Cherry-pick Delphix commits of linux-kernel-oracle for LTS upgrade #38
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BugLink: https://bugs.launchpad.net/bugs/2074372 ARL/LNL don't have PC8, other than that, it behaves the same as CNL. Copy cnl_features for ARL/LNL, except that PC8 support is removed. Signed-off-by: Zhang Rui <rui.zhang@intel.com> Signed-off-by: Len Brown <len.brown@intel.com> (cherry picked from commit 196eca020600470ca44da94c65607e7a98aa9d3c) Signed-off-by: Thibault Ferrante <thibault.ferrante@canonical.com> Acked-by: Noah Wager <noah.wager@canonical.com> Acked-by: Kevin Becker <kevin.becker@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2074372 This one is the regular laptop CPU. Signed-off-by: Tony Luck <tony.luck@intel.com> Signed-off-by: Ingo Molnar <mingo@kernel.org> Link: https://lore.kernel.org/r/20240322161725.195614-1-tony.luck@intel.com Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2074372 Add turbostat support for ARL-H, which behaves the same as ARL. [lenb: also add ARL-U] Signed-off-by: Zhang Rui <rui.zhang@intel.com> Signed-off-by: Len Brown <len.brown@intel.com> (cherry picked from commit f04fcc7ac8ceb87933244cca28759d0fac6103ce) Signed-off-by: Thibault Ferrante <thibault.ferrante@canonical.com> Acked-by: Noah Wager <noah.wager@canonical.com> Acked-by: Kevin Becker <kevin.becker@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2074376 Upstream recommends to disable this option. Discussion started around a bug reported by IBM in KVM that happens when this option is enabled related to hot-unplugging PCI devices. Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Kevin Becker <kevin.becker@canonical.com> Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2076647 Properties: no-test-build Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
…-versions (main/2024.08.05) BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
[ Upstream commit 3668651def2c1622904e58b0280ee93121f2b10b ] Information is stored in mr_sas_port->phy_mask, values larger then size of this field shouldn't be allowed. Signed-off-by: Tomas Henzl <thenzl@redhat.com> Link: https://lore.kernel.org/r/20240226151013.8653-1-thenzl@redhat.com Acked-by: Sathya Prakash Veerichetty <sathya.prakash@broadcom.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit c8707901b53a48106d7501bdbd0350cefaefa4cf linux-6.9.y) CVE-2024-42159 Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com> Acked-by: Manuel Diewald <manuel.diewald@canonical.com> Acked-by: Aaron Jauregui <aaron.jauregui@canonical.com> Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
…s_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. V2: To really improve the handling we would actually need to have a separate value of 0xffffffff.(Christian) Signed-off-by: Jesse Zhang <jesse.zhang@amd.com> Suggested-by: Christian König <christian.koenig@amd.com> Reviewed-by: Christian König <christian.koenig@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> (cherry picked from 88a9a467c548d0b3c7761b4fd54a68e70f9c0944) CVE-2024-42228 Signed-off-by: Cengiz Can <cengiz.can@canonical.com> Acked-by: Manuel Diewald <manuel.diewald@canonical.com> Acked-by: Kuan-Ying Lee <kuan-ying.lee@canonical.com> Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2077600 [ Upstream commit 66be40e622e177316ae81717aa30057ba9e61dff ] I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated). Reviewed-by: Eric Dumazet <edumazet@google.com> Fixes: 3e7013d ("tcp: metrics: Allow selective get/del of tcp-metrics based on src IP") Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Portia Stephens <portia.stephens@canonical.com> Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com> CVE-2024-42154 Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2077600 [ Upstream commit 4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b ] Since commit a3c53be ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_entry() is non-NULL. This appears to be intended to guard against the list chip->mdios being empty. However, it is not the correct check as the implementation of list_first_entry is not designed to return NULL for empty lists. Instead, use list_first_entry_or_null() which does return NULL if the list is empty. Flagged by Smatch. Compile tested only. Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: Simon Horman <horms@kernel.org> Link: https://lore.kernel.org/r/20240430-mv88e6xx-list_empty-v3-1-c35c69d88d2e@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Portia Stephens <portia.stephens@canonical.com> Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com> CVE-2024-42224 Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
[ Upstream commit 4ed886b187f47447ad559619c48c086f432d2b77 ] - It missed to check validation of fault attrs in parse_options(), let's fix to add check condition in f2fs_build_fault_attr(). - Use f2fs_build_fault_attr() in __sbi_store() to clean up code. Signed-off-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit ecb641f424d6d1f055d149a15b892edcc92c504b linux-6.9.y) CVE-2024-42160 Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com> Acked-by: Aaron Jauregui <aaron.jauregui@canonical.com> Acked-by: Kuan-Ying Lee <kuan-ying.lee@canonical.com> Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
commit 0d8968287a1cf7b03d07387dc871de3861b9f6b9 upstream.
When building without CONFIG_F2FS_FAULT_INJECTION, there is a warning
from each file that includes f2fs.h because the stub for
f2fs_build_fault_attr() is missing inline:
In file included from fs/f2fs/segment.c:21:
fs/f2fs/f2fs.h:4605:12: warning: 'f2fs_build_fault_attr' defined but not used [-Wunused-function]
4605 | static int f2fs_build_fault_attr(struct f2fs_sb_info *sbi, unsigned long rate,
| ^~~~~~~~~~~~~~~~~~~~~
Add the missing inline to resolve all of the warnings for this
configuration.
Fixes: 4ed886b187f4 ("f2fs: check validation of fault attrs in f2fs_build_fault_attr()")
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 72d0e1dec7914b36beb4f3c7fe3a4c01cbb018ee linux-6.9.y)
CVE-2024-42160
Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>
Acked-by: Aaron Jauregui <aaron.jauregui@canonical.com>
Acked-by: Kuan-Ying Lee <kuan-ying.lee@canonical.com>
Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2076435 [ Upstream commit cfa1a2329a691ffd991fcf7248a57d752e712881 ] The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer counter to show which logical position the consumer consumed the data, and producer_pos which is the producer counter denoting the amount of data reserved by all producers. Each time a record is reserved, the producer that "owns" the record will successfully advance producer counter. In user space each time a record is read, the consumer of the data advanced the consumer counter once it finished processing. Both counters are stored in separate pages so that from user space, the producer counter is read-only and the consumer counter is read-write. One aspect that simplifies and thus speeds up the implementation of both producers and consumers is how the data area is mapped twice contiguously back-to-back in the virtual memory, allowing to not take any special measures for samples that have to wrap around at the end of the circular buffer data area, because the next page after the last data page would be first data page again, and thus the sample will still appear completely contiguous in virtual memory. Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for book-keeping the length and offset, and is inaccessible to the BPF program. Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ` for the BPF program to use. Bing-Jhong and Muhammad reported that it is however possible to make a second allocated memory chunk overlapping with the first chunk and as a result, the BPF program is now able to edit first chunk's header. For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in [0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets allocate a chunk B with size 0x3000. This will succeed because consumer_pos was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask` check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data pages. This means that chunk B at [0x4000,0x4008] is chunk A's header. bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong page and could cause a crash. Fix it by calculating the oldest pending_pos and check whether the range from the oldest outstanding record to the newest would span beyond the ring buffer size. If that is the case, then reject the request. We've tested with the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh) before/after the fix and while it seems a bit slower on some benchmarks, it is still not significantly enough to matter. Fixes: 457f443 ("bpf: Implement BPF ring buffer and verifier support for it") Reported-by: Bing-Jhong Billy Jheng <billy@starlabs.sg> Reported-by: Muhammad Ramdhan <ramdhan@starlabs.sg> Co-developed-by: Bing-Jhong Billy Jheng <billy@starlabs.sg> Co-developed-by: Andrii Nakryiko <andrii@kernel.org> Signed-off-by: Bing-Jhong Billy Jheng <billy@starlabs.sg> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20240621140828.18238-1-daniel@iogearbox.net Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Portia Stephens <portia.stephens@canonical.com> Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com> CVE-2024-41009 Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
Ignore: yes Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2078100 Properties: no-test-build Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
…-versions (main/s2024.08.05) BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
There is a bug in netem_enqueue() introduced by commit 5845f70 ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") that can lead to a use-after-free. This commit made netem_enqueue() always return NET_XMIT_SUCCESS when a packet is duplicated, which can cause the parent qdisc's q.qlen to be mistakenly incremented. When this happens qlen_notify() may be skipped on the parent during destruction, leaving a dangling pointer for some classful qdiscs like DRR. There are two ways for the bug happen: - If the duplicated packet is dropped by rootq->enqueue() and then the original packet is also dropped. - If rootq->enqueue() sends the duplicated packet to a different qdisc and the original packet is dropped. In both cases NET_XMIT_SUCCESS is returned even though no packets are enqueued at the netem qdisc. The fix is to defer the enqueue of the duplicate packet until after the original packet has been guaranteed to return NET_XMIT_SUCCESS. Fixes: 5845f70 ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") Reported-by: Budimir Markovic <markovicbudimir@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20240819175753.5151-1-stephen@networkplumber.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> CVE-2024-45016 (cherry picked from commit c07ff8592d57ed258afee5a5e04991a48dbaf382) Signed-off-by: Ian Whitfield <ian.whitfield@canonical.com> Acked-by: Magali Lemes <magali.lemes@canonical.com> Acked-by: Jacob Martin <jacob.martin@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Ignore: yes Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2082118 Properties: no-test-build Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
Ignore: yes Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
This change basically brings in the annotations from the most recent linux-oracle series (impish), then adding/removing whatever annotations are needed to make it work with the jammy configuration and the master annotations. Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1960472 Properties: no-test-build Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
Ignore: yes Signed-off-by: Philip Cox <philip.cox@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2076636 Properties: no-test-build Signed-off-by: Philip Cox <philip.cox@canonical.com>
Signed-off-by: Philip Cox <philip.cox@canonical.com>
Ignore: yes Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2078089 Properties: no-test-build Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
…-versions (main/s2024.08.05) BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Ignore: yes Signed-off-by: Philip Cox <philip.cox@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2082107 Properties: no-test-build Signed-off-by: Philip Cox <philip.cox@canonical.com>
Signed-off-by: Philip Cox <philip.cox@canonical.com>
This is a placeholder commit to separate the Ubuntu kernel source and our patches. Used by kernel_merge_with_upstream() in the linux-pkg repo.
) Link: https://lore.kernel.org/r/20230319015620.96006-10-michael.christie@oracle.com Signed-off-by: Dmitry Bogdanov <d.bogdanov@yadro.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Co-authored-by: Dmitry Bogdanov <d.bogdanov@yadro.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change cherry-picks the Delphix patch set from
developonto a branch forked off ofupstreams/os-upgrade.upstreams/os-upgradecurrently has commits from Linux kernel 6.8, the version that ships with Ubuntu 24.04. I ran the following command to perform the cherry-pick:Here's the actual diff between upstreams/os-upgrade and os-upgrade: upstreams/os-upgrade...dlpx/pr/palash.gandhi/oracle
Additional changes that were required:
build-package: https://ops-jenkins.eng-tools-prd.aws.delphixcloud.com/job/linux-pkg/job/os-upgrade/job/build-package/job/linux-kernel-oracle/job/pre-push/3/console