diff --git a/blacklist.conf b/blacklist.conf index 50bc249..f1a05f9 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -272,3 +272,4 @@ e7b02296fb400ee64822fbdd81a0718449066333 # bluetooth: BT_HS removal; breaks kABI ffa55858330f267beec995fc4f68098c91311c64 # already applied 6a26310273c323380da21eb23fcfd50e31140913 # already applied 7e82a8745b951b1e794cc780d46f3fbee5e93447 # already applied +33cd6ea9c0673517cdb06ad5c915c6f22e9615fc # fbdev: causes a regression in the fb deferred io code (bsc#1221814) diff --git a/patches.suse/fbdev-flush-deferred-IO-before-closing.patch b/patches.suse/fbdev-flush-deferred-IO-before-closing.patch deleted file mode 100644 index 15e2f68..0000000 --- a/patches.suse/fbdev-flush-deferred-IO-before-closing.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 33cd6ea9c0673517cdb06ad5c915c6f22e9615fc Mon Sep 17 00:00:00 2001 -From: Nam Cao -Date: Mon, 18 Dec 2023 10:57:31 +0100 -Subject: [PATCH] fbdev: flush deferred IO before closing -Git-commit: 33cd6ea9c0673517cdb06ad5c915c6f22e9615fc -Patch-mainline: v6.8-rc1 -References: git-fixes - -When framebuffer gets closed, the queued deferred IO gets cancelled. This -can cause some last display data to vanish. This is problematic for users -who send a still image to the framebuffer, then close the file: the image -may never appear. - -To ensure none of display data get lost, flush the queued deferred IO -first before closing. - -Another possible solution is to delete the cancel_delayed_work_sync() -instead. The difference is that the display may appear some time after -closing. However, the clearing of page mapping after this needs to be -removed too, because the page mapping is used by the deferred work. It is -not completely obvious whether it is okay to not clear the page mapping. -For a patch intended for stable trees, go with the simple and obvious -solution. - -Fixes: 60b59beafba8 ("fbdev: mm: Deferred IO support") -Cc: stable@vger.kernel.org -Signed-off-by: Nam Cao -Reviewed-by: Sebastian Andrzej Siewior -Signed-off-by: Helge Deller -Acked-by: Takashi Iwai - ---- - drivers/video/fbdev/core/fb_defio.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c -index 6c8b81c452f0..1ae1d35a5942 100644 ---- a/drivers/video/fbdev/core/fb_defio.c -+++ b/drivers/video/fbdev/core/fb_defio.c -@@ -313,7 +313,7 @@ static void fb_deferred_io_lastclose(struct fb_info *info) - struct page *page; - int i; - -- cancel_delayed_work_sync(&info->deferred_work); -+ flush_delayed_work(&info->deferred_work); - - /* clear out the mapping that we setup */ - for (i = 0 ; i < info->fix.smem_len; i += PAGE_SIZE) { --- -2.35.3 - diff --git a/patches.suse/netfilter-nf_tables-skip-set-commit-for-deleted-dest.patch b/patches.suse/netfilter-nf_tables-skip-set-commit-for-deleted-dest.patch new file mode 100644 index 0000000..b77ac83 --- /dev/null +++ b/patches.suse/netfilter-nf_tables-skip-set-commit-for-deleted-dest.patch @@ -0,0 +1,32 @@ +From: Pablo Neira Ayuso +Date: Tue, 19 Dec 2023 19:44:49 +0100 +Subject: netfilter: nf_tables: skip set commit for deleted/destroyed sets +Patch-mainline: v6.7 +Git-commit: 7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a +References: CVE-2024-0193 bsc#1218495 + +NFT_MSG_DELSET deactivates all elements in the set, skip +set->ops->commit() to avoid the unnecessary clone (for the pipapo case) +as well as the sync GC cycle, which could deactivate again expired +elements in such set. + +Fixes: 5f68718b34a5 ("netfilter: nf_tables: GC transaction API to avoid race with control plane") +Reported-by: Kevin Rich +Signed-off-by: Pablo Neira Ayuso +Acked-by: Michal Kubecek + +--- + net/netfilter/nf_tables_api.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -9758,7 +9758,7 @@ static void nft_set_commit_update(struct list_head *set_update_list) + list_for_each_entry_safe(set, next, set_update_list, pending_update) { + list_del_init(&set->pending_update); + +- if (!set->ops->commit) ++ if (!set->ops->commit || set->dead) + continue; + + set->ops->commit(set); diff --git a/series.conf b/series.conf index aac479a..c389de6 100644 --- a/series.conf +++ b/series.conf @@ -17340,6 +17340,7 @@ patches.suse/nfc-Do-not-send-datagram-if-socket-state-isn-t-LLCP_.patch patches.suse/octeontx2-af-Fix-marking-couple-of-structure-as-__pa.patch patches.suse/wifi-iwlwifi-pcie-don-t-synchronize-IRQs-from-IRQ.patch + patches.suse/netfilter-nf_tables-skip-set-commit-for-deleted-dest.patch patches.suse/mlxbf_gige-fix-receive-packet-race-condition.patch patches.suse/r8169-Fix-PCI-error-on-system-resume.patch patches.suse/connector-Fix-proc_event_num_listeners-count-not-cle.patch @@ -18470,7 +18471,6 @@ patches.suse/fbdev-imxfb-fix-left-margin-setting.patch patches.suse/fbdev-mmp-Fix-typo-and-wording-in-code-comment.patch patches.suse/fbdev-flush-deferred-work-in-fb_deferred_io_fsync.patch - patches.suse/fbdev-flush-deferred-IO-before-closing.patch patches.suse/HID-wacom-Correct-behavior-when-processing-some-conf.patch patches.suse/pwm-stm32-Use-hweight32-in-stm32_pwm_detect_channels.patch patches.suse/pwm-stm32-Fix-enable-count-for-clk-in-.probe.patch