From 4fd254154408d1d25d54e96dbf6ae4739e7766ac Mon Sep 17 00:00:00 2001 From: Andrey Smirnov Date: Thu, 29 Aug 2024 16:18:58 +0400 Subject: [PATCH] feat: bump dependencies ``` | Package | Update | Change | |---|---|---| | [LINBIT/drbd](https://togithub.com/LINBIT/drbd) | patch | `9.2.10` -> `9.2.11` | | [containerd/containerd](https://togithub.com/containerd/containerd) | patch | `v2.0.0-rc.3` -> `v2.0.0-rc.4` | | [flannel-io/cni-plugin](https://togithub.com/flannel-io/cni-plugin) | patch | `v1.5.1-flannel1` -> `v1.5.1-flannel2` | | git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git | minor | `20240709` -> `20240811` | | git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git | patch | `6.6.45` -> `6.6.47` | | git://git.liburcu.org/userspace-rcu.git | patch | `0.14.0` -> `0.14.1` | | git://repo.or.cz/socat.git | patch | `1.8.0.0` -> `1.8.0.1` | | https://github.com/ipxe/ipxe.git | digest | `59e2b03` -> `748cab7` | | git://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git | major | `32` -> `33` | ``` Note: xfsprogs 6.10.0 doesn't build Signed-off-by: Andrey Smirnov --- .github/workflows/ci.yaml | 6 +- .github/workflows/weekly.yaml | 4 +- Pkgfile | 60 +++---- eudev/pkg.yaml | 3 +- hack/release.sh | 89 ++++++++++- kernel/build/config-amd64 | 6 +- kernel/build/config-arm64 | 7 +- .../build/patches/0002-virtio-net-gso.patch | 151 ------------------ kernel/build/patches/README.md | 1 - kmod/patches/portable-basename.patch | 106 ------------ kmod/pkg.yaml | 4 +- 11 files changed, 132 insertions(+), 305 deletions(-) delete mode 100644 kernel/build/patches/0002-virtio-net-gso.patch delete mode 100644 kmod/patches/portable-basename.patch diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 22359e1e..29c1c6bc 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2024-08-07T16:43:47Z by kres dbf015a. +# Generated on 2024-08-29T12:20:48Z by kres b5ca957. name: default concurrency: @@ -33,7 +33,7 @@ jobs: labels: ${{ steps.retrieve-pr-labels.outputs.result }} services: buildkitd: - image: moby/buildkit:v0.15.1 + image: moby/buildkit:v0.15.2 options: --privileged ports: - 1234:1234 @@ -137,7 +137,7 @@ jobs: - default services: buildkitd: - image: moby/buildkit:v0.15.1 + image: moby/buildkit:v0.15.2 options: --privileged ports: - 1234:1234 diff --git a/.github/workflows/weekly.yaml b/.github/workflows/weekly.yaml index c75092b2..aea08c04 100644 --- a/.github/workflows/weekly.yaml +++ b/.github/workflows/weekly.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2024-08-07T16:43:47Z by kres dbf015a. +# Generated on 2024-08-29T12:20:48Z by kres b5ca957. name: weekly concurrency: @@ -16,7 +16,7 @@ jobs: - pkgs services: buildkitd: - image: moby/buildkit:v0.15.1 + image: moby/buildkit:v0.15.2 options: --privileged ports: - 1234:1234 diff --git a/Pkgfile b/Pkgfile index ebba5fe0..7546a401 100644 --- a/Pkgfile +++ b/Pkgfile @@ -3,7 +3,7 @@ format: v1alpha2 vars: - TOOLS_IMAGE: ghcr.io/siderolabs/tools:v1.8.0-alpha.0-8-ga764e8d + TOOLS_IMAGE: ghcr.io/siderolabs/tools:v1.8.0 # renovate: datasource=github-releases depName=containernetworking/plugins cni_version: v1.5.1 @@ -11,10 +11,10 @@ vars: cni_sha512: d2e01958dd8328407164cb6be9d962321742dae7011ce7cd7b2342f5e4b4bbcd992d8249c53d3d81250a60c27f049969bbf329a75440524f52c1f1466b6e7132 # renovate: datasource=github-tags depName=containerd/containerd - containerd_version: v2.0.0-rc.3 - containerd_ref: 27de5fea738a38345aa1ac7569032261a6b1e562 - containerd_sha256: fe6b9cea34f67b2b4d39196bc755af345075be470211a69f1dc6ef9ad48f4d77 - containerd_sha512: d641e488b7348f7d24545ecd765681ef8131179bfdfb335205ca12a38966077eb1b107b6f9cde4f6787614be35d18740472f67557180c1ec0b957809e202d18d + containerd_version: v2.0.0-rc.4 + containerd_ref: fa5bf66fdff44846dc475c022bf6b47197febffd + containerd_sha256: 501b96526b161984b5aa446232cee171ff8ad405d33eff344844a571b2cf848a + containerd_sha512: 6296ee92976228fc86511b690c98b164a41ac1f30caaffb486e27729ee850ce8034ad5f3c08025cb9e33617bfa883b8ec8b9df4f9b2a3a289a9a305d6d2e9c57 # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.kernel.org/pub/scm/utils/cryptsetup/cryptsetup.git cryptsetup_version: 2.7.4 @@ -27,9 +27,9 @@ vars: dosfstools_sha512: 3cc0808edb4432428df8a67da4bb314fd1f27adc4a05754c1a492091741a7b6875ebd9f6a509cc4c5ad85643fc40395b6e0cadee548b25cc439cc9b725980156 # renovate: datasource=github-tags extractVersion=^drbd-(?.*)$ depName=LINBIT/drbd - drbd_version: 9.2.10 - drbd_sha256: 9d70b9930763a67800a894d25a9cc1d442fe7a2a9a3984831a7ddca341ecb988 - drbd_sha512: 04fce63d995dff563750b6d8185e71b2c2ea8437c880ec523755307e7c51599b357c0f453ed4d7979612c0174a144d5e4ed8d9cfa801e40ba25c56ed0d027aa8 + drbd_version: 9.2.11 + drbd_sha256: 016127238d5e0585130ec9558d991347e5360fb3c075283c62ea67f661bcd66b + drbd_sha512: 437e50d588b37aece7583eed06236c82931a41ab69f6835853fbeaf05125e4d5e0d1a81f501971e6773f86703d71d604ee3e1f0634faa9a03c3379d8297ed1cc # renovate: datasource=github-releases depName=eudev-project/eudev eudev_version: v3.2.14 @@ -37,10 +37,10 @@ vars: eudev_sha512: b2d5e0d13e30c83cd15a12ada868242354691bb51eda365ace14b1b1a3942c2d0c9db7ba4ed89a3d4c87572f1f29d10d887fe45a8d257a88cba88270e75b3baf # renovate: datasource=github-releases depName=flannel-io/cni-plugin - flannel_cni_version: v1.5.1-flannel1 - flannel_cni_ref: 6fe8827a241e26eebc64a236e0bd533e8c881c5a - flannel_cni_sha256: 3aebe62cfefe2fef39c39f1d95a70720750ea24bc0df04c68d0ff1734dd2196c - flannel_cni_sha512: 463122d2bf0be21b4996bc599ccf9364c64f32f93696fdcad124ba83d5dc8fd91ac1ae09f3f06b5d292036834fc46a95864c98da928735b97ea87f78973c3f34 + flannel_cni_version: v1.5.1-flannel2 + flannel_cni_ref: 1257a5a4e2a59a4083627223355ae28178293cb2 + flannel_cni_sha256: 24a7cd4e27cc947cb1b936fe578a933de91f387881b5b01f9c018b8b1a59c51a + flannel_cni_sha512: 816483813ae014bb00b75b434c7765b02be3a5ac76fb45ef1f2cc558d7c4a41ab045d5e724e90da5b6f244be6a0604bd01af85392acec85df020eacda4ff0509 # renovate: datasource=git-refs versioning=git depName=https://github.com/google/gasket-driver.git gasket_driver_ref: 5815ee3908a46a415aac616ac7b9aedcb98a504c @@ -63,19 +63,19 @@ vars: iptables_sha512: 71e6ed2260859157d61981a4fe5039dc9e8d7da885a626a4b5dae8164c509a9d9f874286b9468bb6a462d6e259d4d32d5967777ecefdd8a293011ae80c00f153 # renovate: datasource=git-refs versioning=git depName=https://github.com/ipxe/ipxe.git - ipxe_ref: 59e2b03e6ac842d0e69bc4f757bf6da452fca074 - ipxe_sha256: cf9f7825b12bf0dbdd4a301f61ca55235db6563b8ceff451a4bf5905040310b4 - ipxe_sha512: e2601fb59cfd46c601b5d23c9cb6d34541ea80702b9db74a3ec035bd611d6ff9d20aba3a1728c28c008136aa3d69bc1a1f91e2708285294666607238ce7c2081 + ipxe_ref: 748cab7745186ec6c770fb4d47b0e8c9f213e6df + ipxe_sha256: 230bbe9c6ce42295fa514b99e0fcb4066bfe783051ff418456fc554b6c6b6507 + ipxe_sha512: 001c10a81ca232f3656930ad8476ce3d1dbf117c49f45f84ba0a4f58668239d0cf0ab6a510955ac77b3e608cbf96367194ab3fc58a9efe3f8f3c9b5d12fb8348 # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git - linux_version: 6.6.45 - linux_sha256: 121bed240767e4a0959c1609e78eeaaf3e0620d9d1a5ed1f6e36bdf609c4f179 - linux_sha512: 1f70ad29581e92cb1979e0d50c2db3933c38d6c645f5f586794dab86cdf086166f63c5bec952f6bbc2ee7fe71ee75e16342b7581f9c530e5ac0af6b869f39ede + linux_version: 6.6.47 + linux_sha256: d43376c9e9eaa92bb1b926054bd160d329c58a62d64bd65fe1222c11c6564f50 + linux_sha512: 9a3c52f5df4480a61493ca24d25c9e9b5b9dfe2e465ecf7d457bc240abf88b2d08d745b63895c6b47a557fca610882bbc8b5fe66b2d7a9262f548daca50d4004 # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git - kmod_version: 32 - kmod_sha256: 630ed0d92275a88cb9a7bf68f5700e911fdadaf02e051cf2e4680ff8480bd492 - kmod_sha512: 29162135aabd025dff178a4147a754b5da5964855dbeee65ca867dec3b84437f35c1c97f0f027e974a021d3ee9a4940309a716859cc3cfe93c7ed0aada338f24 + kmod_version: 33 + kmod_sha256: dc768b3155172091f56dc69430b5481f2d76ecd9ccb54ead8c2540dbcf5ea9bc + kmod_sha512: 32d79d0bb7e89012f18458d4e88325f8e19a7dba6e1d5cff01aec3e618d1757b0f7c119735bf38d02e0d056a14273fd7522fca7c61a4d12a3ea5854bb662fff8 # renovate: datasource=git-tags extractVersion=^libaio-(?.*)$ depName=https://pagure.io/libaio.git libaio_version: 0.3.113 @@ -109,14 +109,14 @@ vars: libseccomp_sha512: f630e7a7e53a21b7ccb4d3e7b37616b89aeceba916677c8e3032830411d77a14c2d74dcf594cd193b1acc11f52595072e28316dc44300e54083d5d7b314a38da # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://git.liburcu.org/userspace-rcu.git - liburcu_version: 0.14.0 - liburcu_sha256: ca43bf261d4d392cff20dfae440836603bf009fce24fdc9b2697d837a2239d4f - liburcu_sha512: 7297e51012f4c44ee27c0e18ed9d87bf24be34db68a5398394c1e683a045bb561cf74aa913398404c0ed5cb8011af728ea12947717fa5f27627e5ca78e63a40f + liburcu_version: 0.14.1 + liburcu_sha256: 231acb13dc6ec023e836a0f0666f6aab47dc621ecb1d2cd9d9c22f922678abc0 + liburcu_sha512: 46137525854164df05326202909689b62f8f3aa6e04127eb9157a83aed8180f35a68332ec66e4e4fc9b0c046b64c64b492caed4b64f86f87a31579e4209ec345 # renovate: datasource=git-tags depName=git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git - linux_firmware_version: 20240709 - linux_firmware_sha256: 72a524675182f2b07a87be16d73f77eb0a78400146bd14d4e7b689aec214687e - linux_firmware_sha512: 4975c5d2b065f1ff9c4a379086e1aaf29e0eb49409edc5024a6c8645a13f19f8f1fd55034ac194157c0ca25fca4d91dcd08067efba20483c29df0ffd2a250628 + linux_firmware_version: 20240811 + linux_firmware_sha256: b1c672868e36c19d51f943898d0fdb5534759dc649af72fe51b04be47663d153 + linux_firmware_sha512: d7067f38d6a0b59042438cb147f16b71e2334e46bfdc9fba58131a215b834dce07c8e808debf878f2eae28690a51121ba0b6b0f3734b0de0113c1b4ef6ccd9a9 # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=git://sourceware.org/git/lvm2.git lvm2_version: 2_03_22 @@ -152,9 +152,9 @@ vars: runc_sha512: 13739045e0a7a479ece0696eba852a89b51c4e900c5f694175e603c7147eec8826abc16ce11a4b64ff51d002898f5d776afb454894a101fa2106ab04d2e06658 # renovate: datasource=git-tags extractVersion=^tag-(?.*)$ depName=git://repo.or.cz/socat.git - socat_version: 1.8.0.0 - socat_sha256: 6010f4f311e5ebe0e63c77f78613d264253680006ac8979f52b0711a9a231e82 - socat_sha512: edf459a9f1907a14025e13b3101ad29787f9a72795cffcd00017ce98847562884db29a95b9ae478a6a50868137548b142947c43fb18e975eb5853a763c42902c + socat_version: 1.8.0.1 + socat_sha256: dc350411e03da657269e529c4d49fe23ba7b4610b0b225c020df4cf9b46e6982 + socat_sha512: 2a327b4c2e00fc6afda503548d5bc285d4f120892c75ec6633201825e39e3003a8b8d827053364dc444b72ff728a82381769941c023d8b0a66d955417162b735 # renovate: datasource=git-tags extractVersion=^syslinux-(?.*)$ depName=git://git.kernel.org/pub/scm/boot/syslinux/syslinux.git syslinux_version: 6.03 diff --git a/eudev/pkg.yaml b/eudev/pkg.yaml index b5d55e95..8ab9fb11 100644 --- a/eudev/pkg.yaml +++ b/eudev/pkg.yaml @@ -35,7 +35,8 @@ steps: --libexecdir=/usr/libexec \ --sbindir=/sbin \ --disable-manpages \ - --disable-hwdb + --disable-hwdb \ + --disable-selinux build: - | cd build diff --git a/hack/release.sh b/hack/release.sh index a84db627..a8e397a9 100755 --- a/hack/release.sh +++ b/hack/release.sh @@ -1,8 +1,8 @@ -#!/bin/bash +#!/usr/bin/env bash # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2023-11-02T09:50:52Z by kres 3a2980e-dirty. +# Generated on 2024-08-29T12:20:48Z by kres b5ca957. set -e @@ -44,9 +44,92 @@ function commit { exit 1 fi + if is_on_main_branch; then + update_license_files + fi + git commit -s -m "release($1): prepare release" -m "This is the official $1 release." } +function is_on_main_branch { + main_remotes=("upstream" "origin") + branch_names=("main" "master") + current_branch=$(git rev-parse --abbrev-ref HEAD) + + echo "Check current branch: $current_branch" + + for remote in "${main_remotes[@]}"; do + echo "Fetch remote $remote..." + + if ! git fetch --quiet "$remote" &>/dev/null; then + echo "Failed to fetch $remote, skip..." + + continue + fi + + for branch_name in "${branch_names[@]}"; do + if ! git rev-parse --verify "$branch_name" &>/dev/null; then + echo "Branch $branch_name does not exist, skip..." + + continue + fi + + echo "Branch $remote/$branch_name exists, comparing..." + + merge_base=$(git merge-base "$current_branch" "$remote/$branch_name") + latest_main=$(git rev-parse "$remote/$branch_name") + + if [ "$merge_base" = "$latest_main" ]; then + echo "Current branch is up-to-date with $remote/$branch_name" + + return 0 + else + echo "Current branch is not on $remote/$branch_name" + + return 1 + fi + done + done + + echo "No main or master branch found on any remote" + + return 1 +} + +function update_license_files { + script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + parent_dir="$(dirname "$script_dir")" + current_year=$(date +"%Y") + change_date=$(date -v+4y +"%Y-%m-%d" 2>/dev/null || date -d "+4 years" +"%Y-%m-%d" 2>/dev/null || date --date="+4 years" +"%Y-%m-%d") + + # Find LICENSE and .kres.yaml files recursively in the parent directory (project root) + find "$parent_dir" \( -name "LICENSE" -o -name ".kres.yaml" \) -type f | while read -r file; do + temp_file="${file}.tmp" + + if [[ $file == *"LICENSE" ]]; then + if grep -q "^Business Source License" "$file"; then + sed -e "s/The Licensed Work is (c) [0-9]\{4\}/The Licensed Work is (c) $current_year/" \ + -e "s/Change Date: [0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}/Change Date: $change_date/" \ + "$file" >"$temp_file" + else + continue # Not a Business Source License file + fi + elif [[ $file == *".kres.yaml" ]]; then + sed -E 's/^([[:space:]]*)ChangeDate:.*$/\1ChangeDate: "'"$change_date"'"/' "$file" >"$temp_file" + fi + + # Check if the file has changed + if ! cmp -s "$file" "$temp_file"; then + mv "$temp_file" "$file" + echo "Updated: $file" + git add "$file" + else + echo "No changes: $file" + rm "$temp_file" + fi + done +} + if declare -f "$1" > /dev/null then cmd="$1" @@ -55,7 +138,7 @@ then else cat < -Date: Mon, 29 Jul 2024 16:10:12 -0400 -Subject: [PATCH] net: drop bad gso csum_start and offset in virtio_net_hdr - -Tighten csum_start and csum_offset checks in virtio_net_hdr_to_skb -for GSO packets. - -The function already checks that a checksum requested with -VIRTIO_NET_HDR_F_NEEDS_CSUM is in skb linear. But for GSO packets -this might not hold for segs after segmentation. - -Syzkaller demonstrated to reach this warning in skb_checksum_help - - offset = skb_checksum_start_offset(skb); - ret = -EINVAL; - if (WARN_ON_ONCE(offset >= skb_headlen(skb))) - -By injecting a TSO packet: - -WARNING: CPU: 1 PID: 3539 at net/core/dev.c:3284 skb_checksum_help+0x3d0/0x5b0 - ip_do_fragment+0x209/0x1b20 net/ipv4/ip_output.c:774 - ip_finish_output_gso net/ipv4/ip_output.c:279 [inline] - __ip_finish_output+0x2bd/0x4b0 net/ipv4/ip_output.c:301 - iptunnel_xmit+0x50c/0x930 net/ipv4/ip_tunnel_core.c:82 - ip_tunnel_xmit+0x2296/0x2c70 net/ipv4/ip_tunnel.c:813 - __gre_xmit net/ipv4/ip_gre.c:469 [inline] - ipgre_xmit+0x759/0xa60 net/ipv4/ip_gre.c:661 - __netdev_start_xmit include/linux/netdevice.h:4850 [inline] - netdev_start_xmit include/linux/netdevice.h:4864 [inline] - xmit_one net/core/dev.c:3595 [inline] - dev_hard_start_xmit+0x261/0x8c0 net/core/dev.c:3611 - __dev_queue_xmit+0x1b97/0x3c90 net/core/dev.c:4261 - packet_snd net/packet/af_packet.c:3073 [inline] - -The geometry of the bad input packet at tcp_gso_segment: - -[ 52.003050][ T8403] skb len=12202 headroom=244 headlen=12093 tailroom=0 -[ 52.003050][ T8403] mac=(168,24) mac_len=24 net=(192,52) trans=244 -[ 52.003050][ T8403] shinfo(txflags=0 nr_frags=1 gso(size=1552 type=3 segs=0)) -[ 52.003050][ T8403] csum(0x60000c7 start=199 offset=1536 -ip_summed=3 complete_sw=0 valid=0 level=0) - -Mitigate with stricter input validation. - -csum_offset: for GSO packets, deduce the correct value from gso_type. -This is already done for USO. Extend it to TSO. Let UFO be: -udp[46]_ufo_fragment ignores these fields and always computes the -checksum in software. - -csum_start: finding the real offset requires parsing to the transport -header. Do not add a parser, use existing segmentation parsing. Thanks -to SKB_GSO_DODGY, that also catches bad packets that are hw offloaded. -Again test both TSO and USO. Do not test UFO for the above reason, and -do not test UDP tunnel offload. - -GSO packet are almost always CHECKSUM_PARTIAL. USO packets may be -CHECKSUM_NONE since commit 10154dbded6d6 ("udp: Allow GSO transmit -from devices with no checksum offload"), but then still these fields -are initialized correctly in udp4_hwcsum/udp6_hwcsum_outgoing. So no -need to test for ip_summed == CHECKSUM_PARTIAL first. - -This revises an existing fix mentioned in the Fixes tag, which broke -small packets with GSO offload, as detected by kselftests. - -Link: https://syzkaller.appspot.com/bug?extid=e1db31216c789f552871 -Link: https://lore.kernel.org/netdev/20240723223109.2196886-1-kuba@kernel.org -Fixes: e269d79c7d35 ("net: missing check virtio") -Cc: stable@vger.kernel.org -Signed-off-by: Willem de Bruijn -Link: https://patch.msgid.link/20240729201108.1615114-1-willemdebruijn.kernel@gmail.com -Signed-off-by: Jakub Kicinski ---- - include/linux/virtio_net.h | 16 +++++----------- - net/ipv4/tcp_offload.c | 3 +++ - net/ipv4/udp_offload.c | 4 ++++ - 3 files changed, 12 insertions(+), 11 deletions(-) - -diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h -index d1d7825318c32d..6c395a2600e8d1 100644 ---- a/include/linux/virtio_net.h -+++ b/include/linux/virtio_net.h -@@ -56,7 +56,6 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, - unsigned int thlen = 0; - unsigned int p_off = 0; - unsigned int ip_proto; -- u64 ret, remainder, gso_size; - - if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) { - switch (hdr->gso_type & ~VIRTIO_NET_HDR_GSO_ECN) { -@@ -99,16 +98,6 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, - u32 off = __virtio16_to_cpu(little_endian, hdr->csum_offset); - u32 needed = start + max_t(u32, thlen, off + sizeof(__sum16)); - -- if (hdr->gso_size) { -- gso_size = __virtio16_to_cpu(little_endian, hdr->gso_size); -- ret = div64_u64_rem(skb->len, gso_size, &remainder); -- if (!(ret && (hdr->gso_size > needed) && -- ((remainder > needed) || (remainder == 0)))) { -- return -EINVAL; -- } -- skb_shinfo(skb)->tx_flags |= SKBFL_SHARED_FRAG; -- } -- - if (!pskb_may_pull(skb, needed)) - return -EINVAL; - -@@ -182,6 +171,11 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, - if (gso_type != SKB_GSO_UDP_L4) - return -EINVAL; - break; -+ case SKB_GSO_TCPV4: -+ case SKB_GSO_TCPV6: -+ if (skb->csum_offset != offsetof(struct tcphdr, check)) -+ return -EINVAL; -+ break; - } - - /* Kernel has a special handling for GSO_BY_FRAGS. */ -diff --git a/net/ipv4/tcp_offload.c b/net/ipv4/tcp_offload.c -index 4b791e74529e15..e4ad3311e14895 100644 ---- a/net/ipv4/tcp_offload.c -+++ b/net/ipv4/tcp_offload.c -@@ -140,6 +140,9 @@ struct sk_buff *tcp_gso_segment(struct sk_buff *skb, - if (thlen < sizeof(*th)) - goto out; - -+ if (unlikely(skb_checksum_start(skb) != skb_transport_header(skb))) -+ goto out; -+ - if (!pskb_may_pull(skb, thlen)) - goto out; - -diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c -index aa2e0a28ca6138..bc8a9da750fed6 100644 ---- a/net/ipv4/udp_offload.c -+++ b/net/ipv4/udp_offload.c -@@ -278,6 +278,10 @@ struct sk_buff *__udp_gso_segment(struct sk_buff *gso_skb, - if (gso_skb->len <= sizeof(*uh) + mss) - return ERR_PTR(-EINVAL); - -+ if (unlikely(skb_checksum_start(gso_skb) != -+ skb_transport_header(gso_skb))) -+ return ERR_PTR(-EINVAL); -+ - if (skb_gso_ok(gso_skb, features | NETIF_F_GSO_ROBUST)) { - /* Packet is from an untrusted source, reset gso_segs. */ - skb_shinfo(gso_skb)->gso_segs = DIV_ROUND_UP(gso_skb->len - sizeof(*uh), diff --git a/kernel/build/patches/README.md b/kernel/build/patches/README.md index 3b8b5c4a..d30e6d69 100644 --- a/kernel/build/patches/README.md +++ b/kernel/build/patches/README.md @@ -1,4 +1,3 @@ | Patch file | Description | Upstream status | Link | |----------------------------------------------------------------------------|--------------------------------------------|-----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 0001-bpf-Replace-bpf_lpm_trie_key-0-length-array-with-flexible-array.patch | Fixes `UBSAN: array-index-out-of-bounds in kernel/bpf/lpm_trie.c` when starting Cilium | 6.9 | [Patchwork](https://patchwork.kernel.org/project/netdevbpf/patch/20240222155612.it.533-kees@kernel.org/) / [mailing-list](https://lore.kernel.org/lkml/202402221046.020C94D@keescook/T/) | -| 0002-virtio-net-gso.patch | Fixes `bad gso: type: 1, size: 1448` | main | [mailing-list](https://www.spinics.net/lists/stable/msg763970.html) | diff --git a/kmod/patches/portable-basename.patch b/kmod/patches/portable-basename.patch deleted file mode 100644 index 12f333ae..00000000 --- a/kmod/patches/portable-basename.patch +++ /dev/null @@ -1,106 +0,0 @@ -Upstream PR #32 - -musl has removed the non-prototype declaration of basename from -string.h [1] which now results in build errors with clang-17+ -compiler. - -https://github.com/kmod-project/kmod/pull/32 - ---- - -diff -aur a/libkmod/libkmod-config.c b/libkmod/libkmod-config.c ---- a/libkmod/libkmod-config.c -+++ b/libkmod/libkmod-config.c -@@ -794,7 +794,7 @@ - bool is_single = false; - - if (name == NULL) { -- name = basename(path); -+ name = gnu_basename(path); - is_single = true; - } - -diff -aur a/shared/util.c b/shared/util.c ---- a/shared/util.c -+++ b/shared/util.c -@@ -172,9 +172,9 @@ - - char *path_to_modname(const char *path, char buf[static PATH_MAX], size_t *len) - { -- char *modname; -+ const char *modname; - -- modname = basename(path); -+ modname = gnu_basename(path); - if (modname == NULL || modname[0] == '\0') - return NULL; - -diff -aur a/shared/util.h b/shared/util.h ---- a/shared/util.h -+++ b/shared/util.h -@@ -5,6 +5,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -76,6 +77,12 @@ - __p->__v = (val); \ - } while(0) - -+static _always_inline_ const char *gnu_basename(const char *s) -+{ -+ const char *p = strrchr(s, '/'); -+ return p ? p+1 : s; -+} -+ - static _always_inline_ unsigned int ALIGN_POWER2(unsigned int u) - { - return 1 << ((sizeof(u) * 8) - __builtin_clz(u - 1)); -diff -aur a/testsuite/testsuite.c b/testsuite/testsuite.c ---- a/testsuite/testsuite.c -+++ b/testsuite/testsuite.c -@@ -70,7 +70,7 @@ - - printf("Usage:\n" - "\t%s [options] \n" -- "Options:\n", basename(progname)); -+ "Options:\n", gnu_basename(progname)); - - for (itr = options, itr_short = options_short; - itr->name != NULL; itr++, itr_short++) -diff -aur a/tools/depmod.c b/tools/depmod.c ---- a/tools/depmod.c -+++ b/tools/depmod.c -@@ -761,7 +761,7 @@ - if (name != NULL) - namelen = strlen(name); - else { -- name = basename(dir); -+ name = gnu_basename(dir); - namelen = strlen(name); - dirlen -= namelen + 1; - } -diff -aur a/tools/kmod.c b/tools/kmod.c ---- a/tools/kmod.c -+++ b/tools/kmod.c -@@ -68,7 +68,7 @@ - "Options:\n" - "\t-V, --version show version\n" - "\t-h, --help show this help\n\n" -- "Commands:\n", basename(argv[0])); -+ "Commands:\n", gnu_basename(argv[0])); - - for (i = 0; i < ARRAY_SIZE(kmod_cmds); i++) { - if (kmod_cmds[i]->help != NULL) { -@@ -156,7 +156,7 @@ - const char *cmd; - size_t i; - -- cmd = basename(argv[0]); -+ cmd = gnu_basename(argv[0]); - - for (i = 0; i < ARRAY_SIZE(kmod_compat_cmds); i++) { - if (streq(kmod_compat_cmds[i]->name, cmd)) diff --git a/kmod/pkg.yaml b/kmod/pkg.yaml index 60702071..b1d5dbd0 100644 --- a/kmod/pkg.yaml +++ b/kmod/pkg.yaml @@ -13,13 +13,13 @@ steps: - | tar -xJf kmod.tar.xz --strip-components=1 - patch -p1 < /pkg/patches/portable-basename.patch patch -p1 < /pkg/patches/strndupa.patch mkdir build cd build ../configure \ - --prefix=/usr + --prefix=/usr \ + --disable-manpages build: - | cd build