--- /dev/null
+From 880a88f318cf1d2a0f4c0a7ff7b07e2062b434a4 Mon Sep 17 00:00:00 2001
+From: David Howells <dhowells@redhat.com>
+Date: Tue, 8 Jul 2025 22:15:04 +0100
+Subject: rxrpc: Fix oops due to non-existence of prealloc backlog struct
+
+From: David Howells <dhowells@redhat.com>
+
+commit 880a88f318cf1d2a0f4c0a7ff7b07e2062b434a4 upstream.
+
+If an AF_RXRPC service socket is opened and bound, but calls are
+preallocated, then rxrpc_alloc_incoming_call() will oops because the
+rxrpc_backlog struct doesn't get allocated until the first preallocation is
+made.
+
+Fix this by returning NULL from rxrpc_alloc_incoming_call() if there is no
+backlog struct. This will cause the incoming call to be aborted.
+
+Reported-by: Junvyyang, Tencent Zhuque Lab <zhuque@tencent.com>
+Suggested-by: Junvyyang, Tencent Zhuque Lab <zhuque@tencent.com>
+Signed-off-by: David Howells <dhowells@redhat.com>
+cc: LePremierHomme <kwqcheii@proton.me>
+cc: Marc Dionne <marc.dionne@auristor.com>
+cc: Willy Tarreau <w@1wt.eu>
+cc: Simon Horman <horms@kernel.org>
+cc: linux-afs@lists.infradead.org
+Link: https://patch.msgid.link/20250708211506.2699012-3-dhowells@redhat.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/rxrpc/call_accept.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/net/rxrpc/call_accept.c
++++ b/net/rxrpc/call_accept.c
+@@ -281,6 +281,9 @@ static struct rxrpc_call *rxrpc_alloc_in
+ unsigned short call_tail, conn_tail, peer_tail;
+ unsigned short call_count, conn_count;
+
++ if (!b)
++ return NULL;
++
+ /* #calls >= #conns >= #peers must hold true. */
+ call_head = smp_load_acquire(&b->call_backlog_head);
+ call_tail = b->call_backlog_tail;
+++ /dev/null
-From bp@alien8.de Sat Jul 12 14:01:48 2025
-From: Borislav Petkov <bp@alien8.de>
-Date: Fri, 11 Jul 2025 21:18:44 +0200
-Subject: x86/CPU/AMD: Properly check the TSA microcode
-To: stable@vger.kernel.org
-Cc: Thomas Voegtle <tv@lio96.de>, kim.phillips@amd.com
-Message-ID: <20250711191844.GIaHFjlJiQi_HxyyWG@fat_crate.local>
-Content-Disposition: inline
-
-From: "Borislav Petkov (AMD)" <bp@alien8.de>
-
-In order to simplify backports, I resorted to an older version of the
-microcode revision checking which didn't pull in the whole struct
-x86_cpu_id matching machinery.
-
-My simpler method, however, forgot to add the extended CPU model to the
-patch revision, which lead to mismatches when determining whether TSA
-mitigation support is present.
-
-So add that forgotten extended model.
-
-This is a stable-only fix and the preference is to do it this way
-because it is a lot simpler. Also, the Fixes: tag below points to the
-respective stable patch.
-
-Fixes: 7a0395f6607a ("x86/bugs: Add a Transient Scheduler Attacks mitigation")
-Reported-by: Thomas Voegtle <tv@lio96.de>
-Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
-Tested-by: Thomas Voegtle <tv@lio96.de>
-Message-ID: <04ea0a8e-edb0-c59e-ce21-5f3d5d167af3@lio96.de>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/x86/kernel/cpu/amd.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
-index 8a740e92e483..b42307200e98 100644
---- a/arch/x86/kernel/cpu/amd.c
-+++ b/arch/x86/kernel/cpu/amd.c
-@@ -376,6 +376,7 @@ static bool amd_check_tsa_microcode(void)
-
- p.ext_fam = c->x86 - 0xf;
- p.model = c->x86_model;
-+ p.ext_model = c->x86_model >> 4;
- p.stepping = c->x86_stepping;
-
- if (cpu_has(c, X86_FEATURE_ZEN3) ||
---
-2.43.0
-
---
-Regards/Gruss,
- Boris.
-
-https://people.kernel.org/tglx/notes-about-netiquette
-
projects / thirdparty / kernel / stable-queue.git / commitdiff
