Update to 6.3.1-2

5 files changed, 138 insertions, 49 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 2402e8e29e5d..25c344f6855d 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = linux-ck
 	pkgver = 6.3.1
-	pkgrel = 1
+	pkgrel = 2
 	url = https://wiki.archlinux.org/index.php/Linux-ck
 	arch = x86_64
 	license = GPL2
@@ -21,6 +21,7 @@ pkgbase = linux-ck
 	source = more-uarches-20221217.tar.gz::https://github.com/graysky2/kernel_compiler_patch/archive/20221217.tar.gz
 	source = ck-hrtimer-d09271d382ae852c98e17bd7426fc8021e7b465e.tar.gz::https://github.com/graysky2/linux-patches/archive/d09271d382ae852c98e17bd7426fc8021e7b465e.tar.gz
 	source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
+	source = 0002-netfilter-nf_tables-deactivate-anonymous-set-from-pr.patch
 	validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
 	validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
 	sha256sums = 78620fb4a7d5e0db1d4eb8d5b1c6e207ba5d19564efa63967a59b6daf89b3f2a
@@ -28,7 +29,8 @@ pkgbase = linux-ck
 	sha256sums = 6b337a9d3cfdc00005589a80b8d36fa500f6a92ed21565a3aceec48d7202a7da
 	sha256sums = f1d586e111932890ad5e0df15d092fb9b3f87bae4ea17812aae9b0ec98fe2db0
 	sha256sums = f781da5ba492d8912c7d4cddac02f21c1799532182e23374c80c19ff0c617373
-	sha256sums = 2e7592ff8fb3cd0c461abb6524bc9f097033abe7fb9d464702b307eab97bd58f
+	sha256sums = 9346a69dad1c83417322551a5af677e5134da9097df6fc60897bf9d35c067df0
+	sha256sums = 844c8e4c4b8c6f44a5f0e746c767092cbabf6522d9012d237397ae159ebc3ede
 
 pkgname = linux-ck
 	pkgdesc = The Linux kernel and modules with ck's hrtimer patches
diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
index b0fa1b3c8228..96e301fa14a9 100644
--- a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
+++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
@@ -1,4 +1,4 @@
-From 3c5746e7f5d3d5dec9afdb9a71b8e63e97e4470c Mon Sep 17 00:00:00 2001
+From e2e0cdead496d7d17e0376191e3b94261632496a Mon Sep 17 00:00:00 2001
 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
 Date: Mon, 16 Sep 2019 04:53:20 +0200
 Subject: [PATCH 1/3] ZEN: Add sysctl and CONFIG to disallow unprivileged
@@ -36,10 +36,10 @@ index 45f09bec02c4..87b20e2ee274 100644
  {
  	return &init_user_ns;
 diff --git a/init/Kconfig b/init/Kconfig
-index 44e90b28a30f..e0fa7d9f9778 100644
+index c88bb30a8b0b..32ba96d94028 100644
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -1253,6 +1253,22 @@ config USER_NS
+@@ -1249,6 +1249,22 @@ config USER_NS
  
  	  If unsure, say N.
  
@@ -63,7 +63,7 @@ index 44e90b28a30f..e0fa7d9f9778 100644
  	bool "PID Namespaces"
  	default y
 diff --git a/kernel/fork.c b/kernel/fork.c
-index 8dd0127ddcb8..b143c220c8b9 100644
+index ea332319dffe..349945168239 100644
 --- a/kernel/fork.c
 +++ b/kernel/fork.c
 @@ -98,6 +98,10 @@
@@ -77,7 +77,7 @@ index 8dd0127ddcb8..b143c220c8b9 100644
  #include <asm/pgalloc.h>
  #include <linux/uaccess.h>
  #include <asm/mmu_context.h>
-@@ -2030,6 +2034,10 @@ static __latent_entropy struct task_struct *copy_process(
+@@ -2032,6 +2036,10 @@ static __latent_entropy struct task_struct *copy_process(
  	if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
  		return ERR_PTR(-EINVAL);
  
@@ -88,7 +88,7 @@ index 8dd0127ddcb8..b143c220c8b9 100644
  	/*
  	 * Thread groups must share signals as well, and detached threads
  	 * can only be started up within the thread group.
-@@ -3180,6 +3188,12 @@ int ksys_unshare(unsigned long unshare_flags)
+@@ -3182,6 +3190,12 @@ int ksys_unshare(unsigned long unshare_flags)
  	if (unshare_flags & CLONE_NEWNS)
  		unshare_flags |= CLONE_FS;
  
@@ -132,7 +132,7 @@ index 1c240d2c99bc..2971581a27e2 100644
  	{
  		.procname	= "tainted",
 diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index 54211dbd516c..16ca0c151629 100644
+index 1d8e47bed3f1..fec01d016a35 100644
 --- a/kernel/user_namespace.c
 +++ b/kernel/user_namespace.c
 @@ -22,6 +22,13 @@
@@ -150,5 +150,5 @@ index 54211dbd516c..16ca0c151629 100644
  static DEFINE_MUTEX(userns_state_mutex);
  
 -- 
-2.40.0
+2.40.1
 
diff --git a/0002-bpf-x86-Fix-IP-after-emitting-call-depth-accounting.patch b/0002-bpf-x86-Fix-IP-after-emitting-call-depth-accounting.patch
deleted file mode 100644
index 8483cce32790..000000000000
--- a/0002-bpf-x86-Fix-IP-after-emitting-call-depth-accounting.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From cdcbbe9863053c039e61e2779c0b07760af7a780 Mon Sep 17 00:00:00 2001
-From: Joan Bruguera <joanbrugueram@gmail.com>
-Date: Sat, 7 Jan 2023 05:14:56 +0000
-Subject: [PATCH 2/3] bpf, x86: Fix IP after emitting call depth accounting
-
-Adjust the IP passed to `emit_patch` so it calculates the correct offset
-for the CALL instruction if `x86_call_depth_emit_accounting` emits code.
-Otherwise we will skip some instructions and most likely crash.
-
-Fixes: b2e9dfe54be4 ("x86/bpf: Emit call depth accounting if required")
-Link: https://lore.kernel.org/lkml/20230105214922.250473-1-joanbrugueram@gmail.com/
-Signed-off-by: Joan Bruguera <joanbrugueram@gmail.com>
-For: https://bugs.archlinux.org/task/77601
----
- arch/x86/net/bpf_jit_comp.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index b808be77635e..6e696c6b7018 100644
---- a/arch/x86/net/bpf_jit_comp.c
-+++ b/arch/x86/net/bpf_jit_comp.c
-@@ -343,9 +343,10 @@ static int emit_call(u8 **pprog, void *func, void *ip)
- 
- static int emit_rsb_call(u8 **pprog, void *func, void *ip)
- {
-+	void *adjusted_ip;
- 	OPTIMIZER_HIDE_VAR(func);
--	x86_call_depth_emit_accounting(pprog, func);
--	return emit_patch(pprog, func, ip, 0xE8);
-+	adjusted_ip = (u8 *)ip + x86_call_depth_emit_accounting(pprog, func);
-+	return emit_patch(pprog, func, adjusted_ip, 0xE8);
- }
- 
- static int emit_jump(u8 **pprog, void *func, void *ip)
--- 
-2.40.0
-
diff --git a/0002-netfilter-nf_tables-deactivate-anonymous-set-from-pr.patch b/0002-netfilter-nf_tables-deactivate-anonymous-set-from-pr.patch
new file mode 100644
index 000000000000..00a50897777c
--- /dev/null
+++ b/0002-netfilter-nf_tables-deactivate-anonymous-set-from-pr.patch
@@ -0,0 +1,122 @@
+From f2da18ab5eb4fa936252892cf99b93375f0b299b Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Tue, 2 May 2023 10:25:24 +0200
+Subject: [PATCH 2/3] netfilter: nf_tables: deactivate anonymous set from
+ preparation phase
+
+Toggle deleted anonymous sets as inactive in the next generation, so
+users cannot perform any update on it. Clear the generation bitmask
+in case the transaction is aborted.
+
+The following KASAN splat shows a set element deletion for a bound
+anonymous set that has been already removed in the same transaction.
+
+[   64.921510] ==================================================================
+[   64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables]
+[   64.924745] Write of size 8 at addr dead000000000122 by task test/890
+[   64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253
+[   64.931120] Call Trace:
+[   64.932699]  <TASK>
+[   64.934292]  dump_stack_lvl+0x33/0x50
+[   64.935908]  ? nf_tables_commit+0xa24/0x1490 [nf_tables]
+[   64.937551]  kasan_report+0xda/0x120
+[   64.939186]  ? nf_tables_commit+0xa24/0x1490 [nf_tables]
+[   64.940814]  nf_tables_commit+0xa24/0x1490 [nf_tables]
+[   64.942452]  ? __kasan_slab_alloc+0x2d/0x60
+[   64.944070]  ? nf_tables_setelem_notify+0x190/0x190 [nf_tables]
+[   64.945710]  ? kasan_set_track+0x21/0x30
+[   64.947323]  nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink]
+[   64.948898]  ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ include/net/netfilter/nf_tables.h |  1 +
+ net/netfilter/nf_tables_api.c     | 12 ++++++++++++
+ net/netfilter/nft_dynset.c        |  2 +-
+ net/netfilter/nft_lookup.c        |  2 +-
+ net/netfilter/nft_objref.c        |  2 +-
+ 5 files changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
+index 1b8e305bb54a..9dace9bcba8e 100644
+--- a/include/net/netfilter/nf_tables.h
++++ b/include/net/netfilter/nf_tables.h
+@@ -619,6 +619,7 @@ struct nft_set_binding {
+ };
+ 
+ enum nft_trans_phase;
++void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set);
+ void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
+ 			      struct nft_set_binding *binding,
+ 			      enum nft_trans_phase phase);
+diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
+index e48ab8dfb541..223bd16deb70 100644
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -5004,12 +5004,24 @@ static void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set,
+ 	}
+ }
+ 
++void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set)
++{
++	if (nft_set_is_anonymous(set))
++		nft_clear(ctx->net, set);
++
++	set->use++;
++}
++EXPORT_SYMBOL_GPL(nf_tables_activate_set);
++
+ void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
+ 			      struct nft_set_binding *binding,
+ 			      enum nft_trans_phase phase)
+ {
+ 	switch (phase) {
+ 	case NFT_TRANS_PREPARE:
++		if (nft_set_is_anonymous(set))
++			nft_deactivate_next(ctx->net, set);
++
+ 		set->use--;
+ 		return;
+ 	case NFT_TRANS_ABORT:
+diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
+index 274579b1696e..bd19c7aec92e 100644
+--- a/net/netfilter/nft_dynset.c
++++ b/net/netfilter/nft_dynset.c
+@@ -342,7 +342,7 @@ static void nft_dynset_activate(const struct nft_ctx *ctx,
+ {
+ 	struct nft_dynset *priv = nft_expr_priv(expr);
+ 
+-	priv->set->use++;
++	nf_tables_activate_set(ctx, priv->set);
+ }
+ 
+ static void nft_dynset_destroy(const struct nft_ctx *ctx,
+diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c
+index cecf8ab90e58..03ef4fdaa460 100644
+--- a/net/netfilter/nft_lookup.c
++++ b/net/netfilter/nft_lookup.c
+@@ -167,7 +167,7 @@ static void nft_lookup_activate(const struct nft_ctx *ctx,
+ {
+ 	struct nft_lookup *priv = nft_expr_priv(expr);
+ 
+-	priv->set->use++;
++	nf_tables_activate_set(ctx, priv->set);
+ }
+ 
+ static void nft_lookup_destroy(const struct nft_ctx *ctx,
+diff --git a/net/netfilter/nft_objref.c b/net/netfilter/nft_objref.c
+index cb37169608ba..a48dd5b5d45b 100644
+--- a/net/netfilter/nft_objref.c
++++ b/net/netfilter/nft_objref.c
+@@ -185,7 +185,7 @@ static void nft_objref_map_activate(const struct nft_ctx *ctx,
+ {
+ 	struct nft_objref_map *priv = nft_expr_priv(expr);
+ 
+-	priv->set->use++;
++	nf_tables_activate_set(ctx, priv->set);
+ }
+ 
+ static void nft_objref_map_destroy(const struct nft_ctx *ctx,
+-- 
+2.40.1
+
diff --git a/PKGBUILD b/PKGBUILD
index 799c66304b04..82a6c64cb3da 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -69,7 +69,7 @@ _subarch=
 ### IMPORTANT: Do no edit below this line unless you know what you're doing
 pkgbase=linux-ck
 pkgver=6.3.1
-pkgrel=1
+pkgrel=2
 arch=(x86_64)
 url="https://wiki.archlinux.org/index.php/Linux-ck"
 license=(GPL2)
@@ -100,6 +100,7 @@ source=(
   "more-uarches-$_gcc_more_v.tar.gz::https://github.com/graysky2/kernel_compiler_patch/archive/$_gcc_more_v.tar.gz"
   "ck-hrtimer-$_commit.tar.gz::https://github.com/graysky2/linux-patches/archive/$_commit.tar.gz"
   0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
+  0002-netfilter-nf_tables-deactivate-anonymous-set-from-pr.patch
 )
 validpgpkeys=(
   ABAF11C65A2970B130ABE3C479BE3E4300411886  # Linus Torvalds
@@ -110,7 +111,8 @@ sha256sums=('78620fb4a7d5e0db1d4eb8d5b1c6e207ba5d19564efa63967a59b6daf89b3f2a'
             '6b337a9d3cfdc00005589a80b8d36fa500f6a92ed21565a3aceec48d7202a7da'
             'f1d586e111932890ad5e0df15d092fb9b3f87bae4ea17812aae9b0ec98fe2db0'
             'f781da5ba492d8912c7d4cddac02f21c1799532182e23374c80c19ff0c617373'
-            '2e7592ff8fb3cd0c461abb6524bc9f097033abe7fb9d464702b307eab97bd58f')
+            '9346a69dad1c83417322551a5af677e5134da9097df6fc60897bf9d35c067df0'
+            '844c8e4c4b8c6f44a5f0e746c767092cbabf6522d9012d237397ae159ebc3ede')
 _make() {
   test -s version
   make KERNELRELEASE="$(<version)" "$@"