DLPX-92456 Cherry-pick Delphix commits of linux-kernel-azure for LTS upgrade #41
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ Upstream commit 4ed886b187f47447ad559619c48c086f432d2b77 ] - It missed to check validation of fault attrs in parse_options(), let's fix to add check condition in f2fs_build_fault_attr(). - Use f2fs_build_fault_attr() in __sbi_store() to clean up code. Signed-off-by: Chao Yu <[email protected]> Signed-off-by: Jaegeuk Kim <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit ecb641f424d6d1f055d149a15b892edcc92c504b linux-6.9.y) CVE-2024-42160 Signed-off-by: Massimiliano Pellizzer <[email protected]> Acked-by: Aaron Jauregui <[email protected]> Acked-by: Kuan-Ying Lee <[email protected]> Signed-off-by: Manuel Diewald <[email protected]>
commit 0d8968287a1cf7b03d07387dc871de3861b9f6b9 upstream.
When building without CONFIG_F2FS_FAULT_INJECTION, there is a warning
from each file that includes f2fs.h because the stub for
f2fs_build_fault_attr() is missing inline:
In file included from fs/f2fs/segment.c:21:
fs/f2fs/f2fs.h:4605:12: warning: 'f2fs_build_fault_attr' defined but not used [-Wunused-function]
4605 | static int f2fs_build_fault_attr(struct f2fs_sb_info *sbi, unsigned long rate,
| ^~~~~~~~~~~~~~~~~~~~~
Add the missing inline to resolve all of the warnings for this
configuration.
Fixes: 4ed886b187f4 ("f2fs: check validation of fault attrs in f2fs_build_fault_attr()")
Signed-off-by: Nathan Chancellor <[email protected]>
Reviewed-by: Chao Yu <[email protected]>
Signed-off-by: Jaegeuk Kim <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
(cherry picked from commit 72d0e1dec7914b36beb4f3c7fe3a4c01cbb018ee linux-6.9.y)
CVE-2024-42160
Signed-off-by: Massimiliano Pellizzer <[email protected]>
Acked-by: Aaron Jauregui <[email protected]>
Acked-by: Kuan-Ying Lee <[email protected]>
Signed-off-by: Manuel Diewald <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2076435 [ Upstream commit cfa1a2329a691ffd991fcf7248a57d752e712881 ] The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer counter to show which logical position the consumer consumed the data, and producer_pos which is the producer counter denoting the amount of data reserved by all producers. Each time a record is reserved, the producer that "owns" the record will successfully advance producer counter. In user space each time a record is read, the consumer of the data advanced the consumer counter once it finished processing. Both counters are stored in separate pages so that from user space, the producer counter is read-only and the consumer counter is read-write. One aspect that simplifies and thus speeds up the implementation of both producers and consumers is how the data area is mapped twice contiguously back-to-back in the virtual memory, allowing to not take any special measures for samples that have to wrap around at the end of the circular buffer data area, because the next page after the last data page would be first data page again, and thus the sample will still appear completely contiguous in virtual memory. Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for book-keeping the length and offset, and is inaccessible to the BPF program. Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ` for the BPF program to use. Bing-Jhong and Muhammad reported that it is however possible to make a second allocated memory chunk overlapping with the first chunk and as a result, the BPF program is now able to edit first chunk's header. For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in [0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets allocate a chunk B with size 0x3000. This will succeed because consumer_pos was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask` check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data pages. This means that chunk B at [0x4000,0x4008] is chunk A's header. bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong page and could cause a crash. Fix it by calculating the oldest pending_pos and check whether the range from the oldest outstanding record to the newest would span beyond the ring buffer size. If that is the case, then reject the request. We've tested with the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh) before/after the fix and while it seems a bit slower on some benchmarks, it is still not significantly enough to matter. Fixes: 457f443 ("bpf: Implement BPF ring buffer and verifier support for it") Reported-by: Bing-Jhong Billy Jheng <[email protected]> Reported-by: Muhammad Ramdhan <[email protected]> Co-developed-by: Bing-Jhong Billy Jheng <[email protected]> Co-developed-by: Andrii Nakryiko <[email protected]> Signed-off-by: Bing-Jhong Billy Jheng <[email protected]> Signed-off-by: Andrii Nakryiko <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Signed-off-by: Andrii Nakryiko <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Portia Stephens <[email protected]> Signed-off-by: Roxana Nicolescu <[email protected]> CVE-2024-41009 Signed-off-by: Manuel Diewald <[email protected]>
Ignore: yes Signed-off-by: Manuel Diewald <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2078100 Properties: no-test-build Signed-off-by: Manuel Diewald <[email protected]>
…-versions (main/s2024.08.05) BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Manuel Diewald <[email protected]>
Signed-off-by: Manuel Diewald <[email protected]>
There is a bug in netem_enqueue() introduced by commit 5845f70 ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") that can lead to a use-after-free. This commit made netem_enqueue() always return NET_XMIT_SUCCESS when a packet is duplicated, which can cause the parent qdisc's q.qlen to be mistakenly incremented. When this happens qlen_notify() may be skipped on the parent during destruction, leaving a dangling pointer for some classful qdiscs like DRR. There are two ways for the bug happen: - If the duplicated packet is dropped by rootq->enqueue() and then the original packet is also dropped. - If rootq->enqueue() sends the duplicated packet to a different qdisc and the original packet is dropped. In both cases NET_XMIT_SUCCESS is returned even though no packets are enqueued at the netem qdisc. The fix is to defer the enqueue of the duplicate packet until after the original packet has been guaranteed to return NET_XMIT_SUCCESS. Fixes: 5845f70 ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") Reported-by: Budimir Markovic <[email protected]> Signed-off-by: Stephen Hemminger <[email protected]> Reviewed-by: Simon Horman <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> CVE-2024-45016 (cherry picked from commit c07ff8592d57ed258afee5a5e04991a48dbaf382) Signed-off-by: Ian Whitfield <[email protected]> Acked-by: Magali Lemes <[email protected]> Acked-by: Jacob Martin <[email protected]> Signed-off-by: Stefan Bader <[email protected]>
Ignore: yes Signed-off-by: Manuel Diewald <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2082118 Properties: no-test-build Signed-off-by: Manuel Diewald <[email protected]>
Signed-off-by: Manuel Diewald <[email protected]>
Signed-off-by: Tim Gardner <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Tim Gardner <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Tim Gardner <[email protected]>
Ignore: yes Signed-off-by: Tim Gardner <[email protected]>
Signed-off-by: Tim Gardner <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1959703 Properties: no-test-build Signed-off-by: Tim Gardner <[email protected]>
Prevents kernel panic. LSMBLOB_ENTRIES does not provide sufficient space. SAUCE patches have not kept up with the increasing number of LSMs. Signed-off-by: Tim Gardner <[email protected]>
Signed-off-by: Tim Gardner <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1958990 Add module parameters and code to allow pinning a TCP connection to a specific server. See upstream discussion at: https://www.spinics.net/lists/linux-nfs/msg83074.html This patch is a consolidated and simplified backport of the logic required to implement pinning to one connection. With the author's permission I have changed the default sense for the module parameter 'enable_azure_nconnect' to false in order to preserve existing behavior. This logic isn't enabled unless the module parameter enable_azure_nconnect=true. Signed-off-by: Tim Gardner <[email protected]> Acked-by: Stefan Bader <[email protected]> Acked-by: Marcelo Cerri <[email protected]> Signed-off-by: Tim Gardner <[email protected]>
Added annotation enforcement. Signed-off-by: Tim Gardner <[email protected]>
Ignore: yes Signed-off-by: Tim Gardner <[email protected]>
We need pahole >= 1.21 to properly support BTF, pahole used to be
provided by dwarves, but this package is going to be renamed into pahole
starting with jammy.
So to be as generic as possible, and facilitate the porting of this rule
across all kernels, specify a single dependency as following:
- if we are in jammy => just depend on pahole
- all the releases < jammy => depend on dwarves >= 1.21
Also add riscv64 to the list of architectures that require pahole.
Signed-off-by: Andrea Righi <[email protected]>
Copied from master
Signed-off-by: Tim Gardner <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1960267 Properties: no-test-build Signed-off-by: Tim Gardner <[email protected]>
Signed-off-by: Tim Gardner <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1960539 Signed-off-by: Tim Gardner <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1960539 Azure Blob provides scalable, secure and shared storage services for the internet. This driver adds support for accelerated access to Azure Blob storage for Azure VMs. As an alternative to using REST APIs over HTTP for Blob access, an Azure VM can use this driver to send Blob requests to Azure host. Azure host uses its native network to perform Blob requests directly to Blob servers. Signed-off-by: Long Li <[email protected]> Signed-off-by: Tim Gardner <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Dimitri John Ledkov <[email protected]>
Ignore: yes Signed-off-by: Tim Gardner <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1965771 Properties: no-test-build Signed-off-by: Tim Gardner <[email protected]>
…SNP due to a paravisor bug" BugLink: https://bugs.launchpad.net/bugs/2079841 This reverts commit 8ce273422c040ec77c8bfa58c7d7dbbb570710d0. Signed-off-by: John Cabaj <[email protected]> Acked-by: Thibault Ferrante <[email protected]> Acked-by: Magali Lemes <[email protected]> Signed-off-by: John Cabaj <[email protected]>
Ignore: yes Signed-off-by: John Cabaj <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2082092 Properties: no-test-build Signed-off-by: John Cabaj <[email protected]>
Signed-off-by: John Cabaj <[email protected]>
This is a placeholder commit to separate the Ubuntu kernel source and our patches. Used by kernel_merge_with_upstream() in the linux-pkg repo.
Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Dmitry Bogdanov <[email protected]> Signed-off-by: Mike Christie <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> Co-authored-by: Dmitry Bogdanov <[email protected]>
prakashsurya
approved these changes
Oct 24, 2024
jwk404
approved these changes
Oct 24, 2024
palash-gandhi
changed the title
|
This was in fact merged into |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change cherry-picks the Delphix patch set from
developonto a branch forked off ofupstreams/os-upgrade.upstreams/os-upgradecurrently has commits from Linux kernel 6.8, the version that ships with Ubuntu 24.04. I ran the following command to perform the cherry-pick:Here's the actual diff between upstreams/os-upgrade and os-upgrade: upstreams/os-upgrade...dlpx/pr/palash.gandhi/azure
Additional changes that were required:
build-package: https://ops-jenkins.eng-tools-prd.aws.delphixcloud.com/job/linux-pkg/job/os-upgrade/job/build-package/job/linux-kernel-azure/job/pre-push/4/console