From e9cc7584152ace017f5edbfb6acc0358edda490e Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 30 Nov 2023 14:46:29 +0000
Subject: updates

---
 ...move-reference-count-in-packet_sock-to-64.patch | 98 ++++++++++++++++++++++
 0001-readfile-implement-readfile-syscall.patch     |  2 +-
 0001-vsmp-driver.patch                             | 16 ++--
 ...es.rst-clean-out-empty-and-unused-entries.patch | 44 ----------
 pmu_attr_visible.patch                             |  4 +-
 series                                             |  2 +-
 6 files changed, 110 insertions(+), 56 deletions(-)
 create mode 100644 0001-net-packet-move-reference-count-in-packet_sock-to-64.patch
 delete mode 100644 documentation-embargoed-hardware-issues.rst-clean-out-empty-and-unused-entries.patch

diff --git a/0001-net-packet-move-reference-count-in-packet_sock-to-64.patch b/0001-net-packet-move-reference-count-in-packet_sock-to-64.patch
new file mode 100644
index 00000000000000..734633f20a0ade
--- /dev/null
+++ b/0001-net-packet-move-reference-count-in-packet_sock-to-64.patch
@@ -0,0 +1,98 @@
+From ac0d2377f612a16f1b452c7945e77dee93c0289e Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Thu, 30 Nov 2023 14:10:27 +0000
+Subject: [PATCH] net/packet: move reference count in packet_sock to 64 bits
+
+In some potential instances the reference count on struct packet_sock
+could be saturated and cause overflows which gets the kernel a bit
+confused.  To prevent this, move to a 64bit atomic reference count to
+prevent the possibility of this type of overflow.
+
+Because we can not handle saturation, using refcount_t is not possible
+in this place.  Maybe someday in the future if it changes could it be
+used.
+
+Original version from Daniel after I did it wrong, I've provided a
+changelog.
+
+Reported-by: "The UK's National Cyber Security Centre (NCSC)" <security@ncsc.gov.uk>
+Cc: stable <stable@kernel.org>
+Cc: Daniel Borkmann <daniel@iogearbox.net>
+Cc: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/packet/af_packet.c |   16 ++++++++--------
+ net/packet/internal.h  |    2 +-
+ 2 files changed, 9 insertions(+), 9 deletions(-)
+
+--- a/net/packet/af_packet.c
++++ b/net/packet/af_packet.c
+@@ -4300,7 +4300,7 @@ static void packet_mm_open(struct vm_are
+ 	struct sock *sk = sock->sk;
+ 
+ 	if (sk)
+-		atomic_inc(&pkt_sk(sk)->mapped);
++		atomic64_inc(&pkt_sk(sk)->mapped);
+ }
+ 
+ static void packet_mm_close(struct vm_area_struct *vma)
+@@ -4310,7 +4310,7 @@ static void packet_mm_close(struct vm_ar
+ 	struct sock *sk = sock->sk;
+ 
+ 	if (sk)
+-		atomic_dec(&pkt_sk(sk)->mapped);
++		atomic64_dec(&pkt_sk(sk)->mapped);
+ }
+ 
+ static const struct vm_operations_struct packet_mmap_ops = {
+@@ -4405,7 +4405,7 @@ static int packet_set_ring(struct sock *
+ 
+ 	err = -EBUSY;
+ 	if (!closing) {
+-		if (atomic_read(&po->mapped))
++		if (atomic64_read(&po->mapped))
+ 			goto out;
+ 		if (packet_read_pending(rb))
+ 			goto out;
+@@ -4508,7 +4508,7 @@ static int packet_set_ring(struct sock *
+ 
+ 	err = -EBUSY;
+ 	mutex_lock(&po->pg_vec_lock);
+-	if (closing || atomic_read(&po->mapped) == 0) {
++	if (closing || atomic64_read(&po->mapped) == 0) {
+ 		err = 0;
+ 		spin_lock_bh(&rb_queue->lock);
+ 		swap(rb->pg_vec, pg_vec);
+@@ -4526,9 +4526,9 @@ static int packet_set_ring(struct sock *
+ 		po->prot_hook.func = (po->rx_ring.pg_vec) ?
+ 						tpacket_rcv : packet_rcv;
+ 		skb_queue_purge(rb_queue);
+-		if (atomic_read(&po->mapped))
+-			pr_err("packet_mmap: vma is busy: %d\n",
+-			       atomic_read(&po->mapped));
++		if (atomic64_read(&po->mapped))
++			pr_err("packet_mmap: vma is busy: %lld\n",
++			       atomic64_read(&po->mapped));
+ 	}
+ 	mutex_unlock(&po->pg_vec_lock);
+ 
+@@ -4606,7 +4606,7 @@ static int packet_mmap(struct file *file
+ 		}
+ 	}
+ 
+-	atomic_inc(&po->mapped);
++	atomic64_inc(&po->mapped);
+ 	vma->vm_ops = &packet_mmap_ops;
+ 	err = 0;
+ 
+--- a/net/packet/internal.h
++++ b/net/packet/internal.h
+@@ -122,7 +122,7 @@ struct packet_sock {
+ 	__be16			num;
+ 	struct packet_rollover	*rollover;
+ 	struct packet_mclist	*mclist;
+-	atomic_t		mapped;
++	atomic64_t		mapped;
+ 	enum tpacket_versions	tp_version;
+ 	unsigned int		tp_hdrlen;
+ 	unsigned int		tp_reserve;
diff --git a/0001-readfile-implement-readfile-syscall.patch b/0001-readfile-implement-readfile-syscall.patch
index 2a9ab13b86f32e..93448fe2e86188 100644
--- a/0001-readfile-implement-readfile-syscall.patch
+++ b/0001-readfile-implement-readfile-syscall.patch
@@ -20,7 +20,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 
 --- a/fs/open.c
 +++ b/fs/open.c
-@@ -1572,3 +1572,53 @@ int stream_open(struct inode *inode, str
+@@ -1676,3 +1676,53 @@ int stream_open(struct inode *inode, str
  }
  
  EXPORT_SYMBOL(stream_open);
diff --git a/0001-vsmp-driver.patch b/0001-vsmp-driver.patch
index 9194070356ce92..a248846248f282 100644
--- a/0001-vsmp-driver.patch
+++ b/0001-vsmp-driver.patch
@@ -28,7 +28,7 @@ first cut to cleanup
 +Description:    Shows the full version of the vSMP hypervisor
 --- a/MAINTAINERS
 +++ b/MAINTAINERS
-@@ -22634,6 +22634,12 @@ F:	lib/test_printf.c
+@@ -23365,6 +23365,12 @@ F:	lib/test_printf.c
  F:	lib/test_scanf.c
  F:	lib/vsprintf.c
  
@@ -43,21 +43,21 @@ first cut to cleanup
  L:	linux-hwmon@vger.kernel.org
 --- a/drivers/virt/Kconfig
 +++ b/drivers/virt/Kconfig
-@@ -54,4 +54,6 @@ source "drivers/virt/coco/sev-guest/Kcon
+@@ -50,4 +50,6 @@ source "drivers/virt/acrn/Kconfig"
  
- source "drivers/virt/coco/tdx-guest/Kconfig"
+ source "drivers/virt/coco/Kconfig"
  
 +source "drivers/virt/vsmp/Kconfig"
 +
  endif
 --- a/drivers/virt/Makefile
 +++ b/drivers/virt/Makefile
-@@ -12,3 +12,5 @@ obj-$(CONFIG_ACRN_HSM)		+= acrn/
- obj-$(CONFIG_EFI_SECRET)	+= coco/efi_secret/
- obj-$(CONFIG_SEV_GUEST)		+= coco/sev-guest/
- obj-$(CONFIG_INTEL_TDX_GUEST)	+= coco/tdx-guest/
+@@ -10,3 +10,5 @@ obj-y				+= vboxguest/
+ obj-$(CONFIG_NITRO_ENCLAVES)	+= nitro_enclaves/
+ obj-$(CONFIG_ACRN_HSM)		+= acrn/
+ obj-y				+= coco/
 +
-+obj-$(CONFIG_VSMP)             += vsmp/
++obj-$(CONFIG_VSMP)		+= vsmp/
 --- /dev/null
 +++ b/drivers/virt/vsmp/Kconfig
 @@ -0,0 +1,12 @@
diff --git a/documentation-embargoed-hardware-issues.rst-clean-out-empty-and-unused-entries.patch b/documentation-embargoed-hardware-issues.rst-clean-out-empty-and-unused-entries.patch
deleted file mode 100644
index 75851fe943d3ce..00000000000000
--- a/documentation-embargoed-hardware-issues.rst-clean-out-empty-and-unused-entries.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From foo@baz Fri Jun 16 10:09:56 AM CEST 2023
-Date: Fri, 16 Jun 2023 10:09:56 +0200
-To: Greg KH <gregkh@linuxfoundation.org>
-From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Subject: [PATCH] Documentation: embargoed-hardware-issues.rst: clean out empty and unused entries
-
-There are a few empty entries in the company/project list, which
-confuses people as to why they are there, so remove them entirely, and
-also remove an entry that doesn't wish to participate in this process.
-
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- Documentation/process/embargoed-hardware-issues.rst |    4 ----
- 1 file changed, 4 deletions(-)
-
---- a/Documentation/process/embargoed-hardware-issues.rst
-+++ b/Documentation/process/embargoed-hardware-issues.rst
-@@ -244,7 +244,6 @@ disclosure of a particular issue, unless
- an involved disclosed party. The current ambassadors list:
- 
-   ============= ========================================================
--  AMD		Tom Lendacky <thomas.lendacky@amd.com>
-   Ampere	Darren Hart <darren@os.amperecomputing.com>
-   ARM		Catalin Marinas <catalin.marinas@arm.com>
-   IBM Power	Anton Blanchard <anton@linux.ibm.com>
-@@ -254,7 +253,6 @@ an involved disclosed party. The current
-   Samsung	Javier González <javier.gonz@samsung.com>
- 
-   Microsoft	James Morris <jamorris@linux.microsoft.com>
--  VMware
-   Xen		Andrew Cooper <andrew.cooper3@citrix.com>
- 
-   Canonical	John Johansen <john.johansen@canonical.com>
-@@ -263,10 +261,8 @@ an involved disclosed party. The current
-   Red Hat	Josh Poimboeuf <jpoimboe@redhat.com>
-   SUSE		Jiri Kosina <jkosina@suse.cz>
- 
--  Amazon
-   Google	Kees Cook <keescook@chromium.org>
- 
--  GCC
-   LLVM		Nick Desaulniers <ndesaulniers@google.com>
-   ============= ========================================================
- 
diff --git a/pmu_attr_visible.patch b/pmu_attr_visible.patch
index f5af16a1b22c59..228d9d9676bc3c 100644
--- a/pmu_attr_visible.patch
+++ b/pmu_attr_visible.patch
@@ -4,7 +4,7 @@
 
 --- a/kernel/events/core.c
 +++ b/kernel/events/core.c
-@@ -11351,9 +11351,32 @@ static DEVICE_ATTR_RW(perf_event_mux_int
+@@ -11400,9 +11400,32 @@ static DEVICE_ATTR_RW(perf_event_mux_int
  static struct attribute *pmu_dev_attrs[] = {
  	&dev_attr_type.attr,
  	&dev_attr_perf_event_mux_interval_ms.attr,
@@ -38,7 +38,7 @@
  
  static int pmu_bus_running;
  static struct bus_type pmu_bus = {
-@@ -11389,18 +11412,11 @@ static int pmu_dev_alloc(struct pmu *pmu
+@@ -11439,18 +11462,11 @@ static int pmu_dev_alloc(struct pmu *pmu
  	if (ret)
  		goto free_dev;
  
diff --git a/series b/series
index 81b604e97fa7e3..608841fcf30d28 100644
--- a/series
+++ b/series
@@ -1,6 +1,6 @@
 #
+0001-net-packet-move-reference-count-in-packet_sock-to-64.patch
 pmu_attr_visible.patch
-documentation-embargoed-hardware-issues.rst-clean-out-empty-and-unused-entries.patch
 usb.patch
 0001-vsmp-driver.patch
 0001-driver-core-aux-test-code.patch
-- 
cgit 1.2.3-korg