diff --git a/0002-sunrpc_add_api_to_support_enfs_registe_and_create_multipath_then_dispatch_IO.patch b/0002-sunrpc_add_api_to_support_enfs_registe_and_create_multipath_then_dispatch_IO.patch index a3da02e..1191b29 100644 --- a/0002-sunrpc_add_api_to_support_enfs_registe_and_create_multipath_then_dispatch_IO.patch +++ b/0002-sunrpc_add_api_to_support_enfs_registe_and_create_multipath_then_dispatch_IO.patch @@ -1,11 +1,11 @@ diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h -index 8aa865b..0425aaa 100644 +index 5803a6891b30..eadfe3274a99 100644 --- a/include/linux/sunrpc/clnt.h +++ b/include/linux/sunrpc/clnt.h -@@ -70,6 +70,10 @@ struct rpc_clnt { - struct dentry *cl_debugfs; /* debugfs directory */ +@@ -71,6 +71,10 @@ struct rpc_clnt { #endif struct rpc_xprt_iter cl_xpi; + struct super_block *pipefs_sb; + +#if IS_ENABLED(CONFIG_ENFS) + bool cl_enfs; @@ -13,7 +13,7 @@ index 8aa865b..0425aaa 100644 }; /* -@@ -124,6 +128,9 @@ struct rpc_create_args { +@@ -125,6 +129,9 @@ struct rpc_create_args { unsigned long flags; char *client_name; struct svc_xprt *bc_xprt; /* NFSv4.1 backchannel */ @@ -23,7 +23,7 @@ index 8aa865b..0425aaa 100644 }; struct rpc_add_xprt_test { -@@ -221,6 +228,13 @@ bool rpc_clnt_xprt_switch_has_addr(struct rpc_clnt *clnt, +@@ -222,6 +229,13 @@ bool rpc_clnt_xprt_switch_has_addr(struct rpc_clnt *clnt, const struct sockaddr *sap); void rpc_cleanup_clids(void); @@ -38,7 +38,7 @@ index 8aa865b..0425aaa 100644 { return (task->tk_msg.rpc_proc != NULL) && diff --git a/include/linux/sunrpc/sched.h b/include/linux/sunrpc/sched.h -index ad2e243..124f5a0 100644 +index ad2e243f3f03..124f5a0faf3e 100644 --- a/include/linux/sunrpc/sched.h +++ b/include/linux/sunrpc/sched.h @@ -90,6 +90,9 @@ struct rpc_task { @@ -73,7 +73,7 @@ index ad2e243..124f5a0 100644 { diff --git a/include/linux/sunrpc/sunrpc_enfs_adapter.h b/include/linux/sunrpc/sunrpc_enfs_adapter.h new file mode 100644 -index 0000000..cdd7fa6 +index 000000000000..cdd7fa699db2 --- /dev/null +++ b/include/linux/sunrpc/sunrpc_enfs_adapter.h @@ -0,0 +1,135 @@ @@ -213,7 +213,7 @@ index 0000000..cdd7fa6 +#endif +#endif // _SUNRPC_ENFS_ADAPTER_H_ diff --git a/include/linux/sunrpc/xprt.h b/include/linux/sunrpc/xprt.h -index ccfacca..2e47b35 100644 +index ccfacca1eba9..2e47b3577947 100644 --- a/include/linux/sunrpc/xprt.h +++ b/include/linux/sunrpc/xprt.h @@ -279,6 +279,10 @@ struct rpc_xprt { @@ -228,7 +228,7 @@ index ccfacca..2e47b35 100644 #if defined(CONFIG_SUNRPC_BACKCHANNEL) diff --git a/include/linux/sunrpc/xprtmultipath.h b/include/linux/sunrpc/xprtmultipath.h -index af1257c..5677a46 100644 +index af1257c030d2..5677a46eec3b 100644 --- a/include/linux/sunrpc/xprtmultipath.h +++ b/include/linux/sunrpc/xprtmultipath.h @@ -22,6 +22,11 @@ struct rpc_xprt_switch { @@ -253,7 +253,7 @@ index af1257c..5677a46 100644 +#endif #endif diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c -index 0fc540b..ebdcd02 100644 +index 1b224caf9a70..02633da2e506 100644 --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c @@ -37,6 +37,7 @@ @@ -264,7 +264,7 @@ index 0fc540b..ebdcd02 100644 #include #include "sunrpc.h" -@@ -490,6 +491,8 @@ static struct rpc_clnt *rpc_create_xprt(struct rpc_create_args *args, +@@ -493,6 +494,8 @@ static struct rpc_clnt *rpc_create_xprt(struct rpc_create_args *args, } } @@ -273,7 +273,7 @@ index 0fc540b..ebdcd02 100644 clnt->cl_softrtry = 1; if (args->flags & RPC_CLNT_CREATE_HARDRTRY) clnt->cl_softrtry = 0; -@@ -869,6 +872,8 @@ void rpc_shutdown_client(struct rpc_clnt *clnt) +@@ -872,6 +875,8 @@ void rpc_shutdown_client(struct rpc_clnt *clnt) list_empty(&clnt->cl_tasks), 1*HZ); } @@ -282,7 +282,7 @@ index 0fc540b..ebdcd02 100644 rpc_release_client(clnt); } EXPORT_SYMBOL_GPL(rpc_shutdown_client); -@@ -981,6 +986,12 @@ void rpc_task_release_transport(struct rpc_task *task) +@@ -984,6 +989,12 @@ void rpc_task_release_transport(struct rpc_task *task) if (xprt) { task->tk_xprt = NULL; @@ -295,7 +295,7 @@ index 0fc540b..ebdcd02 100644 xprt_put(xprt); } } -@@ -990,6 +1001,10 @@ void rpc_task_release_client(struct rpc_task *task) +@@ -993,6 +1004,10 @@ void rpc_task_release_client(struct rpc_task *task) { struct rpc_clnt *clnt = task->tk_client; @@ -306,7 +306,7 @@ index 0fc540b..ebdcd02 100644 if (clnt != NULL) { /* Remove from client task list */ spin_lock(&clnt->cl_lock); -@@ -999,14 +1014,31 @@ void rpc_task_release_client(struct rpc_task *task) +@@ -1002,14 +1017,31 @@ void rpc_task_release_client(struct rpc_task *task) rpc_release_client(clnt); } @@ -339,7 +339,7 @@ index 0fc540b..ebdcd02 100644 } static -@@ -1597,6 +1629,14 @@ call_reserveresult(struct rpc_task *task) +@@ -1600,6 +1632,14 @@ call_reserveresult(struct rpc_task *task) return; case -EIO: /* probably a shutdown */ break; @@ -354,7 +354,7 @@ index 0fc540b..ebdcd02 100644 default: printk(KERN_ERR "%s: unrecognized error %d, exiting\n", __func__, status); -@@ -1962,6 +2002,10 @@ call_transmit(struct rpc_task *task) +@@ -1965,6 +2005,10 @@ call_transmit(struct rpc_task *task) return; if (!xprt_prepare_transmit(task)) return; @@ -365,7 +365,7 @@ index 0fc540b..ebdcd02 100644 task->tk_action = call_transmit_status; /* Encode here so that rpcsec_gss can use correct sequence number. */ if (rpc_task_need_encode(task)) { -@@ -2277,6 +2321,7 @@ call_timeout(struct rpc_task *task) +@@ -2280,6 +2324,7 @@ call_timeout(struct rpc_task *task) retry: task->tk_action = call_bind; @@ -373,7 +373,7 @@ index 0fc540b..ebdcd02 100644 task->tk_status = 0; } -@@ -2798,8 +2843,12 @@ int rpc_clnt_add_xprt(struct rpc_clnt *clnt, +@@ -2801,8 +2846,12 @@ int rpc_clnt_add_xprt(struct rpc_clnt *clnt, xprt->ops->set_connect_timeout(xprt, connect_timeout, reconnect_timeout); @@ -387,7 +387,7 @@ index 0fc540b..ebdcd02 100644 if (setup) { ret = setup(clnt, xps, xprt, data); if (ret != 0) -@@ -2961,3 +3010,30 @@ rpc_clnt_swap_deactivate(struct rpc_clnt *clnt) +@@ -2964,3 +3013,30 @@ rpc_clnt_swap_deactivate(struct rpc_clnt *clnt) } EXPORT_SYMBOL_GPL(rpc_clnt_swap_deactivate); #endif /* CONFIG_SUNRPC_SWAP */ @@ -419,7 +419,7 @@ index 0fc540b..ebdcd02 100644 +EXPORT_SYMBOL_GPL(rpc_clnt_test_xprt); +#endif diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c -index a873c92..2254fea 100644 +index a873c92a4898..2254fea0e863 100644 --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c @@ -20,7 +20,7 @@ @@ -446,7 +446,7 @@ index a873c92..2254fea 100644 task->tk_action = rpc_prepare_task; diff --git a/net/sunrpc/sunrpc_enfs_adapter.c b/net/sunrpc/sunrpc_enfs_adapter.c new file mode 100644 -index 0000000..106ad73 +index 000000000000..106ad7309bef --- /dev/null +++ b/net/sunrpc/sunrpc_enfs_adapter.c @@ -0,0 +1,225 @@ @@ -676,7 +676,7 @@ index 0000000..106ad73 + rpc_multipath_ops_put(mops); +} diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c -index c912bf2..c2b63b3 100644 +index c912bf20faa2..c2b63b3d5217 100644 --- a/net/sunrpc/xprt.c +++ b/net/sunrpc/xprt.c @@ -48,6 +48,7 @@ @@ -687,7 +687,7 @@ index c912bf2..c2b63b3 100644 #include #include -@@ -259,6 +260,9 @@ out_sleep: +@@ -259,6 +260,9 @@ int xprt_reserve_xprt(struct rpc_xprt *xprt, struct rpc_task *task) dprintk("RPC: %5u failed to lock transport %p\n", task->tk_pid, xprt); task->tk_timeout = 0; @@ -757,7 +757,7 @@ index c912bf2..c2b63b3 100644 * Tear down transport state and free the rpc_xprt */ diff --git a/net/sunrpc/xprtmultipath.c b/net/sunrpc/xprtmultipath.c -index 6ebaa58..f6a004e 100644 +index c0a0e2346cfb..6b3709d5ed6e 100644 --- a/net/sunrpc/xprtmultipath.c +++ b/net/sunrpc/xprtmultipath.c @@ -18,6 +18,7 @@ diff --git a/SOURCE b/SOURCE index 1e8f907..b00e521 100644 --- a/SOURCE +++ b/SOURCE @@ -1 +1 @@ -4.19.90-2406.1.0 +4.19.90-2406.2.0 diff --git a/kernel.spec b/kernel.spec index 03c3c56..f998c85 100644 --- a/kernel.spec +++ b/kernel.spec @@ -12,7 +12,7 @@ %global KernelVer %{version}-%{release}.%{_target_cpu} -%global hulkrelease 2406.1.0 +%global hulkrelease 2406.2.0 %define with_patch 1 @@ -32,7 +32,7 @@ Name: kernel Version: 4.19.90 -Release: %{hulkrelease}.0280 +Release: %{hulkrelease}.0281 Summary: Linux Kernel License: GPLv2 URL: http://www.kernel.org/ @@ -850,6 +850,135 @@ fi %changelog +* Wed Jun 12 2024 chenyi - 4.19.90-2406.2.0.0281 +- !8895 net: fix out-of-bounds access in ops_init +- !8694 clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data +- !8858 PCI/PM: Drain runtime-idle callbacks before driver removal +- !8626 fs/9p: only translate RWX permissions for plain 9P2000 +- !8490 scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() +- !8777 memory: fsl_ifc: fix leak of IO mapping on probe failure +- !8806 media: zr364xx: fix memory leak in zr364xx_start_readpipe +- !8664 mmc: mmc_spi: fix error handling in mmc_spi_probe() +- !8865 staging: rtl8712: fix use-after-free in rtl8712_dl_fw +- !8888 nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). +- !8825 watchdog: Fix possible use-after-free in wdt_startup() +- !8654 nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done +- !8358 perf report: Fix memory leaks around perf_tip() +- !8552 tipc: fix a possible memleak in tipc_buf_append +- !8851 ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() +- net: fix out-of-bounds access in ops_init +- !8802 CVE-2021-47294 +- nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). +- staging: rtl8712: fix use-after-free in rtl8712_dl_fw +- PCI/PM: Drain runtime-idle callbacks before driver removal +- ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() +- !8628 erspan: make sure erspan_base_hdr is present in skb->head +- !8716 CVE-2024-35910 +- !8325 ocfs2: fix data corruption after conversion from inline format +- !8729 tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). +- !8636 ipv6: Fix potential uninit-value access in __ip6_make_skb() +- watchdog: Fix possible use-after-free in wdt_startup() +- !8773 sched: remove WARN_ON on checking rq->tmp_alone_branch +- media: zr364xx: fix memory leak in zr364xx_start_readpipe +- !8678 can: pch_can: pch_can_rx_normal: fix use after free +- netrom: Fix use-after-free of a listening socket. +- netrom: Decrease sock refcount when sock timers expire +- !8676 net: tulip: de4x5: fix the problem that the array 'lp->phy[8 +- !8708 media: imon: fix access to invalid resource for the second interface +- !8707 regmap: Fix possible double-free in regcache_rbtree_exit() +- !8706 isdn: mISDN: Fix sleeping function called from invalid context +- !8705 usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency +- !8357 nilfs2: fix underflow in second superblock position calculations +- !8681 rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation +- !8484 scsi: megaraid_sas: Fix resource leak in case of probe failure +- memory: fsl_ifc: fix leak of IO mapping on probe failure +- sched: remove WARN_ON on checking rq->tmp_alone_branch +- !8620 CVE-2024-35896 +- !8526 SUNRPC: Fix RPC client cleaned up the freed pipefs dentries +- !8336 tcp: fix page frag corruption on page fault +- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). +- !8521 isofs: Fix out of bound access for corrupted isofs image +- !7786 powerpc/powernv: Add a null pointer check in opal_event_init() +- !8568 gfs2: Fix use-after-free in gfs2_glock_shrink_scan +- tcp: properly terminate timers for kernel sockets +- mptcp: add sk_stop_timer_sync helper +- !8478 arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY +- !8366 net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() +- !8544 CVE-2021-47358 +- !8577 mmc: sdhci-msm: pervent access to suspended controller +- !8579 net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() +- !8603 rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() +- media: imon: fix access to invalid resource for the second interface +- regmap: Fix possible double-free in regcache_rbtree_exit() +- isdn: mISDN: Fix sleeping function called from invalid context +- usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency +- !8516 CVE-2021-47409 +- !8465 drm/amd/display: Avoid NULL dereference of timing generator +- !8500 pwm: Fix double shift bug +- clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data +- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation +- can: pch_can: pch_can_rx_normal: fix use after free +- net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound +- !8402 i40e: Fix freeing of uninitialized misc IRQ vector +- !8398 comedi: ni_usb6501: fix NULL-deref in command paths +- mmc: mmc_spi: fix error handling in mmc_spi_probe() +- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done +- !8464 i2c: smbus: fix NULL function pointer dereference +- !8434 iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove +- !8411 platform/x86: wmi: Fix opening of char device +- ipv6: Fix potential uninit-value access in __ip6_make_skb() +- !8307 s390/dasd: protect device queue against concurrent access +- !8444 CVE-2021-47511 +- !8443 v2 ipack: ipoctal: fix module reference leak +- !8611 smackfs: restrict bytes count in smk_set_cipso() +- !8610 media: gspca: cpia1: shift-out-of-bounds in set_flicker +- !8609 can: peak_pci: peak_pci_remove(): fix UAF +- !8430 drm/sched: Avoid data corruptions +- !8557 net: cdc_eem: fix tx fixup skb leak +- !8365 efi/capsule-loader: fix incorrect allocation size +- !8333 soc: qcom: llcc: Handle a second device without data corruption +- erspan: make sure erspan_base_hdr is present in skb->head +- fs/9p: only translate RWX permissions for plain 9P2000 +- netfilter: complete validation of user input +- netfilter: validate user input for expected length +- smackfs: restrict bytes count in smk_set_cipso() +- media: gspca: cpia1: shift-out-of-bounds in set_flicker +- can: peak_pci: peak_pci_remove(): fix UAF +- rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() +- net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() +- mmc: sdhci-msm: pervent access to suspended controller +- gfs2: Fix use-after-free in gfs2_glock_shrink_scan +- net: cdc_eem: fix tx fixup skb leak +- tipc: fix a possible memleak in tipc_buf_append +- staging: greybus: uart: fix tty use after free +- SUNRPC: Fix RPC client cleaned up the freed pipefs dentries +- isofs: Fix out of bound access for corrupted isofs image +- usb: dwc2: Fix memory leak in dwc2_hcd_init +- usb: dwc2: check return value after calling platform_get_resource() +- pwm: Fix double shift bug +- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() +- scsi: megaraid_sas: Fix resource leak in case of probe failure +- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY +- drm/amd/display: Avoid NULL dereference of timing generator +- i2c: smbus: fix NULL function pointer dereference +- ALSA: pcm: oss: Fix negative period/buffer sizes +- ALSA: pcm: oss: Fix a few more UBSAN fixes +- ipack: ipoctal: fix module reference leak +- iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove +- drm/sched: Avoid data corruptions +- platform/x86: wmi: Fix opening of char device +- i40e: Fix freeing of uninitialized misc IRQ vector +- comedi: ni_usb6501: fix NULL-deref in command paths +- net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() +- efi/capsule-loader: fix incorrect allocation size +- perf report: Fix memory leaks around perf_tip() +- nilfs2: fix underflow in second superblock position calculations +- tcp: fix page frag corruption on page fault +- soc: qcom: llcc: Handle a second device without data corruption +- ocfs2: fix data corruption after conversion from inline format +- s390/dasd: protect device queue against concurrent access +- powerpc/powernv: Add a null pointer check in opal_event_init() + * Tue Jun 11 2024 chenyi - 4.19.90-2406.1.0.0280 - scsi: hisi_sas: Allocate DFX memory during dump trigger