From 21ff44c95682885e5ea3e5db1352827fa9fd7f64 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 13 Jan 2024 10:13:02 +0100
Subject: [PATCH] 5.4-stable patches

added patches:
	netfilter-nf_tables-reject-tables-of-unsupported-family.patch
	pci-disable-ats-for-specific-intel-ipu-e2000-devices.patch
	pci-extract-ats-disabling-to-a-helper-function.patch
---
 ...-reject-tables-of-unsupported-family.patch | 65 +++++++++++++++++++
 ...for-specific-intel-ipu-e2000-devices.patch | 55 ++++++++++++++++
 ...t-ats-disabling-to-a-helper-function.patch | 47 ++++++++++++++
 queue-5.4/series                              |  3 +
 4 files changed, 170 insertions(+)
 create mode 100644 queue-5.4/netfilter-nf_tables-reject-tables-of-unsupported-family.patch
 create mode 100644 queue-5.4/pci-disable-ats-for-specific-intel-ipu-e2000-devices.patch
 create mode 100644 queue-5.4/pci-extract-ats-disabling-to-a-helper-function.patch

diff --git a/queue-5.4/netfilter-nf_tables-reject-tables-of-unsupported-family.patch b/queue-5.4/netfilter-nf_tables-reject-tables-of-unsupported-family.patch
new file mode 100644
index 00000000000..c26d7a6ad56
--- /dev/null
+++ b/queue-5.4/netfilter-nf_tables-reject-tables-of-unsupported-family.patch
@@ -0,0 +1,65 @@
+From f1082dd31fe461d482d69da2a8eccfeb7bf07ac2 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Wed, 16 Feb 2022 15:55:38 +0100
+Subject: netfilter: nf_tables: Reject tables of unsupported family
+
+From: Phil Sutter <phil@nwl.cc>
+
+commit f1082dd31fe461d482d69da2a8eccfeb7bf07ac2 upstream.
+
+An nftables family is merely a hollow container, its family just a
+number and such not reliant on compile-time options other than nftables
+support itself. Add an artificial check so attempts at using a family
+the kernel can't support fail as early as possible. This helps user
+space detect kernels which lack e.g. NFPROTO_INET.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nf_tables_api.c |   27 +++++++++++++++++++++++++++
+ 1 file changed, 27 insertions(+)
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -1005,6 +1005,30 @@ static int nft_objname_hash_cmp(struct r
+ 	return strcmp(obj->key.name, k->name);
+ }
+ 
++static bool nft_supported_family(u8 family)
++{
++	return false
++#ifdef CONFIG_NF_TABLES_INET
++		|| family == NFPROTO_INET
++#endif
++#ifdef CONFIG_NF_TABLES_IPV4
++		|| family == NFPROTO_IPV4
++#endif
++#ifdef CONFIG_NF_TABLES_ARP
++		|| family == NFPROTO_ARP
++#endif
++#ifdef CONFIG_NF_TABLES_NETDEV
++		|| family == NFPROTO_NETDEV
++#endif
++#if IS_ENABLED(CONFIG_NF_TABLES_BRIDGE)
++		|| family == NFPROTO_BRIDGE
++#endif
++#ifdef CONFIG_NF_TABLES_IPV6
++		|| family == NFPROTO_IPV6
++#endif
++		;
++}
++
+ static int nf_tables_newtable(struct net *net, struct sock *nlsk,
+ 			      struct sk_buff *skb, const struct nlmsghdr *nlh,
+ 			      const struct nlattr * const nla[],
+@@ -1020,6 +1044,9 @@ static int nf_tables_newtable(struct net
+ 	struct nft_ctx ctx;
+ 	int err;
+ 
++	if (!nft_supported_family(family))
++		return -EOPNOTSUPP;
++
+ 	lockdep_assert_held(&nft_net->commit_mutex);
+ 	attr = nla[NFTA_TABLE_NAME];
+ 	table = nft_table_lookup(net, attr, family, genmask);
diff --git a/queue-5.4/pci-disable-ats-for-specific-intel-ipu-e2000-devices.patch b/queue-5.4/pci-disable-ats-for-specific-intel-ipu-e2000-devices.patch
new file mode 100644
index 00000000000..4037a85f4bf
--- /dev/null
+++ b/queue-5.4/pci-disable-ats-for-specific-intel-ipu-e2000-devices.patch
@@ -0,0 +1,55 @@
+From a18615b1cfc04f00548c60eb9a77e0ce56e848fd Mon Sep 17 00:00:00 2001
+From: Bartosz Pawlowski <bartosz.pawlowski@intel.com>
+Date: Fri, 8 Sep 2023 14:36:06 +0000
+Subject: PCI: Disable ATS for specific Intel IPU E2000 devices
+
+From: Bartosz Pawlowski <bartosz.pawlowski@intel.com>
+
+commit a18615b1cfc04f00548c60eb9a77e0ce56e848fd upstream.
+
+Due to a hardware issue in A and B steppings of Intel IPU E2000, it expects
+wrong endianness in ATS invalidation message body. This problem can lead to
+outdated translations being returned as valid and finally cause system
+instability.
+
+To prevent such issues, add quirk_intel_e2000_no_ats() to disable ATS for
+vulnerable IPU E2000 devices.
+
+Link: https://lore.kernel.org/r/20230908143606.685930-3-bartosz.pawlowski@intel.com
+Signed-off-by: Bartosz Pawlowski <bartosz.pawlowski@intel.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Reviewed-by: Alexander Lobakin <aleksander.lobakin@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pci/quirks.c |   19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+--- a/drivers/pci/quirks.c
++++ b/drivers/pci/quirks.c
+@@ -5419,6 +5419,25 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_AT
+ /* AMD Navi14 dGPU */
+ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, 0x7340, quirk_amd_harvest_no_ats);
+ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, 0x7341, quirk_amd_harvest_no_ats);
++
++/*
++ * Intel IPU E2000 revisions before C0 implement incorrect endianness
++ * in ATS Invalidate Request message body. Disable ATS for those devices.
++ */
++static void quirk_intel_e2000_no_ats(struct pci_dev *pdev)
++{
++	if (pdev->revision < 0x20)
++		quirk_no_ats(pdev);
++}
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1451, quirk_intel_e2000_no_ats);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1452, quirk_intel_e2000_no_ats);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1453, quirk_intel_e2000_no_ats);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1454, quirk_intel_e2000_no_ats);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1455, quirk_intel_e2000_no_ats);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1457, quirk_intel_e2000_no_ats);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1459, quirk_intel_e2000_no_ats);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x145a, quirk_intel_e2000_no_ats);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x145c, quirk_intel_e2000_no_ats);
+ #endif /* CONFIG_PCI_ATS */
+ 
+ /* Freescale PCIe doesn't support MSI in RC mode */
diff --git a/queue-5.4/pci-extract-ats-disabling-to-a-helper-function.patch b/queue-5.4/pci-extract-ats-disabling-to-a-helper-function.patch
new file mode 100644
index 00000000000..b11fa182ce9
--- /dev/null
+++ b/queue-5.4/pci-extract-ats-disabling-to-a-helper-function.patch
@@ -0,0 +1,47 @@
+From f18b1137d38c091cc8c16365219f0a1d4a30b3d1 Mon Sep 17 00:00:00 2001
+From: Bartosz Pawlowski <bartosz.pawlowski@intel.com>
+Date: Fri, 8 Sep 2023 14:36:05 +0000
+Subject: PCI: Extract ATS disabling to a helper function
+
+From: Bartosz Pawlowski <bartosz.pawlowski@intel.com>
+
+commit f18b1137d38c091cc8c16365219f0a1d4a30b3d1 upstream.
+
+Introduce quirk_no_ats() helper function to provide a standard way to
+disable ATS capability in PCI quirks.
+
+Suggested-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Link: https://lore.kernel.org/r/20230908143606.685930-2-bartosz.pawlowski@intel.com
+Signed-off-by: Bartosz Pawlowski <bartosz.pawlowski@intel.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pci/quirks.c |    9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/drivers/pci/quirks.c
++++ b/drivers/pci/quirks.c
+@@ -5389,6 +5389,12 @@ DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_SE
+ DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_SERVERWORKS, 0x0422, quirk_no_ext_tags);
+ 
+ #ifdef CONFIG_PCI_ATS
++static void quirk_no_ats(struct pci_dev *pdev)
++{
++	pci_info(pdev, "disabling ATS\n");
++	pdev->ats_cap = 0;
++}
++
+ /*
+  * Some devices require additional driver setup to enable ATS.  Don't use
+  * ATS for those devices as ATS will be enabled before the driver has had a
+@@ -5401,8 +5407,7 @@ static void quirk_amd_harvest_no_ats(str
+ 	    (pdev->device == 0x7341 && pdev->revision != 0x00))
+ 		return;
+ 
+-	pci_info(pdev, "disabling ATS\n");
+-	pdev->ats_cap = 0;
++	quirk_no_ats(pdev);
+ }
+ 
+ /* AMD Stoney platform GPU */
diff --git a/queue-5.4/series b/queue-5.4/series
index ffe514a0e4c..c3923afe8b4 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -30,3 +30,6 @@ ath10k-add-interrupt-summary-based-ce-processing.patch
 ath10k-keep-track-of-which-interrupts-fired-don-t-poll-them.patch
 ath10k-get-rid-of-per_ce_irq-hw-param.patch
 net-tls-update-curr-on-splice-as-well.patch
+netfilter-nf_tables-reject-tables-of-unsupported-family.patch
+pci-extract-ats-disabling-to-a-helper-function.patch
+pci-disable-ats-for-specific-intel-ipu-e2000-devices.patch
-- 
2.47.3