DLPX-92458 Cherry-pick Delphix commits of linux-kernel-oracle for LTS upgrade #38
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BugLink: https://bugs.launchpad.net/bugs/2074372 ARL/LNL don't have PC8, other than that, it behaves the same as CNL. Copy cnl_features for ARL/LNL, except that PC8 support is removed. Signed-off-by: Zhang Rui <[email protected]> Signed-off-by: Len Brown <[email protected]> (cherry picked from commit 196eca0) Signed-off-by: Thibault Ferrante <[email protected]> Acked-by: Noah Wager <[email protected]> Acked-by: Kevin Becker <[email protected]> Signed-off-by: Stefan Bader <[email protected]> Signed-off-by: Roxana Nicolescu <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2074372 This one is the regular laptop CPU. Signed-off-by: Tony Luck <[email protected]> Signed-off-by: Ingo Molnar <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Roxana Nicolescu <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2074372 Add turbostat support for ARL-H, which behaves the same as ARL. [lenb: also add ARL-U] Signed-off-by: Zhang Rui <[email protected]> Signed-off-by: Len Brown <[email protected]> (cherry picked from commit f04fcc7) Signed-off-by: Thibault Ferrante <[email protected]> Acked-by: Noah Wager <[email protected]> Acked-by: Kevin Becker <[email protected]> Signed-off-by: Stefan Bader <[email protected]> Signed-off-by: Roxana Nicolescu <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2074376 Upstream recommends to disable this option. Discussion started around a bug reported by IBM in KVM that happens when this option is enabled related to hot-unplugging PCI devices. Signed-off-by: Roxana Nicolescu <[email protected]> Acked-by: Stefan Bader <[email protected]> Acked-by: Kevin Becker <[email protected]> Signed-off-by: Roxana Nicolescu <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2076647 Properties: no-test-build Signed-off-by: Roxana Nicolescu <[email protected]>
…-versions (main/2024.08.05) BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Roxana Nicolescu <[email protected]>
Signed-off-by: Roxana Nicolescu <[email protected]>
[ Upstream commit 3668651 ] Information is stored in mr_sas_port->phy_mask, values larger then size of this field shouldn't be allowed. Signed-off-by: Tomas Henzl <[email protected]> Link: https://lore.kernel.org/r/[email protected] Acked-by: Sathya Prakash Veerichetty <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit c8707901b53a48106d7501bdbd0350cefaefa4cf linux-6.9.y) CVE-2024-42159 Signed-off-by: Massimiliano Pellizzer <[email protected]> Acked-by: Manuel Diewald <[email protected]> Acked-by: Aaron Jauregui <[email protected]> Signed-off-by: Roxana Nicolescu <[email protected]>
…s_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. V2: To really improve the handling we would actually need to have a separate value of 0xffffffff.(Christian) Signed-off-by: Jesse Zhang <[email protected]> Suggested-by: Christian König <[email protected]> Reviewed-by: Christian König <[email protected]> Signed-off-by: Alex Deucher <[email protected]> (cherry picked from 88a9a46) CVE-2024-42228 Signed-off-by: Cengiz Can <[email protected]> Acked-by: Manuel Diewald <[email protected]> Acked-by: Kuan-Ying Lee <[email protected]> Signed-off-by: Roxana Nicolescu <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2077600 [ Upstream commit 66be40e ] I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated). Reviewed-by: Eric Dumazet <[email protected]> Fixes: 3e7013d ("tcp: metrics: Allow selective get/del of tcp-metrics based on src IP") Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Portia Stephens <[email protected]> Signed-off-by: Roxana Nicolescu <[email protected]> CVE-2024-42154 Signed-off-by: Manuel Diewald <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2077600 [ Upstream commit 4c7f395 ] Since commit a3c53be ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_entry() is non-NULL. This appears to be intended to guard against the list chip->mdios being empty. However, it is not the correct check as the implementation of list_first_entry is not designed to return NULL for empty lists. Instead, use list_first_entry_or_null() which does return NULL if the list is empty. Flagged by Smatch. Compile tested only. Reviewed-by: Andrew Lunn <[email protected]> Signed-off-by: Simon Horman <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Portia Stephens <[email protected]> Signed-off-by: Roxana Nicolescu <[email protected]> CVE-2024-42224 Signed-off-by: Manuel Diewald <[email protected]>
[ Upstream commit 4ed886b ] - It missed to check validation of fault attrs in parse_options(), let's fix to add check condition in f2fs_build_fault_attr(). - Use f2fs_build_fault_attr() in __sbi_store() to clean up code. Signed-off-by: Chao Yu <[email protected]> Signed-off-by: Jaegeuk Kim <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit ecb641f424d6d1f055d149a15b892edcc92c504b linux-6.9.y) CVE-2024-42160 Signed-off-by: Massimiliano Pellizzer <[email protected]> Acked-by: Aaron Jauregui <[email protected]> Acked-by: Kuan-Ying Lee <[email protected]> Signed-off-by: Manuel Diewald <[email protected]>
commit 0d89682 upstream. When building without CONFIG_F2FS_FAULT_INJECTION, there is a warning from each file that includes f2fs.h because the stub for f2fs_build_fault_attr() is missing inline: In file included from fs/f2fs/segment.c:21: fs/f2fs/f2fs.h:4605:12: warning: 'f2fs_build_fault_attr' defined but not used [-Wunused-function] 4605 | static int f2fs_build_fault_attr(struct f2fs_sb_info *sbi, unsigned long rate, | ^~~~~~~~~~~~~~~~~~~~~ Add the missing inline to resolve all of the warnings for this configuration. Fixes: 4ed886b ("f2fs: check validation of fault attrs in f2fs_build_fault_attr()") Signed-off-by: Nathan Chancellor <[email protected]> Reviewed-by: Chao Yu <[email protected]> Signed-off-by: Jaegeuk Kim <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> (cherry picked from commit 72d0e1dec7914b36beb4f3c7fe3a4c01cbb018ee linux-6.9.y) CVE-2024-42160 Signed-off-by: Massimiliano Pellizzer <[email protected]> Acked-by: Aaron Jauregui <[email protected]> Acked-by: Kuan-Ying Lee <[email protected]> Signed-off-by: Manuel Diewald <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2076435 [ Upstream commit cfa1a23 ] The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer counter to show which logical position the consumer consumed the data, and producer_pos which is the producer counter denoting the amount of data reserved by all producers. Each time a record is reserved, the producer that "owns" the record will successfully advance producer counter. In user space each time a record is read, the consumer of the data advanced the consumer counter once it finished processing. Both counters are stored in separate pages so that from user space, the producer counter is read-only and the consumer counter is read-write. One aspect that simplifies and thus speeds up the implementation of both producers and consumers is how the data area is mapped twice contiguously back-to-back in the virtual memory, allowing to not take any special measures for samples that have to wrap around at the end of the circular buffer data area, because the next page after the last data page would be first data page again, and thus the sample will still appear completely contiguous in virtual memory. Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for book-keeping the length and offset, and is inaccessible to the BPF program. Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ` for the BPF program to use. Bing-Jhong and Muhammad reported that it is however possible to make a second allocated memory chunk overlapping with the first chunk and as a result, the BPF program is now able to edit first chunk's header. For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in [0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets allocate a chunk B with size 0x3000. This will succeed because consumer_pos was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask` check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data pages. This means that chunk B at [0x4000,0x4008] is chunk A's header. bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong page and could cause a crash. Fix it by calculating the oldest pending_pos and check whether the range from the oldest outstanding record to the newest would span beyond the ring buffer size. If that is the case, then reject the request. We've tested with the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh) before/after the fix and while it seems a bit slower on some benchmarks, it is still not significantly enough to matter. Fixes: 457f443 ("bpf: Implement BPF ring buffer and verifier support for it") Reported-by: Bing-Jhong Billy Jheng <[email protected]> Reported-by: Muhammad Ramdhan <[email protected]> Co-developed-by: Bing-Jhong Billy Jheng <[email protected]> Co-developed-by: Andrii Nakryiko <[email protected]> Signed-off-by: Bing-Jhong Billy Jheng <[email protected]> Signed-off-by: Andrii Nakryiko <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Signed-off-by: Andrii Nakryiko <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Portia Stephens <[email protected]> Signed-off-by: Roxana Nicolescu <[email protected]> CVE-2024-41009 Signed-off-by: Manuel Diewald <[email protected]>
Ignore: yes Signed-off-by: Manuel Diewald <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2078100 Properties: no-test-build Signed-off-by: Manuel Diewald <[email protected]>
…-versions (main/s2024.08.05) BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Manuel Diewald <[email protected]>
Signed-off-by: Manuel Diewald <[email protected]>
There is a bug in netem_enqueue() introduced by commit 5845f70 ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") that can lead to a use-after-free. This commit made netem_enqueue() always return NET_XMIT_SUCCESS when a packet is duplicated, which can cause the parent qdisc's q.qlen to be mistakenly incremented. When this happens qlen_notify() may be skipped on the parent during destruction, leaving a dangling pointer for some classful qdiscs like DRR. There are two ways for the bug happen: - If the duplicated packet is dropped by rootq->enqueue() and then the original packet is also dropped. - If rootq->enqueue() sends the duplicated packet to a different qdisc and the original packet is dropped. In both cases NET_XMIT_SUCCESS is returned even though no packets are enqueued at the netem qdisc. The fix is to defer the enqueue of the duplicate packet until after the original packet has been guaranteed to return NET_XMIT_SUCCESS. Fixes: 5845f70 ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") Reported-by: Budimir Markovic <[email protected]> Signed-off-by: Stephen Hemminger <[email protected]> Reviewed-by: Simon Horman <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> CVE-2024-45016 (cherry picked from commit c07ff85) Signed-off-by: Ian Whitfield <[email protected]> Acked-by: Magali Lemes <[email protected]> Acked-by: Jacob Martin <[email protected]> Signed-off-by: Stefan Bader <[email protected]>
Ignore: yes Signed-off-by: Manuel Diewald <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2082118 Properties: no-test-build Signed-off-by: Manuel Diewald <[email protected]>
Signed-off-by: Manuel Diewald <[email protected]>
Signed-off-by: Khalid Elmously <[email protected]>
Ignore: yes Signed-off-by: Khalid Elmously <[email protected]>
Signed-off-by: Khalid Elmously <[email protected]>
This change basically brings in the annotations from the most recent linux-oracle series (impish), then adding/removing whatever annotations are needed to make it work with the jammy configuration and the master annotations. Signed-off-by: Khalid Elmously <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Khalid Elmously <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1960472 Properties: no-test-build Signed-off-by: Khalid Elmously <[email protected]>
Signed-off-by: Khalid Elmously <[email protected]>
Signed-off-by: Khalid Elmously <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2082107 Properties: no-test-build Signed-off-by: Philip Cox <[email protected]>
Signed-off-by: Philip Cox <[email protected]>
This is a placeholder commit to separate the Ubuntu kernel source and our patches. Used by kernel_merge_with_upstream() in the linux-pkg repo.
) Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Dmitry Bogdanov <[email protected]> Signed-off-by: Mike Christie <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> Co-authored-by: Dmitry Bogdanov <[email protected]>
it looks like the build requires gcc-13, but that's not available in the repository..? |
@prakashsurya the ab-pre-push PR check is expected to fail because we do not have a 24.04 buildserver yet. That PR check tried to compile this PR's bits on a 20.04 based buildserver. I ran the build-package and was successful. |
prakashsurya
approved these changes
Oct 24, 2024
jwk404
approved these changes
Oct 24, 2024
palash-gandhi
changed the title
|
This was in fact merged into |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change cherry-picks the Delphix patch set from
developonto a branch forked off ofupstreams/os-upgrade.upstreams/os-upgradecurrently has commits from Linux kernel 6.8, the version that ships with Ubuntu 24.04. I ran the following command to perform the cherry-pick:Here's the actual diff between upstreams/os-upgrade and os-upgrade: upstreams/os-upgrade...dlpx/pr/palash.gandhi/oracle
Additional changes that were required:
build-package: https://ops-jenkins.eng-tools-prd.aws.delphixcloud.com/job/linux-pkg/job/os-upgrade/job/build-package/job/linux-kernel-oracle/job/pre-push/3/console