From 09c90fc45f904ea122a1c6138901d217d1486bcc Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 7 Sep 2023 12:31:10 +0100 Subject: [PATCH] 6.4-stable patches added patches: bluetooth-btrtl-load-fw-v2-otherwise-fw-v1-for-rtl8852c.patch net-avoid-address-overwrite-in-kernel_connect.patch --- ...d-fw-v2-otherwise-fw-v1-for-rtl8852c.patch | 272 ++++++++++++++++++ ...-address-overwrite-in-kernel_connect.patch | 51 ++++ queue-6.4/series | 2 + 3 files changed, 325 insertions(+) create mode 100644 queue-6.4/bluetooth-btrtl-load-fw-v2-otherwise-fw-v1-for-rtl8852c.patch create mode 100644 queue-6.4/net-avoid-address-overwrite-in-kernel_connect.patch diff --git a/queue-6.4/bluetooth-btrtl-load-fw-v2-otherwise-fw-v1-for-rtl8852c.patch b/queue-6.4/bluetooth-btrtl-load-fw-v2-otherwise-fw-v1-for-rtl8852c.patch new file mode 100644 index 00000000000..f2039f7d08b --- /dev/null +++ b/queue-6.4/bluetooth-btrtl-load-fw-v2-otherwise-fw-v1-for-rtl8852c.patch @@ -0,0 +1,272 @@ +From bd003fb338afee97c76f13c3e9144a7e4ad37179 Mon Sep 17 00:00:00 2001 +From: Max Chou +Date: Mon, 7 Aug 2023 19:42:59 +0800 +Subject: Bluetooth: btrtl: Load FW v2 otherwise FW v1 for RTL8852C + +From: Max Chou + +commit bd003fb338afee97c76f13c3e9144a7e4ad37179 upstream. + +In this commit, prefer to load FW v2 if available. Fallback to FW v1 +otherwise. This behavior is only for RTL8852C. + +Fixes: 9a24ce5e29b1 ("Bluetooth: btrtl: Firmware format v2 support") +Cc: stable@vger.kernel.org +Suggested-by: Juerg Haefliger +Tested-by: Hilda Wu +Signed-off-by: Max Chou +Signed-off-by: Luiz Augusto von Dentz +[juergh: Adjusted context due to missing .hw_info struct element] +Signed-off-by: Juerg Haefliger +Signed-off-by: Greg Kroah-Hartman +--- + drivers/bluetooth/btrtl.c | 70 +++++++++++++++++++++++++++++----------------- + 1 file changed, 45 insertions(+), 25 deletions(-) + +--- a/drivers/bluetooth/btrtl.c ++++ b/drivers/bluetooth/btrtl.c +@@ -101,21 +101,21 @@ static const struct id_table ic_id_table + { IC_INFO(RTL_ROM_LMP_8723A, 0xb, 0x6, HCI_USB), + .config_needed = false, + .has_rom_version = false, +- .fw_name = "rtl_bt/rtl8723a_fw.bin", ++ .fw_name = "rtl_bt/rtl8723a_fw", + .cfg_name = NULL }, + + /* 8723BS */ + { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_UART), + .config_needed = true, + .has_rom_version = true, +- .fw_name = "rtl_bt/rtl8723bs_fw.bin", ++ .fw_name = "rtl_bt/rtl8723bs_fw", + .cfg_name = "rtl_bt/rtl8723bs_config" }, + + /* 8723B */ + { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_USB), + .config_needed = false, + .has_rom_version = true, +- .fw_name = "rtl_bt/rtl8723b_fw.bin", ++ .fw_name = "rtl_bt/rtl8723b_fw", + .cfg_name = "rtl_bt/rtl8723b_config" }, + + /* 8723CS-CG */ +@@ -126,7 +126,7 @@ static const struct id_table ic_id_table + .hci_bus = HCI_UART, + .config_needed = true, + .has_rom_version = true, +- .fw_name = "rtl_bt/rtl8723cs_cg_fw.bin", ++ .fw_name = "rtl_bt/rtl8723cs_cg_fw", + .cfg_name = "rtl_bt/rtl8723cs_cg_config" }, + + /* 8723CS-VF */ +@@ -137,7 +137,7 @@ static const struct id_table ic_id_table + .hci_bus = HCI_UART, + .config_needed = true, + .has_rom_version = true, +- .fw_name = "rtl_bt/rtl8723cs_vf_fw.bin", ++ .fw_name = "rtl_bt/rtl8723cs_vf_fw", + .cfg_name = "rtl_bt/rtl8723cs_vf_config" }, + + /* 8723CS-XX */ +@@ -148,28 +148,28 @@ static const struct id_table ic_id_table + .hci_bus = HCI_UART, + .config_needed = true, + .has_rom_version = true, +- .fw_name = "rtl_bt/rtl8723cs_xx_fw.bin", ++ .fw_name = "rtl_bt/rtl8723cs_xx_fw", + .cfg_name = "rtl_bt/rtl8723cs_xx_config" }, + + /* 8723D */ + { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_USB), + .config_needed = true, + .has_rom_version = true, +- .fw_name = "rtl_bt/rtl8723d_fw.bin", ++ .fw_name = "rtl_bt/rtl8723d_fw", + .cfg_name = "rtl_bt/rtl8723d_config" }, + + /* 8723DS */ + { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_UART), + .config_needed = true, + .has_rom_version = true, +- .fw_name = "rtl_bt/rtl8723ds_fw.bin", ++ .fw_name = "rtl_bt/rtl8723ds_fw", + .cfg_name = "rtl_bt/rtl8723ds_config" }, + + /* 8821A */ + { IC_INFO(RTL_ROM_LMP_8821A, 0xa, 0x6, HCI_USB), + .config_needed = false, + .has_rom_version = true, +- .fw_name = "rtl_bt/rtl8821a_fw.bin", ++ .fw_name = "rtl_bt/rtl8821a_fw", + .cfg_name = "rtl_bt/rtl8821a_config" }, + + /* 8821C */ +@@ -177,7 +177,7 @@ static const struct id_table ic_id_table + .config_needed = false, + .has_rom_version = true, + .has_msft_ext = true, +- .fw_name = "rtl_bt/rtl8821c_fw.bin", ++ .fw_name = "rtl_bt/rtl8821c_fw", + .cfg_name = "rtl_bt/rtl8821c_config" }, + + /* 8821CS */ +@@ -185,14 +185,14 @@ static const struct id_table ic_id_table + .config_needed = true, + .has_rom_version = true, + .has_msft_ext = true, +- .fw_name = "rtl_bt/rtl8821cs_fw.bin", ++ .fw_name = "rtl_bt/rtl8821cs_fw", + .cfg_name = "rtl_bt/rtl8821cs_config" }, + + /* 8761A */ + { IC_INFO(RTL_ROM_LMP_8761A, 0xa, 0x6, HCI_USB), + .config_needed = false, + .has_rom_version = true, +- .fw_name = "rtl_bt/rtl8761a_fw.bin", ++ .fw_name = "rtl_bt/rtl8761a_fw", + .cfg_name = "rtl_bt/rtl8761a_config" }, + + /* 8761B */ +@@ -200,14 +200,14 @@ static const struct id_table ic_id_table + .config_needed = false, + .has_rom_version = true, + .has_msft_ext = true, +- .fw_name = "rtl_bt/rtl8761b_fw.bin", ++ .fw_name = "rtl_bt/rtl8761b_fw", + .cfg_name = "rtl_bt/rtl8761b_config" }, + + /* 8761BU */ + { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_USB), + .config_needed = false, + .has_rom_version = true, +- .fw_name = "rtl_bt/rtl8761bu_fw.bin", ++ .fw_name = "rtl_bt/rtl8761bu_fw", + .cfg_name = "rtl_bt/rtl8761bu_config" }, + + /* 8822C with UART interface */ +@@ -215,7 +215,7 @@ static const struct id_table ic_id_table + .config_needed = true, + .has_rom_version = true, + .has_msft_ext = true, +- .fw_name = "rtl_bt/rtl8822cs_fw.bin", ++ .fw_name = "rtl_bt/rtl8822cs_fw", + .cfg_name = "rtl_bt/rtl8822cs_config" }, + + /* 8822C with UART interface */ +@@ -223,7 +223,7 @@ static const struct id_table ic_id_table + .config_needed = true, + .has_rom_version = true, + .has_msft_ext = true, +- .fw_name = "rtl_bt/rtl8822cs_fw.bin", ++ .fw_name = "rtl_bt/rtl8822cs_fw", + .cfg_name = "rtl_bt/rtl8822cs_config" }, + + /* 8822C with USB interface */ +@@ -231,7 +231,7 @@ static const struct id_table ic_id_table + .config_needed = false, + .has_rom_version = true, + .has_msft_ext = true, +- .fw_name = "rtl_bt/rtl8822cu_fw.bin", ++ .fw_name = "rtl_bt/rtl8822cu_fw", + .cfg_name = "rtl_bt/rtl8822cu_config" }, + + /* 8822B */ +@@ -239,7 +239,7 @@ static const struct id_table ic_id_table + .config_needed = true, + .has_rom_version = true, + .has_msft_ext = true, +- .fw_name = "rtl_bt/rtl8822b_fw.bin", ++ .fw_name = "rtl_bt/rtl8822b_fw", + .cfg_name = "rtl_bt/rtl8822b_config" }, + + /* 8852A */ +@@ -247,7 +247,7 @@ static const struct id_table ic_id_table + .config_needed = false, + .has_rom_version = true, + .has_msft_ext = true, +- .fw_name = "rtl_bt/rtl8852au_fw.bin", ++ .fw_name = "rtl_bt/rtl8852au_fw", + .cfg_name = "rtl_bt/rtl8852au_config" }, + + /* 8852B with UART interface */ +@@ -255,7 +255,7 @@ static const struct id_table ic_id_table + .config_needed = true, + .has_rom_version = true, + .has_msft_ext = true, +- .fw_name = "rtl_bt/rtl8852bs_fw.bin", ++ .fw_name = "rtl_bt/rtl8852bs_fw", + .cfg_name = "rtl_bt/rtl8852bs_config" }, + + /* 8852B */ +@@ -263,7 +263,7 @@ static const struct id_table ic_id_table + .config_needed = false, + .has_rom_version = true, + .has_msft_ext = true, +- .fw_name = "rtl_bt/rtl8852bu_fw.bin", ++ .fw_name = "rtl_bt/rtl8852bu_fw", + .cfg_name = "rtl_bt/rtl8852bu_config" }, + + /* 8852C */ +@@ -271,7 +271,7 @@ static const struct id_table ic_id_table + .config_needed = false, + .has_rom_version = true, + .has_msft_ext = true, +- .fw_name = "rtl_bt/rtl8852cu_fw.bin", ++ .fw_name = "rtl_bt/rtl8852cu_fw", + .cfg_name = "rtl_bt/rtl8852cu_config" }, + + /* 8851B */ +@@ -279,7 +279,7 @@ static const struct id_table ic_id_table + .config_needed = false, + .has_rom_version = true, + .has_msft_ext = false, +- .fw_name = "rtl_bt/rtl8851bu_fw.bin", ++ .fw_name = "rtl_bt/rtl8851bu_fw", + .cfg_name = "rtl_bt/rtl8851bu_config" }, + }; + +@@ -967,6 +967,7 @@ struct btrtl_device_info *btrtl_initiali + struct btrtl_device_info *btrtl_dev; + struct sk_buff *skb; + struct hci_rp_read_local_version *resp; ++ char fw_name[40]; + char cfg_name[40]; + u16 hci_rev, lmp_subver; + u8 hci_ver, lmp_ver, chip_type = 0; +@@ -1079,8 +1080,26 @@ next: + goto err_free; + } + +- btrtl_dev->fw_len = rtl_load_file(hdev, btrtl_dev->ic_info->fw_name, +- &btrtl_dev->fw_data); ++ if (!btrtl_dev->ic_info->fw_name) { ++ ret = -ENOMEM; ++ goto err_free; ++ } ++ ++ btrtl_dev->fw_len = -EIO; ++ if (lmp_subver == RTL_ROM_LMP_8852A && hci_rev == 0x000c) { ++ snprintf(fw_name, sizeof(fw_name), "%s_v2.bin", ++ btrtl_dev->ic_info->fw_name); ++ btrtl_dev->fw_len = rtl_load_file(hdev, fw_name, ++ &btrtl_dev->fw_data); ++ } ++ ++ if (btrtl_dev->fw_len < 0) { ++ snprintf(fw_name, sizeof(fw_name), "%s.bin", ++ btrtl_dev->ic_info->fw_name); ++ btrtl_dev->fw_len = rtl_load_file(hdev, fw_name, ++ &btrtl_dev->fw_data); ++ } ++ + if (btrtl_dev->fw_len < 0) { + rtl_dev_err(hdev, "firmware file %s not found", + btrtl_dev->ic_info->fw_name); +@@ -1382,6 +1401,7 @@ MODULE_FIRMWARE("rtl_bt/rtl8852bs_config + MODULE_FIRMWARE("rtl_bt/rtl8852bu_fw.bin"); + MODULE_FIRMWARE("rtl_bt/rtl8852bu_config.bin"); + MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw.bin"); ++MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw_v2.bin"); + MODULE_FIRMWARE("rtl_bt/rtl8852cu_config.bin"); + MODULE_FIRMWARE("rtl_bt/rtl8851bu_fw.bin"); + MODULE_FIRMWARE("rtl_bt/rtl8851bu_config.bin"); diff --git a/queue-6.4/net-avoid-address-overwrite-in-kernel_connect.patch b/queue-6.4/net-avoid-address-overwrite-in-kernel_connect.patch new file mode 100644 index 00000000000..21f81494cf1 --- /dev/null +++ b/queue-6.4/net-avoid-address-overwrite-in-kernel_connect.patch @@ -0,0 +1,51 @@ +From 0bdf399342c5acbd817c9098b6c7ed21f1974312 Mon Sep 17 00:00:00 2001 +From: Jordan Rife +Date: Mon, 21 Aug 2023 16:45:23 -0500 +Subject: net: Avoid address overwrite in kernel_connect + +From: Jordan Rife + +commit 0bdf399342c5acbd817c9098b6c7ed21f1974312 upstream. + +BPF programs that run on connect can rewrite the connect address. For +the connect system call this isn't a problem, because a copy of the address +is made when it is moved into kernel space. However, kernel_connect +simply passes through the address it is given, so the caller may observe +its address value unexpectedly change. + +A practical example where this is problematic is where NFS is combined +with a system such as Cilium which implements BPF-based load balancing. +A common pattern in software-defined storage systems is to have an NFS +mount that connects to a persistent virtual IP which in turn maps to an +ephemeral server IP. This is usually done to achieve high availability: +if your server goes down you can quickly spin up a replacement and remap +the virtual IP to that endpoint. With BPF-based load balancing, mounts +will forget the virtual IP address when the address rewrite occurs +because a pointer to the only copy of that address is passed down the +stack. Server failover then breaks, because clients have forgotten the +virtual IP address. Reconnects fail and mounts remain broken. This patch +was tested by setting up a scenario like this and ensuring that NFS +reconnects worked after applying the patch. + +Signed-off-by: Jordan Rife +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/socket.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/net/socket.c ++++ b/net/socket.c +@@ -3528,7 +3528,11 @@ EXPORT_SYMBOL(kernel_accept); + int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen, + int flags) + { +- return sock->ops->connect(sock, addr, addrlen, flags); ++ struct sockaddr_storage address; ++ ++ memcpy(&address, addr, addrlen); ++ ++ return sock->ops->connect(sock, (struct sockaddr *)&address, addrlen, flags); + } + EXPORT_SYMBOL(kernel_connect); + diff --git a/queue-6.4/series b/queue-6.4/series index e9ea84630e5..9cf611bee87 100644 --- a/queue-6.4/series +++ b/queue-6.4/series @@ -87,3 +87,5 @@ sbitmap-fix-batching-wakeup.patch cpufreq-intel_pstate-set-stale-cpu-frequency-to-minimum.patch tpm-enable-hwrng-only-for-pluton-on-amd-cpus.patch kvm-x86-mmu-add-never-option-to-allow-sticky-disabling-of-nx_huge_pages.patch +net-avoid-address-overwrite-in-kernel_connect.patch +bluetooth-btrtl-load-fw-v2-otherwise-fw-v1-for-rtl8852c.patch -- 2.47.3