From b6c19d1864bfdd88d91686e10c504342ced6393d Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Sun, 19 Feb 2023 04:19:17 -0500 Subject: [PATCH] Fixes for 5.15 Signed-off-by: Sasha Levin --- ...oving-was-to-icl_gt_workarounds_init.patch | 66 ++++++ ...a_1408615072-wa_1407596294-should-be.patch | 63 +++++ ...fload-fill-flags-to-action-structure.patch | 221 ++++++++++++++++++ ...hecking-for-null-for-nlmsg_find_attr.patch | 43 ++++ ...et-sched-act_ctinfo-use-percpu-stats.patch | 65 ++++++ ...d-tcindex-search-key-must-be-16-bits.patch | 81 +++++++ queue-5.15/series | 6 + 7 files changed, 545 insertions(+) create mode 100644 queue-5.15/drm-i915-gen11-moving-was-to-icl_gt_workarounds_init.patch create mode 100644 queue-5.15/drm-i915-gen11-wa_1408615072-wa_1407596294-should-be.patch create mode 100644 queue-5.15/flow_offload-fill-flags-to-action-structure.patch create mode 100644 queue-5.15/i40e-add-checking-for-null-for-nlmsg_find_attr.patch create mode 100644 queue-5.15/net-sched-act_ctinfo-use-percpu-stats.patch create mode 100644 queue-5.15/net-sched-tcindex-search-key-must-be-16-bits.patch diff --git a/queue-5.15/drm-i915-gen11-moving-was-to-icl_gt_workarounds_init.patch b/queue-5.15/drm-i915-gen11-moving-was-to-icl_gt_workarounds_init.patch new file mode 100644 index 00000000000..93e2c7d538c --- /dev/null +++ b/queue-5.15/drm-i915-gen11-moving-was-to-icl_gt_workarounds_init.patch @@ -0,0 +1,66 @@ +From cd2b8488428b3a9eb3972de49e79b18613af3dc2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 3 Dec 2021 20:26:03 +0530 +Subject: drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() + +From: Raviteja Goud Talla + +[ Upstream commit 67b858dd89932086ae0ee2d0ce4dd070a2c88bb3 ] + +Bspec page says "Reset: BUS", Accordingly moving w/a's: +Wa_1407352427,Wa_1406680159 to proper function icl_gt_workarounds_init() +Which will resolve guc enabling error + +v2: + - Previous patch rev2 was created by email client which caused the + Build failure, This v2 is to resolve the previous broken series + +Reviewed-by: John Harrison +Signed-off-by: Raviteja Goud Talla +Signed-off-by: John Harrison +Link: https://patchwork.freedesktop.org/patch/msgid/20211203145603.4006937-1-ravitejax.goud.talla@intel.com +Stable-dep-of: d5a1224aa68c ("drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list") +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/i915/gt/intel_workarounds.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/drivers/gpu/drm/i915/gt/intel_workarounds.c b/drivers/gpu/drm/i915/gt/intel_workarounds.c +index 6b5ab19a2ada9..0dda8f6da4230 100644 +--- a/drivers/gpu/drm/i915/gt/intel_workarounds.c ++++ b/drivers/gpu/drm/i915/gt/intel_workarounds.c +@@ -1049,6 +1049,15 @@ icl_gt_workarounds_init(struct drm_i915_private *i915, struct i915_wa_list *wal) + GAMT_CHKN_BIT_REG, + GAMT_CHKN_DISABLE_L3_COH_PIPE); + ++ /* Wa_1407352427:icl,ehl */ ++ wa_write_or(wal, UNSLICE_UNIT_LEVEL_CLKGATE2, ++ PSDUNIT_CLKGATE_DIS); ++ ++ /* Wa_1406680159:icl,ehl */ ++ wa_write_or(wal, ++ SUBSLICE_UNIT_LEVEL_CLKGATE, ++ GWUNIT_CLKGATE_DIS); ++ + /* Wa_1607087056:icl,ehl,jsl */ + if (IS_ICELAKE(i915) || + IS_JSL_EHL_GT_STEP(i915, STEP_A0, STEP_B0)) +@@ -1745,15 +1754,6 @@ rcs_engine_wa_init(struct intel_engine_cs *engine, struct i915_wa_list *wal) + wa_write_or(wal, UNSLICE_UNIT_LEVEL_CLKGATE, + VSUNIT_CLKGATE_DIS | HSUNIT_CLKGATE_DIS); + +- /* Wa_1407352427:icl,ehl */ +- wa_write_or(wal, UNSLICE_UNIT_LEVEL_CLKGATE2, +- PSDUNIT_CLKGATE_DIS); +- +- /* Wa_1406680159:icl,ehl */ +- wa_write_or(wal, +- SUBSLICE_UNIT_LEVEL_CLKGATE, +- GWUNIT_CLKGATE_DIS); +- + /* + * Wa_1408767742:icl[a2..forever],ehl[all] + * Wa_1605460711:icl[a0..c0] +-- +2.39.0 + diff --git a/queue-5.15/drm-i915-gen11-wa_1408615072-wa_1407596294-should-be.patch b/queue-5.15/drm-i915-gen11-wa_1408615072-wa_1407596294-should-be.patch new file mode 100644 index 00000000000..a5e91550bda --- /dev/null +++ b/queue-5.15/drm-i915-gen11-wa_1408615072-wa_1407596294-should-be.patch @@ -0,0 +1,63 @@ +From 8d4d337c86867e6c7d89cda8f02a06ae9c5d7964 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Feb 2023 14:28:29 -0800 +Subject: drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list + +From: Matt Roper + +[ Upstream commit d5a1224aa68c8b124a4c5c390186e571815ed390 ] + +The UNSLICE_UNIT_LEVEL_CLKGATE register programmed by this workaround +has 'BUS' style reset, indicating that it does not lose its value on +engine resets. Furthermore, this register is part of the GT forcewake +domain rather than the RENDER domain, so it should not be impacted by +RCS engine resets. As such, we should implement this on the GT +workaround list rather than an engine list. + +Bspec: 19219 +Fixes: 3551ff928744 ("drm/i915/gen11: Moving WAs to rcs_engine_wa_init()") +Signed-off-by: Matt Roper +Reviewed-by: Gustavo Sousa +Link: https://patchwork.freedesktop.org/patch/msgid/20230201222831.608281-2-matthew.d.roper@intel.com +(cherry picked from commit 5f21dc07b52eb54a908e66f5d6e05a87bcb5b049) +Signed-off-by: Rodrigo Vivi +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/i915/gt/intel_workarounds.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/drivers/gpu/drm/i915/gt/intel_workarounds.c b/drivers/gpu/drm/i915/gt/intel_workarounds.c +index 0dda8f6da4230..de93a1e988f29 100644 +--- a/drivers/gpu/drm/i915/gt/intel_workarounds.c ++++ b/drivers/gpu/drm/i915/gt/intel_workarounds.c +@@ -1049,6 +1049,13 @@ icl_gt_workarounds_init(struct drm_i915_private *i915, struct i915_wa_list *wal) + GAMT_CHKN_BIT_REG, + GAMT_CHKN_DISABLE_L3_COH_PIPE); + ++ /* ++ * Wa_1408615072:icl,ehl (vsunit) ++ * Wa_1407596294:icl,ehl (hsunit) ++ */ ++ wa_write_or(wal, UNSLICE_UNIT_LEVEL_CLKGATE, ++ VSUNIT_CLKGATE_DIS | HSUNIT_CLKGATE_DIS); ++ + /* Wa_1407352427:icl,ehl */ + wa_write_or(wal, UNSLICE_UNIT_LEVEL_CLKGATE2, + PSDUNIT_CLKGATE_DIS); +@@ -1747,13 +1754,6 @@ rcs_engine_wa_init(struct intel_engine_cs *engine, struct i915_wa_list *wal) + wa_masked_en(wal, GEN9_CSFE_CHICKEN1_RCS, + GEN11_ENABLE_32_PLANE_MODE); + +- /* +- * Wa_1408615072:icl,ehl (vsunit) +- * Wa_1407596294:icl,ehl (hsunit) +- */ +- wa_write_or(wal, UNSLICE_UNIT_LEVEL_CLKGATE, +- VSUNIT_CLKGATE_DIS | HSUNIT_CLKGATE_DIS); +- + /* + * Wa_1408767742:icl[a2..forever],ehl[all] + * Wa_1605460711:icl[a0..c0] +-- +2.39.0 + diff --git a/queue-5.15/flow_offload-fill-flags-to-action-structure.patch b/queue-5.15/flow_offload-fill-flags-to-action-structure.patch new file mode 100644 index 00000000000..521205afcba --- /dev/null +++ b/queue-5.15/flow_offload-fill-flags-to-action-structure.patch @@ -0,0 +1,221 @@ +From 648cf7ba1aca0dad0c03e7952723aa3e25e29851 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 17 Dec 2021 19:16:17 +0100 +Subject: flow_offload: fill flags to action structure + +From: Baowen Zheng + +[ Upstream commit 40bd094d65fc9f83941b024cde7c24516f036879 ] + +Fill flags to action structure to allow user control if +the action should be offloaded to hardware or not. + +Signed-off-by: Baowen Zheng +Signed-off-by: Louis Peens +Signed-off-by: Simon Horman +Acked-by: Jamal Hadi Salim +Signed-off-by: David S. Miller +Stable-dep-of: 21c167aa0ba9 ("net/sched: act_ctinfo: use percpu stats") +Signed-off-by: Sasha Levin +--- + net/sched/act_bpf.c | 2 +- + net/sched/act_connmark.c | 2 +- + net/sched/act_ctinfo.c | 2 +- + net/sched/act_gate.c | 2 +- + net/sched/act_ife.c | 2 +- + net/sched/act_ipt.c | 2 +- + net/sched/act_mpls.c | 2 +- + net/sched/act_nat.c | 2 +- + net/sched/act_pedit.c | 2 +- + net/sched/act_police.c | 2 +- + net/sched/act_sample.c | 2 +- + net/sched/act_simple.c | 2 +- + net/sched/act_skbedit.c | 2 +- + net/sched/act_skbmod.c | 2 +- + 14 files changed, 14 insertions(+), 14 deletions(-) + +diff --git a/net/sched/act_bpf.c b/net/sched/act_bpf.c +index 5c36013339e11..2a05bad56ef3e 100644 +--- a/net/sched/act_bpf.c ++++ b/net/sched/act_bpf.c +@@ -305,7 +305,7 @@ static int tcf_bpf_init(struct net *net, struct nlattr *nla, + ret = tcf_idr_check_alloc(tn, &index, act, bind); + if (!ret) { + ret = tcf_idr_create(tn, index, est, act, +- &act_bpf_ops, bind, true, 0); ++ &act_bpf_ops, bind, true, flags); + if (ret < 0) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_connmark.c b/net/sched/act_connmark.c +index 032ef927d0ebb..0deb4e96a6c2e 100644 +--- a/net/sched/act_connmark.c ++++ b/net/sched/act_connmark.c +@@ -124,7 +124,7 @@ static int tcf_connmark_init(struct net *net, struct nlattr *nla, + ret = tcf_idr_check_alloc(tn, &index, a, bind); + if (!ret) { + ret = tcf_idr_create(tn, index, est, a, +- &act_connmark_ops, bind, false, 0); ++ &act_connmark_ops, bind, false, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_ctinfo.c b/net/sched/act_ctinfo.c +index 2d75fe1223ac4..65a20f3c9514e 100644 +--- a/net/sched/act_ctinfo.c ++++ b/net/sched/act_ctinfo.c +@@ -212,7 +212,7 @@ static int tcf_ctinfo_init(struct net *net, struct nlattr *nla, + err = tcf_idr_check_alloc(tn, &index, a, bind); + if (!err) { + ret = tcf_idr_create(tn, index, est, a, +- &act_ctinfo_ops, bind, false, 0); ++ &act_ctinfo_ops, bind, false, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_gate.c b/net/sched/act_gate.c +index 7df72a4197a3f..ac985c53ebafe 100644 +--- a/net/sched/act_gate.c ++++ b/net/sched/act_gate.c +@@ -357,7 +357,7 @@ static int tcf_gate_init(struct net *net, struct nlattr *nla, + + if (!err) { + ret = tcf_idr_create(tn, index, est, a, +- &act_gate_ops, bind, false, 0); ++ &act_gate_ops, bind, false, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_ife.c b/net/sched/act_ife.c +index 7064a365a1a98..ec987ec758070 100644 +--- a/net/sched/act_ife.c ++++ b/net/sched/act_ife.c +@@ -553,7 +553,7 @@ static int tcf_ife_init(struct net *net, struct nlattr *nla, + + if (!exists) { + ret = tcf_idr_create(tn, index, est, a, &act_ife_ops, +- bind, true, 0); ++ bind, true, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + kfree(p); +diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c +index 265b1443e252f..2f3d507c24a1f 100644 +--- a/net/sched/act_ipt.c ++++ b/net/sched/act_ipt.c +@@ -145,7 +145,7 @@ static int __tcf_ipt_init(struct net *net, unsigned int id, struct nlattr *nla, + + if (!exists) { + ret = tcf_idr_create(tn, index, est, a, ops, bind, +- false, 0); ++ false, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_mpls.c b/net/sched/act_mpls.c +index db0ef0486309b..980ad795727e9 100644 +--- a/net/sched/act_mpls.c ++++ b/net/sched/act_mpls.c +@@ -254,7 +254,7 @@ static int tcf_mpls_init(struct net *net, struct nlattr *nla, + + if (!exists) { + ret = tcf_idr_create(tn, index, est, a, +- &act_mpls_ops, bind, true, 0); ++ &act_mpls_ops, bind, true, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c +index 7dd6b586ba7f6..2a39b3729e844 100644 +--- a/net/sched/act_nat.c ++++ b/net/sched/act_nat.c +@@ -61,7 +61,7 @@ static int tcf_nat_init(struct net *net, struct nlattr *nla, struct nlattr *est, + err = tcf_idr_check_alloc(tn, &index, a, bind); + if (!err) { + ret = tcf_idr_create(tn, index, est, a, +- &act_nat_ops, bind, false, 0); ++ &act_nat_ops, bind, false, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_pedit.c b/net/sched/act_pedit.c +index 1262a84b725fc..4f72e6e7dbda5 100644 +--- a/net/sched/act_pedit.c ++++ b/net/sched/act_pedit.c +@@ -189,7 +189,7 @@ static int tcf_pedit_init(struct net *net, struct nlattr *nla, + err = tcf_idr_check_alloc(tn, &index, a, bind); + if (!err) { + ret = tcf_idr_create(tn, index, est, a, +- &act_pedit_ops, bind, false, 0); ++ &act_pedit_ops, bind, false, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + goto out_free; +diff --git a/net/sched/act_police.c b/net/sched/act_police.c +index 5c0a3ea9fe120..d44b933b821d7 100644 +--- a/net/sched/act_police.c ++++ b/net/sched/act_police.c +@@ -90,7 +90,7 @@ static int tcf_police_init(struct net *net, struct nlattr *nla, + + if (!exists) { + ret = tcf_idr_create(tn, index, NULL, a, +- &act_police_ops, bind, true, 0); ++ &act_police_ops, bind, true, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_sample.c b/net/sched/act_sample.c +index 230501eb9e069..ab4ae24ab886f 100644 +--- a/net/sched/act_sample.c ++++ b/net/sched/act_sample.c +@@ -70,7 +70,7 @@ static int tcf_sample_init(struct net *net, struct nlattr *nla, + + if (!exists) { + ret = tcf_idr_create(tn, index, est, a, +- &act_sample_ops, bind, true, 0); ++ &act_sample_ops, bind, true, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_simple.c b/net/sched/act_simple.c +index cbbe1861d3a20..7885271540259 100644 +--- a/net/sched/act_simple.c ++++ b/net/sched/act_simple.c +@@ -128,7 +128,7 @@ static int tcf_simp_init(struct net *net, struct nlattr *nla, + + if (!exists) { + ret = tcf_idr_create(tn, index, est, a, +- &act_simp_ops, bind, false, 0); ++ &act_simp_ops, bind, false, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_skbedit.c b/net/sched/act_skbedit.c +index 6054185383474..6088ceaf582e8 100644 +--- a/net/sched/act_skbedit.c ++++ b/net/sched/act_skbedit.c +@@ -176,7 +176,7 @@ static int tcf_skbedit_init(struct net *net, struct nlattr *nla, + + if (!exists) { + ret = tcf_idr_create(tn, index, est, a, +- &act_skbedit_ops, bind, true, 0); ++ &act_skbedit_ops, bind, true, act_flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +diff --git a/net/sched/act_skbmod.c b/net/sched/act_skbmod.c +index ecb9ee6660954..ee9cc0abf9e10 100644 +--- a/net/sched/act_skbmod.c ++++ b/net/sched/act_skbmod.c +@@ -168,7 +168,7 @@ static int tcf_skbmod_init(struct net *net, struct nlattr *nla, + + if (!exists) { + ret = tcf_idr_create(tn, index, est, a, +- &act_skbmod_ops, bind, true, 0); ++ &act_skbmod_ops, bind, true, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +-- +2.39.0 + diff --git a/queue-5.15/i40e-add-checking-for-null-for-nlmsg_find_attr.patch b/queue-5.15/i40e-add-checking-for-null-for-nlmsg_find_attr.patch new file mode 100644 index 00000000000..bcfcae8ea8c --- /dev/null +++ b/queue-5.15/i40e-add-checking-for-null-for-nlmsg_find_attr.patch @@ -0,0 +1,43 @@ +From 6c98c9038f62a3858acb33d0e0dad30c733f393f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 9 Feb 2023 09:28:33 -0800 +Subject: i40e: Add checking for null for nlmsg_find_attr() + +From: Natalia Petrova + +[ Upstream commit 7fa0b526f865cb42aa33917fd02a92cb03746f4d ] + +The result of nlmsg_find_attr() 'br_spec' is dereferenced in +nla_for_each_nested(), but it can take NULL value in nla_find() function, +which will result in an error. + +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +Fixes: 51616018dd1b ("i40e: Add support for getlink, setlink ndo ops") +Signed-off-by: Natalia Petrova +Reviewed-by: Jesse Brandeburg +Tested-by: Gurucharan G (A Contingent worker at Intel) +Signed-off-by: Tony Nguyen +Link: https://lore.kernel.org/r/20230209172833.3596034-1-anthony.l.nguyen@intel.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c +index 4a32f84dc0571..5ffcd3cc989f7 100644 +--- a/drivers/net/ethernet/intel/i40e/i40e_main.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c +@@ -13005,6 +13005,8 @@ static int i40e_ndo_bridge_setlink(struct net_device *dev, + } + + br_spec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC); ++ if (!br_spec) ++ return -EINVAL; + + nla_for_each_nested(attr, br_spec, rem) { + __u16 mode; +-- +2.39.0 + diff --git a/queue-5.15/net-sched-act_ctinfo-use-percpu-stats.patch b/queue-5.15/net-sched-act_ctinfo-use-percpu-stats.patch new file mode 100644 index 00000000000..aa930cb89bc --- /dev/null +++ b/queue-5.15/net-sched-act_ctinfo-use-percpu-stats.patch @@ -0,0 +1,65 @@ +From 26959fc0f15aeafb200cb95987e52414df87a104 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 10 Feb 2023 17:08:25 -0300 +Subject: net/sched: act_ctinfo: use percpu stats + +From: Pedro Tammela + +[ Upstream commit 21c167aa0ba943a7cac2f6969814f83bb701666b ] + +The tc action act_ctinfo was using shared stats, fix it to use percpu stats +since bstats_update() must be called with locks or with a percpu pointer argument. + +tdc results: +1..12 +ok 1 c826 - Add ctinfo action with default setting +ok 2 0286 - Add ctinfo action with dscp +ok 3 4938 - Add ctinfo action with valid cpmark and zone +ok 4 7593 - Add ctinfo action with drop control +ok 5 2961 - Replace ctinfo action zone and action control +ok 6 e567 - Delete ctinfo action with valid index +ok 7 6a91 - Delete ctinfo action with invalid index +ok 8 5232 - List ctinfo actions +ok 9 7702 - Flush ctinfo actions +ok 10 3201 - Add ctinfo action with duplicate index +ok 11 8295 - Add ctinfo action with invalid index +ok 12 3964 - Replace ctinfo action with invalid goto_chain control + +Fixes: 24ec483cec98 ("net: sched: Introduce act_ctinfo action") +Reviewed-by: Jamal Hadi Salim +Signed-off-by: Pedro Tammela +Reviewed-by: Larysa Zaremba +Link: https://lore.kernel.org/r/20230210200824.444856-1-pctammela@mojatatu.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/sched/act_ctinfo.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/net/sched/act_ctinfo.c b/net/sched/act_ctinfo.c +index 65a20f3c9514e..56e0a5eb64942 100644 +--- a/net/sched/act_ctinfo.c ++++ b/net/sched/act_ctinfo.c +@@ -92,7 +92,7 @@ static int tcf_ctinfo_act(struct sk_buff *skb, const struct tc_action *a, + cp = rcu_dereference_bh(ca->params); + + tcf_lastuse_update(&ca->tcf_tm); +- bstats_update(&ca->tcf_bstats, skb); ++ tcf_action_update_bstats(&ca->common, skb); + action = READ_ONCE(ca->tcf_action); + + wlen = skb_network_offset(skb); +@@ -211,8 +211,8 @@ static int tcf_ctinfo_init(struct net *net, struct nlattr *nla, + index = actparm->index; + err = tcf_idr_check_alloc(tn, &index, a, bind); + if (!err) { +- ret = tcf_idr_create(tn, index, est, a, +- &act_ctinfo_ops, bind, false, flags); ++ ret = tcf_idr_create_from_flags(tn, index, est, a, ++ &act_ctinfo_ops, bind, flags); + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +-- +2.39.0 + diff --git a/queue-5.15/net-sched-tcindex-search-key-must-be-16-bits.patch b/queue-5.15/net-sched-tcindex-search-key-must-be-16-bits.patch new file mode 100644 index 00000000000..a883626c97c --- /dev/null +++ b/queue-5.15/net-sched-tcindex-search-key-must-be-16-bits.patch @@ -0,0 +1,81 @@ +From f9b34ca4b5b72ac8ea2243e7037a6cadaecf4e97 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 13 Feb 2023 22:47:29 -0300 +Subject: net/sched: tcindex: search key must be 16 bits + +From: Pedro Tammela + +[ Upstream commit 42018a322bd453e38b3ffee294982243e50a484f ] + +Syzkaller found an issue where a handle greater than 16 bits would trigger +a null-ptr-deref in the imperfect hash area update. + +general protection fault, probably for non-canonical address +0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN +KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af] +CPU: 0 PID: 5070 Comm: syz-executor456 Not tainted +6.2.0-rc7-syzkaller-00112-gc68f345b7c42 #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, +BIOS Google 01/21/2023 +RIP: 0010:tcindex_set_parms+0x1a6a/0x2990 net/sched/cls_tcindex.c:509 +Code: 01 e9 e9 fe ff ff 4c 8b bd 28 fe ff ff e8 0e 57 7d f9 48 8d bb +a8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c +02 00 0f 85 94 0c 00 00 48 8b 85 f8 fd ff ff 48 8b 9b a8 00 +RSP: 0018:ffffc90003d3ef88 EFLAGS: 00010202 +RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 +RDX: 0000000000000015 RSI: ffffffff8803a102 RDI: 00000000000000a8 +RBP: ffffc90003d3f1d8 R08: 0000000000000001 R09: 0000000000000000 +R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801e2b10a8 +R13: dffffc0000000000 R14: 0000000000030000 R15: ffff888017b3be00 +FS: 00005555569af300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 000056041c6d2000 CR3: 000000002bfca000 CR4: 00000000003506f0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +Call Trace: + +tcindex_change+0x1ea/0x320 net/sched/cls_tcindex.c:572 +tc_new_tfilter+0x96e/0x2220 net/sched/cls_api.c:2155 +rtnetlink_rcv_msg+0x959/0xca0 net/core/rtnetlink.c:6132 +netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2574 +netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] +netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 +netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1942 +sock_sendmsg_nosec net/socket.c:714 [inline] +sock_sendmsg+0xd3/0x120 net/socket.c:734 +____sys_sendmsg+0x334/0x8c0 net/socket.c:2476 +___sys_sendmsg+0x110/0x1b0 net/socket.c:2530 +__sys_sendmmsg+0x18f/0x460 net/socket.c:2616 +__do_sys_sendmmsg net/socket.c:2645 [inline] +__se_sys_sendmmsg net/socket.c:2642 [inline] +__x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2642 +do_syscall_x64 arch/x86/entry/common.c:50 [inline] +do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 + +Fixes: ee059170b1f7 ("net/sched: tcindex: update imperfect hash filters respecting rcu") +Signed-off-by: Jamal Hadi Salim +Signed-off-by: Pedro Tammela +Reported-by: syzbot +Reviewed-by: Eric Dumazet +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/sched/cls_tcindex.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/sched/cls_tcindex.c b/net/sched/cls_tcindex.c +index ac3deffc24bfb..54c5ff207fb1b 100644 +--- a/net/sched/cls_tcindex.c ++++ b/net/sched/cls_tcindex.c +@@ -502,7 +502,7 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, + /* lookup the filter, guaranteed to exist */ + for (cf = rcu_dereference_bh_rtnl(*fp); cf; + fp = &cf->next, cf = rcu_dereference_bh_rtnl(*fp)) +- if (cf->key == handle) ++ if (cf->key == (u16)handle) + break; + + f->next = cf->next; +-- +2.39.0 + diff --git a/queue-5.15/series b/queue-5.15/series index 0f1e5290c8d..25ba9f448db 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -70,3 +70,9 @@ ipv6-fix-datagram-socket-connection-with-dscp.patch ipv6-fix-tcp-socket-connection-with-dscp.patch nilfs2-fix-underflow-in-second-superblock-position-calculations.patch mm-filemap-fix-page-end-in-filemap_get_read_batch.patch +drm-i915-gen11-moving-was-to-icl_gt_workarounds_init.patch +drm-i915-gen11-wa_1408615072-wa_1407596294-should-be.patch +flow_offload-fill-flags-to-action-structure.patch +net-sched-act_ctinfo-use-percpu-stats.patch +i40e-add-checking-for-null-for-nlmsg_find_attr.patch +net-sched-tcindex-search-key-must-be-16-bits.patch -- 2.47.2