From: Greg Kroah-Hartman Date: Mon, 4 Jul 2022 14:53:14 +0000 (+0200) Subject: 5.15-stable patches X-Git-Tag: v4.9.322~28 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f0f253a6956e237a42deb393fa5c66fefba139d;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: maintainers-add-leah-as-xfs-maintainer-for-5.15.y.patch selftests-bpf-add-test_verifier-support-to-fixup-kfunc-call-insns.patch tcp-add-a-missing-nf_reset_ct-in-3whs-handling.patch --- diff --git a/queue-5.15/maintainers-add-leah-as-xfs-maintainer-for-5.15.y.patch b/queue-5.15/maintainers-add-leah-as-xfs-maintainer-for-5.15.y.patch new file mode 100644 index 00000000000..248411112ee --- /dev/null +++ b/queue-5.15/maintainers-add-leah-as-xfs-maintainer-for-5.15.y.patch @@ -0,0 +1,34 @@ +From leah.rumancik@gmail.com Mon Jul 4 16:43:06 2022 +From: Leah Rumancik +Date: Thu, 30 Jun 2022 13:52:28 -0700 +Subject: MAINTAINERS: add Leah as xfs maintainer for 5.15.y +To: stable@vger.kernel.org +Cc: linux-xfs@vger.kernel.org, amir73il@gmail.com, chandan.babu@oracle.com, Leah Rumancik , "Darrick J . Wong" +Message-ID: <20220630205228.4021891-1-leah.rumancik@gmail.com> + +From: Leah Rumancik + +Update MAINTAINERS for xfs in an effort to help direct bots/questions +about xfs in 5.15.y. + +Note: 5.10.y and 5.4.y will have different updates to their +respective MAINTAINERS files for this effort. + +Suggested-by: Darrick J. Wong +Signed-off-by: Leah Rumancik +Reviewed-by: Darrick J. Wong +Signed-off-by: Greg Kroah-Hartman +--- + MAINTAINERS | 1 + + 1 file changed, 1 insertion(+) + +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -20579,6 +20579,7 @@ F: drivers/xen/*swiotlb* + + XFS FILESYSTEM + C: irc://irc.oftc.net/xfs ++M: Leah Rumancik + M: Darrick J. Wong + M: linux-xfs@vger.kernel.org + L: linux-xfs@vger.kernel.org diff --git a/queue-5.15/selftests-bpf-add-test_verifier-support-to-fixup-kfunc-call-insns.patch b/queue-5.15/selftests-bpf-add-test_verifier-support-to-fixup-kfunc-call-insns.patch new file mode 100644 index 00000000000..25b51d7a81d --- /dev/null +++ b/queue-5.15/selftests-bpf-add-test_verifier-support-to-fixup-kfunc-call-insns.patch @@ -0,0 +1,88 @@ +From 0201b80772ac2b712bbbfe783cdb731fdfb4247e Mon Sep 17 00:00:00 2001 +From: Kumar Kartikeya Dwivedi +Date: Fri, 14 Jan 2022 22:09:51 +0530 +Subject: selftests/bpf: Add test_verifier support to fixup kfunc call insns + +From: Kumar Kartikeya Dwivedi + +commit 0201b80772ac2b712bbbfe783cdb731fdfb4247e upstream. + +This allows us to add tests (esp. negative tests) where we only want to +ensure the program doesn't pass through the verifier, and also verify +the error. The next commit will add the tests making use of this. + +Signed-off-by: Kumar Kartikeya Dwivedi +Link: https://lore.kernel.org/r/20220114163953.1455836-9-memxor@gmail.com +Signed-off-by: Alexei Starovoitov +[PHLin: backport due to lack of fixup_map_timer] +Signed-off-by: Po-Hsu Lin +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/bpf/test_verifier.c | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + +--- a/tools/testing/selftests/bpf/test_verifier.c ++++ b/tools/testing/selftests/bpf/test_verifier.c +@@ -31,6 +31,7 @@ + #include + #include + ++#include + #include + #include + +@@ -63,6 +64,11 @@ static bool unpriv_disabled = false; + static int skips; + static bool verbose = false; + ++struct kfunc_btf_id_pair { ++ const char *kfunc; ++ int insn_idx; ++}; ++ + struct bpf_test { + const char *descr; + struct bpf_insn insns[MAX_INSNS]; +@@ -88,6 +94,7 @@ struct bpf_test { + int fixup_map_event_output[MAX_FIXUPS]; + int fixup_map_reuseport_array[MAX_FIXUPS]; + int fixup_map_ringbuf[MAX_FIXUPS]; ++ struct kfunc_btf_id_pair fixup_kfunc_btf_id[MAX_FIXUPS]; + /* Expected verifier log output for result REJECT or VERBOSE_ACCEPT. + * Can be a tab-separated sequence of expected strings. An empty string + * means no log verification. +@@ -718,6 +725,7 @@ static void do_test_fixup(struct bpf_tes + int *fixup_map_event_output = test->fixup_map_event_output; + int *fixup_map_reuseport_array = test->fixup_map_reuseport_array; + int *fixup_map_ringbuf = test->fixup_map_ringbuf; ++ struct kfunc_btf_id_pair *fixup_kfunc_btf_id = test->fixup_kfunc_btf_id; + + if (test->fill_helper) { + test->fill_insns = calloc(MAX_TEST_INSNS, sizeof(struct bpf_insn)); +@@ -903,6 +911,26 @@ static void do_test_fixup(struct bpf_tes + fixup_map_ringbuf++; + } while (*fixup_map_ringbuf); + } ++ ++ /* Patch in kfunc BTF IDs */ ++ if (fixup_kfunc_btf_id->kfunc) { ++ struct btf *btf; ++ int btf_id; ++ ++ do { ++ btf_id = 0; ++ btf = btf__load_vmlinux_btf(); ++ if (btf) { ++ btf_id = btf__find_by_name_kind(btf, ++ fixup_kfunc_btf_id->kfunc, ++ BTF_KIND_FUNC); ++ btf_id = btf_id < 0 ? 0 : btf_id; ++ } ++ btf__free(btf); ++ prog[fixup_kfunc_btf_id->insn_idx].imm = btf_id; ++ fixup_kfunc_btf_id++; ++ } while (fixup_kfunc_btf_id->kfunc); ++ } + } + + struct libcap { diff --git a/queue-5.15/series b/queue-5.15/series index c671a8845a9..a04dee7fd8b 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -56,3 +56,6 @@ ipv6-sit-fix-ipip6_tunnel_get_prl-return-value.patch ipv6-fix-lockdep-splat-in-in6_dump_addrs.patch mlxsw-spectrum_router-fix-rollback-in-tunnel-next-hop-init.patch net-tun-avoid-disabling-napi-twice.patch +maintainers-add-leah-as-xfs-maintainer-for-5.15.y.patch +tcp-add-a-missing-nf_reset_ct-in-3whs-handling.patch +selftests-bpf-add-test_verifier-support-to-fixup-kfunc-call-insns.patch diff --git a/queue-5.15/tcp-add-a-missing-nf_reset_ct-in-3whs-handling.patch b/queue-5.15/tcp-add-a-missing-nf_reset_ct-in-3whs-handling.patch new file mode 100644 index 00000000000..01ffba86954 --- /dev/null +++ b/queue-5.15/tcp-add-a-missing-nf_reset_ct-in-3whs-handling.patch @@ -0,0 +1,70 @@ +From 6f0012e35160cd08a53e46e3b3bbf724b92dfe68 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Thu, 23 Jun 2022 05:04:36 +0000 +Subject: tcp: add a missing nf_reset_ct() in 3WHS handling + +From: Eric Dumazet + +commit 6f0012e35160cd08a53e46e3b3bbf724b92dfe68 upstream. + +When the third packet of 3WHS connection establishment +contains payload, it is added into socket receive queue +without the XFRM check and the drop of connection tracking +context. + +This means that if the data is left unread in the socket +receive queue, conntrack module can not be unloaded. + +As most applications usually reads the incoming data +immediately after accept(), bug has been hiding for +quite a long time. + +Commit 68822bdf76f1 ("net: generalize skb freeing +deferral to per-cpu lists") exposed this bug because +even if the application reads this data, the skb +with nfct state could stay in a per-cpu cache for +an arbitrary time, if said cpu no longer process RX softirqs. + +Many thanks to Ilya Maximets for reporting this issue, +and for testing various patches: +https://lore.kernel.org/netdev/20220619003919.394622-1-i.maximets@ovn.org/ + +Note that I also added a missing xfrm4_policy_check() call, +although this is probably not a big issue, as the SYN +packet should have been dropped earlier. + +Fixes: b59c270104f0 ("[NETFILTER]: Keep conntrack reference until IPsec policy checks are done") +Reported-by: Ilya Maximets +Signed-off-by: Eric Dumazet +Cc: Florian Westphal +Cc: Pablo Neira Ayuso +Cc: Steffen Klassert +Tested-by: Ilya Maximets +Reviewed-by: Ilya Maximets +Link: https://lore.kernel.org/r/20220623050436.1290307-1-edumazet@google.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/tcp_ipv4.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/net/ipv4/tcp_ipv4.c ++++ b/net/ipv4/tcp_ipv4.c +@@ -2014,7 +2014,8 @@ process: + struct sock *nsk; + + sk = req->rsk_listener; +- if (unlikely(tcp_v4_inbound_md5_hash(sk, skb, dif, sdif))) { ++ if (unlikely(!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb) || ++ tcp_v4_inbound_md5_hash(sk, skb, dif, sdif))) { + sk_drops_add(sk, skb); + reqsk_put(req); + goto discard_it; +@@ -2061,6 +2062,7 @@ process: + } + goto discard_and_relse; + } ++ nf_reset_ct(skb); + if (nsk == sk) { + reqsk_put(req); + tcp_v4_restore_cb(skb);