From: Greg Kroah-Hartman Date: Mon, 7 Feb 2022 08:38:34 +0000 (+0100) Subject: 5.16-stable patches X-Git-Tag: v4.9.300~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2762aa876767cfef0808b415e740a48da2d3f32b;p=thirdparty%2Fkernel%2Fstable-queue.git 5.16-stable patches added patches: gpio-idt3243x-fix-an-ignored-error-return-from-platform_get_irq.patch gpio-mpc8xxx-fix-an-ignored-error-return-from-platform_get_irq.patch selftests-netfilter-check-stateless-nat-udp-checksum-fixup.patch selftests-nft_concat_range-add-test-for-reload-with-no-element-add-del.patch --- diff --git a/queue-5.16/gpio-idt3243x-fix-an-ignored-error-return-from-platform_get_irq.patch b/queue-5.16/gpio-idt3243x-fix-an-ignored-error-return-from-platform_get_irq.patch new file mode 100644 index 00000000000..60f6a7fab19 --- /dev/null +++ b/queue-5.16/gpio-idt3243x-fix-an-ignored-error-return-from-platform_get_irq.patch @@ -0,0 +1,37 @@ +From 7c1cf55577782725ea2bc24687767c8fe8e57486 Mon Sep 17 00:00:00 2001 +From: Yang Li +Date: Wed, 19 Jan 2022 09:04:31 +0800 +Subject: gpio: idt3243x: Fix an ignored error return from platform_get_irq() + +From: Yang Li + +commit 7c1cf55577782725ea2bc24687767c8fe8e57486 upstream. + +The return from the call to platform_get_irq() is int, it can be +a negative error code, however this is being assigned to an unsigned +int variable 'parent_irq', so making 'parent_irq' an int. + +Eliminate the following coccicheck warning: +./drivers/gpio/gpio-idt3243x.c:167:6-16: WARNING: Unsigned expression +compared with zero: parent_irq < 0 + +Reported-by: Abaci Robot +Fixes: 30fee1d7462a ("gpio: idt3243x: Fix IRQ check in idt_gpio_probe") +Signed-off-by: Yang Li +Signed-off-by: Bartosz Golaszewski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpio/gpio-idt3243x.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpio/gpio-idt3243x.c ++++ b/drivers/gpio/gpio-idt3243x.c +@@ -132,7 +132,7 @@ static int idt_gpio_probe(struct platfor + struct device *dev = &pdev->dev; + struct gpio_irq_chip *girq; + struct idt_gpio_ctrl *ctrl; +- unsigned int parent_irq; ++ int parent_irq; + int ngpios; + int ret; + diff --git a/queue-5.16/gpio-mpc8xxx-fix-an-ignored-error-return-from-platform_get_irq.patch b/queue-5.16/gpio-mpc8xxx-fix-an-ignored-error-return-from-platform_get_irq.patch new file mode 100644 index 00000000000..400a9d74bf6 --- /dev/null +++ b/queue-5.16/gpio-mpc8xxx-fix-an-ignored-error-return-from-platform_get_irq.patch @@ -0,0 +1,37 @@ +From 9f51ce0b9e73f83bab2442b36d5e247a81bd3401 Mon Sep 17 00:00:00 2001 +From: Yang Li +Date: Wed, 19 Jan 2022 09:04:32 +0800 +Subject: gpio: mpc8xxx: Fix an ignored error return from platform_get_irq() + +From: Yang Li + +commit 9f51ce0b9e73f83bab2442b36d5e247a81bd3401 upstream. + +The return from the call to platform_get_irq() is int, it can be +a negative error code, however this is being assigned to an unsigned +int variable 'irqn', so making 'irqn' an int. + +Eliminate the following coccicheck warning: +./drivers/gpio/gpio-mpc8xxx.c:391:5-21: WARNING: Unsigned expression +compared with zero: mpc8xxx_gc -> irqn < 0 + +Reported-by: Abaci Robot +Fixes: 0b39536cc699 ("gpio: mpc8xxx: Fix IRQ check in mpc8xxx_probe") +Signed-off-by: Yang Li +Signed-off-by: Bartosz Golaszewski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpio/gpio-mpc8xxx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpio/gpio-mpc8xxx.c ++++ b/drivers/gpio/gpio-mpc8xxx.c +@@ -47,7 +47,7 @@ struct mpc8xxx_gpio_chip { + unsigned offset, int value); + + struct irq_domain *irq; +- unsigned int irqn; ++ int irqn; + }; + + /* diff --git a/queue-5.16/selftests-netfilter-check-stateless-nat-udp-checksum-fixup.patch b/queue-5.16/selftests-netfilter-check-stateless-nat-udp-checksum-fixup.patch new file mode 100644 index 00000000000..a27d3ca3129 --- /dev/null +++ b/queue-5.16/selftests-netfilter-check-stateless-nat-udp-checksum-fixup.patch @@ -0,0 +1,208 @@ +From aad51ca71ad83273e8826d6cfdcf53c98748d1fa Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Mon, 24 Jan 2022 22:09:15 +0100 +Subject: selftests: netfilter: check stateless nat udp checksum fixup + +From: Florian Westphal + +commit aad51ca71ad83273e8826d6cfdcf53c98748d1fa upstream. + +Add a test that sends large udp packet (which is fragmented) +via a stateless nft nat rule, i.e. 'ip saddr set 10.2.3.4' +and check that the datagram is received by peer. + +On kernels without +commit 4e1860a38637 ("netfilter: nft_payload: do not update layer 4 checksum when mangling fragments")', +this will fail with: + +cmp: EOF on /tmp/tmp.V1q0iXJyQF which is empty +-rw------- 1 root root 4096 Jan 24 22:03 /tmp/tmp.Aaqnq4rBKS +-rw------- 1 root root 0 Jan 24 22:03 /tmp/tmp.V1q0iXJyQF +ERROR: in and output file mismatch when checking udp with stateless nat +FAIL: nftables v1.0.0 (Fearless Fosdick #2) + +On patched kernels, this will show: +PASS: IP statless for ns2-PFp89amx + +Signed-off-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/netfilter/nft_nat.sh | 152 +++++++++++++++++++++++++++ + 1 file changed, 152 insertions(+) + +--- a/tools/testing/selftests/netfilter/nft_nat.sh ++++ b/tools/testing/selftests/netfilter/nft_nat.sh +@@ -898,6 +898,144 @@ EOF + ip netns exec "$ns0" nft delete table $family nat + } + ++test_stateless_nat_ip() ++{ ++ local lret=0 ++ ++ ip netns exec "$ns0" sysctl net.ipv4.conf.veth0.forwarding=1 > /dev/null ++ ip netns exec "$ns0" sysctl net.ipv4.conf.veth1.forwarding=1 > /dev/null ++ ++ ip netns exec "$ns2" ping -q -c 1 10.0.1.99 > /dev/null # ping ns2->ns1 ++ if [ $? -ne 0 ] ; then ++ echo "ERROR: cannot ping $ns1 from $ns2 before loading stateless rules" ++ return 1 ++ fi ++ ++ip netns exec "$ns0" nft -f /dev/stdin < /dev/null # ping ns2->ns1 ++ if [ $? -ne 0 ] ; then ++ echo "ERROR: cannot ping $ns1 from $ns2 with stateless rules" ++ lret=1 ++ fi ++ ++ # ns1 should have seen packets from .2.2, due to stateless rewrite. ++ expect="packets 1 bytes 84" ++ cnt=$(ip netns exec "$ns1" nft list counter inet filter ns0insl | grep -q "$expect") ++ if [ $? -ne 0 ]; then ++ bad_counter "$ns1" ns0insl "$expect" "test_stateless 1" ++ lret=1 ++ fi ++ ++ for dir in "in" "out" ; do ++ cnt=$(ip netns exec "$ns2" nft list counter inet filter ns1${dir} | grep -q "$expect") ++ if [ $? -ne 0 ]; then ++ bad_counter "$ns2" ns1$dir "$expect" "test_stateless 2" ++ lret=1 ++ fi ++ done ++ ++ # ns1 should not have seen packets from ns2, due to masquerade ++ expect="packets 0 bytes 0" ++ for dir in "in" "out" ; do ++ cnt=$(ip netns exec "$ns1" nft list counter inet filter ns2${dir} | grep -q "$expect") ++ if [ $? -ne 0 ]; then ++ bad_counter "$ns1" ns0$dir "$expect" "test_stateless 3" ++ lret=1 ++ fi ++ ++ cnt=$(ip netns exec "$ns0" nft list counter inet filter ns1${dir} | grep -q "$expect") ++ if [ $? -ne 0 ]; then ++ bad_counter "$ns0" ns1$dir "$expect" "test_stateless 4" ++ lret=1 ++ fi ++ done ++ ++ reset_counters ++ ++ socat -h > /dev/null 2>&1 ++ if [ $? -ne 0 ];then ++ echo "SKIP: Could not run stateless nat frag test without socat tool" ++ if [ $lret -eq 0 ]; then ++ return $ksft_skip ++ fi ++ ++ ip netns exec "$ns0" nft delete table ip stateless ++ return $lret ++ fi ++ ++ local tmpfile=$(mktemp) ++ dd if=/dev/urandom of=$tmpfile bs=4096 count=1 2>/dev/null ++ ++ local outfile=$(mktemp) ++ ip netns exec "$ns1" timeout 3 socat -u UDP4-RECV:4233 OPEN:$outfile < /dev/null & ++ sc_r=$! ++ ++ sleep 1 ++ # re-do with large ping -> ip fragmentation ++ ip netns exec "$ns2" timeout 3 socat - UDP4-SENDTO:"10.0.1.99:4233" < "$tmpfile" > /dev/null ++ if [ $? -ne 0 ] ; then ++ echo "ERROR: failed to test udp $ns1 to $ns2 with stateless ip nat" 1>&2 ++ lret=1 ++ fi ++ ++ wait ++ ++ cmp "$tmpfile" "$outfile" ++ if [ $? -ne 0 ]; then ++ ls -l "$tmpfile" "$outfile" ++ echo "ERROR: in and output file mismatch when checking udp with stateless nat" 1>&2 ++ lret=1 ++ fi ++ ++ rm -f "$tmpfile" "$outfile" ++ ++ # ns1 should have seen packets from 2.2, due to stateless rewrite. ++ expect="packets 3 bytes 4164" ++ cnt=$(ip netns exec "$ns1" nft list counter inet filter ns0insl | grep -q "$expect") ++ if [ $? -ne 0 ]; then ++ bad_counter "$ns1" ns0insl "$expect" "test_stateless 5" ++ lret=1 ++ fi ++ ++ ip netns exec "$ns0" nft delete table ip stateless ++ if [ $? -ne 0 ]; then ++ echo "ERROR: Could not delete table ip stateless" 1>&2 ++ lret=1 ++ fi ++ ++ test $lret -eq 0 && echo "PASS: IP statless for $ns2" ++ ++ return $lret ++} ++ + # ip netns exec "$ns0" ping -c 1 -q 10.0.$i.99 + for i in 0 1 2; do + ip netns exec ns$i-$sfx nft -f /dev/stdin < +Date: Wed, 26 Jan 2022 12:54:54 +0100 +Subject: selftests: nft_concat_range: add test for reload with no element add/del + +From: Florian Westphal + +commit eda0cf1202acf1ef47f93d8f92d4839213431424 upstream. + +Add a specific test for the reload issue fixed with +commit 23c54263efd7cb ("netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone"). + +Add to set, then flush set content + restore without other add/remove in +the transaction. + +On kernels before the fix, this test case fails: + net,mac with reload [FAIL] + +Signed-off-by: Florian Westphal +Reviewed-by: Stefano Brivio +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/netfilter/nft_concat_range.sh | 72 +++++++++++++++++- + 1 file changed, 71 insertions(+), 1 deletion(-) + +--- a/tools/testing/selftests/netfilter/nft_concat_range.sh ++++ b/tools/testing/selftests/netfilter/nft_concat_range.sh +@@ -27,7 +27,7 @@ TYPES="net_port port_net net6_port port_ + net6_port_net6_port net_port_mac_proto_net" + + # Reported bugs, also described by TYPE_ variables below +-BUGS="flush_remove_add" ++BUGS="flush_remove_add reload" + + # List of possible paths to pktgen script from kernel tree for performance tests + PKTGEN_SCRIPT_PATHS=" +@@ -354,6 +354,23 @@ TYPE_flush_remove_add=" + display Add two elements, flush, re-add + " + ++TYPE_reload=" ++display net,mac with reload ++type_spec ipv4_addr . ether_addr ++chain_spec ip daddr . ether saddr ++dst addr4 ++src mac ++start 1 ++count 1 ++src_delta 2000 ++tools sendip nc bash ++proto udp ++ ++race_repeat 0 ++ ++perf_duration 0 ++" ++ + # Set template for all tests, types and rules are filled in depending on test + set_template=' + flush ruleset +@@ -1473,6 +1490,59 @@ test_bug_flush_remove_add() { + nft flush ruleset + } + ++# - add ranged element, check that packets match it ++# - reload the set, check packets still match ++test_bug_reload() { ++ setup veth send_"${proto}" set || return ${KSELFTEST_SKIP} ++ rstart=${start} ++ ++ range_size=1 ++ for i in $(seq "${start}" $((start + count))); do ++ end=$((start + range_size)) ++ ++ # Avoid negative or zero-sized port ranges ++ if [ $((end / 65534)) -gt $((start / 65534)) ]; then ++ start=${end} ++ end=$((end + 1)) ++ fi ++ srcstart=$((start + src_delta)) ++ srcend=$((end + src_delta)) ++ ++ add "$(format)" || return 1 ++ range_size=$((range_size + 1)) ++ start=$((end + range_size)) ++ done ++ ++ # check kernel does allocate pcpu sctrach map ++ # for reload with no elemet add/delete ++ ( echo flush set inet filter test ; ++ nft list set inet filter test ) | nft -f - ++ ++ start=${rstart} ++ range_size=1 ++ ++ for i in $(seq "${start}" $((start + count))); do ++ end=$((start + range_size)) ++ ++ # Avoid negative or zero-sized port ranges ++ if [ $((end / 65534)) -gt $((start / 65534)) ]; then ++ start=${end} ++ end=$((end + 1)) ++ fi ++ srcstart=$((start + src_delta)) ++ srcend=$((end + src_delta)) ++ ++ for j in $(seq ${start} $((range_size / 2 + 1)) ${end}); do ++ send_match "${j}" $((j + src_delta)) || return 1 ++ done ++ ++ range_size=$((range_size + 1)) ++ start=$((end + range_size)) ++ done ++ ++ nft flush ruleset ++} ++ + test_reported_issues() { + eval test_bug_"${subtest}" + } diff --git a/queue-5.16/series b/queue-5.16/series index c117ea0fab5..309d5e6c2bd 100644 --- a/queue-5.16/series +++ b/queue-5.16/series @@ -120,3 +120,7 @@ ext4-fix-incorrect-type-issue-during-replay_del_range.patch net-dsa-mt7530-make-net_dsa_mt7530-select-mediatek_ge_phy.patch cgroup-cpuset-fix-suspicious-rcu-usage-lockdep-warning.patch tools-include-uapi-sync-sound-asound.h-copy-with-the-kernel-sources.patch +gpio-idt3243x-fix-an-ignored-error-return-from-platform_get_irq.patch +gpio-mpc8xxx-fix-an-ignored-error-return-from-platform_get_irq.patch +selftests-nft_concat_range-add-test-for-reload-with-no-element-add-del.patch +selftests-netfilter-check-stateless-nat-udp-checksum-fixup.patch