From 19f769dceebe519cef08acf9171c8228caafeabd Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 30 Jun 2022 15:29:23 +0200 Subject: [PATCH] 4.19-stable patches added patches: kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch net-mscc-ocelot-allow-unregistered-ip-multicast-flooding.patch net-sched-move-null-ptr-check-to-qdisc_put-too.patch swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch --- ...te-from-arch_kexec_apply_relocations.patch | 192 ++++++++++++++++++ ...w-unregistered-ip-multicast-flooding.patch | 64 ++++++ ...move-null-ptr-check-to-qdisc_put-too.patch | 52 +++++ queue-4.19/series | 4 + ...wiotlb_bounce-when-orig_addr-is-zero.patch | 53 +++++ 5 files changed, 365 insertions(+) create mode 100644 queue-4.19/kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch create mode 100644 queue-4.19/net-mscc-ocelot-allow-unregistered-ip-multicast-flooding.patch create mode 100644 queue-4.19/net-sched-move-null-ptr-check-to-qdisc_put-too.patch create mode 100644 queue-4.19/swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch diff --git a/queue-4.19/kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch b/queue-4.19/kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch new file mode 100644 index 00000000000..a63ea0be3e4 --- /dev/null +++ b/queue-4.19/kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch @@ -0,0 +1,192 @@ +From 3e35142ef99fe6b4fe5d834ad43ee13cca10a2dc Mon Sep 17 00:00:00 2001 +From: "Naveen N. Rao" +Date: Thu, 19 May 2022 14:42:37 +0530 +Subject: kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] + +From: Naveen N. Rao + +commit 3e35142ef99fe6b4fe5d834ad43ee13cca10a2dc upstream. + +Since commit d1bcae833b32f1 ("ELF: Don't generate unused section +symbols") [1], binutils (v2.36+) started dropping section symbols that +it thought were unused. This isn't an issue in general, but with +kexec_file.c, gcc is placing kexec_arch_apply_relocations[_add] into a +separate .text.unlikely section and the section symbol ".text.unlikely" +is being dropped. Due to this, recordmcount is unable to find a non-weak +symbol in .text.unlikely to generate a relocation record against. + +Address this by dropping the weak attribute from these functions. +Instead, follow the existing pattern of having architectures #define the +name of the function they want to override in their headers. + +[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d1bcae833b32f1 + +[akpm@linux-foundation.org: arch/s390/include/asm/kexec.h needs linux/module.h] +Link: https://lkml.kernel.org/r/20220519091237.676736-1-naveen.n.rao@linux.vnet.ibm.com +Signed-off-by: Michael Ellerman +Signed-off-by: Naveen N. Rao +Cc: "Eric W. Biederman" +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + arch/s390/include/asm/kexec.h | 10 +++++++++ + arch/x86/include/asm/kexec.h | 9 ++++++++ + include/linux/kexec.h | 46 ++++++++++++++++++++++++++++++++++-------- + kernel/kexec_file.c | 34 ------------------------------- + 4 files changed, 57 insertions(+), 42 deletions(-) + +--- a/arch/s390/include/asm/kexec.h ++++ b/arch/s390/include/asm/kexec.h +@@ -9,6 +9,8 @@ + #ifndef _S390_KEXEC_H + #define _S390_KEXEC_H + ++#include ++ + #include + #include + /* +@@ -69,4 +71,12 @@ int *kexec_file_update_kernel(struct kim + extern const struct kexec_file_ops s390_kexec_image_ops; + extern const struct kexec_file_ops s390_kexec_elf_ops; + ++#ifdef CONFIG_KEXEC_FILE ++struct purgatory_info; ++int arch_kexec_apply_relocations_add(struct purgatory_info *pi, ++ Elf_Shdr *section, ++ const Elf_Shdr *relsec, ++ const Elf_Shdr *symtab); ++#define arch_kexec_apply_relocations_add arch_kexec_apply_relocations_add ++#endif + #endif /*_S390_KEXEC_H */ +--- a/arch/x86/include/asm/kexec.h ++++ b/arch/x86/include/asm/kexec.h +@@ -21,6 +21,7 @@ + #ifndef __ASSEMBLY__ + + #include ++#include + + #include + #include +@@ -217,6 +218,14 @@ extern int arch_kexec_post_alloc_pages(v + extern void arch_kexec_pre_free_pages(void *vaddr, unsigned int pages); + #define arch_kexec_pre_free_pages arch_kexec_pre_free_pages + ++#ifdef CONFIG_KEXEC_FILE ++struct purgatory_info; ++int arch_kexec_apply_relocations_add(struct purgatory_info *pi, ++ Elf_Shdr *section, ++ const Elf_Shdr *relsec, ++ const Elf_Shdr *symtab); ++#define arch_kexec_apply_relocations_add arch_kexec_apply_relocations_add ++#endif + #endif + + typedef void crash_vmclear_fn(void); +--- a/include/linux/kexec.h ++++ b/include/linux/kexec.h +@@ -174,14 +174,6 @@ int kexec_purgatory_get_set_symbol(struc + bool get_value); + void *kexec_purgatory_get_symbol_addr(struct kimage *image, const char *name); + +-int __weak arch_kexec_apply_relocations_add(struct purgatory_info *pi, +- Elf_Shdr *section, +- const Elf_Shdr *relsec, +- const Elf_Shdr *symtab); +-int __weak arch_kexec_apply_relocations(struct purgatory_info *pi, +- Elf_Shdr *section, +- const Elf_Shdr *relsec, +- const Elf_Shdr *symtab); + + int __weak arch_kexec_walk_mem(struct kexec_buf *kbuf, + int (*func)(struct resource *, void *)); +@@ -206,6 +198,44 @@ extern int crash_exclude_mem_range(struc + unsigned long long mend); + extern int crash_prepare_elf64_headers(struct crash_mem *mem, int kernel_map, + void **addr, unsigned long *sz); ++ ++#ifndef arch_kexec_apply_relocations_add ++/* ++ * arch_kexec_apply_relocations_add - apply relocations of type RELA ++ * @pi: Purgatory to be relocated. ++ * @section: Section relocations applying to. ++ * @relsec: Section containing RELAs. ++ * @symtab: Corresponding symtab. ++ * ++ * Return: 0 on success, negative errno on error. ++ */ ++static inline int ++arch_kexec_apply_relocations_add(struct purgatory_info *pi, Elf_Shdr *section, ++ const Elf_Shdr *relsec, const Elf_Shdr *symtab) ++{ ++ pr_err("RELA relocation unsupported.\n"); ++ return -ENOEXEC; ++} ++#endif ++ ++#ifndef arch_kexec_apply_relocations ++/* ++ * arch_kexec_apply_relocations - apply relocations of type REL ++ * @pi: Purgatory to be relocated. ++ * @section: Section relocations applying to. ++ * @relsec: Section containing RELs. ++ * @symtab: Corresponding symtab. ++ * ++ * Return: 0 on success, negative errno on error. ++ */ ++static inline int ++arch_kexec_apply_relocations(struct purgatory_info *pi, Elf_Shdr *section, ++ const Elf_Shdr *relsec, const Elf_Shdr *symtab) ++{ ++ pr_err("REL relocation unsupported.\n"); ++ return -ENOEXEC; ++} ++#endif + #endif /* CONFIG_KEXEC_FILE */ + + struct kimage { +--- a/kernel/kexec_file.c ++++ b/kernel/kexec_file.c +@@ -111,40 +111,6 @@ int __weak arch_kexec_kernel_verify_sig( + #endif + + /* +- * arch_kexec_apply_relocations_add - apply relocations of type RELA +- * @pi: Purgatory to be relocated. +- * @section: Section relocations applying to. +- * @relsec: Section containing RELAs. +- * @symtab: Corresponding symtab. +- * +- * Return: 0 on success, negative errno on error. +- */ +-int __weak +-arch_kexec_apply_relocations_add(struct purgatory_info *pi, Elf_Shdr *section, +- const Elf_Shdr *relsec, const Elf_Shdr *symtab) +-{ +- pr_err("RELA relocation unsupported.\n"); +- return -ENOEXEC; +-} +- +-/* +- * arch_kexec_apply_relocations - apply relocations of type REL +- * @pi: Purgatory to be relocated. +- * @section: Section relocations applying to. +- * @relsec: Section containing RELs. +- * @symtab: Corresponding symtab. +- * +- * Return: 0 on success, negative errno on error. +- */ +-int __weak +-arch_kexec_apply_relocations(struct purgatory_info *pi, Elf_Shdr *section, +- const Elf_Shdr *relsec, const Elf_Shdr *symtab) +-{ +- pr_err("REL relocation unsupported.\n"); +- return -ENOEXEC; +-} +- +-/* + * Free up memory used by kernel, initrd, and command line. This is temporary + * memory allocation which is not needed any more after these buffers have + * been loaded into separate segments and have been copied elsewhere. diff --git a/queue-4.19/net-mscc-ocelot-allow-unregistered-ip-multicast-flooding.patch b/queue-4.19/net-mscc-ocelot-allow-unregistered-ip-multicast-flooding.patch new file mode 100644 index 00000000000..27f62b9e9a5 --- /dev/null +++ b/queue-4.19/net-mscc-ocelot-allow-unregistered-ip-multicast-flooding.patch @@ -0,0 +1,64 @@ +From foo@baz Thu Jun 30 03:22:27 PM CEST 2022 +From: Vladimir Oltean +Date: Tue, 28 Jun 2022 20:20:13 +0300 +Subject: net: mscc: ocelot: allow unregistered IP multicast flooding +To: stable , Greg Kroah-Hartman , Sasha Levin +Cc: netdev@vger.kernel.org, "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Xiaoliang Yang , Claudiu Manoil , Alexandre Belloni , UNGLinuxDriver@microchip.com, Andrew Lunn , Vivien Didelot , Florian Fainelli , Maxim Kochetkov , Colin Foster , stable@kernel.org +Message-ID: <20220628172016.3373243-2-vladimir.oltean@nxp.com> + +From: Vladimir Oltean + +Flooding of unregistered IP multicast has been broken (both to other +switch ports and to the CPU) since the ocelot driver introduction, and +up until commit 4cf35a2b627a ("net: mscc: ocelot: fix broken IP +multicast flooding"), a bug fix for commit 421741ea5672 ("net: mscc: +ocelot: offload bridge port flags to device") from v5.12. + +The driver used to set PGID_MCIPV4 and PGID_MCIPV6 to the empty port +mask (0), which made unregistered IPv4/IPv6 multicast go nowhere, and +without ever modifying that port mask at runtime. + +The expectation is that such packets are treated as broadcast, and +flooded according to the forwarding domain (to the CPU if the port is +standalone, or to the CPU and other bridged ports, if under a bridge). + +Since the aforementioned commit, the limitation has been lifted by +responding to SWITCHDEV_ATTR_ID_PORT_BRIDGE_FLAGS events emitted by the +bridge. As for host flooding, DSA synthesizes another call to +ocelot_port_bridge_flags() on the NPI port which ensures that the CPU +gets the unregistered multicast traffic it might need, for example for +smcroute to work between standalone ports. + +But between v4.18 and v5.12, IP multicast flooding has remained unfixed. + +Delete the inexplicable premature optimization of clearing PGID_MCIPV4 +and PGID_MCIPV6 as part of the init sequence, and allow unregistered IP +multicast to be flooded freely according to the forwarding domain +established by PGID_SRC, by explicitly programming PGID_MCIPV4 and +PGID_MCIPV6 towards all physical ports plus the CPU port module. + +Fixes: a556c76adc05 ("net: mscc: Add initial Ocelot switch support") +Cc: stable@kernel.org +Signed-off-by: Vladimir Oltean +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/mscc/ocelot.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/drivers/net/ethernet/mscc/ocelot.c ++++ b/drivers/net/ethernet/mscc/ocelot.c +@@ -1733,8 +1733,12 @@ int ocelot_init(struct ocelot *ocelot) + ocelot_write_rix(ocelot, + ANA_PGID_PGID_PGID(GENMASK(ocelot->num_phys_ports, 0)), + ANA_PGID_PGID, PGID_MC); +- ocelot_write_rix(ocelot, 0, ANA_PGID_PGID, PGID_MCIPV4); +- ocelot_write_rix(ocelot, 0, ANA_PGID_PGID, PGID_MCIPV6); ++ ocelot_write_rix(ocelot, ++ ANA_PGID_PGID_PGID(GENMASK(ocelot->num_phys_ports, 0)), ++ ANA_PGID_PGID, PGID_MCIPV4); ++ ocelot_write_rix(ocelot, ++ ANA_PGID_PGID_PGID(GENMASK(ocelot->num_phys_ports, 0)), ++ ANA_PGID_PGID, PGID_MCIPV6); + + /* CPU port Injection/Extraction configuration */ + ocelot_write_rix(ocelot, QSYS_SWITCH_PORT_MODE_INGRESS_DROP_MODE | diff --git a/queue-4.19/net-sched-move-null-ptr-check-to-qdisc_put-too.patch b/queue-4.19/net-sched-move-null-ptr-check-to-qdisc_put-too.patch new file mode 100644 index 00000000000..30c49483d87 --- /dev/null +++ b/queue-4.19/net-sched-move-null-ptr-check-to-qdisc_put-too.patch @@ -0,0 +1,52 @@ +From didi.debian@cknow.org Thu Jun 30 15:24:25 2022 +From: Diederik de Haas +Date: Thu, 30 Jun 2022 00:49:38 +0200 +Subject: net/sched: move NULL ptr check to qdisc_put() too +To: stable@vger.kernel.org +Cc: Vlad Buslov , Diederik de Haas , Thorsten Glaser +Message-ID: <20220629224938.7760-1-didi.debian@cknow.org> + +From: Diederik de Haas + +In commit 92833e8b5db6c209e9311ac8c6a44d3bf1856659 titled +"net: sched: rename qdisc_destroy() to qdisc_put()" part of the +functionality of qdisc_destroy() was moved into a (for linux-4.19.y) +new function qdisk_put(), and the previous calls to qdisc_destroy() +were changed to qdisk_put(). +This made it similar to f.e. 5.10.y and current master. + +There was one part of qdisc_destroy() not moved over to qdisc_put() and +that was the check for a NULL pointer, causing oopses. +(See upstream commit: 6efb971ba8edfbd80b666f29de12882852f095ae) +This patch fixes that. + +Fixes: 92833e8b5db6c209e9311ac8c6a44d3bf1856659 +Reported-by: Thorsten Glaser +Link: https://bugs.debian.org/1013299 +Signed-off-by: Diederik de Haas +Signed-off-by: Greg Kroah-Hartman +--- + net/sched/sch_generic.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/net/sched/sch_generic.c ++++ b/net/sched/sch_generic.c +@@ -970,8 +970,6 @@ static void qdisc_destroy(struct Qdisc * + const struct Qdisc_ops *ops; + struct sk_buff *skb, *tmp; + +- if (!qdisc) +- return; + ops = qdisc->ops; + + #ifdef CONFIG_NET_SCHED +@@ -1003,6 +1001,9 @@ static void qdisc_destroy(struct Qdisc * + + void qdisc_put(struct Qdisc *qdisc) + { ++ if (!qdisc) ++ return; ++ + if (qdisc->flags & TCQ_F_BUILTIN || + !refcount_dec_and_test(&qdisc->refcnt)) + return; diff --git a/queue-4.19/series b/queue-4.19/series index 1f499ebf3cf..6ff19964d96 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -44,3 +44,7 @@ drm-remove-drm_fb_helper_modinit.patch xen-unexport-__init-annotated-xen_xlate_map_ballooned_pages.patch xen-gntdev-avoid-blocking-in-unmap_grant_pages.patch fdt-update-crc-check-for-rng-seed.patch +kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch +net-mscc-ocelot-allow-unregistered-ip-multicast-flooding.patch +net-sched-move-null-ptr-check-to-qdisc_put-too.patch +swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch diff --git a/queue-4.19/swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch b/queue-4.19/swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch new file mode 100644 index 00000000000..754378d96b3 --- /dev/null +++ b/queue-4.19/swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch @@ -0,0 +1,53 @@ +From liushixin2@huawei.com Thu Jun 30 15:25:20 2022 +From: Liu Shixin +Date: Thu, 30 Jun 2022 19:33:31 +0800 +Subject: swiotlb: skip swiotlb_bounce when orig_addr is zero +To: Greg Kroah-Hartman , Halil Pasic , Christoph Hellwig , Ovidiu Panait , Ben Hutchings +Cc: , , Liu Shixin +Message-ID: <20220630113331.1544886-1-liushixin2@huawei.com> + +From: Liu Shixin + +After patch ddbd89deb7d3 ("swiotlb: fix info leak with DMA_FROM_DEVICE"), +swiotlb_bounce will be called in swiotlb_tbl_map_single unconditionally. +This requires that the physical address must be valid, which is not always +true on stable-4.19 or earlier version. +On stable-4.19, swiotlb_alloc_buffer will call swiotlb_tbl_map_single with +orig_addr equal to zero, which cause such a panic: + +Unable to handle kernel paging request at virtual address ffffb77a40000000 +... +pc : __memcpy+0x100/0x180 +lr : swiotlb_bounce+0x74/0x88 +... +Call trace: + __memcpy+0x100/0x180 + swiotlb_tbl_map_single+0x2c8/0x338 + swiotlb_alloc+0xb4/0x198 + __dma_alloc+0x84/0x1d8 + ... + +On stable-4.9 and stable-4.14, swiotlb_alloc_coherent wille call map_single +with orig_addr equal to zero, which can cause same panic. + +Fix this by skipping swiotlb_bounce when orig_addr is zero. + +Fixes: ddbd89deb7d3 ("swiotlb: fix info leak with DMA_FROM_DEVICE") +Signed-off-by: Liu Shixin +Signed-off-by: Greg Kroah-Hartman +--- + kernel/dma/swiotlb.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/kernel/dma/swiotlb.c ++++ b/kernel/dma/swiotlb.c +@@ -594,7 +594,8 @@ found: + * unconditional bounce may prevent leaking swiotlb content (i.e. + * kernel memory) to user-space. + */ +- swiotlb_bounce(orig_addr, tlb_addr, size, DMA_TO_DEVICE); ++ if (orig_addr) ++ swiotlb_bounce(orig_addr, tlb_addr, size, DMA_TO_DEVICE); + return tlb_addr; + } + -- 2.47.3