From: Greg Kroah-Hartman Date: Wed, 31 Jul 2024 05:56:27 +0000 (+0200) Subject: 6.10-stable patches X-Git-Tag: v6.1.103~11 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a8078513341a6821c2a64ee916905872828fb56d;p=thirdparty%2Fkernel%2Fstable-queue.git 6.10-stable patches added patches: powerpc-configs-update-defconfig-with-now-user-visible-config_fsl_ifc.patch selftests-bpf-denylist.aarch64-skip-fexit_sleep-again.patch selinux-smack-remove-the-capability-checks-in-the-removexattr-hooks.patch --- diff --git a/queue-6.10/powerpc-configs-update-defconfig-with-now-user-visible-config_fsl_ifc.patch b/queue-6.10/powerpc-configs-update-defconfig-with-now-user-visible-config_fsl_ifc.patch new file mode 100644 index 00000000000..7a4edc6a17c --- /dev/null +++ b/queue-6.10/powerpc-configs-update-defconfig-with-now-user-visible-config_fsl_ifc.patch @@ -0,0 +1,41 @@ +From 45547a0a93d85f704b49788cde2e1d9ab9cd363b Mon Sep 17 00:00:00 2001 +From: Esben Haabendal +Date: Thu, 30 May 2024 16:46:37 +0200 +Subject: powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC + +From: Esben Haabendal + +commit 45547a0a93d85f704b49788cde2e1d9ab9cd363b upstream. + +With CONFIG_FSL_IFC now being user-visible, and thus changed from a select +to depends in CONFIG_MTD_NAND_FSL_IFC, the dependencies needs to be +selected in defconfigs. + +Depends-on: 9ba0cae3cac0 ("memory: fsl_ifc: Make FSL_IFC config visible and selectable") +Signed-off-by: Esben Haabendal +Reviewed-by: Krzysztof Kozlowski +Signed-off-by: Michael Ellerman +Link: https://msgid.link/20240530-fsl-ifc-config-v3-2-1fd2c3d233dd@geanix.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/configs/85xx-hw.config | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/powerpc/configs/85xx-hw.config ++++ b/arch/powerpc/configs/85xx-hw.config +@@ -24,6 +24,7 @@ CONFIG_FS_ENET=y + CONFIG_FSL_CORENET_CF=y + CONFIG_FSL_DMA=y + CONFIG_FSL_HV_MANAGER=y ++CONFIG_FSL_IFC=y + CONFIG_FSL_PQ_MDIO=y + CONFIG_FSL_RIO=y + CONFIG_FSL_XGMAC_MDIO=y +@@ -58,6 +59,7 @@ CONFIG_INPUT_FF_MEMLESS=m + CONFIG_MARVELL_PHY=y + CONFIG_MDIO_BUS_MUX_GPIO=y + CONFIG_MDIO_BUS_MUX_MMIOREG=y ++CONFIG_MEMORY=y + CONFIG_MMC_SDHCI_OF_ESDHC=y + CONFIG_MMC_SDHCI_PLTFM=y + CONFIG_MMC_SDHCI=y diff --git a/queue-6.10/selftests-bpf-denylist.aarch64-skip-fexit_sleep-again.patch b/queue-6.10/selftests-bpf-denylist.aarch64-skip-fexit_sleep-again.patch new file mode 100644 index 00000000000..a1949642baa --- /dev/null +++ b/queue-6.10/selftests-bpf-denylist.aarch64-skip-fexit_sleep-again.patch @@ -0,0 +1,43 @@ +From 517125f6749402e579f715519147145944f12ad9 Mon Sep 17 00:00:00 2001 +From: Daniel Borkmann +Date: Fri, 12 Jul 2024 18:12:30 +0200 +Subject: selftests/bpf: DENYLIST.aarch64: Skip fexit_sleep again + +From: Daniel Borkmann + +commit 517125f6749402e579f715519147145944f12ad9 upstream. + +Revert commit 90dc946059b7 ("selftests/bpf: DENYLIST.aarch64: Remove +fexit_sleep") again. The fix in 19d3c179a377 ("bpf, arm64: Fix trampoline +for BPF_TRAMP_F_CALL_ORIG") does not address all of the issues and BPF +CI is still hanging and timing out: + + https://github.com/kernel-patches/bpf/actions/runs/9905842936/job/27366435436 + + [...] + #89/11 fexit_bpf2bpf/func_replace_global_func:OK + #89/12 fexit_bpf2bpf/fentry_to_cgroup_bpf:OK + #89/13 fexit_bpf2bpf/func_replace_progmap:OK + #89 fexit_bpf2bpf:OK + Error: The operation was canceled. + +Thus more investigation work & fixing is needed before the test can be put +in place again. + +Signed-off-by: Daniel Borkmann +Cc: Puranjay Mohan +Link: https://lore.kernel.org/bpf/20240705145009.32340-1-puranjay@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/bpf/DENYLIST.aarch64 | 1 + + 1 file changed, 1 insertion(+) + +--- a/tools/testing/selftests/bpf/DENYLIST.aarch64 ++++ b/tools/testing/selftests/bpf/DENYLIST.aarch64 +@@ -1,5 +1,6 @@ + bpf_cookie/multi_kprobe_attach_api # kprobe_multi_link_api_subtest:FAIL:fentry_raw_skel_load unexpected error: -3 + bpf_cookie/multi_kprobe_link_api # kprobe_multi_link_api_subtest:FAIL:fentry_raw_skel_load unexpected error: -3 ++fexit_sleep # The test never returns. The remaining tests cannot start. + kprobe_multi_bench_attach # needs CONFIG_FPROBE + kprobe_multi_test # needs CONFIG_FPROBE + module_attach # prog 'kprobe_multi': failed to auto-attach: -95 diff --git a/queue-6.10/selinux-smack-remove-the-capability-checks-in-the-removexattr-hooks.patch b/queue-6.10/selinux-smack-remove-the-capability-checks-in-the-removexattr-hooks.patch new file mode 100644 index 00000000000..404769ac49e --- /dev/null +++ b/queue-6.10/selinux-smack-remove-the-capability-checks-in-the-removexattr-hooks.patch @@ -0,0 +1,61 @@ +From dd44477e7fa15ba3b100dfc67bf7cf083f3dccf6 Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Wed, 3 Jul 2024 17:00:20 -0400 +Subject: selinux,smack: remove the capability checks in the removexattr hooks + +From: Paul Moore + +commit dd44477e7fa15ba3b100dfc67bf7cf083f3dccf6 upstream. + +Commit 61df7b828204 ("lsm: fixup the inode xattr capability handling") +moved the responsibility of doing the inode xattr capability checking +out of the individual LSMs and into the LSM framework itself. +Unfortunately, while the original commit added the capability checks +to both the setxattr and removexattr code in the LSM framework, it +only removed the setxattr capability checks from the individual LSMs, +leaving duplicated removexattr capability checks in both the SELinux +and Smack code. + +This patch removes the duplicated code from SELinux and Smack. + +Fixes: 61df7b828204 ("lsm: fixup the inode xattr capability handling") +Acked-by: Casey Schaufler +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman +--- + security/selinux/hooks.c | 10 ++-------- + security/smack/smack_lsm.c | 3 +-- + 2 files changed, 3 insertions(+), 10 deletions(-) + +--- a/security/selinux/hooks.c ++++ b/security/selinux/hooks.c +@@ -3356,15 +3356,9 @@ static int selinux_inode_listxattr(struc + static int selinux_inode_removexattr(struct mnt_idmap *idmap, + struct dentry *dentry, const char *name) + { +- if (strcmp(name, XATTR_NAME_SELINUX)) { +- int rc = cap_inode_removexattr(idmap, dentry, name); +- if (rc) +- return rc; +- +- /* Not an attribute we recognize, so just check the +- ordinary setattr permission. */ ++ /* if not a selinux xattr, only check the ordinary setattr perm */ ++ if (strcmp(name, XATTR_NAME_SELINUX)) + return dentry_has_perm(current_cred(), dentry, FILE__SETATTR); +- } + + if (!selinux_initialized()) + return 0; +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -1461,8 +1461,7 @@ static int smack_inode_removexattr(struc + strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { + if (!smack_privileged(CAP_MAC_ADMIN)) + rc = -EPERM; +- } else +- rc = cap_inode_removexattr(idmap, dentry, name); ++ } + + if (rc != 0) + return rc; diff --git a/queue-6.10/series b/queue-6.10/series index c4a28063b08..7dfdfa9182f 100644 --- a/queue-6.10/series +++ b/queue-6.10/series @@ -353,8 +353,6 @@ drm-panic-do-not-select-drm_kms_helper.patch drm-mediatek-remove-less-than-zero-comparison-of-an-.patch ext4-fix-infinite-loop-when-replaying-fast_commit.patch drm-amd-display-add-null-check-before-access-structs.patch -perf-tests-add-some-pmu-core-functionality-tests.patch -perf-pmu-restore-full-pmu-name-wildcard-support.patch drm-mediatek-dpi-dsi-fix-possible_crtcs-calculation.patch drm-mediatek-dp-fix-spurious-kfree.patch perf-stat-fix-a-segfault-with-per-cluster-metric-onl.patch @@ -806,3 +804,6 @@ i3c-mipi-i3c-hci-fix-number-of-dat-dct-entries-for-h.patch fs-don-t-allow-non-init-s_user_ns-for-filesystems-wi.patch wifi-ath12k-fix-mbssid-max-interface-advertisement.patch perf-dso-fix-build-when-libunwind-is-enabled.patch +powerpc-configs-update-defconfig-with-now-user-visible-config_fsl_ifc.patch +selinux-smack-remove-the-capability-checks-in-the-removexattr-hooks.patch +selftests-bpf-denylist.aarch64-skip-fexit_sleep-again.patch