- Kernel - mailweb.openeuler.org

[PATCH V1 OLK-5.10 00/24] Introduce some vdpa ops to support vdpa device hotmigrate
by Jiang Dongxu 10 Oct '23

10 Oct '23

From: jiangdongxu1 <jiangdongxu1(a)huawei.com> Patch 1-15: some bugfix and ops intruduced by upstream Patch 16-17: introduce vdpa device logging ops Patch 18: get_backend_feature ops intruduced by upstream Patch 19-20: introduce vdpa device state ops Patch 21-22: introduce vdpa migrate state ops Patch 23: introduce new VHOST feature BYTEMAPLOG Patch 24: introduce vmstate header file used for vender vdpa driver jiangdongxu1 (24): vhost-vdpa: fix an iotlb memory leak vhost_vdpa: fix the crash in unmap a large memory vdpa: Add resume operation vhost-vdpa: Introduce RESUME backend feature bit vhost-vdpa: uAPI to resume the device vhost-vdpa: free iommu domain after last use during cleanup vhost-vdpa: vhost_vdpa_alloc_domain() should be using a const struct bus_type * vdpa: add bind_mm/unbind_mm callbacks vhost-vdpa: use bind_mm/unbind_mm device callbacks vhost_vdpa: fix unmap process in no-batch mode vhost_vdpa: tell vqs about the negotiated vhost_vdpa: support PACKED when setting-getting vring_base PCI/IOV: Add pci_iov_vf_id() to get VF index virtio: update virtio id table, add transitional ids virtio: fix virtio transitional ids vdpa: add log operations vhost-vdpa: add uAPI for logging vdpa: add get_backend_features vdpa operation vdpa: add device state operations vhost-vdpa: add uAPI for device buffer vdpa: add vdpa device migration status ops vhost-vdpa: add uAPI for device migration status vhost: add VHOST feature VHOST_BACKEND_F_BYTEMAPLOG vdpa: add vmstate struct definition drivers/pci/iov.c | 14 ++ drivers/vhost/vdpa.c | 316 +++++++++++++++++++++++++++---- include/linux/pci.h | 8 +- include/linux/vdpa.h | 60 +++++- include/linux/vdpa_vmstate.h | 162 ++++++++++++++++ include/uapi/linux/vhost.h | 20 ++ include/uapi/linux/vhost_types.h | 21 ++ include/uapi/linux/virtio_ids.h | 12 ++ 8 files changed, 577 insertions(+), 36 deletions(-) create mode 100644 include/linux/vdpa_vmstate.h -- 2.33.0

2 25

[PATCH OLK-5.10] ipv4: fix null-deref in ipv4_link_failure
by Lu Wei 10 Oct '23

10 Oct '23

From: Kyle Zeng <zengyhkyle(a)gmail.com> mainline inclusion from mainline-v6.6-rc3 commit 0113d9c9d1ccc07f5a3710dac4aa24b6d711278c category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I85DZB CVE: CVE-2023-42754 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Currently, we assume the skb is associated with a device before calling __ip_options_compile, which is not always the case if it is re-routed by ipvs. When skb->dev is NULL, dev_net(skb->dev) will become null-dereference. This patch adds a check for the edge case and switch to use the net_device from the rtable when skb->dev is NULL. Fixes: ed0de45a1008 ("ipv4: recompile ip options in ipv4_link_failure") Suggested-by: David Ahern <dsahern(a)kernel.org> Signed-off-by: Kyle Zeng <zengyhkyle(a)gmail.com> Cc: Stephen Suryaputra <ssuryaextr(a)gmail.com> Cc: Vadim Fedorenko <vfedorenko(a)novek.ru> Reviewed-by: David Ahern <dsahern(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Lu Wei <luwei32(a)huawei.com> --- net/ipv4/route.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 216f76b548ff..f85eaf566b9b 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1240,6 +1240,7 @@ static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie) static void ipv4_send_dest_unreach(struct sk_buff *skb) { + struct net_device *dev; struct ip_options opt; int res; @@ -1257,7 +1258,8 @@ static void ipv4_send_dest_unreach(struct sk_buff *skb) opt.optlen = ip_hdr(skb)->ihl * 4 - sizeof(struct iphdr); rcu_read_lock(); - res = __ip_options_compile(dev_net(skb->dev), &opt, skb, NULL); + dev = skb->dev ? skb->dev : skb_rtable(skb)->dst.dev; + res = __ip_options_compile(dev_net(dev), &opt, skb, NULL); rcu_read_unlock(); if (res) -- 2.34.1

2 1

[PATCH OLK-5.10 01/24] vhost-vdpa: fix an iotlb memory leak
by Jiang Dongxu 09 Oct '23

09 Oct '23

From: jiangdongxu1 <jiangdongxu1(a)huawei.com> mainline inclusion from v6.2-rc3 commit c070c1912a83432530cbb4271d5b9b11fa36b67a category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I86ITO Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Before commit 3d5698793897 ("vhost-vdpa: introduce asid based IOTLB") we called vhost_vdpa_iotlb_unmap(v, iotlb, 0ULL, 0ULL - 1) during release to free all the resources allocated when processing user IOTLB messages through vhost_vdpa_process_iotlb_update(). That commit changed the handling of IOTLB a bit, and we accidentally removed some code called during the release. We partially fixed this with commit 037d4305569a ("vhost-vdpa: call vhost_vdpa_cleanup during the release") but a potential memory leak is still there as showed by kmemleak if the application does not send VHOST_IOTLB_INVALIDATE or crashes: unreferenced object 0xffff888007fbaa30 (size 16): comm "blkio-bench", pid 914, jiffies 4294993521 (age 885.500s) hex dump (first 16 bytes): 40 73 41 07 80 88 ff ff 00 00 00 00 00 00 00 00 @sA............. backtrace: [<0000000087736d2a>] kmem_cache_alloc_trace+0x142/0x1c0 [<0000000060740f50>] vhost_vdpa_process_iotlb_msg+0x68c/0x901 [vhost_vdpa] [<0000000083e8e205>] vhost_chr_write_iter+0xc0/0x4a0 [vhost] [<000000008f2f414a>] vhost_vdpa_chr_write_iter+0x18/0x20 [vhost_vdpa] [<00000000de1cd4a0>] vfs_write+0x216/0x4b0 [<00000000a2850200>] ksys_write+0x71/0xf0 [<00000000de8e720b>] __x64_sys_write+0x19/0x20 [<0000000018b12cbb>] do_syscall_64+0x3f/0x90 [<00000000986ec465>] entry_SYSCALL_64_after_hwframe+0x63/0xcd Let's fix this calling vhost_vdpa_iotlb_unmap() on the whole range in vhost_vdpa_remove_as(). We move that call before vhost_dev_cleanup() since we need a valid v->vdev.mm in vhost_vdpa_pa_unmap(). vhost_iotlb_reset() call can be removed, since vhost_vdpa_iotlb_unmap() on the whole range removes all the entries. The kmemleak log reported was observed with a vDPA device that has `use_va` set to true (e.g. VDUSE). This patch has been tested with both types of devices. Fixes: 037d4305569a ("vhost-vdpa: call vhost_vdpa_cleanup during the release") Fixes: 3d5698793897 ("vhost-vdpa: introduce asid based IOTLB") Signed-off-by: Stefano Garzarella <sgarzare(a)redhat.com> Message-Id: <20221109154213.146789-1-sgarzare(a)redhat.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> Acked-by: Jason Wang <jasowang(a)redhat.com> Signed-off-by: jiangdongxu1 <jiangdongxu1(a)huawei.com> --- drivers/vhost/vdpa.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c index ebafc05d2b74..eee3189985b9 100644 --- a/drivers/vhost/vdpa.c +++ b/drivers/vhost/vdpa.c @@ -65,6 +65,10 @@ static DEFINE_IDA(vhost_vdpa_ida); static dev_t vhost_vdpa_major; +static void vhost_vdpa_iotlb_unmap(struct vhost_vdpa *v, + struct vhost_iotlb *iotlb, + u64 start, u64 last); + static inline u32 iotlb_to_asid(struct vhost_iotlb *iotlb) { struct vhost_vdpa_as *as = container_of(iotlb, struct @@ -135,7 +139,7 @@ static int vhost_vdpa_remove_as(struct vhost_vdpa *v, u32 asid) return -EINVAL; hlist_del(&as->hash_link); - vhost_iotlb_reset(&as->iotlb); + vhost_vdpa_iotlb_unmap(v, &as->iotlb, 0ULL, 0ULL - 1); kfree(as); return 0; @@ -1166,14 +1170,14 @@ static void vhost_vdpa_cleanup(struct vhost_vdpa *v) struct vhost_vdpa_as *as; u32 asid; - vhost_dev_cleanup(&v->vdev); - kfree(v->vdev.vqs); - for (asid = 0; asid < v->vdpa->nas; asid++) { as = asid_to_as(v, asid); if (as) vhost_vdpa_remove_as(v, asid); } + + vhost_dev_cleanup(&v->vdev); + kfree(v->vdev.vqs); } static int vhost_vdpa_open(struct inode *inode, struct file *filep) -- 2.33.0

2 24

[PATCH 00/24] Introduce vdpa ops to support vdpa device hotmigrate
by Jiang Dongxu 09 Oct '23

09 Oct '23

From: jiangdongxu1 <jiangdongxu1(a)huawei.com> Patch 1-15: some bugfix and ops intruduced by upstream Patch 16-17: introduce vdpa device logging ops Patch 18: get_backend_feature ops intruduced by upstream Patch 19-20: introduce vdpa device state ops Patch 21-22: introduce vdpa migrate state ops Patch 23: introduce new VHOST feature BYTEMAPLOG Patch 24: introduce vmstate header file used for vender vdpa driver jiangdongxu1 (24): vhost-vdpa: fix an iotlb memory leak vhost_vdpa: fix the crash in unmap a large memory vdpa: Add resume operation vhost-vdpa: Introduce RESUME backend feature bit vhost-vdpa: uAPI to resume the device vhost-vdpa: free iommu domain after last use during cleanup vhost-vdpa: vhost_vdpa_alloc_domain() should be using a const struct bus_type * vdpa: add bind_mm/unbind_mm callbacks vhost-vdpa: use bind_mm/unbind_mm device callbacks vhost_vdpa: fix unmap process in no-batch mode vhost_vdpa: tell vqs about the negotiated vhost_vdpa: support PACKED when setting-getting vring_base PCI/IOV: Add pci_iov_vf_id() to get VF index virtio: update virtio id table, add transitional ids virtio: fix virtio transitional ids vdpa: add log operations vhost-vdpa: add uAPI for logging vdpa: add get_backend_features vdpa operation vdpa: add device state operations vhost-vdpa: add uAPI for device buffer vdpa: add vdpa device migration status ops vhost-vdpa: add uAPI for device migration status vhost: add VHOST feature VHOST_BACKEND_F_BYTEMAPLOG vdpa: add vmstate struct definition drivers/pci/iov.c | 14 ++ drivers/vhost/vdpa.c | 316 +++++++++++++++++++++++++++---- include/linux/pci.h | 8 +- include/linux/vdpa.h | 60 +++++- include/linux/vdpa_vmstate.h | 162 ++++++++++++++++ include/uapi/linux/vhost.h | 20 ++ include/uapi/linux/vhost_types.h | 21 ++ include/uapi/linux/virtio_ids.h | 12 ++ 8 files changed, 577 insertions(+), 36 deletions(-) create mode 100644 include/linux/vdpa_vmstate.h -- 2.33.0

1 0

[PATCH v2 OLK-5.10 00/19] Introduce PBHA and PBHA bit0 to control the usage of HBM Cache precisely
by Wupeng Ma 09 Oct '23

09 Oct '23

From: Ma Wupeng <mawupeng1(a)huawei.com> Patch 1: move FDT init out of kaslr_early_init for future use. Patch 2 to 8: enable feature PBHA for arm64. Patch 9-18: Control the usage of HBM cache for kernel and task precisely. Patch 19: Enable feature PBHA for arm64 by default. Changelog since v1: - fix kabi broken due to include files James Morse (7): KVM: arm64: Detect and enable PBHA for stage2 dt-bindings: Rename the description of cpu nodes cpu.yaml dt-bindings: arm: Add binding for Page Based Hardware Attributes arm64: cpufeature: Enable PBHA bits for stage1 arm64: mm: Add pgprot_pbha() to allow drivers to request PBHA values KVM: arm64: Configure PBHA bits for stage2 Documentation: arm64: Describe the support and expectations for PBHA Ma Wupeng (11): arm64: cpufeature: Enable PBHA for stage1 early via FDT arm64: mm: Detect and enable PBHA bit0 at early startup arm64: mm: Update kernel pte entries if pbha bit0 enabled arm64: mm: Show PBHA bit 59 as PBHA0 in ptdump arm64: mm: Introduce VM_PBHA_BIT0 to enable pbha bit0 for single vma arm64: mm: Set PBHA0 bit for VM_PBHA_BIT0 arm64: mm: Introduce sysfs interface to bypass whole task arm64: mm: Set flag VM_PBHA_BIT0 for global init task arm64: mm: Introduce prctl to control pbha behavior arm64: mm: Introduce kernel param pbha openeuler: configs: arm64: Enable PBHA by default Marc Zyngier (1): arm64: Extract early FDT mapping from kaslr_early_init() .../admin-guide/kernel-parameters.txt | 8 + Documentation/arm64/index.rst | 1 + Documentation/arm64/pbha.rst | 85 +++ .../devicetree/bindings/arm/cpu.yaml | 537 ++++++++++++++++ .../devicetree/bindings/arm/cpus.yaml | 584 +++--------------- arch/arm64/Kconfig | 20 + arch/arm64/configs/openeuler_defconfig | 1 + arch/arm64/include/asm/cpucaps.h | 3 + arch/arm64/include/asm/cpufeature.h | 15 + arch/arm64/include/asm/kvm_arm.h | 1 + arch/arm64/include/asm/kvm_pgtable.h | 9 + arch/arm64/include/asm/mman.h | 10 + arch/arm64/include/asm/pgtable-hwdef.h | 6 + arch/arm64/include/asm/pgtable.h | 26 + arch/arm64/include/asm/setup.h | 3 + arch/arm64/include/uapi/asm/mman.h | 1 + arch/arm64/kernel/cpufeature.c | 258 ++++++++ arch/arm64/kernel/head.S | 6 +- arch/arm64/kernel/image-vars.h | 3 + arch/arm64/kernel/kaslr.c | 7 +- arch/arm64/kernel/setup.c | 15 + arch/arm64/kvm/reset.c | 15 +- arch/arm64/mm/hugetlbpage.c | 2 + arch/arm64/mm/mmu.c | 14 +- arch/arm64/mm/ptdump.c | 5 + .../firmware/efi/libstub/efi-stub-helper.c | 3 + drivers/firmware/efi/libstub/fdt.c | 57 ++ drivers/soc/hisilicon/Makefile | 1 + drivers/soc/hisilicon/pbha.c | 204 ++++++ fs/proc/base.c | 103 +++ fs/proc/task_mmu.c | 3 + include/linux/mm.h | 8 +- include/linux/pbha.h | 66 ++ include/uapi/asm-generic/mman-common.h | 1 + include/uapi/linux/prctl.h | 2 + kernel/sys.c | 10 + mm/memory.c | 4 + mm/vmalloc.c | 5 + 38 files changed, 1579 insertions(+), 523 deletions(-) create mode 100644 Documentation/arm64/pbha.rst create mode 100644 Documentation/devicetree/bindings/arm/cpu.yaml create mode 100644 drivers/soc/hisilicon/pbha.c create mode 100644 include/linux/pbha.h -- 2.25.1

2 20

[PATCH OLK-5.10 01/19] Revert "netfilter: nf_tables: unbind non-anonymous set if rule construction fails"
by Lu Wei 09 Oct '23

09 Oct '23

Offering: HULK hulk inclusion category: bugfix bugzilla: NA ------------------------------- This reverts commit dbc47736365771e25f6c831a57d4ff384ba983ef. Backport the dependency patch and then re-backport this patch. Signed-off-by: Lu Wei <luwei32(a)huawei.com> --- net/netfilter/nf_tables_api.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index bbe6e7023683..40fbf2d78427 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -4564,8 +4564,6 @@ void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set, nft_set_trans_unbind(ctx, set); if (nft_set_is_anonymous(set)) nft_deactivate_next(ctx->net, set); - else - list_del_rcu(&binding->list); set->use--; break; -- 2.34.1

2 19

[PATCH v2 OLK-5.10 00/19] Introduce PBHA and PBHA bit0 to control the usage of HBM Cache precisely
by Wupeng Ma 09 Oct '23

09 Oct '23

From: Ma Wupeng <mawupeng1(a)huawei.com> Patch 1: move FDT init out of kaslr_early_init for future use. Patch 2 to 8: enable feature PBHA for arm64. Patch 9-18: Control the usage of HBM cache for kernel and task precisely. Patch 19: Enable feature PBHA for arm64 by default. Changelog since v1: - fix kabi broken due to include files James Morse (7): KVM: arm64: Detect and enable PBHA for stage2 dt-bindings: Rename the description of cpu nodes cpu.yaml dt-bindings: arm: Add binding for Page Based Hardware Attributes arm64: cpufeature: Enable PBHA bits for stage1 arm64: mm: Add pgprot_pbha() to allow drivers to request PBHA values KVM: arm64: Configure PBHA bits for stage2 Documentation: arm64: Describe the support and expectations for PBHA Ma Wupeng (11): arm64: cpufeature: Enable PBHA for stage1 early via FDT arm64: mm: Detect and enable PBHA bit0 at early startup arm64: mm: Update kernel pte entries if pbha bit0 enabled arm64: mm: Show PBHA bit 59 as PBHA0 in ptdump arm64: mm: Introduce VM_PBHA_BIT0 to enable pbha bit0 for single vma arm64: mm: Set PBHA0 bit for VM_PBHA_BIT0 arm64: mm: Introduce sysfs interface to bypass whole task arm64: mm: Set flag VM_PBHA_BIT0 for global init task arm64: mm: Introduce prctl to control pbha behavior arm64: mm: Introduce kernel param pbha openeuler: configs: arm64: Enable PBHA by default Marc Zyngier (1): arm64: Extract early FDT mapping from kaslr_early_init() .../admin-guide/kernel-parameters.txt | 8 + Documentation/arm64/index.rst | 1 + Documentation/arm64/pbha.rst | 85 +++ .../devicetree/bindings/arm/cpu.yaml | 537 ++++++++++++++++ .../devicetree/bindings/arm/cpus.yaml | 584 +++--------------- arch/arm64/Kconfig | 20 + arch/arm64/configs/openeuler_defconfig | 1 + arch/arm64/include/asm/cpucaps.h | 3 + arch/arm64/include/asm/cpufeature.h | 15 + arch/arm64/include/asm/kvm_arm.h | 1 + arch/arm64/include/asm/kvm_pgtable.h | 9 + arch/arm64/include/asm/mman.h | 10 + arch/arm64/include/asm/pgtable-hwdef.h | 6 + arch/arm64/include/asm/pgtable.h | 26 + arch/arm64/include/asm/setup.h | 3 + arch/arm64/include/uapi/asm/mman.h | 1 + arch/arm64/kernel/cpufeature.c | 258 ++++++++ arch/arm64/kernel/head.S | 6 +- arch/arm64/kernel/image-vars.h | 3 + arch/arm64/kernel/kaslr.c | 7 +- arch/arm64/kernel/setup.c | 15 + arch/arm64/kvm/reset.c | 15 +- arch/arm64/mm/hugetlbpage.c | 2 + arch/arm64/mm/mmu.c | 14 +- arch/arm64/mm/ptdump.c | 5 + .../firmware/efi/libstub/efi-stub-helper.c | 3 + drivers/firmware/efi/libstub/fdt.c | 57 ++ drivers/soc/hisilicon/Makefile | 1 + drivers/soc/hisilicon/pbha.c | 204 ++++++ fs/proc/base.c | 103 +++ fs/proc/task_mmu.c | 3 + include/linux/mm.h | 8 +- include/linux/pbha.h | 66 ++ include/uapi/asm-generic/mman-common.h | 1 + include/uapi/linux/prctl.h | 2 + kernel/sys.c | 10 + mm/memory.c | 4 + mm/vmalloc.c | 5 + 38 files changed, 1579 insertions(+), 523 deletions(-) create mode 100644 Documentation/arm64/pbha.rst create mode 100644 Documentation/devicetree/bindings/arm/cpu.yaml create mode 100644 drivers/soc/hisilicon/pbha.c create mode 100644 include/linux/pbha.h -- 2.25.1

1 19

[PATCH OLK-5.10 00/10] scsi: mpt3sas: Driver patch set for
by Hao Zhang 09 Oct '23

09 Oct '23

Get patch set from upstream 5.10 LTS stable branch Matt Lupfer (1): scsi: mpt3sas: Page fault in reply q processing Ranjan Kumar (1): scsi: mpt3sas: Perform additional retries if doorbell read returns 0 Sreekanth Reddy (4): scsi: mpt3sas: Fix use-after-free warning scsi: mpt3sas: Don't change DMA mask while reallocating pools scsi: mpt3sas: re-do lost mpt3sas DMA mask fix scsi: mpt3sas: Remove usage of dma_get_required_mask() API Suganath Prabu S (1): scsi: mpt3sas: Force PCIe scatterlist allocations to be within same 4 GB region Tomas Henzl (1): scsi: mpt3sas: Fix a memory leak Wenchao Hao (1): scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() Yang Yingliang (1): scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() drivers/scsi/mpt3sas/mpt3sas_base.c | 227 ++++++++++++++++------- drivers/scsi/mpt3sas/mpt3sas_base.h | 2 + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- drivers/scsi/mpt3sas/mpt3sas_transport.c | 16 +- 4 files changed, 178 insertions(+), 69 deletions(-) -- 2.33.0

1 10

[PATCH openEuler-1.0-LTS] scsi: hisi_sas: Handle the NCQ error returned by D2H frame
by Xingui Yang 09 Oct '23

09 Oct '23

driver inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I86GWG CVE: NA ----------------------------------------------------------------------- We find that some disks use D2H frame instead of SDB frame to return NCQ error. Currently, only the I/O corresponding to the D2H frame is processed in this scenario, which does not meet the processing requirements of the NCQ error scenario. So we set dev_status to HISI_SAS_DEV_NCQ_ERR and abort all I/Os of the disk in this scenario. Signed-off-by: Xingui Yang <yangxingui(a)huawei.com> Reviewed-by: Xiang Chen <chenxiang66(a)hisilicon.com> --- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c b/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c index f79060fca..79010d02a 100644 --- a/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c +++ b/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c @@ -2341,7 +2341,15 @@ slot_err_v3_hw(struct hisi_hba *hisi_hba, struct sas_task *task, case SAS_PROTOCOL_SATA | SAS_PROTOCOL_STP: if ((dw0 & CMPLT_HDR_RSPNS_XFRD_MSK) && (sipc_rx_err_type & RX_FIS_STATUS_ERR_MSK)) { - ts->stat = SAS_PROTO_RESPONSE; + if (task->ata_task.use_ncq) { + struct domain_device *device = task->dev; + struct hisi_sas_device *sas_dev = + device->lldd_dev; + sas_dev->dev_status = HISI_SAS_DEV_NCQ_ERR; + slot->abort = 1; + } else { + ts->stat = SAS_PROTO_RESPONSE; + } } else if ((dw3 & CMPLT_HDR_IO_IN_TARGET_MSK) || (dw3 & SATA_DISK_IN_ERROR_STATUS)) { ts->stat = SAS_PHY_DOWN; -- 2.17.1

2 1

[PATCH OLK-5.10] netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
by Lu Wei 09 Oct '23

09 Oct '23

From: Kyle Zeng <zengyhkyle(a)gmail.com> mainline inclusion from mainline-v6.6-rc1 commit 050d91c03b28ca479df13dfb02bcd2c60dd6a878 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I83QCZ CVE: CVE-2023-42753 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… --------------------------- The missing IP_SET_HASH_WITH_NET0 macro in ip_set_hash_netportnet can lead to the use of wrong `CIDR_POS(c)` for calculating array offsets, which can lead to integer underflow. As a result, it leads to slab out-of-bound access. This patch adds back the IP_SET_HASH_WITH_NET0 macro to ip_set_hash_netportnet to address the issue. Fixes: 886503f34d63 ("netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net") Suggested-by: Jozsef Kadlecsik <kadlec(a)netfilter.org> Signed-off-by: Kyle Zeng <zengyhkyle(a)gmail.com> Acked-by: Jozsef Kadlecsik <kadlec(a)netfilter.org> Signed-off-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Lu Wei <luwei32(a)huawei.com> --- net/netfilter/ipset/ip_set_hash_netportnet.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/ipset/ip_set_hash_netportnet.c b/net/netfilter/ipset/ip_set_hash_netportnet.c index 144346faffc1..b8ec2c414a5f 100644 --- a/net/netfilter/ipset/ip_set_hash_netportnet.c +++ b/net/netfilter/ipset/ip_set_hash_netportnet.c @@ -35,6 +35,7 @@ MODULE_ALIAS("ip_set_hash:net,port,net"); #define IP_SET_HASH_WITH_PROTO #define IP_SET_HASH_WITH_NETS #define IPSET_NET_COUNT 2 +#define IP_SET_HASH_WITH_NET0 /* IPv4 variant */ -- 2.34.1

2 1

2024

2023

2022

2021

2020

2019

Kernel