--- /dev/null
+From 3e35142ef99fe6b4fe5d834ad43ee13cca10a2dc Mon Sep 17 00:00:00 2001
+From: "Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com>
+Date: Thu, 19 May 2022 14:42:37 +0530
+Subject: kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
+
+From: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
+
+commit 3e35142ef99fe6b4fe5d834ad43ee13cca10a2dc upstream.
+
+Since commit d1bcae833b32f1 ("ELF: Don't generate unused section
+symbols") [1], binutils (v2.36+) started dropping section symbols that
+it thought were unused. This isn't an issue in general, but with
+kexec_file.c, gcc is placing kexec_arch_apply_relocations[_add] into a
+separate .text.unlikely section and the section symbol ".text.unlikely"
+is being dropped. Due to this, recordmcount is unable to find a non-weak
+symbol in .text.unlikely to generate a relocation record against.
+
+Address this by dropping the weak attribute from these functions.
+Instead, follow the existing pattern of having architectures #define the
+name of the function they want to override in their headers.
+
+[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d1bcae833b32f1
+
+[akpm@linux-foundation.org: arch/s390/include/asm/kexec.h needs linux/module.h]
+Link: https://lkml.kernel.org/r/20220519091237.676736-1-naveen.n.rao@linux.vnet.ibm.com
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
+Cc: "Eric W. Biederman" <ebiederm@xmission.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/include/asm/kexec.h | 10 +++++++++
+ arch/x86/include/asm/kexec.h | 9 ++++++++
+ include/linux/kexec.h | 46 ++++++++++++++++++++++++++++++++++--------
+ kernel/kexec_file.c | 34 -------------------------------
+ 4 files changed, 57 insertions(+), 42 deletions(-)
+
+--- a/arch/s390/include/asm/kexec.h
++++ b/arch/s390/include/asm/kexec.h
+@@ -9,6 +9,8 @@
+ #ifndef _S390_KEXEC_H
+ #define _S390_KEXEC_H
+
++#include <linux/module.h>
++
+ #include <asm/processor.h>
+ #include <asm/page.h>
+ /*
+@@ -69,4 +71,12 @@ int *kexec_file_update_kernel(struct kim
+ extern const struct kexec_file_ops s390_kexec_image_ops;
+ extern const struct kexec_file_ops s390_kexec_elf_ops;
+
++#ifdef CONFIG_KEXEC_FILE
++struct purgatory_info;
++int arch_kexec_apply_relocations_add(struct purgatory_info *pi,
++ Elf_Shdr *section,
++ const Elf_Shdr *relsec,
++ const Elf_Shdr *symtab);
++#define arch_kexec_apply_relocations_add arch_kexec_apply_relocations_add
++#endif
+ #endif /*_S390_KEXEC_H */
+--- a/arch/x86/include/asm/kexec.h
++++ b/arch/x86/include/asm/kexec.h
+@@ -21,6 +21,7 @@
+ #ifndef __ASSEMBLY__
+
+ #include <linux/string.h>
++#include <linux/module.h>
+
+ #include <asm/page.h>
+ #include <asm/ptrace.h>
+@@ -217,6 +218,14 @@ extern int arch_kexec_post_alloc_pages(v
+ extern void arch_kexec_pre_free_pages(void *vaddr, unsigned int pages);
+ #define arch_kexec_pre_free_pages arch_kexec_pre_free_pages
+
++#ifdef CONFIG_KEXEC_FILE
++struct purgatory_info;
++int arch_kexec_apply_relocations_add(struct purgatory_info *pi,
++ Elf_Shdr *section,
++ const Elf_Shdr *relsec,
++ const Elf_Shdr *symtab);
++#define arch_kexec_apply_relocations_add arch_kexec_apply_relocations_add
++#endif
+ #endif
+
+ typedef void crash_vmclear_fn(void);
+--- a/include/linux/kexec.h
++++ b/include/linux/kexec.h
+@@ -174,14 +174,6 @@ int kexec_purgatory_get_set_symbol(struc
+ bool get_value);
+ void *kexec_purgatory_get_symbol_addr(struct kimage *image, const char *name);
+
+-int __weak arch_kexec_apply_relocations_add(struct purgatory_info *pi,
+- Elf_Shdr *section,
+- const Elf_Shdr *relsec,
+- const Elf_Shdr *symtab);
+-int __weak arch_kexec_apply_relocations(struct purgatory_info *pi,
+- Elf_Shdr *section,
+- const Elf_Shdr *relsec,
+- const Elf_Shdr *symtab);
+
+ int __weak arch_kexec_walk_mem(struct kexec_buf *kbuf,
+ int (*func)(struct resource *, void *));
+@@ -206,6 +198,44 @@ extern int crash_exclude_mem_range(struc
+ unsigned long long mend);
+ extern int crash_prepare_elf64_headers(struct crash_mem *mem, int kernel_map,
+ void **addr, unsigned long *sz);
++
++#ifndef arch_kexec_apply_relocations_add
++/*
++ * arch_kexec_apply_relocations_add - apply relocations of type RELA
++ * @pi: Purgatory to be relocated.
++ * @section: Section relocations applying to.
++ * @relsec: Section containing RELAs.
++ * @symtab: Corresponding symtab.
++ *
++ * Return: 0 on success, negative errno on error.
++ */
++static inline int
++arch_kexec_apply_relocations_add(struct purgatory_info *pi, Elf_Shdr *section,
++ const Elf_Shdr *relsec, const Elf_Shdr *symtab)
++{
++ pr_err("RELA relocation unsupported.\n");
++ return -ENOEXEC;
++}
++#endif
++
++#ifndef arch_kexec_apply_relocations
++/*
++ * arch_kexec_apply_relocations - apply relocations of type REL
++ * @pi: Purgatory to be relocated.
++ * @section: Section relocations applying to.
++ * @relsec: Section containing RELs.
++ * @symtab: Corresponding symtab.
++ *
++ * Return: 0 on success, negative errno on error.
++ */
++static inline int
++arch_kexec_apply_relocations(struct purgatory_info *pi, Elf_Shdr *section,
++ const Elf_Shdr *relsec, const Elf_Shdr *symtab)
++{
++ pr_err("REL relocation unsupported.\n");
++ return -ENOEXEC;
++}
++#endif
+ #endif /* CONFIG_KEXEC_FILE */
+
+ struct kimage {
+--- a/kernel/kexec_file.c
++++ b/kernel/kexec_file.c
+@@ -111,40 +111,6 @@ int __weak arch_kexec_kernel_verify_sig(
+ #endif
+
+ /*
+- * arch_kexec_apply_relocations_add - apply relocations of type RELA
+- * @pi: Purgatory to be relocated.
+- * @section: Section relocations applying to.
+- * @relsec: Section containing RELAs.
+- * @symtab: Corresponding symtab.
+- *
+- * Return: 0 on success, negative errno on error.
+- */
+-int __weak
+-arch_kexec_apply_relocations_add(struct purgatory_info *pi, Elf_Shdr *section,
+- const Elf_Shdr *relsec, const Elf_Shdr *symtab)
+-{
+- pr_err("RELA relocation unsupported.\n");
+- return -ENOEXEC;
+-}
+-
+-/*
+- * arch_kexec_apply_relocations - apply relocations of type REL
+- * @pi: Purgatory to be relocated.
+- * @section: Section relocations applying to.
+- * @relsec: Section containing RELs.
+- * @symtab: Corresponding symtab.
+- *
+- * Return: 0 on success, negative errno on error.
+- */
+-int __weak
+-arch_kexec_apply_relocations(struct purgatory_info *pi, Elf_Shdr *section,
+- const Elf_Shdr *relsec, const Elf_Shdr *symtab)
+-{
+- pr_err("REL relocation unsupported.\n");
+- return -ENOEXEC;
+-}
+-
+-/*
+ * Free up memory used by kernel, initrd, and command line. This is temporary
+ * memory allocation which is not needed any more after these buffers have
+ * been loaded into separate segments and have been copied elsewhere.
--- /dev/null
+From foo@baz Thu Jun 30 03:22:27 PM CEST 2022
+From: Vladimir Oltean <vladimir.oltean@nxp.com>
+Date: Tue, 28 Jun 2022 20:20:13 +0300
+Subject: net: mscc: ocelot: allow unregistered IP multicast flooding
+To: stable <stable@vger.kernel.org>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Sasha Levin <sashal@kernel.org>
+Cc: netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, Xiaoliang Yang <xiaoliang.yang_1@nxp.com>, Claudiu Manoil <claudiu.manoil@nxp.com>, Alexandre Belloni <alexandre.belloni@bootlin.com>, UNGLinuxDriver@microchip.com, Andrew Lunn <andrew@lunn.ch>, Vivien Didelot <vivien.didelot@gmail.com>, Florian Fainelli <f.fainelli@gmail.com>, Maxim Kochetkov <fido_max@inbox.ru>, Colin Foster <colin.foster@in-advantage.com>, stable@kernel.org
+Message-ID: <20220628172016.3373243-2-vladimir.oltean@nxp.com>
+
+From: Vladimir Oltean <vladimir.oltean@nxp.com>
+
+Flooding of unregistered IP multicast has been broken (both to other
+switch ports and to the CPU) since the ocelot driver introduction, and
+up until commit 4cf35a2b627a ("net: mscc: ocelot: fix broken IP
+multicast flooding"), a bug fix for commit 421741ea5672 ("net: mscc:
+ocelot: offload bridge port flags to device") from v5.12.
+
+The driver used to set PGID_MCIPV4 and PGID_MCIPV6 to the empty port
+mask (0), which made unregistered IPv4/IPv6 multicast go nowhere, and
+without ever modifying that port mask at runtime.
+
+The expectation is that such packets are treated as broadcast, and
+flooded according to the forwarding domain (to the CPU if the port is
+standalone, or to the CPU and other bridged ports, if under a bridge).
+
+Since the aforementioned commit, the limitation has been lifted by
+responding to SWITCHDEV_ATTR_ID_PORT_BRIDGE_FLAGS events emitted by the
+bridge. As for host flooding, DSA synthesizes another call to
+ocelot_port_bridge_flags() on the NPI port which ensures that the CPU
+gets the unregistered multicast traffic it might need, for example for
+smcroute to work between standalone ports.
+
+But between v4.18 and v5.12, IP multicast flooding has remained unfixed.
+
+Delete the inexplicable premature optimization of clearing PGID_MCIPV4
+and PGID_MCIPV6 as part of the init sequence, and allow unregistered IP
+multicast to be flooded freely according to the forwarding domain
+established by PGID_SRC, by explicitly programming PGID_MCIPV4 and
+PGID_MCIPV6 towards all physical ports plus the CPU port module.
+
+Fixes: a556c76adc05 ("net: mscc: Add initial Ocelot switch support")
+Cc: stable@kernel.org
+Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/mscc/ocelot.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/ethernet/mscc/ocelot.c
++++ b/drivers/net/ethernet/mscc/ocelot.c
+@@ -1733,8 +1733,12 @@ int ocelot_init(struct ocelot *ocelot)
+ ocelot_write_rix(ocelot,
+ ANA_PGID_PGID_PGID(GENMASK(ocelot->num_phys_ports, 0)),
+ ANA_PGID_PGID, PGID_MC);
+- ocelot_write_rix(ocelot, 0, ANA_PGID_PGID, PGID_MCIPV4);
+- ocelot_write_rix(ocelot, 0, ANA_PGID_PGID, PGID_MCIPV6);
++ ocelot_write_rix(ocelot,
++ ANA_PGID_PGID_PGID(GENMASK(ocelot->num_phys_ports, 0)),
++ ANA_PGID_PGID, PGID_MCIPV4);
++ ocelot_write_rix(ocelot,
++ ANA_PGID_PGID_PGID(GENMASK(ocelot->num_phys_ports, 0)),
++ ANA_PGID_PGID, PGID_MCIPV6);
+
+ /* CPU port Injection/Extraction configuration */
+ ocelot_write_rix(ocelot, QSYS_SWITCH_PORT_MODE_INGRESS_DROP_MODE |
--- /dev/null
+From didi.debian@cknow.org Thu Jun 30 15:24:25 2022
+From: Diederik de Haas <didi.debian@cknow.org>
+Date: Thu, 30 Jun 2022 00:49:38 +0200
+Subject: net/sched: move NULL ptr check to qdisc_put() too
+To: stable@vger.kernel.org
+Cc: Vlad Buslov <vladbu@mellanox.com>, Diederik de Haas <didi.debian@cknow.org>, Thorsten Glaser <tg@mirbsd.de>
+Message-ID: <20220629224938.7760-1-didi.debian@cknow.org>
+
+From: Diederik de Haas <didi.debian@cknow.org>
+
+In commit 92833e8b5db6c209e9311ac8c6a44d3bf1856659 titled
+"net: sched: rename qdisc_destroy() to qdisc_put()" part of the
+functionality of qdisc_destroy() was moved into a (for linux-4.19.y)
+new function qdisk_put(), and the previous calls to qdisc_destroy()
+were changed to qdisk_put().
+This made it similar to f.e. 5.10.y and current master.
+
+There was one part of qdisc_destroy() not moved over to qdisc_put() and
+that was the check for a NULL pointer, causing oopses.
+(See upstream commit: 6efb971ba8edfbd80b666f29de12882852f095ae)
+This patch fixes that.
+
+Fixes: 92833e8b5db6c209e9311ac8c6a44d3bf1856659
+Reported-by: Thorsten Glaser <tg@mirbsd.de>
+Link: https://bugs.debian.org/1013299
+Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sched/sch_generic.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/net/sched/sch_generic.c
++++ b/net/sched/sch_generic.c
+@@ -970,8 +970,6 @@ static void qdisc_destroy(struct Qdisc *
+ const struct Qdisc_ops *ops;
+ struct sk_buff *skb, *tmp;
+
+- if (!qdisc)
+- return;
+ ops = qdisc->ops;
+
+ #ifdef CONFIG_NET_SCHED
+@@ -1003,6 +1001,9 @@ static void qdisc_destroy(struct Qdisc *
+
+ void qdisc_put(struct Qdisc *qdisc)
+ {
++ if (!qdisc)
++ return;
++
+ if (qdisc->flags & TCQ_F_BUILTIN ||
+ !refcount_dec_and_test(&qdisc->refcnt))
+ return;
xen-unexport-__init-annotated-xen_xlate_map_ballooned_pages.patch
xen-gntdev-avoid-blocking-in-unmap_grant_pages.patch
fdt-update-crc-check-for-rng-seed.patch
+kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch
+net-mscc-ocelot-allow-unregistered-ip-multicast-flooding.patch
+net-sched-move-null-ptr-check-to-qdisc_put-too.patch
+swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch
--- /dev/null
+From liushixin2@huawei.com Thu Jun 30 15:25:20 2022
+From: Liu Shixin <liushixin2@huawei.com>
+Date: Thu, 30 Jun 2022 19:33:31 +0800
+Subject: swiotlb: skip swiotlb_bounce when orig_addr is zero
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Halil Pasic <pasic@linux.ibm.com>, Christoph Hellwig <hch@lst.de>, Ovidiu Panait <ovidiu.panait@windriver.com>, Ben Hutchings <ben@decadent.org.uk>
+Cc: <linux-kernel@vger.kernel.org>, <stable@vger.kernel.org>, Liu Shixin <liushixin2@huawei.com>
+Message-ID: <20220630113331.1544886-1-liushixin2@huawei.com>
+
+From: Liu Shixin <liushixin2@huawei.com>
+
+After patch ddbd89deb7d3 ("swiotlb: fix info leak with DMA_FROM_DEVICE"),
+swiotlb_bounce will be called in swiotlb_tbl_map_single unconditionally.
+This requires that the physical address must be valid, which is not always
+true on stable-4.19 or earlier version.
+On stable-4.19, swiotlb_alloc_buffer will call swiotlb_tbl_map_single with
+orig_addr equal to zero, which cause such a panic:
+
+Unable to handle kernel paging request at virtual address ffffb77a40000000
+...
+pc : __memcpy+0x100/0x180
+lr : swiotlb_bounce+0x74/0x88
+...
+Call trace:
+ __memcpy+0x100/0x180
+ swiotlb_tbl_map_single+0x2c8/0x338
+ swiotlb_alloc+0xb4/0x198
+ __dma_alloc+0x84/0x1d8
+ ...
+
+On stable-4.9 and stable-4.14, swiotlb_alloc_coherent wille call map_single
+with orig_addr equal to zero, which can cause same panic.
+
+Fix this by skipping swiotlb_bounce when orig_addr is zero.
+
+Fixes: ddbd89deb7d3 ("swiotlb: fix info leak with DMA_FROM_DEVICE")
+Signed-off-by: Liu Shixin <liushixin2@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/dma/swiotlb.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/kernel/dma/swiotlb.c
++++ b/kernel/dma/swiotlb.c
+@@ -594,7 +594,8 @@ found:
+ * unconditional bounce may prevent leaking swiotlb content (i.e.
+ * kernel memory) to user-space.
+ */
+- swiotlb_bounce(orig_addr, tlb_addr, size, DMA_TO_DEVICE);
++ if (orig_addr)
++ swiotlb_bounce(orig_addr, tlb_addr, size, DMA_TO_DEVICE);
+ return tlb_addr;
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
