From: Sasha Levin Date: Mon, 19 Dec 2022 16:35:30 +0000 (-0500) Subject: Fixes for 6.0 X-Git-Tag: v5.10.161~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=493eb0aeee085b87438ec4764c173cdd1681b9dd;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 6.0 Signed-off-by: Sasha Levin --- diff --git a/queue-6.0/bluetooth-l2cap-fix-u8-overflow.patch b/queue-6.0/bluetooth-l2cap-fix-u8-overflow.patch new file mode 100644 index 00000000000..7d6e873cdbc --- /dev/null +++ b/queue-6.0/bluetooth-l2cap-fix-u8-overflow.patch @@ -0,0 +1,65 @@ +From 1846772b3f95c98d5bce59d26fd28469d51b4cb0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 18 Nov 2022 15:01:47 -0500 +Subject: Bluetooth: L2CAP: Fix u8 overflow + +From: Sungwoo Kim + +[ Upstream commit bcd70260ef56e0aee8a4fc6cd214a419900b0765 ] + +By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases +multiple times and eventually it will wrap around the maximum number +(i.e., 255). +This patch prevents this by adding a boundary check with +L2CAP_MAX_CONF_RSP + +Btmon log: +Bluetooth monitor ver 5.64 += Note: Linux version 6.1.0-rc2 (x86_64) 0.264594 += Note: Bluetooth subsystem version 2.22 0.264636 +@ MGMT Open: btmon (privileged) version 1.22 {0x0001} 0.272191 += New Index: 00:00:00:00:00:00 (Primary,Virtual,hci0) [hci0] 13.877604 +@ RAW Open: 9496 (privileged) version 2.22 {0x0002} 13.890741 += Open Index: 00:00:00:00:00:00 [hci0] 13.900426 +(...) +> ACL Data RX: Handle 200 flags 0x00 dlen 1033 #32 [hci0] 14.273106 + invalid packet size (12 != 1033) + 08 00 01 00 02 01 04 00 01 10 ff ff ............ +> ACL Data RX: Handle 200 flags 0x00 dlen 1547 #33 [hci0] 14.273561 + invalid packet size (14 != 1547) + 0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@..... +> ACL Data RX: Handle 200 flags 0x00 dlen 2061 #34 [hci0] 14.274390 + invalid packet size (16 != 2061) + 0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@....... +> ACL Data RX: Handle 200 flags 0x00 dlen 2061 #35 [hci0] 14.274932 + invalid packet size (16 != 2061) + 0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@....... += bluetoothd: Bluetooth daemon 5.43 14.401828 +> ACL Data RX: Handle 200 flags 0x00 dlen 1033 #36 [hci0] 14.275753 + invalid packet size (12 != 1033) + 08 00 01 00 04 01 04 00 40 00 00 00 ........@... + +Signed-off-by: Sungwoo Kim +Signed-off-by: Luiz Augusto von Dentz +Signed-off-by: Sasha Levin +--- + net/bluetooth/l2cap_core.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c +index 9c24947aa41e..9fdede5fe71c 100644 +--- a/net/bluetooth/l2cap_core.c ++++ b/net/bluetooth/l2cap_core.c +@@ -4453,7 +4453,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, + + chan->ident = cmd->ident; + l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp); +- chan->num_conf_rsp++; ++ if (chan->num_conf_rsp < L2CAP_CONF_MAX_CONF_RSP) ++ chan->num_conf_rsp++; + + /* Reset config buffer. */ + chan->conf_len = 0; +-- +2.35.1 + diff --git a/queue-6.0/net-loopback-use-net_name_predictable-for-name_assig.patch b/queue-6.0/net-loopback-use-net_name_predictable-for-name_assig.patch new file mode 100644 index 00000000000..23a4228818a --- /dev/null +++ b/queue-6.0/net-loopback-use-net_name_predictable-for-name_assig.patch @@ -0,0 +1,50 @@ +From 3d35d078a856a6ed1bc27ca078bf79865fd64aa9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 23 Nov 2022 15:18:28 +0100 +Subject: net: loopback: use NET_NAME_PREDICTABLE for name_assign_type + +From: Rasmus Villemoes + +[ Upstream commit 31d929de5a112ee1b977a89c57de74710894bbbf ] + +When the name_assign_type attribute was introduced (commit +685343fc3ba6, "net: add name_assign_type netdev attribute"), the +loopback device was explicitly mentioned as one which would make use +of NET_NAME_PREDICTABLE: + + The name_assign_type attribute gives hints where the interface name of a + given net-device comes from. These values are currently defined: +... + NET_NAME_PREDICTABLE: + The ifname has been assigned by the kernel in a predictable way + that is guaranteed to avoid reuse and always be the same for a + given device. Examples include statically created devices like + the loopback device [...] + +Switch to that so that reading /sys/class/net/lo/name_assign_type +produces something sensible instead of returning -EINVAL. + +Signed-off-by: Rasmus Villemoes +Reviewed-by: Jacob Keller +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/loopback.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/loopback.c b/drivers/net/loopback.c +index 14e8d04cb434..2e9742952c4e 100644 +--- a/drivers/net/loopback.c ++++ b/drivers/net/loopback.c +@@ -211,7 +211,7 @@ static __net_init int loopback_net_init(struct net *net) + int err; + + err = -ENOMEM; +- dev = alloc_netdev(0, "lo", NET_NAME_UNKNOWN, loopback_setup); ++ dev = alloc_netdev(0, "lo", NET_NAME_PREDICTABLE, loopback_setup); + if (!dev) + goto out; + +-- +2.35.1 + diff --git a/queue-6.0/selftests-net-use-grep-e-instead-of-egrep.patch b/queue-6.0/selftests-net-use-grep-e-instead-of-egrep.patch new file mode 100644 index 00000000000..61597216f11 --- /dev/null +++ b/queue-6.0/selftests-net-use-grep-e-instead-of-egrep.patch @@ -0,0 +1,48 @@ +From 0615bac3b6e04cf50117749282447884a703ff4d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 1 Dec 2022 11:10:48 +0800 +Subject: selftests: net: Use "grep -E" instead of "egrep" + +From: Tiezhu Yang + +[ Upstream commit 6a30d3e3491dc562384e9f15b201a8a25b57439f ] + +The latest version of grep claims the egrep is now obsolete so the build +now contains warnings that look like: + egrep: warning: egrep is obsolescent; using grep -E +fix this using "grep -E" instead. + + sed -i "s/egrep/grep -E/g" `grep egrep -rwl tools/testing/selftests/net` + +Here are the steps to install the latest grep: + + wget http://ftp.gnu.org/gnu/grep/grep-3.8.tar.gz + tar xf grep-3.8.tar.gz + cd grep-3.8 && ./configure && make + sudo make install + export PATH=/usr/local/bin:$PATH + +Signed-off-by: Tiezhu Yang +Link: https://lore.kernel.org/r/1669864248-829-1-git-send-email-yangtiezhu@loongson.cn +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/net/toeplitz.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/testing/selftests/net/toeplitz.sh b/tools/testing/selftests/net/toeplitz.sh +index 0a49907cd4fe..da5bfd834eff 100755 +--- a/tools/testing/selftests/net/toeplitz.sh ++++ b/tools/testing/selftests/net/toeplitz.sh +@@ -32,7 +32,7 @@ DEV="eth0" + # This is determined by reading the RSS indirection table using ethtool. + get_rss_cfg_num_rxqs() { + echo $(ethtool -x "${DEV}" | +- egrep [[:space:]]+[0-9]+:[[:space:]]+ | ++ grep -E [[:space:]]+[0-9]+:[[:space:]]+ | + cut -d: -f2- | + awk '{$1=$1};1' | + tr ' ' '\n' | +-- +2.35.1 + diff --git a/queue-6.0/series b/queue-6.0/series index fc83c2e05b8..eb6f41522fd 100644 --- a/queue-6.0/series +++ b/queue-6.0/series @@ -23,3 +23,6 @@ usb-typec-ucsi-resume-in-separate-work.patch usb-dwc3-pci-update-pcie-device-id-for-usb3-controller-on-cpu-sub-system-for-raptor-lake.patch keys-encrypted-fix-key-instantiation-with-user-provided-data.patch usb-ulpi-defer-ulpi_register-on-ulpi_read_id-timeout.patch +bluetooth-l2cap-fix-u8-overflow.patch +selftests-net-use-grep-e-instead-of-egrep.patch +net-loopback-use-net_name_predictable-for-name_assig.patch