Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.14 commit in: /
Date: Mon, 06 Jun 2022 11:06:55
Message-Id: 1654513598.68c21b21a924fff8e53720a1331913ab3ad8e2b6.mpagano@gentoo
1 commit: 68c21b21a924fff8e53720a1331913ab3ad8e2b6
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Mon Jun 6 11:06:38 2022 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Mon Jun 6 11:06:38 2022 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=68c21b21
7
8 Linux patch 4.14.282
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1281_linux-4.14.282.patch | 655 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 659 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index 3e951bdc..7ebbc726 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -1171,6 +1171,10 @@ Patch: 1280_linux-4.14.281.patch
21 From: https://www.kernel.org
22 Desc: Linux 4.14.281
23
24 +Patch: 1281_linux-4.14.282.patch
25 +From: https://www.kernel.org
26 +Desc: Linux 4.14.282
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1281_linux-4.14.282.patch b/1281_linux-4.14.282.patch
33 new file mode 100644
34 index 00000000..ac87d109
35 --- /dev/null
36 +++ b/1281_linux-4.14.282.patch
37 @@ -0,0 +1,655 @@
38 +diff --git a/Documentation/process/submitting-patches.rst b/Documentation/process/submitting-patches.rst
39 +index 733478ade91b5..db27ab65387e9 100644
40 +--- a/Documentation/process/submitting-patches.rst
41 ++++ b/Documentation/process/submitting-patches.rst
42 +@@ -133,7 +133,7 @@ as you intend it to.
43 +
44 + The maintainer will thank you if you write your patch description in a
45 + form which can be easily pulled into Linux's source code management
46 +-system, ``git``, as a "commit log". See :ref:`explicit_in_reply_to`.
47 ++system, ``git``, as a "commit log". See :ref:`the_canonical_patch_format`.
48 +
49 + Solve only one problem per patch. If your description starts to get
50 + long, that's a sign that you probably need to split up your patch.
51 +diff --git a/Makefile b/Makefile
52 +index 20ad87b8bd564..14820e213362f 100644
53 +--- a/Makefile
54 ++++ b/Makefile
55 +@@ -1,7 +1,7 @@
56 + # SPDX-License-Identifier: GPL-2.0
57 + VERSION = 4
58 + PATCHLEVEL = 14
59 +-SUBLEVEL = 281
60 ++SUBLEVEL = 282
61 + EXTRAVERSION =
62 + NAME = Petit Gorille
63 +
64 +diff --git a/arch/x86/pci/xen.c b/arch/x86/pci/xen.c
65 +index c4b3646bd04c8..7135f35f9de73 100644
66 +--- a/arch/x86/pci/xen.c
67 ++++ b/arch/x86/pci/xen.c
68 +@@ -442,6 +442,11 @@ void __init xen_msi_init(void)
69 +
70 + x86_msi.setup_msi_irqs = xen_hvm_setup_msi_irqs;
71 + x86_msi.teardown_msi_irq = xen_teardown_msi_irq;
72 ++ /*
73 ++ * With XEN PIRQ/Eventchannels in use PCI/MSI[-X] masking is solely
74 ++ * controlled by the hypervisor.
75 ++ */
76 ++ pci_msi_ignore_mask = 1;
77 + }
78 + #endif
79 +
80 +diff --git a/block/bio.c b/block/bio.c
81 +index 30df1b45dde84..1eaf319767023 100644
82 +--- a/block/bio.c
83 ++++ b/block/bio.c
84 +@@ -1657,7 +1657,7 @@ struct bio *bio_copy_kern(struct request_queue *q, void *data, unsigned int len,
85 + if (bytes > len)
86 + bytes = len;
87 +
88 +- page = alloc_page(q->bounce_gfp | gfp_mask);
89 ++ page = alloc_page(q->bounce_gfp | __GFP_ZERO | gfp_mask);
90 + if (!page)
91 + goto cleanup;
92 +
93 +diff --git a/drivers/acpi/sysfs.c b/drivers/acpi/sysfs.c
94 +index 3b7e23866b42a..63e4aa468ad6e 100644
95 +--- a/drivers/acpi/sysfs.c
96 ++++ b/drivers/acpi/sysfs.c
97 +@@ -436,18 +436,29 @@ static ssize_t acpi_data_show(struct file *filp, struct kobject *kobj,
98 + {
99 + struct acpi_data_attr *data_attr;
100 + void __iomem *base;
101 +- ssize_t rc;
102 ++ ssize_t size;
103 +
104 + data_attr = container_of(bin_attr, struct acpi_data_attr, attr);
105 ++ size = data_attr->attr.size;
106 ++
107 ++ if (offset < 0)
108 ++ return -EINVAL;
109 ++
110 ++ if (offset >= size)
111 ++ return 0;
112 +
113 +- base = acpi_os_map_memory(data_attr->addr, data_attr->attr.size);
114 ++ if (count > size - offset)
115 ++ count = size - offset;
116 ++
117 ++ base = acpi_os_map_iomem(data_attr->addr, size);
118 + if (!base)
119 + return -ENOMEM;
120 +- rc = memory_read_from_buffer(buf, count, &offset, base,
121 +- data_attr->attr.size);
122 +- acpi_os_unmap_memory(base, data_attr->attr.size);
123 +
124 +- return rc;
125 ++ memcpy_fromio(buf, base + offset, count);
126 ++
127 ++ acpi_os_unmap_iomem(base, size);
128 ++
129 ++ return count;
130 + }
131 +
132 + static int acpi_bert_data_init(void *th, struct acpi_data_attr *data_attr)
133 +diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c
134 +index 3ba67bc6baba0..80647eb071fd6 100644
135 +--- a/drivers/char/tpm/tpm_ibmvtpm.c
136 ++++ b/drivers/char/tpm/tpm_ibmvtpm.c
137 +@@ -692,6 +692,7 @@ static int tpm_ibmvtpm_probe(struct vio_dev *vio_dev,
138 + if (!wait_event_timeout(ibmvtpm->crq_queue.wq,
139 + ibmvtpm->rtce_buf != NULL,
140 + HZ)) {
141 ++ rc = -ENODEV;
142 + dev_err(dev, "CRQ response timed out\n");
143 + goto init_irq_cleanup;
144 + }
145 +diff --git a/drivers/gpu/drm/i915/intel_pm.c b/drivers/gpu/drm/i915/intel_pm.c
146 +index 0876346933460..dfee112d9e890 100644
147 +--- a/drivers/gpu/drm/i915/intel_pm.c
148 ++++ b/drivers/gpu/drm/i915/intel_pm.c
149 +@@ -2793,7 +2793,7 @@ hsw_compute_linetime_wm(const struct intel_crtc_state *cstate)
150 + }
151 +
152 + static void intel_read_wm_latency(struct drm_i915_private *dev_priv,
153 +- uint16_t wm[8])
154 ++ uint16_t wm[])
155 + {
156 + if (INTEL_GEN(dev_priv) >= 9) {
157 + uint32_t val;
158 +diff --git a/drivers/i2c/busses/i2c-thunderx-pcidrv.c b/drivers/i2c/busses/i2c-thunderx-pcidrv.c
159 +index df0976f4432a1..4f0456fe86914 100644
160 +--- a/drivers/i2c/busses/i2c-thunderx-pcidrv.c
161 ++++ b/drivers/i2c/busses/i2c-thunderx-pcidrv.c
162 +@@ -215,6 +215,7 @@ static int thunder_i2c_probe_pci(struct pci_dev *pdev,
163 + i2c->adap.bus_recovery_info = &octeon_i2c_recovery_info;
164 + i2c->adap.dev.parent = dev;
165 + i2c->adap.dev.of_node = pdev->dev.of_node;
166 ++ i2c->adap.dev.fwnode = dev->fwnode;
167 + snprintf(i2c->adap.name, sizeof(i2c->adap.name),
168 + "Cavium ThunderX i2c adapter at %s", dev_name(dev));
169 + i2c_set_adapdata(&i2c->adap, i2c);
170 +diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
171 +index 0b6d4337aaab6..353536ad46f36 100644
172 +--- a/drivers/md/dm-crypt.c
173 ++++ b/drivers/md/dm-crypt.c
174 +@@ -2942,6 +2942,11 @@ static int crypt_map(struct dm_target *ti, struct bio *bio)
175 + return DM_MAPIO_SUBMITTED;
176 + }
177 +
178 ++static char hex2asc(unsigned char c)
179 ++{
180 ++ return c + '0' + ((unsigned)(9 - c) >> 4 & 0x27);
181 ++}
182 ++
183 + static void crypt_status(struct dm_target *ti, status_type_t type,
184 + unsigned status_flags, char *result, unsigned maxlen)
185 + {
186 +@@ -2960,9 +2965,12 @@ static void crypt_status(struct dm_target *ti, status_type_t type,
187 + if (cc->key_size > 0) {
188 + if (cc->key_string)
189 + DMEMIT(":%u:%s", cc->key_size, cc->key_string);
190 +- else
191 +- for (i = 0; i < cc->key_size; i++)
192 +- DMEMIT("%02x", cc->key[i]);
193 ++ else {
194 ++ for (i = 0; i < cc->key_size; i++) {
195 ++ DMEMIT("%c%c", hex2asc(cc->key[i] >> 4),
196 ++ hex2asc(cc->key[i] & 0xf));
197 ++ }
198 ++ }
199 + } else
200 + DMEMIT("-");
201 +
202 +diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
203 +index b6ca5b1100db3..6579aa46f544f 100644
204 +--- a/drivers/md/dm-integrity.c
205 ++++ b/drivers/md/dm-integrity.c
206 +@@ -3156,8 +3156,6 @@ static int dm_integrity_ctr(struct dm_target *ti, unsigned argc, char **argv)
207 + }
208 +
209 + if (should_write_sb) {
210 +- int r;
211 +-
212 + init_journal(ic, 0, ic->journal_sections, 0);
213 + r = dm_integrity_failed(ic);
214 + if (unlikely(r)) {
215 +diff --git a/drivers/md/dm-stats.c b/drivers/md/dm-stats.c
216 +index a7868503d1352..9734f506ecfd8 100644
217 +--- a/drivers/md/dm-stats.c
218 ++++ b/drivers/md/dm-stats.c
219 +@@ -224,6 +224,7 @@ void dm_stats_cleanup(struct dm_stats *stats)
220 + atomic_read(&shared->in_flight[READ]),
221 + atomic_read(&shared->in_flight[WRITE]));
222 + }
223 ++ cond_resched();
224 + }
225 + dm_stat_free(&s->rcu_head);
226 + }
227 +@@ -312,6 +313,7 @@ static int dm_stats_create(struct dm_stats *stats, sector_t start, sector_t end,
228 + for (ni = 0; ni < n_entries; ni++) {
229 + atomic_set(&s->stat_shared[ni].in_flight[READ], 0);
230 + atomic_set(&s->stat_shared[ni].in_flight[WRITE], 0);
231 ++ cond_resched();
232 + }
233 +
234 + if (s->n_histogram_entries) {
235 +@@ -324,6 +326,7 @@ static int dm_stats_create(struct dm_stats *stats, sector_t start, sector_t end,
236 + for (ni = 0; ni < n_entries; ni++) {
237 + s->stat_shared[ni].tmp.histogram = hi;
238 + hi += s->n_histogram_entries + 1;
239 ++ cond_resched();
240 + }
241 + }
242 +
243 +@@ -344,6 +347,7 @@ static int dm_stats_create(struct dm_stats *stats, sector_t start, sector_t end,
244 + for (ni = 0; ni < n_entries; ni++) {
245 + p[ni].histogram = hi;
246 + hi += s->n_histogram_entries + 1;
247 ++ cond_resched();
248 + }
249 + }
250 + }
251 +@@ -473,6 +477,7 @@ static int dm_stats_list(struct dm_stats *stats, const char *program,
252 + }
253 + DMEMIT("\n");
254 + }
255 ++ cond_resched();
256 + }
257 + mutex_unlock(&stats->mutex);
258 +
259 +@@ -749,6 +754,7 @@ static void __dm_stat_clear(struct dm_stat *s, size_t idx_start, size_t idx_end,
260 + local_irq_enable();
261 + }
262 + }
263 ++ cond_resched();
264 + }
265 + }
266 +
267 +@@ -864,6 +870,8 @@ static int dm_stats_print(struct dm_stats *stats, int id,
268 +
269 + if (unlikely(sz + 1 >= maxlen))
270 + goto buffer_overflow;
271 ++
272 ++ cond_resched();
273 + }
274 +
275 + if (clear)
276 +diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
277 +index 2dae30713eb3d..77fca0432d25e 100644
278 +--- a/drivers/md/dm-verity-target.c
279 ++++ b/drivers/md/dm-verity-target.c
280 +@@ -1163,6 +1163,7 @@ bad:
281 +
282 + static struct target_type verity_target = {
283 + .name = "verity",
284 ++ .features = DM_TARGET_IMMUTABLE,
285 + .version = {1, 3, 0},
286 + .module = THIS_MODULE,
287 + .ctr = verity_ctr,
288 +diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c
289 +index f35c5dbe54ee8..a1caca6accf35 100644
290 +--- a/drivers/net/ethernet/faraday/ftgmac100.c
291 ++++ b/drivers/net/ethernet/faraday/ftgmac100.c
292 +@@ -1845,6 +1845,11 @@ static int ftgmac100_probe(struct platform_device *pdev)
293 + /* AST2400 doesn't have working HW checksum generation */
294 + if (np && (of_device_is_compatible(np, "aspeed,ast2400-mac")))
295 + netdev->hw_features &= ~NETIF_F_HW_CSUM;
296 ++
297 ++ /* AST2600 tx checksum with NCSI is broken */
298 ++ if (priv->use_ncsi && of_device_is_compatible(np, "aspeed,ast2600-mac"))
299 ++ netdev->hw_features &= ~NETIF_F_HW_CSUM;
300 ++
301 + if (np && of_get_property(np, "no-hw-checksum", NULL))
302 + netdev->hw_features &= ~(NETIF_F_HW_CSUM | NETIF_F_RXCSUM);
303 + netdev->features |= netdev->hw_features;
304 +diff --git a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c
305 +index d51f6c4529723..5afe958a9b4f7 100644
306 +--- a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c
307 ++++ b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c
308 +@@ -1438,9 +1438,11 @@ static int rtw_wx_set_scan(struct net_device *dev, struct iw_request_info *a,
309 +
310 + sec_len = *(pos++); len-= 1;
311 +
312 +- if (sec_len>0 && sec_len<=len) {
313 ++ if (sec_len > 0 &&
314 ++ sec_len <= len &&
315 ++ sec_len <= 32) {
316 + ssid[ssid_index].SsidLength = sec_len;
317 +- memcpy(ssid[ssid_index].Ssid, pos, ssid[ssid_index].SsidLength);
318 ++ memcpy(ssid[ssid_index].Ssid, pos, sec_len);
319 + /* DBG_871X("%s COMBO_SCAN with specific ssid:%s, %d\n", __func__ */
320 + /* , ssid[ssid_index].Ssid, ssid[ssid_index].SsidLength); */
321 + ssid_index++;
322 +diff --git a/fs/exec.c b/fs/exec.c
323 +index c72ccfa49f541..2e26ba4ff47e5 100644
324 +--- a/fs/exec.c
325 ++++ b/fs/exec.c
326 +@@ -1788,6 +1788,9 @@ static int do_execveat_common(int fd, struct filename *filename,
327 + goto out_unmark;
328 +
329 + bprm->argc = count(argv, MAX_ARG_STRINGS);
330 ++ if (bprm->argc == 0)
331 ++ pr_warn_once("process '%s' launched '%s' with NULL argv: empty string added\n",
332 ++ current->comm, bprm->filename);
333 + if ((retval = bprm->argc) < 0)
334 + goto out;
335 +
336 +@@ -1812,6 +1815,20 @@ static int do_execveat_common(int fd, struct filename *filename,
337 + if (retval < 0)
338 + goto out;
339 +
340 ++ /*
341 ++ * When argv is empty, add an empty string ("") as argv[0] to
342 ++ * ensure confused userspace programs that start processing
343 ++ * from argv[1] won't end up walking envp. See also
344 ++ * bprm_stack_limits().
345 ++ */
346 ++ if (bprm->argc == 0) {
347 ++ const char *argv[] = { "", NULL };
348 ++ retval = copy_strings_kernel(1, argv, bprm);
349 ++ if (retval < 0)
350 ++ goto out;
351 ++ bprm->argc = 1;
352 ++ }
353 ++
354 + retval = exec_binprm(bprm);
355 + if (retval < 0)
356 + goto out;
357 +diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
358 +index 6720c82ac3515..2adbf471d1073 100644
359 +--- a/fs/nfsd/nfs4state.c
360 ++++ b/fs/nfsd/nfs4state.c
361 +@@ -6351,16 +6351,12 @@ nfsd4_release_lockowner(struct svc_rqst *rqstp,
362 + if (sop->so_is_open_owner || !same_owner_str(sop, owner))
363 + continue;
364 +
365 +- /* see if there are still any locks associated with it */
366 +- lo = lockowner(sop);
367 +- list_for_each_entry(stp, &sop->so_stateids, st_perstateowner) {
368 +- if (check_for_locks(stp->st_stid.sc_file, lo)) {
369 +- status = nfserr_locks_held;
370 +- spin_unlock(&clp->cl_lock);
371 +- return status;
372 +- }
373 ++ if (atomic_read(&sop->so_count) != 1) {
374 ++ spin_unlock(&clp->cl_lock);
375 ++ return nfserr_locks_held;
376 + }
377 +
378 ++ lo = lockowner(sop);
379 + nfs4_get_stateowner(sop);
380 + break;
381 + }
382 +diff --git a/include/net/inet_hashtables.h b/include/net/inet_hashtables.h
383 +index e5f4d27114048..e079478bf5c90 100644
384 +--- a/include/net/inet_hashtables.h
385 ++++ b/include/net/inet_hashtables.h
386 +@@ -390,7 +390,7 @@ static inline void sk_rcv_saddr_set(struct sock *sk, __be32 addr)
387 + }
388 +
389 + int __inet_hash_connect(struct inet_timewait_death_row *death_row,
390 +- struct sock *sk, u32 port_offset,
391 ++ struct sock *sk, u64 port_offset,
392 + int (*check_established)(struct inet_timewait_death_row *,
393 + struct sock *, __u16,
394 + struct inet_timewait_sock **));
395 +diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
396 +index 9b5e7634713e4..1bbedb75de711 100644
397 +--- a/include/net/netfilter/nf_conntrack_core.h
398 ++++ b/include/net/netfilter/nf_conntrack_core.h
399 +@@ -67,8 +67,13 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb)
400 + int ret = NF_ACCEPT;
401 +
402 + if (ct) {
403 +- if (!nf_ct_is_confirmed(ct))
404 ++ if (!nf_ct_is_confirmed(ct)) {
405 + ret = __nf_conntrack_confirm(skb);
406 ++
407 ++ if (ret == NF_ACCEPT)
408 ++ ct = (struct nf_conn *)skb_nfct(skb);
409 ++ }
410 ++
411 + if (likely(ret == NF_ACCEPT))
412 + nf_ct_deliver_cached_events(ct);
413 + }
414 +diff --git a/include/net/secure_seq.h b/include/net/secure_seq.h
415 +index d7d2495f83c27..dac91aa38c5af 100644
416 +--- a/include/net/secure_seq.h
417 ++++ b/include/net/secure_seq.h
418 +@@ -4,8 +4,8 @@
419 +
420 + #include <linux/types.h>
421 +
422 +-u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport);
423 +-u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
424 ++u64 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport);
425 ++u64 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
426 + __be16 dport);
427 + u32 secure_tcp_seq(__be32 saddr, __be32 daddr,
428 + __be16 sport, __be16 dport);
429 +diff --git a/lib/assoc_array.c b/lib/assoc_array.c
430 +index 9463d3445ccd8..b40edebd5123a 100644
431 +--- a/lib/assoc_array.c
432 ++++ b/lib/assoc_array.c
433 +@@ -1478,6 +1478,7 @@ int assoc_array_gc(struct assoc_array *array,
434 + struct assoc_array_ptr *cursor, *ptr;
435 + struct assoc_array_ptr *new_root, *new_parent, **new_ptr_pp;
436 + unsigned long nr_leaves_on_tree;
437 ++ bool retained;
438 + int keylen, slot, nr_free, next_slot, i;
439 +
440 + pr_devel("-->%s()\n", __func__);
441 +@@ -1554,6 +1555,7 @@ continue_node:
442 + goto descend;
443 + }
444 +
445 ++retry_compress:
446 + pr_devel("-- compress node %p --\n", new_n);
447 +
448 + /* Count up the number of empty slots in this node and work out the
449 +@@ -1571,6 +1573,7 @@ continue_node:
450 + pr_devel("free=%d, leaves=%lu\n", nr_free, new_n->nr_leaves_on_branch);
451 +
452 + /* See what we can fold in */
453 ++ retained = false;
454 + next_slot = 0;
455 + for (slot = 0; slot < ASSOC_ARRAY_FAN_OUT; slot++) {
456 + struct assoc_array_shortcut *s;
457 +@@ -1620,9 +1623,14 @@ continue_node:
458 + pr_devel("[%d] retain node %lu/%d [nx %d]\n",
459 + slot, child->nr_leaves_on_branch, nr_free + 1,
460 + next_slot);
461 ++ retained = true;
462 + }
463 + }
464 +
465 ++ if (retained && new_n->nr_leaves_on_branch <= ASSOC_ARRAY_FAN_OUT) {
466 ++ pr_devel("internal nodes remain despite enough space, retrying\n");
467 ++ goto retry_compress;
468 ++ }
469 + pr_devel("after: %lu\n", new_n->nr_leaves_on_branch);
470 +
471 + nr_leaves_on_tree = new_n->nr_leaves_on_branch;
472 +diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c
473 +index 6cdb49ae00010..fd706edd66ff9 100644
474 +--- a/mm/zsmalloc.c
475 ++++ b/mm/zsmalloc.c
476 +@@ -952,11 +952,40 @@ static void reset_page(struct page *page)
477 + */
478 + void lock_zspage(struct zspage *zspage)
479 + {
480 +- struct page *page = get_first_page(zspage);
481 ++ struct page *curr_page, *page;
482 +
483 +- do {
484 +- lock_page(page);
485 +- } while ((page = get_next_page(page)) != NULL);
486 ++ /*
487 ++ * Pages we haven't locked yet can be migrated off the list while we're
488 ++ * trying to lock them, so we need to be careful and only attempt to
489 ++ * lock each page under migrate_read_lock(). Otherwise, the page we lock
490 ++ * may no longer belong to the zspage. This means that we may wait for
491 ++ * the wrong page to unlock, so we must take a reference to the page
492 ++ * prior to waiting for it to unlock outside migrate_read_lock().
493 ++ */
494 ++ while (1) {
495 ++ migrate_read_lock(zspage);
496 ++ page = get_first_page(zspage);
497 ++ if (trylock_page(page))
498 ++ break;
499 ++ get_page(page);
500 ++ migrate_read_unlock(zspage);
501 ++ wait_on_page_locked(page);
502 ++ put_page(page);
503 ++ }
504 ++
505 ++ curr_page = page;
506 ++ while ((page = get_next_page(curr_page))) {
507 ++ if (trylock_page(page)) {
508 ++ curr_page = page;
509 ++ } else {
510 ++ get_page(page);
511 ++ migrate_read_unlock(zspage);
512 ++ wait_on_page_locked(page);
513 ++ put_page(page);
514 ++ migrate_read_lock(zspage);
515 ++ }
516 ++ }
517 ++ migrate_read_unlock(zspage);
518 + }
519 +
520 + int trylock_zspage(struct zspage *zspage)
521 +diff --git a/net/core/filter.c b/net/core/filter.c
522 +index 9b934767a1d86..afe27343051fd 100644
523 +--- a/net/core/filter.c
524 ++++ b/net/core/filter.c
525 +@@ -1443,7 +1443,7 @@ BPF_CALL_5(bpf_skb_store_bytes, struct sk_buff *, skb, u32, offset,
526 +
527 + if (unlikely(flags & ~(BPF_F_RECOMPUTE_CSUM | BPF_F_INVALIDATE_HASH)))
528 + return -EINVAL;
529 +- if (unlikely(offset > 0xffff))
530 ++ if (unlikely(offset > INT_MAX))
531 + return -EFAULT;
532 + if (unlikely(bpf_try_make_writable(skb, offset + len)))
533 + return -EFAULT;
534 +@@ -1478,7 +1478,7 @@ BPF_CALL_4(bpf_skb_load_bytes, const struct sk_buff *, skb, u32, offset,
535 + {
536 + void *ptr;
537 +
538 +- if (unlikely(offset > 0xffff))
539 ++ if (unlikely(offset > INT_MAX))
540 + goto err_clear;
541 +
542 + ptr = skb_header_pointer(skb, offset, len, to);
543 +diff --git a/net/core/secure_seq.c b/net/core/secure_seq.c
544 +index 17683aea8a355..4aaae92209087 100644
545 +--- a/net/core/secure_seq.c
546 ++++ b/net/core/secure_seq.c
547 +@@ -96,7 +96,7 @@ u32 secure_tcpv6_seq(const __be32 *saddr, const __be32 *daddr,
548 + }
549 + EXPORT_SYMBOL(secure_tcpv6_seq);
550 +
551 +-u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
552 ++u64 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
553 + __be16 dport)
554 + {
555 + const struct {
556 +@@ -145,7 +145,7 @@ u32 secure_tcp_seq(__be32 saddr, __be32 daddr,
557 + return seq_scale(hash);
558 + }
559 +
560 +-u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport)
561 ++u64 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport)
562 + {
563 + net_secret_init();
564 + return siphash_4u32((__force u32)saddr, (__force u32)daddr,
565 +diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
566 +index 1346e45cf8d13..1ebad5a024a7d 100644
567 +--- a/net/ipv4/inet_hashtables.c
568 ++++ b/net/ipv4/inet_hashtables.c
569 +@@ -389,7 +389,7 @@ not_unique:
570 + return -EADDRNOTAVAIL;
571 + }
572 +
573 +-static u32 inet_sk_port_offset(const struct sock *sk)
574 ++static u64 inet_sk_port_offset(const struct sock *sk)
575 + {
576 + const struct inet_sock *inet = inet_sk(sk);
577 +
578 +@@ -587,8 +587,19 @@ void inet_unhash(struct sock *sk)
579 + }
580 + EXPORT_SYMBOL_GPL(inet_unhash);
581 +
582 ++/* RFC 6056 3.3.4. Algorithm 4: Double-Hash Port Selection Algorithm
583 ++ * Note that we use 32bit integers (vs RFC 'short integers')
584 ++ * because 2^16 is not a multiple of num_ephemeral and this
585 ++ * property might be used by clever attacker.
586 ++ * RFC claims using TABLE_LENGTH=10 buckets gives an improvement,
587 ++ * we use 256 instead to really give more isolation and
588 ++ * privacy, this only consumes 1 KB of kernel memory.
589 ++ */
590 ++#define INET_TABLE_PERTURB_SHIFT 8
591 ++static u32 table_perturb[1 << INET_TABLE_PERTURB_SHIFT];
592 ++
593 + int __inet_hash_connect(struct inet_timewait_death_row *death_row,
594 +- struct sock *sk, u32 port_offset,
595 ++ struct sock *sk, u64 port_offset,
596 + int (*check_established)(struct inet_timewait_death_row *,
597 + struct sock *, __u16, struct inet_timewait_sock **))
598 + {
599 +@@ -600,7 +611,7 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row,
600 + struct inet_bind_bucket *tb;
601 + u32 remaining, offset;
602 + int ret, i, low, high;
603 +- static u32 hint;
604 ++ u32 index;
605 +
606 + if (port) {
607 + head = &hinfo->bhash[inet_bhashfn(net, port,
608 +@@ -625,7 +636,12 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row,
609 + if (likely(remaining > 1))
610 + remaining &= ~1U;
611 +
612 +- offset = (hint + port_offset) % remaining;
613 ++ net_get_random_once(table_perturb, sizeof(table_perturb));
614 ++ index = hash_32(port_offset, INET_TABLE_PERTURB_SHIFT);
615 ++
616 ++ offset = READ_ONCE(table_perturb[index]) + port_offset;
617 ++ offset %= remaining;
618 ++
619 + /* In first pass we try ports of @low parity.
620 + * inet_csk_get_port() does the opposite choice.
621 + */
622 +@@ -678,7 +694,7 @@ next_port:
623 + return -EADDRNOTAVAIL;
624 +
625 + ok:
626 +- hint += i + 2;
627 ++ WRITE_ONCE(table_perturb[index], READ_ONCE(table_perturb[index]) + i + 2);
628 +
629 + /* Head lock still held and bh's disabled */
630 + inet_bind_hash(sk, tb, port);
631 +@@ -701,7 +717,7 @@ ok:
632 + int inet_hash_connect(struct inet_timewait_death_row *death_row,
633 + struct sock *sk)
634 + {
635 +- u32 port_offset = 0;
636 ++ u64 port_offset = 0;
637 +
638 + if (!inet_sk(sk)->inet_num)
639 + port_offset = inet_sk_port_offset(sk);
640 +diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c
641 +index 24a21979d7dff..7d83ab627b090 100644
642 +--- a/net/ipv6/inet6_hashtables.c
643 ++++ b/net/ipv6/inet6_hashtables.c
644 +@@ -248,7 +248,7 @@ not_unique:
645 + return -EADDRNOTAVAIL;
646 + }
647 +
648 +-static u32 inet6_sk_port_offset(const struct sock *sk)
649 ++static u64 inet6_sk_port_offset(const struct sock *sk)
650 + {
651 + const struct inet_sock *inet = inet_sk(sk);
652 +
653 +@@ -260,7 +260,7 @@ static u32 inet6_sk_port_offset(const struct sock *sk)
654 + int inet6_hash_connect(struct inet_timewait_death_row *death_row,
655 + struct sock *sk)
656 + {
657 +- u32 port_offset = 0;
658 ++ u64 port_offset = 0;
659 +
660 + if (!inet_sk(sk)->inet_num)
661 + port_offset = inet6_sk_port_offset(sk);
662 +diff --git a/net/key/af_key.c b/net/key/af_key.c
663 +index 3d5a460801699..990de0702b799 100644
664 +--- a/net/key/af_key.c
665 ++++ b/net/key/af_key.c
666 +@@ -2908,7 +2908,7 @@ static int count_ah_combs(const struct xfrm_tmpl *t)
667 + break;
668 + if (!aalg->pfkey_supported)
669 + continue;
670 +- if (aalg_tmpl_set(t, aalg))
671 ++ if (aalg_tmpl_set(t, aalg) && aalg->available)
672 + sz += sizeof(struct sadb_comb);
673 + }
674 + return sz + sizeof(struct sadb_prop);
675 +@@ -2926,7 +2926,7 @@ static int count_esp_combs(const struct xfrm_tmpl *t)
676 + if (!ealg->pfkey_supported)
677 + continue;
678 +
679 +- if (!(ealg_tmpl_set(t, ealg)))
680 ++ if (!(ealg_tmpl_set(t, ealg) && ealg->available))
681 + continue;
682 +
683 + for (k = 1; ; k++) {
684 +@@ -2937,7 +2937,7 @@ static int count_esp_combs(const struct xfrm_tmpl *t)
685 + if (!aalg->pfkey_supported)
686 + continue;
687 +
688 +- if (aalg_tmpl_set(t, aalg))
689 ++ if (aalg_tmpl_set(t, aalg) && aalg->available)
690 + sz += sizeof(struct sadb_comb);
691 + }
692 + }
Report Message
Find on MARC Find on Google Groups