diff -u linux-oem-5.17-5.17.0/arch/x86/kernel/cpu/bugs.c linux-oem-5.17-5.17.0/arch/x86/kernel/cpu/bugs.c --- linux-oem-5.17-5.17.0/arch/x86/kernel/cpu/bugs.c +++ linux-oem-5.17-5.17.0/arch/x86/kernel/cpu/bugs.c @@ -1590,6 +1590,8 @@ if (ctrl == PR_SPEC_FORCE_DISABLE) task_set_spec_ib_force_disable(task); task_update_spec_tif(task); + if (task == current) + indirect_branch_prediction_barrier(); break; default: return -ERANGE; diff -u linux-oem-5.17-5.17.0/debian.oem/abi/abiname linux-oem-5.17-5.17.0/debian.oem/abi/abiname --- linux-oem-5.17-5.17.0/debian.oem/abi/abiname +++ linux-oem-5.17-5.17.0/debian.oem/abi/abiname @@ -1 +1 @@ -1026 +1027 diff -u linux-oem-5.17-5.17.0/debian.oem/abi/version linux-oem-5.17-5.17.0/debian.oem/abi/version --- linux-oem-5.17-5.17.0/debian.oem/abi/version +++ linux-oem-5.17-5.17.0/debian.oem/abi/version @@ -1 +1 @@ -5.17.0-1026.27 +5.17.0-1027.28 diff -u linux-oem-5.17-5.17.0/debian.oem/changelog linux-oem-5.17-5.17.0/debian.oem/changelog --- linux-oem-5.17-5.17.0/debian.oem/changelog +++ linux-oem-5.17-5.17.0/debian.oem/changelog @@ -1,3 +1,56 @@ +linux-oem-5.17 (5.17.0-1028.29) jammy; urgency=medium + + * jammy/linux-oem-5.17: 5.17.0-1028.29 -proposed tracker (LP: #2004346) + + * CVE-2023-0045 + - x86/bugs: Flush IBP in ib_prctl_set() + + * Packaging resync (LP: #1786013) + - debian/dkms-versions -- update from kernel-versions (main/2023.01.30) + + * Keeps rebooting with AMD W6400, W6600, and W6800 graphic cards + (LP: #2000110) + - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega + - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega + - drm/amdgpu: make sure to init common IP before gmc + - drm/amdgpu: fix sdma doorbell init ordering on APUs + + * CVE-2022-47520 + - wifi: wilc1000: validate pairwise and authentication suite offsets + + * Improve arp_ndisc_evict_nocarrier.sh test result processing (LP: #2006546) + - selftests: net: return non-zero for failures reported in + arp_ndisc_evict_nocarrier + + * CVE-2022-43750 + - usb: mon: make mmapped memory read only + + * CVE-2023-0461 + - net/ulp: prevent ULP without clone op from entering the LISTEN status + - net/ulp: use consistent error code when blocking ULP + + * CVE-2022-3565 + - mISDN: fix use-after-free bugs in l1oip timer handlers + + * CVE-2022-36879 + - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in + xfrm_bundle_lookup() + + * CVE-2022-20369 + - NFSD: fix use-after-free in __nfs42_ssc_open() + + * arp_ndisc_evict_nocarrier.sh in net from ubuntu_kernel_selftests failed on + J-oem-5.17 / K (LP: #1968310) + - selftests: net: fix cleanup_v6() for arp_ndisc_evict_nocarrier + + * CVE-2022-20566 + - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put + + * Expose built-in trusted and revoked certificates (LP: #1996892) + - [Packaging] Expose built-in trusted and revoked certificates + + -- Timo Aaltonen Fri, 10 Feb 2023 12:15:41 +0200 + linux-oem-5.17 (5.17.0-1027.28) jammy; urgency=medium * jammy/linux-oem-5.17: 5.17.0-1027.28 -proposed tracker (LP: #2003451) diff -u linux-oem-5.17-5.17.0/debian.oem/tracking-bug linux-oem-5.17-5.17.0/debian.oem/tracking-bug --- linux-oem-5.17-5.17.0/debian.oem/tracking-bug +++ linux-oem-5.17-5.17.0/debian.oem/tracking-bug @@ -1 +1 @@ -2003451 2023.01.02-2 +2004346 2023.01.30-1 diff -u linux-oem-5.17-5.17.0/debian/changelog linux-oem-5.17-5.17.0/debian/changelog --- linux-oem-5.17-5.17.0/debian/changelog +++ linux-oem-5.17-5.17.0/debian/changelog @@ -1,3 +1,56 @@ +linux-oem-5.17 (5.17.0-1028.29) jammy; urgency=medium + + * jammy/linux-oem-5.17: 5.17.0-1028.29 -proposed tracker (LP: #2004346) + + * CVE-2023-0045 + - x86/bugs: Flush IBP in ib_prctl_set() + + * Packaging resync (LP: #1786013) + - debian/dkms-versions -- update from kernel-versions (main/2023.01.30) + + * Keeps rebooting with AMD W6400, W6600, and W6800 graphic cards + (LP: #2000110) + - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega + - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega + - drm/amdgpu: make sure to init common IP before gmc + - drm/amdgpu: fix sdma doorbell init ordering on APUs + + * CVE-2022-47520 + - wifi: wilc1000: validate pairwise and authentication suite offsets + + * Improve arp_ndisc_evict_nocarrier.sh test result processing (LP: #2006546) + - selftests: net: return non-zero for failures reported in + arp_ndisc_evict_nocarrier + + * CVE-2022-43750 + - usb: mon: make mmapped memory read only + + * CVE-2023-0461 + - net/ulp: prevent ULP without clone op from entering the LISTEN status + - net/ulp: use consistent error code when blocking ULP + + * CVE-2022-3565 + - mISDN: fix use-after-free bugs in l1oip timer handlers + + * CVE-2022-36879 + - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in + xfrm_bundle_lookup() + + * CVE-2022-20369 + - NFSD: fix use-after-free in __nfs42_ssc_open() + + * arp_ndisc_evict_nocarrier.sh in net from ubuntu_kernel_selftests failed on + J-oem-5.17 / K (LP: #1968310) + - selftests: net: fix cleanup_v6() for arp_ndisc_evict_nocarrier + + * CVE-2022-20566 + - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put + + * Expose built-in trusted and revoked certificates (LP: #1996892) + - [Packaging] Expose built-in trusted and revoked certificates + + -- Timo Aaltonen Fri, 10 Feb 2023 12:15:41 +0200 + linux-oem-5.17 (5.17.0-1027.28) jammy; urgency=medium * jammy/linux-oem-5.17: 5.17.0-1027.28 -proposed tracker (LP: #2003451) diff -u linux-oem-5.17-5.17.0/debian/control linux-oem-5.17-5.17.0/debian/control --- linux-oem-5.17-5.17.0/debian/control +++ linux-oem-5.17-5.17.0/debian/control @@ -60,7 +60,7 @@ XS-Testsuite: autopkgtest #XS-Testsuite-Depends: gcc-4.7 binutils -Package: linux-oem-5.17-headers-5.17.0-1027 +Package: linux-oem-5.17-headers-5.17.0-1028 Build-Profiles: Architecture: all Multi-Arch: foreign @@ -70,20 +70,20 @@ Description: Header files related to Linux kernel version 5.17.0 This package provides kernel header files for version 5.17.0, for sites that want the latest kernel headers. Please read - /usr/share/doc/linux-oem-5.17-headers-5.17.0-1027/debian.README.gz for details + /usr/share/doc/linux-oem-5.17-headers-5.17.0-1028/debian.README.gz for details -Package: linux-oem-5.17-tools-5.17.0-1027 +Package: linux-oem-5.17-tools-5.17.0-1028 Build-Profiles: Architecture: amd64 Section: devel Priority: optional Depends: ${misc:Depends}, ${shlibs:Depends}, linux-tools-common -Description: Linux kernel version specific tools for version 5.17.0-1027 +Description: Linux kernel version specific tools for version 5.17.0-1028 This package provides the architecture dependant parts for kernel version locked tools (such as perf and x86_energy_perf_policy) for - version 5.17.0-1027 on + version 5.17.0-1028 on 64 bit x86. - You probably want to install linux-tools-5.17.0-1027-. + You probably want to install linux-tools-5.17.0-1028-. Package: linux-oem-5.17-tools-host Build-Profiles: @@ -97,17 +97,17 @@ -Package: linux-image-unsigned-5.17.0-1027-oem +Package: linux-image-unsigned-5.17.0-1028-oem Build-Profiles: Architecture: amd64 Section: kernel Priority: optional Provides: linux-image, fuse-module, kvm-api-4, redhat-cluster-modules, ivtv-modules, virtualbox-guest-modules [amd64], ${linux:rprovides} -Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-5.17.0-1027-oem +Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-5.17.0-1028-oem Recommends: grub-pc [amd64] | grub-efi-amd64 [amd64] | grub-efi-ia32 [amd64] | grub [amd64] | lilo [amd64] | flash-kernel [armhf arm64] | grub-efi-arm64 [arm64] | grub-efi-arm [armhf] | grub-ieee1275 [ppc64el], initramfs-tools | linux-initramfs-tool Breaks: flash-kernel (<< 3.90ubuntu2) [arm64 armhf], s390-tools (<< 2.3.0-0ubuntu3) [s390x] -Conflicts: linux-image-5.17.0-1027-oem -Suggests: fdutils, linux-oem-5.17-tools, linux-headers-5.17.0-1027-oem +Conflicts: linux-image-5.17.0-1028-oem +Suggests: fdutils, linux-oem-5.17-tools, linux-headers-5.17.0-1028-oem Description: Linux kernel image for version 5.17.0 on 64 bit x86 SMP This package contains the unsigned Linux kernel image for version 5.17.0 on 64 bit x86 SMP. @@ -120,12 +120,12 @@ the linux-oem meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-5.17.0-1027-oem +Package: linux-modules-5.17.0-1028-oem Build-Profiles: Architecture: amd64 Section: kernel Priority: optional -Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.17.0-1027-oem | linux-image-unsigned-5.17.0-1027-oem +Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.17.0-1028-oem | linux-image-unsigned-5.17.0-1028-oem Built-Using: ${linux:BuiltUsing} Description: Linux kernel extra modules for version 5.17.0 on 64 bit x86 SMP Contains the corresponding System.map file, the modules built by the @@ -140,12 +140,12 @@ the linux-oem meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-extra-5.17.0-1027-oem +Package: linux-modules-extra-5.17.0-1028-oem Build-Profiles: Architecture: amd64 Section: kernel Priority: optional -Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.17.0-1027-oem | linux-image-unsigned-5.17.0-1027-oem, wireless-regdb +Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.17.0-1028-oem | linux-image-unsigned-5.17.0-1028-oem, wireless-regdb Description: Linux kernel extra modules for version 5.17.0 on 64 bit x86 SMP This package contains the Linux kernel extra modules for version 5.17.0 on 64 bit x86 SMP. @@ -162,21 +162,21 @@ the linux-oem meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-headers-5.17.0-1027-oem +Package: linux-headers-5.17.0-1028-oem Build-Profiles: Architecture: amd64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-oem-5.17-headers-5.17.0-1027, ${shlibs:Depends} +Depends: ${misc:Depends}, linux-oem-5.17-headers-5.17.0-1028, ${shlibs:Depends} Provides: linux-headers, linux-headers-3.0 Description: Linux kernel headers for version 5.17.0 on 64 bit x86 SMP This package provides kernel header files for version 5.17.0 on 64 bit x86 SMP. . This is for sites that want the latest kernel headers. Please read - /usr/share/doc/linux-headers-5.17.0-1027/debian.README.gz for details. + /usr/share/doc/linux-headers-5.17.0-1028/debian.README.gz for details. -Package: linux-image-unsigned-5.17.0-1027-oem-dbgsym +Package: linux-image-unsigned-5.17.0-1028-oem-dbgsym Build-Profiles: Architecture: amd64 Section: devel @@ -193,31 +193,31 @@ is uncompressed, and unstripped. This package also includes the unstripped modules. -Package: linux-tools-5.17.0-1027-oem +Package: linux-tools-5.17.0-1028-oem Build-Profiles: Architecture: amd64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-oem-5.17-tools-5.17.0-1027 -Description: Linux kernel version specific tools for version 5.17.0-1027 +Depends: ${misc:Depends}, linux-oem-5.17-tools-5.17.0-1028 +Description: Linux kernel version specific tools for version 5.17.0-1028 This package provides the architecture dependant parts for kernel version locked tools (such as perf and x86_energy_perf_policy) for - version 5.17.0-1027 on + version 5.17.0-1028 on 64 bit x86. -Package: linux-cloud-tools-5.17.0-1027-oem +Package: linux-cloud-tools-5.17.0-1028-oem Build-Profiles: Architecture: amd64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-oem-5.17-cloud-tools-5.17.0-1027 -Description: Linux kernel version specific cloud tools for version 5.17.0-1027 +Depends: ${misc:Depends}, linux-oem-5.17-cloud-tools-5.17.0-1028 +Description: Linux kernel version specific cloud tools for version 5.17.0-1028 This package provides the architecture dependant parts for kernel - version locked tools for cloud for version 5.17.0-1027 on + version locked tools for cloud for version 5.17.0-1028 on 64 bit x86. -Package: linux-buildinfo-5.17.0-1027-oem +Package: linux-buildinfo-5.17.0-1028-oem Build-Profiles: Architecture: amd64 Section: kernel @@ -231,18 +231,18 @@ You likely do not want to install this package. -Package: linux-modules-ipu6-5.17.0-1027-oem +Package: linux-modules-ipu6-5.17.0-1028-oem Build-Profiles: Architecture: amd64 Section: kernel Priority: optional Depends: ${misc:Depends}, - linux-image-5.17.0-1027-oem | linux-image-unsigned-5.17.0-1027-oem, + linux-image-5.17.0-1028-oem | linux-image-unsigned-5.17.0-1028-oem, Built-Using: ${linux:BuiltUsing} -Description: Linux kernel ipu6 modules for version 5.17.0-1027 +Description: Linux kernel ipu6 modules for version 5.17.0-1028 This package provides the Linux kernel ipu6 modules for version - 5.17.0-1027. + 5.17.0-1028. . You likely do not want to install this package directly. Instead, install the one of the linux-modules-ipu6-oem* meta-packages, @@ -250,18 +250,18 @@ also installed. -Package: linux-modules-ivsc-5.17.0-1027-oem +Package: linux-modules-ivsc-5.17.0-1028-oem Build-Profiles: Architecture: amd64 Section: kernel Priority: optional Depends: ${misc:Depends}, - linux-image-5.17.0-1027-oem | linux-image-unsigned-5.17.0-1027-oem, + linux-image-5.17.0-1028-oem | linux-image-unsigned-5.17.0-1028-oem, Built-Using: ${linux:BuiltUsing} -Description: Linux kernel ivsc modules for version 5.17.0-1027 +Description: Linux kernel ivsc modules for version 5.17.0-1028 This package provides the Linux kernel ivsc modules for version - 5.17.0-1027. + 5.17.0-1028. . You likely do not want to install this package directly. Instead, install the one of the linux-modules-ivsc-oem* meta-packages, @@ -269,18 +269,18 @@ also installed. -Package: linux-modules-iwlwifi-5.17.0-1027-oem +Package: linux-modules-iwlwifi-5.17.0-1028-oem Build-Profiles: Architecture: amd64 Section: kernel Priority: optional Depends: ${misc:Depends}, - linux-image-5.17.0-1027-oem | linux-image-unsigned-5.17.0-1027-oem, + linux-image-5.17.0-1028-oem | linux-image-unsigned-5.17.0-1028-oem, Built-Using: ${linux:BuiltUsing} -Description: Linux kernel iwlwifi modules for version 5.17.0-1027 +Description: Linux kernel iwlwifi modules for version 5.17.0-1028 This package provides the Linux kernel iwlwifi modules for version - 5.17.0-1027. + 5.17.0-1028. . You likely do not want to install this package directly. Instead, install the one of the linux-modules-iwlwifi-oem* meta-packages, diff -u linux-oem-5.17-5.17.0/debian/dkms-versions linux-oem-5.17-5.17.0/debian/dkms-versions --- linux-oem-5.17-5.17.0/debian/dkms-versions +++ linux-oem-5.17-5.17.0/debian/dkms-versions @@ -3,3 +3,3 @@ ivsc-driver 0~git202211241536.70d95269-0ubuntu0.22.04.1 modulename=ivsc debpath=pool/universe/i/%package%/intel-vsc-dkms_%version%_amd64.deb arch=amd64 rprovides=ivsc-modules rprovides=intel-vsc-dkms type=standalone -backport-iwlwifi-dkms 9858-0ubuntu3.1 modulename=iwlwifi debpath=pool/universe/b/%package%/backport-iwlwifi-dkms_%version%_all.deb arch=amd64 rprovides=iwlwifi-modules rprovides=backport-iwlwifi-dkms type=standalone +backport-iwlwifi-dkms 9858-0ubuntu3.2 modulename=iwlwifi debpath=pool/universe/b/%package%/backport-iwlwifi-dkms_%version%_all.deb arch=amd64 rprovides=iwlwifi-modules rprovides=backport-iwlwifi-dkms type=standalone v4l2loopback 0.12.5-1ubuntu5 modulename=v4l2loopback debpath=pool/universe/v/%package%/v4l2loopback-dkms_%version%_all.deb arch=amd64 rprovides=v4l2loopback-modules rprovides=v4l2loopback-dkms diff -u linux-oem-5.17-5.17.0/debian/rules.d/2-binary-arch.mk linux-oem-5.17-5.17.0/debian/rules.d/2-binary-arch.mk --- linux-oem-5.17-5.17.0/debian/rules.d/2-binary-arch.mk +++ linux-oem-5.17-5.17.0/debian/rules.d/2-binary-arch.mk @@ -527,6 +527,8 @@ install -m644 $(abidir)/$*.fwinfo.builtin \ $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/fwinfo.builtin; \ fi + install -m644 $(DROOT)/canonical-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-certs.pem + install -m644 $(DROOT)/canonical-revoked-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-revoked-certs.pem ifneq ($(full_build),false) # Clean out this flavours build directory. diff -u linux-oem-5.17-5.17.0/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c linux-oem-5.17-5.17.0/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c --- linux-oem-5.17-5.17.0/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +++ linux-oem-5.17-5.17.0/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c @@ -2357,8 +2357,16 @@ } adev->ip_blocks[i].status.sw = true; - /* need to do gmc hw init early so we can allocate gpu mem */ - if (adev->ip_blocks[i].version->type == AMD_IP_BLOCK_TYPE_GMC) { + if (adev->ip_blocks[i].version->type == AMD_IP_BLOCK_TYPE_COMMON) { + /* need to do common hw init early so everything is set up for gmc */ + r = adev->ip_blocks[i].version->funcs->hw_init((void *)adev); + if (r) { + DRM_ERROR("hw_init %d failed %d\n", i, r); + goto init_failed; + } + adev->ip_blocks[i].status.hw = true; + } else if (adev->ip_blocks[i].version->type == AMD_IP_BLOCK_TYPE_GMC) { + /* need to do gmc hw init early so we can allocate gpu mem */ /* Try to reserve bad pages early */ if (amdgpu_sriov_vf(adev)) amdgpu_virt_exchange_data(adev); @@ -3016,8 +3024,8 @@ int i, r; static enum amd_ip_block_type ip_order[] = { - AMD_IP_BLOCK_TYPE_GMC, AMD_IP_BLOCK_TYPE_COMMON, + AMD_IP_BLOCK_TYPE_GMC, AMD_IP_BLOCK_TYPE_PSP, AMD_IP_BLOCK_TYPE_IH, }; diff -u linux-oem-5.17-5.17.0/drivers/gpu/drm/amd/amdgpu/soc15.c linux-oem-5.17-5.17.0/drivers/gpu/drm/amd/amdgpu/soc15.c --- linux-oem-5.17-5.17.0/drivers/gpu/drm/amd/amdgpu/soc15.c +++ linux-oem-5.17-5.17.0/drivers/gpu/drm/amd/amdgpu/soc15.c @@ -1262,22 +1262,17 @@ return 0; } -static void soc15_doorbell_range_init(struct amdgpu_device *adev) +static void soc15_sdma_doorbell_range_init(struct amdgpu_device *adev) { int i; - struct amdgpu_ring *ring; - /* sdma/ih doorbell range are programed by hypervisor */ + /* sdma doorbell range is programed by hypervisor */ if (!amdgpu_sriov_vf(adev)) { for (i = 0; i < adev->sdma.num_instances; i++) { - ring = &adev->sdma.instance[i].ring; adev->nbio.funcs->sdma_doorbell_range(adev, i, - ring->use_doorbell, ring->doorbell_index, + true, adev->doorbell_index.sdma_engine[i] << 1, adev->doorbell_index.sdma_doorbell_range); } - - adev->nbio.funcs->ih_doorbell_range(adev, adev->irq.ih.use_doorbell, - adev->irq.ih.doorbell_index); } } @@ -1302,10 +1297,11 @@ soc15_enable_doorbell_aperture(adev, true); /* HW doorbell routing policy: doorbell writing not * in SDMA/IH/MM/ACV range will be routed to CP. So - * we need to init SDMA/IH/MM/ACV doorbell range prior - * to CP ip block init and ring test. + * we need to init SDMA doorbell range prior + * to CP ip block init and ring test. IH already + * happens before CP. */ - soc15_doorbell_range_init(adev); + soc15_sdma_doorbell_range_init(adev); return 0; } diff -u linux-oem-5.17-5.17.0/fs/nfsd/nfs4proc.c linux-oem-5.17-5.17.0/fs/nfsd/nfs4proc.c --- linux-oem-5.17-5.17.0/fs/nfsd/nfs4proc.c +++ linux-oem-5.17-5.17.0/fs/nfsd/nfs4proc.c @@ -1348,13 +1348,6 @@ return status; } -static void -nfsd4_interssc_disconnect(struct vfsmount *ss_mnt) -{ - nfs_do_sb_deactive(ss_mnt->mnt_sb); - mntput(ss_mnt); -} - /* * Verify COPY destination stateid. * @@ -1457,11 +1450,6 @@ { } -static void -nfsd4_interssc_disconnect(struct vfsmount *ss_mnt) -{ -} - static struct file *nfs42_ssc_open(struct vfsmount *ss_mnt, struct nfs_fh *src_fh, nfs4_stateid *stateid) @@ -1619,14 +1607,14 @@ copy->nf_src = kzalloc(sizeof(struct nfsd_file), GFP_KERNEL); if (!copy->nf_src) { copy->nfserr = nfserr_serverfault; - nfsd4_interssc_disconnect(copy->ss_mnt); + /* ss_mnt will be unmounted by the laundromat */ goto do_callback; } copy->nf_src->nf_file = nfs42_ssc_open(copy->ss_mnt, ©->c_fh, ©->stateid); if (IS_ERR(copy->nf_src->nf_file)) { copy->nfserr = nfserr_offload_denied; - nfsd4_interssc_disconnect(copy->ss_mnt); + /* ss_mnt will be unmounted by the laundromat */ goto do_callback; } } @@ -1711,8 +1699,10 @@ if (async_copy) cleanup_async_copy(async_copy); status = nfserrno(-ENOMEM); - if (!copy->cp_intra) - nfsd4_interssc_disconnect(copy->ss_mnt); + /* + * source's vfsmount of inter-copy will be unmounted + * by the laundromat + */ goto out; } diff -u linux-oem-5.17-5.17.0/net/bluetooth/l2cap_core.c linux-oem-5.17-5.17.0/net/bluetooth/l2cap_core.c --- linux-oem-5.17-5.17.0/net/bluetooth/l2cap_core.c +++ linux-oem-5.17-5.17.0/net/bluetooth/l2cap_core.c @@ -111,7 +111,8 @@ } /* Find channel with given SCID. - * Returns locked channel. */ + * Returns a reference locked channel. + */ static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid) { @@ -119,15 +120,19 @@ mutex_lock(&conn->chan_lock); c = __l2cap_get_chan_by_scid(conn, cid); - if (c) - l2cap_chan_lock(c); + if (c) { + /* Only lock if chan reference is not 0 */ + c = l2cap_chan_hold_unless_zero(c); + if (c) + l2cap_chan_lock(c); + } mutex_unlock(&conn->chan_lock); return c; } /* Find channel with given DCID. - * Returns locked channel. + * Returns a reference locked channel. */ static struct l2cap_chan *l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid) @@ -136,8 +141,12 @@ mutex_lock(&conn->chan_lock); c = __l2cap_get_chan_by_dcid(conn, cid); - if (c) - l2cap_chan_lock(c); + if (c) { + /* Only lock if chan reference is not 0 */ + c = l2cap_chan_hold_unless_zero(c); + if (c) + l2cap_chan_lock(c); + } mutex_unlock(&conn->chan_lock); return c; @@ -162,8 +171,12 @@ mutex_lock(&conn->chan_lock); c = __l2cap_get_chan_by_ident(conn, ident); - if (c) - l2cap_chan_lock(c); + if (c) { + /* Only lock if chan reference is not 0 */ + c = l2cap_chan_hold_unless_zero(c); + if (c) + l2cap_chan_lock(c); + } mutex_unlock(&conn->chan_lock); return c; @@ -497,6 +510,16 @@ kref_get(&c->kref); } +struct l2cap_chan *l2cap_chan_hold_unless_zero(struct l2cap_chan *c) +{ + BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref)); + + if (!kref_get_unless_zero(&c->kref)) + return NULL; + + return c; +} + void l2cap_chan_put(struct l2cap_chan *c) { BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref)); @@ -1969,7 +1992,10 @@ src_match = !bacmp(&c->src, src); dst_match = !bacmp(&c->dst, dst); if (src_match && dst_match) { - l2cap_chan_hold(c); + c = l2cap_chan_hold_unless_zero(c); + if (!c) + continue; + read_unlock(&chan_list_lock); return c; } @@ -1984,7 +2010,7 @@ } if (c1) - l2cap_chan_hold(c1); + c1 = l2cap_chan_hold_unless_zero(c1); read_unlock(&chan_list_lock); @@ -4466,6 +4492,7 @@ unlock: l2cap_chan_unlock(chan); + l2cap_chan_put(chan); return err; } @@ -4580,6 +4607,7 @@ done: l2cap_chan_unlock(chan); + l2cap_chan_put(chan); return err; } @@ -5307,6 +5335,7 @@ l2cap_send_move_chan_rsp(chan, result); l2cap_chan_unlock(chan); + l2cap_chan_put(chan); return 0; } @@ -5399,6 +5428,7 @@ } l2cap_chan_unlock(chan); + l2cap_chan_put(chan); } static void l2cap_move_fail(struct l2cap_conn *conn, u8 ident, u16 icid, @@ -5428,6 +5458,7 @@ l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED); l2cap_chan_unlock(chan); + l2cap_chan_put(chan); } static int l2cap_move_channel_rsp(struct l2cap_conn *conn, @@ -5491,6 +5522,7 @@ l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid); l2cap_chan_unlock(chan); + l2cap_chan_put(chan); return 0; } @@ -5526,6 +5558,7 @@ } l2cap_chan_unlock(chan); + l2cap_chan_put(chan); return 0; } @@ -5911,12 +5944,11 @@ if (credits > max_credits) { BT_ERR("LE credits overflow"); l2cap_send_disconn_req(chan, ECONNRESET); - l2cap_chan_unlock(chan); /* Return 0 so that we don't trigger an unnecessary * command reject packet. */ - return 0; + goto unlock; } chan->tx_credits += credits; @@ -5927,7 +5959,9 @@ if (chan->tx_credits) chan->ops->resume(chan); +unlock: l2cap_chan_unlock(chan); + l2cap_chan_put(chan); return 0; } @@ -7659,6 +7693,7 @@ done: l2cap_chan_unlock(chan); + l2cap_chan_put(chan); } static void l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, @@ -8147,7 +8182,7 @@ if (src_type != c->src_type) continue; - l2cap_chan_hold(c); + c = l2cap_chan_hold_unless_zero(c); read_unlock(&chan_list_lock); return c; } diff -u linux-oem-5.17-5.17.0/net/xfrm/xfrm_policy.c linux-oem-5.17-5.17.0/net/xfrm/xfrm_policy.c --- linux-oem-5.17-5.17.0/net/xfrm/xfrm_policy.c +++ linux-oem-5.17-5.17.0/net/xfrm/xfrm_policy.c @@ -2676,8 +2676,10 @@ *num_xfrms = 0; return 0; } - if (IS_ERR(pols[0])) + if (IS_ERR(pols[0])) { + *num_pols = 0; return PTR_ERR(pols[0]); + } *num_xfrms = pols[0]->xfrm_nr; @@ -2692,6 +2694,7 @@ if (pols[1]) { if (IS_ERR(pols[1])) { xfrm_pols_put(pols, *num_pols); + *num_pols = 0; return PTR_ERR(pols[1]); } (*num_pols)++; only in patch2: unchanged: --- linux-oem-5.17-5.17.0.orig/drivers/gpu/drm/amd/amdgpu/vega10_ih.c +++ linux-oem-5.17-5.17.0/drivers/gpu/drm/amd/amdgpu/vega10_ih.c @@ -289,6 +289,10 @@ } } + if (!amdgpu_sriov_vf(adev)) + adev->nbio.funcs->ih_doorbell_range(adev, adev->irq.ih.use_doorbell, + adev->irq.ih.doorbell_index); + pci_set_master(adev->pdev); /* enable interrupts */ only in patch2: unchanged: --- linux-oem-5.17-5.17.0.orig/drivers/gpu/drm/amd/amdgpu/vega20_ih.c +++ linux-oem-5.17-5.17.0/drivers/gpu/drm/amd/amdgpu/vega20_ih.c @@ -340,6 +340,10 @@ } } + if (!amdgpu_sriov_vf(adev)) + adev->nbio.funcs->ih_doorbell_range(adev, adev->irq.ih.use_doorbell, + adev->irq.ih.doorbell_index); + pci_set_master(adev->pdev); /* enable interrupts */ only in patch2: unchanged: --- linux-oem-5.17-5.17.0.orig/drivers/isdn/mISDN/l1oip.h +++ linux-oem-5.17-5.17.0/drivers/isdn/mISDN/l1oip.h @@ -59,6 +59,7 @@ int bundle; /* bundle channels in one frm */ int codec; /* codec to use for transmis. */ int limit; /* limit number of bchannels */ + bool shutdown; /* if card is released */ /* timer */ struct timer_list keep_tl; only in patch2: unchanged: --- linux-oem-5.17-5.17.0.orig/drivers/isdn/mISDN/l1oip_core.c +++ linux-oem-5.17-5.17.0/drivers/isdn/mISDN/l1oip_core.c @@ -275,7 +275,7 @@ p = frame; /* restart timer */ - if (time_before(hc->keep_tl.expires, jiffies + 5 * HZ)) + if (time_before(hc->keep_tl.expires, jiffies + 5 * HZ) && !hc->shutdown) mod_timer(&hc->keep_tl, jiffies + L1OIP_KEEPALIVE * HZ); else hc->keep_tl.expires = jiffies + L1OIP_KEEPALIVE * HZ; @@ -601,7 +601,9 @@ goto multiframe; /* restart timer */ - if (time_before(hc->timeout_tl.expires, jiffies + 5 * HZ) || !hc->timeout_on) { + if ((time_before(hc->timeout_tl.expires, jiffies + 5 * HZ) || + !hc->timeout_on) && + !hc->shutdown) { hc->timeout_on = 1; mod_timer(&hc->timeout_tl, jiffies + L1OIP_TIMEOUT * HZ); } else /* only adjust timer */ @@ -1232,11 +1234,10 @@ { int ch; - if (timer_pending(&hc->keep_tl)) - del_timer(&hc->keep_tl); + hc->shutdown = true; - if (timer_pending(&hc->timeout_tl)) - del_timer(&hc->timeout_tl); + del_timer_sync(&hc->keep_tl); + del_timer_sync(&hc->timeout_tl); cancel_work_sync(&hc->workq); only in patch2: unchanged: --- linux-oem-5.17-5.17.0.orig/drivers/net/wireless/microchip/wilc1000/hif.c +++ linux-oem-5.17-5.17.0/drivers/net/wireless/microchip/wilc1000/hif.c @@ -472,14 +472,25 @@ rsn_ie = cfg80211_find_ie(WLAN_EID_RSN, ies->data, ies->len); if (rsn_ie) { + int rsn_ie_len = sizeof(struct element) + rsn_ie[1]; int offset = 8; - param->mode_802_11i = 2; - param->rsn_found = true; /* extract RSN capabilities */ - offset += (rsn_ie[offset] * 4) + 2; - offset += (rsn_ie[offset] * 4) + 2; - memcpy(param->rsn_cap, &rsn_ie[offset], 2); + if (offset < rsn_ie_len) { + /* skip over pairwise suites */ + offset += (rsn_ie[offset] * 4) + 2; + + if (offset < rsn_ie_len) { + /* skip over authentication suites */ + offset += (rsn_ie[offset] * 4) + 2; + + if (offset + 1 < rsn_ie_len) { + param->mode_802_11i = 2; + param->rsn_found = true; + memcpy(param->rsn_cap, &rsn_ie[offset], 2); + } + } + } } if (param->rsn_found) { only in patch2: unchanged: --- linux-oem-5.17-5.17.0.orig/drivers/usb/mon/mon_bin.c +++ linux-oem-5.17-5.17.0/drivers/usb/mon/mon_bin.c @@ -1268,6 +1268,11 @@ { /* don't do anything here: "fault" will set up page table entries */ vma->vm_ops = &mon_bin_vm_ops; + + if (vma->vm_flags & VM_WRITE) + return -EPERM; + + vma->vm_flags &= ~VM_MAYWRITE; vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP; vma->vm_private_data = filp->private_data; mon_bin_vma_open(vma); only in patch2: unchanged: --- linux-oem-5.17-5.17.0.orig/include/net/bluetooth/l2cap.h +++ linux-oem-5.17-5.17.0/include/net/bluetooth/l2cap.h @@ -847,6 +847,7 @@ }; void l2cap_chan_hold(struct l2cap_chan *c); +struct l2cap_chan *l2cap_chan_hold_unless_zero(struct l2cap_chan *c); void l2cap_chan_put(struct l2cap_chan *c); static inline void l2cap_chan_lock(struct l2cap_chan *chan) only in patch2: unchanged: --- linux-oem-5.17-5.17.0.orig/net/ipv4/inet_connection_sock.c +++ linux-oem-5.17-5.17.0/net/ipv4/inet_connection_sock.c @@ -1035,12 +1035,26 @@ } EXPORT_SYMBOL(inet_csk_prepare_forced_close); +static int inet_ulp_can_listen(const struct sock *sk) +{ + const struct inet_connection_sock *icsk = inet_csk(sk); + + if (icsk->icsk_ulp_ops && !icsk->icsk_ulp_ops->clone) + return -EINVAL; + + return 0; +} + int inet_csk_listen_start(struct sock *sk) { struct inet_connection_sock *icsk = inet_csk(sk); struct inet_sock *inet = inet_sk(sk); int err = -EADDRINUSE; + err = inet_ulp_can_listen(sk); + if (unlikely(err)) + return err; + reqsk_queue_alloc(&icsk->icsk_accept_queue); sk->sk_ack_backlog = 0; only in patch2: unchanged: --- linux-oem-5.17-5.17.0.orig/net/ipv4/tcp_ulp.c +++ linux-oem-5.17-5.17.0/net/ipv4/tcp_ulp.c @@ -136,6 +136,10 @@ if (icsk->icsk_ulp_ops) goto out_err; + err = -ENOTCONN; + if (!ulp_ops->clone && sk->sk_state == TCP_LISTEN) + goto out_err; + err = ulp_ops->init(sk); if (err) goto out_err; only in patch2: unchanged: --- linux-oem-5.17-5.17.0.orig/tools/testing/selftests/net/arp_ndisc_evict_nocarrier.sh +++ linux-oem-5.17-5.17.0/tools/testing/selftests/net/arp_ndisc_evict_nocarrier.sh @@ -18,14 +18,15 @@ readonly V6_ADDR0=2001:db8:91::1 readonly V6_ADDR1=2001:db8:91::2 nsid=100 +ret=0 cleanup_v6() { ip netns del me ip netns del peer - sysctl -w net.ipv4.conf.veth0.ndisc_evict_nocarrier=1 >/dev/null 2>&1 - sysctl -w net.ipv4.conf.all.ndisc_evict_nocarrier=1 >/dev/null 2>&1 + sysctl -w net.ipv6.conf.veth1.ndisc_evict_nocarrier=1 >/dev/null 2>&1 + sysctl -w net.ipv6.conf.all.ndisc_evict_nocarrier=1 >/dev/null 2>&1 } create_ns() @@ -61,7 +62,7 @@ if [ $? -ne 0 ]; then cleanup_v6 echo "failed" - exit + exit 1 fi # Set veth2 down, which will put veth1 in NOCARRIER state @@ -88,7 +89,7 @@ if [ $? -ne 0 ]; then cleanup_v4 echo "failed" - exit + exit 1 fi # Set veth1 down, which will put veth0 in NOCARRIER state @@ -115,6 +116,7 @@ if [ $? -eq 0 ];then echo "failed" + ret=1 else echo "ok" fi @@ -134,6 +136,7 @@ echo "ok" else echo "failed" + ret=1 fi cleanup_v4 @@ -164,6 +167,7 @@ if [ $? -eq 0 ];then echo "failed" + ret=1 else echo "ok" fi @@ -182,6 +186,7 @@ echo "ok" else echo "failed" + ret=1 fi cleanup_v6 @@ -198,6 +203,7 @@ echo "ok" else echo "failed" + ret=1 fi cleanup_v6 @@ -218,3 +224,4 @@ fi run_all_tests +exit $ret