From: Greg Kroah-Hartman Date: Thu, 12 Jan 2023 12:56:05 +0000 (+0100) Subject: 5.10-stable patches X-Git-Tag: v5.10.163~20 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=df787819e7aff08acbda8e9eb9d86ff5c3c4d1dd;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: ext4-disable-fast-commit-of-encrypted-dir-operations.patch ext4-don-t-set-up-encryption-key-during-jbd2-transaction.patch fsl_lpuart-don-t-enable-interrupts-too-early.patch mptcp-dedicated-request-sock-for-subflow-in-v6.patch mptcp-mark-ops-structures-as-ro_after_init.patch mptcp-remove-mptcp-ifdef-in-tcp-syn-cookies.patch mptcp-use-proper-req-destructor-for-ipv6.patch serial-fixup-backport-of-serial-deassert-transmit-enable-on-probe-in-driver-specific-way.patch --- diff --git a/queue-5.10/ext4-disable-fast-commit-of-encrypted-dir-operations.patch b/queue-5.10/ext4-disable-fast-commit-of-encrypted-dir-operations.patch new file mode 100644 index 00000000000..552e6886247 --- /dev/null +++ b/queue-5.10/ext4-disable-fast-commit-of-encrypted-dir-operations.patch @@ -0,0 +1,150 @@ +From 0fbcb5251fc81b58969b272c4fb7374a7b922e3e Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Sun, 6 Nov 2022 14:48:35 -0800 +Subject: ext4: disable fast-commit of encrypted dir operations + +From: Eric Biggers + +commit 0fbcb5251fc81b58969b272c4fb7374a7b922e3e upstream. + +fast-commit of create, link, and unlink operations in encrypted +directories is completely broken because the unencrypted filenames are +being written to the fast-commit journal instead of the encrypted +filenames. These operations can't be replayed, as encryption keys +aren't present at journal replay time. It is also an information leak. + +Until if/when we can get this working properly, make encrypted directory +operations ineligible for fast-commit. + +Note that fast-commit operations on encrypted regular files continue to +be allowed, as they seem to work. + +Fixes: aa75f4d3daae ("ext4: main fast-commit commit path") +Cc: # v5.10+ +Signed-off-by: Eric Biggers +Link: https://lore.kernel.org/r/20221106224841.279231-2-ebiggers@kernel.org +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/fast_commit.c | 40 ++++++++++++++++++++++++---------------- + fs/ext4/fast_commit.h | 1 + + include/trace/events/ext4.h | 7 +++++-- + 3 files changed, 30 insertions(+), 18 deletions(-) + +--- a/fs/ext4/fast_commit.c ++++ b/fs/ext4/fast_commit.c +@@ -371,25 +371,33 @@ static int __track_dentry_update(struct + struct __track_dentry_update_args *dentry_update = + (struct __track_dentry_update_args *)arg; + struct dentry *dentry = dentry_update->dentry; +- struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); ++ struct inode *dir = dentry->d_parent->d_inode; ++ struct super_block *sb = inode->i_sb; ++ struct ext4_sb_info *sbi = EXT4_SB(sb); + + mutex_unlock(&ei->i_fc_lock); ++ ++ if (IS_ENCRYPTED(dir)) { ++ ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_ENCRYPTED_FILENAME); ++ mutex_lock(&ei->i_fc_lock); ++ return -EOPNOTSUPP; ++ } ++ + node = kmem_cache_alloc(ext4_fc_dentry_cachep, GFP_NOFS); + if (!node) { +- ext4_fc_mark_ineligible(inode->i_sb, EXT4_FC_REASON_NOMEM); ++ ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_NOMEM); + mutex_lock(&ei->i_fc_lock); + return -ENOMEM; + } + + node->fcd_op = dentry_update->op; +- node->fcd_parent = dentry->d_parent->d_inode->i_ino; ++ node->fcd_parent = dir->i_ino; + node->fcd_ino = inode->i_ino; + if (dentry->d_name.len > DNAME_INLINE_LEN) { + node->fcd_name.name = kmalloc(dentry->d_name.len, GFP_NOFS); + if (!node->fcd_name.name) { + kmem_cache_free(ext4_fc_dentry_cachep, node); +- ext4_fc_mark_ineligible(inode->i_sb, +- EXT4_FC_REASON_NOMEM); ++ ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_NOMEM); + mutex_lock(&ei->i_fc_lock); + return -ENOMEM; + } +@@ -2142,17 +2150,17 @@ void ext4_fc_init(struct super_block *sb + journal->j_fc_cleanup_callback = ext4_fc_cleanup; + } + +-static const char *fc_ineligible_reasons[] = { +- "Extended attributes changed", +- "Cross rename", +- "Journal flag changed", +- "Insufficient memory", +- "Swap boot", +- "Resize", +- "Dir renamed", +- "Falloc range op", +- "Data journalling", +- "FC Commit Failed" ++static const char * const fc_ineligible_reasons[] = { ++ [EXT4_FC_REASON_XATTR] = "Extended attributes changed", ++ [EXT4_FC_REASON_CROSS_RENAME] = "Cross rename", ++ [EXT4_FC_REASON_JOURNAL_FLAG_CHANGE] = "Journal flag changed", ++ [EXT4_FC_REASON_NOMEM] = "Insufficient memory", ++ [EXT4_FC_REASON_SWAP_BOOT] = "Swap boot", ++ [EXT4_FC_REASON_RESIZE] = "Resize", ++ [EXT4_FC_REASON_RENAME_DIR] = "Dir renamed", ++ [EXT4_FC_REASON_FALLOC_RANGE] = "Falloc range op", ++ [EXT4_FC_REASON_INODE_JOURNAL_DATA] = "Data journalling", ++ [EXT4_FC_REASON_ENCRYPTED_FILENAME] = "Encrypted filename", + }; + + int ext4_fc_info_show(struct seq_file *seq, void *v) +--- a/fs/ext4/fast_commit.h ++++ b/fs/ext4/fast_commit.h +@@ -104,6 +104,7 @@ enum { + EXT4_FC_REASON_FALLOC_RANGE, + EXT4_FC_REASON_INODE_JOURNAL_DATA, + EXT4_FC_COMMIT_FAILED, ++ EXT4_FC_REASON_ENCRYPTED_FILENAME, + EXT4_FC_REASON_MAX + }; + +--- a/include/trace/events/ext4.h ++++ b/include/trace/events/ext4.h +@@ -104,6 +104,7 @@ TRACE_DEFINE_ENUM(EXT4_FC_REASON_RESIZE) + TRACE_DEFINE_ENUM(EXT4_FC_REASON_RENAME_DIR); + TRACE_DEFINE_ENUM(EXT4_FC_REASON_FALLOC_RANGE); + TRACE_DEFINE_ENUM(EXT4_FC_REASON_INODE_JOURNAL_DATA); ++TRACE_DEFINE_ENUM(EXT4_FC_REASON_ENCRYPTED_FILENAME); + TRACE_DEFINE_ENUM(EXT4_FC_REASON_MAX); + + #define show_fc_reason(reason) \ +@@ -116,7 +117,8 @@ TRACE_DEFINE_ENUM(EXT4_FC_REASON_MAX); + { EXT4_FC_REASON_RESIZE, "RESIZE"}, \ + { EXT4_FC_REASON_RENAME_DIR, "RENAME_DIR"}, \ + { EXT4_FC_REASON_FALLOC_RANGE, "FALLOC_RANGE"}, \ +- { EXT4_FC_REASON_INODE_JOURNAL_DATA, "INODE_JOURNAL_DATA"}) ++ { EXT4_FC_REASON_INODE_JOURNAL_DATA, "INODE_JOURNAL_DATA"}, \ ++ { EXT4_FC_REASON_ENCRYPTED_FILENAME, "ENCRYPTED_FILENAME"}) + + TRACE_EVENT(ext4_other_inode_update_time, + TP_PROTO(struct inode *inode, ino_t orig_ino), +@@ -2940,7 +2942,7 @@ TRACE_EVENT(ext4_fc_stats, + ), + + TP_printk("dev %d,%d fc ineligible reasons:\n" +- "%s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u " ++ "%s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u" + "num_commits:%lu, ineligible: %lu, numblks: %lu", + MAJOR(__entry->dev), MINOR(__entry->dev), + FC_REASON_NAME_STAT(EXT4_FC_REASON_XATTR), +@@ -2952,6 +2954,7 @@ TRACE_EVENT(ext4_fc_stats, + FC_REASON_NAME_STAT(EXT4_FC_REASON_RENAME_DIR), + FC_REASON_NAME_STAT(EXT4_FC_REASON_FALLOC_RANGE), + FC_REASON_NAME_STAT(EXT4_FC_REASON_INODE_JOURNAL_DATA), ++ FC_REASON_NAME_STAT(EXT4_FC_REASON_ENCRYPTED_FILENAME), + __entry->fc_commits, __entry->fc_ineligible_commits, + __entry->fc_numblks) + ); diff --git a/queue-5.10/ext4-don-t-set-up-encryption-key-during-jbd2-transaction.patch b/queue-5.10/ext4-don-t-set-up-encryption-key-during-jbd2-transaction.patch new file mode 100644 index 00000000000..721ad0a9881 --- /dev/null +++ b/queue-5.10/ext4-don-t-set-up-encryption-key-during-jbd2-transaction.patch @@ -0,0 +1,158 @@ +From 4c0d5778385cb3618ff26a561ce41de2b7d9de70 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Sun, 6 Nov 2022 14:48:36 -0800 +Subject: ext4: don't set up encryption key during jbd2 transaction + +From: Eric Biggers + +commit 4c0d5778385cb3618ff26a561ce41de2b7d9de70 upstream. + +Commit a80f7fcf1867 ("ext4: fixup ext4_fc_track_* functions' signature") +extended the scope of the transaction in ext4_unlink() too far, making +it include the call to ext4_find_entry(). However, ext4_find_entry() +can deadlock when called from within a transaction because it may need +to set up the directory's encryption key. + +Fix this by restoring the transaction to its original scope. + +Reported-by: syzbot+1a748d0007eeac3ab079@syzkaller.appspotmail.com +Fixes: a80f7fcf1867 ("ext4: fixup ext4_fc_track_* functions' signature") +Cc: # v5.10+ +Signed-off-by: Eric Biggers +Link: https://lore.kernel.org/r/20221106224841.279231-3-ebiggers@kernel.org +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/ext4.h | 4 ++-- + fs/ext4/fast_commit.c | 2 +- + fs/ext4/namei.c | 44 ++++++++++++++++++++++++-------------------- + 3 files changed, 27 insertions(+), 23 deletions(-) + +--- a/fs/ext4/ext4.h ++++ b/fs/ext4/ext4.h +@@ -3486,8 +3486,8 @@ extern int ext4_handle_dirty_dirblock(ha + extern int ext4_ci_compare(const struct inode *parent, + const struct qstr *fname, + const struct qstr *entry, bool quick); +-extern int __ext4_unlink(handle_t *handle, struct inode *dir, const struct qstr *d_name, +- struct inode *inode); ++extern int __ext4_unlink(struct inode *dir, const struct qstr *d_name, ++ struct inode *inode, struct dentry *dentry); + extern int __ext4_link(struct inode *dir, struct inode *inode, + struct dentry *dentry); + +--- a/fs/ext4/fast_commit.c ++++ b/fs/ext4/fast_commit.c +@@ -1300,7 +1300,7 @@ static int ext4_fc_replay_unlink(struct + return 0; + } + +- ret = __ext4_unlink(NULL, old_parent, &entry, inode); ++ ret = __ext4_unlink(old_parent, &entry, inode, NULL); + /* -ENOENT ok coz it might not exist anymore. */ + if (ret == -ENOENT) + ret = 0; +--- a/fs/ext4/namei.c ++++ b/fs/ext4/namei.c +@@ -3244,14 +3244,20 @@ end_rmdir: + return retval; + } + +-int __ext4_unlink(handle_t *handle, struct inode *dir, const struct qstr *d_name, +- struct inode *inode) ++int __ext4_unlink(struct inode *dir, const struct qstr *d_name, ++ struct inode *inode, ++ struct dentry *dentry /* NULL during fast_commit recovery */) + { + int retval = -ENOENT; + struct buffer_head *bh; + struct ext4_dir_entry_2 *de; ++ handle_t *handle; + int skip_remove_dentry = 0; + ++ /* ++ * Keep this outside the transaction; it may have to set up the ++ * directory's encryption key, which isn't GFP_NOFS-safe. ++ */ + bh = ext4_find_entry(dir, d_name, &de, NULL); + if (IS_ERR(bh)) + return PTR_ERR(bh); +@@ -3268,7 +3274,14 @@ int __ext4_unlink(handle_t *handle, stru + if (EXT4_SB(inode->i_sb)->s_mount_state & EXT4_FC_REPLAY) + skip_remove_dentry = 1; + else +- goto out; ++ goto out_bh; ++ } ++ ++ handle = ext4_journal_start(dir, EXT4_HT_DIR, ++ EXT4_DATA_TRANS_BLOCKS(dir->i_sb)); ++ if (IS_ERR(handle)) { ++ retval = PTR_ERR(handle); ++ goto out_bh; + } + + if (IS_DIRSYNC(dir)) +@@ -3277,12 +3290,12 @@ int __ext4_unlink(handle_t *handle, stru + if (!skip_remove_dentry) { + retval = ext4_delete_entry(handle, dir, de, bh); + if (retval) +- goto out; ++ goto out_handle; + dir->i_ctime = dir->i_mtime = current_time(dir); + ext4_update_dx_flag(dir); + retval = ext4_mark_inode_dirty(handle, dir); + if (retval) +- goto out; ++ goto out_handle; + } else { + retval = 0; + } +@@ -3295,15 +3308,17 @@ int __ext4_unlink(handle_t *handle, stru + ext4_orphan_add(handle, inode); + inode->i_ctime = current_time(inode); + retval = ext4_mark_inode_dirty(handle, inode); +- +-out: ++ if (dentry && !retval) ++ ext4_fc_track_unlink(handle, dentry); ++out_handle: ++ ext4_journal_stop(handle); ++out_bh: + brelse(bh); + return retval; + } + + static int ext4_unlink(struct inode *dir, struct dentry *dentry) + { +- handle_t *handle; + int retval; + + if (unlikely(ext4_forced_shutdown(EXT4_SB(dir->i_sb)))) +@@ -3321,16 +3336,7 @@ static int ext4_unlink(struct inode *dir + if (retval) + goto out_trace; + +- handle = ext4_journal_start(dir, EXT4_HT_DIR, +- EXT4_DATA_TRANS_BLOCKS(dir->i_sb)); +- if (IS_ERR(handle)) { +- retval = PTR_ERR(handle); +- goto out_trace; +- } +- +- retval = __ext4_unlink(handle, dir, &dentry->d_name, d_inode(dentry)); +- if (!retval) +- ext4_fc_track_unlink(handle, dentry); ++ retval = __ext4_unlink(dir, &dentry->d_name, d_inode(dentry), dentry); + #ifdef CONFIG_UNICODE + /* VFS negative dentries are incompatible with Encoding and + * Case-insensitiveness. Eventually we'll want avoid +@@ -3341,8 +3347,6 @@ static int ext4_unlink(struct inode *dir + if (IS_CASEFOLDED(dir)) + d_invalidate(dentry); + #endif +- if (handle) +- ext4_journal_stop(handle); + + out_trace: + trace_ext4_unlink_exit(dentry, retval); diff --git a/queue-5.10/fsl_lpuart-don-t-enable-interrupts-too-early.patch b/queue-5.10/fsl_lpuart-don-t-enable-interrupts-too-early.patch new file mode 100644 index 00000000000..2529f13704a --- /dev/null +++ b/queue-5.10/fsl_lpuart-don-t-enable-interrupts-too-early.patch @@ -0,0 +1,74 @@ +From 401fb66a355eb0f22096cf26864324f8e63c7d78 Mon Sep 17 00:00:00 2001 +From: Indan Zupancic +Date: Thu, 5 May 2022 13:47:50 +0200 +Subject: fsl_lpuart: Don't enable interrupts too early + +From: Indan Zupancic + +commit 401fb66a355eb0f22096cf26864324f8e63c7d78 upstream. + +If an irq is pending when devm_request_irq() is called, the irq +handler will cause a NULL pointer access because initialisation +is not done yet. + +Fixes: 9d7ee0e28da59 ("tty: serial: lpuart: avoid report NULL interrupt") +Cc: stable +Signed-off-by: Indan Zupancic +Link: https://lore.kernel.org/r/20220505114750.45423-1-Indan.Zupancic@mep-info.com +[5.10 did not have lpuart_global_reset or anything after +uart_add_one_port(), so add the remove call in cleanup manually] +Signed-off-by: Dominique Martinet +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/serial/fsl_lpuart.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +--- a/drivers/tty/serial/fsl_lpuart.c ++++ b/drivers/tty/serial/fsl_lpuart.c +@@ -2586,6 +2586,7 @@ static int lpuart_probe(struct platform_ + struct device_node *np = pdev->dev.of_node; + struct lpuart_port *sport; + struct resource *res; ++ irq_handler_t handler; + int ret; + + sport = devm_kzalloc(&pdev->dev, sizeof(*sport), GFP_KERNEL); +@@ -2658,17 +2659,12 @@ static int lpuart_probe(struct platform_ + + if (lpuart_is_32(sport)) { + lpuart_reg.cons = LPUART32_CONSOLE; +- ret = devm_request_irq(&pdev->dev, sport->port.irq, lpuart32_int, 0, +- DRIVER_NAME, sport); ++ handler = lpuart32_int; + } else { + lpuart_reg.cons = LPUART_CONSOLE; +- ret = devm_request_irq(&pdev->dev, sport->port.irq, lpuart_int, 0, +- DRIVER_NAME, sport); ++ handler = lpuart_int; + } + +- if (ret) +- goto failed_irq_request; +- + ret = uart_get_rs485_mode(&sport->port); + if (ret) + goto failed_get_rs485; +@@ -2684,11 +2680,17 @@ static int lpuart_probe(struct platform_ + if (ret) + goto failed_attach_port; + ++ ret = devm_request_irq(&pdev->dev, sport->port.irq, handler, 0, ++ DRIVER_NAME, sport); ++ if (ret) ++ goto failed_irq_request; ++ + return 0; + ++failed_irq_request: ++ uart_remove_one_port(&lpuart_reg, &sport->port); + failed_get_rs485: + failed_attach_port: +-failed_irq_request: + lpuart_disable_clks(sport); + return ret; + } diff --git a/queue-5.10/mptcp-dedicated-request-sock-for-subflow-in-v6.patch b/queue-5.10/mptcp-dedicated-request-sock-for-subflow-in-v6.patch new file mode 100644 index 00000000000..2bf44da0404 --- /dev/null +++ b/queue-5.10/mptcp-dedicated-request-sock-for-subflow-in-v6.patch @@ -0,0 +1,134 @@ +From stable-owner@vger.kernel.org Sat Jan 7 02:46:49 2023 +From: Mat Martineau +Date: Fri, 6 Jan 2023 17:46:30 -0800 +Subject: mptcp: dedicated request sock for subflow in v6 +To: stable@vger.kernel.org, gregkh@linuxfoundation.org +Cc: Matthieu Baerts , pabeni@redhat.com, mptcp@lists.linux.dev, Mat Martineau , Jakub Kicinski +Message-ID: <20230107014631.449550-4-mathew.j.martineau@linux.intel.com> + +From: Mat Martineau + +From: Matthieu Baerts + +commit 34b21d1ddc8ace77a8fa35c1b1e06377209e0dae upstream. + +tcp_request_sock_ops structure is specific to IPv4. It should then not +be used with MPTCP subflows on top of IPv6. + +For example, it contains the 'family' field, initialised to AF_INET. +This 'family' field is used by TCP FastOpen code to generate the cookie +but also by TCP Metrics, SELinux and SYN Cookies. Using the wrong family +will not lead to crashes but displaying/using/checking wrong things. + +Note that 'send_reset' callback from request_sock_ops structure is used +in some error paths. It is then also important to use the correct one +for IPv4 or IPv6. + +The slab name can also be different in IPv4 and IPv6, it will be used +when printing some log messages. The slab pointer will anyway be the +same because the object size is the same for both v4 and v6. A +BUILD_BUG_ON() has also been added to make sure this size is the same. + +Fixes: cec37a6e41aa ("mptcp: Handle MP_CAPABLE options for outgoing connections") +Reviewed-by: Mat Martineau +Cc: stable@vger.kernel.org # 5.10 +Signed-off-by: Matthieu Baerts +Signed-off-by: Mat Martineau +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/mptcp/subflow.c | 34 ++++++++++++++++++++++++++-------- + 1 file changed, 26 insertions(+), 8 deletions(-) + +--- a/net/mptcp/subflow.c ++++ b/net/mptcp/subflow.c +@@ -359,7 +359,7 @@ do_reset: + mptcp_subflow_reset(sk); + } + +-static struct request_sock_ops mptcp_subflow_request_sock_ops __ro_after_init; ++static struct request_sock_ops mptcp_subflow_v4_request_sock_ops __ro_after_init; + static struct tcp_request_sock_ops subflow_request_sock_ipv4_ops __ro_after_init; + + static int subflow_v4_conn_request(struct sock *sk, struct sk_buff *skb) +@@ -372,7 +372,7 @@ static int subflow_v4_conn_request(struc + if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) + goto drop; + +- return tcp_conn_request(&mptcp_subflow_request_sock_ops, ++ return tcp_conn_request(&mptcp_subflow_v4_request_sock_ops, + &subflow_request_sock_ipv4_ops, + sk, skb); + drop: +@@ -381,6 +381,7 @@ drop: + } + + #if IS_ENABLED(CONFIG_MPTCP_IPV6) ++static struct request_sock_ops mptcp_subflow_v6_request_sock_ops __ro_after_init; + static struct tcp_request_sock_ops subflow_request_sock_ipv6_ops __ro_after_init; + static struct inet_connection_sock_af_ops subflow_v6_specific __ro_after_init; + static struct inet_connection_sock_af_ops subflow_v6m_specific __ro_after_init; +@@ -402,7 +403,7 @@ static int subflow_v6_conn_request(struc + return 0; + } + +- return tcp_conn_request(&mptcp_subflow_request_sock_ops, ++ return tcp_conn_request(&mptcp_subflow_v6_request_sock_ops, + &subflow_request_sock_ipv6_ops, sk, skb); + + drop: +@@ -415,7 +416,12 @@ struct request_sock *mptcp_subflow_reqsk + struct sock *sk_listener, + bool attach_listener) + { +- ops = &mptcp_subflow_request_sock_ops; ++ if (ops->family == AF_INET) ++ ops = &mptcp_subflow_v4_request_sock_ops; ++#if IS_ENABLED(CONFIG_MPTCP_IPV6) ++ else if (ops->family == AF_INET6) ++ ops = &mptcp_subflow_v6_request_sock_ops; ++#endif + + return inet_reqsk_alloc(ops, sk_listener, attach_listener); + } +@@ -1386,7 +1392,6 @@ static struct tcp_ulp_ops subflow_ulp_op + static int subflow_ops_init(struct request_sock_ops *subflow_ops) + { + subflow_ops->obj_size = sizeof(struct mptcp_subflow_request_sock); +- subflow_ops->slab_name = "request_sock_subflow"; + + subflow_ops->slab = kmem_cache_create(subflow_ops->slab_name, + subflow_ops->obj_size, 0, +@@ -1403,9 +1408,10 @@ static int subflow_ops_init(struct reque + + void __init mptcp_subflow_init(void) + { +- mptcp_subflow_request_sock_ops = tcp_request_sock_ops; +- if (subflow_ops_init(&mptcp_subflow_request_sock_ops) != 0) +- panic("MPTCP: failed to init subflow request sock ops\n"); ++ mptcp_subflow_v4_request_sock_ops = tcp_request_sock_ops; ++ mptcp_subflow_v4_request_sock_ops.slab_name = "request_sock_subflow_v4"; ++ if (subflow_ops_init(&mptcp_subflow_v4_request_sock_ops) != 0) ++ panic("MPTCP: failed to init subflow v4 request sock ops\n"); + + subflow_request_sock_ipv4_ops = tcp_request_sock_ipv4_ops; + subflow_request_sock_ipv4_ops.init_req = subflow_v4_init_req; +@@ -1416,6 +1422,18 @@ void __init mptcp_subflow_init(void) + subflow_specific.sk_rx_dst_set = subflow_finish_connect; + + #if IS_ENABLED(CONFIG_MPTCP_IPV6) ++ /* In struct mptcp_subflow_request_sock, we assume the TCP request sock ++ * structures for v4 and v6 have the same size. It should not changed in ++ * the future but better to make sure to be warned if it is no longer ++ * the case. ++ */ ++ BUILD_BUG_ON(sizeof(struct tcp_request_sock) != sizeof(struct tcp6_request_sock)); ++ ++ mptcp_subflow_v6_request_sock_ops = tcp6_request_sock_ops; ++ mptcp_subflow_v6_request_sock_ops.slab_name = "request_sock_subflow_v6"; ++ if (subflow_ops_init(&mptcp_subflow_v6_request_sock_ops) != 0) ++ panic("MPTCP: failed to init subflow v6 request sock ops\n"); ++ + subflow_request_sock_ipv6_ops = tcp_request_sock_ipv6_ops; + subflow_request_sock_ipv6_ops.init_req = subflow_v6_init_req; + diff --git a/queue-5.10/mptcp-mark-ops-structures-as-ro_after_init.patch b/queue-5.10/mptcp-mark-ops-structures-as-ro_after_init.patch new file mode 100644 index 00000000000..3859ca5b070 --- /dev/null +++ b/queue-5.10/mptcp-mark-ops-structures-as-ro_after_init.patch @@ -0,0 +1,81 @@ +From stable-owner@vger.kernel.org Sat Jan 7 02:46:46 2023 +From: Mat Martineau +Date: Fri, 6 Jan 2023 17:46:28 -0800 +Subject: mptcp: mark ops structures as ro_after_init +To: stable@vger.kernel.org, gregkh@linuxfoundation.org +Cc: Florian Westphal , matthieu.baerts@tessares.net, pabeni@redhat.com, mptcp@lists.linux.dev, Mat Martineau , Jakub Kicinski +Message-ID: <20230107014631.449550-2-mathew.j.martineau@linux.intel.com> + +From: Mat Martineau + +From: Florian Westphal + +commit 51fa7f8ebf0e25c7a9039fa3988a623d5f3855aa upstream. + +These structures are initialised from the init hooks, so we can't make +them 'const'. But no writes occur afterwards, so we can use ro_after_init. + +Also, remove bogus EXPORT_SYMBOL, the only access comes from ip +stack, not from kernel modules. + +Cc: stable@vger.kernel.org # 5.10 +Signed-off-by: Florian Westphal +Signed-off-by: Mat Martineau +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/mptcp/subflow.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +--- a/net/mptcp/subflow.c ++++ b/net/mptcp/subflow.c +@@ -360,8 +360,7 @@ do_reset: + } + + struct request_sock_ops mptcp_subflow_request_sock_ops; +-EXPORT_SYMBOL_GPL(mptcp_subflow_request_sock_ops); +-static struct tcp_request_sock_ops subflow_request_sock_ipv4_ops; ++static struct tcp_request_sock_ops subflow_request_sock_ipv4_ops __ro_after_init; + + static int subflow_v4_conn_request(struct sock *sk, struct sk_buff *skb) + { +@@ -382,9 +381,9 @@ drop: + } + + #if IS_ENABLED(CONFIG_MPTCP_IPV6) +-static struct tcp_request_sock_ops subflow_request_sock_ipv6_ops; +-static struct inet_connection_sock_af_ops subflow_v6_specific; +-static struct inet_connection_sock_af_ops subflow_v6m_specific; ++static struct tcp_request_sock_ops subflow_request_sock_ipv6_ops __ro_after_init; ++static struct inet_connection_sock_af_ops subflow_v6_specific __ro_after_init; ++static struct inet_connection_sock_af_ops subflow_v6m_specific __ro_after_init; + + static int subflow_v6_conn_request(struct sock *sk, struct sk_buff *skb) + { +@@ -636,7 +635,7 @@ dispose_child: + return child; + } + +-static struct inet_connection_sock_af_ops subflow_specific; ++static struct inet_connection_sock_af_ops subflow_specific __ro_after_init; + + enum mapping_status { + MAPPING_OK, +@@ -1017,7 +1016,7 @@ static void subflow_write_space(struct s + } + } + +-static struct inet_connection_sock_af_ops * ++static const struct inet_connection_sock_af_ops * + subflow_default_af_ops(struct sock *sk) + { + #if IS_ENABLED(CONFIG_MPTCP_IPV6) +@@ -1032,7 +1031,7 @@ void mptcpv6_handle_mapped(struct sock * + { + struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); + struct inet_connection_sock *icsk = inet_csk(sk); +- struct inet_connection_sock_af_ops *target; ++ const struct inet_connection_sock_af_ops *target; + + target = mapped ? &subflow_v6m_specific : subflow_default_af_ops(sk); + diff --git a/queue-5.10/mptcp-remove-mptcp-ifdef-in-tcp-syn-cookies.patch b/queue-5.10/mptcp-remove-mptcp-ifdef-in-tcp-syn-cookies.patch new file mode 100644 index 00000000000..b40a06f89a2 --- /dev/null +++ b/queue-5.10/mptcp-remove-mptcp-ifdef-in-tcp-syn-cookies.patch @@ -0,0 +1,118 @@ +From stable-owner@vger.kernel.org Sat Jan 7 02:46:48 2023 +From: Mat Martineau +Date: Fri, 6 Jan 2023 17:46:29 -0800 +Subject: mptcp: remove MPTCP 'ifdef' in TCP SYN cookies +To: stable@vger.kernel.org, gregkh@linuxfoundation.org +Cc: Matthieu Baerts , pabeni@redhat.com, mptcp@lists.linux.dev, Mat Martineau , Jakub Kicinski +Message-ID: <20230107014631.449550-3-mathew.j.martineau@linux.intel.com> + +From: Mat Martineau + +From: Matthieu Baerts + +commit 3fff88186f047627bb128d65155f42517f8e448f upstream. + +To ease the maintenance, it is often recommended to avoid having #ifdef +preprocessor conditions. + +Here the section related to CONFIG_MPTCP was quite short but the next +commit needs to add more code around. It is then cleaner to move +specific MPTCP code to functions located in net/mptcp directory. + +Now that mptcp_subflow_request_sock_ops structure can be static, it can +also be marked as "read only after init". + +Suggested-by: Paolo Abeni +Reviewed-by: Mat Martineau +Cc: stable@vger.kernel.org # 5.10 +Signed-off-by: Matthieu Baerts +Signed-off-by: Mat Martineau +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + include/net/mptcp.h | 12 ++++++++++-- + net/ipv4/syncookies.c | 7 +++---- + net/mptcp/subflow.c | 12 +++++++++++- + 3 files changed, 24 insertions(+), 7 deletions(-) + +--- a/include/net/mptcp.h ++++ b/include/net/mptcp.h +@@ -58,8 +58,6 @@ struct mptcp_out_options { + }; + + #ifdef CONFIG_MPTCP +-extern struct request_sock_ops mptcp_subflow_request_sock_ops; +- + void mptcp_init(void); + + static inline bool sk_is_mptcp(const struct sock *sk) +@@ -133,6 +131,9 @@ void mptcp_seq_show(struct seq_file *seq + int mptcp_subflow_init_cookie_req(struct request_sock *req, + const struct sock *sk_listener, + struct sk_buff *skb); ++struct request_sock *mptcp_subflow_reqsk_alloc(const struct request_sock_ops *ops, ++ struct sock *sk_listener, ++ bool attach_listener); + #else + + static inline void mptcp_init(void) +@@ -208,6 +209,13 @@ static inline int mptcp_subflow_init_coo + { + return 0; /* TCP fallback */ + } ++ ++static inline struct request_sock *mptcp_subflow_reqsk_alloc(const struct request_sock_ops *ops, ++ struct sock *sk_listener, ++ bool attach_listener) ++{ ++ return NULL; ++} + #endif /* CONFIG_MPTCP */ + + #if IS_ENABLED(CONFIG_MPTCP_IPV6) +--- a/net/ipv4/syncookies.c ++++ b/net/ipv4/syncookies.c +@@ -290,12 +290,11 @@ struct request_sock *cookie_tcp_reqsk_al + struct tcp_request_sock *treq; + struct request_sock *req; + +-#ifdef CONFIG_MPTCP + if (sk_is_mptcp(sk)) +- ops = &mptcp_subflow_request_sock_ops; +-#endif ++ req = mptcp_subflow_reqsk_alloc(ops, sk, false); ++ else ++ req = inet_reqsk_alloc(ops, sk, false); + +- req = inet_reqsk_alloc(ops, sk, false); + if (!req) + return NULL; + +--- a/net/mptcp/subflow.c ++++ b/net/mptcp/subflow.c +@@ -359,7 +359,7 @@ do_reset: + mptcp_subflow_reset(sk); + } + +-struct request_sock_ops mptcp_subflow_request_sock_ops; ++static struct request_sock_ops mptcp_subflow_request_sock_ops __ro_after_init; + static struct tcp_request_sock_ops subflow_request_sock_ipv4_ops __ro_after_init; + + static int subflow_v4_conn_request(struct sock *sk, struct sk_buff *skb) +@@ -411,6 +411,16 @@ drop: + } + #endif + ++struct request_sock *mptcp_subflow_reqsk_alloc(const struct request_sock_ops *ops, ++ struct sock *sk_listener, ++ bool attach_listener) ++{ ++ ops = &mptcp_subflow_request_sock_ops; ++ ++ return inet_reqsk_alloc(ops, sk_listener, attach_listener); ++} ++EXPORT_SYMBOL(mptcp_subflow_reqsk_alloc); ++ + /* validate hmac received in third ACK */ + static bool subflow_hmac_valid(const struct request_sock *req, + const struct mptcp_options_received *mp_opt) diff --git a/queue-5.10/mptcp-use-proper-req-destructor-for-ipv6.patch b/queue-5.10/mptcp-use-proper-req-destructor-for-ipv6.patch new file mode 100644 index 00000000000..66fd5afb99b --- /dev/null +++ b/queue-5.10/mptcp-use-proper-req-destructor-for-ipv6.patch @@ -0,0 +1,95 @@ +From stable-owner@vger.kernel.org Sat Jan 7 02:46:50 2023 +From: Mat Martineau +Date: Fri, 6 Jan 2023 17:46:31 -0800 +Subject: mptcp: use proper req destructor for IPv6 +To: stable@vger.kernel.org, gregkh@linuxfoundation.org +Cc: Matthieu Baerts , pabeni@redhat.com, mptcp@lists.linux.dev, Mat Martineau , Jakub Kicinski +Message-ID: <20230107014631.449550-5-mathew.j.martineau@linux.intel.com> + +From: Mat Martineau + +From: Matthieu Baerts + +commit d3295fee3c756ece33ac0d935e172e68c0a4161b upstream. + +Before, only the destructor from TCP request sock in IPv4 was called +even if the subflow was IPv6. + +It is important to use the right destructor to avoid memory leaks with +some advanced IPv6 features, e.g. when the request socks contain +specific IPv6 options. + +Fixes: 79c0949e9a09 ("mptcp: Add key generation and token tree") +Reviewed-by: Mat Martineau +Cc: stable@vger.kernel.org # 5.10 +Signed-off-by: Matthieu Baerts +Signed-off-by: Mat Martineau +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/mptcp/subflow.c | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +--- a/net/mptcp/subflow.c ++++ b/net/mptcp/subflow.c +@@ -40,7 +40,6 @@ static void subflow_req_destructor(struc + sock_put((struct sock *)subflow_req->msk); + + mptcp_token_destroy_request(req); +- tcp_request_sock_ops.destructor(req); + } + + static void subflow_generate_hmac(u64 key1, u64 key2, u32 nonce1, u32 nonce2, +@@ -380,6 +379,12 @@ drop: + return 0; + } + ++static void subflow_v4_req_destructor(struct request_sock *req) ++{ ++ subflow_req_destructor(req); ++ tcp_request_sock_ops.destructor(req); ++} ++ + #if IS_ENABLED(CONFIG_MPTCP_IPV6) + static struct request_sock_ops mptcp_subflow_v6_request_sock_ops __ro_after_init; + static struct tcp_request_sock_ops subflow_request_sock_ipv6_ops __ro_after_init; +@@ -410,6 +415,12 @@ drop: + tcp_listendrop(sk); + return 0; /* don't send reset */ + } ++ ++static void subflow_v6_req_destructor(struct request_sock *req) ++{ ++ subflow_req_destructor(req); ++ tcp6_request_sock_ops.destructor(req); ++} + #endif + + struct request_sock *mptcp_subflow_reqsk_alloc(const struct request_sock_ops *ops, +@@ -1401,8 +1412,6 @@ static int subflow_ops_init(struct reque + if (!subflow_ops->slab) + return -ENOMEM; + +- subflow_ops->destructor = subflow_req_destructor; +- + return 0; + } + +@@ -1410,6 +1419,8 @@ void __init mptcp_subflow_init(void) + { + mptcp_subflow_v4_request_sock_ops = tcp_request_sock_ops; + mptcp_subflow_v4_request_sock_ops.slab_name = "request_sock_subflow_v4"; ++ mptcp_subflow_v4_request_sock_ops.destructor = subflow_v4_req_destructor; ++ + if (subflow_ops_init(&mptcp_subflow_v4_request_sock_ops) != 0) + panic("MPTCP: failed to init subflow v4 request sock ops\n"); + +@@ -1431,6 +1442,8 @@ void __init mptcp_subflow_init(void) + + mptcp_subflow_v6_request_sock_ops = tcp6_request_sock_ops; + mptcp_subflow_v6_request_sock_ops.slab_name = "request_sock_subflow_v6"; ++ mptcp_subflow_v6_request_sock_ops.destructor = subflow_v6_req_destructor; ++ + if (subflow_ops_init(&mptcp_subflow_v6_request_sock_ops) != 0) + panic("MPTCP: failed to init subflow v6 request sock ops\n"); + diff --git a/queue-5.10/serial-fixup-backport-of-serial-deassert-transmit-enable-on-probe-in-driver-specific-way.patch b/queue-5.10/serial-fixup-backport-of-serial-deassert-transmit-enable-on-probe-in-driver-specific-way.patch new file mode 100644 index 00000000000..5b4a3e77bcc --- /dev/null +++ b/queue-5.10/serial-fixup-backport-of-serial-deassert-transmit-enable-on-probe-in-driver-specific-way.patch @@ -0,0 +1,47 @@ +From dominique.martinet@atmark-techno.com Thu Jan 12 13:46:08 2023 +From: Dominique Martinet +Date: Fri, 23 Dec 2022 13:23:54 +0900 +Subject: serial: fixup backport of "serial: Deassert Transmit Enable on probe in driver-specific way" +To: "Greg Kroah-Hartman" , "Jiri Slaby" , "Ilpo Järvinen" , "Lukas Wunner" , "Rasmus Villemoes" +Cc: Daisuke Mizobuchi , stable@vger.kernel.org, linux-serial@vger.kernel.org, Dominique Martinet +Message-ID: <20221223042354.4080724-2-dominique.martinet@atmark-techno.com> + +From: Rasmus Villemoes + +When 7c7f9bc986e6 ("serial: Deassert Transmit Enable on probe in +driver-specific way") got backported to 5.10.y, there known as +26a2b9c468de, some hunks were accidentally left out. + +In serial_core.c, it is possible that the omission in +uart_suspend_port() is harmless, but the backport did have the +corresponding hunk in uart_resume_port(), it runs counter to the +original commit's intention of + + Skip any invocation of ->set_mctrl() if RS485 is enabled. + +and it's certainly better to be aligned with upstream. + +Link: https://lkml.kernel.org/r/20221222114414.1886632-1-linux@rasmusvillemoes.dk +Fixes: 26a2b9c468de ("serial: Deassert Transmit Enable on probe in driver-specific way") +Signed-off-by: Rasmus Villemoes +[the fsl_lpuart part of the 5.15 patch is not required on 5.10, +because the code before 26a2b9c468de was incorrectly not calling +uart_remove_one_port on failed_get_rs485] +Signed-off-by: Dominique Martinet +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/serial/serial_core.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/tty/serial/serial_core.c ++++ b/drivers/tty/serial/serial_core.c +@@ -2254,7 +2254,8 @@ int uart_suspend_port(struct uart_driver + + spin_lock_irq(&uport->lock); + ops->stop_tx(uport); +- ops->set_mctrl(uport, 0); ++ if (!(uport->rs485.flags & SER_RS485_ENABLED)) ++ ops->set_mctrl(uport, 0); + ops->stop_rx(uport); + spin_unlock_irq(&uport->lock); + diff --git a/queue-5.10/series b/queue-5.10/series index 4622ae586b6..ea8b4edb469 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -771,3 +771,11 @@ mbcache-avoid-nesting-of-cache-c_list_lock-under-bit-locks.patch efi-random-combine-bootloader-provided-rng-seed-with-rng-protocol-output.patch io_uring-fix-unsigned-res-comparison-with-zero-in-io_fixup_rw_res.patch parisc-align-parisc-madv_xxx-constants-with-all-other-architectures.patch +ext4-disable-fast-commit-of-encrypted-dir-operations.patch +ext4-don-t-set-up-encryption-key-during-jbd2-transaction.patch +fsl_lpuart-don-t-enable-interrupts-too-early.patch +serial-fixup-backport-of-serial-deassert-transmit-enable-on-probe-in-driver-specific-way.patch +mptcp-mark-ops-structures-as-ro_after_init.patch +mptcp-remove-mptcp-ifdef-in-tcp-syn-cookies.patch +mptcp-dedicated-request-sock-for-subflow-in-v6.patch +mptcp-use-proper-req-destructor-for-ipv6.patch