1 |
commit: 68c21b21a924fff8e53720a1331913ab3ad8e2b6 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Jun 6 11:06:38 2022 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Jun 6 11:06:38 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=68c21b21 |
7 |
|
8 |
Linux patch 4.14.282 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1281_linux-4.14.282.patch | 655 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 659 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 3e951bdc..7ebbc726 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -1171,6 +1171,10 @@ Patch: 1280_linux-4.14.281.patch |
21 |
From: https://www.kernel.org |
22 |
Desc: Linux 4.14.281 |
23 |
|
24 |
+Patch: 1281_linux-4.14.282.patch |
25 |
+From: https://www.kernel.org |
26 |
+Desc: Linux 4.14.282 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1281_linux-4.14.282.patch b/1281_linux-4.14.282.patch |
33 |
new file mode 100644 |
34 |
index 00000000..ac87d109 |
35 |
--- /dev/null |
36 |
+++ b/1281_linux-4.14.282.patch |
37 |
@@ -0,0 +1,655 @@ |
38 |
+diff --git a/Documentation/process/submitting-patches.rst b/Documentation/process/submitting-patches.rst |
39 |
+index 733478ade91b5..db27ab65387e9 100644 |
40 |
+--- a/Documentation/process/submitting-patches.rst |
41 |
++++ b/Documentation/process/submitting-patches.rst |
42 |
+@@ -133,7 +133,7 @@ as you intend it to. |
43 |
+ |
44 |
+ The maintainer will thank you if you write your patch description in a |
45 |
+ form which can be easily pulled into Linux's source code management |
46 |
+-system, ``git``, as a "commit log". See :ref:`explicit_in_reply_to`. |
47 |
++system, ``git``, as a "commit log". See :ref:`the_canonical_patch_format`. |
48 |
+ |
49 |
+ Solve only one problem per patch. If your description starts to get |
50 |
+ long, that's a sign that you probably need to split up your patch. |
51 |
+diff --git a/Makefile b/Makefile |
52 |
+index 20ad87b8bd564..14820e213362f 100644 |
53 |
+--- a/Makefile |
54 |
++++ b/Makefile |
55 |
+@@ -1,7 +1,7 @@ |
56 |
+ # SPDX-License-Identifier: GPL-2.0 |
57 |
+ VERSION = 4 |
58 |
+ PATCHLEVEL = 14 |
59 |
+-SUBLEVEL = 281 |
60 |
++SUBLEVEL = 282 |
61 |
+ EXTRAVERSION = |
62 |
+ NAME = Petit Gorille |
63 |
+ |
64 |
+diff --git a/arch/x86/pci/xen.c b/arch/x86/pci/xen.c |
65 |
+index c4b3646bd04c8..7135f35f9de73 100644 |
66 |
+--- a/arch/x86/pci/xen.c |
67 |
++++ b/arch/x86/pci/xen.c |
68 |
+@@ -442,6 +442,11 @@ void __init xen_msi_init(void) |
69 |
+ |
70 |
+ x86_msi.setup_msi_irqs = xen_hvm_setup_msi_irqs; |
71 |
+ x86_msi.teardown_msi_irq = xen_teardown_msi_irq; |
72 |
++ /* |
73 |
++ * With XEN PIRQ/Eventchannels in use PCI/MSI[-X] masking is solely |
74 |
++ * controlled by the hypervisor. |
75 |
++ */ |
76 |
++ pci_msi_ignore_mask = 1; |
77 |
+ } |
78 |
+ #endif |
79 |
+ |
80 |
+diff --git a/block/bio.c b/block/bio.c |
81 |
+index 30df1b45dde84..1eaf319767023 100644 |
82 |
+--- a/block/bio.c |
83 |
++++ b/block/bio.c |
84 |
+@@ -1657,7 +1657,7 @@ struct bio *bio_copy_kern(struct request_queue *q, void *data, unsigned int len, |
85 |
+ if (bytes > len) |
86 |
+ bytes = len; |
87 |
+ |
88 |
+- page = alloc_page(q->bounce_gfp | gfp_mask); |
89 |
++ page = alloc_page(q->bounce_gfp | __GFP_ZERO | gfp_mask); |
90 |
+ if (!page) |
91 |
+ goto cleanup; |
92 |
+ |
93 |
+diff --git a/drivers/acpi/sysfs.c b/drivers/acpi/sysfs.c |
94 |
+index 3b7e23866b42a..63e4aa468ad6e 100644 |
95 |
+--- a/drivers/acpi/sysfs.c |
96 |
++++ b/drivers/acpi/sysfs.c |
97 |
+@@ -436,18 +436,29 @@ static ssize_t acpi_data_show(struct file *filp, struct kobject *kobj, |
98 |
+ { |
99 |
+ struct acpi_data_attr *data_attr; |
100 |
+ void __iomem *base; |
101 |
+- ssize_t rc; |
102 |
++ ssize_t size; |
103 |
+ |
104 |
+ data_attr = container_of(bin_attr, struct acpi_data_attr, attr); |
105 |
++ size = data_attr->attr.size; |
106 |
++ |
107 |
++ if (offset < 0) |
108 |
++ return -EINVAL; |
109 |
++ |
110 |
++ if (offset >= size) |
111 |
++ return 0; |
112 |
+ |
113 |
+- base = acpi_os_map_memory(data_attr->addr, data_attr->attr.size); |
114 |
++ if (count > size - offset) |
115 |
++ count = size - offset; |
116 |
++ |
117 |
++ base = acpi_os_map_iomem(data_attr->addr, size); |
118 |
+ if (!base) |
119 |
+ return -ENOMEM; |
120 |
+- rc = memory_read_from_buffer(buf, count, &offset, base, |
121 |
+- data_attr->attr.size); |
122 |
+- acpi_os_unmap_memory(base, data_attr->attr.size); |
123 |
+ |
124 |
+- return rc; |
125 |
++ memcpy_fromio(buf, base + offset, count); |
126 |
++ |
127 |
++ acpi_os_unmap_iomem(base, size); |
128 |
++ |
129 |
++ return count; |
130 |
+ } |
131 |
+ |
132 |
+ static int acpi_bert_data_init(void *th, struct acpi_data_attr *data_attr) |
133 |
+diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c |
134 |
+index 3ba67bc6baba0..80647eb071fd6 100644 |
135 |
+--- a/drivers/char/tpm/tpm_ibmvtpm.c |
136 |
++++ b/drivers/char/tpm/tpm_ibmvtpm.c |
137 |
+@@ -692,6 +692,7 @@ static int tpm_ibmvtpm_probe(struct vio_dev *vio_dev, |
138 |
+ if (!wait_event_timeout(ibmvtpm->crq_queue.wq, |
139 |
+ ibmvtpm->rtce_buf != NULL, |
140 |
+ HZ)) { |
141 |
++ rc = -ENODEV; |
142 |
+ dev_err(dev, "CRQ response timed out\n"); |
143 |
+ goto init_irq_cleanup; |
144 |
+ } |
145 |
+diff --git a/drivers/gpu/drm/i915/intel_pm.c b/drivers/gpu/drm/i915/intel_pm.c |
146 |
+index 0876346933460..dfee112d9e890 100644 |
147 |
+--- a/drivers/gpu/drm/i915/intel_pm.c |
148 |
++++ b/drivers/gpu/drm/i915/intel_pm.c |
149 |
+@@ -2793,7 +2793,7 @@ hsw_compute_linetime_wm(const struct intel_crtc_state *cstate) |
150 |
+ } |
151 |
+ |
152 |
+ static void intel_read_wm_latency(struct drm_i915_private *dev_priv, |
153 |
+- uint16_t wm[8]) |
154 |
++ uint16_t wm[]) |
155 |
+ { |
156 |
+ if (INTEL_GEN(dev_priv) >= 9) { |
157 |
+ uint32_t val; |
158 |
+diff --git a/drivers/i2c/busses/i2c-thunderx-pcidrv.c b/drivers/i2c/busses/i2c-thunderx-pcidrv.c |
159 |
+index df0976f4432a1..4f0456fe86914 100644 |
160 |
+--- a/drivers/i2c/busses/i2c-thunderx-pcidrv.c |
161 |
++++ b/drivers/i2c/busses/i2c-thunderx-pcidrv.c |
162 |
+@@ -215,6 +215,7 @@ static int thunder_i2c_probe_pci(struct pci_dev *pdev, |
163 |
+ i2c->adap.bus_recovery_info = &octeon_i2c_recovery_info; |
164 |
+ i2c->adap.dev.parent = dev; |
165 |
+ i2c->adap.dev.of_node = pdev->dev.of_node; |
166 |
++ i2c->adap.dev.fwnode = dev->fwnode; |
167 |
+ snprintf(i2c->adap.name, sizeof(i2c->adap.name), |
168 |
+ "Cavium ThunderX i2c adapter at %s", dev_name(dev)); |
169 |
+ i2c_set_adapdata(&i2c->adap, i2c); |
170 |
+diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c |
171 |
+index 0b6d4337aaab6..353536ad46f36 100644 |
172 |
+--- a/drivers/md/dm-crypt.c |
173 |
++++ b/drivers/md/dm-crypt.c |
174 |
+@@ -2942,6 +2942,11 @@ static int crypt_map(struct dm_target *ti, struct bio *bio) |
175 |
+ return DM_MAPIO_SUBMITTED; |
176 |
+ } |
177 |
+ |
178 |
++static char hex2asc(unsigned char c) |
179 |
++{ |
180 |
++ return c + '0' + ((unsigned)(9 - c) >> 4 & 0x27); |
181 |
++} |
182 |
++ |
183 |
+ static void crypt_status(struct dm_target *ti, status_type_t type, |
184 |
+ unsigned status_flags, char *result, unsigned maxlen) |
185 |
+ { |
186 |
+@@ -2960,9 +2965,12 @@ static void crypt_status(struct dm_target *ti, status_type_t type, |
187 |
+ if (cc->key_size > 0) { |
188 |
+ if (cc->key_string) |
189 |
+ DMEMIT(":%u:%s", cc->key_size, cc->key_string); |
190 |
+- else |
191 |
+- for (i = 0; i < cc->key_size; i++) |
192 |
+- DMEMIT("%02x", cc->key[i]); |
193 |
++ else { |
194 |
++ for (i = 0; i < cc->key_size; i++) { |
195 |
++ DMEMIT("%c%c", hex2asc(cc->key[i] >> 4), |
196 |
++ hex2asc(cc->key[i] & 0xf)); |
197 |
++ } |
198 |
++ } |
199 |
+ } else |
200 |
+ DMEMIT("-"); |
201 |
+ |
202 |
+diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c |
203 |
+index b6ca5b1100db3..6579aa46f544f 100644 |
204 |
+--- a/drivers/md/dm-integrity.c |
205 |
++++ b/drivers/md/dm-integrity.c |
206 |
+@@ -3156,8 +3156,6 @@ static int dm_integrity_ctr(struct dm_target *ti, unsigned argc, char **argv) |
207 |
+ } |
208 |
+ |
209 |
+ if (should_write_sb) { |
210 |
+- int r; |
211 |
+- |
212 |
+ init_journal(ic, 0, ic->journal_sections, 0); |
213 |
+ r = dm_integrity_failed(ic); |
214 |
+ if (unlikely(r)) { |
215 |
+diff --git a/drivers/md/dm-stats.c b/drivers/md/dm-stats.c |
216 |
+index a7868503d1352..9734f506ecfd8 100644 |
217 |
+--- a/drivers/md/dm-stats.c |
218 |
++++ b/drivers/md/dm-stats.c |
219 |
+@@ -224,6 +224,7 @@ void dm_stats_cleanup(struct dm_stats *stats) |
220 |
+ atomic_read(&shared->in_flight[READ]), |
221 |
+ atomic_read(&shared->in_flight[WRITE])); |
222 |
+ } |
223 |
++ cond_resched(); |
224 |
+ } |
225 |
+ dm_stat_free(&s->rcu_head); |
226 |
+ } |
227 |
+@@ -312,6 +313,7 @@ static int dm_stats_create(struct dm_stats *stats, sector_t start, sector_t end, |
228 |
+ for (ni = 0; ni < n_entries; ni++) { |
229 |
+ atomic_set(&s->stat_shared[ni].in_flight[READ], 0); |
230 |
+ atomic_set(&s->stat_shared[ni].in_flight[WRITE], 0); |
231 |
++ cond_resched(); |
232 |
+ } |
233 |
+ |
234 |
+ if (s->n_histogram_entries) { |
235 |
+@@ -324,6 +326,7 @@ static int dm_stats_create(struct dm_stats *stats, sector_t start, sector_t end, |
236 |
+ for (ni = 0; ni < n_entries; ni++) { |
237 |
+ s->stat_shared[ni].tmp.histogram = hi; |
238 |
+ hi += s->n_histogram_entries + 1; |
239 |
++ cond_resched(); |
240 |
+ } |
241 |
+ } |
242 |
+ |
243 |
+@@ -344,6 +347,7 @@ static int dm_stats_create(struct dm_stats *stats, sector_t start, sector_t end, |
244 |
+ for (ni = 0; ni < n_entries; ni++) { |
245 |
+ p[ni].histogram = hi; |
246 |
+ hi += s->n_histogram_entries + 1; |
247 |
++ cond_resched(); |
248 |
+ } |
249 |
+ } |
250 |
+ } |
251 |
+@@ -473,6 +477,7 @@ static int dm_stats_list(struct dm_stats *stats, const char *program, |
252 |
+ } |
253 |
+ DMEMIT("\n"); |
254 |
+ } |
255 |
++ cond_resched(); |
256 |
+ } |
257 |
+ mutex_unlock(&stats->mutex); |
258 |
+ |
259 |
+@@ -749,6 +754,7 @@ static void __dm_stat_clear(struct dm_stat *s, size_t idx_start, size_t idx_end, |
260 |
+ local_irq_enable(); |
261 |
+ } |
262 |
+ } |
263 |
++ cond_resched(); |
264 |
+ } |
265 |
+ } |
266 |
+ |
267 |
+@@ -864,6 +870,8 @@ static int dm_stats_print(struct dm_stats *stats, int id, |
268 |
+ |
269 |
+ if (unlikely(sz + 1 >= maxlen)) |
270 |
+ goto buffer_overflow; |
271 |
++ |
272 |
++ cond_resched(); |
273 |
+ } |
274 |
+ |
275 |
+ if (clear) |
276 |
+diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c |
277 |
+index 2dae30713eb3d..77fca0432d25e 100644 |
278 |
+--- a/drivers/md/dm-verity-target.c |
279 |
++++ b/drivers/md/dm-verity-target.c |
280 |
+@@ -1163,6 +1163,7 @@ bad: |
281 |
+ |
282 |
+ static struct target_type verity_target = { |
283 |
+ .name = "verity", |
284 |
++ .features = DM_TARGET_IMMUTABLE, |
285 |
+ .version = {1, 3, 0}, |
286 |
+ .module = THIS_MODULE, |
287 |
+ .ctr = verity_ctr, |
288 |
+diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c |
289 |
+index f35c5dbe54ee8..a1caca6accf35 100644 |
290 |
+--- a/drivers/net/ethernet/faraday/ftgmac100.c |
291 |
++++ b/drivers/net/ethernet/faraday/ftgmac100.c |
292 |
+@@ -1845,6 +1845,11 @@ static int ftgmac100_probe(struct platform_device *pdev) |
293 |
+ /* AST2400 doesn't have working HW checksum generation */ |
294 |
+ if (np && (of_device_is_compatible(np, "aspeed,ast2400-mac"))) |
295 |
+ netdev->hw_features &= ~NETIF_F_HW_CSUM; |
296 |
++ |
297 |
++ /* AST2600 tx checksum with NCSI is broken */ |
298 |
++ if (priv->use_ncsi && of_device_is_compatible(np, "aspeed,ast2600-mac")) |
299 |
++ netdev->hw_features &= ~NETIF_F_HW_CSUM; |
300 |
++ |
301 |
+ if (np && of_get_property(np, "no-hw-checksum", NULL)) |
302 |
+ netdev->hw_features &= ~(NETIF_F_HW_CSUM | NETIF_F_RXCSUM); |
303 |
+ netdev->features |= netdev->hw_features; |
304 |
+diff --git a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c |
305 |
+index d51f6c4529723..5afe958a9b4f7 100644 |
306 |
+--- a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c |
307 |
++++ b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c |
308 |
+@@ -1438,9 +1438,11 @@ static int rtw_wx_set_scan(struct net_device *dev, struct iw_request_info *a, |
309 |
+ |
310 |
+ sec_len = *(pos++); len-= 1; |
311 |
+ |
312 |
+- if (sec_len>0 && sec_len<=len) { |
313 |
++ if (sec_len > 0 && |
314 |
++ sec_len <= len && |
315 |
++ sec_len <= 32) { |
316 |
+ ssid[ssid_index].SsidLength = sec_len; |
317 |
+- memcpy(ssid[ssid_index].Ssid, pos, ssid[ssid_index].SsidLength); |
318 |
++ memcpy(ssid[ssid_index].Ssid, pos, sec_len); |
319 |
+ /* DBG_871X("%s COMBO_SCAN with specific ssid:%s, %d\n", __func__ */ |
320 |
+ /* , ssid[ssid_index].Ssid, ssid[ssid_index].SsidLength); */ |
321 |
+ ssid_index++; |
322 |
+diff --git a/fs/exec.c b/fs/exec.c |
323 |
+index c72ccfa49f541..2e26ba4ff47e5 100644 |
324 |
+--- a/fs/exec.c |
325 |
++++ b/fs/exec.c |
326 |
+@@ -1788,6 +1788,9 @@ static int do_execveat_common(int fd, struct filename *filename, |
327 |
+ goto out_unmark; |
328 |
+ |
329 |
+ bprm->argc = count(argv, MAX_ARG_STRINGS); |
330 |
++ if (bprm->argc == 0) |
331 |
++ pr_warn_once("process '%s' launched '%s' with NULL argv: empty string added\n", |
332 |
++ current->comm, bprm->filename); |
333 |
+ if ((retval = bprm->argc) < 0) |
334 |
+ goto out; |
335 |
+ |
336 |
+@@ -1812,6 +1815,20 @@ static int do_execveat_common(int fd, struct filename *filename, |
337 |
+ if (retval < 0) |
338 |
+ goto out; |
339 |
+ |
340 |
++ /* |
341 |
++ * When argv is empty, add an empty string ("") as argv[0] to |
342 |
++ * ensure confused userspace programs that start processing |
343 |
++ * from argv[1] won't end up walking envp. See also |
344 |
++ * bprm_stack_limits(). |
345 |
++ */ |
346 |
++ if (bprm->argc == 0) { |
347 |
++ const char *argv[] = { "", NULL }; |
348 |
++ retval = copy_strings_kernel(1, argv, bprm); |
349 |
++ if (retval < 0) |
350 |
++ goto out; |
351 |
++ bprm->argc = 1; |
352 |
++ } |
353 |
++ |
354 |
+ retval = exec_binprm(bprm); |
355 |
+ if (retval < 0) |
356 |
+ goto out; |
357 |
+diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c |
358 |
+index 6720c82ac3515..2adbf471d1073 100644 |
359 |
+--- a/fs/nfsd/nfs4state.c |
360 |
++++ b/fs/nfsd/nfs4state.c |
361 |
+@@ -6351,16 +6351,12 @@ nfsd4_release_lockowner(struct svc_rqst *rqstp, |
362 |
+ if (sop->so_is_open_owner || !same_owner_str(sop, owner)) |
363 |
+ continue; |
364 |
+ |
365 |
+- /* see if there are still any locks associated with it */ |
366 |
+- lo = lockowner(sop); |
367 |
+- list_for_each_entry(stp, &sop->so_stateids, st_perstateowner) { |
368 |
+- if (check_for_locks(stp->st_stid.sc_file, lo)) { |
369 |
+- status = nfserr_locks_held; |
370 |
+- spin_unlock(&clp->cl_lock); |
371 |
+- return status; |
372 |
+- } |
373 |
++ if (atomic_read(&sop->so_count) != 1) { |
374 |
++ spin_unlock(&clp->cl_lock); |
375 |
++ return nfserr_locks_held; |
376 |
+ } |
377 |
+ |
378 |
++ lo = lockowner(sop); |
379 |
+ nfs4_get_stateowner(sop); |
380 |
+ break; |
381 |
+ } |
382 |
+diff --git a/include/net/inet_hashtables.h b/include/net/inet_hashtables.h |
383 |
+index e5f4d27114048..e079478bf5c90 100644 |
384 |
+--- a/include/net/inet_hashtables.h |
385 |
++++ b/include/net/inet_hashtables.h |
386 |
+@@ -390,7 +390,7 @@ static inline void sk_rcv_saddr_set(struct sock *sk, __be32 addr) |
387 |
+ } |
388 |
+ |
389 |
+ int __inet_hash_connect(struct inet_timewait_death_row *death_row, |
390 |
+- struct sock *sk, u32 port_offset, |
391 |
++ struct sock *sk, u64 port_offset, |
392 |
+ int (*check_established)(struct inet_timewait_death_row *, |
393 |
+ struct sock *, __u16, |
394 |
+ struct inet_timewait_sock **)); |
395 |
+diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h |
396 |
+index 9b5e7634713e4..1bbedb75de711 100644 |
397 |
+--- a/include/net/netfilter/nf_conntrack_core.h |
398 |
++++ b/include/net/netfilter/nf_conntrack_core.h |
399 |
+@@ -67,8 +67,13 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb) |
400 |
+ int ret = NF_ACCEPT; |
401 |
+ |
402 |
+ if (ct) { |
403 |
+- if (!nf_ct_is_confirmed(ct)) |
404 |
++ if (!nf_ct_is_confirmed(ct)) { |
405 |
+ ret = __nf_conntrack_confirm(skb); |
406 |
++ |
407 |
++ if (ret == NF_ACCEPT) |
408 |
++ ct = (struct nf_conn *)skb_nfct(skb); |
409 |
++ } |
410 |
++ |
411 |
+ if (likely(ret == NF_ACCEPT)) |
412 |
+ nf_ct_deliver_cached_events(ct); |
413 |
+ } |
414 |
+diff --git a/include/net/secure_seq.h b/include/net/secure_seq.h |
415 |
+index d7d2495f83c27..dac91aa38c5af 100644 |
416 |
+--- a/include/net/secure_seq.h |
417 |
++++ b/include/net/secure_seq.h |
418 |
+@@ -4,8 +4,8 @@ |
419 |
+ |
420 |
+ #include <linux/types.h> |
421 |
+ |
422 |
+-u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport); |
423 |
+-u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, |
424 |
++u64 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport); |
425 |
++u64 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, |
426 |
+ __be16 dport); |
427 |
+ u32 secure_tcp_seq(__be32 saddr, __be32 daddr, |
428 |
+ __be16 sport, __be16 dport); |
429 |
+diff --git a/lib/assoc_array.c b/lib/assoc_array.c |
430 |
+index 9463d3445ccd8..b40edebd5123a 100644 |
431 |
+--- a/lib/assoc_array.c |
432 |
++++ b/lib/assoc_array.c |
433 |
+@@ -1478,6 +1478,7 @@ int assoc_array_gc(struct assoc_array *array, |
434 |
+ struct assoc_array_ptr *cursor, *ptr; |
435 |
+ struct assoc_array_ptr *new_root, *new_parent, **new_ptr_pp; |
436 |
+ unsigned long nr_leaves_on_tree; |
437 |
++ bool retained; |
438 |
+ int keylen, slot, nr_free, next_slot, i; |
439 |
+ |
440 |
+ pr_devel("-->%s()\n", __func__); |
441 |
+@@ -1554,6 +1555,7 @@ continue_node: |
442 |
+ goto descend; |
443 |
+ } |
444 |
+ |
445 |
++retry_compress: |
446 |
+ pr_devel("-- compress node %p --\n", new_n); |
447 |
+ |
448 |
+ /* Count up the number of empty slots in this node and work out the |
449 |
+@@ -1571,6 +1573,7 @@ continue_node: |
450 |
+ pr_devel("free=%d, leaves=%lu\n", nr_free, new_n->nr_leaves_on_branch); |
451 |
+ |
452 |
+ /* See what we can fold in */ |
453 |
++ retained = false; |
454 |
+ next_slot = 0; |
455 |
+ for (slot = 0; slot < ASSOC_ARRAY_FAN_OUT; slot++) { |
456 |
+ struct assoc_array_shortcut *s; |
457 |
+@@ -1620,9 +1623,14 @@ continue_node: |
458 |
+ pr_devel("[%d] retain node %lu/%d [nx %d]\n", |
459 |
+ slot, child->nr_leaves_on_branch, nr_free + 1, |
460 |
+ next_slot); |
461 |
++ retained = true; |
462 |
+ } |
463 |
+ } |
464 |
+ |
465 |
++ if (retained && new_n->nr_leaves_on_branch <= ASSOC_ARRAY_FAN_OUT) { |
466 |
++ pr_devel("internal nodes remain despite enough space, retrying\n"); |
467 |
++ goto retry_compress; |
468 |
++ } |
469 |
+ pr_devel("after: %lu\n", new_n->nr_leaves_on_branch); |
470 |
+ |
471 |
+ nr_leaves_on_tree = new_n->nr_leaves_on_branch; |
472 |
+diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c |
473 |
+index 6cdb49ae00010..fd706edd66ff9 100644 |
474 |
+--- a/mm/zsmalloc.c |
475 |
++++ b/mm/zsmalloc.c |
476 |
+@@ -952,11 +952,40 @@ static void reset_page(struct page *page) |
477 |
+ */ |
478 |
+ void lock_zspage(struct zspage *zspage) |
479 |
+ { |
480 |
+- struct page *page = get_first_page(zspage); |
481 |
++ struct page *curr_page, *page; |
482 |
+ |
483 |
+- do { |
484 |
+- lock_page(page); |
485 |
+- } while ((page = get_next_page(page)) != NULL); |
486 |
++ /* |
487 |
++ * Pages we haven't locked yet can be migrated off the list while we're |
488 |
++ * trying to lock them, so we need to be careful and only attempt to |
489 |
++ * lock each page under migrate_read_lock(). Otherwise, the page we lock |
490 |
++ * may no longer belong to the zspage. This means that we may wait for |
491 |
++ * the wrong page to unlock, so we must take a reference to the page |
492 |
++ * prior to waiting for it to unlock outside migrate_read_lock(). |
493 |
++ */ |
494 |
++ while (1) { |
495 |
++ migrate_read_lock(zspage); |
496 |
++ page = get_first_page(zspage); |
497 |
++ if (trylock_page(page)) |
498 |
++ break; |
499 |
++ get_page(page); |
500 |
++ migrate_read_unlock(zspage); |
501 |
++ wait_on_page_locked(page); |
502 |
++ put_page(page); |
503 |
++ } |
504 |
++ |
505 |
++ curr_page = page; |
506 |
++ while ((page = get_next_page(curr_page))) { |
507 |
++ if (trylock_page(page)) { |
508 |
++ curr_page = page; |
509 |
++ } else { |
510 |
++ get_page(page); |
511 |
++ migrate_read_unlock(zspage); |
512 |
++ wait_on_page_locked(page); |
513 |
++ put_page(page); |
514 |
++ migrate_read_lock(zspage); |
515 |
++ } |
516 |
++ } |
517 |
++ migrate_read_unlock(zspage); |
518 |
+ } |
519 |
+ |
520 |
+ int trylock_zspage(struct zspage *zspage) |
521 |
+diff --git a/net/core/filter.c b/net/core/filter.c |
522 |
+index 9b934767a1d86..afe27343051fd 100644 |
523 |
+--- a/net/core/filter.c |
524 |
++++ b/net/core/filter.c |
525 |
+@@ -1443,7 +1443,7 @@ BPF_CALL_5(bpf_skb_store_bytes, struct sk_buff *, skb, u32, offset, |
526 |
+ |
527 |
+ if (unlikely(flags & ~(BPF_F_RECOMPUTE_CSUM | BPF_F_INVALIDATE_HASH))) |
528 |
+ return -EINVAL; |
529 |
+- if (unlikely(offset > 0xffff)) |
530 |
++ if (unlikely(offset > INT_MAX)) |
531 |
+ return -EFAULT; |
532 |
+ if (unlikely(bpf_try_make_writable(skb, offset + len))) |
533 |
+ return -EFAULT; |
534 |
+@@ -1478,7 +1478,7 @@ BPF_CALL_4(bpf_skb_load_bytes, const struct sk_buff *, skb, u32, offset, |
535 |
+ { |
536 |
+ void *ptr; |
537 |
+ |
538 |
+- if (unlikely(offset > 0xffff)) |
539 |
++ if (unlikely(offset > INT_MAX)) |
540 |
+ goto err_clear; |
541 |
+ |
542 |
+ ptr = skb_header_pointer(skb, offset, len, to); |
543 |
+diff --git a/net/core/secure_seq.c b/net/core/secure_seq.c |
544 |
+index 17683aea8a355..4aaae92209087 100644 |
545 |
+--- a/net/core/secure_seq.c |
546 |
++++ b/net/core/secure_seq.c |
547 |
+@@ -96,7 +96,7 @@ u32 secure_tcpv6_seq(const __be32 *saddr, const __be32 *daddr, |
548 |
+ } |
549 |
+ EXPORT_SYMBOL(secure_tcpv6_seq); |
550 |
+ |
551 |
+-u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, |
552 |
++u64 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, |
553 |
+ __be16 dport) |
554 |
+ { |
555 |
+ const struct { |
556 |
+@@ -145,7 +145,7 @@ u32 secure_tcp_seq(__be32 saddr, __be32 daddr, |
557 |
+ return seq_scale(hash); |
558 |
+ } |
559 |
+ |
560 |
+-u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport) |
561 |
++u64 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport) |
562 |
+ { |
563 |
+ net_secret_init(); |
564 |
+ return siphash_4u32((__force u32)saddr, (__force u32)daddr, |
565 |
+diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c |
566 |
+index 1346e45cf8d13..1ebad5a024a7d 100644 |
567 |
+--- a/net/ipv4/inet_hashtables.c |
568 |
++++ b/net/ipv4/inet_hashtables.c |
569 |
+@@ -389,7 +389,7 @@ not_unique: |
570 |
+ return -EADDRNOTAVAIL; |
571 |
+ } |
572 |
+ |
573 |
+-static u32 inet_sk_port_offset(const struct sock *sk) |
574 |
++static u64 inet_sk_port_offset(const struct sock *sk) |
575 |
+ { |
576 |
+ const struct inet_sock *inet = inet_sk(sk); |
577 |
+ |
578 |
+@@ -587,8 +587,19 @@ void inet_unhash(struct sock *sk) |
579 |
+ } |
580 |
+ EXPORT_SYMBOL_GPL(inet_unhash); |
581 |
+ |
582 |
++/* RFC 6056 3.3.4. Algorithm 4: Double-Hash Port Selection Algorithm |
583 |
++ * Note that we use 32bit integers (vs RFC 'short integers') |
584 |
++ * because 2^16 is not a multiple of num_ephemeral and this |
585 |
++ * property might be used by clever attacker. |
586 |
++ * RFC claims using TABLE_LENGTH=10 buckets gives an improvement, |
587 |
++ * we use 256 instead to really give more isolation and |
588 |
++ * privacy, this only consumes 1 KB of kernel memory. |
589 |
++ */ |
590 |
++#define INET_TABLE_PERTURB_SHIFT 8 |
591 |
++static u32 table_perturb[1 << INET_TABLE_PERTURB_SHIFT]; |
592 |
++ |
593 |
+ int __inet_hash_connect(struct inet_timewait_death_row *death_row, |
594 |
+- struct sock *sk, u32 port_offset, |
595 |
++ struct sock *sk, u64 port_offset, |
596 |
+ int (*check_established)(struct inet_timewait_death_row *, |
597 |
+ struct sock *, __u16, struct inet_timewait_sock **)) |
598 |
+ { |
599 |
+@@ -600,7 +611,7 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row, |
600 |
+ struct inet_bind_bucket *tb; |
601 |
+ u32 remaining, offset; |
602 |
+ int ret, i, low, high; |
603 |
+- static u32 hint; |
604 |
++ u32 index; |
605 |
+ |
606 |
+ if (port) { |
607 |
+ head = &hinfo->bhash[inet_bhashfn(net, port, |
608 |
+@@ -625,7 +636,12 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row, |
609 |
+ if (likely(remaining > 1)) |
610 |
+ remaining &= ~1U; |
611 |
+ |
612 |
+- offset = (hint + port_offset) % remaining; |
613 |
++ net_get_random_once(table_perturb, sizeof(table_perturb)); |
614 |
++ index = hash_32(port_offset, INET_TABLE_PERTURB_SHIFT); |
615 |
++ |
616 |
++ offset = READ_ONCE(table_perturb[index]) + port_offset; |
617 |
++ offset %= remaining; |
618 |
++ |
619 |
+ /* In first pass we try ports of @low parity. |
620 |
+ * inet_csk_get_port() does the opposite choice. |
621 |
+ */ |
622 |
+@@ -678,7 +694,7 @@ next_port: |
623 |
+ return -EADDRNOTAVAIL; |
624 |
+ |
625 |
+ ok: |
626 |
+- hint += i + 2; |
627 |
++ WRITE_ONCE(table_perturb[index], READ_ONCE(table_perturb[index]) + i + 2); |
628 |
+ |
629 |
+ /* Head lock still held and bh's disabled */ |
630 |
+ inet_bind_hash(sk, tb, port); |
631 |
+@@ -701,7 +717,7 @@ ok: |
632 |
+ int inet_hash_connect(struct inet_timewait_death_row *death_row, |
633 |
+ struct sock *sk) |
634 |
+ { |
635 |
+- u32 port_offset = 0; |
636 |
++ u64 port_offset = 0; |
637 |
+ |
638 |
+ if (!inet_sk(sk)->inet_num) |
639 |
+ port_offset = inet_sk_port_offset(sk); |
640 |
+diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c |
641 |
+index 24a21979d7dff..7d83ab627b090 100644 |
642 |
+--- a/net/ipv6/inet6_hashtables.c |
643 |
++++ b/net/ipv6/inet6_hashtables.c |
644 |
+@@ -248,7 +248,7 @@ not_unique: |
645 |
+ return -EADDRNOTAVAIL; |
646 |
+ } |
647 |
+ |
648 |
+-static u32 inet6_sk_port_offset(const struct sock *sk) |
649 |
++static u64 inet6_sk_port_offset(const struct sock *sk) |
650 |
+ { |
651 |
+ const struct inet_sock *inet = inet_sk(sk); |
652 |
+ |
653 |
+@@ -260,7 +260,7 @@ static u32 inet6_sk_port_offset(const struct sock *sk) |
654 |
+ int inet6_hash_connect(struct inet_timewait_death_row *death_row, |
655 |
+ struct sock *sk) |
656 |
+ { |
657 |
+- u32 port_offset = 0; |
658 |
++ u64 port_offset = 0; |
659 |
+ |
660 |
+ if (!inet_sk(sk)->inet_num) |
661 |
+ port_offset = inet6_sk_port_offset(sk); |
662 |
+diff --git a/net/key/af_key.c b/net/key/af_key.c |
663 |
+index 3d5a460801699..990de0702b799 100644 |
664 |
+--- a/net/key/af_key.c |
665 |
++++ b/net/key/af_key.c |
666 |
+@@ -2908,7 +2908,7 @@ static int count_ah_combs(const struct xfrm_tmpl *t) |
667 |
+ break; |
668 |
+ if (!aalg->pfkey_supported) |
669 |
+ continue; |
670 |
+- if (aalg_tmpl_set(t, aalg)) |
671 |
++ if (aalg_tmpl_set(t, aalg) && aalg->available) |
672 |
+ sz += sizeof(struct sadb_comb); |
673 |
+ } |
674 |
+ return sz + sizeof(struct sadb_prop); |
675 |
+@@ -2926,7 +2926,7 @@ static int count_esp_combs(const struct xfrm_tmpl *t) |
676 |
+ if (!ealg->pfkey_supported) |
677 |
+ continue; |
678 |
+ |
679 |
+- if (!(ealg_tmpl_set(t, ealg))) |
680 |
++ if (!(ealg_tmpl_set(t, ealg) && ealg->available)) |
681 |
+ continue; |
682 |
+ |
683 |
+ for (k = 1; ; k++) { |
684 |
+@@ -2937,7 +2937,7 @@ static int count_esp_combs(const struct xfrm_tmpl *t) |
685 |
+ if (!aalg->pfkey_supported) |
686 |
+ continue; |
687 |
+ |
688 |
+- if (aalg_tmpl_set(t, aalg)) |
689 |
++ if (aalg_tmpl_set(t, aalg) && aalg->available) |
690 |
+ sz += sizeof(struct sadb_comb); |
691 |
+ } |
692 |
+ } |