open-edge-platform · yepmunchun · May 27, 2025 · May 22, 2025
@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "lts-v6.12.23-emt-250415T094615Z.tar.gz": "752b4275dcc3d0a457802f57f5462fe1e0837730f3752292016beeacbf631021"
+    "lts-v6.12.28-emt-250519T192106Z.tar.gz": "12013d6e11dd8a87695da88dc3af6e3afb908382147506b13b5c54184824a599"
   }
 }
@@ -13,14 +13,14 @@
 
 Summary:        Linux API header files
 Name:           kernel-headers
-Version:        6.12.23
+Version:        6.12.28
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Intel Corporation
 Distribution:   Edge Microvisor Toolkit
 Group:          System Environment/Kernel
 URL:            https://github.com/intel/linux-intel-lts
-Source0:        https://github.com/intel/linux-intel-lts/archive/refs/tags/lts-v6.12.23-emt-250415T094615Z.tar.gz
+Source0:        https://github.com/intel/linux-intel-lts/archive/refs/tags/lts-v6.12.28-emt-250519T192106Z.tar.gz
 # Historical name shipped by other distros
 Provides:       glibc-kernheaders = %{version}-%{release}
 BuildArch:      noarch
@@ -41,7 +41,7 @@ cross-glibc package.
 %endif
 
 %prep
-%setup -q -n lts-v6.12.23-emt-250415T094615Z
+%setup -q -n lts-v6.12.28-emt-250519T192106Z
 
 %build
 make mrproper
@@ -76,6 +76,9 @@ done
 %endif
 
 %changelog
+* Thu Mar 22 2025 Ren Jiaojiao <jiaojiaox.ren@intel.com> - 6.12.28-1
+- Update kernel to 6.12.28
+
 * Mon Apr 21 2025 Ren Jiaojiao <jiaojiaox.ren@intel.com> - 6.12.23-1
 - Update kernel to 6.12.23
 

@@ -0,0 +1,3 @@
+already fix by upstream.
+fix_in_version: v6.12.23
+patch: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=cbf937dcadfd571a434f8074d057b32cd14fbea5
@@ -0,0 +1,42 @@
+From f95b9e12244a074199953b5cd6ede45920cba734 Mon Sep 17 00:00:00 2001
+From: Jiawen Wu <jiawenwu@trustnetic.com>
+Date: Mon, 24 Mar 2025 18:32:35 +0800
+Subject: [PATCH] net: libwx: fix Tx L4 checksum
+
+The hardware only supports L4 checksum offload for TCP/UDP/SCTP protocol.
+There was a bug to set Tx checksum flag for the other protocol that results
+in Tx ring hang. Fix to compute software checksum for these packets.
+
+Fixes: 3403960cdf86 ("net: wangxun: libwx add tx offload functions")
+Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
+Link: https://patch.msgid.link/20250324103235.823096-2-jiawenwu@trustnetic.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+---
+ drivers/net/ethernet/wangxun/libwx/wx_lib.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c
+index 71c891d14fb6..0896742b3f30 100644
+--- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c
++++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c
+@@ -1336,6 +1336,7 @@ static void wx_tx_csum(struct wx_ring *tx_ring, struct wx_tx_buffer *first,
+ 	u8 tun_prot = 0;
+
+ 	if (skb->ip_summed != CHECKSUM_PARTIAL) {
++csum_failed:
+ 		if (!(first->tx_flags & WX_TX_FLAGS_HW_VLAN) &&
+ 		    !(first->tx_flags & WX_TX_FLAGS_CC))
+ 			return;
+@@ -1429,7 +1430,8 @@ static void wx_tx_csum(struct wx_ring *tx_ring, struct wx_tx_buffer *first,
+ 					WX_TXD_L4LEN_SHIFT;
+ 			break;
+ 		default:
+-			break;
++			skb_checksum_help(skb);
++			goto csum_failed;
+ 		}
+
+ 		/* update TX checksum flag */
+-- 
+2.25.1
+
@@ -0,0 +1,61 @@
+From a7feb0e9dda0ebb66c810ad9bd0bbeb2823bd89f Mon Sep 17 00:00:00 2001
+From: Wang Liang <wangliang74@huawei.com>
+Date: Fri, 21 Mar 2025 17:03:53 +0800
+Subject: [PATCH] net: fix NULL pointer dereference in l3mdev_l3_rcv
+
+When delete l3s ipvlan:
+
+    ip link del link eth0 ipvlan1 type ipvlan mode l3s
+
+This may cause a null pointer dereference:
+
+    Call trace:
+     ip_rcv_finish+0x48/0xd0
+     ip_rcv+0x5c/0x100
+     __netif_receive_skb_one_core+0x64/0xb0
+     __netif_receive_skb+0x20/0x80
+     process_backlog+0xb4/0x204
+     napi_poll+0xe8/0x294
+     net_rx_action+0xd8/0x22c
+     __do_softirq+0x12c/0x354
+
+This is because l3mdev_l3_rcv() visit dev->l3mdev_ops after
+ipvlan_l3s_unregister() assign the dev->l3mdev_ops to NULL. The process
+like this:
+
+    (CPU1)                     | (CPU2)
+    l3mdev_l3_rcv()            |
+      check dev->priv_flags:   |
+        master = skb->dev;     |
+                               |
+                               | ipvlan_l3s_unregister()
+                               |   set dev->priv_flags
+                               |   dev->l3mdev_ops = NULL;
+                               |
+      visit master->l3mdev_ops |
+
+To avoid this by do not set dev->l3mdev_ops when unregister l3s ipvlan.
+
+Suggested-by: David Ahern <dsahern@kernel.org>
+Fixes: c675e06a98a4 ("ipvlan: decouple l3s mode dependencies from other modes")
+Signed-off-by: Wang Liang <wangliang74@huawei.com>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Link: https://patch.msgid.link/20250321090353.1170545-1-wangliang74@huawei.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+---
+ drivers/net/ipvlan/ipvlan_l3s.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/drivers/net/ipvlan/ipvlan_l3s.c b/drivers/net/ipvlan/ipvlan_l3s.c
+index d5b05e803219..ca35a50bb640 100644
+--- a/drivers/net/ipvlan/ipvlan_l3s.c
++++ b/drivers/net/ipvlan/ipvlan_l3s.c
+@@ -224,5 +224,4 @@ void ipvlan_l3s_unregister(struct ipvl_port *port)
+
+ 	dev->priv_flags &= ~IFF_L3MDEV_RX_HANDLER;
+ 	ipvlan_unregister_nf_hook(read_pnet(&port->pnet));
+-	dev->l3mdev_ops = NULL;
+ }
+-- 
+2.25.1
+
@@ -0,0 +1,114 @@
+From ac72f1fa7de7862f9156f106b506c0b786973420 Mon Sep 17 00:00:00 2001
+From: Nick Child <nnac123@linux.ibm.com>
+Date: Thu, 20 Mar 2025 16:29:51 -0500
+Subject: [PATCH] ibmvnic: Use kernel helpers for hex dumps
+
+Previously, when the driver was printing hex dumps, the buffer was cast
+to an 8 byte long and printed using string formatters. If the buffer
+size was not a multiple of 8 then a read buffer overflow was possible.
+
+Therefore, create a new ibmvnic function that loops over a buffer and
+calls hex_dump_to_buffer instead.
+
+This patch address KASAN reports like the one below:
+  ibmvnic 30000003 env3: Login Buffer:
+  ibmvnic 30000003 env3: 01000000af000000
+  <...>
+  ibmvnic 30000003 env3: 2e6d62692e736261
+  ibmvnic 30000003 env3: 65050003006d6f63
+  ==================================================================
+  BUG: KASAN: slab-out-of-bounds in ibmvnic_login+0xacc/0xffc [ibmvnic]
+  Read of size 8 at addr c0000001331a9aa8 by task ip/17681
+  <...>
+  Allocated by task 17681:
+  <...>
+  ibmvnic_login+0x2f0/0xffc [ibmvnic]
+  ibmvnic_open+0x148/0x308 [ibmvnic]
+  __dev_open+0x1ac/0x304
+  <...>
+  The buggy address is located 168 bytes inside of
+                allocated 175-byte region [c0000001331a9a00, c0000001331a9aaf)
+  <...>
+  =================================================================
+  ibmvnic 30000003 env3: 000000000033766e
+
+Fixes: 032c5e82847a ("Driver for IBM System i/p VNIC protocol")
+Signed-off-by: Nick Child <nnac123@linux.ibm.com>
+Reviewed-by: Dave Marquardt <davemarq@linux.ibm.com>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Link: https://patch.msgid.link/20250320212951.11142-1-nnac123@linux.ibm.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+---
+ drivers/net/ethernet/ibm/ibmvnic.c | 30 ++++++++++++++++++------------
+ 1 file changed, 18 insertions(+), 12 deletions(-)
+
+diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c
+index 61db00b2b33e..a9b3e7216789 100644
+--- a/drivers/net/ethernet/ibm/ibmvnic.c
++++ b/drivers/net/ethernet/ibm/ibmvnic.c
+@@ -4841,6 +4841,18 @@ static void vnic_add_client_data(struct ibmvnic_adapter *adapter,
+ 	strscpy(vlcd->name, adapter->netdev->name, len);
+ }
+
++static void ibmvnic_print_hex_dump(struct net_device *dev, void *buf,
++				   size_t len)
++{
++	unsigned char hex_str[16 * 3];
++
++	for (size_t i = 0; i < len; i += 16) {
++		hex_dump_to_buffer((unsigned char *)buf + i, len - i, 16, 8,
++				   hex_str, sizeof(hex_str), false);
++		netdev_dbg(dev, "%s\n", hex_str);
++	}
++}
++
+ static int send_login(struct ibmvnic_adapter *adapter)
+ {
+ 	struct ibmvnic_login_rsp_buffer *login_rsp_buffer;
+@@ -4951,10 +4963,8 @@ static int send_login(struct ibmvnic_adapter *adapter)
+ 	vnic_add_client_data(adapter, vlcd);
+
+ 	netdev_dbg(adapter->netdev, "Login Buffer:\n");
+-	for (i = 0; i < (adapter->login_buf_sz - 1) / 8 + 1; i++) {
+-		netdev_dbg(adapter->netdev, "%016lx\n",
+-			   ((unsigned long *)(adapter->login_buf))[i]);
+-	}
++	ibmvnic_print_hex_dump(adapter->netdev, adapter->login_buf,
++			       adapter->login_buf_sz);
+
+ 	memset(&crq, 0, sizeof(crq));
+ 	crq.login.first = IBMVNIC_CRQ_CMD;
+@@ -5331,15 +5341,13 @@ static void handle_query_ip_offload_rsp(struct ibmvnic_adapter *adapter)
+ {
+ 	struct device *dev = &adapter->vdev->dev;
+ 	struct ibmvnic_query_ip_offload_buffer *buf = &adapter->ip_offload_buf;
+-	int i;
+
+ 	dma_unmap_single(dev, adapter->ip_offload_tok,
+ 			 sizeof(adapter->ip_offload_buf), DMA_FROM_DEVICE);
+
+ 	netdev_dbg(adapter->netdev, "Query IP Offload Buffer:\n");
+-	for (i = 0; i < (sizeof(adapter->ip_offload_buf) - 1) / 8 + 1; i++)
+-		netdev_dbg(adapter->netdev, "%016lx\n",
+-			   ((unsigned long *)(buf))[i]);
++	ibmvnic_print_hex_dump(adapter->netdev, buf,
++			       sizeof(adapter->ip_offload_buf));
+
+ 	netdev_dbg(adapter->netdev, "ipv4_chksum = %d\n", buf->ipv4_chksum);
+ 	netdev_dbg(adapter->netdev, "ipv6_chksum = %d\n", buf->ipv6_chksum);
+@@ -5570,10 +5578,8 @@ static int handle_login_rsp(union ibmvnic_crq *login_rsp_crq,
+ 	netdev->mtu = adapter->req_mtu - ETH_HLEN;
+
+ 	netdev_dbg(adapter->netdev, "Login Response Buffer:\n");
+-	for (i = 0; i < (adapter->login_rsp_buf_sz - 1) / 8 + 1; i++) {
+-		netdev_dbg(adapter->netdev, "%016lx\n",
+-			   ((unsigned long *)(adapter->login_rsp_buf))[i]);
+-	}
++	ibmvnic_print_hex_dump(netdev, adapter->login_rsp_buf,
++			       adapter->login_rsp_buf_sz);
+
+ 	/* Sanity checks */
+ 	if (login->num_txcomp_subcrqs != login_rsp->num_txsubm_subcrqs ||
+-- 
+2.25.1
+