From 5a44c01adcffec32de3b717286f2bd9aadc10a50 Mon Sep 17 00:00:00 2001 From: Denis Kirjanov Date: Jul 28 2020 15:30:47 +0000 Subject: Merge remote-tracking branch 'origin/SLE15-SP1' into SLE12-SP5 Conflicts: series.conf --- diff --git a/blacklist.conf b/blacklist.conf index 5665bca..a9af9b3 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -1581,3 +1581,6 @@ ef1548adada51a2f32ed7faef50aa465e1b4c5da # The problem gets exposed by 69879c01a 1c49f35e9e9156273124a0cfd38b57f7a7d4828f # Not applicable: video: vt8500lcdfb: fix fallthrough warning 2bbcaaee1fcbd83272e29f31e2bb7e70d8c49e05 # ath9k: leading to a regression (bko#208251) 54d2495b1a787ffb1846efbe1277d2d37f3ebc21 # ath9k: revert of the above commit in stable tree +c5828150067c47a97f30e690a472e0548d3ac97d # cleanup removing unused symbols +7212303268918b9a203aebeacfdbd83b5e87b20d # reverted in 1ca0fafd73c5 +5fc6266af7b427243da24f3443a50cd4584aac06 # the check was added later diff --git a/patches.kabi/l2tp-do-not-use-inet_hash-inet_unhash.patch b/patches.kabi/l2tp-do-not-use-inet_hash-inet_unhash.patch new file mode 100644 index 0000000..82b6827 --- /dev/null +++ b/patches.kabi/l2tp-do-not-use-inet_hash-inet_unhash.patch @@ -0,0 +1,27 @@ +From: Jiri Slaby +Subject: kABI: reintroduce inet_hashtables.h include to l2tp_ip +Patch-mainline: never, kabi +References: kabi + +In networking-stable-20_06_07, commit 02c71b144c81 (l2tp: do not use +inet_hash()/inet_unhash()) removed net/inet_hashtables.h include from +l2tp_ip.c. This made struct inet_hashinfo undefined for the kABI +checker. + +Reintroduce the include so that the structure remains defined. + +Signed-off-by: Jiri Slaby +--- + net/l2tp/l2tp_ip.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/l2tp/l2tp_ip.c ++++ b/net/l2tp/l2tp_ip.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + #include + #include + #include diff --git a/patches.kabi/pcie-revive-__aer_firmware_first_valid.patch b/patches.kabi/pcie-revive-__aer_firmware_first_valid.patch new file mode 100644 index 0000000..2ab26e2 --- /dev/null +++ b/patches.kabi/pcie-revive-__aer_firmware_first_valid.patch @@ -0,0 +1,29 @@ +From: Takashi Iwai +Subject: pci: Revive pci_dev __aer_firmware_first* fields for kABI +Patch-mainline: Never, kABI compatibility fix +References: bsc#1174356 + +The upstream commit 708b20003624 ("PCI/AER: Remove HEST/FIRMWARE_FIRST +parsing for AER ownership") removed two unused fields from pci_dev +struct, and this broke kABI. + +Revive those fields to keep the kABI compatibility. +They are just placeholders without actual usage. + +Signed-off-by: Takashi Iwai + +--- + include/linux/pci.h | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/include/linux/pci.h ++++ b/include/linux/pci.h +@@ -408,6 +408,8 @@ struct pci_dev { + * mappings to make sure they cannot access arbitrary memory. + */ + unsigned int untrusted:1; ++ unsigned int __aer_firmware_first_valid:1; /* XXX: no longer used, SLE-specific kABI placeholder */ ++ unsigned int __aer_firmware_first:1; /* XXX: no longer used, SLE-specific kABI placeholder */ + unsigned int broken_intx_masking:1; + unsigned int io_window_1k:1; /* Intel P2P bridge 1K I/O windows */ + unsigned int irq_managed:1; diff --git a/patches.kabi/suse-hv-2037-PCI-hv-Introduce-hv_msi_entry.patch b/patches.kabi/suse-hv-2037-PCI-hv-Introduce-hv_msi_entry.patch new file mode 100644 index 0000000..3bb79b3 --- /dev/null +++ b/patches.kabi/suse-hv-2037-PCI-hv-Introduce-hv_msi_entry.patch @@ -0,0 +1,34 @@ +From: Olaf Hering +Date: Fri Jul 10 08:08:08 UTC 2020 +Subject: kabi: hv: prevent struct device_node to become defined +Patch-mainline: Never, kabi +References: bsc#1172871 + +Prevent following kabi breakage: + +KABI: symbol vmbus_are_subchannels_present(mod:drivers/hv/hv_vmbus) changed crc from 0x07db3f8f to 0xf5735051 +KABI: symbol vmbus_hvsock_device_unregister(mod:drivers/hv/hv_vmbus) changed crc from 0x2e1db501 to 0xaef287e2 +KABI: symbol vmbus_set_chn_rescind_callback(mod:drivers/hv/hv_vmbus) changed crc from 0x8f480c9e to 0x043a1948 +KABI: symbol vmbus_set_event(mod:drivers/hv/hv_vmbus) changed crc from 0x7bec4282 to 0x38d20f5a +KABI: symbol vmbus_set_sc_create_callback(mod:drivers/hv/hv_vmbus) changed crc from 0x66476229 to 0x88cc767c +KABI: aborting due to kabi changes. +Detailed kabi warnings: +drivers/hv/connection.c:478: warning: vmbus_set_event: modversion changed because of changes in struct device_node (became defined), struct irq_domain (became defined) +drivers/hv/channel_mgmt.c:1139: warning: vmbus_hvsock_device_unregister: modversion changed because of changes in struct device_node (became defined), struct irq_domain (became defined) +drivers/hv/channel_mgmt.c:1445: warning: vmbus_set_sc_create_callback: modversion changed because of changes in struct device_node (became defined), struct irq_domain (became defined) +drivers/hv/channel_mgmt.c:1464: warning: vmbus_are_subchannels_present: modversion changed because of changes in struct device_node (became defined), struct irq_domain (became defined) +drivers/hv/channel_mgmt.c:1471: warning: vmbus_set_chn_rescind_callback: modversion changed because of changes in struct device_node (became defined), struct irq_domain (became defined) + +Fixes commit 1cf106d93245f436c10e73cd3d4b885067d4bbcc +--- a/arch/x86/include/asm/mshyperv.h ++++ b/arch/x86/include/asm/mshyperv.h +@@ -3,7 +3,9 @@ + + #include + #include ++#ifndef __GENKSYMS__ + #include ++#endif + #include + #include + #include diff --git a/patches.suse/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch b/patches.suse/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch index 79045c6..39fc8e1 100644 --- a/patches.suse/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch +++ b/patches.suse/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch @@ -23,17 +23,18 @@ Signed-off-by: James Morris Acked-by: Lee, Chun-Yi Acked-by: Jean Delvare --- - drivers/char/mem.c | 2 ++ - 1 file changed, 2 insertions(+) + drivers/char/mem.c | 3 +++ + 1 file changed, 3 insertions(+) --- a/drivers/char/mem.c +++ b/drivers/char/mem.c -@@ -779,6 +779,8 @@ static loff_t memory_lseek(struct file * +@@ -842,6 +842,9 @@ static int open_port(struct inode *inode + if (!capable(CAP_SYS_RAWIO)) + return -EPERM; - static int open_port(struct inode *inode, struct file *filp) - { + if (kernel_is_locked_down()) + return -EPERM; - return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; - } ++ + if (iminor(inode) != DEVMEM_MINOR) + return 0; diff --git a/patches.suse/ACPI-video-Use-native-backlight-on-Acer-Aspire-5783z.patch b/patches.suse/ACPI-video-Use-native-backlight-on-Acer-Aspire-5783z.patch new file mode 100644 index 0000000..785010a --- /dev/null +++ b/patches.suse/ACPI-video-Use-native-backlight-on-Acer-Aspire-5783z.patch @@ -0,0 +1,41 @@ +From 1c8fbc1f9bfb804ef2f0d4ee9397ab800e33f23a Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Tue, 31 Mar 2020 14:36:23 +0200 +Subject: [PATCH] ACPI: video: Use native backlight on Acer Aspire 5783z +Git-commit: 1c8fbc1f9bfb804ef2f0d4ee9397ab800e33f23a +Patch-mainline: v5.7-rc1 +References: bsc#1111666 + +The Acer Aspire 5783z shipped with Windows 7 and as such does not trigger +our "win8 ready" heuristic for prefering the native backlight interface. + +Still ACPI backlight control doesn't work on this model, where as the +native (intel_video) backlight interface does work. Add a quirk to +force using native backlight control on this model. + +Signed-off-by: Hans de Goede +Signed-off-by: Rafael J. Wysocki +Acked-by: Takashi Iwai + +--- + drivers/acpi/video_detect.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/drivers/acpi/video_detect.c ++++ b/drivers/acpi/video_detect.c +@@ -311,6 +311,15 @@ static const struct dmi_system_id video_ + DMI_MATCH(DMI_PRODUCT_NAME, "Vostro V131"), + }, + }, ++ { ++ .callback = video_detect_force_native, ++ .ident = "Acer Aspire 5738z", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Acer"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "Aspire 5738"), ++ DMI_MATCH(DMI_BOARD_NAME, "JV50"), ++ }, ++ }, + + /* + * Desktops which falsely report a backlight and which our heuristics diff --git a/patches.suse/ACPI-video-Use-native-backlight-on-Acer-TravelMate-5.patch b/patches.suse/ACPI-video-Use-native-backlight-on-Acer-TravelMate-5.patch new file mode 100644 index 0000000..928a30e --- /dev/null +++ b/patches.suse/ACPI-video-Use-native-backlight-on-Acer-TravelMate-5.patch @@ -0,0 +1,60 @@ +From c41c36e900a337b4132b12ccabc97f5578248b44 Mon Sep 17 00:00:00 2001 +From: Paul Menzel +Date: Fri, 22 May 2020 14:22:28 +0200 +Subject: [PATCH] ACPI: video: Use native backlight on Acer TravelMate 5735Z +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: c41c36e900a337b4132b12ccabc97f5578248b44 +Patch-mainline: v5.8-rc1 +References: bsc#1111666 + +Currently, changing the brightness of the internal display of the Acer +TravelMate 5735Z does not work. Pressing the function keys or changing the +slider, GNOME Shell 3.36.2 displays the OSD (five steps), but the +brightness does not change. + +The Acer TravelMate 5735Z shipped with Windows 7 and as such does not +trigger our "win8 ready" heuristic for preferring the native backlight +interface. + +Still ACPI backlight control doesn't work on this model, where as the +native (intel_video) backlight interface does work by adding +`acpi_backlight=native` or `acpi_backlight=none` to Linux’ command line. + +So, add a quirk to force using native backlight control on this model. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=207835 +Reviewed-by: Hans de Goede +Signed-off-by: Paul Menzel +Signed-off-by: Rafael J. Wysocki +Acked-by: Takashi Iwai + +--- + drivers/acpi/video_detect.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c +index b4994e50608d..2499d7e3c710 100644 +--- a/drivers/acpi/video_detect.c ++++ b/drivers/acpi/video_detect.c +@@ -361,6 +361,16 @@ static const struct dmi_system_id video_detect_dmi_table[] = { + DMI_MATCH(DMI_BOARD_NAME, "JV50"), + }, + }, ++ { ++ /* https://bugzilla.kernel.org/show_bug.cgi?id=207835 */ ++ .callback = video_detect_force_native, ++ .ident = "Acer TravelMate 5735Z", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Acer"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 5735Z"), ++ DMI_MATCH(DMI_BOARD_NAME, "BA51_MV"), ++ }, ++ }, + + /* + * Desktops which falsely report a backlight and which our heuristics +-- +2.16.4 + diff --git a/patches.suse/ALSA-hda-let-hs_mic-be-picked-ahead-of-hp_mic.patch b/patches.suse/ALSA-hda-let-hs_mic-be-picked-ahead-of-hp_mic.patch new file mode 100644 index 0000000..f42f3a6 --- /dev/null +++ b/patches.suse/ALSA-hda-let-hs_mic-be-picked-ahead-of-hp_mic.patch @@ -0,0 +1,62 @@ +From 6a6ca7881b1ab1c13fe0d70bae29211a65dd90de Mon Sep 17 00:00:00 2001 +From: Hui Wang +Date: Thu, 25 Jun 2020 16:38:33 +0800 +Subject: [PATCH] ALSA: hda - let hs_mic be picked ahead of hp_mic +Git-commit: 6a6ca7881b1ab1c13fe0d70bae29211a65dd90de +Patch-mainline: v5.8-rc5 +References: bsc#1111666 + +We have a Dell AIO, there is neither internal speaker nor internal +mic, only a multi-function audio jack on it. + +Users reported that after freshly installing the OS and plug +a headset to the audio jack, the headset can't output sound. I +reproduced this bug, at that moment, the Input Source is as below: +Simple mixer control 'Input Source',0 + Capabilities: cenum + Items: 'Headphone Mic' 'Headset Mic' + Item0: 'Headphone Mic' + +That is because the patch_realtek will set this audio jack as mic_in +mode if Input Source's value is hp_mic. + +If it is not fresh installing, this issue will not happen since the +systemd will run alsactl restore -f /var/lib/alsa/asound.state, this +will set the 'Input Source' according to history value. + +If there is internal speaker or internal mic, this issue will not +happen since there is valid sink/source in the pulseaudio, the PA will +set the 'Input Source' according to active_port. + +To fix this issue, change the parser function to let the hs_mic be +stored ahead of hp_mic. + +Cc: stable@vger.kernel.org +Signed-off-by: Hui Wang +Link: https://lore.kernel.org/r/20200625083833.11264-1-hui.wang@canonical.com +Signed-off-by: Takashi Iwai + +--- + sound/pci/hda/hda_auto_parser.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/sound/pci/hda/hda_auto_parser.c b/sound/pci/hda/hda_auto_parser.c +index 2c6d2becfe1a..824f4ac1a8ce 100644 +--- a/sound/pci/hda/hda_auto_parser.c ++++ b/sound/pci/hda/hda_auto_parser.c +@@ -72,6 +72,12 @@ static int compare_input_type(const void *ap, const void *bp) + if (a->type != b->type) + return (int)(a->type - b->type); + ++ /* If has both hs_mic and hp_mic, pick the hs_mic ahead of hp_mic. */ ++ if (a->is_headset_mic && b->is_headphone_mic) ++ return -1; /* don't swap */ ++ else if (a->is_headphone_mic && b->is_headset_mic) ++ return 1; /* swap */ ++ + /* In case one has boost and the other one has not, + pick the one with boost first. */ + return (int)(b->has_boost_on_pin - a->has_boost_on_pin); +-- +2.16.4 + diff --git a/patches.suse/ALSA-opl3-fix-infoleak-in-opl3.patch b/patches.suse/ALSA-opl3-fix-infoleak-in-opl3.patch new file mode 100644 index 0000000..c4a1869 --- /dev/null +++ b/patches.suse/ALSA-opl3-fix-infoleak-in-opl3.patch @@ -0,0 +1,40 @@ +From ad155712bb1ea2151944cf06a0e08c315c70c1e3 Mon Sep 17 00:00:00 2001 +From: xidongwang +Date: Sun, 5 Jul 2020 20:27:38 -0700 +Subject: [PATCH] ALSA: opl3: fix infoleak in opl3 +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: ad155712bb1ea2151944cf06a0e08c315c70c1e3 +Patch-mainline: v5.8-rc5 +References: bsc#1111666 + +The stack object “info” in snd_opl3_ioctl() has a leaking problem. +It has 2 padding bytes which are not initialized and leaked via +“copy_to_user”. + +Signed-off-by: xidongwang +Cc: +Link: https://lore.kernel.org/r/1594006058-30362-1-git-send-email-wangxidong_97@163.com +Signed-off-by: Takashi Iwai + +--- + sound/drivers/opl3/opl3_synth.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/sound/drivers/opl3/opl3_synth.c b/sound/drivers/opl3/opl3_synth.c +index e69a4ef0d6bd..08c10ac9d6c8 100644 +--- a/sound/drivers/opl3/opl3_synth.c ++++ b/sound/drivers/opl3/opl3_synth.c +@@ -91,6 +91,8 @@ int snd_opl3_ioctl(struct snd_hwdep * hw, struct file *file, + { + struct snd_dm_fm_info info; + ++ memset(&info, 0, sizeof(info)); ++ + info.fm_mode = opl3->fm_mode; + info.rhythm = opl3->rhythm; + if (copy_to_user(argp, &info, sizeof(struct snd_dm_fm_info))) +-- +2.16.4 + diff --git a/patches.suse/ALSA-usb-audio-add-quirk-for-MacroSilicon-MS2109.patch b/patches.suse/ALSA-usb-audio-add-quirk-for-MacroSilicon-MS2109.patch new file mode 100644 index 0000000..b696fcd --- /dev/null +++ b/patches.suse/ALSA-usb-audio-add-quirk-for-MacroSilicon-MS2109.patch @@ -0,0 +1,84 @@ +From e337bf19f6af38d5c3fa6d06cd594e0f890ca1ac Mon Sep 17 00:00:00 2001 +From: Hector Martin +Date: Thu, 2 Jul 2020 16:14:33 +0900 +Subject: [PATCH] ALSA: usb-audio: add quirk for MacroSilicon MS2109 +Git-commit: e337bf19f6af38d5c3fa6d06cd594e0f890ca1ac +Patch-mainline: v5.8-rc5 +References: bsc#1111666 + +These devices claim to be 96kHz mono, but actually are 48kHz stereo with +swapped channels and unaligned transfers. + +Cc: stable@vger.kernel.org +Signed-off-by: Hector Martin +Link: https://lore.kernel.org/r/20200702071433.237843-1-marcan@marcan.st +Signed-off-by: Takashi Iwai + +--- + sound/usb/quirks-table.h | 52 ++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 52 insertions(+) + +diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h +index 4ec491011b19..9092cc0aa807 100644 +--- a/sound/usb/quirks-table.h ++++ b/sound/usb/quirks-table.h +@@ -3633,4 +3633,56 @@ ALC1220_VB_DESKTOP(0x26ce, 0x0a01), /* Asrock TRX40 Creator */ + } + }, + ++/* ++ * MacroSilicon MS2109 based HDMI capture cards ++ * ++ * These claim 96kHz 1ch in the descriptors, but are actually 48kHz 2ch. ++ * They also need QUIRK_AUDIO_ALIGN_TRANSFER, which makes one wonder if ++ * they pretend to be 96kHz mono as a workaround for stereo being broken ++ * by that... ++ * ++ * They also have swapped L-R channels, but that's for userspace to deal ++ * with. ++ */ ++{ ++ USB_DEVICE(0x534d, 0x2109), ++ .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) { ++ .vendor_name = "MacroSilicon", ++ .product_name = "MS2109", ++ .ifnum = QUIRK_ANY_INTERFACE, ++ .type = QUIRK_COMPOSITE, ++ .data = &(const struct snd_usb_audio_quirk[]) { ++ { ++ .ifnum = 2, ++ .type = QUIRK_AUDIO_ALIGN_TRANSFER, ++ }, ++ { ++ .ifnum = 2, ++ .type = QUIRK_AUDIO_STANDARD_MIXER, ++ }, ++ { ++ .ifnum = 3, ++ .type = QUIRK_AUDIO_FIXED_ENDPOINT, ++ .data = &(const struct audioformat) { ++ .formats = SNDRV_PCM_FMTBIT_S16_LE, ++ .channels = 2, ++ .iface = 3, ++ .altsetting = 1, ++ .altset_idx = 1, ++ .attributes = 0, ++ .endpoint = 0x82, ++ .ep_attr = USB_ENDPOINT_XFER_ISOC | ++ USB_ENDPOINT_SYNC_ASYNC, ++ .rates = SNDRV_PCM_RATE_CONTINUOUS, ++ .rate_min = 48000, ++ .rate_max = 48000, ++ } ++ }, ++ { ++ .ifnum = -1 ++ } ++ } ++ } ++}, ++ + #undef USB_DEVICE_VENDOR_SPEC +-- +2.16.4 + diff --git a/patches.suse/Bluetooth-Consolidate-encryption-handling-in-hci_enc.patch b/patches.suse/Bluetooth-Consolidate-encryption-handling-in-hci_enc.patch new file mode 100644 index 0000000..918b190 --- /dev/null +++ b/patches.suse/Bluetooth-Consolidate-encryption-handling-in-hci_enc.patch @@ -0,0 +1,101 @@ +From 3ca44c16b0dcc764b641ee4ac226909f5c421aa3 Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz +Date: Tue, 19 May 2020 13:25:19 -0700 +Subject: [PATCH] Bluetooth: Consolidate encryption handling in hci_encrypt_cfm +Patch-mainline: v5.8-rc1 +Git-commit: 3ca44c16b0dcc764b641ee4ac226909f5c421aa3 +References: bsc#1171988 CVE-2020-10135 + +This makes hci_encrypt_cfm calls hci_connect_cfm in case the connection +state is BT_CONFIG so callers don't have to check the state. + +Signed-off-by: Luiz Augusto von Dentz +Signed-off-by: Marcel Holtmann +Acked-by: Cho, Yu-Chen +--- + include/net/bluetooth/hci_core.h | 20 ++++++++++++++++++-- + net/bluetooth/hci_event.c | 28 +++------------------------- + 2 files changed, 21 insertions(+), 27 deletions(-) + +--- a/include/net/bluetooth/hci_core.h ++++ b/include/net/bluetooth/hci_core.h +@@ -1252,10 +1252,26 @@ static inline void hci_auth_cfm(struct h + conn->security_cfm_cb(conn, status); + } + +-static inline void hci_encrypt_cfm(struct hci_conn *conn, __u8 status, +- __u8 encrypt) ++static inline void hci_encrypt_cfm(struct hci_conn *conn, __u8 status) + { + struct hci_cb *cb; ++ __u8 encrypt; ++ ++ if (conn->state == BT_CONFIG) { ++ if (status) ++ conn->state = BT_CONNECTED; ++ ++ hci_connect_cfm(conn, status); ++ hci_conn_drop(conn); ++ return; ++ } ++ ++ if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags)) ++ encrypt = 0x00; ++ else if (test_bit(HCI_CONN_AES_CCM, &conn->flags)) ++ encrypt = 0x02; ++ else ++ encrypt = 0x01; + + if (conn->sec_level == BT_SECURITY_SDP) + conn->sec_level = BT_SECURITY_LOW; +--- a/net/bluetooth/hci_event.c ++++ b/net/bluetooth/hci_event.c +@@ -2475,7 +2475,7 @@ static void hci_auth_complete_evt(struct + &cp); + } else { + clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); +- hci_encrypt_cfm(conn, ev->status, 0x00); ++ hci_encrypt_cfm(conn, ev->status); + } + } + +@@ -2561,22 +2561,7 @@ static void read_enc_key_size_complete(s + conn->enc_key_size = rp->key_size; + } + +- if (conn->state == BT_CONFIG) { +- conn->state = BT_CONNECTED; +- hci_connect_cfm(conn, 0); +- hci_conn_drop(conn); +- } else { +- u8 encrypt; +- +- if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags)) +- encrypt = 0x00; +- else if (test_bit(HCI_CONN_AES_CCM, &conn->flags)) +- encrypt = 0x02; +- else +- encrypt = 0x01; +- +- hci_encrypt_cfm(conn, 0, encrypt); +- } ++ hci_encrypt_cfm(conn, 0); + + unlock: + hci_dev_unlock(hdev); +@@ -2673,14 +2658,7 @@ static void hci_encrypt_change_evt(struc + } + + notify: +- if (conn->state == BT_CONFIG) { +- if (!ev->status) +- conn->state = BT_CONNECTED; +- +- hci_connect_cfm(conn, ev->status); +- hci_conn_drop(conn); +- } else +- hci_encrypt_cfm(conn, ev->status, ev->encrypt); ++ hci_encrypt_cfm(conn, ev->status); + + unlock: + hci_dev_unlock(hdev); diff --git a/patches.suse/Bluetooth-Disconnect-if-E0-is-used-for-Level-4.patch b/patches.suse/Bluetooth-Disconnect-if-E0-is-used-for-Level-4.patch new file mode 100644 index 0000000..9be4f82 --- /dev/null +++ b/patches.suse/Bluetooth-Disconnect-if-E0-is-used-for-Level-4.patch @@ -0,0 +1,142 @@ +From: Luiz Augusto von Dentz +Date: Wed, 20 May 2020 14:20:14 -0700 +Subject: [PATCH] Bluetooth: Disconnect if E0 is used for Level 4 +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git +Git-commit: 8746f135bb01872ff412d408ea1aa9ebd328c1f5 +References: bsc#1171988 CVE-2020-10135 + +E0 is not allowed with Level 4: + +BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C page 1319: + + '128-bit equivalent strength for link and encryption keys + required using FIPS approved algorithms (E0 not allowed, + SAFER+ not allowed, and P-192 not allowed; encryption key + not shortened' + +SC enabled: + +> HCI Event: Read Remote Extended Features (0x23) plen 13 + Status: Success (0x00) + Handle: 256 + Page: 1/2 + Features: 0x0b 0x00 0x00 0x00 0x00 0x00 0x00 0x00 + Secure Simple Pairing (Host Support) + LE Supported (Host) + Secure Connections (Host Support) +> HCI Event: Encryption Change (0x08) plen 4 + Status: Success (0x00) + Handle: 256 + Encryption: Enabled with AES-CCM (0x02) + +SC disabled: + +> HCI Event: Read Remote Extended Features (0x23) plen 13 + Status: Success (0x00) + Handle: 256 + Page: 1/2 + Features: 0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00 + Secure Simple Pairing (Host Support) + LE Supported (Host) +> HCI Event: Encryption Change (0x08) plen 4 + Status: Success (0x00) + Handle: 256 + Encryption: Enabled with E0 (0x01) +[May 8 20:23] Bluetooth: hci0: Invalid security: expect AES but E0 was used +< HCI Command: Disconnect (0x01|0x0006) plen 3 + Handle: 256 + Reason: Authentication Failure (0x05) + +Signed-off-by: Luiz Augusto von Dentz +Signed-off-by: Marcel Holtmann +Acked-by: Cho, Yu-Chen +--- + include/net/bluetooth/hci_core.h | 10 ++++++---- + net/bluetooth/hci_conn.c | 17 +++++++++++++++++ + net/bluetooth/hci_event.c | 20 ++++++++------------ + 3 files changed, 31 insertions(+), 16 deletions(-) + +--- a/include/net/bluetooth/hci_core.h ++++ b/include/net/bluetooth/hci_core.h +@@ -1273,11 +1273,13 @@ static inline void hci_encrypt_cfm(struc + else + encrypt = 0x01; + +- if (conn->sec_level == BT_SECURITY_SDP) +- conn->sec_level = BT_SECURITY_LOW; ++ if (!status) { ++ if (conn->sec_level == BT_SECURITY_SDP) ++ conn->sec_level = BT_SECURITY_LOW; + +- if (conn->pending_sec_level > conn->sec_level) +- conn->sec_level = conn->pending_sec_level; ++ if (conn->pending_sec_level > conn->sec_level) ++ conn->sec_level = conn->pending_sec_level; ++ } + + mutex_lock(&hci_cb_list_lock); + list_for_each_entry(cb, &hci_cb_list, list) { +--- a/net/bluetooth/hci_conn.c ++++ b/net/bluetooth/hci_conn.c +@@ -1150,6 +1150,23 @@ int hci_conn_check_link_mode(struct hci_ + return 0; + } + ++ /* AES encryption is required for Level 4: ++ * ++ * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C ++ * page 1319: ++ * ++ * 128-bit equivalent strength for link and encryption keys ++ * required using FIPS approved algorithms (E0 not allowed, ++ * SAFER+ not allowed, and P-192 not allowed; encryption key ++ * not shortened) ++ */ ++ if (conn->sec_level == BT_SECURITY_FIPS && ++ !test_bit(HCI_CONN_AES_CCM, &conn->flags)) { ++ bt_dev_err(conn->hdev, ++ "Invalid security: Missing AES-CCM usage"); ++ return 0; ++ } ++ + if (hci_conn_ssp_enabled(conn) && + !test_bit(HCI_CONN_ENCRYPT, &conn->flags)) + return 0; +--- a/net/bluetooth/hci_event.c ++++ b/net/bluetooth/hci_event.c +@@ -2608,26 +2608,22 @@ static void hci_encrypt_change_evt(struc + + clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); + ++ /* Check link security requirements are met */ ++ if (!hci_conn_check_link_mode(conn)) ++ ev->status = HCI_ERROR_AUTH_FAILURE; ++ + if (ev->status && conn->state == BT_CONNECTED) { + if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING) + set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags); + ++ /* Notify upper layers so they can cleanup before ++ * disconnecting. ++ */ ++ hci_encrypt_cfm(conn, ev->status); + hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); + hci_conn_drop(conn); + goto unlock; + } +- +- /* In Secure Connections Only mode, do not allow any connections +- * that are not encrypted with AES-CCM using a P-256 authenticated +- * combination key. +- */ +- if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && +- (!test_bit(HCI_CONN_AES_CCM, &conn->flags) || +- conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) { +- hci_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE); +- hci_conn_drop(conn); +- goto unlock; +- } + + /* Try reading the encryption key size for encrypted ACL links */ + if (!ev->status && ev->encrypt && conn->type == ACL_LINK) { diff --git a/patches.suse/Btrfs-fix-block-group-remaining-RO-forever-after-err.patch b/patches.suse/Btrfs-fix-block-group-remaining-RO-forever-after-err.patch index 90a59e2..fd41746 100644 --- a/patches.suse/Btrfs-fix-block-group-remaining-RO-forever-after-err.patch +++ b/patches.suse/Btrfs-fix-block-group-remaining-RO-forever-after-err.patch @@ -81,15 +81,15 @@ diff --git a/fs/btrfs/ordered-data.h b/fs/btrfs/ordered-data.h index 4330731..85fd1fd 100644 --- a/fs/btrfs/ordered-data.h +++ b/fs/btrfs/ordered-data.h -@@ -195,7 +195,7 @@ int btrfs_find_ordered_sum(struct inode *inode, u64 offset, u64 disk_bytenr, +@@ -195,7 +195,7 @@ int btrfs_find_ordered_sum(struct inode u32 *sum, int len); u64 btrfs_wait_ordered_extents(struct btrfs_root *root, u64 nr, const u64 range_start, const u64 range_len); -u64 btrfs_wait_ordered_roots(struct btrfs_fs_info *fs_info, u64 nr, +void btrfs_wait_ordered_roots(struct btrfs_fs_info *fs_info, u64 nr, const u64 range_start, const u64 range_len); - int __init ordered_data_init(void); - void ordered_data_exit(void); + void btrfs_lock_and_flush_ordered_range(struct extent_io_tree *tree, + struct btrfs_inode *inode, u64 start, diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c index 0b1637a..ad46263 100644 --- a/fs/btrfs/scrub.c diff --git a/patches.suse/HID-magicmouse-do-not-set-up-autorepeat.patch b/patches.suse/HID-magicmouse-do-not-set-up-autorepeat.patch new file mode 100644 index 0000000..a2dbd49 --- /dev/null +++ b/patches.suse/HID-magicmouse-do-not-set-up-autorepeat.patch @@ -0,0 +1,42 @@ +From 6363d2065cd399cf9d6dc9d08c437f8658831100 Mon Sep 17 00:00:00 2001 +From: Dmitry Torokhov +Date: Sun, 24 May 2020 16:51:34 -0700 +Subject: [PATCH] HID: magicmouse: do not set up autorepeat +Git-commit: 6363d2065cd399cf9d6dc9d08c437f8658831100 +References: git-fixes +patch-mainline: v5.8-rc6 + +Neither the trackpad, nor the mouse want input core to generate autorepeat +events for their buttons, so let's reset the bit (as hid-input sets it for +these devices based on the usage vendor code). + +Cc: stable@vger.kernel.org +Reported-by: Yariv +Tested-by: Yariv +Signed-off-by: Dmitry Torokhov +Signed-off-by: Jiri Kosina +Signed-off-by: Oliver Neukum +--- + drivers/hid/hid-magicmouse.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/hid/hid-magicmouse.c b/drivers/hid/hid-magicmouse.c +index 34138667f8af..abd86903875f 100644 +--- a/drivers/hid/hid-magicmouse.c ++++ b/drivers/hid/hid-magicmouse.c +@@ -535,6 +535,12 @@ static int magicmouse_setup_input(struct input_dev *input, struct hid_device *hd + __set_bit(MSC_RAW, input->mscbit); + } + ++ /* ++ * hid-input may mark device as using autorepeat, but neither ++ * the trackpad, nor the mouse actually want it. ++ */ ++ __clear_bit(EV_REP, input->evbit); ++ + return 0; + } + +-- +2.16.4 + diff --git a/patches.suse/IB-hfi1-Do-not-destroy-hfi1_wq-when-the-device-is-sh.patch b/patches.suse/IB-hfi1-Do-not-destroy-hfi1_wq-when-the-device-is-sh.patch new file mode 100644 index 0000000..63c59ab --- /dev/null +++ b/patches.suse/IB-hfi1-Do-not-destroy-hfi1_wq-when-the-device-is-sh.patch @@ -0,0 +1,140 @@ +From: Kaike Wan +Date: Tue, 23 Jun 2020 16:40:47 -0400 +Subject: IB/hfi1: Do not destroy hfi1_wq when the device is shut down +Patch-mainline: v5.8-rc5 +Git-commit: 28b70cd9236563e1a88a6094673fef3c08db0d51 +References: bsc#1174409 + +The workqueue hfi1_wq is destroyed in function shutdown_device(), which is +called by either shutdown_one() or remove_one(). The function +shutdown_one() is called when the kernel is rebooted while remove_one() is +called when the hfi1 driver is unloaded. When the kernel is rebooted, +hfi1_wq is destroyed while all qps are still active, leading to a kernel +crash: + + BUG: unable to handle kernel NULL pointer dereference at 0000000000000102 + IP: [] __queue_work+0x32/0x3e0 + PGD 0 + Oops: 0000 [#1] SMP + Modules linked in: dm_round_robin nvme_rdma(OE) nvme_fabrics(OE) nvme_core(OE) ib_isert iscsi_target_mod target_core_mod ib_ucm mlx4_ib iTCO_wdt iTCO_vendor_support mxm_wmi sb_edac intel_powerclamp coretemp intel_rapl iosf_mbi kvm rpcrdma sunrpc irqbypass crc32_pclmul ghash_clmulni_intel rdma_ucm aesni_intel ib_uverbs lrw gf128mul opa_vnic glue_helper ablk_helper ib_iser cryptd ib_umad rdma_cm iw_cm ses enclosure libiscsi scsi_transport_sas pcspkr joydev ib_ipoib(OE) scsi_transport_iscsi ib_cm sg ipmi_ssif mei_me lpc_ich i2c_i801 mei ioatdma ipmi_si dm_multipath ipmi_devintf ipmi_msghandler wmi acpi_pad acpi_power_meter hangcheck_timer ip_tables ext4 mbcache jbd2 mlx4_en sd_mod crc_t10dif crct10dif_generic mgag200 drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm hfi1(OE) + crct10dif_pclmul crct10dif_common crc32c_intel drm ahci mlx4_core libahci rdmavt(OE) igb megaraid_sas ib_core libata drm_panel_orientation_quirks ptp pps_core devlink dca i2c_algo_bit dm_mirror dm_region_hash dm_log dm_mod + CPU: 19 PID: 0 Comm: swapper/19 Kdump: loaded Tainted: G OE ------------ 3.10.0-957.el7.x86_64 #1 + Hardware name: Phegda X2226A/S2600CW, BIOS SE5C610.86B.01.01.0024.021320181901 02/13/2018 + task: ffff8a799ba0d140 ti: ffff8a799bad8000 task.ti: ffff8a799bad8000 + RIP: 0010:[] [] __queue_work+0x32/0x3e0 + RSP: 0018:ffff8a90dde43d80 EFLAGS: 00010046 + RAX: 0000000000000082 RBX: 0000000000000086 RCX: 0000000000000000 + RDX: ffff8a90b924fcb8 RSI: 0000000000000000 RDI: 000000000000001b + RBP: ffff8a90dde43db8 R08: ffff8a799ba0d6d8 R09: ffff8a90dde53900 + R10: 0000000000000002 R11: ffff8a90dde43de8 R12: ffff8a90b924fcb8 + R13: 000000000000001b R14: 0000000000000000 R15: ffff8a90d2890000 + FS: 0000000000000000(0000) GS:ffff8a90dde40000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 0000000000000102 CR3: 0000001a70410000 CR4: 00000000001607e0 + Call Trace: + [] queue_work_on+0x45/0x50 + [] _hfi1_schedule_send+0x6e/0xc0 [hfi1] + [] hfi1_schedule_send+0x32/0x70 [hfi1] + [] rvt_rc_timeout+0xe9/0x130 [rdmavt] + [] ? trigger_load_balance+0x6a/0x280 + [] ? rvt_free_qpn+0x40/0x40 [rdmavt] + [] call_timer_fn+0x38/0x110 + [] ? rvt_free_qpn+0x40/0x40 [rdmavt] + [] run_timer_softirq+0x24d/0x300 + [] __do_softirq+0xf5/0x280 + [] call_softirq+0x1c/0x30 + [] do_softirq+0x65/0xa0 + [] irq_exit+0x105/0x110 + [] smp_apic_timer_interrupt+0x48/0x60 + [] apic_timer_interrupt+0x162/0x170 + + [] ? cpuidle_enter_state+0x57/0xd0 + [] cpuidle_idle_call+0xde/0x230 + [] arch_cpu_idle+0xe/0xc0 + [] cpu_startup_entry+0x14a/0x1e0 + [] start_secondary+0x1f7/0x270 + [] start_cpu+0x5/0x14 + +The solution is to destroy the workqueue only when the hfi1 driver is +unloaded, not when the device is shut down. In addition, when the device +is shut down, no more work should be scheduled on the workqueues and the +workqueues are flushed. + +Fixes: 8d3e71136a08 ("IB/{hfi1, qib}: Add handling of kernel restart") +Link: https://lore.kernel.org/r/20200623204047.107638.77646.stgit@awfm-01.aw.intel.com +Cc: +Reviewed-by: Mike Marciniszyn +Signed-off-by: Kaike Wan +Signed-off-by: Dennis Dalessandro +Signed-off-by: Jason Gunthorpe +Acked-by: Thomas Bogendoerfer +--- + drivers/infiniband/hw/hfi1/init.c | 27 +++++++++++++++++++++++---- + drivers/infiniband/hw/hfi1/qp.c | 5 ++++- + 2 files changed, 27 insertions(+), 5 deletions(-) + +--- a/drivers/infiniband/hw/hfi1/init.c ++++ b/drivers/infiniband/hw/hfi1/init.c +@@ -837,6 +837,25 @@ wq_error: + } + + /** ++ * destroy_workqueues - destroy per port workqueues ++ * @dd: the hfi1_ib device ++ */ ++static void destroy_workqueues(struct hfi1_devdata *dd) ++{ ++ int pidx; ++ struct hfi1_pportdata *ppd; ++ ++ for (pidx = 0; pidx < dd->num_pports; ++pidx) { ++ ppd = dd->pport + pidx; ++ ++ if (ppd->hfi1_wq) { ++ destroy_workqueue(ppd->hfi1_wq); ++ ppd->hfi1_wq = NULL; ++ } ++ } ++} ++ ++/** + * enable_general_intr() - Enable the IRQs that will be handled by the + * general interrupt handler. + * @dd: valid devdata +@@ -1120,11 +1139,10 @@ static void shutdown_device(struct hfi1_ + */ + hfi1_quiet_serdes(ppd); + +- if (ppd->hfi1_wq) { +- destroy_workqueue(ppd->hfi1_wq); +- ppd->hfi1_wq = NULL; +- } ++ if (ppd->hfi1_wq) ++ flush_workqueue(ppd->hfi1_wq); + if (ppd->link_wq) { ++ flush_workqueue(ppd->link_wq); + destroy_workqueue(ppd->link_wq); + ppd->link_wq = NULL; + } +@@ -1829,6 +1847,7 @@ static void remove_one(struct pci_dev *p + * clear dma engines, etc. + */ + shutdown_device(dd); ++ destroy_workqueues(dd); + + stop_timers(dd); + +--- a/drivers/infiniband/hw/hfi1/qp.c ++++ b/drivers/infiniband/hw/hfi1/qp.c +@@ -365,7 +365,10 @@ bool _hfi1_schedule_send(struct rvt_qp * + struct hfi1_ibport *ibp = + to_iport(qp->ibqp.device, qp->port_num); + struct hfi1_pportdata *ppd = ppd_from_ibp(ibp); +- struct hfi1_devdata *dd = dd_from_ibdev(qp->ibqp.device); ++ struct hfi1_devdata *dd = ppd->dd; ++ ++ if (dd->flags & HFI1_SHUTDOWN) ++ return true; + + return iowait_schedule(&priv->s_iowait, ppd->hfi1_wq, + priv->s_sde ? diff --git a/patches.suse/IB-hfi1-Do-not-destroy-link_wq-when-the-device-is-sh.patch b/patches.suse/IB-hfi1-Do-not-destroy-link_wq-when-the-device-is-sh.patch new file mode 100644 index 0000000..17dbf00 --- /dev/null +++ b/patches.suse/IB-hfi1-Do-not-destroy-link_wq-when-the-device-is-sh.patch @@ -0,0 +1,51 @@ +From: Kaike Wan +Date: Tue, 23 Jun 2020 16:40:53 -0400 +Subject: IB/hfi1: Do not destroy link_wq when the device is shut down +Patch-mainline: v5.8-rc5 +Git-commit: 2315ec12ee8e8257bb335654c62e0cae71dc278d +References: bsc#1174409 + +The workqueue link_wq should only be destroyed when the hfi1 driver is +unloaded, not when the device is shut down. + +Fixes: 71d47008ca1b ("IB/hfi1: Create workqueue for link events") +Link: https://lore.kernel.org/r/20200623204053.107638.70315.stgit@awfm-01.aw.intel.com +Cc: +Reviewed-by: Mike Marciniszyn +Signed-off-by: Kaike Wan +Signed-off-by: Dennis Dalessandro +Signed-off-by: Jason Gunthorpe +Acked-by: Thomas Bogendoerfer +--- + drivers/infiniband/hw/hfi1/init.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/drivers/infiniband/hw/hfi1/init.c ++++ b/drivers/infiniband/hw/hfi1/init.c +@@ -852,6 +852,10 @@ static void destroy_workqueues(struct hf + destroy_workqueue(ppd->hfi1_wq); + ppd->hfi1_wq = NULL; + } ++ if (ppd->link_wq) { ++ destroy_workqueue(ppd->link_wq); ++ ppd->link_wq = NULL; ++ } + } + } + +@@ -1138,14 +1142,10 @@ static void shutdown_device(struct hfi1_ + * We can't count on interrupts since we are stopping. + */ + hfi1_quiet_serdes(ppd); +- + if (ppd->hfi1_wq) + flush_workqueue(ppd->hfi1_wq); +- if (ppd->link_wq) { ++ if (ppd->link_wq) + flush_workqueue(ppd->link_wq); +- destroy_workqueue(ppd->link_wq); +- ppd->link_wq = NULL; +- } + } + sdma_exit(dd); + } diff --git a/patches.suse/Input-i8042-add-Lenovo-XiaoXin-Air-12-to-i8042-nomux.patch b/patches.suse/Input-i8042-add-Lenovo-XiaoXin-Air-12-to-i8042-nomux.patch new file mode 100644 index 0000000..e7df0b1 --- /dev/null +++ b/patches.suse/Input-i8042-add-Lenovo-XiaoXin-Air-12-to-i8042-nomux.patch @@ -0,0 +1,43 @@ +From 17d51429da722cd8fc77a365a112f008abf4f8b3 Mon Sep 17 00:00:00 2001 +From: David Pedersen +Date: Mon, 6 Jul 2020 18:48:51 -0700 +Subject: [PATCH] Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list +Git-commit: 17d51429da722cd8fc77a365a112f008abf4f8b3 +Patch-mainline: v5.8-rc6 +References: bsc#1111666 + +This fixes two finger trackpad scroll on the Lenovo XiaoXin Air 12. +Without nomux, the trackpad behaves as if only one finger is present and +moves the cursor when trying to scroll. + +Signed-off-by: David Pedersen +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20200625133754.291325-1-limero1337@gmail.com +Signed-off-by: Dmitry Torokhov +Acked-by: Takashi Iwai + +--- + drivers/input/serio/i8042-x86ia64io.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h +index 7b08ff8ddf35..7d7f73702726 100644 +--- a/drivers/input/serio/i8042-x86ia64io.h ++++ b/drivers/input/serio/i8042-x86ia64io.h +@@ -425,6 +425,13 @@ static const struct dmi_system_id __initconst i8042_dmi_nomux_table[] = { + DMI_MATCH(DMI_PRODUCT_NAME, "076804U"), + }, + }, ++ { ++ /* Lenovo XiaoXin Air 12 */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "80UN"), ++ }, ++ }, + { + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Acer"), +-- +2.16.4 + diff --git a/patches.suse/PCI-AER-Remove-HEST-FIRMWARE_FIRST-parsing-for-AER-o.patch b/patches.suse/PCI-AER-Remove-HEST-FIRMWARE_FIRST-parsing-for-AER-o.patch new file mode 100644 index 0000000..0557538 --- /dev/null +++ b/patches.suse/PCI-AER-Remove-HEST-FIRMWARE_FIRST-parsing-for-AER-o.patch @@ -0,0 +1,286 @@ +From 708b2000362476c9c7a3571c0cc774dffb91836a Mon Sep 17 00:00:00 2001 +From: Kuppuswamy Sathyanarayanan +Date: Tue, 26 May 2020 16:18:29 -0700 +Subject: [PATCH] PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership +Git-commit: 708b2000362476c9c7a3571c0cc774dffb91836a +Patch-mainline: v5.8-rc1 +References: bsc#1174356 + +[ backport note: context changed to match with SLE15-SP1; especially this patch + removes the remaining (stale) aerdrv_acpi.c code completely and adjusts + Makefile as well -- tiwai ] + +Commit c100beb9ccfb ("PCI/AER: Use only _OSC to determine AER ownership") +removed the use of HEST in determining AER ownership, but the AER driver +still used HEST to verify AER ownership in some of its APIs. + +Per the ACPI spec v6.3, sec 18.3.2.4, some HEST table entries contain a +FIRMWARE_FIRST bit, but that bit does not tell us anything about ownership +of the AER capability. + +Remove parsing of HEST to look for FIRMWARE_FIRST. + +Add pcie_aer_is_native() for the places that need to know whether the OS +owns the AER capability. + +[bhelgaas: commit log, reorder patch, remove unused __aer_firmware_first] +Link: https://lore.kernel.org/r/9a37f53a4e6ff4942ff8e18dbb20b00e16c47341.1590534843.git.sathyanarayanan.kuppuswamy@linux.intel.com +Signed-off-by: Kuppuswamy Sathyanarayanan +Signed-off-by: Bjorn Helgaas +Acked-by: Takashi Iwai + +--- + drivers/pci/pcie/aer/Makefile | 1 + drivers/pci/pcie/aer/aerdrv_acpi.c | 120 ------------------------------------- + drivers/pci/pcie/aer/aerdrv_core.c | 21 ++++-- + drivers/pci/pcie/dpc.c | 2 + drivers/pci/pcie/portdrv.h | 13 ---- + include/linux/pci.h | 2 + 6 files changed, 17 insertions(+), 142 deletions(-) + +--- a/drivers/pci/pcie/aer/aerdrv_acpi.c ++++ /dev/null +@@ -1,120 +0,0 @@ +-/* +- * Access ACPI _OSC method +- * +- * Copyright (C) 2006 Intel Corp. +- * Tom Long Nguyen (tom.l.nguyen@intel.com) +- * Zhang Yanmin (yanmin.zhang@intel.com) +- * +- */ +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include "aerdrv.h" +- +-#ifdef CONFIG_ACPI_APEI +-static inline int hest_match_pci(struct acpi_hest_aer_common *p, +- struct pci_dev *pci) +-{ +- return ACPI_HEST_SEGMENT(p->bus) == pci_domain_nr(pci->bus) && +- ACPI_HEST_BUS(p->bus) == pci->bus->number && +- p->device == PCI_SLOT(pci->devfn) && +- p->function == PCI_FUNC(pci->devfn); +-} +- +-static inline bool hest_match_type(struct acpi_hest_header *hest_hdr, +- struct pci_dev *dev) +-{ +- u16 hest_type = hest_hdr->type; +- u8 pcie_type = pci_pcie_type(dev); +- +- if ((hest_type == ACPI_HEST_TYPE_AER_ROOT_PORT && +- pcie_type == PCI_EXP_TYPE_ROOT_PORT) || +- (hest_type == ACPI_HEST_TYPE_AER_ENDPOINT && +- pcie_type == PCI_EXP_TYPE_ENDPOINT) || +- (hest_type == ACPI_HEST_TYPE_AER_BRIDGE && +- (dev->class >> 16) == PCI_BASE_CLASS_BRIDGE)) +- return true; +- return false; +-} +- +-struct aer_hest_parse_info { +- struct pci_dev *pci_dev; +- int firmware_first; +-}; +- +-static int hest_source_is_pcie_aer(struct acpi_hest_header *hest_hdr) +-{ +- if (hest_hdr->type == ACPI_HEST_TYPE_AER_ROOT_PORT || +- hest_hdr->type == ACPI_HEST_TYPE_AER_ENDPOINT || +- hest_hdr->type == ACPI_HEST_TYPE_AER_BRIDGE) +- return 1; +- return 0; +-} +- +-static int aer_hest_parse(struct acpi_hest_header *hest_hdr, void *data) +-{ +- struct aer_hest_parse_info *info = data; +- struct acpi_hest_aer_common *p; +- int ff; +- +- if (!hest_source_is_pcie_aer(hest_hdr)) +- return 0; +- +- p = (struct acpi_hest_aer_common *)(hest_hdr + 1); +- ff = !!(p->flags & ACPI_HEST_FIRMWARE_FIRST); +- +- /* +- * If no specific device is supplied, determine whether +- * FIRMWARE_FIRST is set for *any* PCIe device. +- */ +- if (!info->pci_dev) { +- info->firmware_first |= ff; +- return 0; +- } +- +- /* Otherwise, check the specific device */ +- if (p->flags & ACPI_HEST_GLOBAL) { +- if (hest_match_type(hest_hdr, info->pci_dev)) +- info->firmware_first = ff; +- } else +- if (hest_match_pci(p, info->pci_dev)) +- info->firmware_first = ff; +- +- return 0; +-} +- +-static void aer_set_firmware_first(struct pci_dev *pci_dev) +-{ +- int rc; +- struct aer_hest_parse_info info = { +- .pci_dev = pci_dev, +- .firmware_first = 0, +- }; +- +- rc = apei_hest_parse(aer_hest_parse, &info); +- +- if (rc) +- pci_dev->__aer_firmware_first = 0; +- else +- pci_dev->__aer_firmware_first = info.firmware_first; +- pci_dev->__aer_firmware_first_valid = 1; +-} +- +-int pcie_aer_get_firmware_first(struct pci_dev *dev) +-{ +- if (!pci_is_pcie(dev)) +- return 0; +- +- if (!dev->__aer_firmware_first_valid) +- aer_set_firmware_first(dev); +- return dev->__aer_firmware_first; +-} +-#endif +--- a/drivers/pci/pcie/dpc.c ++++ b/drivers/pci/pcie/dpc.c +@@ -246,7 +246,7 @@ static int dpc_probe(struct pcie_device + int status; + u16 ctl, cap; + +- if (pcie_aer_get_firmware_first(pdev)) ++ if (!pcie_aer_is_native(pdev)) + return -ENOTSUPP; + + dpc = devm_kzalloc(device, sizeof(*dpc), GFP_KERNEL); +--- a/drivers/pci/pcie/portdrv.h ++++ b/drivers/pci/pcie/portdrv.h +@@ -27,8 +27,10 @@ + + #ifdef CONFIG_PCIEAER + int pcie_aer_init(void); ++int pcie_aer_is_native(struct pci_dev *dev); + #else + static inline int pcie_aer_init(void) { return 0; } ++static inline int pcie_aer_is_native(struct pci_dev *dev) { return 0; } + #endif + + #ifdef CONFIG_HOTPLUG_PCI_PCIE +@@ -154,17 +156,6 @@ static inline bool pcie_pme_no_msi(void) + static inline void pcie_pme_interrupt_enable(struct pci_dev *dev, bool en) {} + #endif /* !CONFIG_PCIE_PME */ + +-#ifdef CONFIG_ACPI_APEI +-int pcie_aer_get_firmware_first(struct pci_dev *pci_dev); +-#else +-static inline int pcie_aer_get_firmware_first(struct pci_dev *pci_dev) +-{ +- if (pci_dev->__aer_firmware_first_valid) +- return pci_dev->__aer_firmware_first; +- return 0; +-} +-#endif +- + struct pcie_port_service_driver *pcie_port_find_service(struct pci_dev *dev, + u32 service); + struct device *pcie_port_find_device(struct pci_dev *dev, u32 service); +--- a/include/linux/pci.h ++++ b/include/linux/pci.h +@@ -408,8 +408,6 @@ struct pci_dev { + * mappings to make sure they cannot access arbitrary memory. + */ + unsigned int untrusted:1; +- unsigned int __aer_firmware_first_valid:1; +- unsigned int __aer_firmware_first:1; + unsigned int broken_intx_masking:1; + unsigned int io_window_1k:1; /* Intel P2P bridge 1K I/O windows */ + unsigned int irq_managed:1; +--- a/drivers/pci/pcie/aer/aerdrv_core.c ++++ b/drivers/pci/pcie/aer/aerdrv_core.c +@@ -31,12 +31,19 @@ + #define PCI_EXP_AER_FLAGS (PCI_EXP_DEVCTL_CERE | PCI_EXP_DEVCTL_NFERE | \ + PCI_EXP_DEVCTL_FERE | PCI_EXP_DEVCTL_URRE) + +-int pci_enable_pcie_error_reporting(struct pci_dev *dev) ++int pcie_aer_is_native(struct pci_dev *dev) + { +- if (pcie_aer_get_firmware_first(dev)) +- return -EIO; ++ struct pci_host_bridge *host = pci_find_host_bridge(dev->bus); + + if (!dev->aer_cap) ++ return 0; ++ ++ return pcie_ports_native || host->native_aer; ++} ++ ++int pci_enable_pcie_error_reporting(struct pci_dev *dev) ++{ ++ if (!pcie_aer_is_native(dev)) + return -EIO; + + return pcie_capability_set_word(dev, PCI_EXP_DEVCTL, PCI_EXP_AER_FLAGS); +@@ -45,7 +52,7 @@ EXPORT_SYMBOL_GPL(pci_enable_pcie_error_ + + int pci_disable_pcie_error_reporting(struct pci_dev *dev) + { +- if (pcie_aer_get_firmware_first(dev)) ++ if (!pcie_aer_is_native(dev)) + return -EIO; + + return pcie_capability_clear_word(dev, PCI_EXP_DEVCTL, +@@ -70,7 +77,7 @@ int pci_cleanup_aer_uncorrect_error_stat + if (!pos) + return -EIO; + +- if (pcie_aer_get_firmware_first(dev)) ++ if (!pcie_aer_is_native(dev)) + return -EIO; + + /* Clear status bits for ERR_NONFATAL errors only */ +@@ -93,7 +100,7 @@ void pci_aer_clear_fatal_status(struct p + if (!pos) + return; + +- if (pcie_aer_get_firmware_first(dev)) ++ if (!pcie_aer_is_native(dev)) + return; + + /* Clear status bits for ERR_FATAL errors only */ +@@ -117,7 +124,7 @@ int pci_cleanup_aer_error_status_regs(st + if (!pos) + return -EIO; + +- if (pcie_aer_get_firmware_first(dev)) ++ if (!pcie_aer_is_native(dev)) + return -EIO; + + port_type = pci_pcie_type(dev); +--- a/drivers/pci/pcie/aer/Makefile ++++ b/drivers/pci/pcie/aer/Makefile +@@ -7,6 +7,5 @@ obj-$(CONFIG_PCIEAER) += aerdriver.o + obj-$(CONFIG_PCIE_ECRC) += ecrc.o + + aerdriver-objs := aerdrv_errprint.o aerdrv_core.o aerdrv.o +-aerdriver-$(CONFIG_ACPI) += aerdrv_acpi.o + + obj-$(CONFIG_PCIEAER_INJECT) += aer_inject.o diff --git a/patches.suse/PCI-AER-Use-only-_OSC-to-determine-AER-ownership.patch b/patches.suse/PCI-AER-Use-only-_OSC-to-determine-AER-ownership.patch new file mode 100644 index 0000000..613ba8c --- /dev/null +++ b/patches.suse/PCI-AER-Use-only-_OSC-to-determine-AER-ownership.patch @@ -0,0 +1,125 @@ +From c100beb9ccfb98e2474586a4006483cbf770c823 Mon Sep 17 00:00:00 2001 +From: Alexandru Gagniuc +Date: Mon, 27 Apr 2020 18:25:13 -0500 +Subject: [PATCH] PCI/AER: Use only _OSC to determine AER ownership +Git-commit: c100beb9ccfb98e2474586a4006483cbf770c823 +Patch-mainline: v5.8-rc1 +References: bsc#1174356 + +Per the PCI Firmware spec, r3.2, sec 4.5.1, the OS can request control of +AER via bit 3 of the _OSC Control Field. In the returned value of the +Control Field: + + The firmware sets [bit 3] to 1 to grant control over PCI Express Advanced + Error Reporting. ... after control is transferred to the operating + system, firmware must not modify the Advanced Error Reporting Capability. + If control of this feature was requested and denied or was not requested, + firmware returns this bit set to 0. + +Previously the pci_root driver looked at the HEST FIRMWARE_FIRST bit to +determine whether to request ownership of the AER Capability. This was +based on ACPI spec v6.3, sec 18.3.2.4, and similar sections, which say +things like: + + Bit [0] - FIRMWARE_FIRST: If set, indicates that system firmware will + handle errors from this source first. + + Bit [1] - GLOBAL: If set, indicates that the settings contained in this + structure apply globally to all PCI Express Devices. + +These ACPI references don't say anything about ownership of the AER +Capability. + +Remove use of the FIRMWARE_FIRST bit and rely only on the _OSC bit to +determine whether we have control of the AER Capability. + +Link: https://lore.kernel.org/r/20181115231605.24352-1-mr.nuke.me@gmail.com/ v1 +Link: https://lore.kernel.org/r/20190326172343.28946-1-mr.nuke.me@gmail.com/ v2 +Link: https://lore.kernel.org/r/67af2931705bed9a588b5a39d369cb70b9942190.1587925636.git.sathyanarayanan.kuppuswamy@linux.intel.com +[bhelgaas: commit log, note: Alex posted this identical patch 18 months +ago, and I failed to apply it then, so I made him the author, added links +to his postings, and added his Signed-off-by] + +Signed-off-by: Alexandru Gagniuc +Signed-off-by: Kuppuswamy Sathyanarayanan +Signed-off-by: Bjorn Helgaas +Reviewed-by: Jon Derrick +Acked-by: Takashi Iwai + +--- + drivers/acpi/pci_root.c | 9 ++------- + drivers/pci/pcie/aer/aerdrv.c | 2 +- + drivers/pci/pcie/aer/aerdrv_acpi.c | 21 --------------------- + include/linux/pci-acpi.h | 6 ------ + 4 files changed, 3 insertions(+), 35 deletions(-) + +--- a/drivers/acpi/pci_root.c ++++ b/drivers/acpi/pci_root.c +@@ -485,13 +485,8 @@ static void negotiate_os_control(struct + if (IS_ENABLED(CONFIG_HOTPLUG_PCI_SHPC)) + control |= OSC_PCI_SHPC_NATIVE_HP_CONTROL; + +- if (pci_aer_available()) { +- if (aer_acpi_firmware_first()) +- dev_info(&device->dev, +- "PCIe AER handled by firmware\n"); +- else +- control |= OSC_PCI_EXPRESS_AER_CONTROL; +- } ++ if (pci_aer_available()) ++ control |= OSC_PCI_EXPRESS_AER_CONTROL; + + requested = control; + status = acpi_pci_osc_control_set(handle, &control, +--- a/drivers/pci/pcie/aer/aerdrv_acpi.c ++++ b/drivers/pci/pcie/aer/aerdrv_acpi.c +@@ -117,25 +117,4 @@ int pcie_aer_get_firmware_first(struct p + aer_set_firmware_first(dev); + return dev->__aer_firmware_first; + } +- +-static bool aer_firmware_first; +- +-/** +- * aer_acpi_firmware_first - Check if APEI should control AER. +- */ +-bool aer_acpi_firmware_first(void) +-{ +- static bool parsed = false; +- struct aer_hest_parse_info info = { +- .pci_dev = NULL, /* Check all PCIe devices */ +- .firmware_first = 0, +- }; +- +- if (!parsed) { +- apei_hest_parse(aer_hest_parse, &info); +- aer_firmware_first = info.firmware_first; +- parsed = true; +- } +- return aer_firmware_first; +-} + #endif +--- a/include/linux/pci-acpi.h ++++ b/include/linux/pci-acpi.h +@@ -116,10 +116,4 @@ static inline void acpi_pci_add_bus(stru + static inline void acpi_pci_remove_bus(struct pci_bus *bus) { } + #endif /* CONFIG_ACPI */ + +-#ifdef CONFIG_ACPI_APEI +-extern bool aer_acpi_firmware_first(void); +-#else +-static inline bool aer_acpi_firmware_first(void) { return false; } +-#endif +- + #endif /* _PCI_ACPI_H_ */ +--- a/drivers/pci/pcie/aer/aerdrv.c ++++ b/drivers/pci/pcie/aer/aerdrv.c +@@ -359,7 +359,7 @@ static void aer_error_resume(struct pci_ + */ + int __init pcie_aer_init(void) + { +- if (!pci_aer_available() || aer_acpi_firmware_first()) ++ if (!pci_aer_available()) + return -ENXIO; + return pcie_port_service_register(&aerdriver); + } diff --git a/patches.suse/USB-serial-ch341-add-new-Product-ID-for-CH340.patch b/patches.suse/USB-serial-ch341-add-new-Product-ID-for-CH340.patch new file mode 100644 index 0000000..ace852b --- /dev/null +++ b/patches.suse/USB-serial-ch341-add-new-Product-ID-for-CH340.patch @@ -0,0 +1,42 @@ +From 5d0136f8e79f8287e6a36780601f0ce797cf11c2 Mon Sep 17 00:00:00 2001 +From: Igor Moura +Date: Tue, 23 Jun 2020 05:11:11 -0300 +Subject: [PATCH] USB: serial: ch341: add new Product ID for CH340 +Git-commit: 5d0136f8e79f8287e6a36780601f0ce797cf11c2 +Patch-mainline: v5.8-rc6 +References: bsc#1111666 + +Add PID for CH340 that's found on some ESP8266 dev boards made by +LilyGO. The specific device that contains such serial converter can be +seen here: https://github.com/LilyGO/LILYGO-T-OI. + +Apparently, it's a regular CH340, but I've confirmed with others that +also bought this board that the PID found on this device (0x7522) +differs from other devices with the "same" converter (0x7523). +Simply adding its PID to the driver and rebuilding it made it work +as expected. + +Signed-off-by: Igor Moura +Cc: stable@vger.kernel.org +Signed-off-by: Johan Hovold +Acked-by: Takashi Iwai + +--- + drivers/usb/serial/ch341.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/usb/serial/ch341.c b/drivers/usb/serial/ch341.c +index 89675ee29645..8fbaef5c9d69 100644 +--- a/drivers/usb/serial/ch341.c ++++ b/drivers/usb/serial/ch341.c +@@ -77,6 +77,7 @@ + + static const struct usb_device_id id_table[] = { + { USB_DEVICE(0x4348, 0x5523) }, ++ { USB_DEVICE(0x1a86, 0x7522) }, + { USB_DEVICE(0x1a86, 0x7523) }, + { USB_DEVICE(0x1a86, 0x5523) }, + { }, +-- +2.16.4 + diff --git a/patches.suse/USB-serial-cypress_m8-enable-Simply-Automated-UPB-PI.patch b/patches.suse/USB-serial-cypress_m8-enable-Simply-Automated-UPB-PI.patch new file mode 100644 index 0000000..80cee33 --- /dev/null +++ b/patches.suse/USB-serial-cypress_m8-enable-Simply-Automated-UPB-PI.patch @@ -0,0 +1,82 @@ +From 5c45d04c5081c1830d674f4d22d4400ea2083afe Mon Sep 17 00:00:00 2001 +From: James Hilliard +Date: Tue, 16 Jun 2020 16:04:03 -0600 +Subject: [PATCH] USB: serial: cypress_m8: enable Simply Automated UPB PIM +Git-commit: 5c45d04c5081c1830d674f4d22d4400ea2083afe +Patch-mainline: v5.8-rc6 +References: bsc#1111666 + +This is a UPB (Universal Powerline Bus) PIM (Powerline Interface Module) +which allows for controlling multiple UPB compatible devices from Linux +using the standard serial interface. + +Based on vendor application source code there are two different models +of USB based PIM devices in addition to a number of RS232 based PIM's. + +The vendor UPB application source contains the following USB ID's: + + #define USB_PCS_VENDOR_ID 0x04b4 + #define USB_PCS_PIM_PRODUCT_ID 0x5500 + + #define USB_SAI_VENDOR_ID 0x17dd + #define USB_SAI_PIM_PRODUCT_ID 0x5500 + +The first set of ID's correspond to the PIM variant sold by Powerline +Control Systems while the second corresponds to the Simply Automated +Incorporated PIM. As the product ID for both of these match the default +cypress HID->COM RS232 product ID it assumed that they both use an +internal variant of this HID->COM RS232 converter hardware. However +as the vendor ID for the Simply Automated variant is different we need +to also add it to the cypress_M8 driver so that it is properly +detected. + +Signed-off-by: James Hilliard +Link: https://lore.kernel.org/r/20200616220403.1807003-1-james.hilliard1@gmail.com +Cc: stable@vger.kernel.org +[ johan: amend VID define entry ] + +Signed-off-by: Johan Hovold +Acked-by: Takashi Iwai + +--- + drivers/usb/serial/cypress_m8.c | 2 ++ + drivers/usb/serial/cypress_m8.h | 3 +++ + 2 files changed, 5 insertions(+) + +diff --git a/drivers/usb/serial/cypress_m8.c b/drivers/usb/serial/cypress_m8.c +index 216edd5826ca..ecda82198798 100644 +--- a/drivers/usb/serial/cypress_m8.c ++++ b/drivers/usb/serial/cypress_m8.c +@@ -59,6 +59,7 @@ static const struct usb_device_id id_table_earthmate[] = { + + static const struct usb_device_id id_table_cyphidcomrs232[] = { + { USB_DEVICE(VENDOR_ID_CYPRESS, PRODUCT_ID_CYPHIDCOM) }, ++ { USB_DEVICE(VENDOR_ID_SAI, PRODUCT_ID_CYPHIDCOM) }, + { USB_DEVICE(VENDOR_ID_POWERCOM, PRODUCT_ID_UPS) }, + { USB_DEVICE(VENDOR_ID_FRWD, PRODUCT_ID_CYPHIDCOM_FRWD) }, + { } /* Terminating entry */ +@@ -73,6 +74,7 @@ static const struct usb_device_id id_table_combined[] = { + { USB_DEVICE(VENDOR_ID_DELORME, PRODUCT_ID_EARTHMATEUSB) }, + { USB_DEVICE(VENDOR_ID_DELORME, PRODUCT_ID_EARTHMATEUSB_LT20) }, + { USB_DEVICE(VENDOR_ID_CYPRESS, PRODUCT_ID_CYPHIDCOM) }, ++ { USB_DEVICE(VENDOR_ID_SAI, PRODUCT_ID_CYPHIDCOM) }, + { USB_DEVICE(VENDOR_ID_POWERCOM, PRODUCT_ID_UPS) }, + { USB_DEVICE(VENDOR_ID_FRWD, PRODUCT_ID_CYPHIDCOM_FRWD) }, + { USB_DEVICE(VENDOR_ID_DAZZLE, PRODUCT_ID_CA42) }, +diff --git a/drivers/usb/serial/cypress_m8.h b/drivers/usb/serial/cypress_m8.h +index 35e223751c0e..16b7410ad057 100644 +--- a/drivers/usb/serial/cypress_m8.h ++++ b/drivers/usb/serial/cypress_m8.h +@@ -25,6 +25,9 @@ + #define VENDOR_ID_CYPRESS 0x04b4 + #define PRODUCT_ID_CYPHIDCOM 0x5500 + ++/* Simply Automated HID->COM UPB PIM (using Cypress PID 0x5500) */ ++#define VENDOR_ID_SAI 0x17dd ++ + /* FRWD Dongle - a GPS sports watch */ + #define VENDOR_ID_FRWD 0x6737 + #define PRODUCT_ID_CYPHIDCOM_FRWD 0x0001 +-- +2.16.4 + diff --git a/patches.suse/USB-serial-option-add-GosunCn-GM500-series.patch b/patches.suse/USB-serial-option-add-GosunCn-GM500-series.patch new file mode 100644 index 0000000..53b4d0e --- /dev/null +++ b/patches.suse/USB-serial-option-add-GosunCn-GM500-series.patch @@ -0,0 +1,71 @@ +From 08d4ef5cc9203a113702f24725f6cf4db476c958 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rgen=20Storvist?= +Date: Tue, 23 Jun 2020 00:13:59 +0200 +Subject: [PATCH] USB: serial: option: add GosunCn GM500 series +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 08d4ef5cc9203a113702f24725f6cf4db476c958 +Patch-mainline: v5.8-rc6 +References: bsc#1111666 + +Add USB IDs for GosunCn GM500 series cellular modules. + +RNDIS config: +usb-devices +T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 12 Spd=480 MxCh= 0 +D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 +P: Vendor=305a ProdID=1404 Rev=03.18 +S: Manufacturer=Android +S: Product=Android +S: SerialNumber= +C: #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA +I: If#=0x0 Alt= 0 #EPs= 1 Cls=e0(wlcon) Sub=01 Prot=03 Driver=rndis_host +I: If#=0x1 Alt= 0 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=rndis_host +I: If#=0x2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option +I: If#=0x3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option +I: If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option + +MBIM config: +usb-devices +T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 11 Spd=480 MxCh= 0 +P: Vendor=305a ProdID=1405 Rev=03.18 +I: If#=0x0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option +I: If#=0x1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option +I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option +I: If#=0x3 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim +I: If#=0x4 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim + +ECM config: +usb-devices +T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 13 Spd=480 MxCh= 0 +P: Vendor=305a ProdID=1406 Rev=03.18 +I: If#=0x3 Alt= 0 #EPs= 1 Cls=02(commc) Sub=06 Prot=00 Driver=cdc_ether +I: If#=0x4 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether + +Signed-off-by: Jörgen Storvist +Cc: stable@vger.kernel.org +Signed-off-by: Johan Hovold +Acked-by: Takashi Iwai + +--- + drivers/usb/serial/option.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c +index 254a8bbeea67..ef52841537dd 100644 +--- a/drivers/usb/serial/option.c ++++ b/drivers/usb/serial/option.c +@@ -2028,6 +2028,9 @@ static const struct usb_device_id option_ids[] = { + .driver_info = RSVD(4) | RSVD(5) }, + { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x0105, 0xff), /* Fibocom NL678 series */ + .driver_info = RSVD(6) }, ++ { USB_DEVICE_INTERFACE_CLASS(0x305a, 0x1404, 0xff) }, /* GosunCn GM500 RNDIS */ ++ { USB_DEVICE_INTERFACE_CLASS(0x305a, 0x1405, 0xff) }, /* GosunCn GM500 MBIM */ ++ { USB_DEVICE_INTERFACE_CLASS(0x305a, 0x1406, 0xff) }, /* GosunCn GM500 ECM/NCM */ + { } /* Terminating entry */ + }; + MODULE_DEVICE_TABLE(usb, option_ids); +-- +2.16.4 + diff --git a/patches.suse/USB-serial-option-add-Quectel-EG95-LTE-modem.patch b/patches.suse/USB-serial-option-add-Quectel-EG95-LTE-modem.patch new file mode 100644 index 0000000..7194e95 --- /dev/null +++ b/patches.suse/USB-serial-option-add-Quectel-EG95-LTE-modem.patch @@ -0,0 +1,55 @@ +From da6902e5b6dbca9081e3d377f9802d4fd0c5ea59 Mon Sep 17 00:00:00 2001 +From: AceLan Kao +Date: Tue, 7 Jul 2020 16:15:53 +0800 +Subject: [PATCH] USB: serial: option: add Quectel EG95 LTE modem +Git-commit: da6902e5b6dbca9081e3d377f9802d4fd0c5ea59 +Patch-mainline: v5.8-rc6 +References: bsc#1111666 + +Add support for Quectel Wireless Solutions Co., Ltd. EG95 LTE modem + +T: Bus=01 Lev=01 Prnt=01 Port=02 Cnt=02 Dev#= 5 Spd=480 MxCh= 0 +D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1 +P: Vendor=2c7c ProdID=0195 Rev=03.18 +S: Manufacturer=Android +S: Product=Android +C: #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA +I: If#=0x0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) +I: If#=0x1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) +I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) +I: If#=0x3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) +I: If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) + +Signed-off-by: AceLan Kao +Cc: stable@vger.kernel.org +Signed-off-by: Johan Hovold +Acked-by: Takashi Iwai + +--- + drivers/usb/serial/option.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c +index ef52841537dd..9b7cee98ea60 100644 +--- a/drivers/usb/serial/option.c ++++ b/drivers/usb/serial/option.c +@@ -245,6 +245,7 @@ static void option_instat_callback(struct urb *urb); + /* These Quectel products use Quectel's vendor ID */ + #define QUECTEL_PRODUCT_EC21 0x0121 + #define QUECTEL_PRODUCT_EC25 0x0125 ++#define QUECTEL_PRODUCT_EG95 0x0195 + #define QUECTEL_PRODUCT_BG96 0x0296 + #define QUECTEL_PRODUCT_EP06 0x0306 + #define QUECTEL_PRODUCT_EM12 0x0512 +@@ -1097,6 +1098,8 @@ static const struct usb_device_id option_ids[] = { + .driver_info = RSVD(4) }, + { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EC25), + .driver_info = RSVD(4) }, ++ { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EG95), ++ .driver_info = RSVD(4) }, + { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_BG96), + .driver_info = RSVD(4) }, + { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0xff, 0xff), +-- +2.16.4 + diff --git a/patches.suse/btrfs-Always-use-a-cached-extent_state-in-btrfs_lock.patch b/patches.suse/btrfs-Always-use-a-cached-extent_state-in-btrfs_lock.patch new file mode 100644 index 0000000..b6f85c6 --- /dev/null +++ b/patches.suse/btrfs-Always-use-a-cached-extent_state-in-btrfs_lock.patch @@ -0,0 +1,60 @@ +From: Nikolay Borisov +Date: Tue, 7 May 2019 10:19:24 +0300 +Git-commit: bd80d94efb83acd67d48f9f3f07483c8306085aa +Patch-mainline: 5.3 +References: bsc#1174438 +Subject: [PATCH] btrfs: Always use a cached extent_state in + btrfs_lock_and_flush_ordered_range + +In case no cached_state argument is passed to +btrfs_lock_and_flush_ordered_range use one locally in the function. This +optimises the case when an ordered extent is found since the unlock +function will be able to unlock that state directly without searching +for it again. + +Reviewed-by: Josef Bacik +Signed-off-by: Nikolay Borisov +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Filipe Manana +--- + fs/btrfs/ordered-data.c | 18 +++++++++++++++--- + 1 file changed, 15 insertions(+), 3 deletions(-) + +diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c +index f8324f63571d..1b50811b37d0 100644 +--- a/fs/btrfs/ordered-data.c ++++ b/fs/btrfs/ordered-data.c +@@ -1166,14 +1166,26 @@ void btrfs_lock_and_flush_ordered_range(struct extent_io_tree *tree, + struct extent_state **cached_state) + { + struct btrfs_ordered_extent *ordered; ++ struct extent_state *cachedp = NULL; ++ ++ if (cached_state) ++ cachedp = *cached_state; + + while (1) { +- lock_extent_bits(tree, start, end, cached_state); ++ lock_extent_bits(tree, start, end, &cachedp); + ordered = btrfs_lookup_ordered_range(inode, start, + end - start + 1); +- if (!ordered) ++ if (!ordered) { ++ /* ++ * If no external cached_state has been passed then ++ * decrement the extra ref taken for cachedp since we ++ * aren't exposing it outside of this function ++ */ ++ if (!cached_state) ++ refcount_dec(&cachedp->refs); + break; +- unlock_extent_cached(tree, start, end, cached_state, GFP_NOFS); ++ } ++ unlock_extent_cached(tree, start, end, &cachedp, GFP_NOFS); + btrfs_start_ordered_extent(&inode->vfs_inode, ordered, 1); + btrfs_put_ordered_extent(ordered); + } +-- +2.26.2 + diff --git a/patches.suse/btrfs-Return-EAGAIN-if-we-can-t-start-no-snpashot-wr.patch b/patches.suse/btrfs-Return-EAGAIN-if-we-can-t-start-no-snpashot-wr.patch new file mode 100644 index 0000000..ee5bdd6 --- /dev/null +++ b/patches.suse/btrfs-Return-EAGAIN-if-we-can-t-start-no-snpashot-wr.patch @@ -0,0 +1,39 @@ +From: Nikolay Borisov +Date: Tue, 7 May 2019 10:23:46 +0300 +Git-commit: 5f791ec31f535f62a2dc06b37c3a69e5e268b5db +Patch-mainline: 5.3 +References: bsc#1174438 +Subject: [PATCH] btrfs: Return EAGAIN if we can't start no snpashot + write in check_can_nocow + +The first thing code does in check_can_nocow is trying to block +concurrent snapshots. If this fails (due to snpashot already being in +progress) the function returns ENOSPC which makes no sense. Instead +return EAGAIN. Despite this return value not being propagated to callers +it's good practice to return the closest in terms of semantics error +code. No functional changes. + +Signed-off-by: Nikolay Borisov +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Filipe Manana +--- + fs/btrfs/file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c +index cdc998eb5ac1..5711d6851b63 100644 +--- a/fs/btrfs/file.c ++++ b/fs/btrfs/file.c +@@ -1557,7 +1557,7 @@ static noinline int check_can_nocow(struct btrfs_inode *inode, loff_t pos, + + ret = btrfs_start_write_no_snapshoting(root); + if (!ret) +- return -ENOSPC; ++ return -EAGAIN; + + lockstart = round_down(pos, fs_info->sectorsize); + lockend = round_up(pos + *write_bytes, +-- +2.26.2 + diff --git a/patches.suse/btrfs-Use-newly-introduced-btrfs_lock_and_flush_orde.patch b/patches.suse/btrfs-Use-newly-introduced-btrfs_lock_and_flush_orde.patch new file mode 100644 index 0000000..f03a9eb --- /dev/null +++ b/patches.suse/btrfs-Use-newly-introduced-btrfs_lock_and_flush_orde.patch @@ -0,0 +1,139 @@ +From: Nikolay Borisov +Date: Tue, 7 May 2019 10:19:23 +0300 +Git-commit: 23d31bd476d1d096d0f073483547872ec155ab34 +Patch-mainline: 5.3 +References: bsc#1174438 +Subject: [PATCH] btrfs: Use newly introduced + btrfs_lock_and_flush_ordered_range + +There several functions which open code +btrfs_lock_and_flush_ordered_range, just replace them with a call to the +function. No functional changes. + +Reviewed-by: Josef Bacik +Signed-off-by: Nikolay Borisov +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Filipe Manana +--- + fs/btrfs/extent_io.c | 29 ++++------------------------- + fs/btrfs/file.c | 14 ++------------ + fs/btrfs/inode.c | 17 ++--------------- + 3 files changed, 8 insertions(+), 52 deletions(-) + +diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c +index 5843bec614a4..7fc8d3e5e892 100644 +--- a/fs/btrfs/extent_io.c ++++ b/fs/btrfs/extent_io.c +@@ -3172,21 +3172,10 @@ static inline void __do_contiguous_readpages(struct extent_io_tree *tree, + unsigned long *bio_flags, + u64 *prev_em_start) + { +- struct inode *inode; +- struct btrfs_ordered_extent *ordered; ++ struct btrfs_inode *inode = BTRFS_I(pages[0]->mapping->host); + int index; + +- inode = pages[0]->mapping->host; +- while (1) { +- lock_extent(tree, start, end); +- ordered = btrfs_lookup_ordered_range(BTRFS_I(inode), start, +- end - start + 1); +- if (!ordered) +- break; +- unlock_extent(tree, start, end); +- btrfs_start_ordered_extent(inode, ordered, 1); +- btrfs_put_ordered_extent(ordered); +- } ++ btrfs_lock_and_flush_ordered_range(tree, inode, start, end, NULL); + + for (index = 0; index < nr_pages; index++) { + __do_readpage(tree, pages[index], get_extent, em_cached, bio, +@@ -3241,22 +3230,12 @@ static int __extent_read_full_page(struct extent_io_tree *tree, + struct bio **bio, int mirror_num, + unsigned long *bio_flags, int read_flags) + { +- struct inode *inode = page->mapping->host; +- struct btrfs_ordered_extent *ordered; ++ struct btrfs_inode *inode = BTRFS_I(page->mapping->host); + u64 start = page_offset(page); + u64 end = start + PAGE_SIZE - 1; + int ret; + +- while (1) { +- lock_extent(tree, start, end); +- ordered = btrfs_lookup_ordered_range(BTRFS_I(inode), start, +- PAGE_SIZE); +- if (!ordered) +- break; +- unlock_extent(tree, start, end); +- btrfs_start_ordered_extent(inode, ordered, 1); +- btrfs_put_ordered_extent(ordered); +- } ++ btrfs_lock_and_flush_ordered_range(tree, inode, start, end, NULL); + + ret = __do_readpage(tree, page, get_extent, NULL, bio, mirror_num, + bio_flags, read_flags, NULL); +diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c +index e6b87d753df1..cdc998eb5ac1 100644 +--- a/fs/btrfs/file.c ++++ b/fs/btrfs/file.c +@@ -1551,7 +1551,6 @@ static noinline int check_can_nocow(struct btrfs_inode *inode, loff_t pos, + { + struct btrfs_fs_info *fs_info = btrfs_sb(inode->vfs_inode.i_sb); + struct btrfs_root *root = inode->root; +- struct btrfs_ordered_extent *ordered; + u64 lockstart, lockend; + u64 num_bytes; + int ret; +@@ -1564,17 +1563,8 @@ static noinline int check_can_nocow(struct btrfs_inode *inode, loff_t pos, + lockend = round_up(pos + *write_bytes, + fs_info->sectorsize) - 1; + +- while (1) { +- lock_extent(&inode->io_tree, lockstart, lockend); +- ordered = btrfs_lookup_ordered_range(inode, lockstart, +- lockend - lockstart + 1); +- if (!ordered) { +- break; +- } +- unlock_extent(&inode->io_tree, lockstart, lockend); +- btrfs_start_ordered_extent(&inode->vfs_inode, ordered, 1); +- btrfs_put_ordered_extent(ordered); +- } ++ btrfs_lock_and_flush_ordered_range(&inode->io_tree, inode, lockstart, ++ lockend, NULL); + + num_bytes = lockend - lockstart + 1; + ret = can_nocow_extent(&inode->vfs_inode, lockstart, &num_bytes, +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c +index bb1fbd995cda..7280c8696819 100644 +--- a/fs/btrfs/inode.c ++++ b/fs/btrfs/inode.c +@@ -4788,21 +4788,8 @@ int btrfs_cont_expand(struct inode *inode, loff_t oldsize, loff_t size) + if (size <= hole_start) + return 0; + +- while (1) { +- struct btrfs_ordered_extent *ordered; +- +- lock_extent_bits(io_tree, hole_start, block_end - 1, +- &cached_state); +- ordered = btrfs_lookup_ordered_range(BTRFS_I(inode), hole_start, +- block_end - hole_start); +- if (!ordered) +- break; +- unlock_extent_cached(io_tree, hole_start, block_end - 1, +- &cached_state, GFP_NOFS); +- btrfs_start_ordered_extent(inode, ordered, 1); +- btrfs_put_ordered_extent(ordered); +- } +- ++ btrfs_lock_and_flush_ordered_range(io_tree, BTRFS_I(inode), hole_start, ++ block_end - 1, &cached_state); + cur_offset = hole_start; + while (1) { + em = btrfs_get_extent(BTRFS_I(inode), NULL, 0, cur_offset, +-- +2.26.2 + diff --git a/patches.suse/btrfs-add-assertions-for-tree-inode-io_tree-to-exten.patch b/patches.suse/btrfs-add-assertions-for-tree-inode-io_tree-to-exten.patch new file mode 100644 index 0000000..eaa0041 --- /dev/null +++ b/patches.suse/btrfs-add-assertions-for-tree-inode-io_tree-to-exten.patch @@ -0,0 +1,87 @@ +From: David Sterba +Date: Wed, 5 Feb 2020 19:09:30 +0100 +Git-commit: ae6957ebbfcd418348550ac02e36b0ea86d32e0a +Patch-mainline: 5.7 +References: bsc#1174438 +Subject: [PATCH] btrfs: add assertions for tree == inode->io_tree to + extent IO helpers + +Add assertions to all helpers that get tree as argument and verify that +it's the same that can be obtained from the inode or from its pages. In +followup patches the redundant arguments and assertions will be removed +one by one. + +Reviewed-by: Johannes Thumshirn +Reviewed-by: Nikolay Borisov +Signed-off-by: David Sterba +Signed-off-by: Filipe Manana +--- + fs/btrfs/extent_io.c | 10 ++++++++++ + fs/btrfs/ordered-data.c | 2 ++ + 2 files changed, 12 insertions(+) + +diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c +index 7fc8d3e5e892..aeec3237b78d 100644 +--- a/fs/btrfs/extent_io.c ++++ b/fs/btrfs/extent_io.c +@@ -2978,6 +2978,8 @@ static int __do_readpage(struct extent_io_tree *tree, + size_t blocksize = inode->i_sb->s_blocksize; + unsigned long this_bio_flag = 0; + ++ ASSERT(tree == &BTRFS_I(inode)->io_tree); ++ + set_page_extent_mapped(page); + + end = page_end; +@@ -3175,6 +3177,8 @@ static inline void __do_contiguous_readpages(struct extent_io_tree *tree, + struct btrfs_inode *inode = BTRFS_I(pages[0]->mapping->host); + int index; + ++ ASSERT(tree == &inode->io_tree); ++ + btrfs_lock_and_flush_ordered_range(tree, inode, start, end, NULL); + + for (index = 0; index < nr_pages; index++) { +@@ -3235,6 +3239,8 @@ static int __extent_read_full_page(struct extent_io_tree *tree, + u64 end = start + PAGE_SIZE - 1; + int ret; + ++ ASSERT(tree == &inode->io_tree); ++ + btrfs_lock_and_flush_ordered_range(tree, inode, start, end, NULL); + + ret = __do_readpage(tree, page, get_extent, NULL, bio, mirror_num, +@@ -3249,6 +3255,8 @@ int extent_read_full_page(struct extent_io_tree *tree, struct page *page, + unsigned long bio_flags = 0; + int ret; + ++ ASSERT(tree == &BTRFS_I(page->mapping->host)->io_tree); ++ + ret = __extent_read_full_page(tree, page, get_extent, &bio, mirror_num, + &bio_flags, 0); + if (bio) +@@ -5382,6 +5390,8 @@ int read_extent_buffer_pages(struct extent_io_tree *tree, + if (test_bit(EXTENT_BUFFER_UPTODATE, &eb->bflags)) + return 0; + ++ ASSERT(tree == &BTRFS_I(eb->pages[0]->mapping->host)->io_tree); ++ + num_pages = num_extent_pages(eb->start, eb->len); + for (i = 0; i < num_pages; i++) { + page = eb->pages[i]; +diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c +index ffa34a0b04ad..bb6e99142e43 100644 +--- a/fs/btrfs/ordered-data.c ++++ b/fs/btrfs/ordered-data.c +@@ -1169,6 +1169,8 @@ void btrfs_lock_and_flush_ordered_range(struct extent_io_tree *tree, + struct extent_state *cache = NULL; + struct extent_state **cachedp = &cache; + ++ ASSERT(tree == &inode->io_tree); ++ + if (cached_state) + cachedp = cached_state; + +-- +2.26.2 + diff --git a/patches.suse/btrfs-add-new-helper-btrfs_lock_and_flush_ordered_ra.patch b/patches.suse/btrfs-add-new-helper-btrfs_lock_and_flush_ordered_ra.patch new file mode 100644 index 0000000..fdba3bc --- /dev/null +++ b/patches.suse/btrfs-add-new-helper-btrfs_lock_and_flush_ordered_ra.patch @@ -0,0 +1,85 @@ +From: Nikolay Borisov +Date: Tue, 7 May 2019 10:19:22 +0300 +Git-commit: ffa87214c1100c7ea38e85a3cf981d0d47b1c744 +Patch-mainline: 5.3 +References: bsc#1174438 +Subject: [PATCH] btrfs: add new helper + btrfs_lock_and_flush_ordered_range + +There is a certain idiom used in multiple places in btrfs' codebase, +dealing with flushing an ordered range. Factor this in a separate +function that can be reused. Future patches will replace the existing +code with that function. + +Reviewed-by: Josef Bacik +Signed-off-by: Nikolay Borisov +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Filipe Manana +--- + fs/btrfs/ordered-data.c | 33 +++++++++++++++++++++++++++++++++ + fs/btrfs/ordered-data.h | 4 ++++ + 2 files changed, 37 insertions(+) + +diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c +index 4f51e634f22d..f8324f63571d 100644 +--- a/fs/btrfs/ordered-data.c ++++ b/fs/btrfs/ordered-data.c +@@ -1146,6 +1146,39 @@ int btrfs_find_ordered_sum(struct inode *inode, u64 offset, u64 disk_bytenr, + return index; + } + ++/* ++ * btrfs_flush_ordered_range - Lock the passed range and ensures all pending ++ * ordered extents in it are run to completion. ++ * ++ * @tree: IO tree used for locking out other users of the range ++ * @inode: Inode whose ordered tree is to be searched ++ * @start: Beginning of range to flush ++ * @end: Last byte of range to lock ++ * @cached_state: If passed, will return the extent state responsible for the ++ * locked range. It's the caller's responsibility to free the cached state. ++ * ++ * This function always returns with the given range locked, ensuring after it's ++ * called no order extent can be pending. ++ */ ++void btrfs_lock_and_flush_ordered_range(struct extent_io_tree *tree, ++ struct btrfs_inode *inode, u64 start, ++ u64 end, ++ struct extent_state **cached_state) ++{ ++ struct btrfs_ordered_extent *ordered; ++ ++ while (1) { ++ lock_extent_bits(tree, start, end, cached_state); ++ ordered = btrfs_lookup_ordered_range(inode, start, ++ end - start + 1); ++ if (!ordered) ++ break; ++ unlock_extent_cached(tree, start, end, cached_state, GFP_NOFS); ++ btrfs_start_ordered_extent(&inode->vfs_inode, ordered, 1); ++ btrfs_put_ordered_extent(ordered); ++ } ++} ++ + int __init ordered_data_init(void) + { + btrfs_ordered_extent_cache = kmem_cache_create("btrfs_ordered_extent", +diff --git a/fs/btrfs/ordered-data.h b/fs/btrfs/ordered-data.h +index bc08fb1250de..12bd38ce68b0 100644 +--- a/fs/btrfs/ordered-data.h ++++ b/fs/btrfs/ordered-data.h +@@ -197,6 +197,10 @@ u64 btrfs_wait_ordered_extents(struct bt + const u64 range_start, const u64 range_len); + u64 btrfs_wait_ordered_roots(struct btrfs_fs_info *fs_info, u64 nr, + const u64 range_start, const u64 range_len); ++void btrfs_lock_and_flush_ordered_range(struct extent_io_tree *tree, ++ struct btrfs_inode *inode, u64 start, ++ u64 end, ++ struct extent_state **cached_state); + int __init ordered_data_init(void); + void ordered_data_exit(void); + #endif +-- +2.26.2 + diff --git a/patches.suse/btrfs-drop-argument-tree-from-btrfs_lock_and_flush_o.patch b/patches.suse/btrfs-drop-argument-tree-from-btrfs_lock_and_flush_o.patch new file mode 100644 index 0000000..9254ae3 --- /dev/null +++ b/patches.suse/btrfs-drop-argument-tree-from-btrfs_lock_and_flush_o.patch @@ -0,0 +1,134 @@ +From: David Sterba +Date: Wed, 5 Feb 2020 19:09:33 +0100 +Git-commit: b272ae22acd2ca688bbf9d94eea4b1da61fdc697 +Patch-mainline: 5.7 +References: bsc#1174438 +Subject: [PATCH] btrfs: drop argument tree from + btrfs_lock_and_flush_ordered_range + +The tree pointer can be safely read from the inode so we can drop the +redundant argument from btrfs_lock_and_flush_ordered_range. + +Reviewed-by: Johannes Thumshirn +Reviewed-by: Nikolay Borisov +Signed-off-by: David Sterba +Signed-off-by: Filipe Manana +--- + fs/btrfs/extent_io.c | 4 ++-- + fs/btrfs/file.c | 2 +- + fs/btrfs/inode.c | 2 +- + fs/btrfs/ordered-data.c | 10 +++------- + fs/btrfs/ordered-data.h | 3 +-- + 5 files changed, 8 insertions(+), 13 deletions(-) + +diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c +index aeec3237b78d..77fbe3a9e982 100644 +--- a/fs/btrfs/extent_io.c ++++ b/fs/btrfs/extent_io.c +@@ -3179,7 +3179,7 @@ static inline void __do_contiguous_readpages(struct extent_io_tree *tree, + + ASSERT(tree == &inode->io_tree); + +- btrfs_lock_and_flush_ordered_range(tree, inode, start, end, NULL); ++ btrfs_lock_and_flush_ordered_range(inode, start, end, NULL); + + for (index = 0; index < nr_pages; index++) { + __do_readpage(tree, pages[index], get_extent, em_cached, bio, +@@ -3241,7 +3241,7 @@ static int __extent_read_full_page(struct extent_io_tree *tree, + + ASSERT(tree == &inode->io_tree); + +- btrfs_lock_and_flush_ordered_range(tree, inode, start, end, NULL); ++ btrfs_lock_and_flush_ordered_range(inode, start, end, NULL); + + ret = __do_readpage(tree, page, get_extent, NULL, bio, mirror_num, + bio_flags, read_flags, NULL); +diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c +index 684fd1d4680a..1079e6f18212 100644 +--- a/fs/btrfs/file.c ++++ b/fs/btrfs/file.c +@@ -1563,7 +1563,7 @@ static noinline int check_can_nocow(struct btrfs_inode *inode, loff_t pos, + lockend = round_up(pos + *write_bytes, + fs_info->sectorsize) - 1; + +- btrfs_lock_and_flush_ordered_range(&inode->io_tree, inode, lockstart, ++ btrfs_lock_and_flush_ordered_range(inode, lockstart, + lockend, NULL); + + num_bytes = lockend - lockstart + 1; +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c +index 7280c8696819..37bbeed3eb74 100644 +--- a/fs/btrfs/inode.c ++++ b/fs/btrfs/inode.c +@@ -4788,7 +4788,7 @@ int btrfs_cont_expand(struct inode *inode, loff_t oldsize, loff_t size) + if (size <= hole_start) + return 0; + +- btrfs_lock_and_flush_ordered_range(io_tree, BTRFS_I(inode), hole_start, ++ btrfs_lock_and_flush_ordered_range(BTRFS_I(inode), hole_start, + block_end - 1, &cached_state); + cur_offset = hole_start; + while (1) { +diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c +index bb6e99142e43..3b60238f307c 100644 +--- a/fs/btrfs/ordered-data.c ++++ b/fs/btrfs/ordered-data.c +@@ -1150,7 +1150,6 @@ int btrfs_find_ordered_sum(struct inode *inode, u64 offset, u64 disk_bytenr, + * btrfs_flush_ordered_range - Lock the passed range and ensures all pending + * ordered extents in it are run to completion. + * +- * @tree: IO tree used for locking out other users of the range + * @inode: Inode whose ordered tree is to be searched + * @start: Beginning of range to flush + * @end: Last byte of range to lock +@@ -1160,8 +1159,7 @@ int btrfs_find_ordered_sum(struct inode *inode, u64 offset, u64 disk_bytenr, + * This function always returns with the given range locked, ensuring after it's + * called no order extent can be pending. + */ +-void btrfs_lock_and_flush_ordered_range(struct extent_io_tree *tree, +- struct btrfs_inode *inode, u64 start, ++void btrfs_lock_and_flush_ordered_range(struct btrfs_inode *inode, u64 start, + u64 end, + struct extent_state **cached_state) + { +@@ -1169,13 +1167,11 @@ void btrfs_lock_and_flush_ordered_range(struct extent_io_tree *tree, + struct extent_state *cache = NULL; + struct extent_state **cachedp = &cache; + +- ASSERT(tree == &inode->io_tree); +- + if (cached_state) + cachedp = cached_state; + + while (1) { +- lock_extent_bits(tree, start, end, cachedp); ++ lock_extent_bits(&inode->io_tree, start, end, cachedp); + ordered = btrfs_lookup_ordered_range(inode, start, + end - start + 1); + if (!ordered) { +@@ -1188,7 +1184,7 @@ void btrfs_lock_and_flush_ordered_range(struct extent_io_tree *tree, + refcount_dec(&cache->refs); + break; + } +- unlock_extent_cached(tree, start, end, cachedp, GFP_NOFS); ++ unlock_extent_cached(&inode->io_tree, start, end, cachedp, GFP_NOFS); + btrfs_start_ordered_extent(&inode->vfs_inode, ordered, 1); + btrfs_put_ordered_extent(ordered); + } +diff --git a/fs/btrfs/ordered-data.h b/fs/btrfs/ordered-data.h +index 12bd38ce68b0..c42de3eb7aec 100644 +--- a/fs/btrfs/ordered-data.h ++++ b/fs/btrfs/ordered-data.h +@@ -197,8 +197,7 @@ u64 btrfs_wait_ordered_extents(struct bt + const u64 range_start, const u64 range_len); + void btrfs_wait_ordered_roots(struct btrfs_fs_info *fs_info, u64 nr, + const u64 range_start, const u64 range_len); +-void btrfs_lock_and_flush_ordered_range(struct extent_io_tree *tree, +- struct btrfs_inode *inode, u64 start, ++void btrfs_lock_and_flush_ordered_range(struct btrfs_inode *inode, u64 start, + u64 end, + struct extent_state **cached_state); + int __init ordered_data_init(void); +-- +2.26.2 + diff --git a/patches.suse/btrfs-fix-RWF_NOWAIT-write-not-failling-when-we-need.patch b/patches.suse/btrfs-fix-RWF_NOWAIT-write-not-failling-when-we-need.patch new file mode 100644 index 0000000..3d9456b --- /dev/null +++ b/patches.suse/btrfs-fix-RWF_NOWAIT-write-not-failling-when-we-need.patch @@ -0,0 +1,88 @@ +From: Filipe Manana +Date: Mon, 15 Jun 2020 18:49:13 +0100 +Git-commit: 260a63395f90f67d6ab89e4266af9e3dc34a77e9 +Patch-mainline: 5.8-rc3 +References: bsc#1174438 +Subject: [PATCH] btrfs: fix RWF_NOWAIT write not failling when we need + to cow + +If we attempt to do a RWF_NOWAIT write against a file range for which we +can only do NOCOW for a part of it, due to the existence of holes or +shared extents for example, we proceed with the write as if it were +possible to NOCOW the whole range. + +Example: + + $ mkfs.btrfs -f /dev/sdb + $ mount /dev/sdb /mnt + + $ touch /mnt/sdj/bar + $ chattr +C /mnt/sdj/bar + + $ xfs_io -d -c "pwrite -S 0xab -b 256K 0 256K" /mnt/bar + wrote 262144/262144 bytes at offset 0 + 256 KiB, 1 ops; 0.0003 sec (694.444 MiB/sec and 2777.7778 ops/sec) + + $ xfs_io -c "fpunch 64K 64K" /mnt/bar + $ sync + + $ xfs_io -d -c "pwrite -N -V 1 -b 128K -S 0xfe 0 128K" /mnt/bar + wrote 131072/131072 bytes at offset 0 + 128 KiB, 1 ops; 0.0007 sec (160.051 MiB/sec and 1280.4097 ops/sec) + +This last write should fail with -EAGAIN since the file range from 64K to +128K is a hole. On xfs it fails, as expected, but on ext4 it currently +succeeds because apparently it is expensive to check if there are extents +allocated for the whole range, but I'll check with the ext4 people. + +Fix the issue by checking if check_can_nocow() returns a number of +NOCOW'able bytes smaller then the requested number of bytes, and if it +does return -EAGAIN. + +Fixes: edf064e7c6fec3 ("btrfs: nowait aio support") +CC: stable@vger.kernel.org # 4.14+ +Signed-off-by: Filipe Manana +Reviewed-by: David Sterba +Signed-off-by: David Sterba +--- + fs/btrfs/file.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c +index bb25b8afec9c..87f0f72869ab 100644 +--- a/fs/btrfs/file.c ++++ b/fs/btrfs/file.c +@@ -1904,18 +1904,29 @@ static ssize_t btrfs_file_write_iter(struct kiocb *iocb, + pos = iocb->ki_pos; + count = iov_iter_count(from); + if (iocb->ki_flags & IOCB_NOWAIT) { ++ size_t nocow_bytes = count; ++ + /* + * We will allocate space in case nodatacow is not set, + * so bail + */ + if (!(BTRFS_I(inode)->flags & (BTRFS_INODE_NODATACOW | + BTRFS_INODE_PREALLOC)) || +- check_can_nocow(BTRFS_I(inode), pos, &count) <= 0) { ++ check_can_nocow(BTRFS_I(inode), pos, &nocow_bytes) <= 0) { + inode_unlock(inode); + return -EAGAIN; + } + /* check_can_nocow() locks the snapshot lock on success */ + btrfs_end_write_no_snapshoting(root); ++ /* ++ * There are holes in the range or parts of the range that must ++ * be COWed (shared extents, RO block groups, etc), so just bail ++ * out. ++ */ ++ if (nocow_bytes < count) { ++ inode_unlock(inode); ++ return -EAGAIN; ++ } + } + + current->backing_dev_info = inode_to_bdi(inode); +-- +2.26.2 + diff --git a/patches.suse/btrfs-fix-RWF_NOWAIT-writes-blocking-on-extent-locks.patch b/patches.suse/btrfs-fix-RWF_NOWAIT-writes-blocking-on-extent-locks.patch new file mode 100644 index 0000000..79e41a0 --- /dev/null +++ b/patches.suse/btrfs-fix-RWF_NOWAIT-writes-blocking-on-extent-locks.patch @@ -0,0 +1,129 @@ +From: Filipe Manana +Date: Mon, 15 Jun 2020 18:49:39 +0100 +Git-commit: 5dbb75ed6900048e146247b6325742d92c892548 +Patch-mainline: 5.8-rc3 +References: bsc#1174438 +Subject: [PATCH] btrfs: fix RWF_NOWAIT writes blocking on extent locks + and waiting for IO + +A RWF_NOWAIT write is not supposed to wait on filesystem locks that can be +held for a long time or for ongoing IO to complete. + +However when calling check_can_nocow(), if the inode has prealloc extents +or has the NOCOW flag set, we can block on extent (file range) locks +through the call to btrfs_lock_and_flush_ordered_range(). Such lock can +take a significant amount of time to be available. For example, a fiemap +task may be running, and iterating through the entire file range checking +all extents and doing backref walking to determine if they are shared, +or a readpage operation may be in progress. + +Also at btrfs_lock_and_flush_ordered_range(), called by check_can_nocow(), +after locking the file range we wait for any existing ordered extent that +is in progress to complete. Another operation that can take a significant +amount of time and defeat the purpose of RWF_NOWAIT. + +So fix this by trying to lock the file range and if it's currently locked +return -EAGAIN to user space. If we are able to lock the file range without +waiting and there is an ordered extent in the range, return -EAGAIN as +well, instead of waiting for it to complete. Finally, don't bother trying +to lock the snapshot lock of the root when attempting a RWF_NOWAIT write, +as that is only important for buffered writes. + +Fixes: edf064e7c6fec3 ("btrfs: nowait aio support") +Signed-off-by: Filipe Manana +Signed-off-by: David Sterba +--- + fs/btrfs/file.c | 37 ++++++++++++++++++++++++++----------- + 1 file changed, 26 insertions(+), 11 deletions(-) + +diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c +index 87f0f72869ab..d5479f307337 100644 +--- a/fs/btrfs/file.c ++++ b/fs/btrfs/file.c +@@ -1547,7 +1547,7 @@ lock_and_cleanup_extent_if_need(struct btrfs_inode *inode, struct page **pages, + } + + static noinline int check_can_nocow(struct btrfs_inode *inode, loff_t pos, +- size_t *write_bytes) ++ size_t *write_bytes, bool nowait) + { + struct btrfs_fs_info *fs_info = btrfs_sb(inode->vfs_inode.i_sb); + struct btrfs_root *root = inode->root; +@@ -1555,28 +1555,44 @@ static noinline int check_can_nocow(struct btrfs_inode *inode, loff_t pos, + u64 num_bytes; + int ret; + +- ret = btrfs_start_write_no_snapshoting(root); +- if (!ret) ++ if (!nowait && !btrfs_start_write_no_snapshoting(root)) + return -EAGAIN; + + lockstart = round_down(pos, fs_info->sectorsize); + lockend = round_up(pos + *write_bytes, + fs_info->sectorsize) - 1; ++ num_bytes = lockend - lockstart + 1; + +- btrfs_lock_and_flush_ordered_range(inode, lockstart, +- lockend, NULL); ++ if (nowait) { ++ struct btrfs_ordered_extent *ordered; ++ ++ if (!try_lock_extent(&inode->io_tree, lockstart, lockend)) ++ return -EAGAIN; ++ ++ ordered = btrfs_lookup_ordered_range(inode, lockstart, ++ num_bytes); ++ if (ordered) { ++ btrfs_put_ordered_extent(ordered); ++ ret = -EAGAIN; ++ goto out_unlock; ++ } ++ } else { ++ btrfs_lock_and_flush_ordered_range(inode, lockstart, ++ lockend, NULL); ++ } + +- num_bytes = lockend - lockstart + 1; + ret = can_nocow_extent(&inode->vfs_inode, lockstart, &num_bytes, + NULL, NULL, NULL); + if (ret <= 0) { + ret = 0; + btrfs_end_write_no_snapshoting(root); ++ if (!nowait) ++ btrfs_end_write_no_snapshoting(root); + } else { + *write_bytes = min_t(size_t, *write_bytes , + num_bytes - pos + lockstart); + } +- ++out_unlock: + unlock_extent(&inode->io_tree, lockstart, lockend); + + return ret; +@@ -1647,7 +1663,7 @@ static noinline ssize_t __btrfs_buffered_write(struct file *file, + if ((BTRFS_I(inode)->flags & (BTRFS_INODE_NODATACOW | + BTRFS_INODE_PREALLOC)) && + check_can_nocow(BTRFS_I(inode), pos, +- &write_bytes) > 0) { ++ &write_bytes, false) > 0) { + /* + * For nodata cow case, no need to reserve + * data space. +@@ -1912,12 +1928,11 @@ static ssize_t btrfs_file_write_iter(struct kiocb *iocb, + */ + if (!(BTRFS_I(inode)->flags & (BTRFS_INODE_NODATACOW | + BTRFS_INODE_PREALLOC)) || +- check_can_nocow(BTRFS_I(inode), pos, &nocow_bytes) <= 0) { ++ check_can_nocow(BTRFS_I(inode), pos, &nocow_bytes, ++ true) <= 0) { + inode_unlock(inode); + return -EAGAIN; + } +- /* check_can_nocow() locks the snapshot lock on success */ +- btrfs_end_write_no_snapshoting(root); + /* + * There are holes in the range or parts of the range that must + * be COWed (shared extents, RO block groups, etc), so just bail +-- +2.26.2 + diff --git a/patches.suse/btrfs-fix-extent_state-leak-in-btrfs_lock_and_flush_.patch b/patches.suse/btrfs-fix-extent_state-leak-in-btrfs_lock_and_flush_.patch new file mode 100644 index 0000000..53a9ada --- /dev/null +++ b/patches.suse/btrfs-fix-extent_state-leak-in-btrfs_lock_and_flush_.patch @@ -0,0 +1,63 @@ +From: Naohiro Aota +Date: Fri, 26 Jul 2019 16:47:05 +0900 +Git-commit: a3b46b86ca76d7f9d487e6a0b594fd1984e0796e +Patch-mainline: 5.3 +References: bsc#1174438 +Subject: [PATCH] btrfs: fix extent_state leak in + btrfs_lock_and_flush_ordered_range + +btrfs_lock_and_flush_ordered_range() loads given "*cached_state" into +cachedp, which, in general, is NULL. Then, lock_extent_bits() updates +"cachedp", but it never goes backs to the caller. Thus the caller still +see its "cached_state" to be NULL and never free the state allocated +under btrfs_lock_and_flush_ordered_range(). As a result, we will +see massive state leak with e.g. fstests btrfs/005. Fix this bug by +properly handling the pointers. + +Fixes: bd80d94efb83 ("btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range") +Reviewed-by: Nikolay Borisov +Signed-off-by: Naohiro Aota +Signed-off-by: David Sterba +Signed-off-by: Filipe Manana +--- + fs/btrfs/ordered-data.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c +index 1b50811b37d0..ffa34a0b04ad 100644 +--- a/fs/btrfs/ordered-data.c ++++ b/fs/btrfs/ordered-data.c +@@ -1166,13 +1166,14 @@ void btrfs_lock_and_flush_ordered_range(struct extent_io_tree *tree, + struct extent_state **cached_state) + { + struct btrfs_ordered_extent *ordered; +- struct extent_state *cachedp = NULL; ++ struct extent_state *cache = NULL; ++ struct extent_state **cachedp = &cache; + + if (cached_state) +- cachedp = *cached_state; ++ cachedp = cached_state; + + while (1) { +- lock_extent_bits(tree, start, end, &cachedp); ++ lock_extent_bits(tree, start, end, cachedp); + ordered = btrfs_lookup_ordered_range(inode, start, + end - start + 1); + if (!ordered) { +@@ -1182,10 +1183,10 @@ void btrfs_lock_and_flush_ordered_range(struct extent_io_tree *tree, + * aren't exposing it outside of this function + */ + if (!cached_state) +- refcount_dec(&cachedp->refs); ++ refcount_dec(&cache->refs); + break; + } +- unlock_extent_cached(tree, start, end, &cachedp, GFP_NOFS); ++ unlock_extent_cached(tree, start, end, cachedp, GFP_NOFS); + btrfs_start_ordered_extent(&inode->vfs_inode, ordered, 1); + btrfs_put_ordered_extent(ordered); + } +-- +2.26.2 + diff --git a/patches.suse/btrfs-fix-failure-of-RWF_NOWAIT-write-into-prealloc-.patch b/patches.suse/btrfs-fix-failure-of-RWF_NOWAIT-write-into-prealloc-.patch new file mode 100644 index 0000000..8778ed6 --- /dev/null +++ b/patches.suse/btrfs-fix-failure-of-RWF_NOWAIT-write-into-prealloc-.patch @@ -0,0 +1,63 @@ +From: Filipe Manana +Date: Mon, 15 Jun 2020 18:48:58 +0100 +Git-commit: 4b1946284dd6641afdb9457101056d9e6ee6204c +Patch-mainline: 5.8-rc3 +References: bsc#1174438 +Subject: [PATCH] btrfs: fix failure of RWF_NOWAIT write into prealloc + extent beyond eof + +If we attempt to write to prealloc extent located after eof using a +RWF_NOWAIT write, we always fail with -EAGAIN. + +We do actually check if we have an allocated extent for the write at +the start of btrfs_file_write_iter() through a call to check_can_nocow(), +but later when we go into the actual direct IO write path we simply +return -EAGAIN if the write starts at or beyond EOF. + +Trivial to reproduce: + + $ mkfs.btrfs -f /dev/sdb + $ mount /dev/sdb /mnt + + $ touch /mnt/foo + $ chattr +C /mnt/foo + + $ xfs_io -d -c "pwrite -S 0xab 0 64K" /mnt/foo + wrote 65536/65536 bytes at offset 0 + 64 KiB, 16 ops; 0.0004 sec (135.575 MiB/sec and 34707.1584 ops/sec) + + $ xfs_io -c "falloc -k 64K 1M" /mnt/foo + + $ xfs_io -d -c "pwrite -N -V 1 -S 0xfe -b 64K 64K 64K" /mnt/foo + pwrite: Resource temporarily unavailable + +On xfs and ext4 the write succeeds, as expected. + +Fix this by removing the wrong check at btrfs_direct_IO(). + +Fixes: edf064e7c6fec3 ("btrfs: nowait aio support") +CC: stable@vger.kernel.org # 4.14+ +Signed-off-by: Filipe Manana +Reviewed-by: David Sterba +Signed-off-by: David Sterba +--- + fs/btrfs/inode.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c +index 37bbeed3eb74..9c3a60860610 100644 +--- a/fs/btrfs/inode.c ++++ b/fs/btrfs/inode.c +@@ -8567,9 +8567,6 @@ static ssize_t btrfs_direct_IO(struct kiocb *iocb, struct iov_iter *iter) + dio_data.overwrite = 1; + inode_unlock(inode); + relock = true; +- } else if (iocb->ki_flags & IOCB_NOWAIT) { +- ret = -EAGAIN; +- goto out; + } + ret = btrfs_delalloc_reserve_space(inode, &data_reserved, + offset, count); +-- +2.26.2 + diff --git a/patches.suse/btrfs-fix-hang-on-snapshot-creation-after-RWF_NOWAIT.patch b/patches.suse/btrfs-fix-hang-on-snapshot-creation-after-RWF_NOWAIT.patch new file mode 100644 index 0000000..bb9ad46 --- /dev/null +++ b/patches.suse/btrfs-fix-hang-on-snapshot-creation-after-RWF_NOWAIT.patch @@ -0,0 +1,55 @@ +From: Filipe Manana +Date: Mon, 15 Jun 2020 18:46:01 +0100 +Git-commit: f2cb2f39ccc30fa13d3ac078d461031a63960e5b +Patch-mainline: 5.8-rc3 +References: bsc#1174438 +Subject: [PATCH] btrfs: fix hang on snapshot creation after RWF_NOWAIT + write + +If we do a successful RWF_NOWAIT write we end up locking the snapshot lock +of the inode, through a call to check_can_nocow(), but we never unlock it. + +This means the next attempt to create a snapshot on the subvolume will +hang forever. + +Trivial reproducer: + + $ mkfs.btrfs -f /dev/sdb + $ mount /dev/sdb /mnt + + $ touch /mnt/foobar + $ chattr +C /mnt/foobar + $ xfs_io -d -c "pwrite -S 0xab 0 64K" /mnt/foobar + $ xfs_io -d -c "pwrite -N -V 1 -S 0xfe 0 64K" /mnt/foobar + + $ btrfs subvolume snapshot -r /mnt /mnt/snap + --> hangs + +Fix this by unlocking the snapshot lock if check_can_nocow() returned +success. + +Fixes: edf064e7c6fec3 ("btrfs: nowait aio support") +CC: stable@vger.kernel.org # 4.14+ +Signed-off-by: Filipe Manana +Reviewed-by: David Sterba +Signed-off-by: David Sterba +--- + fs/btrfs/file.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c +index 1079e6f18212..bb25b8afec9c 100644 +--- a/fs/btrfs/file.c ++++ b/fs/btrfs/file.c +@@ -1914,6 +1914,8 @@ static ssize_t btrfs_file_write_iter(struct kiocb *iocb, + inode_unlock(inode); + return -EAGAIN; + } ++ /* check_can_nocow() locks the snapshot lock on success */ ++ btrfs_end_write_no_snapshoting(root); + } + + current->backing_dev_info = inode_to_bdi(inode); +-- +2.26.2 + diff --git a/patches.suse/btrfs-use-correct-count-in-btrfs_file_write_iter.patch b/patches.suse/btrfs-use-correct-count-in-btrfs_file_write_iter.patch new file mode 100644 index 0000000..0ae73ee --- /dev/null +++ b/patches.suse/btrfs-use-correct-count-in-btrfs_file_write_iter.patch @@ -0,0 +1,53 @@ +From: Omar Sandoval +Date: Thu, 15 Aug 2019 14:04:02 -0700 +Git-commit: c09767a8960ca0500fb636bf73686723337debf4 +Patch-mainline: 5.4 +References: bsc#1174438 +Subject: [PATCH] btrfs: use correct count in btrfs_file_write_iter() + +generic_write_checks() may modify iov_iter_count(), so we must get the +count after the call, not before. Using the wrong one has a couple of +consequences: + +1. We check a longer range in check_can_nocow() for nowait than we're + actually writing. +2. We create extra hole extent maps in btrfs_cont_expand(). As far as I + can tell, this is harmless, but I might be missing something. + +These issues are pretty minor, but let's fix it before something more +important trips on it. + +Fixes: edf064e7c6fe ("btrfs: nowait aio support") +Reviewed-by: Josef Bacik +Signed-off-by: Omar Sandoval +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Filipe Manana +--- + fs/btrfs/file.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c +index 5711d6851b63..684fd1d4680a 100644 +--- a/fs/btrfs/file.c ++++ b/fs/btrfs/file.c +@@ -1884,7 +1884,7 @@ static ssize_t btrfs_file_write_iter(struct kiocb *iocb, + bool sync = (file->f_flags & O_DSYNC) || IS_SYNC(file->f_mapping->host); + ssize_t err; + loff_t pos; +- size_t count = iov_iter_count(from); ++ size_t count; + loff_t oldsize; + int clean_page = 0; + +@@ -1902,6 +1902,7 @@ static ssize_t btrfs_file_write_iter(struct kiocb *iocb, + } + + pos = iocb->ki_pos; ++ count = iov_iter_count(from); + if (iocb->ki_flags & IOCB_NOWAIT) { + /* + * We will allocate space in case nodatacow is not set, +-- +2.26.2 + diff --git a/patches.suse/chardev-Avoid-potential-use-after-free-in-chrdev_ope.patch b/patches.suse/chardev-Avoid-potential-use-after-free-in-chrdev_ope.patch index d58b1f0..2a174a1 100644 --- a/patches.suse/chardev-Avoid-potential-use-after-free-in-chrdev_ope.patch +++ b/patches.suse/chardev-Avoid-potential-use-after-free-in-chrdev_ope.patch @@ -4,7 +4,7 @@ Date: Thu, 19 Dec 2019 12:02:03 +0000 Subject: [PATCH] chardev: Avoid potential use-after-free in 'chrdev_open()' Git-commit: 68faa679b8be1a74e6663c21c3a9d25d32f1c079 Patch-mainline: v5.5-rc6 -References: bsc#1163849 +References: bsc#1163849, CVE-2020-0305, bsc#1174462 'chrdev_open()' calls 'cdev_get()' to obtain a reference to the 'struct cdev *' stashed in the 'i_cdev' field of the target inode diff --git a/patches.suse/crypto-talitos-fix-IPsec-cipher-in-length.patch b/patches.suse/crypto-talitos-fix-IPsec-cipher-in-length.patch new file mode 100644 index 0000000..a8d1fec --- /dev/null +++ b/patches.suse/crypto-talitos-fix-IPsec-cipher-in-length.patch @@ -0,0 +1,107 @@ +From 2b1227301a8e4729409694e323b72c064c47cb6b Mon Sep 17 00:00:00 2001 +From: LEROY Christophe +Date: Thu, 22 Mar 2018 10:57:01 +0100 +Subject: [PATCH] crypto: talitos - fix IPsec cipher in length +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 2b1227301a8e4729409694e323b72c064c47cb6b +References: git-fixes +Patch-mainline: v4.17-rc1 + +For SEC 2.x+, cipher in length must contain only the ciphertext length. +In case of using hardware ICV checking, the ICV length is provided via +the "extent" field of the descriptor pointer. + +Cc: # 4.8+ +Fixes: 549bd8bc5987 ("crypto: talitos - Implement AEAD for SEC1 using HMAC_SNOOP_NO_AFEU") +Reported-by: Horia Geantă +Signed-off-by: Christophe Leroy +Tested-by: Horia Geantă +Signed-off-by: Herbert Xu +Signed-off-by: Oliver Neukum +--- + drivers/crypto/talitos.c | 36 ++++++++++++++++++++---------------- + 1 file changed, 20 insertions(+), 16 deletions(-) + +--- a/drivers/crypto/talitos.c ++++ b/drivers/crypto/talitos.c +@@ -1116,10 +1116,10 @@ next: + return count; + } + +-int talitos_sg_map(struct device *dev, struct scatterlist *src, +- unsigned int len, struct talitos_edesc *edesc, +- struct talitos_ptr *ptr, +- int sg_count, unsigned int offset, int tbl_off) ++int talitos_sg_map_ext(struct device *dev, struct scatterlist *src, ++ unsigned int len, struct talitos_edesc *edesc, ++ struct talitos_ptr *ptr, int sg_count, ++ unsigned int offset, int tbl_off, int elen) + { + struct talitos_private *priv = dev_get_drvdata(dev); + bool is_sec1 = has_ftr_sec1(priv); +@@ -1131,6 +1131,7 @@ int talitos_sg_map(struct device *dev, s + to_talitos_ptr(ptr, 0, 0, is_sec1); + return 1; + } ++ to_talitos_ptr_ext_set(ptr, elen, is_sec1); + if (sg_count == 1) { + to_talitos_ptr(ptr, sg_dma_address(src) + offset, is_sec1); + return sg_count; +@@ -1139,7 +1140,7 @@ int talitos_sg_map(struct device *dev, s + to_talitos_ptr(ptr, edesc->dma_link_tbl + offset, is_sec1); + return sg_count; + } +- sg_count = sg_to_link_tbl_offset(src, sg_count, offset, len, ++ sg_count = sg_to_link_tbl_offset(src, sg_count, offset, len + elen, + &edesc->link_tbl[tbl_off]); + if (sg_count == 1) { + /* Only one segment now, so no link tbl needed*/ +@@ -1153,6 +1154,15 @@ int talitos_sg_map(struct device *dev, s + return sg_count; + } + ++static int talitos_sg_map(struct device *dev, struct scatterlist *src, ++ unsigned int len, struct talitos_edesc *edesc, ++ struct talitos_ptr *ptr, int sg_count, ++ unsigned int offset, int tbl_off) ++{ ++ return talitos_sg_map_ext(dev, src, len, edesc, ptr, sg_count, offset, ++ tbl_off, 0); ++} ++ + /* + * fill in and submit ipsec_esp descriptor + */ +@@ -1170,7 +1180,7 @@ static int ipsec_esp(struct talitos_edes + unsigned int ivsize = crypto_aead_ivsize(aead); + int tbl_off = 0; + int sg_count, ret; +- int sg_link_tbl_len; ++ int elen = 0; + bool sync_needed = false; + struct talitos_private *priv = dev_get_drvdata(dev); + bool is_sec1 = has_ftr_sec1(priv); +@@ -1227,17 +1237,11 @@ static int ipsec_esp(struct talitos_edes + to_talitos_ptr_len(&desc->ptr[4], cryptlen, is_sec1); + to_talitos_ptr_ext_set(&desc->ptr[4], 0, is_sec1); + +- sg_link_tbl_len = cryptlen; +- +- if (desc->hdr & DESC_HDR_TYPE_IPSEC_ESP) { +- to_talitos_ptr_ext_set(&desc->ptr[4], authsize, is_sec1); +- +- if (edesc->desc.hdr & DESC_HDR_MODE1_MDEU_CICV) +- sg_link_tbl_len += authsize; +- } ++ if (is_ipsec_esp && (desc->hdr & DESC_HDR_MODE1_MDEU_CICV)) ++ elen = authsize; + +- ret = talitos_sg_map(dev, areq->src, sg_link_tbl_len, edesc, +- &desc->ptr[4], sg_count, areq->assoclen, tbl_off); ++ ret = talitos_sg_mapi_ext(dev, areq->src, sg_link_tbl_len, edesc, &desc->ptr[4], ++ sg_count, areq->assoclen, tbl_off, elen); + + if (ret > 1) { + tbl_off += ret; diff --git a/patches.suse/crypto-talitos-reorder-code-in-talitos_edesc_alloc.patch b/patches.suse/crypto-talitos-reorder-code-in-talitos_edesc_alloc.patch new file mode 100644 index 0000000..f4f5b0a --- /dev/null +++ b/patches.suse/crypto-talitos-reorder-code-in-talitos_edesc_alloc.patch @@ -0,0 +1,96 @@ +From c56c2e173773097a248fd3bace91ac8f6fc5386d Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Tue, 8 Jan 2019 06:56:46 +0000 +Subject: [PATCH] crypto: talitos - reorder code in talitos_edesc_alloc() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: c56c2e173773097a248fd3bace91ac8f6fc5386d +References: git-fixes +Patch-mainline: v5.0-rc3 + +This patch moves the mapping of IV after the kmalloc(). This +avoids having to unmap in case kmalloc() fails. + +Signed-off-by: Christophe Leroy +Reviewed-by: Horia Geantă +Cc: stable@vger.kernel.org +Signed-off-by: Herbert Xu +Signed-off-by: Oliver Neukum +--- + drivers/crypto/talitos.c | 26 +++++++------------------- + 1 file changed, 7 insertions(+), 19 deletions(-) + +--- a/drivers/crypto/talitos.c ++++ b/drivers/crypto/talitos.c +@@ -1349,23 +1349,18 @@ static struct talitos_edesc *talitos_ede + struct talitos_private *priv = dev_get_drvdata(dev); + bool is_sec1 = has_ftr_sec1(priv); + int max_len = is_sec1 ? TALITOS1_MAX_DATA_LEN : TALITOS2_MAX_DATA_LEN; +- void *err; + + if (cryptlen + authsize > max_len) { + dev_err(dev, "length exceeds h/w max limit\n"); + return ERR_PTR(-EINVAL); + } + +- if (ivsize) +- iv_dma = dma_map_single(dev, iv, ivsize, DMA_TO_DEVICE); +- + if (!dst || dst == src) { + src_len = assoclen + cryptlen + authsize; + src_nents = sg_nents_for_len(src, src_len); + if (src_nents < 0) { + dev_err(dev, "Invalid number of src SG.\n"); +- err = ERR_PTR(-EINVAL); +- goto error_sg; ++ return ERR_PTR(-EINVAL); + } + src_nents = (src_nents == 1) ? 0 : src_nents; + dst_nents = dst ? src_nents : 0; +@@ -1375,16 +1370,14 @@ static struct talitos_edesc *talitos_ede + src_nents = sg_nents_for_len(src, src_len); + if (src_nents < 0) { + dev_err(dev, "Invalid number of src SG.\n"); +- err = ERR_PTR(-EINVAL); +- goto error_sg; ++ return ERR_PTR(-EINVAL); + } + src_nents = (src_nents == 1) ? 0 : src_nents; + dst_len = assoclen + cryptlen + (encrypt ? authsize : 0); + dst_nents = sg_nents_for_len(dst, dst_len); + if (dst_nents < 0) { + dev_err(dev, "Invalid number of dst SG.\n"); +- err = ERR_PTR(-EINVAL); +- goto error_sg; ++ return ERR_PTR(-EINVAL); + } + dst_nents = (dst_nents == 1) ? 0 : dst_nents; + } +@@ -1409,11 +1402,10 @@ static struct talitos_edesc *talitos_ede + } + + edesc = kmalloc(alloc_len, GFP_DMA | flags); +- if (!edesc) { +- dev_err(dev, "could not allocate edescriptor\n"); +- err = ERR_PTR(-ENOMEM); +- goto error_sg; +- } ++ if (!edesc) ++ return ERR_PTR(-ENOMEM); ++ if (ivsize) ++ iv_dma = dma_map_single(dev, iv, ivsize, DMA_TO_DEVICE); + + edesc->src_nents = src_nents; + edesc->dst_nents = dst_nents; +@@ -1425,10 +1417,6 @@ static struct talitos_edesc *talitos_ede + DMA_BIDIRECTIONAL); + + return edesc; +-error_sg: +- if (iv_dma) +- dma_unmap_single(dev, iv_dma, ivsize, DMA_TO_DEVICE); +- return err; + } + + static struct talitos_edesc *aead_edesc_alloc(struct aead_request *areq, u8 *iv, diff --git a/patches.suse/dev-mem-Add-missing-memory-barriers-for-devmem_inode.patch b/patches.suse/dev-mem-Add-missing-memory-barriers-for-devmem_inode.patch new file mode 100644 index 0000000..f804c36 --- /dev/null +++ b/patches.suse/dev-mem-Add-missing-memory-barriers-for-devmem_inode.patch @@ -0,0 +1,64 @@ +From: Eric Biggers +Date: Wed, 15 Jul 2020 23:05:53 -0700 +Subject: /dev/mem: Add missing memory barriers for devmem_inode +Git-commit: b34e7e298d7a5ed76b3aa327c240c29f1ef6dd22 +Patch-mainline: 5.8-rc7 +References: git-fixes + +WRITE_ONCE() isn't the correct way to publish a pointer to a data +structure, since it doesn't include a write memory barrier. Therefore +other tasks may see that the pointer has been set but not see that the +pointed-to memory has finished being initialized yet. Instead a +primitive with "release" semantics is needed. + +Use smp_store_release() for this. + +The use of READ_ONCE() on the read side is still potentially correct if +there's no control dependency, i.e. if all memory being "published" is +transitively reachable via the pointer itself. But this pairing is +somewhat confusing and error-prone. So just upgrade the read side to +smp_load_acquire() so that it clearly pairs with smp_store_release(). + +Cc: Arnd Bergmann +Cc: Ingo Molnar +Cc: Kees Cook +Cc: Matthew Wilcox +Cc: Russell King +Cc: Andrew Morton +Fixes: 3234ac664a87 ("/dev/mem: Revoke mappings when a driver claims the region") +Signed-off-by: Eric Biggers +Cc: stable +Acked-by: Dan Williams +Link: https://lore.kernel.org/r/20200716060553.24618-1-ebiggers@kernel.org +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Jiri Slaby +--- + drivers/char/mem.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +--- a/drivers/char/mem.c ++++ b/drivers/char/mem.c +@@ -806,7 +806,8 @@ static struct inode *devmem_inode; + #ifdef CONFIG_IO_STRICT_DEVMEM + void revoke_devmem(struct resource *res) + { +- struct inode *inode = READ_ONCE(devmem_inode); ++ /* pairs with smp_store_release() in devmem_init_inode() */ ++ struct inode *inode = smp_load_acquire(&devmem_inode); + + /* + * Check that the initialization has completed. Losing the race +@@ -1015,8 +1016,11 @@ static int devmem_init_inode(void) + return rc; + } + +- /* publish /dev/mem initialized */ +- WRITE_ONCE(devmem_inode, inode); ++ /* ++ * Publish /dev/mem initialized. ++ * Pairs with smp_load_acquire() in revoke_devmem(). ++ */ ++ smp_store_release(&devmem_inode, inode); + + return 0; + } diff --git a/patches.suse/dev-mem-Revoke-mappings-when-a-driver-claims-the-reg.patch b/patches.suse/dev-mem-Revoke-mappings-when-a-driver-claims-the-reg.patch new file mode 100644 index 0000000..2572948 --- /dev/null +++ b/patches.suse/dev-mem-Revoke-mappings-when-a-driver-claims-the-reg.patch @@ -0,0 +1,243 @@ +From: Dan Williams +Date: Thu, 21 May 2020 14:06:17 -0700 +Subject: /dev/mem: Revoke mappings when a driver claims the region +Git-commit: 3234ac664a870e6ea69ae3a57d824cd7edbeacc5 +Patch-mainline: 5.8-rc1 +References: git-fixes + +Close the hole of holding a mapping over kernel driver takeover event of +a given address range. + +Commit 90a545e98126 ("restrict /dev/mem to idle io memory ranges") +introduced CONFIG_IO_STRICT_DEVMEM with the goal of protecting the +kernel against scenarios where a /dev/mem user tramples memory that a +kernel driver owns. However, this protection only prevents *new* read(), +write() and mmap() requests. Established mappings prior to the driver +calling request_mem_region() are left alone. + +Especially with persistent memory, and the core kernel metadata that is +stored there, there are plentiful scenarios for a /dev/mem user to +violate the expectations of the driver and cause amplified damage. + +Teach request_mem_region() to find and shoot down active /dev/mem +mappings that it believes it has successfully claimed for the exclusive +use of the driver. Effectively a driver call to request_mem_region() +becomes a hole-punch on the /dev/mem device. + +The typical usage of unmap_mapping_range() is part of +truncate_pagecache() to punch a hole in a file, but in this case the +implementation is only doing the "first half" of a hole punch. Namely it +is just evacuating current established mappings of the "hole", and it +relies on the fact that /dev/mem establishes mappings in terms of +absolute physical address offsets. Once existing mmap users are +invalidated they can attempt to re-establish the mapping, or attempt to +continue issuing read(2) / write(2) to the invalidated extent, but they +will then be subject to the CONFIG_IO_STRICT_DEVMEM checking that can +block those subsequent accesses. + +Cc: Arnd Bergmann +Cc: Ingo Molnar +Cc: Kees Cook +Cc: Matthew Wilcox +Cc: Russell King +Cc: Andrew Morton +Cc: Greg Kroah-Hartman +Fixes: 90a545e98126 ("restrict /dev/mem to idle io memory ranges") +Signed-off-by: Dan Williams +Reviewed-by: Kees Cook +Link: https://lore.kernel.org/r/159009507306.847224.8502634072429766747.stgit@dwillia2-desk3.amr.corp.intel.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Jiri Slaby +--- + drivers/char/mem.c | 98 ++++++++++++++++++++++++++++++++++++++++++++- + include/linux/ioport.h | 5 ++ + include/uapi/linux/magic.h | 1 + kernel/resource.c | 5 ++ + 4 files changed, 107 insertions(+), 2 deletions(-) + +--- a/drivers/char/mem.c ++++ b/drivers/char/mem.c +@@ -30,11 +30,14 @@ + #include + + #include ++#include ++#include + + #ifdef CONFIG_IA64 + # include + #endif + ++#define DEVMEM_MINOR 1 + #define DEVPORT_MINOR 4 + + static inline unsigned long size_inside_page(unsigned long start, +@@ -798,9 +801,58 @@ static loff_t memory_lseek(struct file * + return ret; + } + ++static struct inode *devmem_inode; ++ ++#ifdef CONFIG_IO_STRICT_DEVMEM ++void revoke_devmem(struct resource *res) ++{ ++ struct inode *inode = READ_ONCE(devmem_inode); ++ ++ /* ++ * Check that the initialization has completed. Losing the race ++ * is ok because it means drivers are claiming resources before ++ * the fs_initcall level of init and prevent /dev/mem from ++ * establishing mappings. ++ */ ++ if (!inode) ++ return; ++ ++ /* ++ * The expectation is that the driver has successfully marked ++ * the resource busy by this point, so devmem_is_allowed() ++ * should start returning false, however for performance this ++ * does not iterate the entire resource range. ++ */ ++ if (devmem_is_allowed(PHYS_PFN(res->start)) && ++ devmem_is_allowed(PHYS_PFN(res->end))) { ++ /* ++ * *cringe* iomem=relaxed says "go ahead, what's the ++ * worst that can happen?" ++ */ ++ return; ++ } ++ ++ unmap_mapping_range(inode->i_mapping, res->start, resource_size(res), 1); ++} ++#endif ++ + static int open_port(struct inode *inode, struct file *filp) + { +- return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; ++ if (!capable(CAP_SYS_RAWIO)) ++ return -EPERM; ++ ++ if (iminor(inode) != DEVMEM_MINOR) ++ return 0; ++ ++ /* ++ * Use a unified address space to have a single point to manage ++ * revocations when drivers want to take over a /dev/mem mapped ++ * range. ++ */ ++ inode->i_mapping = devmem_inode->i_mapping; ++ filp->f_mapping = inode->i_mapping; ++ ++ return 0; + } + + #define zero_lseek null_lseek +@@ -875,7 +927,7 @@ static const struct memdev { + fmode_t fmode; + } devlist[] = { + #ifdef CONFIG_DEVMEM +- [1] = { "mem", 0, &mem_fops, FMODE_UNSIGNED_OFFSET }, ++ [DEVMEM_MINOR] = { "mem", 0, &mem_fops, FMODE_UNSIGNED_OFFSET }, + #endif + #ifdef CONFIG_DEVKMEM + [2] = { "kmem", 0, &kmem_fops, FMODE_UNSIGNED_OFFSET }, +@@ -929,6 +981,46 @@ static char *mem_devnode(struct device * + + static struct class *mem_class; + ++static struct dentry *devmem_mount(struct file_system_type *fs_type, ++ int flags, const char *dev_name, void *data) ++{ ++ return mount_pseudo(fs_type, "devmem:", NULL, NULL, DEVMEM_MAGIC); ++} ++ ++static struct file_system_type devmem_fs_type = { ++ .name = "devmem", ++ .owner = THIS_MODULE, ++ .mount = devmem_mount, ++ .kill_sb = kill_anon_super, ++}; ++ ++static int devmem_init_inode(void) ++{ ++ static struct vfsmount *devmem_vfs_mount; ++ static int devmem_fs_cnt; ++ struct inode *inode; ++ int rc; ++ ++ rc = simple_pin_fs(&devmem_fs_type, &devmem_vfs_mount, &devmem_fs_cnt); ++ if (rc < 0) { ++ pr_err("Cannot mount /dev/mem pseudo filesystem: %d\n", rc); ++ return rc; ++ } ++ ++ inode = alloc_anon_inode(devmem_vfs_mount->mnt_sb); ++ if (IS_ERR(inode)) { ++ rc = PTR_ERR(inode); ++ pr_err("Cannot allocate inode for /dev/mem: %d\n", rc); ++ simple_release_fs(&devmem_vfs_mount, &devmem_fs_cnt); ++ return rc; ++ } ++ ++ /* publish /dev/mem initialized */ ++ WRITE_ONCE(devmem_inode, inode); ++ ++ return 0; ++} ++ + static int __init chr_dev_init(void) + { + int minor; +@@ -950,6 +1042,8 @@ static int __init chr_dev_init(void) + */ + if ((minor == DEVPORT_MINOR) && !arch_has_dev_port()) + continue; ++ if ((minor == DEVMEM_MINOR) && devmem_init_inode() != 0) ++ continue; + + device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor), + NULL, devlist[minor].name); +--- a/include/linux/ioport.h ++++ b/include/linux/ioport.h +@@ -285,6 +285,11 @@ static inline bool resource_overlaps(str + return (r1->start <= r2->end && r1->end >= r2->start); + } + ++#ifdef CONFIG_IO_STRICT_DEVMEM ++void revoke_devmem(struct resource *res); ++#else ++static inline void revoke_devmem(struct resource *res) { }; ++#endif + + #endif /* __ASSEMBLY__ */ + #endif /* _LINUX_IOPORT_H */ +--- a/include/uapi/linux/magic.h ++++ b/include/uapi/linux/magic.h +@@ -86,5 +86,6 @@ + #define UDF_SUPER_MAGIC 0x15013346 + #define BALLOON_KVM_MAGIC 0x13661366 + #define ZSMALLOC_MAGIC 0x58295829 ++#define DEVMEM_MAGIC 0x454d444d /* "DMEM" */ + + #endif /* __LINUX_MAGIC_H__ */ +--- a/kernel/resource.c ++++ b/kernel/resource.c +@@ -1145,6 +1145,7 @@ struct resource * __request_region(struc + { + DECLARE_WAITQUEUE(wait, current); + struct resource *res = alloc_resource(GFP_KERNEL); ++ struct resource *orig_parent = parent; + + if (!res) + return NULL; +@@ -1186,6 +1187,10 @@ struct resource * __request_region(struc + break; + } + write_unlock(&resource_lock); ++ ++ if (res && orig_parent == &iomem_resource) ++ revoke_devmem(res); ++ + return res; + } + EXPORT_SYMBOL(__request_region); diff --git a/patches.suse/devinet-fix-memleak-in-inetdev_init.patch b/patches.suse/devinet-fix-memleak-in-inetdev_init.patch new file mode 100644 index 0000000..4e0a361 --- /dev/null +++ b/patches.suse/devinet-fix-memleak-in-inetdev_init.patch @@ -0,0 +1,29 @@ +From: Yang Yingliang +Date: Sat, 30 May 2020 11:34:33 +0800 +Subject: devinet: fix memleak in inetdev_init() +Git-commit: 1b49cd71b52403822731dc9f283185d1da355f97 +Patch-mainline: 5.7 +References: networking-stable-20_06_07 + +When devinet_sysctl_register() failed, the memory allocated +in neigh_parms_alloc() should be freed. + +Fixes: 20e61da7ffcf ("ipv4: fail early when creating netdev named all or default") +Signed-off-by: Yang Yingliang +Acked-by: Cong Wang +Signed-off-by: David S. Miller +Signed-off-by: Jiri Slaby +--- + net/ipv4/devinet.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/ipv4/devinet.c ++++ b/net/ipv4/devinet.c +@@ -262,6 +262,7 @@ static struct in_device *inetdev_init(st + err = devinet_sysctl_register(in_dev); + if (err) { + in_dev->dead = 1; ++ neigh_parms_release(&arp_tbl, in_dev->arp_parms); + in_dev_put(in_dev); + in_dev = NULL; + goto out; diff --git a/patches.suse/i2c-eg20t-Load-module-automatically-if-ID-matches.patch b/patches.suse/i2c-eg20t-Load-module-automatically-if-ID-matches.patch new file mode 100644 index 0000000..976dc2d --- /dev/null +++ b/patches.suse/i2c-eg20t-Load-module-automatically-if-ID-matches.patch @@ -0,0 +1,35 @@ +From 5f90786b31fb7d1e199a8999d46c4e3aea672e11 Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Thu, 2 Jul 2020 13:15:27 +0300 +Subject: [PATCH] i2c: eg20t: Load module automatically if ID matches +Git-commit: 5f90786b31fb7d1e199a8999d46c4e3aea672e11 +Patch-mainline: v5.8-rc4 +References: bsc#1111666 + +The driver can't be loaded automatically because it misses +module alias to be provided. Add corresponding MODULE_DEVICE_TABLE() +call to the driver. + +Signed-off-by: Andy Shevchenko +Signed-off-by: Wolfram Sang +Acked-by: Takashi Iwai + +--- + drivers/i2c/busses/i2c-eg20t.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/i2c/busses/i2c-eg20t.c b/drivers/i2c/busses/i2c-eg20t.c +index bb810dee8fb5..73f139690e4e 100644 +--- a/drivers/i2c/busses/i2c-eg20t.c ++++ b/drivers/i2c/busses/i2c-eg20t.c +@@ -180,6 +180,7 @@ static const struct pci_device_id pch_pcidev_id[] = { + { PCI_VDEVICE(ROHM, PCI_DEVICE_ID_ML7831_I2C), 1, }, + {0,} + }; ++MODULE_DEVICE_TABLE(pci, pch_pcidev_id); + + static irqreturn_t pch_i2c_handler(int irq, void *pData); + +-- +2.16.4 + diff --git a/patches.suse/input-i8042-Remove-special-PowerPC-handling.patch b/patches.suse/input-i8042-Remove-special-PowerPC-handling.patch new file mode 100644 index 0000000..0b8f3a7 --- /dev/null +++ b/patches.suse/input-i8042-Remove-special-PowerPC-handling.patch @@ -0,0 +1,122 @@ +From e4f4ffa8a98c24a4ab482669b1e2b4cfce3f52f4 Mon Sep 17 00:00:00 2001 +From: Nathan Chancellor +Date: Mon, 18 May 2020 11:10:43 -0700 +Subject: [PATCH] input: i8042 - Remove special PowerPC handling +Git-commit: e4f4ffa8a98c24a4ab482669b1e2b4cfce3f52f4 +References: git-fixes +Patch-mainline: v5.8-rc1 + +This causes a build error with CONFIG_WALNUT because kb_cs and kb_data +were removed in commit 917f0af9e5a9 ("powerpc: Remove arch/ppc and +include/asm-ppc"). + +ld.lld: error: undefined symbol: kb_cs +> referenced by i8042-ppcio.h:28 (drivers/input/serio/i8042-ppcio.h:28) +> input/serio/i8042.o:(__i8042_command) in archive drivers/built-in.a +> referenced by i8042-ppcio.h:28 (drivers/input/serio/i8042-ppcio.h:28) +> input/serio/i8042.o:(__i8042_command) in archive drivers/built-in.a +> referenced by i8042-ppcio.h:28 (drivers/input/serio/i8042-ppcio.h:28) +> input/serio/i8042.o:(__i8042_command) in archive drivers/built-in.a + +ld.lld: error: undefined symbol: kb_data +> referenced by i8042.c:309 (drivers/input/serio/i8042.c:309) +> input/serio/i8042.o:(__i8042_command) in archive drivers/built-in.a +> referenced by i8042-ppcio.h:33 (drivers/input/serio/i8042-ppcio.h:33) +> input/serio/i8042.o:(__i8042_command) in archive drivers/built-in.a +> referenced by i8042.c:319 (drivers/input/serio/i8042.c:319) +> input/serio/i8042.o:(__i8042_command) in archive drivers/built-in.a +> referenced 15 more times + +Presumably since nobody has noticed this for the last 12 years, there is +not anyone actually trying to use this driver so we can just remove this +special walnut code and use the generic header so it builds for all +configurations. + +Fixes: 917f0af9e5a9 ("powerpc: Remove arch/ppc and include/asm-ppc") +Reported-by: kbuild test robot +Signed-off-by: Nathan Chancellor +Signed-off-by: Michael Ellerman +Acked-by: Dmitry Torokhov +Link: https://lore.kernel.org/r/20200518181043.3363953-1-natechancellor@gmail.com +Signed-off-by: Oliver Neukum +--- + drivers/input/serio/i8042-ppcio.h | 61 -------------------------------------- + drivers/input/serio/i8042.h | 2 - + 2 files changed, 63 deletions(-) + delete mode 100644 drivers/input/serio/i8042-ppcio.h + +--- a/drivers/input/serio/i8042-ppcio.h ++++ /dev/null +@@ -1,61 +0,0 @@ +-#ifndef _I8042_PPCIO_H +-#define _I8042_PPCIO_H +- +-/* +- * This program is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 as published by +- * the Free Software Foundation. +- */ +- +-#if defined(CONFIG_WALNUT) +- +-#define I8042_KBD_IRQ 25 +-#define I8042_AUX_IRQ 26 +- +-#define I8042_KBD_PHYS_DESC "walnutps2/serio0" +-#define I8042_AUX_PHYS_DESC "walnutps2/serio1" +-#define I8042_MUX_PHYS_DESC "walnutps2/serio%d" +- +-extern void *kb_cs; +-extern void *kb_data; +- +-#define I8042_COMMAND_REG (*(int *)kb_cs) +-#define I8042_DATA_REG (*(int *)kb_data) +- +-static inline int i8042_read_data(void) +-{ +- return readb(kb_data); +-} +- +-static inline int i8042_read_status(void) +-{ +- return readb(kb_cs); +-} +- +-static inline void i8042_write_data(int val) +-{ +- writeb(val, kb_data); +-} +- +-static inline void i8042_write_command(int val) +-{ +- writeb(val, kb_cs); +-} +- +-static inline int i8042_platform_init(void) +-{ +- i8042_reset = I8042_RESET_ALWAYS; +- return 0; +-} +- +-static inline void i8042_platform_exit(void) +-{ +-} +- +-#else +- +-#include "i8042-io.h" +- +-#endif +- +-#endif /* _I8042_PPCIO_H */ +--- a/drivers/input/serio/i8042.h ++++ b/drivers/input/serio/i8042.h +@@ -20,8 +20,6 @@ + #include "i8042-ip22io.h" + #elif defined(CONFIG_SNI_RM) + #include "i8042-snirm.h" +-#elif defined(CONFIG_PPC) +-#include "i8042-ppcio.h" + #elif defined(CONFIG_SPARC) + #include "i8042-sparcio.h" + #elif defined(CONFIG_X86) || defined(CONFIG_IA64) diff --git a/patches.suse/l2tp-add-sk_family-checks-to-l2tp_validate_socket.patch b/patches.suse/l2tp-add-sk_family-checks-to-l2tp_validate_socket.patch new file mode 100644 index 0000000..1262a0b --- /dev/null +++ b/patches.suse/l2tp-add-sk_family-checks-to-l2tp_validate_socket.patch @@ -0,0 +1,136 @@ +From: Eric Dumazet +Date: Fri, 29 May 2020 11:32:25 -0700 +Subject: l2tp: add sk_family checks to l2tp_validate_socket +Git-commit: d9a81a225277686eb629938986d97629ea102633 +Patch-mainline: 5.7 +References: networking-stable-20_06_07 + +syzbot was able to trigger a crash after using an ISDN socket +and fool l2tp. + +Fix this by making sure the UDP socket is of the proper family. + +BUG: KASAN: slab-out-of-bounds in setup_udp_tunnel_sock+0x465/0x540 net/ipv4/udp_tunnel.c:78 +Write of size 1 at addr ffff88808ed0c590 by task syz-executor.5/3018 + +CPU: 0 PID: 3018 Comm: syz-executor.5 Not tainted 5.7.0-rc6-syzkaller #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +Call Trace: + __dump_stack lib/dump_stack.c:77 [inline] + dump_stack+0x188/0x20d lib/dump_stack.c:118 + print_address_description.constprop.0.cold+0xd3/0x413 mm/kasan/report.c:382 + __kasan_report.cold+0x20/0x38 mm/kasan/report.c:511 + kasan_report+0x33/0x50 mm/kasan/common.c:625 + setup_udp_tunnel_sock+0x465/0x540 net/ipv4/udp_tunnel.c:78 + l2tp_tunnel_register+0xb15/0xdd0 net/l2tp/l2tp_core.c:1523 + l2tp_nl_cmd_tunnel_create+0x4b2/0xa60 net/l2tp/l2tp_netlink.c:249 + genl_family_rcv_msg_doit net/netlink/genetlink.c:673 [inline] + genl_family_rcv_msg net/netlink/genetlink.c:718 [inline] + genl_rcv_msg+0x627/0xdf0 net/netlink/genetlink.c:735 + netlink_rcv_skb+0x15a/0x410 net/netlink/af_netlink.c:2469 + genl_rcv+0x24/0x40 net/netlink/genetlink.c:746 + netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] + netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329 + netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918 + sock_sendmsg_nosec net/socket.c:652 [inline] + sock_sendmsg+0xcf/0x120 net/socket.c:672 + ____sys_sendmsg+0x6e6/0x810 net/socket.c:2352 + ___sys_sendmsg+0x100/0x170 net/socket.c:2406 + __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439 + do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 + entry_SYSCALL_64_after_hwframe+0x49/0xb3 +RIP: 0033:0x45ca29 +Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 +RSP: 002b:00007effe76edc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e +RAX: ffffffffffffffda RBX: 00000000004fe1c0 RCX: 000000000045ca29 +RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005 +RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 +R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff +R13: 000000000000094e R14: 00000000004d5d00 R15: 00007effe76ee6d4 + +Allocated by task 3018: + save_stack+0x1b/0x40 mm/kasan/common.c:49 + set_track mm/kasan/common.c:57 [inline] + __kasan_kmalloc mm/kasan/common.c:495 [inline] + __kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:468 + __do_kmalloc mm/slab.c:3656 [inline] + __kmalloc+0x161/0x7a0 mm/slab.c:3665 + kmalloc include/linux/slab.h:560 [inline] + sk_prot_alloc+0x223/0x2f0 net/core/sock.c:1612 + sk_alloc+0x36/0x1100 net/core/sock.c:1666 + data_sock_create drivers/isdn/mISDN/socket.c:600 [inline] + mISDN_sock_create+0x272/0x400 drivers/isdn/mISDN/socket.c:796 + __sock_create+0x3cb/0x730 net/socket.c:1428 + sock_create net/socket.c:1479 [inline] + __sys_socket+0xef/0x200 net/socket.c:1521 + __do_sys_socket net/socket.c:1530 [inline] + __se_sys_socket net/socket.c:1528 [inline] + __x64_sys_socket+0x6f/0xb0 net/socket.c:1528 + do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 + entry_SYSCALL_64_after_hwframe+0x49/0xb3 + +Freed by task 2484: + save_stack+0x1b/0x40 mm/kasan/common.c:49 + set_track mm/kasan/common.c:57 [inline] + kasan_set_free_info mm/kasan/common.c:317 [inline] + __kasan_slab_free+0xf7/0x140 mm/kasan/common.c:456 + __cache_free mm/slab.c:3426 [inline] + kfree+0x109/0x2b0 mm/slab.c:3757 + kvfree+0x42/0x50 mm/util.c:603 + __free_fdtable+0x2d/0x70 fs/file.c:31 + put_files_struct fs/file.c:420 [inline] + put_files_struct+0x248/0x2e0 fs/file.c:413 + exit_files+0x7e/0xa0 fs/file.c:445 + do_exit+0xb04/0x2dd0 kernel/exit.c:791 + do_group_exit+0x125/0x340 kernel/exit.c:894 + get_signal+0x47b/0x24e0 kernel/signal.c:2739 + do_signal+0x81/0x2240 arch/x86/kernel/signal.c:784 + exit_to_usermode_loop+0x26c/0x360 arch/x86/entry/common.c:161 + prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline] + syscall_return_slowpath arch/x86/entry/common.c:279 [inline] + do_syscall_64+0x6b1/0x7d0 arch/x86/entry/common.c:305 + entry_SYSCALL_64_after_hwframe+0x49/0xb3 + +The buggy address belongs to the object at ffff88808ed0c000 + which belongs to the cache kmalloc-2k of size 2048 +The buggy address is located 1424 bytes inside of + 2048-byte region [ffff88808ed0c000, ffff88808ed0c800) +The buggy address belongs to the page: +page:ffffea00023b4300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 +flags: 0xfffe0000000200(slab) +raw: 00fffe0000000200 ffffea0002838208 ffffea00015ba288 ffff8880aa000e00 +raw: 0000000000000000 ffff88808ed0c000 0000000100000001 0000000000000000 +page dumped because: kasan: bad access detected + +Memory state around the buggy address: + ffff88808ed0c480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + ffff88808ed0c500: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc +>ffff88808ed0c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc + ^ + ffff88808ed0c600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc + ffff88808ed0c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc + +Fixes: 6b9f34239b00 ("l2tp: fix races in tunnel creation") +Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts") +Signed-off-by: Eric Dumazet +Cc: James Chapman +Cc: Guillaume Nault +Reported-by: syzbot +Acked-by: Guillaume Nault +Signed-off-by: David S. Miller +Signed-off-by: Jiri Slaby +--- + net/l2tp/l2tp_core.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/l2tp/l2tp_core.c ++++ b/net/l2tp/l2tp_core.c +@@ -1480,6 +1480,8 @@ int l2tp_tunnel_create(struct net *net, + tunnel_id, fd); + goto err; + } ++ if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) ++ goto err; + switch (encap) { + case L2TP_ENCAPTYPE_UDP: + if (sk->sk_protocol != IPPROTO_UDP) { diff --git a/patches.suse/l2tp-do-not-use-inet_hash-inet_unhash.patch b/patches.suse/l2tp-do-not-use-inet_hash-inet_unhash.patch new file mode 100644 index 0000000..41b70aa --- /dev/null +++ b/patches.suse/l2tp-do-not-use-inet_hash-inet_unhash.patch @@ -0,0 +1,199 @@ +From: Eric Dumazet +Date: Fri, 29 May 2020 11:20:53 -0700 +Subject: l2tp: do not use inet_hash()/inet_unhash() +Git-commit: 02c71b144c811bcdd865e0a1226d0407d11357e8 +Patch-mainline: 5.7 +References: networking-stable-20_06_07 + +syzbot recently found a way to crash the kernel [1] + +Issue here is that inet_hash() & inet_unhash() are currently +only meant to be used by TCP & DCCP, since only these protocols +provide the needed hashinfo pointer. + +L2TP uses a single list (instead of a hash table) + +This old bug became an issue after commit 610236587600 +("bpf: Add new cgroup attach type to enable sock modifications") +since after this commit, sk_common_release() can be called +while the L2TP socket is still considered 'hashed'. + +general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN +KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] +CPU: 0 PID: 7063 Comm: syz-executor654 Not tainted 5.7.0-rc6-syzkaller #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +RIP: 0010:inet_unhash+0x11f/0x770 net/ipv4/inet_hashtables.c:600 +Code: 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e dd 04 00 00 48 8d 7d 08 44 8b 73 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 55 05 00 00 48 8d 7d 14 4c 8b 6d 08 48 b8 00 00 +RSP: 0018:ffffc90001777d30 EFLAGS: 00010202 +RAX: dffffc0000000000 RBX: ffff88809a6df940 RCX: ffffffff8697c242 +RDX: 0000000000000001 RSI: ffffffff8697c251 RDI: 0000000000000008 +RBP: 0000000000000000 R08: ffff88809f3ae1c0 R09: fffffbfff1514cc1 +R10: ffffffff8a8a6607 R11: fffffbfff1514cc0 R12: ffff88809a6df9b0 +R13: 0000000000000007 R14: 0000000000000000 R15: ffffffff873a4d00 +FS: 0000000001d2b880(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 00000000006cd090 CR3: 000000009403a000 CR4: 00000000001406f0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +Call Trace: + sk_common_release+0xba/0x370 net/core/sock.c:3210 + inet_create net/ipv4/af_inet.c:390 [inline] + inet_create+0x966/0xe00 net/ipv4/af_inet.c:248 + __sock_create+0x3cb/0x730 net/socket.c:1428 + sock_create net/socket.c:1479 [inline] + __sys_socket+0xef/0x200 net/socket.c:1521 + __do_sys_socket net/socket.c:1530 [inline] + __se_sys_socket net/socket.c:1528 [inline] + __x64_sys_socket+0x6f/0xb0 net/socket.c:1528 + do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 + entry_SYSCALL_64_after_hwframe+0x49/0xb3 +RIP: 0033:0x441e29 +Code: e8 fc b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 +RSP: 002b:00007ffdce184148 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 +RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441e29 +RDX: 0000000000000073 RSI: 0000000000000002 RDI: 0000000000000002 +RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 +R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 +R13: 0000000000402c30 R14: 0000000000000000 R15: 0000000000000000 +Modules linked in: +---[ end trace 23b6578228ce553e ]--- +RIP: 0010:inet_unhash+0x11f/0x770 net/ipv4/inet_hashtables.c:600 +Code: 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e dd 04 00 00 48 8d 7d 08 44 8b 73 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 55 05 00 00 48 8d 7d 14 4c 8b 6d 08 48 b8 00 00 +RSP: 0018:ffffc90001777d30 EFLAGS: 00010202 +RAX: dffffc0000000000 RBX: ffff88809a6df940 RCX: ffffffff8697c242 +RDX: 0000000000000001 RSI: ffffffff8697c251 RDI: 0000000000000008 +RBP: 0000000000000000 R08: ffff88809f3ae1c0 R09: fffffbfff1514cc1 +R10: ffffffff8a8a6607 R11: fffffbfff1514cc0 R12: ffff88809a6df9b0 +R13: 0000000000000007 R14: 0000000000000000 R15: ffffffff873a4d00 +FS: 0000000001d2b880(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 00000000006cd090 CR3: 000000009403a000 CR4: 00000000001406f0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + +Fixes: 0d76751fad77 ("l2tp: Add L2TPv3 IP encapsulation (no UDP) support") +Signed-off-by: Eric Dumazet +Cc: James Chapman +Cc: Andrii Nakryiko +Reported-by: syzbot+3610d489778b57cc8031@syzkaller.appspotmail.com +Signed-off-by: Jiri Slaby +--- + net/l2tp/l2tp_ip.c | 29 ++++++++++++++++++++++------- + net/l2tp/l2tp_ip6.c | 30 ++++++++++++++++++++++-------- + 2 files changed, 44 insertions(+), 15 deletions(-) + +--- a/net/l2tp/l2tp_ip.c ++++ b/net/l2tp/l2tp_ip.c +@@ -24,7 +24,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -213,15 +212,31 @@ discard: + return 0; + } + +-static int l2tp_ip_open(struct sock *sk) ++static int l2tp_ip_hash(struct sock *sk) + { +- /* Prevent autobind. We don't have ports. */ +- inet_sk(sk)->inet_num = IPPROTO_L2TP; ++ if (sk_unhashed(sk)) { ++ write_lock_bh(&l2tp_ip_lock); ++ sk_add_node(sk, &l2tp_ip_table); ++ write_unlock_bh(&l2tp_ip_lock); ++ } ++ return 0; ++} + ++static void l2tp_ip_unhash(struct sock *sk) ++{ ++ if (sk_unhashed(sk)) ++ return; + write_lock_bh(&l2tp_ip_lock); +- sk_add_node(sk, &l2tp_ip_table); ++ sk_del_node_init(sk); + write_unlock_bh(&l2tp_ip_lock); ++} ++ ++static int l2tp_ip_open(struct sock *sk) ++{ ++ /* Prevent autobind. We don't have ports. */ ++ inet_sk(sk)->inet_num = IPPROTO_L2TP; + ++ l2tp_ip_hash(sk); + return 0; + } + +@@ -599,8 +614,8 @@ static struct proto l2tp_ip_prot = { + .sendmsg = l2tp_ip_sendmsg, + .recvmsg = l2tp_ip_recvmsg, + .backlog_rcv = l2tp_ip_backlog_recv, +- .hash = inet_hash, +- .unhash = inet_unhash, ++ .hash = l2tp_ip_hash, ++ .unhash = l2tp_ip_unhash, + .obj_size = sizeof(struct l2tp_ip_sock), + #ifdef CONFIG_COMPAT + .compat_setsockopt = compat_ip_setsockopt, +--- a/net/l2tp/l2tp_ip6.c ++++ b/net/l2tp/l2tp_ip6.c +@@ -24,8 +24,6 @@ + #include + #include + #include +-#include +-#include + #include + #include + #include +@@ -227,15 +225,31 @@ discard: + return 0; + } + +-static int l2tp_ip6_open(struct sock *sk) ++static int l2tp_ip6_hash(struct sock *sk) + { +- /* Prevent autobind. We don't have ports. */ +- inet_sk(sk)->inet_num = IPPROTO_L2TP; ++ if (sk_unhashed(sk)) { ++ write_lock_bh(&l2tp_ip6_lock); ++ sk_add_node(sk, &l2tp_ip6_table); ++ write_unlock_bh(&l2tp_ip6_lock); ++ } ++ return 0; ++} + ++static void l2tp_ip6_unhash(struct sock *sk) ++{ ++ if (sk_unhashed(sk)) ++ return; + write_lock_bh(&l2tp_ip6_lock); +- sk_add_node(sk, &l2tp_ip6_table); ++ sk_del_node_init(sk); + write_unlock_bh(&l2tp_ip6_lock); ++} ++ ++static int l2tp_ip6_open(struct sock *sk) ++{ ++ /* Prevent autobind. We don't have ports. */ ++ inet_sk(sk)->inet_num = IPPROTO_L2TP; + ++ l2tp_ip6_hash(sk); + return 0; + } + +@@ -738,8 +752,8 @@ static struct proto l2tp_ip6_prot = { + .sendmsg = l2tp_ip6_sendmsg, + .recvmsg = l2tp_ip6_recvmsg, + .backlog_rcv = l2tp_ip6_backlog_recv, +- .hash = inet6_hash, +- .unhash = inet_unhash, ++ .hash = l2tp_ip6_hash, ++ .unhash = l2tp_ip6_unhash, + .obj_size = sizeof(struct l2tp_ip6_sock), + #ifdef CONFIG_COMPAT + .compat_setsockopt = compat_ipv6_setsockopt, diff --git a/patches.suse/mdraid-fix-read-write-bytes-accounting.patch b/patches.suse/mdraid-fix-read-write-bytes-accounting.patch index 9bd36e7..4d1d743 100644 --- a/patches.suse/mdraid-fix-read-write-bytes-accounting.patch +++ b/patches.suse/mdraid-fix-read-write-bytes-accounting.patch @@ -43,13 +43,13 @@ Signed-off-by: Jeff Mahoney drivers/md/md-faulty.c | 1 + drivers/md/md-linear.c | 1 + drivers/md/md-multipath.c | 1 + - drivers/md/md.c | 21 +++++++++++++++------ + drivers/md/md.c | 25 +++++++++++++++++++------ drivers/md/md.h | 1 + drivers/md/raid0.c | 1 + drivers/md/raid1.c | 3 +++ drivers/md/raid10.c | 3 +++ drivers/md/raid5.c | 3 +++ - 9 files changed, 29 insertions(+), 6 deletions(-) + 9 files changed, 33 insertions(+), 6 deletions(-) --- a/drivers/md/md-faulty.c +++ b/drivers/md/md-faulty.c @@ -57,7 +57,7 @@ Signed-off-by: Jeff Mahoney } else bio_set_dev(bio, conf->rdev->bdev); -+ md_io_acct(mddev, bio_op(bio), bio_sectors(bio)); ++ md_io_acct(mddev, bio_data_dir(bio), bio_sectors(bio)); generic_make_request(bio); return true; } @@ -67,7 +67,7 @@ Signed-off-by: Jeff Mahoney bio = split; } -+ md_io_acct(mddev, bio_op(bio), bio_sectors(bio)); ++ md_io_acct(mddev, bio_data_dir(bio), bio_sectors(bio)); bio_set_dev(bio, tmp_dev->rdev->bdev); bio->bi_iter.bi_sector = bio->bi_iter.bi_sector - start_sector + data_offset; @@ -77,13 +77,13 @@ Signed-off-by: Jeff Mahoney mp_bh->bio.bi_private = mp_bh; mddev_check_writesame(mddev, &mp_bh->bio); mddev_check_write_zeroes(mddev, &mp_bh->bio); -+ md_io_acct(mddev, bio_op(bio), bio_sectors(bio)); ++ md_io_acct(mddev, bio_data_dir(bio), bio_sectors(bio)); generic_make_request(&mp_bh->bio); return true; } --- a/drivers/md/md.c +++ b/drivers/md/md.c -@@ -377,12 +377,26 @@ check_suspended: +@@ -377,12 +377,30 @@ check_suspended: } EXPORT_SYMBOL(md_handle_request); @@ -94,7 +94,11 @@ Signed-off-by: Jeff Mahoney + */ +void md_io_acct(struct mddev *mddev, int rw, unsigned int sectors) +{ -+ int cpu = part_stat_lock(); ++ int cpu; ++ ++ if (!mddev->gendisk) ++ return; ++ cpu = part_stat_lock(); + part_stat_inc(cpu, &mddev->gendisk->part0, ios[rw]); + part_stat_add(cpu, &mddev->gendisk->part0, sectors[rw], sectors); + part_stat_unlock(); @@ -111,7 +115,7 @@ Signed-off-by: Jeff Mahoney if (unlikely(test_bit(MD_BROKEN, &mddev->flags)) && (rw == WRITE)) { bio_io_error(bio); -@@ -412,11 +426,6 @@ static blk_qc_t md_make_request(struct r +@@ -412,11 +430,6 @@ static blk_qc_t md_make_request(struct r md_handle_request(mddev, bio); @@ -125,7 +129,7 @@ Signed-off-by: Jeff Mahoney --- a/drivers/md/md.h +++ b/drivers/md/md.h -@@ -757,6 +757,7 @@ extern void mddev_suspend(struct mddev * +@@ -745,6 +745,7 @@ extern void mddev_suspend(struct mddev * extern void mddev_resume(struct mddev *mddev); extern struct bio *bio_alloc_mddev(gfp_t gfp_mask, int nr_iovecs, struct mddev *mddev); @@ -139,7 +143,7 @@ Signed-off-by: Jeff Mahoney disk_devt(mddev->gendisk), bio_sector); mddev_check_writesame(mddev, bio); mddev_check_write_zeroes(mddev, bio); -+ md_io_acct(mddev, bio_op(bio), bio_sectors(bio)); ++ md_io_acct(mddev, bio_data_dir(bio), bio_sectors(bio)); generic_make_request(bio); return true; } @@ -149,7 +153,7 @@ Signed-off-by: Jeff Mahoney r1_bio->sectors = max_sectors; } -+ md_io_acct(mddev, bio_op(bio), bio_sectors(bio)); ++ md_io_acct(mddev, bio_data_dir(bio), bio_sectors(bio)); r1_bio->read_disk = rdisk; read_bio = bio_clone_fast(bio, gfp, mddev->bio_set); @@ -157,7 +161,7 @@ Signed-off-by: Jeff Mahoney r1_bio->sectors = max_sectors; } -+ md_io_acct(mddev, bio_op(bio), bio_sectors(bio)); ++ md_io_acct(mddev, bio_data_dir(bio), bio_sectors(bio)); + atomic_set(&r1_bio->remaining, 1); atomic_set(&r1_bio->behind_remaining, 0); @@ -168,7 +172,7 @@ Signed-off-by: Jeff Mahoney } slot = r10_bio->read_slot; -+ md_io_acct(mddev, bio_op(bio), bio_sectors(bio)); ++ md_io_acct(mddev, bio_data_dir(bio), bio_sectors(bio)); + read_bio = bio_clone_fast(bio, gfp, mddev->bio_set); @@ -177,25 +181,25 @@ Signed-off-by: Jeff Mahoney r10_bio->master_bio = bio; } -+ md_io_acct(mddev, bio_op(bio), bio_sectors(bio)); ++ md_io_acct(mddev, bio_data_dir(bio), bio_sectors(bio)); atomic_set(&r10_bio->remaining, 1); md_bitmap_startwrite(mddev->bitmap, r10_bio->sector, r10_bio->sectors, 0); --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -5317,6 +5317,7 @@ static struct bio *chunk_aligned_read(st +@@ -5321,6 +5321,7 @@ static struct bio *chunk_aligned_read(st if (!raid5_read_one_chunk(mddev, raid_bio)) return raid_bio; -+ md_io_acct(mddev, bio_op(raid_bio), bio_sectors(raid_bio)); ++ md_io_acct(mddev, bio_data_dir(raid_bio), bio_sectors(raid_bio)); return NULL; } -@@ -5635,6 +5636,8 @@ static bool raid5_make_request(struct md +@@ -5639,6 +5640,8 @@ static bool raid5_make_request(struct md last_sector = bio_end_sector(bi); bi->bi_next = NULL; -+ md_io_acct(mddev, bio_op(bi), bio_sectors(bi)); ++ md_io_acct(mddev, bio_data_dir(bi), bio_sectors(bi)); + prepare_to_wait(&conf->wait_for_overlap, &w, TASK_UNINTERRUPTIBLE); for (;logical_sector < last_sector; logical_sector += STRIPE_SECTORS) { diff --git a/patches.suse/media-cec-silence-shift-wrapping-warning-in-__cec_s_.patch b/patches.suse/media-cec-silence-shift-wrapping-warning-in-__cec_s_.patch new file mode 100644 index 0000000..303b732 --- /dev/null +++ b/patches.suse/media-cec-silence-shift-wrapping-warning-in-__cec_s_.patch @@ -0,0 +1,56 @@ +From 3b5af3171e2d5a73ae6f04965ed653d039904eb6 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Tue, 5 May 2020 10:25:56 +0200 +Subject: [PATCH] media: cec: silence shift wrapping warning in + __cec_s_log_addrs() +Git-commit: 3b5af3171e2d5a73ae6f04965ed653d039904eb6 +References: git-fixes +Patch-mainline: v5.8-rc1 + +The log_addrs->log_addr_type[i] value is a u8 which is controlled by +the user and comes from the ioctl. If it's over 31 then that results in +undefined behavior (shift wrapping) and that leads to a Smatch static +checker warning. We already cap the value later so we can silence the +warning just by re-ordering the existing checks. + +I think the UBSan checker will also catch this bug at runtime and +generate a warning. But otherwise the bug is harmless. + +Fixes: 9881fe0ca187 ("[media] cec: add HDMI CEC framework (adapter)") +Signed-off-by: Dan Carpenter +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Oliver Neukum +--- + drivers/media/cec/core/cec-adap.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/drivers/media/cec/core/cec-adap.c b/drivers/media/cec/core/cec-adap.c +index 6c95dc471d4c..6a04d19a96b2 100644 +--- a/drivers/media/cec/cec-adap.c ++++ b/drivers/media/cec/cec-adap.c +@@ -1734,6 +1734,10 @@ int __cec_s_log_addrs(struct cec_adapter *adap, + unsigned j; + + log_addrs->log_addr[i] = CEC_LOG_ADDR_INVALID; ++ if (log_addrs->log_addr_type[i] > CEC_LOG_ADDR_TYPE_UNREGISTERED) { ++ dprintk(1, "unknown logical address type\n"); ++ return -EINVAL; ++ } + if (type_mask & (1 << log_addrs->log_addr_type[i])) { + dprintk(1, "duplicate logical address type\n"); + return -EINVAL; +@@ -1754,10 +1758,6 @@ int __cec_s_log_addrs(struct cec_adapter *adap, + dprintk(1, "invalid primary device type\n"); + return -EINVAL; + } +- if (log_addrs->log_addr_type[i] > CEC_LOG_ADDR_TYPE_UNREGISTERED) { +- dprintk(1, "unknown logical address type\n"); +- return -EINVAL; +- } + for (j = 0; j < feature_sz; j++) { + if ((features[j] & 0x80) == 0) { + if (op_is_dev_features) +-- +2.16.4 + diff --git a/patches.suse/mmc-sdhci-do-not-enable-card-detect-interrupt-for-gp.patch b/patches.suse/mmc-sdhci-do-not-enable-card-detect-interrupt-for-gp.patch new file mode 100644 index 0000000..8e7a332 --- /dev/null +++ b/patches.suse/mmc-sdhci-do-not-enable-card-detect-interrupt-for-gp.patch @@ -0,0 +1,42 @@ +From e65bb38824711559844ba932132f417bc5a355e2 Mon Sep 17 00:00:00 2001 +From: Haibo Chen +Date: Wed, 19 Feb 2020 16:22:40 +0800 +Subject: [PATCH] mmc: sdhci: do not enable card detect interrupt for gpio cd type +Git-commit: e65bb38824711559844ba932132f417bc5a355e2 +Patch-mainline: v5.7-rc1 +References: bsc#1111666 + +Except SDHCI_QUIRK_BROKEN_CARD_DETECTION and MMC_CAP_NONREMOVABLE, +we also do not need to handle controller native card detect interrupt +for gpio cd type. +If we wrong enabled the card detect interrupt for gpio case, it will +cause a lot of unexpected card detect interrupts during data transfer +which should not happen. + +Signed-off-by: Haibo Chen +Acked-by: Adrian Hunter +Reviewed-by: Linus Walleij +Link: https://lore.kernel.org/r/1582100563-20555-2-git-send-email-haibo.chen@nxp.com +Signed-off-by: Ulf Hansson +Acked-by: Takashi Iwai + +--- + drivers/mmc/host/sdhci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c +index 9c3745118e49..c59566363a42 100644 +--- a/drivers/mmc/host/sdhci.c ++++ b/drivers/mmc/host/sdhci.c +@@ -153,7 +153,7 @@ static void sdhci_set_card_detection(struct sdhci_host *host, bool enable) + u32 present; + + if ((host->quirks & SDHCI_QUIRK_BROKEN_CARD_DETECTION) || +- !mmc_card_is_removable(host->mmc)) ++ !mmc_card_is_removable(host->mmc) || mmc_can_gpio_cd(host->mmc)) + return; + + if (enable) { +-- +2.16.4 + diff --git a/patches.suse/msft-hv-1989-PCI-hv-Reorganize-the-code-in-preparation-of-hiberna.patch b/patches.suse/msft-hv-1989-PCI-hv-Reorganize-the-code-in-preparation-of-hiberna.patch new file mode 100644 index 0000000..11abc95 --- /dev/null +++ b/patches.suse/msft-hv-1989-PCI-hv-Reorganize-the-code-in-preparation-of-hiberna.patch @@ -0,0 +1,139 @@ +From: Dexuan Cui +Date: Sun, 24 Nov 2019 21:33:51 -0800 +Patch-mainline: v5.5-rc1 +Subject: PCI: hv: Reorganize the code in preparation of hibernation +Git-commit: a8e37506e79a7a08d0ee217f389fa1710e7a2ea4 +References: bsc#1172871, bsc#1172872 + +There is no functional change. This is just preparatory for a later +patch which adds the hibernation support for the pci-hyperv driver. + +Signed-off-by: Dexuan Cui +Signed-off-by: Lorenzo Pieralisi +Reviewed-by: Michael Kelley +Acked-by: Olaf Hering +--- + drivers/pci/host/pci-hyperv.c | 43 ++++++++++++++++++++++++------------- + 1 file changed, 28 insertions(+), 15 deletions(-) + +diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c +--- a/drivers/pci/host/pci-hyperv.c ++++ b/drivers/pci/host/pci-hyperv.c +@@ -2379,7 +2379,9 @@ static void hv_pci_onchannelcallback(void *context) + * failing if the host doesn't support the necessary protocol + * level. + */ +-static int hv_pci_protocol_negotiation(struct hv_device *hdev) ++static int hv_pci_protocol_negotiation(struct hv_device *hdev, ++ enum pci_protocol_version_t version[], ++ int num_version) + { + struct pci_version_request *version_req; + struct hv_pci_compl comp_pkt; +@@ -2403,8 +2405,8 @@ static int hv_pci_protocol_negotiation(struct hv_device *hdev) + version_req = (struct pci_version_request *)&pkt->message; + version_req->message_type.type = PCI_QUERY_PROTOCOL_VERSION; + +- for (i = 0; i < ARRAY_SIZE(pci_protocol_versions); i++) { +- version_req->protocol_version = pci_protocol_versions[i]; ++ for (i = 0; i < num_version; i++) { ++ version_req->protocol_version = version[i]; + ret = vmbus_sendpacket(hdev->channel, version_req, + sizeof(struct pci_version_request), + (unsigned long)pkt, VM_PKT_DATA_INBAND, +@@ -2420,7 +2422,7 @@ static int hv_pci_protocol_negotiation(struct hv_device *hdev) + } + + if (comp_pkt.completion_status >= 0) { +- pci_protocol_version = pci_protocol_versions[i]; ++ pci_protocol_version = version[i]; + dev_info(&hdev->device, + "PCI VMBus probing: Using version %#x\n", + pci_protocol_version); +@@ -2930,7 +2932,8 @@ static int hv_pci_probe(struct hv_device *hdev, + + hv_set_drvdata(hdev, hbus); + +- ret = hv_pci_protocol_negotiation(hdev); ++ ret = hv_pci_protocol_negotiation(hdev, pci_protocol_versions, ++ ARRAY_SIZE(pci_protocol_versions)); + if (ret) + goto close; + +@@ -3011,7 +3014,7 @@ free_bus: + return ret; + } + +-static void hv_pci_bus_exit(struct hv_device *hdev) ++static int hv_pci_bus_exit(struct hv_device *hdev, bool hibernating) + { + struct hv_pcibus_device *hbus = hv_get_drvdata(hdev); + struct { +@@ -3027,16 +3030,20 @@ static void hv_pci_bus_exit(struct hv_device *hdev) + * access the per-channel ringbuffer any longer. + */ + if (hdev->channel->rescind) +- return; ++ return 0; + +- /* Delete any children which might still exist. */ +- memset(&relations, 0, sizeof(relations)); +- hv_pci_devices_present(hbus, &relations); ++ if (!hibernating) { ++ /* Delete any children which might still exist. */ ++ memset(&relations, 0, sizeof(relations)); ++ hv_pci_devices_present(hbus, &relations); ++ } + + ret = hv_send_resources_released(hdev); +- if (ret) ++ if (ret) { + dev_err(&hdev->device, + "Couldn't send resources released packet(s)\n"); ++ return ret; ++ } + + memset(&pkt.teardown_packet, 0, sizeof(pkt.teardown_packet)); + init_completion(&comp_pkt.host_event); +@@ -3049,8 +3056,13 @@ static void hv_pci_bus_exit(struct hv_device *hdev) + (unsigned long)&pkt.teardown_packet, + VM_PKT_DATA_INBAND, + VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED); +- if (!ret) +- wait_for_completion_timeout(&comp_pkt.host_event, 10 * HZ); ++ if (ret) ++ return ret; ++ ++ if (wait_for_completion_timeout(&comp_pkt.host_event, 10 * HZ) == 0) ++ return -ETIMEDOUT; ++ ++ return 0; + } + + /** +@@ -3062,6 +3074,7 @@ static void hv_pci_bus_exit(struct hv_device *hdev) + static int hv_pci_remove(struct hv_device *hdev) + { + struct hv_pcibus_device *hbus; ++ int ret; + + hbus = hv_get_drvdata(hdev); + if (hbus->state == hv_pcibus_installed) { +@@ -3074,7 +3087,7 @@ static int hv_pci_remove(struct hv_device *hdev) + hbus->state = hv_pcibus_removed; + } + +- hv_pci_bus_exit(hdev); ++ ret = hv_pci_bus_exit(hdev, false); + + vmbus_close(hdev->channel); + +@@ -3091,7 +3104,7 @@ static int hv_pci_remove(struct hv_device *hdev) + hv_put_dom_num(hbus->sysdata.domain); + + free_page((unsigned long)hbus); +- return 0; ++ return ret; + } + + static const struct hv_vmbus_device_id hv_pci_id_table[] = { diff --git a/patches.suse/msft-hv-1991-PCI-hv-Change-pci_protocol_version-to-per-hbus.patch b/patches.suse/msft-hv-1991-PCI-hv-Change-pci_protocol_version-to-per-hbus.patch new file mode 100644 index 0000000..db7b245 --- /dev/null +++ b/patches.suse/msft-hv-1991-PCI-hv-Change-pci_protocol_version-to-per-hbus.patch @@ -0,0 +1,103 @@ +From: Dexuan Cui +Date: Sun, 24 Nov 2019 21:33:53 -0800 +Patch-mainline: v5.5-rc1 +Subject: PCI: hv: Change pci_protocol_version to per-hbus +Git-commit: 14ef39fddd2367523de25b87dccfe6422c3f3efa +References: bsc#1172871, bsc#1172872 + +A VM can have multiple Hyper-V hbus. It's incorrect to set the global +variable 'pci_protocol_version' when *every* hbus is initialized in +hv_pci_protocol_negotiation(). This is not an issue in practice since +every hbus should have the same value of hbus->protocol_version, but +we should make the variable per-hbus, so in case we have busses +with different protocol versions, the driver can still work correctly. + +Signed-off-by: Dexuan Cui +Signed-off-by: Lorenzo Pieralisi +Reviewed-by: Michael Kelley +Acked-by: Olaf Hering +--- + drivers/pci/host/pci-hyperv.c | 22 ++++++++++------------ + 1 file changed, 10 insertions(+), 12 deletions(-) + +diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c +--- a/drivers/pci/host/pci-hyperv.c ++++ b/drivers/pci/host/pci-hyperv.c +@@ -76,11 +76,6 @@ static enum pci_protocol_version_t pci_protocol_versions[] = { + PCI_PROTOCOL_VERSION_1_1, + }; + +-/* +- * Protocol version negotiated by hv_pci_protocol_negotiation(). +- */ +-static enum pci_protocol_version_t pci_protocol_version; +- + #define PCI_CONFIG_MMIO_LENGTH 0x2000 + #define CFG_PAGE_OFFSET 0x1000 + #define CFG_PAGE_SIZE (PCI_CONFIG_MMIO_LENGTH - CFG_PAGE_OFFSET) +@@ -462,6 +457,8 @@ enum hv_pcibus_state { + + struct hv_pcibus_device { + struct pci_sysdata sysdata; ++ /* Protocol version negotiated with the host */ ++ enum pci_protocol_version_t protocol_version; + enum hv_pcibus_state state; + refcount_t remove_lock; + struct hv_device *hdev; +@@ -1225,7 +1222,7 @@ static void hv_irq_unmask(struct irq_data *data) + * negative effect (yet?). + */ + +- if (pci_protocol_version >= PCI_PROTOCOL_VERSION_1_2) { ++ if (hbus->protocol_version >= PCI_PROTOCOL_VERSION_1_2) { + /* + * PCI_PROTOCOL_VERSION_1_2 supports the VP_SET version of the + * HVCALL_RETARGET_INTERRUPT hypercall, which also coincides +@@ -1395,7 +1392,7 @@ static void hv_compose_msi_msg(struct irq_data *data, struct msi_msg *msg) + ctxt.pci_pkt.completion_func = hv_pci_compose_compl; + ctxt.pci_pkt.compl_ctxt = ∁ + +- switch (pci_protocol_version) { ++ switch (hbus->protocol_version) { + case PCI_PROTOCOL_VERSION_1_1: + size = hv_compose_msi_req_v1(&ctxt.int_pkts.v1, + dest, +@@ -2415,6 +2412,7 @@ static int hv_pci_protocol_negotiation(struct hv_device *hdev, + enum pci_protocol_version_t version[], + int num_version) + { ++ struct hv_pcibus_device *hbus = hv_get_drvdata(hdev); + struct pci_version_request *version_req; + struct hv_pci_compl comp_pkt; + struct pci_packet *pkt; +@@ -2454,10 +2452,10 @@ static int hv_pci_protocol_negotiation(struct hv_device *hdev, + } + + if (comp_pkt.completion_status >= 0) { +- pci_protocol_version = version[i]; ++ hbus->protocol_version = version[i]; + dev_info(&hdev->device, + "PCI VMBus probing: Using version %#x\n", +- pci_protocol_version); ++ hbus->protocol_version); + goto exit; + } + +@@ -2741,7 +2739,7 @@ static int hv_send_resources_allocated(struct hv_device *hdev) + u32 wslot; + int ret; + +- size_res = (pci_protocol_version < PCI_PROTOCOL_VERSION_1_2) ++ size_res = (hbus->protocol_version < PCI_PROTOCOL_VERSION_1_2) + ? sizeof(*res_assigned) : sizeof(*res_assigned2); + + pkt = kmalloc(sizeof(*pkt) + size_res, GFP_KERNEL); +@@ -2760,7 +2758,7 @@ static int hv_send_resources_allocated(struct hv_device *hdev) + pkt->completion_func = hv_pci_generic_compl; + pkt->compl_ctxt = &comp_pkt; + +- if (pci_protocol_version < PCI_PROTOCOL_VERSION_1_2) { ++ if (hbus->protocol_version < PCI_PROTOCOL_VERSION_1_2) { + res_assigned = + (struct pci_resources_assigned *)&pkt->message; + res_assigned->message_type.type = diff --git a/patches.suse/msft-hv-2032-PCI-hv-Decouple-the-func-definition-in-hv_dr_state-f.patch b/patches.suse/msft-hv-2032-PCI-hv-Decouple-the-func-definition-in-hv_dr_state-f.patch index 61965be..9e1406a 100644 --- a/patches.suse/msft-hv-2032-PCI-hv-Decouple-the-func-definition-in-hv_dr_state-f.patch +++ b/patches.suse/msft-hv-2032-PCI-hv-Decouple-the-func-definition-in-hv_dr_state-f.patch @@ -185,14 +185,14 @@ diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c int ret; @@ -3082,8 +3121,9 @@ static int hv_pci_bus_exit(struct hv_device *hdev, bool hibernating) - return; - /* Delete any children which might still exist. */ -- memset(&relations, 0, sizeof(relations)); -- hv_pci_devices_present(hbus, &relations); -+ dr = kzalloc(sizeof(*dr), GFP_KERNEL); -+ if (dr && hv_pci_start_relations_work(hbus, dr)) -+ kfree(dr); + if (!hibernating) { + /* Delete any children which might still exist. */ +- memset(&relations, 0, sizeof(relations)); +- hv_pci_devices_present(hbus, &relations); ++ dr = kzalloc(sizeof(*dr), GFP_KERNEL); ++ if (dr && hv_pci_start_relations_work(hbus, dr)) ++ kfree(dr); + } ret = hv_send_resources_released(hdev); - if (ret) diff --git a/patches.suse/msft-hv-2035-PCI-hv-Move-hypercall-related-definitions-into-tlfs-.patch b/patches.suse/msft-hv-2035-PCI-hv-Move-hypercall-related-definitions-into-tlfs-.patch new file mode 100644 index 0000000..355d8c4 --- /dev/null +++ b/patches.suse/msft-hv-2035-PCI-hv-Move-hypercall-related-definitions-into-tlfs-.patch @@ -0,0 +1,61 @@ +From: Boqun Feng +Date: Mon, 10 Feb 2020 11:39:51 +0800 +Patch-mainline: v5.7-rc1 +Subject: PCI: hv: Move hypercall related definitions into tlfs header +Git-commit: b00f80fcfaa098f987dde99585e73e8ed7edae51 +References: bsc#1172871, bsc#1172872 + +Currently HVCALL_RETARGET_INTERRUPT and HV_PARTITION_ID_SELF are defined +in pci-hyperv.c. However, similar to other hypercall related +definitions, it makes more sense to put them in the tlfs header file. + +Besides, these definitions are arch-dependent, so for the support of +virtual PCI on non-x86 archs in the future, move them into arch-specific +tlfs header file. + +Signed-off-by: Boqun Feng (Microsoft) +Signed-off-by: Lorenzo Pieralisi +Reviewed-by: Andrew Murray +Reviewed-by: Dexuan Cui +Acked-by: Olaf Hering +--- + arch/x86/include/asm/hyperv-tlfs.h | 3 +++ + drivers/pci/host/pci-hyperv.c | 6 ------ + 2 files changed, 3 insertions(+), 6 deletions(-) + +diff --git a/arch/x86/include/asm/hyperv-tlfs.h b/arch/x86/include/asm/hyperv-tlfs.h +--- a/arch/x86/include/asm/hyperv-tlfs.h ++++ b/arch/x86/include/asm/hyperv-tlfs.h +@@ -376,6 +376,7 @@ struct hv_tsc_emulation_status { + #define HVCALL_SEND_IPI_EX 0x0015 + #define HVCALL_POST_MESSAGE 0x005c + #define HVCALL_SIGNAL_EVENT 0x005d ++#define HVCALL_RETARGET_INTERRUPT 0x007e + #define HVCALL_FLUSH_GUEST_PHYSICAL_ADDRESS_SPACE 0x00af + #define HVCALL_FLUSH_GUEST_PHYSICAL_ADDRESS_LIST 0x00b0 + +@@ -405,6 +406,8 @@ enum HV_GENERIC_SET_FORMAT { + HV_GENERIC_SET_ALL, + }; + ++#define HV_PARTITION_ID_SELF ((u64)-1) ++ + #define HV_HYPERCALL_RESULT_MASK GENMASK_ULL(15, 0) + #define HV_HYPERCALL_FAST_BIT BIT(16) + #define HV_HYPERCALL_VARHEAD_OFFSET 17 +diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c +--- a/drivers/pci/host/pci-hyperv.c ++++ b/drivers/pci/host/pci-hyperv.c +@@ -435,12 +435,6 @@ struct pci_eject_response { + + static int pci_ring_size = (4 * PAGE_SIZE); + +-/* +- * Definitions or interrupt steering hypercall. +- */ +-#define HV_PARTITION_ID_SELF ((u64)-1) +-#define HVCALL_RETARGET_INTERRUPT 0x7e +- + struct hv_interrupt_entry { + u32 source; /* 1 for MSI(-X) */ + u32 reserved1; diff --git a/patches.suse/msft-hv-2036-PCI-hv-Move-retarget-related-structures-into-tlfs-he.patch b/patches.suse/msft-hv-2036-PCI-hv-Move-retarget-related-structures-into-tlfs-he.patch new file mode 100644 index 0000000..94be759 --- /dev/null +++ b/patches.suse/msft-hv-2036-PCI-hv-Move-retarget-related-structures-into-tlfs-he.patch @@ -0,0 +1,130 @@ +From: Boqun Feng +Date: Mon, 10 Feb 2020 11:39:52 +0800 +Patch-mainline: v5.7-rc1 +Subject: PCI: hv: Move retarget related structures into tlfs header +Git-commit: 61bfd920abbf2c8c9c3b10bb335475e707247573 +References: bsc#1172871, bsc#1172872 + +Currently, retarget_msi_interrupt and other structures it relys on are +defined in pci-hyperv.c. However, those structures are actually defined +in Hypervisor Top-Level Functional Specification [1] and may be +different in sizes of fields or layout from architecture to +architecture. Let's move those definitions into x86's tlfs header file +to support virtual PCI on non-x86 architectures in the future. Note that +"__packed" attribute is added to these structures during the movement +for the same reason as we use the attribute for other TLFS structures in +the header file: make sure the structures meet the specification and +avoid anything unexpected from the compilers. + +Additionally, rename struct retarget_msi_interrupt to +hv_retarget_msi_interrupt for the consistent naming convention, also +mirroring the name in TLFS. + +[1]: https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs + +Signed-off-by: Boqun Feng (Microsoft) +Signed-off-by: Lorenzo Pieralisi +Reviewed-by: Dexuan Cui +Acked-by: Olaf Hering +--- + arch/x86/include/asm/hyperv-tlfs.h | 31 +++++++++++++++++++++++++++++++ + drivers/pci/host/pci-hyperv.c | 34 ++-------------------------------- + 2 files changed, 33 insertions(+), 32 deletions(-) + +diff --git a/arch/x86/include/asm/hyperv-tlfs.h b/arch/x86/include/asm/hyperv-tlfs.h +--- a/arch/x86/include/asm/hyperv-tlfs.h ++++ b/arch/x86/include/asm/hyperv-tlfs.h +@@ -912,4 +912,35 @@ struct hv_tlb_flush_ex { + u64 gva_list[]; + } __packed; + ++ ++struct hv_interrupt_entry { ++ u32 source; /* 1 for MSI(-X) */ ++ u32 reserved1; ++ u32 address; ++ u32 data; ++} __packed; ++ ++/* ++ * flags for hv_device_interrupt_target.flags ++ */ ++#define HV_DEVICE_INTERRUPT_TARGET_MULTICAST 1 ++#define HV_DEVICE_INTERRUPT_TARGET_PROCESSOR_SET 2 ++ ++struct hv_device_interrupt_target { ++ u32 vector; ++ u32 flags; ++ union { ++ u64 vp_mask; ++ struct hv_vpset vp_set; ++ }; ++} __packed; ++ ++/* HvRetargetDeviceInterrupt hypercall */ ++struct hv_retarget_device_interrupt { ++ u64 partition_id; /* use "self" */ ++ u64 device_id; ++ struct hv_interrupt_entry int_entry; ++ u64 reserved2; ++ struct hv_device_interrupt_target int_target; ++} __packed __aligned(8); + #endif +diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c +--- a/drivers/pci/host/pci-hyperv.c ++++ b/drivers/pci/host/pci-hyperv.c +@@ -435,36 +435,6 @@ struct pci_eject_response { + + static int pci_ring_size = (4 * PAGE_SIZE); + +-struct hv_interrupt_entry { +- u32 source; /* 1 for MSI(-X) */ +- u32 reserved1; +- u32 address; +- u32 data; +-}; +- +-/* +- * flags for hv_device_interrupt_target.flags +- */ +-#define HV_DEVICE_INTERRUPT_TARGET_MULTICAST 1 +-#define HV_DEVICE_INTERRUPT_TARGET_PROCESSOR_SET 2 +- +-struct hv_device_interrupt_target { +- u32 vector; +- u32 flags; +- union { +- u64 vp_mask; +- struct hv_vpset vp_set; +- }; +-}; +- +-struct retarget_msi_interrupt { +- u64 partition_id; /* use "self" */ +- u64 device_id; +- struct hv_interrupt_entry int_entry; +- u64 reserved2; +- struct hv_device_interrupt_target int_target; +-} __packed __aligned(8); +- + /* + * Driver specific state. + */ +@@ -511,7 +481,7 @@ struct hv_pcibus_device { + struct workqueue_struct *wq; + + /* hypercall arg, must not cross page boundary */ +- struct retarget_msi_interrupt retarget_msi_interrupt_params; ++ struct hv_retarget_device_interrupt retarget_msi_interrupt_params; + + /* + * Don't put anything here: retarget_msi_interrupt_params must be last +@@ -1221,7 +1191,7 @@ static void hv_irq_unmask(struct irq_data *data) + { + struct msi_desc *msi_desc = irq_data_get_msi_desc(data); + struct irq_cfg *cfg = irqd_cfg(data); +- struct retarget_msi_interrupt *params; ++ struct hv_retarget_device_interrupt *params; + struct hv_pcibus_device *hbus; + struct cpumask *dest; + cpumask_var_t tmp; diff --git a/patches.suse/msft-hv-2037-PCI-hv-Introduce-hv_msi_entry.patch b/patches.suse/msft-hv-2037-PCI-hv-Introduce-hv_msi_entry.patch new file mode 100644 index 0000000..3f60772 --- /dev/null +++ b/patches.suse/msft-hv-2037-PCI-hv-Introduce-hv_msi_entry.patch @@ -0,0 +1,87 @@ +From: Boqun Feng +Date: Mon, 10 Feb 2020 11:39:53 +0800 +Patch-mainline: v5.7-rc1 +Subject: PCI: hv: Introduce hv_msi_entry +Git-commit: 1cf106d93245f436c10e73cd3d4b885067d4bbcc +References: bsc#1172871, bsc#1172872 + +Add a new structure (hv_msi_entry), which is also defined in the TLFS, +to describe the msi entry for HVCALL_RETARGET_INTERRUPT. The structure +is needed because its layout may be different from architecture to +architecture. + +Also add a new generic interface hv_set_msi_entry_from_desc() to allow +different archs to set the msi entry from msi_desc. + +No functional change, only preparation for the future support of virtual +PCI on non-x86 architectures. + +Signed-off-by: Boqun Feng (Microsoft) +Signed-off-by: Lorenzo Pieralisi +Reviewed-by: Dexuan Cui +Acked-by: Olaf Hering +--- + arch/x86/include/asm/hyperv-tlfs.h | 11 +++++++++-- + arch/x86/include/asm/mshyperv.h | 8 ++++++++ + drivers/pci/host/pci-hyperv.c | 3 +-- + 3 files changed, 18 insertions(+), 4 deletions(-) + +--- a/arch/x86/include/asm/hyperv-tlfs.h ++++ b/arch/x86/include/asm/hyperv-tlfs.h +@@ -875,11 +875,18 @@ struct hv_tlb_flush_ex { + } __packed; + + ++union hv_msi_entry { ++ u64 as_uint64; ++ struct { ++ u32 address; ++ u32 data; ++ } __packed; ++}; ++ + struct hv_interrupt_entry { + u32 source; /* 1 for MSI(-X) */ + u32 reserved1; +- u32 address; +- u32 data; ++ union hv_msi_entry msi_entry; + } __packed; + + /* +--- a/arch/x86/include/asm/mshyperv.h ++++ b/arch/x86/include/asm/mshyperv.h +@@ -3,6 +3,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -243,6 +244,13 @@ bool hv_vcpu_is_preempted(int vcpu); + static inline void hv_apic_init(void) {} + #endif + ++static inline void hv_set_msi_entry_from_desc(union hv_msi_entry *msi_entry, ++ struct msi_desc *msi_desc) ++{ ++ msi_entry->address = msi_desc->msg.address_lo; ++ msi_entry->data = msi_desc->msg.data; ++} ++ + #else /* CONFIG_HYPERV */ + static inline void hyperv_init(void) {} + static inline void hyperv_setup_mmu_ops(void) {} +--- a/drivers/pci/host/pci-hyperv.c ++++ b/drivers/pci/host/pci-hyperv.c +@@ -938,8 +938,7 @@ static void hv_irq_unmask(struct irq_dat + memset(params, 0, sizeof(*params)); + params->partition_id = HV_PARTITION_ID_SELF; + params->int_entry.source = 1; /* MSI(-X) */ +- params->int_entry.address = msi_desc->msg.address_lo; +- params->int_entry.data = msi_desc->msg.data; ++ hv_set_msi_entry_from_desc(¶ms->int_entry.msi_entry, msi_desc); + params->device_id = (hbus->hdev->dev_instance.b[5] << 24) | + (hbus->hdev->dev_instance.b[4] << 16) | + (hbus->hdev->dev_instance.b[7] << 8) | diff --git a/patches.suse/msft-hv-2073-hv_netvsc-Fix-netvsc_start_xmit-s-return-type.patch b/patches.suse/msft-hv-2073-hv_netvsc-Fix-netvsc_start_xmit-s-return-type.patch new file mode 100644 index 0000000..9d1df4d --- /dev/null +++ b/patches.suse/msft-hv-2073-hv_netvsc-Fix-netvsc_start_xmit-s-return-type.patch @@ -0,0 +1,97 @@ +From: Nathan Chancellor +Date: Tue, 28 Apr 2020 10:54:56 -0700 +Patch-mainline: v5.7-rc5 +Subject: hv_netvsc: Fix netvsc_start_xmit's return type +Git-commit: 7fdc66debebc6a7170a37c8c9b0d9585a9788fb4 +References: git-fixes + +netvsc_start_xmit is used as a callback function for the ndo_start_xmit +function pointer. ndo_start_xmit's return type is netdev_tx_t but +netvsc_start_xmit's return type is int. + +This causes a failure with Control Flow Integrity (CFI), which requires +function pointer prototypes and callback function definitions to match +exactly. When CFI is in enforcing, the kernel panics. When booting a +CFI kernel with WSL 2, the VM is immediately terminated because of this. + +The splat when CONFIG_CFI_PERMISSIVE is used: + +[ 5.916765] CFI failure (target: netvsc_start_xmit+0x0/0x10): +[ 5.916771] WARNING: CPU: 8 PID: 0 at kernel/cfi.c:29 __cfi_check_fail+0x2e/0x40 +[ 5.916772] Modules linked in: +[ 5.916774] CPU: 8 PID: 0 Comm: swapper/8 Not tainted 5.7.0-rc3-next-20200424-microsoft-cbl-00001-ged4eb37d2c69-dirty #1 +[ 5.916776] RIP: 0010:__cfi_check_fail+0x2e/0x40 +[ 5.916777] Code: 48 c7 c7 70 98 63 a9 48 c7 c6 11 db 47 a9 e8 69 55 59 00 85 c0 75 02 5b c3 48 c7 c7 73 c6 43 a9 48 89 de 31 c0 e8 12 2d f0 ff <0f> 0b 5b c3 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 00 85 f6 74 25 +[ 5.916778] RSP: 0018:ffffa803c0260b78 EFLAGS: 00010246 +[ 5.916779] RAX: 712a1af25779e900 RBX: ffffffffa8cf7950 RCX: ffffffffa962cf08 +[ 5.916779] RDX: ffffffffa9c36b60 RSI: 0000000000000082 RDI: ffffffffa9c36b5c +[ 5.916780] RBP: ffff8ffc4779c2c0 R08: 0000000000000001 R09: ffffffffa9c3c300 +[ 5.916781] R10: 0000000000000151 R11: ffffffffa9c36b60 R12: ffff8ffe39084000 +[ 5.916782] R13: ffffffffa8cf7950 R14: ffffffffa8d12cb0 R15: ffff8ffe39320140 +[ 5.916784] FS: 0000000000000000(0000) GS:ffff8ffe3bc00000(0000) knlGS:0000000000000000 +[ 5.916785] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 5.916786] CR2: 00007ffef5749408 CR3: 00000002f4f5e000 CR4: 0000000000340ea0 +[ 5.916787] Call Trace: +[ 5.916788] +[ 5.916790] __cfi_check+0x3ab58/0x450e0 +[ 5.916793] ? dev_hard_start_xmit+0x11f/0x160 +[ 5.916795] ? sch_direct_xmit+0xf2/0x230 +[ 5.916796] ? __dev_queue_xmit.llvm.11471227737707190958+0x69d/0x8e0 +[ 5.916797] ? neigh_resolve_output+0xdf/0x220 +[ 5.916799] ? neigh_connected_output.cfi_jt+0x8/0x8 +[ 5.916801] ? ip6_finish_output2+0x398/0x4c0 +[ 5.916803] ? nf_nat_ipv6_out+0x10/0xa0 +[ 5.916804] ? nf_hook_slow+0x84/0x100 +[ 5.916807] ? ip6_input_finish+0x8/0x8 +[ 5.916807] ? ip6_output+0x6f/0x110 +[ 5.916808] ? __ip6_local_out.cfi_jt+0x8/0x8 +[ 5.916810] ? mld_sendpack+0x28e/0x330 +[ 5.916811] ? ip_rt_bug+0x8/0x8 +[ 5.916813] ? mld_ifc_timer_expire+0x2db/0x400 +[ 5.916814] ? neigh_proxy_process+0x8/0x8 +[ 5.916816] ? call_timer_fn+0x3d/0xd0 +[ 5.916817] ? __run_timers+0x2a9/0x300 +[ 5.916819] ? rcu_core_si+0x8/0x8 +[ 5.916820] ? run_timer_softirq+0x14/0x30 +[ 5.916821] ? __do_softirq+0x154/0x262 +[ 5.916822] ? native_x2apic_icr_write+0x8/0x8 +[ 5.916824] ? irq_exit+0xba/0xc0 +[ 5.916825] ? hv_stimer0_vector_handler+0x99/0xe0 +[ 5.916826] ? hv_stimer0_callback_vector+0xf/0x20 +[ 5.916826] +[ 5.916828] ? hv_stimer_global_cleanup.cfi_jt+0x8/0x8 +[ 5.916829] ? raw_setsockopt+0x8/0x8 +[ 5.916830] ? default_idle+0xe/0x10 +[ 5.916832] ? do_idle.llvm.10446269078108580492+0xb7/0x130 +[ 5.916833] ? raw_setsockopt+0x8/0x8 +[ 5.916833] ? cpu_startup_entry+0x15/0x20 +[ 5.916835] ? cpu_hotplug_enable.cfi_jt+0x8/0x8 +[ 5.916836] ? start_secondary+0x188/0x190 +[ 5.916837] ? secondary_startup_64+0xa5/0xb0 +[ 5.916838] ---[ end trace f2683fa869597ba5 ]--- + +Avoid this by using the right return type for netvsc_start_xmit. + +Fixes: fceaf24a943d8 ("Staging: hv: add the Hyper-V virtual network driver") +Link: https://github.com/ClangBuiltLinux/linux/issues/1009 +Signed-off-by: Nathan Chancellor +Reviewed-by: Haiyang Zhang +Signed-off-by: David S. Miller +Acked-by: Olaf Hering +--- + drivers/net/hyperv/netvsc_drv.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c +--- a/drivers/net/hyperv/netvsc_drv.c ++++ b/drivers/net/hyperv/netvsc_drv.c +@@ -707,7 +707,8 @@ no_memory: + return rc; + } + +-static int netvsc_start_xmit(struct sk_buff *skb, struct net_device *net) ++static netdev_tx_t netvsc_start_xmit(struct sk_buff *skb, ++ struct net_device *net) + { + struct net_device_context *net_device_ctx = netdev_priv(net); + struct hv_netvsc_packet *packet = NULL; diff --git a/patches.suse/msft-hv-2076-PCI-hv-Fix-the-PCI-HyperV-probe-failure-path-to-rele.patch b/patches.suse/msft-hv-2076-PCI-hv-Fix-the-PCI-HyperV-probe-failure-path-to-rele.patch new file mode 100644 index 0000000..6e4c659 --- /dev/null +++ b/patches.suse/msft-hv-2076-PCI-hv-Fix-the-PCI-HyperV-probe-failure-path-to-rele.patch @@ -0,0 +1,110 @@ +From: Wei Hu +Date: Thu, 7 May 2020 13:02:11 +0800 +Patch-mainline: v5.8-rc1 +Subject: PCI: hv: Fix the PCI HyperV probe failure path to release resource properly +Git-commit: 83cc3508ffaa6e2cd364d29418d35fab6f069b51 +References: bsc#1172871, bsc#1172872 + +In some error cases in hv_pci_probe(), allocated resources are not freed. + +Fix this by adding a field to keep track of the high water mark for slots +that have resources allocated to them. In case of an error, this high +water mark is used to know which slots have resources that must be released. +Since slots are numbered starting with zero, a value of -1 indicates no +slots have been allocated resources. There may be unused slots in the range +between slot 0 and the high water mark slot, but these slots are already +ignored by the existing code in the allocate and release loops with the call +to get_pcichild_wslot(). + +Link: https://lore.kernel.org/r/20200507050211.10923-1-weh@microsoft.com +Signed-off-by: Wei Hu +Signed-off-by: Lorenzo Pieralisi +Reviewed-by: Michael Kelley +Acked-by: Olaf Hering +--- + drivers/pci/host/pci-hyperv.c | 20 ++++++++++++++++---- + 1 file changed, 16 insertions(+), 4 deletions(-) + +diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c +--- a/drivers/pci/host/pci-hyperv.c ++++ b/drivers/pci/host/pci-hyperv.c +@@ -480,6 +480,9 @@ struct hv_pcibus_device { + + struct workqueue_struct *wq; + ++ /* Highest slot of child device with resources allocated */ ++ int wslot_res_allocated; ++ + /* hypercall arg, must not cross page boundary */ + struct hv_retarget_device_interrupt retarget_msi_interrupt_params; + +@@ -2847,7 +2850,7 @@ static int hv_send_resources_allocated(struct hv_device *hdev) + struct hv_pci_dev *hpdev; + struct pci_packet *pkt; + size_t size_res; +- u32 wslot; ++ int wslot; + int ret; + + size_res = (hbus->protocol_version < PCI_PROTOCOL_VERSION_1_2) +@@ -2900,6 +2903,8 @@ static int hv_send_resources_allocated(struct hv_device *hdev) + comp_pkt.completion_status); + break; + } ++ ++ hbus->wslot_res_allocated = wslot; + } + + kfree(pkt); +@@ -2918,10 +2923,10 @@ static int hv_send_resources_released(struct hv_device *hdev) + struct hv_pcibus_device *hbus = hv_get_drvdata(hdev); + struct pci_child_message pkt; + struct hv_pci_dev *hpdev; +- u32 wslot; ++ int wslot; + int ret; + +- for (wslot = 0; wslot < 256; wslot++) { ++ for (wslot = hbus->wslot_res_allocated; wslot >= 0; wslot--) { + hpdev = get_pcichild_wslot(hbus, wslot); + if (!hpdev) + continue; +@@ -2936,8 +2941,12 @@ static int hv_send_resources_released(struct hv_device *hdev) + VM_PKT_DATA_INBAND, 0); + if (ret) + return ret; ++ ++ hbus->wslot_res_allocated = wslot - 1; + } + ++ hbus->wslot_res_allocated = -1; ++ + return 0; + } + +@@ -3037,6 +3046,7 @@ static int hv_pci_probe(struct hv_device *hdev, + if (!hbus) + return -ENOMEM; + hbus->state = hv_pcibus_init; ++ hbus->wslot_res_allocated = -1; + + /* + * The PCI bus "domain" is what is called "segment" in ACPI and other +@@ -3136,7 +3146,7 @@ static int hv_pci_probe(struct hv_device *hdev, + + ret = hv_pci_allocate_bridge_windows(hbus); + if (ret) +- goto free_irq_domain; ++ goto exit_d0; + + ret = hv_send_resources_allocated(hdev); + if (ret) +@@ -3154,6 +3164,8 @@ static int hv_pci_probe(struct hv_device *hdev, + + free_windows: + hv_pci_free_bridge_windows(hbus); ++exit_d0: ++ (void) hv_pci_bus_exit(hdev, true); + free_irq_domain: + irq_domain_remove(hbus->irq_domain); + free_fwnode: diff --git a/patches.suse/msft-hv-2077-PCI-hv-Retry-PCI-bus-D0-entry-on-invalid-device-stat.patch b/patches.suse/msft-hv-2077-PCI-hv-Retry-PCI-bus-D0-entry-on-invalid-device-stat.patch new file mode 100644 index 0000000..ba953a2 --- /dev/null +++ b/patches.suse/msft-hv-2077-PCI-hv-Retry-PCI-bus-D0-entry-on-invalid-device-stat.patch @@ -0,0 +1,106 @@ +From: Wei Hu +Date: Thu, 7 May 2020 13:03:00 +0800 +Patch-mainline: v5.8-rc1 +Subject: PCI: hv: Retry PCI bus D0 entry on invalid device state +Git-commit: c81992e7f4aa19a055dbff5bd6c6d5ff9408f2fb +References: bsc#1172871, bsc#1172872 + +When kdump is triggered, some PCI devices may have not been shut down +cleanly before the kdump kernel starts. + +This causes the initial attempt to enter D0 state in the kdump kernel to +fail with invalid device state returned from Hyper-V host. + +When this happens, explicitly call hv_pci_bus_exit() and retry to enter +the D0 state. + +Link: https://lore.kernel.org/r/20200507050300.10974-1-weh@microsoft.com +Signed-off-by: Wei Hu +[lorenzo.pieralisi@arm.com: commit log] +Signed-off-by: Lorenzo Pieralisi +Reviewed-by: Michael Kelley +Acked-by: Olaf Hering +--- + drivers/pci/host/pci-hyperv.c | 40 +++++++++++++++++++++++++++++++++++-- + 1 file changed, 38 insertions(+), 2 deletions(-) + +diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c +--- a/drivers/pci/host/pci-hyperv.c ++++ b/drivers/pci/host/pci-hyperv.c +@@ -2739,6 +2739,8 @@ static void hv_free_config_window(struct hv_pcibus_device *hbus) + vmbus_free_mmio(hbus->mem_config->start, PCI_CONFIG_MMIO_LENGTH); + } + ++static int hv_pci_bus_exit(struct hv_device *hdev, bool keep_devs); ++ + /** + * hv_pci_enter_d0() - Bring the "bus" into the D0 power state + * @hdev: VMBus's tracking struct for this root PCI bus +@@ -2751,8 +2753,10 @@ static int hv_pci_enter_d0(struct hv_device *hdev) + struct pci_bus_d0_entry *d0_entry; + struct hv_pci_compl comp_pkt; + struct pci_packet *pkt; ++ bool retry = true; + int ret; + ++enter_d0_retry: + /* + * Tell the host that the bus is ready to use, and moved into the + * powered-on state. This includes telling the host which region +@@ -2779,6 +2783,38 @@ static int hv_pci_enter_d0(struct hv_device *hdev) + if (ret) + goto exit; + ++ /* ++ * In certain case (Kdump) the pci device of interest was ++ * not cleanly shut down and resource is still held on host ++ * side, the host could return invalid device status. ++ * We need to explicitly request host to release the resource ++ * and try to enter D0 again. ++ */ ++ if (comp_pkt.completion_status < 0 && retry) { ++ retry = false; ++ ++ dev_err(&hdev->device, "Retrying D0 Entry\n"); ++ ++ /* ++ * Hv_pci_bus_exit() calls hv_send_resource_released() ++ * to free up resources of its child devices. ++ * In the kdump kernel we need to set the ++ * wslot_res_allocated to 255 so it scans all child ++ * devices to release resources allocated in the ++ * normal kernel before panic happened. ++ */ ++ hbus->wslot_res_allocated = 255; ++ ++ ret = hv_pci_bus_exit(hdev, true); ++ ++ if (ret == 0) { ++ kfree(pkt); ++ goto enter_d0_retry; ++ } ++ dev_err(&hdev->device, ++ "Retrying D0 failed with ret %d\n", ret); ++ } ++ + if (comp_pkt.completion_status < 0) { + dev_err(&hdev->device, + "PCI Pass-through VSP failed D0 Entry with status %x\n", +@@ -3185,7 +3221,7 @@ free_bus: + return ret; + } + +-static int hv_pci_bus_exit(struct hv_device *hdev, bool hibernating) ++static int hv_pci_bus_exit(struct hv_device *hdev, bool keep_devs) + { + struct hv_pcibus_device *hbus = hv_get_drvdata(hdev); + struct { +@@ -3203,7 +3239,7 @@ static int hv_pci_bus_exit(struct hv_device *hdev, bool hibernating) + if (hdev->channel->rescind) + return 0; + +- if (!hibernating) { ++ if (!keep_devs) { + /* Delete any children which might still exist. */ + dr = kzalloc(sizeof(*dr), GFP_KERNEL); + if (dr && hv_pci_start_relations_work(hbus, dr)) diff --git a/patches.suse/net-be-more-gentle-about-silly-gso-requests-coming-f.patch b/patches.suse/net-be-more-gentle-about-silly-gso-requests-coming-f.patch new file mode 100644 index 0000000..da63bee --- /dev/null +++ b/patches.suse/net-be-more-gentle-about-silly-gso-requests-coming-f.patch @@ -0,0 +1,67 @@ +From: Eric Dumazet +Date: Thu, 28 May 2020 14:57:47 -0700 +Subject: net: be more gentle about silly gso requests coming from user +Git-commit: 7c6d2ecbda83150b2036a2b36b21381ad4667762 +Patch-mainline: 5.7 +References: networking-stable-20_06_07 + +Recent change in virtio_net_hdr_to_skb() broke some packetdrill tests. + +When --mss=XXX option is set, packetdrill always provide gso_type & gso_size +for its inbound packets, regardless of packet size. + + if (packet->tcp && packet->mss) { + if (packet->ipv4) + gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV4; + else + gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV6; + gso.gso_size = packet->mss; + } + +Since many other programs could do the same, relax virtio_net_hdr_to_skb() +to no longer return an error, but instead ignore gso settings. + +This keeps Willem intent to make sure no malicious packet could +reach gso stack. + +Note that TCP stack has a special logic in tcp_set_skb_tso_segs() +to clear gso_size for small packets. + +Fixes: 6dd912f82680 ("net: check untrusted gso_size at kernel entry") +Signed-off-by: Eric Dumazet +Cc: Willem de Bruijn +Acked-by: Willem de Bruijn +Signed-off-by: David S. Miller +Signed-off-by: Jiri Slaby +--- + include/linux/virtio_net.h | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +--- a/include/linux/virtio_net.h ++++ b/include/linux/virtio_net.h +@@ -108,16 +108,17 @@ retry: + + if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) { + u16 gso_size = __virtio16_to_cpu(little_endian, hdr->gso_size); ++ struct skb_shared_info *shinfo = skb_shinfo(skb); + +- if (skb->len - p_off <= gso_size) +- return -EINVAL; ++ /* Too small packets are not really GSO ones. */ ++ if (skb->len - p_off > gso_size) { ++ shinfo->gso_size = gso_size; ++ shinfo->gso_type = gso_type; + +- skb_shinfo(skb)->gso_size = gso_size; +- skb_shinfo(skb)->gso_type = gso_type; +- +- /* Header must be checked, and gso_segs computed. */ +- skb_shinfo(skb)->gso_type |= SKB_GSO_DODGY; +- skb_shinfo(skb)->gso_segs = 0; ++ /* Header must be checked, and gso_segs computed. */ ++ shinfo->gso_type |= SKB_GSO_DODGY; ++ shinfo->gso_segs = 0; ++ } + } + + return 0; diff --git a/patches.suse/net-check-untrusted-gso_size-at-kernel-entry.patch b/patches.suse/net-check-untrusted-gso_size-at-kernel-entry.patch new file mode 100644 index 0000000..4bb8e9a --- /dev/null +++ b/patches.suse/net-check-untrusted-gso_size-at-kernel-entry.patch @@ -0,0 +1,72 @@ +From: Willem de Bruijn +Date: Mon, 25 May 2020 15:07:40 -0400 +Subject: net: check untrusted gso_size at kernel entry +Git-commit: 6dd912f82680761d8fb6b1bb274a69d4c7010988 +Patch-mainline: 5.7 +References: networking-stable-20_06_07 + +Syzkaller again found a path to a kernel crash through bad gso input: +a packet with gso size exceeding len. + +These packets are dropped in tcp_gso_segment and udp[46]_ufo_fragment. +But they may affect gso size calculations earlier in the path. + +Now that we have thlen as of commit 9274124f023b ("net: stricter +validation of untrusted gso packets"), check gso_size at entry too. + +Fixes: bfd5f4a3d605 ("packet: Add GSO/csum offload support.") +Reported-by: syzbot +Signed-off-by: Willem de Bruijn +Signed-off-by: David S. Miller +Signed-off-by: Jiri Slaby +--- + include/linux/virtio_net.h | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +--- a/include/linux/virtio_net.h ++++ b/include/linux/virtio_net.h +@@ -30,6 +30,7 @@ static inline int virtio_net_hdr_to_skb( + { + unsigned int gso_type = 0; + unsigned int thlen = 0; ++ unsigned int p_off = 0; + unsigned int ip_proto; + + if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) { +@@ -67,7 +68,8 @@ static inline int virtio_net_hdr_to_skb( + if (!skb_partial_csum_set(skb, start, off)) + return -EINVAL; + +- if (skb_transport_offset(skb) + thlen > skb_headlen(skb)) ++ p_off = skb_transport_offset(skb) + thlen; ++ if (p_off > skb_headlen(skb)) + return -EINVAL; + } else { + /* gso packets without NEEDS_CSUM do not set transport_offset. +@@ -91,17 +93,25 @@ retry: + return -EINVAL; + } + +- if (keys.control.thoff + thlen > skb_headlen(skb) || ++ p_off = keys.control.thoff + thlen; ++ if (p_off > skb_headlen(skb) || + keys.basic.ip_proto != ip_proto) + return -EINVAL; + + skb_set_transport_header(skb, keys.control.thoff); ++ } else if (gso_type) { ++ p_off = thlen; ++ if (p_off > skb_headlen(skb)) ++ return -EINVAL; + } + } + + if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) { + u16 gso_size = __virtio16_to_cpu(little_endian, hdr->gso_size); + ++ if (skb->len - p_off <= gso_size) ++ return -EINVAL; ++ + skb_shinfo(skb)->gso_size = gso_size; + skb_shinfo(skb)->gso_type = gso_type; + diff --git a/patches.suse/net-dsa-bcm_sf2-Fix-node-reference-count.patch b/patches.suse/net-dsa-bcm_sf2-Fix-node-reference-count.patch new file mode 100644 index 0000000..75c2a3f --- /dev/null +++ b/patches.suse/net-dsa-bcm_sf2-Fix-node-reference-count.patch @@ -0,0 +1,70 @@ +From: Florian Fainelli +Date: Wed, 17 Jun 2020 20:42:44 -0700 +Subject: net: dsa: bcm_sf2: Fix node reference count +Git-commit: 8dbe4c5d5e40fe140221024f7b16bec9f310bf70 +Patch-mainline: 5.8-rc3 +References: git-fixes + +of_find_node_by_name() will do an of_node_put() on the "from" argument. +With CONFIG_OF_DYNAMIC enabled which checks for device_node reference +counts, we would be getting a warning like this: + +[ 6.347230] refcount_t: increment on 0; use-after-free. +[ 6.352498] WARNING: CPU: 3 PID: 77 at lib/refcount.c:156 +refcount_inc_checked+0x38/0x44 +[ 6.360601] Modules linked in: +[ 6.363661] CPU: 3 PID: 77 Comm: kworker/3:1 Tainted: G W +5.4.46-gb78b3e9956e6 #13 +[ 6.372546] Hardware name: BCM97278SV (DT) +[ 6.376649] Workqueue: events deferred_probe_work_func +[ 6.381796] pstate: 60000005 (nZCv daif -PAN -UAO) +[ 6.386595] pc : refcount_inc_checked+0x38/0x44 +[ 6.391133] lr : refcount_inc_checked+0x38/0x44 +... +[ 6.478791] Call trace: +[ 6.481243] refcount_inc_checked+0x38/0x44 +[ 6.485433] kobject_get+0x3c/0x4c +[ 6.488840] of_node_get+0x24/0x34 +[ 6.492247] of_irq_find_parent+0x3c/0xe0 +[ 6.496263] of_irq_parse_one+0xe4/0x1d0 +[ 6.500191] irq_of_parse_and_map+0x44/0x84 +[ 6.504381] bcm_sf2_sw_probe+0x22c/0x844 +[ 6.508397] platform_drv_probe+0x58/0xa8 +[ 6.512413] really_probe+0x238/0x3fc +[ 6.516081] driver_probe_device+0x11c/0x12c +[ 6.520358] __device_attach_driver+0xa8/0x100 +[ 6.524808] bus_for_each_drv+0xb4/0xd0 +[ 6.528650] __device_attach+0xd0/0x164 +[ 6.532493] device_initial_probe+0x24/0x30 +[ 6.536682] bus_probe_device+0x38/0x98 +[ 6.540524] deferred_probe_work_func+0xa8/0xd4 +[ 6.545061] process_one_work+0x178/0x288 +[ 6.549078] process_scheduled_works+0x44/0x48 +[ 6.553529] worker_thread+0x218/0x270 +[ 6.557285] kthread+0xdc/0xe4 +[ 6.560344] ret_from_fork+0x10/0x18 +[ 6.563925] ---[ end trace 68f65caf69bb152a ]--- + +Fix this by adding a of_node_get() to increment the reference count +prior to the call. + +Fixes: afa3b592953b ("net: dsa: bcm_sf2: Ensure correct sub-node is parsed") +Signed-off-by: Florian Fainelli +Reviewed-by: Andrew Lunn +Signed-off-by: David S. Miller +Signed-off-by: Jiri Slaby +--- + drivers/net/dsa/bcm_sf2.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/net/dsa/bcm_sf2.c ++++ b/drivers/net/dsa/bcm_sf2.c +@@ -1180,6 +1180,8 @@ static int bcm_sf2_sw_probe(struct platf + */ + set_bit(0, priv->cfp.used); + ++ /* Balance of_node_put() done by of_find_node_by_name() */ ++ of_node_get(dn); + ports = of_find_node_by_name(dn, "ports"); + if (ports) { + bcm_sf2_identify_ports(priv, ports); diff --git a/patches.suse/net-mlx5-Fix-crash-upon-suspend-resume.patch b/patches.suse/net-mlx5-Fix-crash-upon-suspend-resume.patch new file mode 100644 index 0000000..68f757c --- /dev/null +++ b/patches.suse/net-mlx5-Fix-crash-upon-suspend-resume.patch @@ -0,0 +1,60 @@ +From: Mark Bloch +Date: Wed, 20 May 2020 17:32:08 +0000 +Subject: net/mlx5: Fix crash upon suspend/resume +Git-commit: 8fc3e29be9248048f449793502c15af329f35c6e +Patch-mainline: 5.7 +References: networking-stable-20_06_07 + +Currently a Linux system with the mlx5 NIC always crashes upon +hibernation - suspend/resume. + +Add basic callbacks so the NIC could be suspended and resumed. + +[js] the functions need priv as 2nd parameter, pass it. + +Fixes: 9603b61de1ee ("mlx5: Move pci device handling from mlx5_ib to mlx5_core") +Tested-by: Dexuan Cui +Signed-off-by: Mark Bloch +Reviewed-by: Moshe Shemesh +Signed-off-by: Saeed Mahameed +Signed-off-by: Jiri Slaby +--- + drivers/net/ethernet/mellanox/mlx5/core/main.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +--- a/drivers/net/ethernet/mellanox/mlx5/core/main.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c +@@ -1634,6 +1634,24 @@ static void shutdown(struct pci_dev *pde + mlx5_pci_disable_device(dev); + } + ++static int mlx5_suspend(struct pci_dev *pdev, pm_message_t state) ++{ ++ struct mlx5_core_dev *dev = pci_get_drvdata(pdev); ++ struct mlx5_priv *priv = &dev->priv; ++ ++ mlx5_unload_one(dev, priv, false); ++ ++ return 0; ++} ++ ++static int mlx5_resume(struct pci_dev *pdev) ++{ ++ struct mlx5_core_dev *dev = pci_get_drvdata(pdev); ++ struct mlx5_priv *priv = &dev->priv; ++ ++ return mlx5_load_one(dev, priv, false); ++} ++ + static const struct pci_device_id mlx5_core_pci_table[] = { + { PCI_VDEVICE(MELLANOX, PCI_DEVICE_ID_MELLANOX_CONNECTIB) }, + { PCI_VDEVICE(MELLANOX, 0x1012), MLX5_PCI_DEV_IS_VF}, /* Connect-IB VF */ +@@ -1676,6 +1694,8 @@ static struct pci_driver mlx5_core_drive + .id_table = mlx5_core_pci_table, + .probe = init_one, + .remove = remove_one, ++ .suspend = mlx5_suspend, ++ .resume = mlx5_resume, + .shutdown = shutdown, + .err_handler = &mlx5_err_handler, + .sriov_configure = mlx5_core_sriov_configure, diff --git a/patches.suse/net-usb-qmi_wwan-add-Telit-0x1050-composition.patch b/patches.suse/net-usb-qmi_wwan-add-Telit-0x1050-composition.patch new file mode 100644 index 0000000..e21ac65 --- /dev/null +++ b/patches.suse/net-usb-qmi_wwan-add-Telit-0x1050-composition.patch @@ -0,0 +1,32 @@ +From: Daniele Palmas +Date: Wed, 9 Oct 2019 11:07:18 +0200 +Subject: net: usb: qmi_wwan: add Telit 0x1050 composition +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: e0ae2c578d3909e60e9448207f5d83f785f1129f +Patch-mainline: 5.4-rc4 +References: networking-stable-20_06_07 + +This patch adds support for Telit FN980 0x1050 composition + +0x1050: tty, adb, rmnet, tty, tty, tty, tty + +Signed-off-by: Daniele Palmas +Acked-by: Bjørn Mork +Signed-off-by: Jakub Kicinski +Signed-off-by: Jiri Slaby +--- + drivers/net/usb/qmi_wwan.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/usb/qmi_wwan.c ++++ b/drivers/net/usb/qmi_wwan.c +@@ -1318,6 +1318,7 @@ static const struct usb_device_id produc + {QMI_FIXED_INTF(0x2357, 0x0201, 4)}, /* TP-LINK HSUPA Modem MA180 */ + {QMI_FIXED_INTF(0x2357, 0x9000, 4)}, /* TP-LINK MA260 */ + {QMI_QUIRK_SET_DTR(0x1bc7, 0x1040, 2)}, /* Telit LE922A */ ++ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1050, 2)}, /* Telit FN980 */ + {QMI_FIXED_INTF(0x1bc7, 0x1100, 3)}, /* Telit ME910 */ + {QMI_FIXED_INTF(0x1bc7, 0x1101, 3)}, /* Telit ME910 dual modem */ + {QMI_FIXED_INTF(0x1bc7, 0x1200, 5)}, /* Telit LE920 */ diff --git a/patches.suse/net-usb-qmi_wwan-add-Telit-LE910C1-EUX-composition.patch b/patches.suse/net-usb-qmi_wwan-add-Telit-LE910C1-EUX-composition.patch new file mode 100644 index 0000000..cc79825 --- /dev/null +++ b/patches.suse/net-usb-qmi_wwan-add-Telit-LE910C1-EUX-composition.patch @@ -0,0 +1,31 @@ +From: Daniele Palmas +Date: Mon, 25 May 2020 23:25:37 +0200 +Subject: net: usb: qmi_wwan: add Telit LE910C1-EUX composition +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 591612aa578cd7148b7b9d74869ef40118978389 +Patch-mainline: 5.7 +References: networking-stable-20_06_07 + +Add support for Telit LE910C1-EUX composition + +0x1031: tty, tty, tty, rmnet +Signed-off-by: Daniele Palmas +Acked-by: Bjørn Mork +Signed-off-by: David S. Miller +Signed-off-by: Jiri Slaby +--- + drivers/net/usb/qmi_wwan.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/usb/qmi_wwan.c ++++ b/drivers/net/usb/qmi_wwan.c +@@ -1312,6 +1312,7 @@ static const struct usb_device_id produc + {QMI_FIXED_INTF(0x1bbb, 0x0203, 2)}, /* Alcatel L800MA */ + {QMI_FIXED_INTF(0x2357, 0x0201, 4)}, /* TP-LINK HSUPA Modem MA180 */ + {QMI_FIXED_INTF(0x2357, 0x9000, 4)}, /* TP-LINK MA260 */ ++ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1031, 3)}, /* Telit LE910C1-EUX */ + {QMI_QUIRK_SET_DTR(0x1bc7, 0x1040, 2)}, /* Telit LE922A */ + {QMI_QUIRK_SET_DTR(0x1bc7, 0x1050, 2)}, /* Telit FN980 */ + {QMI_FIXED_INTF(0x1bc7, 0x1100, 3)}, /* Telit ME910 */ diff --git a/patches.suse/rtnetlink-Fix-memory-net_device-leak-when-newlink-fa.patch b/patches.suse/rtnetlink-Fix-memory-net_device-leak-when-newlink-fa.patch new file mode 100644 index 0000000..128d1ed --- /dev/null +++ b/patches.suse/rtnetlink-Fix-memory-net_device-leak-when-newlink-fa.patch @@ -0,0 +1,61 @@ +From: Weilong Chen +Date: Wed, 15 Jul 2020 20:58:10 +0800 +Subject: rtnetlink: Fix memory(net_device) leak when ->newlink fails +Git-commit: cebb69754f37d68e1355a5e726fdac317bcda302 +Patch-mainline: 5.8-rc7 +References: git-fixes + +When vlan_newlink call register_vlan_dev fails, it might return error +with dev->reg_state = NETREG_UNREGISTERED. The rtnl_newlink should +free the memory. But currently rtnl_newlink only free the memory which +state is NETREG_UNINITIALIZED. + +BUG: memory leak +unreferenced object 0xffff8881051de000 (size 4096): + comm "syz-executor139", pid 560, jiffies 4294745346 (age 32.445s) + hex dump (first 32 bytes): + 76 6c 61 6e 32 00 00 00 00 00 00 00 00 00 00 00 vlan2........... + 00 45 28 03 81 88 ff ff 00 00 00 00 00 00 00 00 .E(............. + backtrace: + [<0000000047527e31>] kmalloc_node include/linux/slab.h:578 [inline] + [<0000000047527e31>] kvmalloc_node+0x33/0xd0 mm/util.c:574 + [<000000002b59e3bc>] kvmalloc include/linux/mm.h:753 [inline] + [<000000002b59e3bc>] kvzalloc include/linux/mm.h:761 [inline] + [<000000002b59e3bc>] alloc_netdev_mqs+0x83/0xd90 net/core/dev.c:9929 + [<000000006076752a>] rtnl_create_link+0x2c0/0xa20 net/core/rtnetlink.c:3067 + [<00000000572b3be5>] __rtnl_newlink+0xc9c/0x1330 net/core/rtnetlink.c:3329 + [<00000000e84ea553>] rtnl_newlink+0x66/0x90 net/core/rtnetlink.c:3397 + [<0000000052c7c0a9>] rtnetlink_rcv_msg+0x540/0x990 net/core/rtnetlink.c:5460 + [<000000004b5cb379>] netlink_rcv_skb+0x12b/0x3a0 net/netlink/af_netlink.c:2469 + [<00000000c71c20d3>] netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] + [<00000000c71c20d3>] netlink_unicast+0x4c6/0x690 net/netlink/af_netlink.c:1329 + [<00000000cca72fa9>] netlink_sendmsg+0x735/0xcc0 net/netlink/af_netlink.c:1918 + [<000000009221ebf7>] sock_sendmsg_nosec net/socket.c:652 [inline] + [<000000009221ebf7>] sock_sendmsg+0x109/0x140 net/socket.c:672 + [<000000001c30ffe4>] ____sys_sendmsg+0x5f5/0x780 net/socket.c:2352 + [<00000000b71ca6f3>] ___sys_sendmsg+0x11d/0x1a0 net/socket.c:2406 + [<0000000007297384>] __sys_sendmsg+0xeb/0x1b0 net/socket.c:2439 + [<000000000eb29b11>] do_syscall_64+0x56/0xa0 arch/x86/entry/common.c:359 + [<000000006839b4d0>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 + +Fixes: cb626bf566eb ("net-sysfs: Fix reference count leak") +Reported-by: Hulk Robot +Signed-off-by: Weilong Chen +Signed-off-by: David S. Miller +Signed-off-by: Jiri Slaby +--- + net/core/rtnetlink.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/net/core/rtnetlink.c ++++ b/net/core/rtnetlink.c +@@ -2812,7 +2812,8 @@ replay: + */ + if (err < 0) { + /* If device is not registered at all, free it now */ +- if (dev->reg_state == NETREG_UNINITIALIZED) ++ if (dev->reg_state == NETREG_UNINITIALIZED || ++ dev->reg_state == NETREG_UNREGISTERED) + free_netdev(dev); + goto out; + } diff --git a/patches.suse/spi-fix-initial-SPI_SR-value-in-spi-fsl-dspi.patch b/patches.suse/spi-fix-initial-SPI_SR-value-in-spi-fsl-dspi.patch new file mode 100644 index 0000000..eda3d14 --- /dev/null +++ b/patches.suse/spi-fix-initial-SPI_SR-value-in-spi-fsl-dspi.patch @@ -0,0 +1,42 @@ +From aa54c1c9d90e6db75190813907190fadcce1bf45 Mon Sep 17 00:00:00 2001 +From: Angelo Dureghello +Date: Wed, 26 Dec 2018 22:45:06 +0100 +Subject: [PATCH] spi: fix initial SPI_SR value in spi-fsl-dspi +Git-commit: aa54c1c9d90e6db75190813907190fadcce1bf45 +Patch-mainline: v5.1-rc1 +References: bsc#1111666 + +On ColdFire mcf54418, using DSPI_DMA_MODE mode, spi transfers +at first boot stage are not succeding: + +m25p80 spi0.1: unrecognized JEDEC id bytes: 00, 00, 00 + +The reason is the SPI_SR initial value set by the driver, that +is not clearing (not setting to 1) the RF_DF flag. After a tour +on the dspi hw modules that use this driver(Vybrid, ColdFire and +ls1021a) a better init value for SR register has been set. + +Signed-off-by: Angelo Dureghello +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + drivers/spi/spi-fsl-dspi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c +index 5e10dc5c93a5..7b605f95dbef 100644 +--- a/drivers/spi/spi-fsl-dspi.c ++++ b/drivers/spi/spi-fsl-dspi.c +@@ -67,7 +67,7 @@ + #define SPI_SR 0x2c + #define SPI_SR_EOQF 0x10000000 + #define SPI_SR_TCFQF 0x80000000 +-#define SPI_SR_CLEAR 0xdaad0000 ++#define SPI_SR_CLEAR 0x9aaf0000 + + #define SPI_RSER_TFFFE BIT(25) + #define SPI_RSER_TFFFD BIT(24) +-- +2.16.4 + diff --git a/patches.suse/spi-spidev-fix-a-race-between-spidev_release-and-spi.patch b/patches.suse/spi-spidev-fix-a-race-between-spidev_release-and-spi.patch new file mode 100644 index 0000000..b21da0e --- /dev/null +++ b/patches.suse/spi-spidev-fix-a-race-between-spidev_release-and-spi.patch @@ -0,0 +1,62 @@ +From abd42781c3d2155868821f1b947ae45bbc33330d Mon Sep 17 00:00:00 2001 +From: Zhenzhong Duan +Date: Thu, 18 Jun 2020 11:21:24 +0800 +Subject: [PATCH] spi: spidev: fix a race between spidev_release and spidev_remove +Git-commit: abd42781c3d2155868821f1b947ae45bbc33330d +Patch-mainline: v5.8-rc3 +References: bsc#1111666 + +Imagine below scene, spidev is referenced after it's freed. + +spidev_release() spidev_remove() +... + spin_lock_irq(&spidev->spi_lock); + spidev->spi = NULL; + spin_unlock_irq(&spidev->spi_lock); +mutex_lock(&device_list_lock); +dofree = (spidev->spi == NULL); +if (dofree) + kfree(spidev); +mutex_unlock(&device_list_lock); + mutex_lock(&device_list_lock); + list_del(&spidev->device_entry); + device_destroy(spidev_class, spidev->devt); + clear_bit(MINOR(spidev->devt), minors); + if (spidev->users == 0) + kfree(spidev); + mutex_unlock(&device_list_lock); + +Fix it by resetting spidev->spi in device_list_lock's protection. + +Signed-off-by: Zhenzhong Duan +Link: https://lore.kernel.org/r/20200618032125.4650-1-zhenzhong.duan@gmail.com +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + drivers/spi/spidev.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/spi/spidev.c b/drivers/spi/spidev.c +index d753df700e9e..f74ea26c382f 100644 +--- a/drivers/spi/spidev.c ++++ b/drivers/spi/spidev.c +@@ -787,13 +787,13 @@ static int spidev_remove(struct spi_device *spi) + { + struct spidev_data *spidev = spi_get_drvdata(spi); + ++ /* prevent new opens */ ++ mutex_lock(&device_list_lock); + /* make sure ops on existing fds can abort cleanly */ + spin_lock_irq(&spidev->spi_lock); + spidev->spi = NULL; + spin_unlock_irq(&spidev->spi_lock); + +- /* prevent new opens */ +- mutex_lock(&device_list_lock); + list_del(&spidev->device_entry); + device_destroy(spidev_class, spidev->devt); + clear_bit(MINOR(spidev->devt), minors); +-- +2.16.4 + diff --git a/patches.suse/tcp-md5-reject-TCP_MD5SIG-or-TCP_MD5SIG_EXT-on-estab.patch b/patches.suse/tcp-md5-reject-TCP_MD5SIG-or-TCP_MD5SIG_EXT-on-estab.patch deleted file mode 100644 index 505799e..0000000 --- a/patches.suse/tcp-md5-reject-TCP_MD5SIG-or-TCP_MD5SIG_EXT-on-estab.patch +++ /dev/null @@ -1,107 +0,0 @@ -From: Eric Dumazet -Date: Wed, 11 Apr 2018 14:36:28 -0700 -Subject: tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets -Git-commit: 7212303268918b9a203aebeacfdbd83b5e87b20d -Patch-mainline: v4.17-rc2 -References: networking-stable-18_04_26 - -syzbot/KMSAN reported an uninit-value in tcp_parse_options() [1] - -I believe this was caused by a TCP_MD5SIG being set on live -flow. - -This is highly unexpected, since TCP option space is limited. - -For instance, presence of TCP MD5 option automatically disables -TCP TimeStamp option at SYN/SYNACK time, which we can not do -once flow has been established. - -Really, adding/deleting an MD5 key only makes sense on sockets -in CLOSE or LISTEN state. - -[1] -BUG: KMSAN: uninit-value in tcp_parse_options+0xd74/0x1a30 net/ipv4/tcp_input.c:3720 -CPU: 1 PID: 6177 Comm: syzkaller192004 Not tainted 4.16.0+ #83 -Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 -Call Trace: - __dump_stack lib/dump_stack.c:17 [inline] - dump_stack+0x185/0x1d0 lib/dump_stack.c:53 - kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 - __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676 - tcp_parse_options+0xd74/0x1a30 net/ipv4/tcp_input.c:3720 - tcp_fast_parse_options net/ipv4/tcp_input.c:3858 [inline] - tcp_validate_incoming+0x4f1/0x2790 net/ipv4/tcp_input.c:5184 - tcp_rcv_established+0xf60/0x2bb0 net/ipv4/tcp_input.c:5453 - tcp_v4_do_rcv+0x6cd/0xd90 net/ipv4/tcp_ipv4.c:1469 - sk_backlog_rcv include/net/sock.h:908 [inline] - __release_sock+0x2d6/0x680 net/core/sock.c:2271 - release_sock+0x97/0x2a0 net/core/sock.c:2786 - tcp_sendmsg+0xd6/0x100 net/ipv4/tcp.c:1464 - inet_sendmsg+0x48d/0x740 net/ipv4/af_inet.c:764 - sock_sendmsg_nosec net/socket.c:630 [inline] - sock_sendmsg net/socket.c:640 [inline] - SYSC_sendto+0x6c3/0x7e0 net/socket.c:1747 - SyS_sendto+0x8a/0xb0 net/socket.c:1715 - do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 - entry_SYSCALL_64_after_hwframe+0x3d/0xa2 -RIP: 0033:0x448fe9 -RSP: 002b:00007fd472c64d38 EFLAGS: 00000216 ORIG_RAX: 000000000000002c -RAX: ffffffffffffffda RBX: 00000000006e5a30 RCX: 0000000000448fe9 -RDX: 000000000000029f RSI: 0000000020a88f88 RDI: 0000000000000004 -RBP: 00000000006e5a34 R08: 0000000020e68000 R09: 0000000000000010 -R10: 00000000200007fd R11: 0000000000000216 R12: 0000000000000000 -R13: 00007fff074899ef R14: 00007fd472c659c0 R15: 0000000000000009 - -Uninit was created at: - kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline] - kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:188 - kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:314 - kmsan_slab_alloc+0x11/0x20 mm/kmsan/kmsan.c:321 - slab_post_alloc_hook mm/slab.h:445 [inline] - slab_alloc_node mm/slub.c:2737 [inline] - __kmalloc_node_track_caller+0xaed/0x11c0 mm/slub.c:4369 - __kmalloc_reserve net/core/skbuff.c:138 [inline] - __alloc_skb+0x2cf/0x9f0 net/core/skbuff.c:206 - alloc_skb include/linux/skbuff.h:984 [inline] - tcp_send_ack+0x18c/0x910 net/ipv4/tcp_output.c:3624 - __tcp_ack_snd_check net/ipv4/tcp_input.c:5040 [inline] - tcp_ack_snd_check net/ipv4/tcp_input.c:5053 [inline] - tcp_rcv_established+0x2103/0x2bb0 net/ipv4/tcp_input.c:5469 - tcp_v4_do_rcv+0x6cd/0xd90 net/ipv4/tcp_ipv4.c:1469 - sk_backlog_rcv include/net/sock.h:908 [inline] - __release_sock+0x2d6/0x680 net/core/sock.c:2271 - release_sock+0x97/0x2a0 net/core/sock.c:2786 - tcp_sendmsg+0xd6/0x100 net/ipv4/tcp.c:1464 - inet_sendmsg+0x48d/0x740 net/ipv4/af_inet.c:764 - sock_sendmsg_nosec net/socket.c:630 [inline] - sock_sendmsg net/socket.c:640 [inline] - SYSC_sendto+0x6c3/0x7e0 net/socket.c:1747 - SyS_sendto+0x8a/0xb0 net/socket.c:1715 - do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 - entry_SYSCALL_64_after_hwframe+0x3d/0xa2 - -Fixes: cfb6eeb4c860 ("[TCP]: MD5 Signature Option (RFC2385) support.") -Signed-off-by: Eric Dumazet -Reported-by: syzbot -Acked-by: Yuchung Cheng -Signed-off-by: David S. Miller -Signed-off-by: Jiri Slaby ---- - net/ipv4/tcp.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - ---- a/net/ipv4/tcp.c -+++ b/net/ipv4/tcp.c -@@ -2582,8 +2582,10 @@ static int do_tcp_setsockopt(struct sock - - #ifdef CONFIG_TCP_MD5SIG - case TCP_MD5SIG: -- /* Read the IP->Key mappings from userspace */ -- err = tp->af_specific->md5_parse(sk, optval, optlen); -+ if ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN)) -+ err = tp->af_specific->md5_parse(sk, optval, optlen); -+ else -+ err = -EINVAL; - break; - #endif - case TCP_USER_TIMEOUT: diff --git a/patches.suse/tpm_tis-extra-chip-ops-check-on-error-path-in-tpm_ti.patch b/patches.suse/tpm_tis-extra-chip-ops-check-on-error-path-in-tpm_ti.patch new file mode 100644 index 0000000..a7abd6c --- /dev/null +++ b/patches.suse/tpm_tis-extra-chip-ops-check-on-error-path-in-tpm_ti.patch @@ -0,0 +1,42 @@ +From ccf6fb858e17a8f8a914a1c6444d277cfedfeae6 Mon Sep 17 00:00:00 2001 +From: Vasily Averin +Date: Sat, 13 Jun 2020 17:18:33 +0300 +Subject: [PATCH] tpm_tis: extra chip->ops check on error path in tpm_tis_core_init +Git-commit: ccf6fb858e17a8f8a914a1c6444d277cfedfeae6 +Patch-mainline: v5.8-rc4 +References: bsc#1111666 + +Found by smatch: +drivers/char/tpm/tpm_tis_core.c:1088 tpm_tis_core_init() warn: + variable dereferenced before check 'chip->ops' (see line 979) + +'chip->ops' is assigned in the beginning of function +in tpmm_chip_alloc->tpm_chip_alloc +and is used before first possible goto to error path. + +Signed-off-by: Vasily Averin +Reviewed-by: Jerry Snitselaar +Reviewed-by: Jarkko Sakkinen +Signed-off-by: Jarkko Sakkinen +Acked-by: Takashi Iwai + +--- + drivers/char/tpm/tpm_tis_core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c +index 2435216bd10a..65ab1b027949 100644 +--- a/drivers/char/tpm/tpm_tis_core.c ++++ b/drivers/char/tpm/tpm_tis_core.c +@@ -1085,7 +1085,7 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, + + return 0; + out_err: +- if ((chip->ops != NULL) && (chip->ops->clk_enable != NULL)) ++ if (chip->ops->clk_enable != NULL) + chip->ops->clk_enable(chip, false); + + tpm_tis_remove(chip); +-- +2.16.4 + diff --git a/patches.suse/tty-hvc_console-fix-crashes-on-parallel-open-close.patch b/patches.suse/tty-hvc_console-fix-crashes-on-parallel-open-close.patch new file mode 100644 index 0000000..e84ebdd --- /dev/null +++ b/patches.suse/tty-hvc_console-fix-crashes-on-parallel-open-close.patch @@ -0,0 +1,98 @@ +From: Jiri Slaby +Date: Tue, 26 May 2020 16:56:32 +0200 +Subject: tty: hvc_console, fix crashes on parallel open/close +Git-commit: 24eb2377f977fe06d84fca558f891f95bc28a449 +Patch-mainline: 5.8-rc1 +References: git-fixes + +hvc_open sets tty->driver_data to NULL when open fails at some point. +Typically, the failure happens in hp->ops->notifier_add(). If there is +a racing process which tries to open such mangled tty, which was not +closed yet, the process will crash in hvc_open as tty->driver_data is +NULL. + +All this happens because close wants to know whether open failed or not. +But ->open should not NULL this and other tty fields for ->close to be +happy. ->open should call tty_port_set_initialized(true) and close +should check by tty_port_initialized() instead. So do this properly in +this driver. + +So this patch removes these from ->open: +* tty_port_tty_set(&hp->port, NULL). This happens on last close. +* tty->driver_data = NULL. Dtto. +* tty_port_put(&hp->port). This happens in shutdown and until now, this + must have been causing a reference underflow, if I am not missing + something. + +Signed-off-by: Jiri Slaby +Cc: stable +Reported-and-tested-by: Raghavendra +Link: https://lore.kernel.org/r/20200526145632.13879-1-jslaby@suse.cz +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/hvc/hvc_console.c | 23 ++++++++--------------- + 1 file changed, 8 insertions(+), 15 deletions(-) + +--- a/drivers/tty/hvc/hvc_console.c ++++ b/drivers/tty/hvc/hvc_console.c +@@ -361,15 +361,14 @@ static int hvc_open(struct tty_struct *t + * tty fields and return the kref reference. + */ + if (rc) { +- tty_port_tty_set(&hp->port, NULL); +- tty->driver_data = NULL; +- tty_port_put(&hp->port); + printk(KERN_ERR "hvc_open: request_irq failed with rc %d.\n", rc); +- } else ++ } else { + /* We are ready... raise DTR/RTS */ + if (C_BAUD(tty)) + if (hp->ops->dtr_rts) + hp->ops->dtr_rts(hp, 1); ++ tty_port_set_initialized(&hp->port, true); ++ } + + /* Force wakeup of the polling thread */ + hvc_kick(); +@@ -379,22 +378,12 @@ static int hvc_open(struct tty_struct *t + + static void hvc_close(struct tty_struct *tty, struct file * filp) + { +- struct hvc_struct *hp; ++ struct hvc_struct *hp = tty->driver_data; + unsigned long flags; + + if (tty_hung_up_p(filp)) + return; + +- /* +- * No driver_data means that this close was issued after a failed +- * hvc_open by the tty layer's release_dev() function and we can just +- * exit cleanly because the kref reference wasn't made. +- */ +- if (!tty->driver_data) +- return; +- +- hp = tty->driver_data; +- + spin_lock_irqsave(&hp->port.lock, flags); + + if (--hp->port.count == 0) { +@@ -402,6 +391,9 @@ static void hvc_close(struct tty_struct + /* We are done with the tty pointer now. */ + tty_port_tty_set(&hp->port, NULL); + ++ if (!tty_port_initialized(&hp->port)) ++ return; ++ + if (C_HUPCL(tty)) + if (hp->ops->dtr_rts) + hp->ops->dtr_rts(hp, 0); +@@ -418,6 +410,7 @@ static void hvc_close(struct tty_struct + * waking periodically to check chars_in_buffer(). + */ + tty_wait_until_sent(tty, HVC_CLOSE_WAIT); ++ tty_port_set_initialized(&hp->port, false); + } else { + if (hp->port.count < 0) + printk(KERN_ERR "hvc_close %X: oops, count is %d\n", diff --git a/patches.suse/vgacon-fix-out-of-bounds-write-to-the-scrollback-buf.patch b/patches.suse/vgacon-fix-out-of-bounds-write-to-the-scrollback-buf.patch new file mode 100644 index 0000000..9c1c29a --- /dev/null +++ b/patches.suse/vgacon-fix-out-of-bounds-write-to-the-scrollback-buf.patch @@ -0,0 +1,54 @@ +From: Jiri Slaby +Date: Tue, 28 Jul 2020 10:47:06 +0200 +Subject: vgacon: fix out of bounds write to the scrollback buffer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Patch-mainline: submitted 2020/07/28 +References: bsc#1174205 CVE-2020-14331 + +The current vgacon's scroll up implementation uses a circural buffer +in vgacon_scrollback_cur. It always advances tail to prepare it for the +next write and caps it to zero if the next c->vc_size_row bytes won't fit. + +But when we change the VT size (e.g. by VT_RESIZE) in the meantime, the new +line might not fit to the end of the scrollback buffer. This leads to various +crashes as vgacon_scrollback_update writes out of the buffer: + BUG: unable to handle page fault for address: ffffc900001752a0 + #PF: supervisor write access in kernel mode + #PF: error_code(0x0002) - not-present page + RIP: 0010:mutex_unlock+0x13/0x30 +... + Call Trace: + n_tty_write+0x1a0/0x4d0 + tty_write+0x1a0/0x2e0 + +So check whether the line fits in the buffer and wrap if needed. + +Fix CVE-2020-14331. + +Signed-off-by: Jiri Slaby +Reported-and-debugged-by: 张云海 +Fixes: 15bdab959c9b ([PATCH] vgacon: Add support for soft scrollback) +Cc: Linus Torvalds +Cc: Greg KH +Cc: Security Officers +Cc: linux-distros@vs.openwall.org +--- + drivers/video/console/vgacon.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/video/console/vgacon.c ++++ b/drivers/video/console/vgacon.c +@@ -245,6 +245,11 @@ static void vgacon_scrollback_update(str + + p = (void *) (c->vc_origin + t * c->vc_size_row); + ++ /* vc_size_row might have changed by VT_RESIZE in the meantime */ ++ if ((vgacon_scrollback_cur->tail + c->vc_size_row) >= ++ vgacon_scrollback_cur->size) ++ vgacon_scrollback_cur->tail = 0; ++ + while (count--) { + scr_memcpyw(vgacon_scrollback_cur->data + + vgacon_scrollback_cur->tail, diff --git a/patches.suse/virtio-virtio_console-add-missing-MODULE_DEVICE_TABL.patch b/patches.suse/virtio-virtio_console-add-missing-MODULE_DEVICE_TABL.patch new file mode 100644 index 0000000..a8fde0d --- /dev/null +++ b/patches.suse/virtio-virtio_console-add-missing-MODULE_DEVICE_TABL.patch @@ -0,0 +1,50 @@ +From: Alexander Lobakin +Date: Tue, 23 Jun 2020 11:09:33 +0000 +Subject: virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc + serial +Git-commit: 897c44f0bae574c5fb318c759b060bebf9dd6013 +Patch-mainline: 5.8-rc6 +References: git-fixes + +rproc_serial_id_table lacks an exposure to module devicetable, so +when remoteproc firmware requests VIRTIO_ID_RPROC_SERIAL, no uevent +is generated and no module autoloading occurs. +Add missing MODULE_DEVICE_TABLE() annotation and move the existing +one for VIRTIO_ID_CONSOLE right to the table itself. + +Fixes: 1b6370463e88 ("virtio_console: Add support for remoteproc serial") +Cc: # v3.8+ +Signed-off-by: Alexander Lobakin +Reviewed-by: Amit Shah +Link: https://lore.kernel.org/r/x7C_CbeJtoGMy258nwAXASYz3xgFMFpyzmUvOyZzRnQrgWCREBjaqBOpAUS7ol4NnZYvSVwmTsCG0Ohyfvta-ygw6HMHcoeKK0C3QFiAO_Q=@pm.me +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Jiri Slaby +--- + drivers/char/virtio_console.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/char/virtio_console.c ++++ b/drivers/char/virtio_console.c +@@ -2161,6 +2161,7 @@ static struct virtio_device_id id_table[ + { VIRTIO_ID_CONSOLE, VIRTIO_DEV_ANY_ID }, + { 0 }, + }; ++MODULE_DEVICE_TABLE(virtio, id_table); + + static unsigned int features[] = { + VIRTIO_CONSOLE_F_SIZE, +@@ -2173,6 +2174,7 @@ static struct virtio_device_id rproc_ser + #endif + { 0 }, + }; ++MODULE_DEVICE_TABLE(virtio, rproc_serial_id_table); + + static unsigned int rproc_serial_features[] = { + }; +@@ -2325,6 +2327,5 @@ static void __exit fini(void) + module_init(init); + module_exit(fini); + +-MODULE_DEVICE_TABLE(virtio, id_table); + MODULE_DESCRIPTION("Virtio console driver"); + MODULE_LICENSE("GPL"); diff --git a/patches.suse/vsock-fix-timeout-in-vsock_accept.patch b/patches.suse/vsock-fix-timeout-in-vsock_accept.patch new file mode 100644 index 0000000..3589d28 --- /dev/null +++ b/patches.suse/vsock-fix-timeout-in-vsock_accept.patch @@ -0,0 +1,33 @@ +From: Stefano Garzarella +Date: Wed, 27 May 2020 09:56:55 +0200 +Subject: vsock: fix timeout in vsock_accept() +Git-commit: 7e0afbdfd13d1e708fe96e31c46c4897101a6a43 +Patch-mainline: 5.7 +References: networking-stable-20_06_07 + +The accept(2) is an "input" socket interface, so we should use +SO_RCVTIMEO instead of SO_SNDTIMEO to set the timeout. + +So this patch replace sock_sndtimeo() with sock_rcvtimeo() to +use the right timeout in the vsock_accept(). + +Fixes: d021c344051a ("VSOCK: Introduce VM Sockets") +Signed-off-by: Stefano Garzarella +Reviewed-by: Jorgen Hansen +Signed-off-by: David S. Miller +Signed-off-by: Jiri Slaby +--- + net/vmw_vsock/af_vsock.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/vmw_vsock/af_vsock.c ++++ b/net/vmw_vsock/af_vsock.c +@@ -1301,7 +1301,7 @@ static int vsock_accept(struct socket *s + /* Wait for children sockets to appear; these are the new sockets + * created upon connection establishment. + */ +- timeout = sock_sndtimeo(listener, flags & O_NONBLOCK); ++ timeout = sock_rcvtimeo(listener, flags & O_NONBLOCK); + prepare_to_wait(sk_sleep(listener), &wait, TASK_INTERRUPTIBLE); + + while ((connected = vsock_dequeue_accept(listener)) == NULL && diff --git a/scripts/git_sort/git_sort.py b/scripts/git_sort/git_sort.py index 5be6f0f..e55d56b 100755 --- a/scripts/git_sort/git_sort.py +++ b/scripts/git_sort/git_sort.py @@ -252,6 +252,7 @@ remotes = ( Head(RepoURL("efi/efi.git"), "next"), Head(RepoURL("ulfh/mmc.git"), "next"), Head(RepoURL("masahiroy/linux-kbuild.git"), "for-next"), + Head(RepoURL("bluetooth/bluetooth-next.git")), ) diff --git a/series.conf b/series.conf index e49705a..18bfb10 100644 --- a/series.conf +++ b/series.conf @@ -28297,6 +28297,7 @@ patches.suse/0067-crypto-inside-secure-hmac-sha256-support.patch patches.suse/0068-crypto-inside-secure-hmac-sha224-support.patch patches.suse/crypto-chelsio-Remove-declaration-of-static-function.patch + patches.suse/crypto-talitos-fix-IPsec-cipher-in-length.patch patches.suse/crypto-lrw-Free-rctx-ext-with-kzfree patches.suse/0030-crypto-caam-don-t-leak-pointers-to-authenc-keys.patch patches.suse/0031-crypto-caam-qi-don-t-leak-pointers-to-authenc-keys.patch @@ -29777,7 +29778,6 @@ patches.suse/ibmvnic-Define-vnic_login_client_data-name-field-as-.patch patches.suse/net-tls-Remove-VLA-usage.patch patches.suse/lan78xx-PHY-DSP-registers-initialization-to-address- - patches.suse/tcp-md5-reject-TCP_MD5SIG-or-TCP_MD5SIG_EXT-on-estab.patch patches.suse/net-validate-attribute-sizes-in-neigh_dump_table.patch patches.suse/ibmvnic-Handle-all-login-error-conditions.patch patches.suse/ibmvnic-Do-not-notify-peers-on-parameter-change-rese.patch @@ -45909,6 +45909,7 @@ patches.suse/crypto-bcm-convert-to-use-crypto_authenc_extractkeys.patch patches.suse/crypto-caam-fix-zero-length-buffer-DMA-mapping.patch patches.suse/crypto-authencesn-Avoid-twice-completion-call-in-dec.patch + patches.suse/crypto-talitos-reorder-code-in-talitos_edesc_alloc.patch patches.suse/xenclock-0006-xen-Fix-x86-sched_clock-interface-for-xen.patch patches.suse/powerpc-tm-Limit-TM-code-inside-PPC_TRANSACTIONAL_ME.patch patches.suse/PCI-MSI-Return-ENOSPC-from-pci_alloc_irq_vectors_aff.patch @@ -46494,6 +46495,7 @@ patches.suse/regulator-pv88090-Fix-array-out-of-bounds-access.patch patches.suse/regulator-wm831x-dcdc-Fix-list-of-wm831x_dcdc_ilim-f.patch patches.suse/regulator-act8865-Fix-act8600_sudcdc_voltage_ranges-.patch + patches.suse/spi-fix-initial-SPI_SR-value-in-spi-fsl-dspi.patch patches.suse/spi-omap2-mcspi-Fix-DMA-and-FIFO-event-trigger-size-.patch patches.suse/0025-spi-spi-mem-Fix-spi_mem_dirmap_destroy-kerneldoc.patch patches.suse/0026-spi-spi-mem-Fix-a-memory-leak-in-spi_mem_dirmap_dest.patch @@ -50550,6 +50552,10 @@ patches.suse/btrfs-ensure-btrfs_init_dev_replace_tgtdev-sees-up-to-date-values.patch patches.suse/btrfs-extent-tree-add-lockdep-assert-when-updating-space-info.patch patches.suse/btrfs-extent-tree-add-trace-events-for-space-info-numbers-update.patch + patches.suse/btrfs-add-new-helper-btrfs_lock_and_flush_ordered_ra.patch + patches.suse/btrfs-Use-newly-introduced-btrfs_lock_and_flush_orde.patch + patches.suse/btrfs-Always-use-a-cached-extent_state-in-btrfs_lock.patch + patches.suse/btrfs-Return-EAGAIN-if-we-can-t-start-no-snpashot-wr.patch patches.suse/btrfs-fix-data-loss-after-inode-eviction-renaming-it.patch patches.suse/btrfs-qgroup-Don-t-hold-qgroup_ioctl_lock-in-btrfs_q.patch patches.suse/Btrfs-prevent-send-failures-and-crashes-due-to-concu.patch @@ -50748,6 +50754,7 @@ patches.suse/bcache-fix-possible-memory-leak-in-bch_cached_dev_ru.patch patches.suse/nvme-fix-memory-leak-caused-by-incorrect-subsystem-free.patch patches.suse/nvme-fix-multipath-crash-when-ANA-is-deactivated.patch + patches.suse/btrfs-fix-extent_state-leak-in-btrfs_lock_and_flush_.patch patches.suse/arm64-Force-SSBS-on-context-switch.patch patches.suse/ACPI-IORT-Fix-off-by-one-check-in-iort_dev_find_its_.patch patches.suse/drm-msm-stop-abusing-dma_map-unmap-for-cache.patch @@ -51434,6 +51441,7 @@ patches.suse/0003-btrfs-tree-checker-Add-EXTENT_DATA_REF-check.patch patches.suse/0006-btrfs-rename-the-btrfs_calc_-metadata_size-helpers.patch patches.suse/0007-btrfs-only-reserve-metadata_size-for-inodes.patch + patches.suse/btrfs-use-correct-count-in-btrfs_file_write_iter.patch patches.suse/0008-btrfs-do-not-allow-reservations-if-we-have-pending-tickets.patch patches.suse/0009-btrfs-roll-tracepoint-into-btrfs_space_info_update-helper.patch patches.suse/0010-btrfs-add-space-reservation-tracepoint-for-reserved-bytes.patch @@ -51983,6 +51991,7 @@ patches.suse/bonding-fix-potential-NULL-deref-in-bond_update_slav.patch patches.suse/phylink-fix-kernel-doc-warnings.patch patches.suse/act_mirred-Fix-mirred_init_module-error-handling.patch + patches.suse/net-usb-qmi_wwan-add-Telit-0x1050-composition.patch patches.suse/net-smc-fix-smcd-link-group-creation-with-vlan-id.patch patches.suse/iwlwifi-pcie-fix-rb_allocator-workqueue-allocation.patch patches.suse/iwlwifi-dbg_ini-fix-memory-leak-in-alloc_sgtable.patch @@ -52740,6 +52749,8 @@ patches.suse/PCI-Add-DMA-alias-quirk-for-Intel-VCA-NTB.patch patches.suse/PCI-Apply-Cavium-ACS-quirk-to-ThunderX2-and-ThunderX.patch patches.suse/PCI-dwc-Fix-find_next_bit-usage.patch + patches.suse/msft-hv-1989-PCI-hv-Reorganize-the-code-in-preparation-of-hiberna.patch + patches.suse/msft-hv-1991-PCI-hv-Change-pci_protocol_version-to-per-hbus.patch patches.suse/PCI-rcar-Fix-missing-MACCTLR-register-setting-in-ini.patch patches.suse/tty-serial-msm_serial-Fix-flow-control.patch patches.suse/tty-serial-fsl_lpuart-use-the-sg-count-from-dma_map_.patch @@ -53888,6 +53899,8 @@ patches.suse/fbdev-g364fb-Fix-build-failure.patch patches.suse/firmware-arm_sdei-fix-double-lock-on-hibernate-with-.patch patches.suse/firmware-arm_sdei-fix-possible-double-lock-on-hibern.patch + patches.suse/btrfs-add-assertions-for-tree-inode-io_tree-to-exten.patch + patches.suse/btrfs-drop-argument-tree-from-btrfs_lock_and_flush_o.patch patches.suse/0001-btrfs-relocation-add-error-injection-points-for-canc.patch patches.suse/0002-btrfs-relocation-Check-cancel-request-after-each-dat.patch patches.suse/0003-btrfs-relocation-Check-cancel-request-after-each-ext.patch @@ -53920,6 +53933,7 @@ patches.suse/cifs-smbd-Calculate-the-correct-maximum-packet-size-for-segmented-.patch patches.suse/cifs-smbd-Check-and-extend-sender-credits-in-interrupt-context.patch patches.suse/cifs-Allocate-encryption-header-through-kmalloc.patch + patches.suse/mmc-sdhci-do-not-enable-card-detect-interrupt-for-gp.patch patches.suse/vt-selection-introduce-vc_is_sel.patch patches.suse/vt-ioctl-switch-VT_IS_IN_USE-and-VT_BUSY-to-inlines.patch patches.suse/vt-vt_ioctl-fix-VT_DISALLOCATE-freeing-in-use-virtua.patch @@ -54098,6 +54112,9 @@ patches.suse/misc-pci_endpoint_test-Fix-to-support-10-pci-endpoin.patch patches.suse/msft-hv-2032-PCI-hv-Decouple-the-func-definition-in-hv_dr_state-f.patch patches.suse/msft-hv-2033-PCI-hv-Add-support-for-protocol-1.3-and-support-PCI_.patch + patches.suse/msft-hv-2035-PCI-hv-Move-hypercall-related-definitions-into-tlfs-.patch + patches.suse/msft-hv-2036-PCI-hv-Move-retarget-related-structures-into-tlfs-he.patch + patches.suse/msft-hv-2037-PCI-hv-Introduce-hv_msi_entry.patch patches.suse/s390-cpum_cf-add-new-extended-counters-for-ibm-z15 patches.suse/s390-cpuinfo-fix-wrong-output-when-cpu0-is-offline patches.suse/s390-diag-fix-display-of-diagnose-call-statistics @@ -54125,6 +54142,7 @@ patches.suse/powerpc-64-tm-Don-t-let-userspace-set-regs-trap-via-.patch patches.suse/powerpc-vmlinux.lds-Explicitly-retain-.gnu.hash.patch patches.suse/fanotify-fix-merging-marks-masks-with-FAN_ONDIR.patch + patches.suse/ACPI-video-Use-native-backlight-on-Acer-Aspire-5783z.patch patches.suse/ipv6-don-t-auto-add-link-local-address-to-lag-ports.patch patches.suse/cxgb4-fix-MPS-index-overwrite-when-setting-MAC-addre.patch patches.suse/slcan-Don-t-transmit-uninitialized-stack-data-in-pad.patch @@ -54364,6 +54382,7 @@ patches.suse/net-macsec-preserve-ingress-frame-ordering.patch patches.suse/tunnel-Propagate-ECT-1-when-decapsulating-as-recomme.patch patches.suse/mlxsw-spectrum_acl_tcam-Position-vchunk-in-a-vregion.patch + patches.suse/msft-hv-2073-hv_netvsc-Fix-netvsc_start_xmit-s-return-type.patch patches.suse/devlink-fix-return-value-after-hitting-end-in-region.patch patches.suse/net_sched-sch_skbprio-add-message-validation-to-skbp.patch patches.suse/net-usb-qmi_wwan-add-support-for-DW5816e.patch @@ -54492,10 +54511,18 @@ patches.suse/dpaa_eth-fix-usage-as-DSA-master-try-3.patch patches.suse/qlcnic-fix-missing-release-in-qlcnic_83xx_interrupt_.patch patches.suse/mac80211-mesh-fix-discovery-timer-re-arming-issue-cr.patch + patches.suse/net-check-untrusted-gso_size-at-kernel-entry.patch + patches.suse/net-usb-qmi_wwan-add-Telit-LE910C1-EUX-composition.patch patches.suse/crypto-chelsio-chtls-properly-set-tp-lsndtime.patch + patches.suse/vsock-fix-timeout-in-vsock_accept.patch + patches.suse/net-be-more-gentle-about-silly-gso-requests-coming-f.patch patches.suse/0022-xfrm-fix-error-in-comment.patch + patches.suse/net-mlx5-Fix-crash-upon-suspend-resume.patch patches.suse/NFC-st21nfca-add-missed-kfree_skb-in-an-error-path.patch patches.suse/drivers-net-ibmvnic-Update-VNIC-protocol-version-rep.patch + patches.suse/devinet-fix-memleak-in-inetdev_init.patch + patches.suse/l2tp-do-not-use-inet_hash-inet_unhash.patch + patches.suse/l2tp-add-sk_family-checks-to-l2tp_validate_socket.patch patches.suse/spi-bcm-qspi-when-tx-rx-buffer-is-NULL-set-to-0.patch patches.suse/spi-spi-mem-Fix-Dual-Quad-modes-on-Octal-capable-dev.patch patches.suse/spi-pxa2xx-Apply-CS-clk-quirk-to-BXT.patch @@ -54518,6 +54545,7 @@ patches.suse/ACPI-CPPC-Fix-reference-count-leak-in-acpi_cppc_proc.patch patches.suse/ACPI-GED-add-support-for-_Exx-_Lxx-handler-methods.patch patches.suse/ACPI-GED-use-correct-trigger-type-field-in-_Exx-_Lxx.patch + patches.suse/ACPI-video-Use-native-backlight-on-Acer-TravelMate-5.patch patches.suse/agp-intel-Reinforce-the-barrier-after-GTT-updates.patch patches.suse/0001-drm-qxl-Use-correct-notify-port-address-when-creatin.patch patches.suse/drm-dp_mst-Reformat-drm_dp_check_act_status-a-bit.patch @@ -54559,6 +54587,7 @@ patches.suse/b43-Fix-connection-problem-with-WPA3.patch patches.suse/b43_legacy-Fix-connection-problem-with-WPA3.patch patches.suse/Bluetooth-Add-SCO-fallback-for-invalid-LMP-parameter.patch + patches.suse/Bluetooth-Consolidate-encryption-handling-in-hci_enc.patch patches.suse/vxlan-Avoid-infinite-loop-when-suppressing-NS-messag.patch patches.suse/net-vmxnet3-fix-possible-buffer-overflow-caused-by-b.patch patches.suse/ipv6-fix-IPV6_ADDRFORM-operation-logic.patch @@ -54567,6 +54596,7 @@ patches.suse/media-dvb-return-EREMOTEIO-on-i2c-transfer-failure.patch patches.suse/media-platform-fcp-Set-appropriate-DMA-parameters.patch patches.suse/media-si2157-Better-check-for-running-tuner-in-init.patch + patches.suse/media-cec-silence-shift-wrapping-warning-in-__cec_s_.patch patches.suse/ALSA-usb-audio-Improve-frames-size-computation.patch patches.suse/ALSA-usb-audio-Fix-racy-list-management-in-output-qu.patch patches.suse/ALSA-hda-realtek-Introduce-polarity-for-micmute-LED-.patch @@ -54592,6 +54622,7 @@ patches.suse/firmware-imx-scu-Fix-possible-memory-leak-in-imx_scu.patch patches.suse/drivers-soc-ti-knav_qmss_queue-Make-knav_gp_range_op.patch patches.suse/powerpc-xive-Clear-the-page-tables-for-the-ESB-IO-ma.patch + patches.suse/input-i8042-Remove-special-PowerPC-handling.patch patches.suse/powerpc-64s-Don-t-let-DT-CPU-features-set-FSCR_DSCR.patch patches.suse/powerpc-64s-Save-FSCR-to-init_task.thread.fscr-after.patch patches.suse/vfio-type1-support-faulting-pfnmap-vmas @@ -54620,8 +54651,12 @@ patches.suse/PCI-Fix-pci_register_host_bridge-device_register-err.patch patches.suse/PCI-Program-MPS-for-RCiEP-devices.patch patches.suse/PCI-PTM-Inherit-Switch-Downstream-Port-PTM-settings-.patch + patches.suse/PCI-AER-Use-only-_OSC-to-determine-AER-ownership.patch + patches.suse/PCI-AER-Remove-HEST-FIRMWARE_FIRST-parsing-for-AER-o.patch patches.suse/PCI-PM-Call-.bridge_d3-hook-only-if-non-NULL.patch patches.suse/PCI-Allow-pci_resize_resource-for-devices-on-root-bu.patch + patches.suse/msft-hv-2076-PCI-hv-Fix-the-PCI-HyperV-probe-failure-path-to-rele.patch + patches.suse/msft-hv-2077-PCI-hv-Retry-PCI-bus-D0-entry-on-invalid-device-stat.patch patches.suse/USB-host-ehci-mxc-Add-error-handling-in-ehci_mxc_drv.patch patches.suse/usb-dwc2-gadget-move-gadget-resume-after-the-core-is.patch patches.suse/USB-gadget-udc-s3c2410_udc-Remove-pointless-NULL-che.patch @@ -54636,12 +54671,14 @@ patches.suse/tty-n_gsm-Fix-SOF-skipping.patch patches.suse/tty-n_gsm-Fix-waking-up-upper-tty-layer-when-room-av.patch patches.suse/tty-n_gsm-Fix-bogus-i-in-gsm_data_kick.patch + patches.suse/tty-hvc_console-fix-crashes-on-parallel-open-close.patch patches.suse/vt-keyboard-avoid-signed-integer-overflow-in-k_ascii.patch patches.suse/iio-buffer-Don-t-allow-buffers-without-any-channels-.patch patches.suse/iio-pressure-bmp280-Tolerate-IRQ-before-registering.patch patches.suse/staging-sm750fb-add-missing-case-while-setting-FB_VI.patch patches.suse/staging-rtl8712-Fix-IEEE80211_ADDBA_PARAM_BUF_SIZE_M.patch patches.suse/fpga-dfl-afu-Corrected-error-handling-levels.patch + patches.suse/dev-mem-Revoke-mappings-when-a-driver-claims-the-reg.patch patches.suse/w1-omap-hdq-cleanup-to-add-missing-newline-for-some-.patch patches.suse/extcon-adc-jack-Fix-an-error-handling-path-in-adc_ja.patch patches.suse/pinctrl-samsung-Save-restore-eint_mask-over-suspend-.patch @@ -54693,10 +54730,16 @@ patches.suse/0004-drm-encoder_slave-fix-refcouting-error-for-modules.patch patches.suse/crypto-algif_skcipher-Cap-recv-SG-list-at-ctx-used.patch patches.suse/crypto-algboss-don-t-wait-during-notifier-callback.patch + patches.suse/spi-spidev-fix-a-race-between-spidev_release-and-spi.patch + patches.suse/btrfs-fix-hang-on-snapshot-creation-after-RWF_NOWAIT.patch + patches.suse/btrfs-fix-failure-of-RWF_NOWAIT-write-into-prealloc-.patch + patches.suse/btrfs-fix-RWF_NOWAIT-write-not-failling-when-we-need.patch + patches.suse/btrfs-fix-RWF_NOWAIT-writes-blocking-on-extent-locks.patch patches.suse/RDMA-efa-Set-maximum-pkeys-device-attribute.patch patches.suse/tracing-fix-event-trigger-to-accept-redundant-spaces.patch patches.suse/s390-qeth-fix-error-handling-for-isolation-mode-cmds patches.suse/tg3-driver-sleeps-indefinitely-when-EEH-errors-excee.patch + patches.suse/net-dsa-bcm_sf2-Fix-node-reference-count.patch patches.suse/ibmveth-Fix-max-MTU-limit.patch patches.suse/ibmvnic-continue-to-init-in-CRQ-reset-returns-H_CLOS.patch patches.suse/usbnet-smsc95xx-Fix-use-after-free-after-removal.patch @@ -54723,19 +54766,27 @@ patches.suse/scsi-qla2xxx-Set-NVMe-status-code-for-failed-NVMe-FC.patch patches.suse/scsi-lpfc-Avoid-another-null-dereference-in-lpfc_sli.patch patches.suse/msft-hv-2106-Drivers-hv-Change-flag-to-write-log-level-in-panic-m.patch + patches.suse/tpm_tis-extra-chip-ops-check-on-error-path-in-tpm_ti.patch patches.suse/tpm_tis-Remove-the-HID-IFX0102.patch patches.suse/drm-msm-dpu-fix-error-return-code-in-dpu_encoder_ini.patch patches.suse/hwmon-max6697-Make-sure-the-OVERT-mask-is-set-correc.patch patches.suse/hwmon-acpi_power_meter-Fix-potential-memory-leak-in-.patch patches.suse/i2c-algo-pca-Add-0x78-as-SCL-stuck-low-status-for-PC.patch + patches.suse/i2c-eg20t-Load-module-automatically-if-ID-matches.patch patches.suse/i2c-mlxcpld-check-correct-size-of-maximum-RECV_LEN-p.patch patches.suse/scsi-qla2xxx-Fix-a-condition-in-qla2x00_find_all_fab.patch patches.suse/Revert-commit-e918e570415c-tpm_tis-Remove-the-HID-IF.patch + patches.suse/ALSA-hda-let-hs_mic-be-picked-ahead-of-hp_mic.patch patches.suse/ALSA-usb-audio-Fix-packet-size-calculation.patch + patches.suse/ALSA-opl3-fix-infoleak-in-opl3.patch + patches.suse/ALSA-usb-audio-add-quirk-for-MacroSilicon-MS2109.patch patches.suse/0001-drm-mediatek-Check-plane-visibility-in-atomic_update.patch patches.suse/0001-drm-radeon-fix-double-free.patch + patches.suse/IB-hfi1-Do-not-destroy-hfi1_wq-when-the-device-is-sh.patch + patches.suse/IB-hfi1-Do-not-destroy-link_wq-when-the-device-is-sh.patch patches.suse/bnxt_en-fix-NULL-dereference-in-case-SR-IOV-configur.patch patches.suse/mlxsw-spectrum_router-Remove-inappropriate-usage-of-.patch + patches.suse/Input-i8042-add-Lenovo-XiaoXin-Air-12-to-i8042-nomux.patch patches.suse/Revert-thermal-mediatek-fix-register-index-error.patch patches.suse/iio-health-afe4404-Fix-timestamp-alignment-and-preve.patch patches.suse/iio-mma8452-Add-missed-iio_device_unregister-call-in.patch @@ -54746,17 +54797,25 @@ patches.suse/staging-comedi-verify-array-index-is-correct-before-.patch patches.suse/revert-zram-convert-remaining-class_attr-to-class_attr_ro patches.suse/intel_th-Fix-a-NULL-dereference-when-hub-driver-is-n.patch + patches.suse/virtio-virtio_console-add-missing-MODULE_DEVICE_TABL.patch patches.suse/ALSA-hda-realtek-Enable-Speaker-for-ASUS-UX533-and-U.patch + patches.suse/HID-magicmouse-do-not-set-up-autorepeat.patch patches.suse/regmap-debugfs-Don-t-sleep-while-atomic-for-fast_io-.patch patches.suse/spi-spi-sun6i-sun6i_spi_transfer_one-fix-setting-of-.patch patches.suse/powerpc-book3s64-pkeys-Fix-pkey_access_permitted-for.patch patches.suse/hwmon-emc2103-fix-unable-to-change-fan-pwm1_enable-a.patch patches.suse/usb-chipidea-core-add-wakeup-support-for-extcon.patch + patches.suse/USB-serial-cypress_m8-enable-Simply-Automated-UPB-PI.patch + patches.suse/USB-serial-option-add-GosunCn-GM500-series.patch + patches.suse/USB-serial-ch341-add-new-Product-ID-for-CH340.patch + patches.suse/USB-serial-option-add-Quectel-EG95-LTE-modem.patch patches.suse/USB-c67x00-fix-use-after-free-in-c67x00_giveback_urb.patch patches.suse/usb-dwc2-Fix-shutdown-callback-in-platform.patch patches.suse/usb-gadget-udc-atmel-remove-outdated-comment-in-usba.patch patches.suse/usb-gadget-udc-atmel-fix-uninitialized-read-in-debug.patch patches.suse/USB-serial-iuu_phoenix-fix-memory-corruption.patch + patches.suse/rtnetlink-Fix-memory-net_device-leak-when-newlink-fa.patch + patches.suse/dev-mem-Add-missing-memory-barriers-for-devmem_inode.patch # jejb/scsi for-next patches.suse/scsi-lpfc-Fix-unused-assignment-in-lpfc_sli4_bsg_lin.patch @@ -54792,6 +54851,9 @@ patches.suse/scsi-lpfc-Fix-interrupt-assignments-when-multiple-ve.patch patches.suse/scsi-lpfc-Fix-less-than-zero-comparison-of-unsigned-.patch + # bluetooth/bluetooth-next + patches.suse/Bluetooth-Disconnect-if-E0-is-used-for-Level-4.patch + # out-of-tree patches patches.suse/net-mvpp2-fix-condition-for-setting-up-link-interrup.patch patches.suse/cifs-handle-netapp-error-codes.patch @@ -54802,7 +54864,6 @@ patches.suse/Deprecate-NR_UNSTABLE_NFS-use-NR_WRITEBACK.patch patches.suse/MM-replace-PF_LESS_THROTTLE-with-PF_LOCAL_THROTTLE.patch patches.suse/SUNRPC-defer-slow-parts-of-rpc_free_client-to-a-work.patch - patches.kabi/SUNRPC-defer-slow-parts-of-rpc_free_client-to-a-work-kabi.patch patches.suse/0001-make-some-Fujitsu-systems-run.patch patches.suse/PCI-sanity-test-on-PCI-vendor-to-be-sure-we-do-not-t.patch patches.suse/bsc1170284-ixgbe_dont_check_firmware_errors.patch @@ -55275,6 +55336,7 @@ patches.suse/kernel-Export-mm_access.patch patches.suse/0001-drm-qxl-Return-error-if-fbdev-is-not-32-bpp.patch patches.kabi/drm_connector-registration_state-kABI-workaround.patch + patches.suse/vgacon-fix-out-of-bounds-write-to-the-scrollback-buf.patch ######################################################## # Out-of-tree networking @@ -55604,6 +55666,10 @@ patches.kabi/net-mlx5-Add-command-entry-handling-completion.patch patches.kabi/padata-reorder-work-kABI-fixup.patch + patches.kabi/l2tp-do-not-use-inet_hash-inet_unhash.patch + patches.kabi/suse-hv-2037-PCI-hv-Introduce-hv_msi_entry.patch + patches.kabi/pcie-revive-__aer_firmware_first_valid.patch + patches.kabi/SUNRPC-defer-slow-parts-of-rpc_free_client-to-a-work-kabi.patch ######################################################## # You'd better have a good reason for adding a patch