--- /dev/null
+From f1082dd31fe461d482d69da2a8eccfeb7bf07ac2 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Wed, 16 Feb 2022 15:55:38 +0100
+Subject: netfilter: nf_tables: Reject tables of unsupported family
+
+From: Phil Sutter <phil@nwl.cc>
+
+commit f1082dd31fe461d482d69da2a8eccfeb7bf07ac2 upstream.
+
+An nftables family is merely a hollow container, its family just a
+number and such not reliant on compile-time options other than nftables
+support itself. Add an artificial check so attempts at using a family
+the kernel can't support fail as early as possible. This helps user
+space detect kernels which lack e.g. NFPROTO_INET.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nf_tables_api.c | 27 +++++++++++++++++++++++++++
+ 1 file changed, 27 insertions(+)
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -1005,6 +1005,30 @@ static int nft_objname_hash_cmp(struct r
+ return strcmp(obj->key.name, k->name);
+ }
+
++static bool nft_supported_family(u8 family)
++{
++ return false
++#ifdef CONFIG_NF_TABLES_INET
++ || family == NFPROTO_INET
++#endif
++#ifdef CONFIG_NF_TABLES_IPV4
++ || family == NFPROTO_IPV4
++#endif
++#ifdef CONFIG_NF_TABLES_ARP
++ || family == NFPROTO_ARP
++#endif
++#ifdef CONFIG_NF_TABLES_NETDEV
++ || family == NFPROTO_NETDEV
++#endif
++#if IS_ENABLED(CONFIG_NF_TABLES_BRIDGE)
++ || family == NFPROTO_BRIDGE
++#endif
++#ifdef CONFIG_NF_TABLES_IPV6
++ || family == NFPROTO_IPV6
++#endif
++ ;
++}
++
+ static int nf_tables_newtable(struct net *net, struct sock *nlsk,
+ struct sk_buff *skb, const struct nlmsghdr *nlh,
+ const struct nlattr * const nla[],
+@@ -1020,6 +1044,9 @@ static int nf_tables_newtable(struct net
+ struct nft_ctx ctx;
+ int err;
+
++ if (!nft_supported_family(family))
++ return -EOPNOTSUPP;
++
+ lockdep_assert_held(&nft_net->commit_mutex);
+ attr = nla[NFTA_TABLE_NAME];
+ table = nft_table_lookup(net, attr, family, genmask);
--- /dev/null
+From a18615b1cfc04f00548c60eb9a77e0ce56e848fd Mon Sep 17 00:00:00 2001
+From: Bartosz Pawlowski <bartosz.pawlowski@intel.com>
+Date: Fri, 8 Sep 2023 14:36:06 +0000
+Subject: PCI: Disable ATS for specific Intel IPU E2000 devices
+
+From: Bartosz Pawlowski <bartosz.pawlowski@intel.com>
+
+commit a18615b1cfc04f00548c60eb9a77e0ce56e848fd upstream.
+
+Due to a hardware issue in A and B steppings of Intel IPU E2000, it expects
+wrong endianness in ATS invalidation message body. This problem can lead to
+outdated translations being returned as valid and finally cause system
+instability.
+
+To prevent such issues, add quirk_intel_e2000_no_ats() to disable ATS for
+vulnerable IPU E2000 devices.
+
+Link: https://lore.kernel.org/r/20230908143606.685930-3-bartosz.pawlowski@intel.com
+Signed-off-by: Bartosz Pawlowski <bartosz.pawlowski@intel.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Reviewed-by: Alexander Lobakin <aleksander.lobakin@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pci/quirks.c | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+--- a/drivers/pci/quirks.c
++++ b/drivers/pci/quirks.c
+@@ -5419,6 +5419,25 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_AT
+ /* AMD Navi14 dGPU */
+ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, 0x7340, quirk_amd_harvest_no_ats);
+ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, 0x7341, quirk_amd_harvest_no_ats);
++
++/*
++ * Intel IPU E2000 revisions before C0 implement incorrect endianness
++ * in ATS Invalidate Request message body. Disable ATS for those devices.
++ */
++static void quirk_intel_e2000_no_ats(struct pci_dev *pdev)
++{
++ if (pdev->revision < 0x20)
++ quirk_no_ats(pdev);
++}
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1451, quirk_intel_e2000_no_ats);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1452, quirk_intel_e2000_no_ats);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1453, quirk_intel_e2000_no_ats);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1454, quirk_intel_e2000_no_ats);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1455, quirk_intel_e2000_no_ats);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1457, quirk_intel_e2000_no_ats);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1459, quirk_intel_e2000_no_ats);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x145a, quirk_intel_e2000_no_ats);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x145c, quirk_intel_e2000_no_ats);
+ #endif /* CONFIG_PCI_ATS */
+
+ /* Freescale PCIe doesn't support MSI in RC mode */
--- /dev/null
+From f18b1137d38c091cc8c16365219f0a1d4a30b3d1 Mon Sep 17 00:00:00 2001
+From: Bartosz Pawlowski <bartosz.pawlowski@intel.com>
+Date: Fri, 8 Sep 2023 14:36:05 +0000
+Subject: PCI: Extract ATS disabling to a helper function
+
+From: Bartosz Pawlowski <bartosz.pawlowski@intel.com>
+
+commit f18b1137d38c091cc8c16365219f0a1d4a30b3d1 upstream.
+
+Introduce quirk_no_ats() helper function to provide a standard way to
+disable ATS capability in PCI quirks.
+
+Suggested-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Link: https://lore.kernel.org/r/20230908143606.685930-2-bartosz.pawlowski@intel.com
+Signed-off-by: Bartosz Pawlowski <bartosz.pawlowski@intel.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pci/quirks.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/drivers/pci/quirks.c
++++ b/drivers/pci/quirks.c
+@@ -5389,6 +5389,12 @@ DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_SE
+ DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_SERVERWORKS, 0x0422, quirk_no_ext_tags);
+
+ #ifdef CONFIG_PCI_ATS
++static void quirk_no_ats(struct pci_dev *pdev)
++{
++ pci_info(pdev, "disabling ATS\n");
++ pdev->ats_cap = 0;
++}
++
+ /*
+ * Some devices require additional driver setup to enable ATS. Don't use
+ * ATS for those devices as ATS will be enabled before the driver has had a
+@@ -5401,8 +5407,7 @@ static void quirk_amd_harvest_no_ats(str
+ (pdev->device == 0x7341 && pdev->revision != 0x00))
+ return;
+
+- pci_info(pdev, "disabling ATS\n");
+- pdev->ats_cap = 0;
++ quirk_no_ats(pdev);
+ }
+
+ /* AMD Stoney platform GPU */
ath10k-keep-track-of-which-interrupts-fired-don-t-poll-them.patch
ath10k-get-rid-of-per_ce_irq-hw-param.patch
net-tls-update-curr-on-splice-as-well.patch
+netfilter-nf_tables-reject-tables-of-unsupported-family.patch
+pci-extract-ats-disabling-to-a-helper-function.patch
+pci-disable-ats-for-specific-intel-ipu-e2000-devices.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
