From f83c18b682f2d196c06982b3f7623aab1cd1144d Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Fri, 26 Jan 2024 13:37:08 +0100
Subject: [PATCH] main/linux-lts: upgrade to 5.15.148

---
 main/linux-lts/APKBUILD           |  9 +--
 main/linux-lts/xsa448-linux.patch | 98 -------------------------------
 2 files changed, 3 insertions(+), 104 deletions(-)
 delete mode 100644 main/linux-lts/xsa448-linux.patch

diff --git a/main/linux-lts/APKBUILD b/main/linux-lts/APKBUILD
index 86d29e046143..8310de9e08fe 100644
--- a/main/linux-lts/APKBUILD
+++ b/main/linux-lts/APKBUILD
@@ -2,12 +2,12 @@
 
 _flavor=lts
 pkgname=linux-$_flavor
-pkgver=5.15.147
+pkgver=5.15.148
 case $pkgver in
 	*.*.*)	_kernver=${pkgver%.*};;
 	*.*) _kernver=$pkgver;;
 esac
-pkgrel=1
+pkgrel=0
 pkgdesc="Linux lts kernel"
 url="https://www.kernel.org"
 depends="mkinitfs>=3.6.0"
@@ -22,8 +22,6 @@ source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver
 	vmlinux-zstd.patch
 	ppc-export_mmu_feature_keys_as_non-GPL.patch
 
-	xsa448-linux.patch
-
 	lts.aarch64.config
 	lts.armv7.config
 	lts.x86.config
@@ -316,6 +314,5 @@ b60ddfd4e2bdc7f2b80fb1945a3e39fc837518abbce81eb546fae0b7c2ca828987496dcea2c9170f
 5a91305a3a92ede3fa0910b84e8327dc7e49aa01beb6bf7c49ba9695f21a4f42bf7c7410fac50878858a614baf3e9868e365bb9969defd5ce03933a758119384  virt.ppc64le.config
 6927cec96f09e8222278c9c35d8b31431f900742d4ee14cc66cfdefc2c122f8d31b817ffbacf4b438dcc440ddc3634e22854dce765730bed7984431463f5c374  virt.x86.config
 5759ed39ba27d740a84fbdfc087485c6504ed62067fba61168ee84d4f5463b8f44a63190588a6c4d83de0798c7531f9374eb8f60ea174f7c3453183b898248d7  virt.x86_64.config
-183f1ef69568ea10dcd5e6a03dde18281cd1df53dd6b8a27a21589700f756fa180d51648322822ee03e340ef2e7385877daf66d3f8b7e09286868c7725d3e35e  patch-5.15.147.xz
-8ef2f4aa508fc7d741bab205f47a302bee9130ca630e1999d081c065cf2d25a039b5d0cf210d41bc71f05ed11b826f93cc4af3bfe3a229022150532321051b67  xsa448-linux.patch
+22513243c8a40975dd63ef494f41303008b777df6f891101d469670056d504c771139692dfd59decf9d3381bd78f454a066ce78d50e6e2b0c72d2d6e10cda5b7  patch-5.15.148.xz
 "
diff --git a/main/linux-lts/xsa448-linux.patch b/main/linux-lts/xsa448-linux.patch
deleted file mode 100644
index 831b4a779761..000000000000
--- a/main/linux-lts/xsa448-linux.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From: Jan Beulich <jbeulich@suse.com>
-Subject: xen-netback: don't produce zero-size SKB frags
-
-While frontends may submit zero-size requests (wasting a precious slot),
-core networking code as of at least 3ece782693c4b ("sock: skb_copy_ubufs
-support for compound pages") can't deal with SKBs when they have all
-zero-size fragments. Respond to empty requests right when populating
-fragments; all further processing is fragment based and hence won't
-encounter these empty requests anymore.
-
-In a way this should have been that way from the beginning: When no data
-is to be transferred for a particular request, there's not even a point
-in validating the respective grant ref. That's no different from e.g.
-passing NULL into memcpy() when at the same time the size is 0.
-
-This is XSA-448 / CVE-2023-46838.
-
-Reported-by: Pratyush Yadav <ptyadav@amazon.de>
-Cc: stable@vger.kernel.org
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Juergen Gross <jgross@suse.com>
-Reviewed-by: Paul Durrant <paul@xen.org>
-Acked-by: Pratyush Yadav <ptyadav@amazon.de>
-
---- a/drivers/net/xen-netback/netback.c
-+++ b/drivers/net/xen-netback/netback.c
-@@ -463,12 +463,25 @@ static void xenvif_get_requests(struct x
- 	}
- 
- 	for (shinfo->nr_frags = 0; nr_slots > 0 && shinfo->nr_frags < MAX_SKB_FRAGS;
--	     shinfo->nr_frags++, gop++, nr_slots--) {
-+	     nr_slots--) {
-+		if (unlikely(!txp->size)) {
-+			unsigned long flags;
-+
-+			spin_lock_irqsave(&queue->response_lock, flags);
-+			make_tx_response(queue, txp, 0, XEN_NETIF_RSP_OKAY);
-+			push_tx_responses(queue);
-+			spin_unlock_irqrestore(&queue->response_lock, flags);
-+			++txp;
-+			continue;
-+		}
-+
- 		index = pending_index(queue->pending_cons++);
- 		pending_idx = queue->pending_ring[index];
- 		xenvif_tx_create_map_op(queue, pending_idx, txp,
- 				        txp == first ? extra_count : 0, gop);
- 		frag_set_pending_idx(&frags[shinfo->nr_frags], pending_idx);
-+		++shinfo->nr_frags;
-+		++gop;
- 
- 		if (txp == first)
- 			txp = txfrags;
-@@ -481,20 +494,39 @@ static void xenvif_get_requests(struct x
- 		shinfo = skb_shinfo(nskb);
- 		frags = shinfo->frags;
- 
--		for (shinfo->nr_frags = 0; shinfo->nr_frags < nr_slots;
--		     shinfo->nr_frags++, txp++, gop++) {
-+		for (shinfo->nr_frags = 0; shinfo->nr_frags < nr_slots; ++txp) {
-+			if (unlikely(!txp->size)) {
-+				unsigned long flags;
-+
-+				spin_lock_irqsave(&queue->response_lock, flags);
-+				make_tx_response(queue, txp, 0,
-+						 XEN_NETIF_RSP_OKAY);
-+				push_tx_responses(queue);
-+				spin_unlock_irqrestore(&queue->response_lock,
-+						       flags);
-+				continue;
-+			}
-+
- 			index = pending_index(queue->pending_cons++);
- 			pending_idx = queue->pending_ring[index];
- 			xenvif_tx_create_map_op(queue, pending_idx, txp, 0,
- 						gop);
- 			frag_set_pending_idx(&frags[shinfo->nr_frags],
- 					     pending_idx);
-+			++shinfo->nr_frags;
-+			++gop;
- 		}
- 
--		skb_shinfo(skb)->frag_list = nskb;
--	} else if (nskb) {
-+		if (shinfo->nr_frags) {
-+			skb_shinfo(skb)->frag_list = nskb;
-+			nskb = NULL;
-+		}
-+	}
-+
-+	if (nskb) {
- 		/* A frag_list skb was allocated but it is no longer needed
--		 * because enough slots were converted to copy ops above.
-+		 * because enough slots were converted to copy ops above or some
-+		 * were empty.
- 		 */
- 		kfree_skb(nskb);
- 	}
-- 
GitLab