From c411185420d1bbeae869fbc675aef5660a0fec4b Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Mon, 28 Mar 2022 09:21:45 -0500 Subject: kernel-5.16.18-0 * Mon Mar 28 2022 Justin M. Forbes [5.16.18-0] - Revert "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" (Linus Torvalds) - Fix RHDISTGIT for Fedora (Justin M. Forbes) - Fix up changelog (Justin M. Forbes) Resolves: rhbz# Signed-off-by: Justin M. Forbes --- Patchlist.changelog | 3 ++ kernel.spec | 12 ++--- patch-5.16-redhat.patch | 114 ++++++++++++++++++++++++++++++++++-------------- sources | 6 +-- 4 files changed, 95 insertions(+), 40 deletions(-) diff --git a/Patchlist.changelog b/Patchlist.changelog index 9dd29dbcd..91c4e264f 100644 --- a/Patchlist.changelog +++ b/Patchlist.changelog @@ -1,3 +1,6 @@ +https://gitlab.com/cki-project/kernel-ark/-/commit/dfd1a798f126547c4a9f0b4aab00046b88358f0d + dfd1a798f126547c4a9f0b4aab00046b88358f0d Revert "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" + https://gitlab.com/cki-project/kernel-ark/-/commit/dfe21b33039e0c863a4e41a8e8508fa6af46bad8 dfe21b33039e0c863a4e41a8e8508fa6af46bad8 drm/mgag200: Fix PLL setup for g200wb and g200ew diff --git a/kernel.spec b/kernel.spec index 807730f65..bcab9abf4 100755 --- a/kernel.spec +++ b/kernel.spec @@ -130,7 +130,7 @@ Summary: The Linux kernel # The kernel tarball/base version %define kversion 5.16 -%define rpmversion 5.16.17 +%define rpmversion 5.16.18 %define patchversion 5.16 %define pkgrelease 100 @@ -692,7 +692,7 @@ BuildRequires: lld # exact git commit you can run # # xzcat -qq ${TARBALL} | git get-tar-commit-id -Source0: linux-5.16.17.tar.xz +Source0: linux-5.16.18.tar.xz Source1: Makefile.rhelver @@ -1386,8 +1386,8 @@ ApplyOptionalPatch() fi } -%setup -q -n kernel-5.16.17 -c -mv linux-5.16.17 linux-%{KVERREL} +%setup -q -n kernel-5.16.18 -c +mv linux-5.16.18 linux-%{KVERREL} cd linux-%{KVERREL} cp -a %{SOURCE1} . @@ -2985,7 +2985,9 @@ fi # # %changelog -* Wed Mar 23 2022 Justin M. Forbes [5.16.17-100] +* Mon Mar 28 2022 Justin M. Forbes [5.16.18-0] +- Revert "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" (Linus Torvalds) +- Fix RHDISTGIT for Fedora (Justin M. Forbes) - Fix up changelog (Justin M. Forbes) * Wed Mar 23 2022 Justin M. Forbes [5.16.17-0] diff --git a/patch-5.16-redhat.patch b/patch-5.16-redhat.patch index 87ffea7f0..36d48d614 100644 --- a/patch-5.16-redhat.patch +++ b/patch-5.16-redhat.patch @@ -1,3 +1,4 @@ + Documentation/core-api/dma-attributes.rst | 8 ++ Makefile | 4 + arch/arm/Kconfig | 4 +- arch/arm64/Kconfig | 3 +- @@ -25,7 +26,6 @@ drivers/net/wireless/ath/ath11k/core.h | 1 + drivers/net/wireless/ath/ath11k/mhi.c | 1 + drivers/net/wireless/ath/ath11k/pci.c | 16 ++- - drivers/nfc/st21nfca/se.c | 10 ++ drivers/nvme/host/core.c | 22 +++- drivers/nvme/host/multipath.c | 19 ++-- drivers/nvme/host/nvme.h | 4 + @@ -36,6 +36,7 @@ fs/nfs/nfs4_fs.h | 9 +- fs/nfs/nfs4proc.c | 76 ++----------- fs/nfs/nfs4state.c | 3 +- + include/linux/dma-mapping.h | 8 ++ include/linux/efi.h | 22 ++-- include/linux/lsm_hook_defs.h | 2 + include/linux/lsm_hooks.h | 6 + @@ -44,6 +45,7 @@ include/linux/rmi.h | 1 + include/linux/security.h | 5 + include/net/netfilter/nf_conntrack.h | 1 + + kernel/dma/swiotlb.c | 23 ++-- kernel/module_signing.c | 9 +- net/netfilter/nf_conntrack_core.c | 3 + net/netfilter/nf_nat_core.c | 43 ++++++- @@ -53,10 +55,26 @@ security/lockdown/lockdown.c | 1 + security/security.c | 6 + tools/testing/selftests/netfilter/nft_nat.sh | 5 +- - 55 files changed, 821 insertions(+), 284 deletions(-) - + 57 files changed, 835 insertions(+), 299 deletions(-) + +diff --git a/Documentation/core-api/dma-attributes.rst b/Documentation/core-api/dma-attributes.rst +index 1887d92e8e92..17706dc91ec9 100644 +--- a/Documentation/core-api/dma-attributes.rst ++++ b/Documentation/core-api/dma-attributes.rst +@@ -130,3 +130,11 @@ accesses to DMA buffers in both privileged "supervisor" and unprivileged + subsystem that the buffer is fully accessible at the elevated privilege + level (and ideally inaccessible or at least read-only at the + lesser-privileged levels). ++ ++DMA_ATTR_OVERWRITE ++------------------ ++ ++This is a hint to the DMA-mapping subsystem that the device is expected to ++overwrite the entire mapped size, thus the caller does not require any of the ++previous buffer contents to be preserved. This allows bounce-buffering ++implementations to optimise DMA_FROM_DEVICE transfers. diff --git a/Makefile b/Makefile -index 0ca39c16b3bf..5e51ad0402d1 100644 +index f47cecba0618..cbac049b97a3 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ @@ -1373,34 +1391,6 @@ index 4c348bacf2cb..9fe496d35b38 100644 dev_err(&pdev->dev, "Unsupported WCN6855 SOC hardware version: %d %d\n", soc_hw_version_major, soc_hw_version_minor); ret = -EOPNOTSUPP; -diff --git a/drivers/nfc/st21nfca/se.c b/drivers/nfc/st21nfca/se.c -index a43fc4117fa5..c922f10d0d7b 100644 ---- a/drivers/nfc/st21nfca/se.c -+++ b/drivers/nfc/st21nfca/se.c -@@ -316,6 +316,11 @@ int st21nfca_connectivity_event_received(struct nfc_hci_dev *hdev, u8 host, - return -ENOMEM; - - transaction->aid_len = skb->data[1]; -+ -+ /* Checking if the length of the AID is valid */ -+ if (transaction->aid_len > sizeof(transaction->aid)) -+ return -EINVAL; -+ - memcpy(transaction->aid, &skb->data[2], - transaction->aid_len); - -@@ -325,6 +330,11 @@ int st21nfca_connectivity_event_received(struct nfc_hci_dev *hdev, u8 host, - return -EPROTO; - - transaction->params_len = skb->data[transaction->aid_len + 3]; -+ -+ /* Total size is allocated (skb->len - 2) minus fixed array members */ -+ if (transaction->params_len > ((skb->len - 2) - sizeof(struct nfc_evt_transaction))) -+ return -EINVAL; -+ - memcpy(transaction->params, skb->data + - transaction->aid_len + 4, transaction->params_len); - diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index 5785f6abf194..7fc5f15a4b78 100644 --- a/drivers/nvme/host/core.c @@ -1824,6 +1814,25 @@ index 499bef9fe118..f3265575c28d 100644 if (result) { dprintk("<-- %s: failed to retrieve fs_locations: %d\n", __func__, result); +diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h +index dca2b1355bb1..6150d11a607e 100644 +--- a/include/linux/dma-mapping.h ++++ b/include/linux/dma-mapping.h +@@ -61,6 +61,14 @@ + */ + #define DMA_ATTR_PRIVILEGED (1UL << 9) + ++/* ++ * This is a hint to the DMA-mapping subsystem that the device is expected ++ * to overwrite the entire mapped size, thus the caller does not require any ++ * of the previous buffer contents to be preserved. This allows ++ * bounce-buffering implementations to optimise DMA_FROM_DEVICE transfers. ++ */ ++#define DMA_ATTR_OVERWRITE (1UL << 10) ++ + /* + * A dma_addr_t can hold any valid DMA or bus address for the platform. It can + * be given to a device to use as a DMA source or target. It is specific to a diff --git a/include/linux/efi.h b/include/linux/efi.h index ef8dbc0a1522..836a5dfc6156 100644 --- a/include/linux/efi.h @@ -2006,6 +2015,47 @@ index d24b0a34c8f0..871489df63c6 100644 possible_net_t ct_net; #if IS_ENABLED(CONFIG_NF_NAT) +diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c +index e7f138c7636c..d958b1201092 100644 +--- a/kernel/dma/swiotlb.c ++++ b/kernel/dma/swiotlb.c +@@ -581,14 +581,10 @@ phys_addr_t swiotlb_tbl_map_single(struct device *dev, phys_addr_t orig_addr, + for (i = 0; i < nr_slots(alloc_size + offset); i++) + mem->slots[index + i].orig_addr = slot_addr(orig_addr, i); + tlb_addr = slot_addr(mem->start, index) + offset; +- /* +- * When dir == DMA_FROM_DEVICE we could omit the copy from the orig +- * to the tlb buffer, if we knew for sure the device will +- * overwirte the entire current content. But we don't. Thus +- * unconditional bounce may prevent leaking swiotlb content (i.e. +- * kernel memory) to user-space. +- */ +- swiotlb_bounce(dev, tlb_addr, mapping_size, DMA_TO_DEVICE); ++ if (!(attrs & DMA_ATTR_SKIP_CPU_SYNC) && ++ (!(attrs & DMA_ATTR_OVERWRITE) || dir == DMA_TO_DEVICE || ++ dir == DMA_BIDIRECTIONAL)) ++ swiotlb_bounce(dev, tlb_addr, mapping_size, DMA_TO_DEVICE); + return tlb_addr; + } + +@@ -655,13 +651,10 @@ void swiotlb_tbl_unmap_single(struct device *dev, phys_addr_t tlb_addr, + void swiotlb_sync_single_for_device(struct device *dev, phys_addr_t tlb_addr, + size_t size, enum dma_data_direction dir) + { +- /* +- * Unconditional bounce is necessary to avoid corruption on +- * sync_*_for_cpu or dma_ummap_* when the device didn't overwrite +- * the whole lengt of the bounce buffer. +- */ +- swiotlb_bounce(dev, tlb_addr, size, DMA_TO_DEVICE); +- BUG_ON(!valid_dma_direction(dir)); ++ if (dir == DMA_TO_DEVICE || dir == DMA_BIDIRECTIONAL) ++ swiotlb_bounce(dev, tlb_addr, size, DMA_TO_DEVICE); ++ else ++ BUG_ON(dir != DMA_FROM_DEVICE); + } + + void swiotlb_sync_single_for_cpu(struct device *dev, phys_addr_t tlb_addr, diff --git a/kernel/module_signing.c b/kernel/module_signing.c index 8723ae70ea1f..fb2d773498c2 100644 --- a/kernel/module_signing.c diff --git a/sources b/sources index d1c287200..5e632cbcc 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-5.16.17.tar.xz) = 94b6b5fbd0beeee57be06205e568779d9e87116274f8ca958874c26445c60fdedc09c2137b424b524572992ee1a8b0e4cb3af5b461e0e4c4554615b7607bf8b5 -SHA512 (kernel-abi-stablelists-5.16.17-100.tar.bz2) = cf7976832c0457cca59febf20af215784c7436296b99ac624e3dd8ee3d24e0651bd369db9c4f2c8f9700223b63d046ca3491ba6987c0cbd28b2cd921e7b633d0 -SHA512 (kernel-kabi-dw-5.16.17-100.tar.bz2) = eac3ce7bbfea8fe9d7fbac3edc9bc301fdd9af9958a3e54b4d5652f71f066511e7099b7026258b7fc929a383ceeb329dc8d5bb358aa8997fd1d9ae8117b5c5c8 +SHA512 (linux-5.16.18.tar.xz) = 4d7fdf6d4ac5e4dcbb9ecc2b3fb3dd2aaa7f735e37797ce3f37831daf6c0e0fe08b5cf9b7f74b5ea3dd5b55c9785b5ee0789be0e17e73b5c48a98f47be8df4c7 +SHA512 (kernel-abi-stablelists-5.16.18-100.tar.bz2) = 3fe7950f0327080f1c9fd4b33e1da81e26481516585bf602ca7467ded0e90d313cc4c3b21f1723dd255143a21c8bf06d74ac850b13d388dcccd6ee1ce26af9f6 +SHA512 (kernel-kabi-dw-5.16.18-100.tar.bz2) = fdb8e55efa441e294994fdffc2cfb53ffb5ef93c6014e2498de3e19e5e862f446dd36c3186ee1dcee2abeca4b4f7652ff4aa5975d4283c117e585cf8ed3ab136 -- cgit