From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 15 Jul 2024 08:47:47 +0000 (+0200)
Subject: 6.6-stable patches
X-Git-Tag: v4.19.318~75
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a4072a79c03e9f731e1d3e390d4ca93426547357;p=thirdparty%2Fkernel%2Fstable-queue.git

6.6-stable patches

added patches:
	cifs-fix-setting-securityflags-to-true.patch
	revert-sched-fair-make-sure-to-try-to-detach-at-least-one-movable-task.patch
	tcp-avoid-too-many-retransmit-packets.patch
	tcp-use-signed-arithmetic-in-tcp_rtx_probe0_timed_out.patch
---

diff --git a/queue-6.6/cifs-fix-setting-securityflags-to-true.patch b/queue-6.6/cifs-fix-setting-securityflags-to-true.patch
new file mode 100644
index 00000000000..d17f7d65dbe
--- /dev/null
+++ b/queue-6.6/cifs-fix-setting-securityflags-to-true.patch
@@ -0,0 +1,94 @@
+From d2346e2836318a227057ed41061114cbebee5d2a Mon Sep 17 00:00:00 2001
+From: Steve French <stfrench@microsoft.com>
+Date: Tue, 9 Jul 2024 18:07:35 -0500
+Subject: cifs: fix setting SecurityFlags to true
+
+From: Steve French <stfrench@microsoft.com>
+
+commit d2346e2836318a227057ed41061114cbebee5d2a upstream.
+
+If you try to set /proc/fs/cifs/SecurityFlags to 1 it
+will set them to CIFSSEC_MUST_NTLMV2 which no longer is
+relevant (the less secure ones like lanman have been removed
+from cifs.ko) and is also missing some flags (like for
+signing and encryption) and can even cause mount to fail,
+so change this to set it to Kerberos in this case.
+
+Also change the description of the SecurityFlags to remove mention
+of flags which are no longer supported.
+
+Cc: stable@vger.kernel.org
+Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ Documentation/admin-guide/cifs/usage.rst |   34 +++++++++----------------------
+ fs/smb/client/cifsglob.h                 |    4 +--
+ 2 files changed, 12 insertions(+), 26 deletions(-)
+
+--- a/Documentation/admin-guide/cifs/usage.rst
++++ b/Documentation/admin-guide/cifs/usage.rst
+@@ -722,40 +722,26 @@ Configuration pseudo-files:
+ ======================= =======================================================
+ SecurityFlags		Flags which control security negotiation and
+ 			also packet signing. Authentication (may/must)
+-			flags (e.g. for NTLM and/or NTLMv2) may be combined with
++			flags (e.g. for NTLMv2) may be combined with
+ 			the signing flags.  Specifying two different password
+ 			hashing mechanisms (as "must use") on the other hand
+ 			does not make much sense. Default flags are::
+ 
+-				0x07007
++				0x00C5
+ 
+-			(NTLM, NTLMv2 and packet signing allowed).  The maximum
+-			allowable flags if you want to allow mounts to servers
+-			using weaker password hashes is 0x37037 (lanman,
+-			plaintext, ntlm, ntlmv2, signing allowed).  Some
+-			SecurityFlags require the corresponding menuconfig
+-			options to be enabled.  Enabling plaintext
+-			authentication currently requires also enabling
+-			lanman authentication in the security flags
+-			because the cifs module only supports sending
+-			laintext passwords using the older lanman dialect
+-			form of the session setup SMB.  (e.g. for authentication
+-			using plain text passwords, set the SecurityFlags
+-			to 0x30030)::
++			(NTLMv2 and packet signing allowed).  Some SecurityFlags
++			may require enabling a corresponding menuconfig option.
+ 
+ 			  may use packet signing			0x00001
+ 			  must use packet signing			0x01001
+-			  may use NTLM (most common password hash)	0x00002
+-			  must use NTLM					0x02002
+ 			  may use NTLMv2				0x00004
+ 			  must use NTLMv2				0x04004
+-			  may use Kerberos security			0x00008
+-			  must use Kerberos				0x08008
+-			  may use lanman (weak) password hash		0x00010
+-			  must use lanman password hash			0x10010
+-			  may use plaintext passwords			0x00020
+-			  must use plaintext passwords			0x20020
+-			  (reserved for future packet encryption)	0x00040
++			  may use Kerberos security (krb5)		0x00008
++			  must use Kerberos                             0x08008
++			  may use NTLMSSP               		0x00080
++			  must use NTLMSSP           			0x80080
++			  seal (packet encryption)			0x00040
++			  must seal (not implemented yet)               0x40040
+ 
+ cifsFYI			If set to non-zero value, additional debug information
+ 			will be logged to the system error log.  This field
+--- a/fs/smb/client/cifsglob.h
++++ b/fs/smb/client/cifsglob.h
+@@ -1939,8 +1939,8 @@ require use of the stronger protocol */
+ #define   CIFSSEC_MUST_SEAL	0x40040 /* not supported yet */
+ #define   CIFSSEC_MUST_NTLMSSP	0x80080 /* raw ntlmssp with ntlmv2 */
+ 
+-#define   CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLMV2 | CIFSSEC_MAY_NTLMSSP)
+-#define   CIFSSEC_MAX (CIFSSEC_MUST_NTLMV2)
++#define   CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLMV2 | CIFSSEC_MAY_NTLMSSP | CIFSSEC_MAY_SEAL)
++#define   CIFSSEC_MAX (CIFSSEC_MAY_SIGN | CIFSSEC_MUST_KRB5 | CIFSSEC_MAY_SEAL)
+ #define   CIFSSEC_AUTH_MASK (CIFSSEC_MAY_NTLMV2 | CIFSSEC_MAY_KRB5 | CIFSSEC_MAY_NTLMSSP)
+ /*
+  *****************************************************************
diff --git a/queue-6.6/revert-sched-fair-make-sure-to-try-to-detach-at-least-one-movable-task.patch b/queue-6.6/revert-sched-fair-make-sure-to-try-to-detach-at-least-one-movable-task.patch
new file mode 100644
index 00000000000..614ce2af6ac
--- /dev/null
+++ b/queue-6.6/revert-sched-fair-make-sure-to-try-to-detach-at-least-one-movable-task.patch
@@ -0,0 +1,65 @@
+From 2feab2492deb2f14f9675dd6388e9e2bf669c27a Mon Sep 17 00:00:00 2001
+From: Josh Don <joshdon@google.com>
+Date: Thu, 20 Jun 2024 14:44:50 -0700
+Subject: Revert "sched/fair: Make sure to try to detach at least one movable task"
+
+From: Josh Don <joshdon@google.com>
+
+commit 2feab2492deb2f14f9675dd6388e9e2bf669c27a upstream.
+
+This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06.
+
+b0defa7ae03ec changed the load balancing logic to ignore env.max_loop if
+all tasks examined to that point were pinned. The goal of the patch was
+to make it more likely to be able to detach a task buried in a long list
+of pinned tasks. However, this has the unfortunate side effect of
+creating an O(n) iteration in detach_tasks(), as we now must fully
+iterate every task on a cpu if all or most are pinned. Since this load
+balance code is done with rq lock held, and often in softirq context, it
+is very easy to trigger hard lockups. We observed such hard lockups with
+a user who affined O(10k) threads to a single cpu.
+
+When I discussed this with Vincent he initially suggested that we keep
+the limit on the number of tasks to detach, but increase the number of
+tasks we can search. However, after some back and forth on the mailing
+list, he recommended we instead revert the original patch, as it seems
+likely no one was actually getting hit by the original issue.
+
+Fixes: b0defa7ae03e ("sched/fair: Make sure to try to detach at least one movable task")
+Signed-off-by: Josh Don <joshdon@google.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Reviewed-by: Vincent Guittot <vincent.guittot@linaro.org>
+Link: https://lore.kernel.org/r/20240620214450.316280-1-joshdon@google.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/sched/fair.c |   12 +++---------
+ 1 file changed, 3 insertions(+), 9 deletions(-)
+
+--- a/kernel/sched/fair.c
++++ b/kernel/sched/fair.c
+@@ -8977,12 +8977,8 @@ static int detach_tasks(struct lb_env *e
+ 			break;
+ 
+ 		env->loop++;
+-		/*
+-		 * We've more or less seen every task there is, call it quits
+-		 * unless we haven't found any movable task yet.
+-		 */
+-		if (env->loop > env->loop_max &&
+-		    !(env->flags & LBF_ALL_PINNED))
++		/* We've more or less seen every task there is, call it quits */
++		if (env->loop > env->loop_max)
+ 			break;
+ 
+ 		/* take a breather every nr_migrate tasks */
+@@ -11259,9 +11255,7 @@ more_balance:
+ 
+ 		if (env.flags & LBF_NEED_BREAK) {
+ 			env.flags &= ~LBF_NEED_BREAK;
+-			/* Stop if we tried all running tasks */
+-			if (env.loop < busiest->nr_running)
+-				goto more_balance;
++			goto more_balance;
+ 		}
+ 
+ 		/*
diff --git a/queue-6.6/series b/queue-6.6/series
index 6e79659ec45..c993bf951bb 100644
--- a/queue-6.6/series
+++ b/queue-6.6/series
@@ -48,3 +48,7 @@ octeontx2-af-fix-a-issue-with-cpt_lf_alloc-mailbox.patch
 octeontx2-af-fix-detection-of-ip-layer.patch
 octeontx2-af-fix-issue-with-ipv6-ext-match-for-rss.patch
 octeontx2-af-fix-issue-with-ipv4-match-for-rss.patch
+cifs-fix-setting-securityflags-to-true.patch
+revert-sched-fair-make-sure-to-try-to-detach-at-least-one-movable-task.patch
+tcp-use-signed-arithmetic-in-tcp_rtx_probe0_timed_out.patch
+tcp-avoid-too-many-retransmit-packets.patch
diff --git a/queue-6.6/tcp-avoid-too-many-retransmit-packets.patch b/queue-6.6/tcp-avoid-too-many-retransmit-packets.patch
new file mode 100644
index 00000000000..095da50cdd4
--- /dev/null
+++ b/queue-6.6/tcp-avoid-too-many-retransmit-packets.patch
@@ -0,0 +1,71 @@
+From 97a9063518f198ec0adb2ecb89789de342bb8283 Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Wed, 10 Jul 2024 00:14:01 +0000
+Subject: tcp: avoid too many retransmit packets
+
+From: Eric Dumazet <edumazet@google.com>
+
+commit 97a9063518f198ec0adb2ecb89789de342bb8283 upstream.
+
+If a TCP socket is using TCP_USER_TIMEOUT, and the other peer
+retracted its window to zero, tcp_retransmit_timer() can
+retransmit a packet every two jiffies (2 ms for HZ=1000),
+for about 4 minutes after TCP_USER_TIMEOUT has 'expired'.
+
+The fix is to make sure tcp_rtx_probe0_timed_out() takes
+icsk->icsk_user_timeout into account.
+
+Before blamed commit, the socket would not timeout after
+icsk->icsk_user_timeout, but would use standard exponential
+backoff for the retransmits.
+
+Also worth noting that before commit e89688e3e978 ("net: tcp:
+fix unexcepted socket die when snd_wnd is 0"), the issue
+would last 2 minutes instead of 4.
+
+Fixes: b701a99e431d ("tcp: Add tcp_clamp_rto_to_user_timeout() helper to improve accuracy")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Neal Cardwell <ncardwell@google.com>
+Reviewed-by: Jason Xing <kerneljasonxing@gmail.com>
+Reviewed-by: Jon Maxwell <jmaxwell37@gmail.com>
+Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
+Link: https://patch.msgid.link/20240710001402.2758273-1-edumazet@google.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/tcp_timer.c |   16 ++++++++++++++--
+ 1 file changed, 14 insertions(+), 2 deletions(-)
+
+--- a/net/ipv4/tcp_timer.c
++++ b/net/ipv4/tcp_timer.c
+@@ -457,16 +457,28 @@ static void tcp_fastopen_synack_timer(st
+ static bool tcp_rtx_probe0_timed_out(const struct sock *sk,
+ 				     const struct sk_buff *skb)
+ {
++	const struct inet_connection_sock *icsk = inet_csk(sk);
++	u32 user_timeout = READ_ONCE(icsk->icsk_user_timeout);
+ 	const struct tcp_sock *tp = tcp_sk(sk);
+-	const int timeout = TCP_RTO_MAX * 2;
++	int timeout = TCP_RTO_MAX * 2;
+ 	u32 rtx_delta;
+ 	s32 rcv_delta;
+ 
++	if (user_timeout) {
++		/* If user application specified a TCP_USER_TIMEOUT,
++		 * it does not want win 0 packets to 'reset the timer'
++		 * while retransmits are not making progress.
++		 */
++		if (rtx_delta > user_timeout)
++			return true;
++		timeout = min_t(u32, timeout, msecs_to_jiffies(user_timeout));
++	}
++
+ 	/* Note: timer interrupt might have been delayed by at least one jiffy,
+ 	 * and tp->rcv_tstamp might very well have been written recently.
+ 	 * rcv_delta can thus be negative.
+ 	 */
+-	rcv_delta = inet_csk(sk)->icsk_timeout - tp->rcv_tstamp;
++	rcv_delta = icsk->icsk_timeout - tp->rcv_tstamp;
+ 	if (rcv_delta <= timeout)
+ 		return false;
+ 
diff --git a/queue-6.6/tcp-use-signed-arithmetic-in-tcp_rtx_probe0_timed_out.patch b/queue-6.6/tcp-use-signed-arithmetic-in-tcp_rtx_probe0_timed_out.patch
new file mode 100644
index 00000000000..d49e41669a8
--- /dev/null
+++ b/queue-6.6/tcp-use-signed-arithmetic-in-tcp_rtx_probe0_timed_out.patch
@@ -0,0 +1,51 @@
+From 36534d3c54537bf098224a32dc31397793d4594d Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Fri, 7 Jun 2024 12:56:52 +0000
+Subject: tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
+
+From: Eric Dumazet <edumazet@google.com>
+
+commit 36534d3c54537bf098224a32dc31397793d4594d upstream.
+
+Due to timer wheel implementation, a timer will usually fire
+after its schedule.
+
+For instance, for HZ=1000, a timeout between 512ms and 4s
+has a granularity of 64ms.
+For this range of values, the extra delay could be up to 63ms.
+
+For TCP, this means that tp->rcv_tstamp may be after
+inet_csk(sk)->icsk_timeout whenever the timer interrupt
+finally triggers, if one packet came during the extra delay.
+
+We need to make sure tcp_rtx_probe0_timed_out() handles this case.
+
+Fixes: e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Menglong Dong <imagedong@tencent.com>
+Acked-by: Neal Cardwell <ncardwell@google.com>
+Reviewed-by: Jason Xing <kerneljasonxing@gmail.com>
+Link: https://lore.kernel.org/r/20240607125652.1472540-1-edumazet@google.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/tcp_timer.c |    7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/net/ipv4/tcp_timer.c
++++ b/net/ipv4/tcp_timer.c
+@@ -459,8 +459,13 @@ static bool tcp_rtx_probe0_timed_out(con
+ {
+ 	const struct tcp_sock *tp = tcp_sk(sk);
+ 	const int timeout = TCP_RTO_MAX * 2;
+-	u32 rcv_delta, rtx_delta;
++	u32 rtx_delta;
++	s32 rcv_delta;
+ 
++	/* Note: timer interrupt might have been delayed by at least one jiffy,
++	 * and tp->rcv_tstamp might very well have been written recently.
++	 * rcv_delta can thus be negative.
++	 */
+ 	rcv_delta = inet_csk(sk)->icsk_timeout - tp->rcv_tstamp;
+ 	if (rcv_delta <= timeout)
+ 		return false;