmp; + return 1; +-- +2.20.1 + -- 2.47.3