mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
kernel: update to 6.1.28
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This commit is contained in:
Arne Fitzenreiter
@@ -1,6 +1,6 @@
|
||||
#
|
||||
# Automatically generated file; DO NOT EDIT.
|
||||
# Linux/arm64 6.1.27-ipfire Kernel Configuration
|
||||
# Linux/arm64 6.1.28-ipfire Kernel Configuration
|
||||
#
|
||||
CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.2.0"
|
||||
CONFIG_CC_IS_GCC=y
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#
|
||||
# Automatically generated file; DO NOT EDIT.
|
||||
# Linux/x86 6.1.27-ipfire Kernel Configuration
|
||||
# Linux/x86 6.1.28-ipfire Kernel Configuration
|
||||
#
|
||||
CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.2.0"
|
||||
CONFIG_CC_IS_GCC=y
|
||||
|
||||
@@ -15914,7 +15914,7 @@ etc/modprobe.d/ipv6.conf
|
||||
#lib/modules/KVER-ipfire/build/include/sound/ac97/regs.h
|
||||
#lib/modules/KVER-ipfire/build/include/sound/ac97_codec.h
|
||||
#lib/modules/KVER-ipfire/build/include/sound/aci.h
|
||||
#lib/modules/KVER-ipfire/build/include/sound/acp62_chip_offset_byte.h
|
||||
#lib/modules/KVER-ipfire/build/include/sound/acp63_chip_offset_byte.h
|
||||
#lib/modules/KVER-ipfire/build/include/sound/ad1816a.h
|
||||
#lib/modules/KVER-ipfire/build/include/sound/ad1843.h
|
||||
#lib/modules/KVER-ipfire/build/include/sound/adau1373.h
|
||||
|
||||
@@ -16002,7 +16002,7 @@ etc/modprobe.d/ipv6.conf
|
||||
#lib/modules/KVER-ipfire/build/include/sound/ac97/regs.h
|
||||
#lib/modules/KVER-ipfire/build/include/sound/ac97_codec.h
|
||||
#lib/modules/KVER-ipfire/build/include/sound/aci.h
|
||||
#lib/modules/KVER-ipfire/build/include/sound/acp62_chip_offset_byte.h
|
||||
#lib/modules/KVER-ipfire/build/include/sound/acp63_chip_offset_byte.h
|
||||
#lib/modules/KVER-ipfire/build/include/sound/ad1816a.h
|
||||
#lib/modules/KVER-ipfire/build/include/sound/ad1843.h
|
||||
#lib/modules/KVER-ipfire/build/include/sound/adau1373.h
|
||||
|
||||
10
lfs/linux
10
lfs/linux
@@ -24,7 +24,7 @@
|
||||
|
||||
include Config
|
||||
|
||||
VER = 6.1.27
|
||||
VER = 6.1.28
|
||||
|
||||
ARM_PATCHES = 6.1.y-ipfire2
|
||||
|
||||
@@ -76,7 +76,7 @@ objects = \
|
||||
$(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
|
||||
arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
|
||||
|
||||
$(DL_FILE)_BLAKE2 = 5d7ec9a6a2652abbe4afb70174a63f58d495291d522087f9adb33864063ce54e219fd6e426793077a346338ccb4d9d753a60cb76b448146fb592ff17c2618792
|
||||
$(DL_FILE)_BLAKE2 = f840274d9e1c5af90292bce6afb8b8b1a81b4f8ef82691a1cf28ca2d6cf680913c2668ddb086e1fa4ba4112e9d8118a674231374c14a06a911ddb3d2cf8ac3fb
|
||||
arm-multi-patches-$(ARM_PATCHES).patch.xz_BLAKE2 = 7afc460562fb24bcd75784fc79de768f9b60780aedd88d1a847927169e31920bbb475b1ac1466c4a224a7876d16bd8d465b96202de12b74f6e2ccbfcec731ad3
|
||||
|
||||
install : $(TARGET)
|
||||
@@ -144,12 +144,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
|
||||
# Fix external module compile
|
||||
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0-fix_external_module_build.patch
|
||||
|
||||
# Fix pmc compile dependency errors
|
||||
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0.7-platform-x86-amd-Fix-pmc-compile-dependency-errors.patch
|
||||
|
||||
# Patch netfilter CVE-2023-32233
|
||||
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.3-netfilter_nftables_deactivate_anonymus_set.patch
|
||||
|
||||
ifeq "$(BUILD_ARCH)" "aarch64"
|
||||
# Apply Arm-multiarch kernel patches.
|
||||
cd $(DIR_APP) && xzcat $(DIR_DL)/arm-multi-patches-$(ARM_PATCHES).patch.xz | patch -Np1
|
||||
|
||||
@@ -1,63 +0,0 @@
|
||||
From: Yupeng Li <liyupeng@zbhlos.com>
|
||||
To: Shyam-sundar.S-k@amd.com, hdegoede@redhat.com, markgross@kernel.org
|
||||
Cc: platform-driver-x86@vger.kernel.org, linux-kernel@vger.kernel.org,
|
||||
caizp2008@163.com, Yupeng Li <liyupeng@zbhlos.com>
|
||||
Subject: [PATCH 1/1] platform/x86/amd: Fix pmc compile dependency errors.
|
||||
Date: Wed, 26 Oct 2022 15:25:31 +0800
|
||||
|
||||
When disabled CONFIG_SUSPEND and CONFIG_DEBUG_FS, get_metrics_table
|
||||
and amd_pmc_idlemask_read is defined under two conditions of this,
|
||||
pmc build with implicit declaration of function error.Some build error
|
||||
messages are as follows:
|
||||
|
||||
CC [M] drivers/platform/x86/amd/pmc.o
|
||||
drivers/platform/x86/amd/pmc.c: In function ‘smu_fw_info_show’:
|
||||
drivers/platform/x86/amd/pmc.c:436:6: error: implicit declaration of function ‘get_metrics_table’ [-Werror=implicit-function-declaration]
|
||||
436 | if (get_metrics_table(dev, &table))
|
||||
| ^~~~~~~~~~~~~~~~~
|
||||
drivers/platform/x86/amd/pmc.c: In function ‘amd_pmc_idlemask_show’:
|
||||
drivers/platform/x86/amd/pmc.c:508:8: error: implicit declaration of function ‘amd_pmc_idlemask_read’; did you mean ‘amd_pmc_idlemask_show’? [-Werror=implicit-function-declaration]
|
||||
508 | rc = amd_pmc_idlemask_read(dev, NULL, s);
|
||||
| ^~~~~~~~~~~~~~~~~~~~~
|
||||
| amd_pmc_idlemask_show
|
||||
cc1: some warnings being treated as errors
|
||||
|
||||
Signed-off-by: Yupeng Li <liyupeng@zbhlos.com>
|
||||
Reviewed-by: Caicai <caizp2008@163.com>
|
||||
---
|
||||
drivers/platform/x86/amd/pmc.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/platform/x86/amd/pmc.c b/drivers/platform/x86/amd/pmc.c
|
||||
index ce859b300712..2b08039921b8 100644
|
||||
--- a/drivers/platform/x86/amd/pmc.c
|
||||
+++ b/drivers/platform/x86/amd/pmc.c
|
||||
@@ -433,8 +433,10 @@ static int smu_fw_info_show(struct seq_file *s, void *unused)
|
||||
struct smu_metrics table;
|
||||
int idx;
|
||||
|
||||
+#if defined(CONFIG_SUSPEND) || defined(CONFIG_DEBUG_FS)
|
||||
if (get_metrics_table(dev, &table))
|
||||
return -EINVAL;
|
||||
+#endif
|
||||
|
||||
seq_puts(s, "\n=== SMU Statistics ===\n");
|
||||
seq_printf(s, "Table Version: %d\n", table.table_version);
|
||||
@@ -503,11 +505,12 @@ static int amd_pmc_idlemask_show(struct seq_file *s, void *unused)
|
||||
if (rc)
|
||||
return rc;
|
||||
}
|
||||
-
|
||||
if (dev->major > 56 || (dev->major >= 55 && dev->minor >= 37)) {
|
||||
+#if defined(CONFIG_SUSPEND) || defined(CONFIG_DEBUG_FS)
|
||||
rc = amd_pmc_idlemask_read(dev, NULL, s);
|
||||
if (rc)
|
||||
return rc;
|
||||
+#endif
|
||||
} else {
|
||||
seq_puts(s, "Unsupported SMU version for Idlemask\n");
|
||||
}
|
||||
--
|
||||
2.34.1
|
||||
|
||||
|
||||
@@ -1,121 +0,0 @@
|
||||
From c1592a89942e9678f7d9c8030efa777c0d57edab Mon Sep 17 00:00:00 2001
|
||||
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
Date: Tue, 2 May 2023 10:25:24 +0200
|
||||
Subject: netfilter: nf_tables: deactivate anonymous set from preparation phase
|
||||
|
||||
Toggle deleted anonymous sets as inactive in the next generation, so
|
||||
users cannot perform any update on it. Clear the generation bitmask
|
||||
in case the transaction is aborted.
|
||||
|
||||
The following KASAN splat shows a set element deletion for a bound
|
||||
anonymous set that has been already removed in the same transaction.
|
||||
|
||||
[ 64.921510] ==================================================================
|
||||
[ 64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables]
|
||||
[ 64.924745] Write of size 8 at addr dead000000000122 by task test/890
|
||||
[ 64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253
|
||||
[ 64.931120] Call Trace:
|
||||
[ 64.932699] <TASK>
|
||||
[ 64.934292] dump_stack_lvl+0x33/0x50
|
||||
[ 64.935908] ? nf_tables_commit+0xa24/0x1490 [nf_tables]
|
||||
[ 64.937551] kasan_report+0xda/0x120
|
||||
[ 64.939186] ? nf_tables_commit+0xa24/0x1490 [nf_tables]
|
||||
[ 64.940814] nf_tables_commit+0xa24/0x1490 [nf_tables]
|
||||
[ 64.942452] ? __kasan_slab_alloc+0x2d/0x60
|
||||
[ 64.944070] ? nf_tables_setelem_notify+0x190/0x190 [nf_tables]
|
||||
[ 64.945710] ? kasan_set_track+0x21/0x30
|
||||
[ 64.947323] nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink]
|
||||
[ 64.948898] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]
|
||||
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
---
|
||||
include/net/netfilter/nf_tables.h | 1 +
|
||||
net/netfilter/nf_tables_api.c | 12 ++++++++++++
|
||||
net/netfilter/nft_dynset.c | 2 +-
|
||||
net/netfilter/nft_lookup.c | 2 +-
|
||||
net/netfilter/nft_objref.c | 2 +-
|
||||
5 files changed, 16 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
|
||||
index 3ed21d2d56590..2e24ea1d744c2 100644
|
||||
--- a/include/net/netfilter/nf_tables.h
|
||||
+++ b/include/net/netfilter/nf_tables.h
|
||||
@@ -619,6 +619,7 @@ struct nft_set_binding {
|
||||
};
|
||||
|
||||
enum nft_trans_phase;
|
||||
+void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set);
|
||||
void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
|
||||
struct nft_set_binding *binding,
|
||||
enum nft_trans_phase phase);
|
||||
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
|
||||
index 8b6c61a2196cb..59fb8320ab4d7 100644
|
||||
--- a/net/netfilter/nf_tables_api.c
|
||||
+++ b/net/netfilter/nf_tables_api.c
|
||||
@@ -5127,12 +5127,24 @@ static void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set,
|
||||
}
|
||||
}
|
||||
|
||||
+void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set)
|
||||
+{
|
||||
+ if (nft_set_is_anonymous(set))
|
||||
+ nft_clear(ctx->net, set);
|
||||
+
|
||||
+ set->use++;
|
||||
+}
|
||||
+EXPORT_SYMBOL_GPL(nf_tables_activate_set);
|
||||
+
|
||||
void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
|
||||
struct nft_set_binding *binding,
|
||||
enum nft_trans_phase phase)
|
||||
{
|
||||
switch (phase) {
|
||||
case NFT_TRANS_PREPARE:
|
||||
+ if (nft_set_is_anonymous(set))
|
||||
+ nft_deactivate_next(ctx->net, set);
|
||||
+
|
||||
set->use--;
|
||||
return;
|
||||
case NFT_TRANS_ABORT:
|
||||
diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
|
||||
index 274579b1696e0..bd19c7aec92ee 100644
|
||||
--- a/net/netfilter/nft_dynset.c
|
||||
+++ b/net/netfilter/nft_dynset.c
|
||||
@@ -342,7 +342,7 @@ static void nft_dynset_activate(const struct nft_ctx *ctx,
|
||||
{
|
||||
struct nft_dynset *priv = nft_expr_priv(expr);
|
||||
|
||||
- priv->set->use++;
|
||||
+ nf_tables_activate_set(ctx, priv->set);
|
||||
}
|
||||
|
||||
static void nft_dynset_destroy(const struct nft_ctx *ctx,
|
||||
diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c
|
||||
index cecf8ab90e58f..03ef4fdaa460b 100644
|
||||
--- a/net/netfilter/nft_lookup.c
|
||||
+++ b/net/netfilter/nft_lookup.c
|
||||
@@ -167,7 +167,7 @@ static void nft_lookup_activate(const struct nft_ctx *ctx,
|
||||
{
|
||||
struct nft_lookup *priv = nft_expr_priv(expr);
|
||||
|
||||
- priv->set->use++;
|
||||
+ nf_tables_activate_set(ctx, priv->set);
|
||||
}
|
||||
|
||||
static void nft_lookup_destroy(const struct nft_ctx *ctx,
|
||||
diff --git a/net/netfilter/nft_objref.c b/net/netfilter/nft_objref.c
|
||||
index cb37169608bab..a48dd5b5d45b1 100644
|
||||
--- a/net/netfilter/nft_objref.c
|
||||
+++ b/net/netfilter/nft_objref.c
|
||||
@@ -185,7 +185,7 @@ static void nft_objref_map_activate(const struct nft_ctx *ctx,
|
||||
{
|
||||
struct nft_objref_map *priv = nft_expr_priv(expr);
|
||||
|
||||
- priv->set->use++;
|
||||
+ nf_tables_activate_set(ctx, priv->set);
|
||||
}
|
||||
|
||||
static void nft_objref_map_destroy(const struct nft_ctx *ctx,
|
||||
--
|
||||
cgit
|
||||
|
||||
Reference in New Issue
Block a user