From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arne Fitzenreiter To: development@lists.ipfire.org Subject: [PATCH] kernel: update to 6.1.28 Date: Tue, 16 May 2023 16:20:35 +0000 Message-ID: <20230516162035.1349684-1-arne_f@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1987346763397871575==" List-Id: --===============1987346763397871575== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Signed-off-by: Arne Fitzenreiter --- config/kernel/kernel.config.aarch64-ipfire | 2 +- config/kernel/kernel.config.x86_64-ipfire | 2 +- config/rootfiles/common/aarch64/linux | 2 +- config/rootfiles/common/x86_64/linux | 2 +- lfs/linux | 10 +- ...md-Fix-pmc-compile-dependency-errors.patch | 63 --------- ...ter_nftables_deactivate_anonymus_set.patch | 121 ------------------ 7 files changed, 6 insertions(+), 196 deletions(-) delete mode 100644 src/patches/linux/linux-6.0.7-platform-x86-amd-Fix-pmc-co= mpile-dependency-errors.patch delete mode 100644 src/patches/linux/linux-6.3-netfilter_nftables_deactivate= _anonymus_set.patch diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kerne= l.config.aarch64-ipfire index 74ff773df..87167cd65 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 6.1.27-ipfire Kernel Configuration +# Linux/arm64 6.1.28-ipfire Kernel Configuration # CONFIG_CC_VERSION_TEXT=3D"gcc (GCC) 12.2.0" CONFIG_CC_IS_GCC=3Dy diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel= .config.x86_64-ipfire index c8985b482..b30bbd1ec 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.1.27-ipfire Kernel Configuration +# Linux/x86 6.1.28-ipfire Kernel Configuration # CONFIG_CC_VERSION_TEXT=3D"gcc (GCC) 12.2.0" CONFIG_CC_IS_GCC=3Dy diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/= aarch64/linux index 5809aa02b..cfadb4427 100644 --- a/config/rootfiles/common/aarch64/linux +++ b/config/rootfiles/common/aarch64/linux @@ -15914,7 +15914,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/sound/ac97/regs.h #lib/modules/KVER-ipfire/build/include/sound/ac97_codec.h #lib/modules/KVER-ipfire/build/include/sound/aci.h -#lib/modules/KVER-ipfire/build/include/sound/acp62_chip_offset_byte.h +#lib/modules/KVER-ipfire/build/include/sound/acp63_chip_offset_byte.h #lib/modules/KVER-ipfire/build/include/sound/ad1816a.h #lib/modules/KVER-ipfire/build/include/sound/ad1843.h #lib/modules/KVER-ipfire/build/include/sound/adau1373.h diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x= 86_64/linux index 6262f5e57..0300e7779 100644 --- a/config/rootfiles/common/x86_64/linux +++ b/config/rootfiles/common/x86_64/linux @@ -16002,7 +16002,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/sound/ac97/regs.h #lib/modules/KVER-ipfire/build/include/sound/ac97_codec.h #lib/modules/KVER-ipfire/build/include/sound/aci.h -#lib/modules/KVER-ipfire/build/include/sound/acp62_chip_offset_byte.h +#lib/modules/KVER-ipfire/build/include/sound/acp63_chip_offset_byte.h #lib/modules/KVER-ipfire/build/include/sound/ad1816a.h #lib/modules/KVER-ipfire/build/include/sound/ad1843.h #lib/modules/KVER-ipfire/build/include/sound/adau1373.h diff --git a/lfs/linux b/lfs/linux index a95c6aea4..989c51189 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 6.1.27 +VER =3D 6.1.28 =20 ARM_PATCHES =3D 6.1.y-ipfire2 =20 @@ -76,7 +76,7 @@ objects =3D \ $(DL_FILE) =3D $(URL_IPFIRE)/$(DL_FILE) arm-multi-patches-$(ARM_PATCHES).patch.xz =3D $(URL_IPFIRE)/arm-multi-patche= s-$(ARM_PATCHES).patch.xz =20 -$(DL_FILE)_BLAKE2 =3D 5d7ec9a6a2652abbe4afb70174a63f58d495291d522087f9adb338= 64063ce54e219fd6e426793077a346338ccb4d9d753a60cb76b448146fb592ff17c2618792 +$(DL_FILE)_BLAKE2 =3D f840274d9e1c5af90292bce6afb8b8b1a81b4f8ef82691a1cf28ca= 2d6cf680913c2668ddb086e1fa4ba4112e9d8118a674231374c14a06a911ddb3d2cf8ac3fb arm-multi-patches-$(ARM_PATCHES).patch.xz_BLAKE2 =3D 7afc460562fb24bcd75784f= c79de768f9b60780aedd88d1a847927169e31920bbb475b1ac1466c4a224a7876d16bd8d465b9= 6202de12b74f6e2ccbfcec731ad3 =20 install : $(TARGET) @@ -144,12 +144,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # Fix external module compile cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0-fix_ex= ternal_module_build.patch =20 - # Fix pmc compile dependency errors - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0.7-plat= form-x86-amd-Fix-pmc-compile-dependency-errors.patch - - # Patch netfilter CVE-2023-32233 - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.3-netfil= ter_nftables_deactivate_anonymus_set.patch - ifeq "$(BUILD_ARCH)" "aarch64" # Apply Arm-multiarch kernel patches. cd $(DIR_APP) && xzcat $(DIR_DL)/arm-multi-patches-$(ARM_PATCHES).patch.xz = | patch -Np1 diff --git a/src/patches/linux/linux-6.0.7-platform-x86-amd-Fix-pmc-compile-d= ependency-errors.patch b/src/patches/linux/linux-6.0.7-platform-x86-amd-Fix-p= mc-compile-dependency-errors.patch deleted file mode 100644 index d890c24c0..000000000 --- a/src/patches/linux/linux-6.0.7-platform-x86-amd-Fix-pmc-compile-dependen= cy-errors.patch +++ /dev/null @@ -1,63 +0,0 @@ -From: Yupeng Li -To: Shyam-sundar.S-k(a)amd.com, hdegoede(a)redhat.com, markgross(a)kerne= l.org -Cc: platform-driver-x86(a)vger.kernel.org, linux-kernel(a)vger.kernel.or= g, - caizp2008(a)163.com, Yupeng Li -Subject: [PATCH 1/1] platform/x86/amd: Fix pmc compile dependency errors. -Date: Wed, 26 Oct 2022 15:25:31 +0800 - -When disabled CONFIG_SUSPEND and CONFIG_DEBUG_FS, get_metrics_table -and amd_pmc_idlemask_read is defined under two conditions of this, -pmc build with implicit declaration of function error.Some build error -messages are as follows: - - CC [M] drivers/platform/x86/amd/pmc.o -drivers/platform/x86/amd/pmc.c: In function =E2=80=98smu_fw_info_show=E2=80= =99: -drivers/platform/x86/amd/pmc.c:436:6: error: implicit declaration of functio= n =E2=80=98get_metrics_table=E2=80=99 [-Werror=3Dimplicit-function-declaratio= n] - 436 | if (get_metrics_table(dev, &table)) - | ^~~~~~~~~~~~~~~~~ -drivers/platform/x86/amd/pmc.c: In function =E2=80=98amd_pmc_idlemask_show= =E2=80=99: -drivers/platform/x86/amd/pmc.c:508:8: error: implicit declaration of functio= n =E2=80=98amd_pmc_idlemask_read=E2=80=99; did you mean =E2=80=98amd_pmc_idle= mask_show=E2=80=99? [-Werror=3Dimplicit-function-declaration] - 508 | rc =3D amd_pmc_idlemask_read(dev, NULL, s); - | ^~~~~~~~~~~~~~~~~~~~~ - | amd_pmc_idlemask_show -cc1: some warnings being treated as errors - -Signed-off-by: Yupeng Li -Reviewed-by: Caicai ---- - drivers/platform/x86/amd/pmc.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/drivers/platform/x86/amd/pmc.c b/drivers/platform/x86/amd/pmc.c -index ce859b300712..2b08039921b8 100644 ---- a/drivers/platform/x86/amd/pmc.c -+++ b/drivers/platform/x86/amd/pmc.c -@@ -433,8 +433,10 @@ static int smu_fw_info_show(struct seq_file *s, void *u= nused) - struct smu_metrics table; - int idx; -=20 -+#if defined(CONFIG_SUSPEND) || defined(CONFIG_DEBUG_FS) - if (get_metrics_table(dev, &table)) - return -EINVAL; -+#endif -=20 - seq_puts(s, "\n=3D=3D=3D SMU Statistics =3D=3D=3D\n"); - seq_printf(s, "Table Version: %d\n", table.table_version); -@@ -503,11 +505,12 @@ static int amd_pmc_idlemask_show(struct seq_file *s, v= oid *unused) - if (rc) - return rc; - } -- - if (dev->major > 56 || (dev->major >=3D 55 && dev->minor >=3D 37)) { -+#if defined(CONFIG_SUSPEND) || defined(CONFIG_DEBUG_FS) - rc =3D amd_pmc_idlemask_read(dev, NULL, s); - if (rc) - return rc; -+#endif - } else { - seq_puts(s, "Unsupported SMU version for Idlemask\n"); - } ---=20 -2.34.1 - - diff --git a/src/patches/linux/linux-6.3-netfilter_nftables_deactivate_anonym= us_set.patch b/src/patches/linux/linux-6.3-netfilter_nftables_deactivate_anon= ymus_set.patch deleted file mode 100644 index cd75de5c2..000000000 --- a/src/patches/linux/linux-6.3-netfilter_nftables_deactivate_anonymus_set.= patch +++ /dev/null @@ -1,121 +0,0 @@ -From c1592a89942e9678f7d9c8030efa777c0d57edab Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Tue, 2 May 2023 10:25:24 +0200 -Subject: netfilter: nf_tables: deactivate anonymous set from preparation pha= se - -Toggle deleted anonymous sets as inactive in the next generation, so -users cannot perform any update on it. Clear the generation bitmask -in case the transaction is aborted. - -The following KASAN splat shows a set element deletion for a bound -anonymous set that has been already removed in the same transaction. - -[ 64.921510] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D -[ 64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x14= 90 [nf_tables] -[ 64.924745] Write of size 8 at addr dead000000000122 by task test/890 -[ 64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253 -[ 64.931120] Call Trace: -[ 64.932699] -[ 64.934292] dump_stack_lvl+0x33/0x50 -[ 64.935908] ? nf_tables_commit+0xa24/0x1490 [nf_tables] -[ 64.937551] kasan_report+0xda/0x120 -[ 64.939186] ? nf_tables_commit+0xa24/0x1490 [nf_tables] -[ 64.940814] nf_tables_commit+0xa24/0x1490 [nf_tables] -[ 64.942452] ? __kasan_slab_alloc+0x2d/0x60 -[ 64.944070] ? nf_tables_setelem_notify+0x190/0x190 [nf_tables] -[ 64.945710] ? kasan_set_track+0x21/0x30 -[ 64.947323] nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink] -[ 64.948898] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink] - -Signed-off-by: Pablo Neira Ayuso ---- - include/net/netfilter/nf_tables.h | 1 + - net/netfilter/nf_tables_api.c | 12 ++++++++++++ - net/netfilter/nft_dynset.c | 2 +- - net/netfilter/nft_lookup.c | 2 +- - net/netfilter/nft_objref.c | 2 +- - 5 files changed, 16 insertions(+), 3 deletions(-) - -diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_ta= bles.h -index 3ed21d2d56590..2e24ea1d744c2 100644 ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -619,6 +619,7 @@ struct nft_set_binding { - }; -=20 - enum nft_trans_phase; -+void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set); - void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *se= t, - struct nft_set_binding *binding, - enum nft_trans_phase phase); -diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c -index 8b6c61a2196cb..59fb8320ab4d7 100644 ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -5127,12 +5127,24 @@ static void nf_tables_unbind_set(const struct nft_ct= x *ctx, struct nft_set *set, - } - } -=20 -+void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set) -+{ -+ if (nft_set_is_anonymous(set)) -+ nft_clear(ctx->net, set); -+ -+ set->use++; -+} -+EXPORT_SYMBOL_GPL(nf_tables_activate_set); -+ - void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *se= t, - struct nft_set_binding *binding, - enum nft_trans_phase phase) - { - switch (phase) { - case NFT_TRANS_PREPARE: -+ if (nft_set_is_anonymous(set)) -+ nft_deactivate_next(ctx->net, set); -+ - set->use--; - return; - case NFT_TRANS_ABORT: -diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c -index 274579b1696e0..bd19c7aec92ee 100644 ---- a/net/netfilter/nft_dynset.c -+++ b/net/netfilter/nft_dynset.c -@@ -342,7 +342,7 @@ static void nft_dynset_activate(const struct nft_ctx *ct= x, - { - struct nft_dynset *priv =3D nft_expr_priv(expr); -=20 -- priv->set->use++; -+ nf_tables_activate_set(ctx, priv->set); - } -=20 - static void nft_dynset_destroy(const struct nft_ctx *ctx, -diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c -index cecf8ab90e58f..03ef4fdaa460b 100644 ---- a/net/netfilter/nft_lookup.c -+++ b/net/netfilter/nft_lookup.c -@@ -167,7 +167,7 @@ static void nft_lookup_activate(const struct nft_ctx *ct= x, - { - struct nft_lookup *priv =3D nft_expr_priv(expr); -=20 -- priv->set->use++; -+ nf_tables_activate_set(ctx, priv->set); - } -=20 - static void nft_lookup_destroy(const struct nft_ctx *ctx, -diff --git a/net/netfilter/nft_objref.c b/net/netfilter/nft_objref.c -index cb37169608bab..a48dd5b5d45b1 100644 ---- a/net/netfilter/nft_objref.c -+++ b/net/netfilter/nft_objref.c -@@ -185,7 +185,7 @@ static void nft_objref_map_activate(const struct nft_ctx= *ctx, - { - struct nft_objref_map *priv =3D nft_expr_priv(expr); -=20 -- priv->set->use++; -+ nf_tables_activate_set(ctx, priv->set); - } -=20 - static void nft_objref_map_destroy(const struct nft_ctx *ctx, ---=20 -cgit=20 - --=20 2.34.1 --===============1987346763397871575==--