From: Sasha Levin Date: Sat, 28 Mar 2020 23:40:04 +0000 (-0400) Subject: Fixes for 4.4 X-Git-Tag: v5.6.1~73 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=008dc4b684af35cd580b7670ce5fa47d7977ae44;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.4 Signed-off-by: Sasha Levin --- diff --git a/queue-4.4/drivers-hwspinlock-use-correct-radix-tree-api.patch b/queue-4.4/drivers-hwspinlock-use-correct-radix-tree-api.patch new file mode 100644 index 00000000000..4b0db011f62 --- /dev/null +++ b/queue-4.4/drivers-hwspinlock-use-correct-radix-tree-api.patch @@ -0,0 +1,43 @@ +From 78a0f96a0928a9d4b6da78c166e3c706a02e7124 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 20 May 2016 17:03:01 -0700 +Subject: drivers/hwspinlock: use correct radix tree API + +From: Matthew Wilcox + +[ Upstream commit b76ba4af4ddd6a06f7f65769e7be1bc56556cdf5 ] + +radix_tree_is_indirect_ptr() is an internal API. The correct call to +use is radix_tree_deref_retry() which has the appropriate unlikely() +annotation. + +Fixes: c6400ba7e13a ("drivers/hwspinlock: fix race between radix tree insertion and lookup") +Signed-off-by: Matthew Wilcox +Cc: Konstantin Khlebnikov +Cc: Kirill Shutemov +Cc: Jan Kara +Cc: Neil Brown +Cc: Ross Zwisler +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + drivers/hwspinlock/hwspinlock_core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/hwspinlock/hwspinlock_core.c b/drivers/hwspinlock/hwspinlock_core.c +index d50c701b19d67..4074441444fed 100644 +--- a/drivers/hwspinlock/hwspinlock_core.c ++++ b/drivers/hwspinlock/hwspinlock_core.c +@@ -313,7 +313,7 @@ int of_hwspin_lock_get_id(struct device_node *np, int index) + hwlock = radix_tree_deref_slot(slot); + if (unlikely(!hwlock)) + continue; +- if (radix_tree_is_indirect_ptr(hwlock)) { ++ if (radix_tree_deref_retry(hwlock)) { + slot = radix_tree_iter_retry(&iter); + continue; + } +-- +2.20.1 + diff --git a/queue-4.4/ib-ipoib-do-not-warn-if-ipoib-debugfs-doesn-t-exist.patch b/queue-4.4/ib-ipoib-do-not-warn-if-ipoib-debugfs-doesn-t-exist.patch new file mode 100644 index 00000000000..267d4bb9f48 --- /dev/null +++ b/queue-4.4/ib-ipoib-do-not-warn-if-ipoib-debugfs-doesn-t-exist.patch @@ -0,0 +1,42 @@ +From 5531f3181ac072e390e8a3dae64fac3243a50b88 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 13 Feb 2018 12:18:27 +0200 +Subject: IB/ipoib: Do not warn if IPoIB debugfs doesn't exist + +From: Alaa Hleihel + +[ Upstream commit 14fa91e0fef8e4d6feb8b1fa2a807828e0abe815 ] + +netdev_wait_allrefs() could rebroadcast NETDEV_UNREGISTER event +multiple times until all refs are gone, which will result in calling +ipoib_delete_debug_files multiple times and printing a warning. + +Remove the WARN_ONCE since checks of NULL pointers before calling +debugfs_remove are not needed. + +Fixes: 771a52584096 ("IB/IPoIB: ibX: failed to create mcg debug file") +Signed-off-by: Alaa Hleihel +Signed-off-by: Leon Romanovsky +Reviewed-by: Dennis Dalessandro +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/ulp/ipoib/ipoib_fs.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/drivers/infiniband/ulp/ipoib/ipoib_fs.c b/drivers/infiniband/ulp/ipoib/ipoib_fs.c +index 09396bd7b02d2..63be3bcdc0e38 100644 +--- a/drivers/infiniband/ulp/ipoib/ipoib_fs.c ++++ b/drivers/infiniband/ulp/ipoib/ipoib_fs.c +@@ -281,8 +281,6 @@ void ipoib_delete_debug_files(struct net_device *dev) + { + struct ipoib_dev_priv *priv = netdev_priv(dev); + +- WARN_ONCE(!priv->mcg_dentry, "null mcg debug file\n"); +- WARN_ONCE(!priv->path_dentry, "null path debug file\n"); + debugfs_remove(priv->mcg_dentry); + debugfs_remove(priv->path_dentry); + priv->mcg_dentry = priv->path_dentry = NULL; +-- +2.20.1 + diff --git a/queue-4.4/kvm-vmx-do-not-allow-reexecute_instruction-when-skip.patch b/queue-4.4/kvm-vmx-do-not-allow-reexecute_instruction-when-skip.patch new file mode 100644 index 00000000000..c5d6b340197 --- /dev/null +++ b/queue-4.4/kvm-vmx-do-not-allow-reexecute_instruction-when-skip.patch @@ -0,0 +1,53 @@ +From fc283aa375f247c12ba583b9510de1487b52b5f4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 23 Aug 2018 13:56:46 -0700 +Subject: KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO + instr +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Sean Christopherson + +[ Upstream commit c4409905cd6eb42cfd06126e9226b0150e05a715 ] + +Re-execution after an emulation decode failure is only intended to +handle a case where two or vCPUs race to write a shadowed page, i.e. +we should never re-execute an instruction as part of MMIO emulation. +As handle_ept_misconfig() is only used for MMIO emulation, it should +pass EMULTYPE_NO_REEXECUTE when using the emulator to skip an instr +in the fast-MMIO case where VM_EXIT_INSTRUCTION_LEN is invalid. + +And because the cr2 value passed to x86_emulate_instruction() is only +destined for use when retrying or reexecuting, we can simply call +emulate_instruction(). + +Fixes: d391f1207067 ("x86/kvm/vmx: do not use vm-exit instruction length + for fast MMIO when running nested") +Cc: Vitaly Kuznetsov +Signed-off-by: Sean Christopherson +Cc: stable@vger.kernel.org +Signed-off-by: Radim Krčmář +Signed-off-by: Sasha Levin +--- + arch/x86/kvm/vmx.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c +index 78daf891abec8..2634b45562026 100644 +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -6187,8 +6187,8 @@ static int handle_ept_misconfig(struct kvm_vcpu *vcpu) + return 1; + } + else +- return x86_emulate_instruction(vcpu, gpa, EMULTYPE_SKIP, +- NULL, 0) == EMULATE_DONE; ++ return emulate_instruction(vcpu, EMULTYPE_SKIP) == ++ EMULATE_DONE; + } + + ret = handle_mmio_page_fault(vcpu, gpa, true); +-- +2.20.1 + diff --git a/queue-4.4/net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch b/queue-4.4/net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch new file mode 100644 index 00000000000..54420165efe --- /dev/null +++ b/queue-4.4/net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch @@ -0,0 +1,63 @@ +From 883924dcc53b683c5e85330b041be3be23a55623 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 9 Oct 2018 17:48:15 +0200 +Subject: net: ipv4: don't let PMTU updates increase route MTU + +From: Sabrina Dubroca + +[ Upstream commit 28d35bcdd3925e7293408cdb8aa5f2aac5f0d6e3 ] + +When an MTU update with PMTU smaller than net.ipv4.route.min_pmtu is +received, we must clamp its value. However, we can receive a PMTU +exception with PMTU < old_mtu < ip_rt_min_pmtu, which would lead to an +increase in PMTU. + +To fix this, take the smallest of the old MTU and ip_rt_min_pmtu. + +Before this patch, in case of an update, the exception's MTU would +always change. Now, an exception can have only its lock flag updated, +but not the MTU, so we need to add a check on locking to the following +"is this exception getting updated, or close to expiring?" test. + +Fixes: d52e5a7e7ca4 ("ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu") +Signed-off-by: Sabrina Dubroca +Reviewed-by: Stefano Brivio +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/ipv4/route.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/net/ipv4/route.c b/net/ipv4/route.c +index 42132ac2c497e..988c132319c48 100644 +--- a/net/ipv4/route.c ++++ b/net/ipv4/route.c +@@ -985,21 +985,22 @@ out: kfree_skb(skb); + static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu) + { + struct dst_entry *dst = &rt->dst; ++ u32 old_mtu = ipv4_mtu(dst); + struct fib_result res; + bool lock = false; + + if (ip_mtu_locked(dst)) + return; + +- if (ipv4_mtu(dst) < mtu) ++ if (old_mtu < mtu) + return; + + if (mtu < ip_rt_min_pmtu) { + lock = true; +- mtu = ip_rt_min_pmtu; ++ mtu = min(old_mtu, ip_rt_min_pmtu); + } + +- if (rt->rt_pmtu == mtu && ++ if (rt->rt_pmtu == mtu && !lock && + time_before(jiffies, dst->expires - ip_rt_mtu_expires / 2)) + return; + +-- +2.20.1 + diff --git a/queue-4.4/series b/queue-4.4/series index da1d4a790aa..20b1c5d3fb6 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -41,3 +41,9 @@ vxlan-check-return-value-of-gro_cells_init.patch hsr-use-rcu_read_lock-in-hsr_get_node_-list-status.patch hsr-add-restart-routine-into-hsr_get_node_list.patch hsr-set-.netnsok-flag.patch +vhost-check-docket-sk_family-instead-of-call-getname.patch +ib-ipoib-do-not-warn-if-ipoib-debugfs-doesn-t-exist.patch +uapi-glibc-compat-fix-outer-guard-of-net-device-flag.patch +kvm-vmx-do-not-allow-reexecute_instruction-when-skip.patch +drivers-hwspinlock-use-correct-radix-tree-api.patch +net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch diff --git a/queue-4.4/uapi-glibc-compat-fix-outer-guard-of-net-device-flag.patch b/queue-4.4/uapi-glibc-compat-fix-outer-guard-of-net-device-flag.patch new file mode 100644 index 00000000000..3f94944cef7 --- /dev/null +++ b/queue-4.4/uapi-glibc-compat-fix-outer-guard-of-net-device-flag.patch @@ -0,0 +1,53 @@ +From d28c6d66e890f4c5a08b2e09b6574d6dabe475a8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 3 Dec 2016 17:31:45 +0100 +Subject: uapi glibc compat: fix outer guard of net device flags enum + +From: Jonas Gorski + +[ Upstream commit efc45154828ae4e49c6b46f59882bfef32697d44 ] + +Fix a wrong condition preventing the higher net device flags +IFF_LOWER_UP etc to be defined if net/if.h is included before +linux/if.h. + +The comment makes it clear the intention was to allow partial +definition with either parts. + +This fixes compilation of userspace programs trying to use +IFF_LOWER_UP, IFF_DORMANT or IFF_ECHO. + +Fixes: 4a91cb61bb99 ("uapi glibc compat: fix compile errors when glibc net/if.h included before linux/if.h") +Signed-off-by: Jonas Gorski +Reviewed-by: Mikko Rapeli +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + include/uapi/linux/if.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/include/uapi/linux/if.h b/include/uapi/linux/if.h +index 752f5dc040a51..0829d6d5e917a 100644 +--- a/include/uapi/linux/if.h ++++ b/include/uapi/linux/if.h +@@ -31,7 +31,7 @@ + #include + + /* For glibc compatibility. An empty enum does not compile. */ +-#if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 && \ ++#if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 || \ + __UAPI_DEF_IF_NET_DEVICE_FLAGS != 0 + /** + * enum net_device_flags - &struct net_device flags +@@ -99,7 +99,7 @@ enum net_device_flags { + IFF_ECHO = 1<<18, /* volatile */ + #endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO */ + }; +-#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 && __UAPI_DEF_IF_NET_DEVICE_FLAGS != 0 */ ++#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 || __UAPI_DEF_IF_NET_DEVICE_FLAGS != 0 */ + + /* for compatibility with glibc net/if.h */ + #if __UAPI_DEF_IF_NET_DEVICE_FLAGS +-- +2.20.1 + diff --git a/queue-4.4/vhost-check-docket-sk_family-instead-of-call-getname.patch b/queue-4.4/vhost-check-docket-sk_family-instead-of-call-getname.patch new file mode 100644 index 00000000000..ccd5756f648 --- /dev/null +++ b/queue-4.4/vhost-check-docket-sk_family-instead-of-call-getname.patch @@ -0,0 +1,64 @@ +From 681b8cec375daf643eadf0b2a9c4204d2866cea9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 5 Mar 2020 17:30:05 +0100 +Subject: vhost: Check docket sk_family instead of call getname +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Eugenio Pérez + +[ Upstream commit 42d84c8490f9f0931786f1623191fcab397c3d64 ] + +Doing so, we save one call to get data we already have in the struct. + +Also, since there is no guarantee that getname use sockaddr_ll +parameter beyond its size, we add a little bit of security here. +It should do not do beyond MAX_ADDR_LEN, but syzbot found that +ax25_getname writes more (72 bytes, the size of full_sockaddr_ax25, +versus 20 + 32 bytes of sockaddr_ll + MAX_ADDR_LEN in syzbot repro). + +Fixes: 3a4d5c94e9593 ("vhost_net: a kernel-level virtio server") +Reported-by: syzbot+f2a62d07a5198c819c7b@syzkaller.appspotmail.com +Signed-off-by: Eugenio Pérez +Acked-by: Michael S. Tsirkin +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/vhost/net.c | 13 ++----------- + 1 file changed, 2 insertions(+), 11 deletions(-) + +diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c +index 1459dc9fd7010..5efac33c29dcb 100644 +--- a/drivers/vhost/net.c ++++ b/drivers/vhost/net.c +@@ -815,11 +815,7 @@ static int vhost_net_release(struct inode *inode, struct file *f) + + static struct socket *get_raw_socket(int fd) + { +- struct { +- struct sockaddr_ll sa; +- char buf[MAX_ADDR_LEN]; +- } uaddr; +- int uaddr_len = sizeof uaddr, r; ++ int r; + struct socket *sock = sockfd_lookup(fd, &r); + + if (!sock) +@@ -831,12 +827,7 @@ static struct socket *get_raw_socket(int fd) + goto err; + } + +- r = sock->ops->getname(sock, (struct sockaddr *)&uaddr.sa, +- &uaddr_len, 0); +- if (r) +- goto err; +- +- if (uaddr.sa.sll_family != AF_PACKET) { ++ if (sock->sk->sk_family != AF_PACKET) { + r = -EPFNOSUPPORT; + goto err; + } +-- +2.20.1 +