From: Greg Kroah-Hartman Date: Thu, 5 Sep 2024 08:14:45 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v6.1.109~16 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=281b307b54fd86f2fa44ead1ed3d05d384466332;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: block-initialize-integrity-buffer-to-zero-before-writing-it-to-media.patch udf-limit-file-size-to-4tb.patch virtio_net-fix-napi_skb_cache_put-warning.patch --- diff --git a/queue-4.19/block-initialize-integrity-buffer-to-zero-before-writing-it-to-media.patch b/queue-4.19/block-initialize-integrity-buffer-to-zero-before-writing-it-to-media.patch new file mode 100644 index 00000000000..c6ff097fe11 --- /dev/null +++ b/queue-4.19/block-initialize-integrity-buffer-to-zero-before-writing-it-to-media.patch @@ -0,0 +1,61 @@ +From 899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Thu, 13 Jun 2024 10:48:11 +0200 +Subject: block: initialize integrity buffer to zero before writing it to media + +From: Christoph Hellwig + +commit 899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f upstream. + +Metadata added by bio_integrity_prep is using plain kmalloc, which leads +to random kernel memory being written media. For PI metadata this is +limited to the app tag that isn't used by kernel generated metadata, +but for non-PI metadata the entire buffer leaks kernel memory. + +Fix this by adding the __GFP_ZERO flag to allocations for writes. + +Fixes: 7ba1ba12eeef ("block: Block layer data integrity support") +Signed-off-by: Christoph Hellwig +Reviewed-by: Martin K. Petersen +Reviewed-by: Kanchan Joshi +Reviewed-by: Chaitanya Kulkarni +Link: https://lore.kernel.org/r/20240613084839.1044015-2-hch@lst.de +Signed-off-by: Jens Axboe +Signed-off-by: Shivani Agarwal +Signed-off-by: Greg Kroah-Hartman +--- + block/bio-integrity.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/block/bio-integrity.c ++++ b/block/bio-integrity.c +@@ -227,6 +227,7 @@ bool bio_integrity_prep(struct bio *bio) + unsigned int bytes, offset, i; + unsigned int intervals; + blk_status_t status; ++ gfp_t gfp = GFP_NOIO; + + if (!bi) + return true; +@@ -249,12 +250,20 @@ bool bio_integrity_prep(struct bio *bio) + if (!bi->profile->generate_fn || + !(bi->flags & BLK_INTEGRITY_GENERATE)) + return true; ++ ++ /* ++ * Zero the memory allocated to not leak uninitialized kernel ++ * memory to disk. For PI this only affects the app tag, but ++ * for non-integrity metadata it affects the entire metadata ++ * buffer. ++ */ ++ gfp |= __GFP_ZERO; + } + intervals = bio_integrity_intervals(bi, bio_sectors(bio)); + + /* Allocate kernel buffer for protection data */ + len = intervals * bi->tuple_size; +- buf = kmalloc(len, GFP_NOIO | q->bounce_gfp); ++ buf = kmalloc(len, gfp | q->bounce_gfp); + status = BLK_STS_RESOURCE; + if (unlikely(buf == NULL)) { + printk(KERN_ERR "could not allocate integrity buffer\n"); diff --git a/queue-4.19/series b/queue-4.19/series index 54cbea522a1..b71b6db9fbe 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -10,3 +10,6 @@ apparmor-fix-possible-null-pointer-dereference.patch usbip-don-t-submit-special-requests-twice.patch smack-tcp-ipv4-fix-incorrect-labeling.patch media-uvcvideo-enforce-alignment-of-frame-and-interv.patch +block-initialize-integrity-buffer-to-zero-before-writing-it-to-media.patch +virtio_net-fix-napi_skb_cache_put-warning.patch +udf-limit-file-size-to-4tb.patch diff --git a/queue-4.19/udf-limit-file-size-to-4tb.patch b/queue-4.19/udf-limit-file-size-to-4tb.patch new file mode 100644 index 00000000000..aadb63afdf1 --- /dev/null +++ b/queue-4.19/udf-limit-file-size-to-4tb.patch @@ -0,0 +1,46 @@ +From c2efd13a2ed4f29bf9ef14ac2fbb7474084655f8 Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Wed, 25 Jan 2023 17:56:06 +0100 +Subject: udf: Limit file size to 4TB + +From: Jan Kara + +commit c2efd13a2ed4f29bf9ef14ac2fbb7474084655f8 upstream. + +UDF disk format supports in principle file sizes up to 1<<64-1. However +the file space (including holes) is described by a linked list of +extents, each of which can have at most 1GB. Thus the creation and +handling of extents gets unusably slow beyond certain point. Limit the +file size to 4TB to avoid locking up the kernel too easily. + +Signed-off-by: Jan Kara +Signed-off-by: Greg Kroah-Hartman +--- + fs/udf/super.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/fs/udf/super.c ++++ b/fs/udf/super.c +@@ -86,6 +86,13 @@ enum { + #define UDF_MAX_LVID_NESTING 1000 + + enum { UDF_MAX_LINKS = 0xffff }; ++/* ++ * We limit filesize to 4TB. This is arbitrary as the on-disk format supports ++ * more but because the file space is described by a linked list of extents, ++ * each of which can have at most 1GB, the creation and handling of extents ++ * gets unusably slow beyond certain point... ++ */ ++#define UDF_MAX_FILESIZE (1ULL << 42) + + /* These are the "meat" - everything else is stuffing */ + static int udf_fill_super(struct super_block *, void *, int); +@@ -2307,7 +2314,7 @@ static int udf_fill_super(struct super_b + ret = -ENOMEM; + goto error_out; + } +- sb->s_maxbytes = MAX_LFS_FILESIZE; ++ sb->s_maxbytes = UDF_MAX_FILESIZE; + sb->s_max_links = UDF_MAX_LINKS; + return 0; + diff --git a/queue-4.19/virtio_net-fix-napi_skb_cache_put-warning.patch b/queue-4.19/virtio_net-fix-napi_skb_cache_put-warning.patch new file mode 100644 index 00000000000..3e53aa09498 --- /dev/null +++ b/queue-4.19/virtio_net-fix-napi_skb_cache_put-warning.patch @@ -0,0 +1,88 @@ +From f8321fa75102246d7415a6af441872f6637c93ab Mon Sep 17 00:00:00 2001 +From: Breno Leitao +Date: Fri, 12 Jul 2024 04:53:25 -0700 +Subject: virtio_net: Fix napi_skb_cache_put warning + +From: Breno Leitao + +commit f8321fa75102246d7415a6af441872f6637c93ab upstream. + +After the commit bdacf3e34945 ("net: Use nested-BH locking for +napi_alloc_cache.") was merged, the following warning began to appear: + + WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0 + + __warn+0x12f/0x340 + napi_skb_cache_put+0x82/0x4b0 + napi_skb_cache_put+0x82/0x4b0 + report_bug+0x165/0x370 + handle_bug+0x3d/0x80 + exc_invalid_op+0x1a/0x50 + asm_exc_invalid_op+0x1a/0x20 + __free_old_xmit+0x1c8/0x510 + napi_skb_cache_put+0x82/0x4b0 + __free_old_xmit+0x1c8/0x510 + __free_old_xmit+0x1c8/0x510 + __pfx___free_old_xmit+0x10/0x10 + +The issue arises because virtio is assuming it's running in NAPI context +even when it's not, such as in the netpoll case. + +To resolve this, modify virtnet_poll_tx() to only set NAPI when budget +is available. Same for virtnet_poll_cleantx(), which always assumed that +it was in a NAPI context. + +Fixes: df133f3f9625 ("virtio_net: bulk free tx skbs") +Suggested-by: Jakub Kicinski +Signed-off-by: Breno Leitao +Reviewed-by: Jakub Kicinski +Acked-by: Michael S. Tsirkin +Acked-by: Jason Wang +Reviewed-by: Heng Qi +Link: https://patch.msgid.link/20240712115325.54175-1-leitao@debian.org +Signed-off-by: Jakub Kicinski +[Shivani: Modified to apply on v4.19.y-v5.10.y] +Signed-off-by: Shivani Agarwal +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/virtio_net.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/net/virtio_net.c ++++ b/drivers/net/virtio_net.c +@@ -1428,7 +1428,7 @@ static bool is_xdp_raw_buffer_queue(stru + return false; + } + +-static void virtnet_poll_cleantx(struct receive_queue *rq) ++static void virtnet_poll_cleantx(struct receive_queue *rq, int budget) + { + struct virtnet_info *vi = rq->vq->vdev->priv; + unsigned int index = vq2rxq(rq->vq); +@@ -1439,7 +1439,7 @@ static void virtnet_poll_cleantx(struct + return; + + if (__netif_tx_trylock(txq)) { +- free_old_xmit_skbs(sq, true); ++ free_old_xmit_skbs(sq, !!budget); + __netif_tx_unlock(txq); + } + +@@ -1456,7 +1456,7 @@ static int virtnet_poll(struct napi_stru + unsigned int received; + unsigned int xdp_xmit = 0; + +- virtnet_poll_cleantx(rq); ++ virtnet_poll_cleantx(rq, budget); + + received = virtnet_receive(rq, budget, &xdp_xmit); + +@@ -1526,7 +1526,7 @@ static int virtnet_poll_tx(struct napi_s + txq = netdev_get_tx_queue(vi->dev, index); + __netif_tx_lock(txq, raw_smp_processor_id()); + virtqueue_disable_cb(sq->vq); +- free_old_xmit_skbs(sq, true); ++ free_old_xmit_skbs(sq, !!budget); + + opaque = virtqueue_enable_cb_prepare(sq->vq); +