From 80d07ff1abaf13347c2fe075fa18fa0b4ba82d54 Mon Sep 17 00:00:00 2001 From: Denis Kirjanov Date: Nov 25 2020 11:27:29 +0000 Subject: Merge remote-tracking branch 'origin/SLE15-SP2' into SLE15-SP3 Conflicts: blacklist.conf config/ppc64le/default patches.suse/bnxt_en-Avoid-sending-firmware-messages-when-AER-err.patch patches.suse/bnxt_en-Check-abort-error-state-in-bnxt_open_nic.patch patches.suse/bnxt_en-Fix-NULL-ptr-dereference-crash-in-bnxt_fw_re.patch patches.suse/bnxt_en-Fix-regression-in-workqueue-cleanup-logic-in.patch patches.suse/bnxt_en-Invoke-cancel_delayed_work_sync-for-PFs-also.patch patches.suse/bnxt_en-Send-HWRM_FUNC_RESET-fw-command-unconditiona.patch patches.suse/bnxt_en-return-proper-error-codes-in-bnxt_show_temp.patch patches.suse/igc-Fix-not-considering-the-TX-delay-for-timestamps.patch patches.suse/igc-Fix-wrong-timestamp-latency-numbers.patch patches.suse/ionic-check-port-ptr-before-use.patch patches.suse/powerpc-32s-Drop-NULL-addr-verification.patch patches.suse/powerpc-32s-Prepare-prevent_user_access-for-user_acc.patch patches.suse/powerpc-64s-flush-L1D-after-user-accesses.patch patches.suse/powerpc-64s-flush-L1D-on-kernel-entry.patch patches.suse/powerpc-Inline-doorbell-sending-functions.patch patches.suse/powerpc-pseries-Add-KVM-guest-doorbell-restrictions.patch patches.suse/powerpc-pseries-Use-doorbells-even-if-XIVE-is-availa.patch patches.suse/powerpc-rtas-Restrict-RTAS-requests-from-userspace.patch patches.suse/powerpc-uaccess-Evaluate-macro-arguments-once-before.patch series.conf --- diff --git a/blacklist.conf b/blacklist.conf index c73e89c..f32b329 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -321,7 +321,6 @@ bb297bb2de517e41199185021f043bbc5d75b377 # Build fix that is not relevant to ker fd78c59446b8d050ecf3e0897c5a486c7de7c595 # not relevant: PAGE_DEFAULT_KEY is always zero 535e4fc623fab2e09a0653fc3a3e17f382ad0251 # not broken without commit 701dc81e7412daaf3c5bf4bc55d35c8b1525112a 75be6b98eda46d27b4a218fdbfb034a5b0fb5b12 # cleanup, no bugfix -3d3af181d370069861a3be94608464e2ff3682e2 # breaks user-space API de2b41be8fcccb2f5b6c480d35df590476344201 # nothing in __page-aligned sections is write-protected 2356bb4b8221d7dc8c7beb810418122ed90254c9 # 32-bit only dd81d821d0b3f77d949d0cac5c05c1f05b921d46 # Does not apply: gpu: ipu-v3: image-convert: Wait for all EOFs before completing a tile @@ -471,7 +470,6 @@ e63d6fb5637e92725cf143559672a34b706bca4f # 32bit CPU temp sensor 5b905d77987de065bdd3a2906816b5f143df087b # fix for CONFIG_HAVE_HW_BREAKPOINT=N f1565c24b5965dfd2352f209c417ff160be04db9 # generic dma bypass mode does not exist in SP2 (bsc#1156395) c44dc6323cd49d8d742c37e234b952e822c35de4 # no fast_interrupt_return in SP2 (bsc#1156395) -d02f6b7dab8228487268298ea1f21081c0b4b3eb # does not apply on SP2 (bsc#1156395) afce6996943be265fa39240b67025cfcb1bcdfb1 # CONFIG_EDAC_ASPEED is not enabled 5da8e4a658109e3b7e1f45ae672b7c06ac3e7158 # this is part of a 15SP3 feature request, see SLE-13447 66077adb70a2a9e92540155b2ace33ec98299c90 # CONFIG_EDAC_TI is not enabled @@ -1013,3 +1011,5 @@ ffedeeb780dc554eff3d3b16e6a462a26a41d7ec # not needed in SLE 39a7661dcf655c8198fd5d72412f5030a8e58444 # Duplicate of 1e5504656e5a78d096fe59a880fe2a9eb75f50e3 0f5cef2b2904b8d41d34ecb6c5d5bf2f00562b1b # Duplicate of 200bbb88b76c0f420ba5b537005ec0c0a5511b4e 80624263fa289b3416f7ca309491f1b75e579477 # Duplicate of 05a2c5820555b58d882bf5037d6739189a0c1b33 +f97bb5272d9e95d400d6c8643ebb146b3e3e7842 # Fix is not KABI safe, alternative merged +3347acc6fcd4ee71ad18a9ff9d9dac176b517329 # Kernel building with clang is not supported diff --git a/patches.suse/RDMA-hns-Fix-the-wrong-value-of-rnr_retry-when-query.patch b/patches.suse/RDMA-hns-Fix-the-wrong-value-of-rnr_retry-when-query.patch new file mode 100644 index 0000000..c60ac40 --- /dev/null +++ b/patches.suse/RDMA-hns-Fix-the-wrong-value-of-rnr_retry-when-query.patch @@ -0,0 +1,33 @@ +From: Wenpeng Liang +Date: Sat, 19 Sep 2020 18:03:20 +0800 +Subject: RDMA/hns: Fix the wrong value of rnr_retry when querying qp +Patch-mainline: v5.10-rc1 +Git-commit: 99fcf82521d91468ee6115a3c253aa032dc63cbc +References: jsc#SLE-8449 + +The rnr_retry returned to the user is not correct, it should be got from +another fields in QPC. + +Fixes: bfe860351e31 ("RDMA/hns: Fix cast from or to restricted __le32 for driver") +Link: https://lore.kernel.org/r/1600509802-44382-7-git-send-email-liweihang@huawei.com +Signed-off-by: Wenpeng Liang +Signed-off-by: Weihang Li +Signed-off-by: Jason Gunthorpe +Acked-by: Thomas Bogendoerfer +--- + drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c ++++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c +@@ -4958,7 +4958,9 @@ static int hns_roce_v2_query_qp(struct i + qp_attr->retry_cnt = roce_get_field(context.byte_212_lsn, + V2_QPC_BYTE_212_RETRY_CNT_M, + V2_QPC_BYTE_212_RETRY_CNT_S); +- qp_attr->rnr_retry = le32_to_cpu(context.rq_rnr_timer); ++ qp_attr->rnr_retry = roce_get_field(context.byte_244_rnr_rxack, ++ V2_QPC_BYTE_244_RNR_CNT_M, ++ V2_QPC_BYTE_244_RNR_CNT_S); + + done: + qp_attr->cur_qp_state = qp_attr->qp_state; diff --git a/patches.suse/RDMA-hns-Solve-the-overflow-of-the-calc_pg_sz.patch b/patches.suse/RDMA-hns-Solve-the-overflow-of-the-calc_pg_sz.patch new file mode 100644 index 0000000..192eda9 --- /dev/null +++ b/patches.suse/RDMA-hns-Solve-the-overflow-of-the-calc_pg_sz.patch @@ -0,0 +1,37 @@ +From: Jiaran Zhang +Date: Sat, 19 Sep 2020 18:03:19 +0800 +Subject: RDMA/hns: Solve the overflow of the calc_pg_sz() +Patch-mainline: v5.10-rc1 +Git-commit: 768202a0825d447de785e87ff1ea1d3c86a71727 +References: jsc#SLE-8449 + +calc_pg_sz() may gets a data calculation overflow if the PAGE_SIZE is 64 KB +and hop_num is 2. It is because that all variables involved in calculation +are defined in type of int. So change the type of bt_chunk_size, +buf_chunk_size and obj_per_chunk_default to u64. + +Fixes: ba6bb7e97421 ("RDMA/hns: Add interfaces to get pf capabilities from firmware") +Link: https://lore.kernel.org/r/1600509802-44382-6-git-send-email-liweihang@huawei.com +Signed-off-by: Jiaran Zhang +Signed-off-by: Weihang Li +Signed-off-by: Jason Gunthorpe +Acked-by: Thomas Bogendoerfer +--- + drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c ++++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c +@@ -1710,9 +1710,9 @@ static void calc_pg_sz(int obj_num, int + int *buf_page_size, int *bt_page_size, u32 hem_type) + { + u64 obj_per_chunk; +- int bt_chunk_size = 1 << PAGE_SHIFT; +- int buf_chunk_size = 1 << PAGE_SHIFT; +- int obj_per_chunk_default = buf_chunk_size / obj_size; ++ u64 bt_chunk_size = PAGE_SIZE; ++ u64 buf_chunk_size = PAGE_SIZE; ++ u64 obj_per_chunk_default = buf_chunk_size / obj_size; + + *buf_page_size = 0; + *bt_page_size = 0; diff --git a/patches.suse/RDMA-mlx5-Fix-devlink-deadlock-on-net-namespace-dele.patch b/patches.suse/RDMA-mlx5-Fix-devlink-deadlock-on-net-namespace-dele.patch new file mode 100644 index 0000000..ece6f99 --- /dev/null +++ b/patches.suse/RDMA-mlx5-Fix-devlink-deadlock-on-net-namespace-dele.patch @@ -0,0 +1,115 @@ +From: Parav Pandit +Date: Mon, 26 Oct 2020 15:43:59 +0200 +Subject: RDMA/mlx5: Fix devlink deadlock on net namespace deletion +Patch-mainline: v5.10-rc2 +Git-commit: fbdd0049d98d44914fc57d4b91f867f4996c787b +References: jsc#SLE-8464 + +When a mlx5 core devlink instance is reloaded in different net namespace, +its associated IB device is deleted and recreated. + +Example sequence is: +$ ip netns add foo +$ devlink dev reload pci/0000:00:08.0 netns foo +$ ip netns del foo + +mlx5 IB device needs to attach and detach the netdevice to it through the +netdev notifier chain during load and unload sequence. A below call graph +of the unload flow. + +cleanup_net() + down_read(&pernet_ops_rwsem); <- first sem acquired + ops_pre_exit_list() + pre_exit() + devlink_pernet_pre_exit() + devlink_reload() + mlx5_devlink_reload_down() + mlx5_unload_one() + [...] + mlx5_ib_remove() + mlx5_ib_unbind_slave_port() + mlx5_remove_netdev_notifier() + unregister_netdevice_notifier() + down_write(&pernet_ops_rwsem);<- recurrsive lock + +Hence, when net namespace is deleted, mlx5 reload results in deadlock. + +When deadlock occurs, devlink mutex is also held. This not only deadlocks +the mlx5 device under reload, but all the processes which attempt to +access unrelated devlink devices are deadlocked. + +Hence, fix this by mlx5 ib driver to register for per net netdev notifier +instead of global one, which operats on the net namespace without holding +the pernet_ops_rwsem. + +Fixes: 4383cfcc65e7 ("net/mlx5: Add devlink reload") +Link: https://lore.kernel.org/r/20201026134359.23150-1-parav@nvidia.com +Signed-off-by: Parav Pandit +Signed-off-by: Leon Romanovsky +Signed-off-by: Jason Gunthorpe +Acked-by: Thomas Bogendoerfer +--- + drivers/infiniband/hw/mlx5/main.c | 6 ++++-- + drivers/net/ethernet/mellanox/mlx5/core/lib/mlx5.h | 5 ----- + include/linux/mlx5/driver.h | 18 ++++++++++++++++++ + 3 files changed, 22 insertions(+), 7 deletions(-) + +--- a/drivers/infiniband/hw/mlx5/main.c ++++ b/drivers/infiniband/hw/mlx5/main.c +@@ -5293,7 +5293,8 @@ static int mlx5_add_netdev_notifier(stru + int err; + + dev->port[port_num].roce.nb.notifier_call = mlx5_netdev_event; +- err = register_netdevice_notifier(&dev->port[port_num].roce.nb); ++ err = register_netdevice_notifier_net(mlx5_core_net(dev->mdev), ++ &dev->port[port_num].roce.nb); + if (err) { + dev->port[port_num].roce.nb.notifier_call = NULL; + return err; +@@ -5305,7 +5306,8 @@ static int mlx5_add_netdev_notifier(stru + static void mlx5_remove_netdev_notifier(struct mlx5_ib_dev *dev, u8 port_num) + { + if (dev->port[port_num].roce.nb.notifier_call) { +- unregister_netdevice_notifier(&dev->port[port_num].roce.nb); ++ unregister_netdevice_notifier_net(mlx5_core_net(dev->mdev), ++ &dev->port[port_num].roce.nb); + dev->port[port_num].roce.nb.notifier_call = NULL; + } + } +--- a/drivers/net/ethernet/mellanox/mlx5/core/lib/mlx5.h ++++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/mlx5.h +@@ -90,9 +90,4 @@ int mlx5_create_encryption_key(struct ml + u32 key_type, u32 *p_key_id); + void mlx5_destroy_encryption_key(struct mlx5_core_dev *mdev, u32 key_id); + +-static inline struct net *mlx5_core_net(struct mlx5_core_dev *dev) +-{ +- return devlink_net(priv_to_devlink(dev)); +-} +- + #endif +--- a/include/linux/mlx5/driver.h ++++ b/include/linux/mlx5/driver.h +@@ -1204,4 +1204,22 @@ static inline bool mlx5_is_roce_enabled( + return val.vbool; + } + ++/** ++ * mlx5_core_net - Provide net namespace of the mlx5_core_dev ++ * @dev: mlx5 core device ++ * ++ * mlx5_core_net() returns the net namespace of mlx5 core device. ++ * This can be called only in below described limited context. ++ * (a) When a devlink instance for mlx5_core is registered and ++ * when devlink reload operation is disabled. ++ * or ++ * (b) during devlink reload reload_down() and reload_up callbacks ++ * where it is ensured that devlink instance's net namespace is ++ * stable. ++ */ ++static inline struct net *mlx5_core_net(struct mlx5_core_dev *dev) ++{ ++ return devlink_net(priv_to_devlink(dev)); ++} ++ + #endif /* MLX5_DRIVER_H */ diff --git a/patches.suse/RDMA-qedr-Fix-return-code-if-accept-is-called-on-a-d.patch b/patches.suse/RDMA-qedr-Fix-return-code-if-accept-is-called-on-a-d.patch new file mode 100644 index 0000000..4487ffa --- /dev/null +++ b/patches.suse/RDMA-qedr-Fix-return-code-if-accept-is-called-on-a-d.patch @@ -0,0 +1,42 @@ +From: Michal Kalderon +Date: Wed, 2 Sep 2020 19:57:37 +0300 +Subject: RDMA/qedr: Fix return code if accept is called on a destroyed qp +Patch-mainline: v5.10-rc1 +Git-commit: 8a5a10a1a74465065c75d9de1aa6685e1f1aa117 +References: jsc#SLE-8215 + +In iWARP, accept could be called after a QP is already destroyed. In this +case an error should be returned and not success. + +Fixes: 82af6d19d8d9 ("RDMA/qedr: Fix synchronization methods and memory leaks in qedr") +Link: https://lore.kernel.org/r/20200902165741.8355-5-michal.kalderon@marvell.com +Signed-off-by: Michal Kalderon +Signed-off-by: Jason Gunthorpe +Acked-by: Thomas Bogendoerfer +--- + drivers/infiniband/hw/qedr/qedr_iw_cm.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/infiniband/hw/qedr/qedr_iw_cm.c ++++ b/drivers/infiniband/hw/qedr/qedr_iw_cm.c +@@ -736,7 +736,7 @@ int qedr_iw_accept(struct iw_cm_id *cm_i + struct qedr_dev *dev = ep->dev; + struct qedr_qp *qp; + struct qed_iwarp_accept_in params; +- int rc = 0; ++ int rc; + + DP_DEBUG(dev, QEDR_MSG_IWARP, "Accept on qpid=%d\n", conn_param->qpn); + +@@ -759,8 +759,10 @@ int qedr_iw_accept(struct iw_cm_id *cm_i + params.ord = conn_param->ord; + + if (test_and_set_bit(QEDR_IWARP_CM_WAIT_FOR_CONNECT, +- &qp->iwarp_cm_flags)) ++ &qp->iwarp_cm_flags)) { ++ rc = -EINVAL; + goto err; /* QP already destroyed */ ++ } + + rc = dev->ops->iwarp_accept(dev->rdma_ctx, ¶ms); + if (rc) { diff --git a/patches.suse/RDMA-ucma-Add-missing-locking-around-rdma_leave_mult.patch b/patches.suse/RDMA-ucma-Add-missing-locking-around-rdma_leave_mult.patch new file mode 100644 index 0000000..b0a1f70 --- /dev/null +++ b/patches.suse/RDMA-ucma-Add-missing-locking-around-rdma_leave_mult.patch @@ -0,0 +1,31 @@ +From: Jason Gunthorpe +Date: Tue, 18 Aug 2020 15:05:22 +0300 +Subject: RDMA/ucma: Add missing locking around rdma_leave_multicast() +Patch-mainline: v5.10-rc1 +Git-commit: 38e03d092699891c3237b5aee9e8029d4ede0956 +References: git-fixes + +All entry points to the rdma_cm from a ULP must be single threaded, +even this error unwinds. Add the missing locking. + +Fixes: 7c11910783a1 ("RDMA/ucma: Put a lock around every call to the rdma_cm layer") +Link: https://lore.kernel.org/r/20200818120526.702120-11-leon@kernel.org +Signed-off-by: Leon Romanovsky +Signed-off-by: Jason Gunthorpe +Acked-by: Thomas Bogendoerfer +--- + drivers/infiniband/core/ucma.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/infiniband/core/ucma.c ++++ b/drivers/infiniband/core/ucma.c +@@ -1473,7 +1473,9 @@ static ssize_t ucma_process_join(struct + return 0; + + err3: ++ mutex_lock(&ctx->mutex); + rdma_leave_multicast(ctx->cm_id, (struct sockaddr *) &mc->addr); ++ mutex_unlock(&ctx->mutex); + ucma_cleanup_mc_events(mc); + err2: + xa_erase(&multicast_table, mc->id); diff --git a/patches.suse/SUNRPC-fix-copying-of-multiple-pages-in-gss_read_pro.patch b/patches.suse/SUNRPC-fix-copying-of-multiple-pages-in-gss_read_pro.patch new file mode 100644 index 0000000..2375588 --- /dev/null +++ b/patches.suse/SUNRPC-fix-copying-of-multiple-pages-in-gss_read_pro.patch @@ -0,0 +1,77 @@ +From: Martijn de Gouw +Date: Mon, 19 Oct 2020 13:42:27 +0200 +Subject: SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() +Patch-mainline: v5.10-rc1 +Git-commit: d48c8124749c9a5081fe68680f83605e272c984b +References: bsc#1154353 + +When the passed token is longer than 4032 bytes, the remaining part +of the token must be copied from the rqstp->rq_arg.pages. But the +copy must make sure it happens in a consecutive way. + +With the existing code, the first memcpy copies 'length' bytes from +argv->iobase, but since the header is in front, this never fills the +whole first page of in_token->pages. + +The mecpy in the loop copies the following bytes, but starts writing at +the next page of in_token->pages. This leaves the last bytes of page 0 +unwritten. + +Symptoms were that users with many groups were not able to access NFS +exports, when using Active Directory as the KDC. + +Signed-off-by: Martijn de Gouw +Fixes: 5866efa8cbfb "SUNRPC: Fix svcauth_gss_proxy_init()" +Signed-off-by: J. Bruce Fields +Acked-by: Thomas Bogendoerfer +--- + net/sunrpc/auth_gss/svcauth_gss.c | 27 +++++++++++++++++---------- + 1 file changed, 17 insertions(+), 10 deletions(-) + +--- a/net/sunrpc/auth_gss/svcauth_gss.c ++++ b/net/sunrpc/auth_gss/svcauth_gss.c +@@ -1103,9 +1103,9 @@ static int gss_read_proxy_verf(struct sv + struct gssp_in_token *in_token) + { + struct kvec *argv = &rqstp->rq_arg.head[0]; +- unsigned int page_base, length; +- int pages, i, res; +- size_t inlen; ++ unsigned int length, pgto_offs, pgfrom_offs; ++ int pages, i, res, pgto, pgfrom; ++ size_t inlen, to_offs, from_offs; + + res = gss_read_common_verf(gc, argv, authp, in_handle); + if (res) +@@ -1133,17 +1133,24 @@ static int gss_read_proxy_verf(struct sv + memcpy(page_address(in_token->pages[0]), argv->iov_base, length); + inlen -= length; + +- i = 1; +- page_base = rqstp->rq_arg.page_base; ++ to_offs = length; ++ from_offs = rqstp->rq_arg.page_base; + while (inlen) { +- length = min_t(unsigned int, inlen, PAGE_SIZE); +- memcpy(page_address(in_token->pages[i]), +- page_address(rqstp->rq_arg.pages[i]) + page_base, ++ pgto = to_offs >> PAGE_SHIFT; ++ pgfrom = from_offs >> PAGE_SHIFT; ++ pgto_offs = to_offs & ~PAGE_MASK; ++ pgfrom_offs = from_offs & ~PAGE_MASK; ++ ++ length = min_t(unsigned int, inlen, ++ min_t(unsigned int, PAGE_SIZE - pgto_offs, ++ PAGE_SIZE - pgfrom_offs)); ++ memcpy(page_address(in_token->pages[pgto]) + pgto_offs, ++ page_address(rqstp->rq_arg.pages[pgfrom]) + pgfrom_offs, + length); + ++ to_offs += length; ++ from_offs += length; + inlen -= length; +- page_base = 0; +- i++; + } + return 0; + } diff --git a/patches.suse/icmp-randomize-the-global-rate-limiter.patch b/patches.suse/icmp-randomize-the-global-rate-limiter.patch index 27f3940..fdb8d29 100644 --- a/patches.suse/icmp-randomize-the-global-rate-limiter.patch +++ b/patches.suse/icmp-randomize-the-global-rate-limiter.patch @@ -3,7 +3,7 @@ Date: Thu, 15 Oct 2020 11:42:00 -0700 Subject: icmp: randomize the global rate limiter Patch-mainline: v5.10-rc1 Git-commit: b38e7819cae946e2edf869e604af1e65a5d241c5 -References: git-fixes +References: CVE-2020-25705 bsc#1175721 git-fixes Keyu Man reported that the ICMP rate limiter could be used by attackers to get useful signal. Details will be provided diff --git a/patches.suse/msft-hv-2170-video-hyperv_fb-include-vmalloc.h.patch b/patches.suse/msft-hv-2170-video-hyperv_fb-include-vmalloc.h.patch new file mode 100644 index 0000000..77d1ffc --- /dev/null +++ b/patches.suse/msft-hv-2170-video-hyperv_fb-include-vmalloc.h.patch @@ -0,0 +1,31 @@ +From: Olaf Hering +Date: Fri, 6 Nov 2020 19:39:41 +0100 +Patch-mainline: v5.10-rc4 +Subject: video: hyperv_fb: include vmalloc.h +Git-commit: 34a280831384d7e58327ff0e82e18db8e788107c +References: git-fixes + +hvfb_getmem uses vzalloc, therefore vmalloc.h should be included. + +Fixes commit d21987d709e807ba7bbf47044deb56a3c02e8be4 ("video: hyperv: +hyperv_fb: Support deferred IO for Hyper-V frame buffer driver") + +Signed-off-by: Olaf Hering +Signed-off-by: Sam Ravnborg +Link: https://patchwork.freedesktop.org/patch/msgid/20201106183941.9751-1-olaf@aepfle.de +Acked-by: Olaf Hering +--- + drivers/video/fbdev/hyperv_fb.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/video/fbdev/hyperv_fb.c b/drivers/video/fbdev/hyperv_fb.c +--- a/drivers/video/fbdev/hyperv_fb.c ++++ b/drivers/video/fbdev/hyperv_fb.c +@@ -47,6 +47,7 @@ + + #include + #include ++#include + #include + #include + #include diff --git a/patches.suse/net-fix-pos-incrementment-in-ipv6_route_seq_next.patch b/patches.suse/net-fix-pos-incrementment-in-ipv6_route_seq_next.patch new file mode 100644 index 0000000..b092e8d --- /dev/null +++ b/patches.suse/net-fix-pos-incrementment-in-ipv6_route_seq_next.patch @@ -0,0 +1,88 @@ +From: Yonghong Song +Date: Wed, 14 Oct 2020 07:46:12 -0700 +Subject: net: fix pos incrementment in ipv6_route_seq_next +Patch-mainline: v5.10-rc1 +Git-commit: 6617dfd440149e42ce4d2be615eb31a4755f4d30 +References: bsc#1154353 + +Commit 4fc427e05158 ("ipv6_route_seq_next should increase position index") +tried to fix the issue where seq_file pos is not increased +if a NULL element is returned with seq_ops->next(). See bug + https://bugzilla.kernel.org/show_bug.cgi?id=206283 +The commit effectively does: + - increase pos for all seq_ops->start() + - increase pos for all seq_ops->next() + +For ipv6_route, increasing pos for all seq_ops->next() is correct. +But increasing pos for seq_ops->start() is not correct +since pos is used to determine how many items to skip during +seq_ops->start(): + iter->skip = *pos; +seq_ops->start() just fetches the *current* pos item. +The item can be skipped only after seq_ops->show() which essentially +is the beginning of seq_ops->next(). + +For example, I have 7 ipv6 route entries, + root@arch-fb-vm1:~/net-next dd if=/proc/net/ipv6_route bs=4096 + 00000000000000000000000000000000 40 00000000000000000000000000000000 00 00000000000000000000000000000000 00000400 00000001 00000000 00000001 eth0 + fe800000000000000000000000000000 40 00000000000000000000000000000000 00 00000000000000000000000000000000 00000100 00000001 00000000 00000001 eth0 + 00000000000000000000000000000000 00 00000000000000000000000000000000 00 00000000000000000000000000000000 ffffffff 00000001 00000000 00200200 lo + 00000000000000000000000000000001 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000003 00000000 80200001 lo + fe800000000000002050e3fffebd3be8 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000002 00000000 80200001 eth0 + ff000000000000000000000000000000 08 00000000000000000000000000000000 00 00000000000000000000000000000000 00000100 00000004 00000000 00000001 eth0 + 00000000000000000000000000000000 00 00000000000000000000000000000000 00 00000000000000000000000000000000 ffffffff 00000001 00000000 00200200 lo + 0+1 records in + 0+1 records out + 1050 bytes (1.0 kB, 1.0 KiB) copied, 0.00707908 s, 148 kB/s + root@arch-fb-vm1:~/net-next + +In the above, I specify buffer size 4096, so all records can be returned +to user space with a single trip to the kernel. + +If I use buffer size 128, since each record size is 149, internally +kernel seq_read() will read 149 into its internal buffer and return the data +to user space in two read() syscalls. Then user read() syscall will trigger +next seq_ops->start(). Since the current implementation increased pos even +for seq_ops->start(), it will skip record #2, #4 and #6, assuming the first +record is #1. + + root@arch-fb-vm1:~/net-next dd if=/proc/net/ipv6_route bs=128 + 00000000000000000000000000000000 40 00000000000000000000000000000000 00 00000000000000000000000000000000 00000400 00000001 00000000 00000001 eth0 + 00000000000000000000000000000000 00 00000000000000000000000000000000 00 00000000000000000000000000000000 ffffffff 00000001 00000000 00200200 lo + fe800000000000002050e3fffebd3be8 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000002 00000000 80200001 eth0 + 00000000000000000000000000000000 00 00000000000000000000000000000000 00 00000000000000000000000000000000 ffffffff 00000001 00000000 00200200 lo +4+1 records in +4+1 records out +600 bytes copied, 0.00127758 s, 470 kB/s + +To fix the problem, create a fake pos pointer so seq_ops->start() +won't actually increase seq_file pos. With this fix, the +above `dd` command with `bs=128` will show correct result. + +Fixes: 4fc427e05158 ("ipv6_route_seq_next should increase position index") +Cc: Alexei Starovoitov +Suggested-by: Vasily Averin +Reviewed-by: Vasily Averin +Signed-off-by: Yonghong Song +Acked-by: Martin KaFai Lau +Acked-by: Andrii Nakryiko +Signed-off-by: Jakub Kicinski +Acked-by: Thomas Bogendoerfer +--- + net/ipv6/ip6_fib.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/net/ipv6/ip6_fib.c ++++ b/net/ipv6/ip6_fib.c +@@ -2541,8 +2541,10 @@ static void *ipv6_route_seq_start(struct + iter->skip = *pos; + + if (iter->tbl) { ++ loff_t p = 0; ++ + ipv6_route_seq_setup_walk(iter, net); +- return ipv6_route_seq_next(seq, NULL, pos); ++ return ipv6_route_seq_next(seq, NULL, &p); + } else { + return NULL; + } diff --git a/patches.suse/net-mlx5-Clear-bw_share-upon-VF-disable.patch b/patches.suse/net-mlx5-Clear-bw_share-upon-VF-disable.patch new file mode 100644 index 0000000..e4d5872 --- /dev/null +++ b/patches.suse/net-mlx5-Clear-bw_share-upon-VF-disable.patch @@ -0,0 +1,34 @@ +From: Vladyslav Tarasiuk +Date: Mon, 2 Nov 2020 13:45:24 +0200 +Subject: net/mlx5: Clear bw_share upon VF disable +Patch-mainline: v5.10-rc5 +Git-commit: 1ce5fc724a26e0b476e42c5d588bdb80caea003b +References: jsc#SLE-8464 + +Currently, if user disables VFs with some min and max rates configured, +they are cleared. But QoS data is not cleared and restored upon next VF +enable placing limits on minimal rate for given VF, when user expects +none. + +To match cleared vport->info struct with QoS-related min and max rates +upon VF disable, clear vport->qos struct too. + +Fixes: 556b9d16d3f5 ("net/mlx5: Clear VF's configuration on disabling SRIOV") +Signed-off-by: Vladyslav Tarasiuk +Reviewed-by: Moshe Shemesh +Signed-off-by: Saeed Mahameed +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c +@@ -1936,6 +1936,7 @@ static void mlx5_eswitch_clear_vf_vports + int i; + + mlx5_esw_for_each_vf_vport(esw, i, vport, esw->esw_funcs.num_vfs) { ++ memset(&vport->qos, 0, sizeof(vport->qos)); + memset(&vport->info, 0, sizeof(vport->info)); + vport->info.link_state = MLX5_VPORT_ADMIN_STATE_AUTO; + } diff --git a/patches.suse/net-mlx5-E-Switch-Fail-mlx5_esw_modify_vport_rate-if.patch b/patches.suse/net-mlx5-E-Switch-Fail-mlx5_esw_modify_vport_rate-if.patch new file mode 100644 index 0000000..4d3de6b --- /dev/null +++ b/patches.suse/net-mlx5-E-Switch-Fail-mlx5_esw_modify_vport_rate-if.patch @@ -0,0 +1,32 @@ +From: Eli Cohen +Date: Mon, 9 Nov 2020 11:35:52 +0200 +Subject: net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled +Patch-mainline: v5.10-rc5 +Git-commit: 5b8631c7b21ca8bc039f0bc030048973b039e0d2 +References: jsc#SLE-8464 + +Avoid calling mlx5_esw_modify_vport_rate() if qos is not enabled and +avoid unnecessary syndrome messages from firmware. + +Fixes: fcb64c0f5640 ("net/mlx5: E-Switch, add ingress rate support") +Signed-off-by: Eli Cohen +Reviewed-by: Roi Dayan +Signed-off-by: Saeed Mahameed +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c +@@ -1648,6 +1648,10 @@ int mlx5_esw_modify_vport_rate(struct ml + struct mlx5_vport *vport; + + vport = mlx5_eswitch_get_vport(esw, vport_num); ++ ++ if (!vport->qos.enabled) ++ return -EOPNOTSUPP; ++ + MLX5_SET(scheduling_context, ctx, max_average_bw, rate_mbps); + + return mlx5_modify_scheduling_element_cmd(esw->dev, diff --git a/patches.suse/s390-cpum_cf-perf-change-dflt_ccerror-counter-name b/patches.suse/s390-cpum_cf-perf-change-dflt_ccerror-counter-name new file mode 100644 index 0000000..6b9eda0 --- /dev/null +++ b/patches.suse/s390-cpum_cf-perf-change-dflt_ccerror-counter-name @@ -0,0 +1,47 @@ +From: Thomas Richter +Date: Fri, 17 Jul 2020 11:27:22 +0200 +Subject: s390/cpum_cf,perf: change DFLT_CCERROR counter name +Git-commit: 3d3af181d370069861a3be94608464e2ff3682e2 +Patch-mainline: v5.8-rc7 +References: bsc#1175918 LTC#187935 + +Change the counter name DLFT_CCERROR to DLFT_CCFINISH on IBM z15. +This counter counts completed DEFLATE instructions with exit code +0, 1 or 2. Since exit code 0 means success and exit code 1 or 2 +indicate errors, change the counter name to avoid confusion. +This counter is incremented each time the DEFLATE instruction +completed regardless if an error was detected or not. + +Fixes: d68d5d51dc89 ("s390/cpum_cf: Add new extended counters for IBM z15") +Fixes: e7950166e402 ("perf vendor events s390: Add new deflate counters for IBM z15") +Cc: stable@vger.kernel.org # v5.7 +Signed-off-by: Thomas Richter +Reviewed-by: Sumanth Korikkar +Signed-off-by: Heiko Carstens +[ ptesarik: Removed the part that patches the perf tool, + because it must go into the perf package. ] +Acked-by: Petr Tesarik +--- + arch/s390/kernel/perf_cpum_cf_events.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/s390/kernel/perf_cpum_cf_events.c ++++ b/arch/s390/kernel/perf_cpum_cf_events.c +@@ -292,7 +292,7 @@ CPUMF_EVENT_ATTR(cf_z15, TX_C_TABORT_SPE + CPUMF_EVENT_ATTR(cf_z15, DFLT_ACCESS, 0x00f7); + CPUMF_EVENT_ATTR(cf_z15, DFLT_CYCLES, 0x00fc); + CPUMF_EVENT_ATTR(cf_z15, DFLT_CC, 0x00108); +-CPUMF_EVENT_ATTR(cf_z15, DFLT_CCERROR, 0x00109); ++CPUMF_EVENT_ATTR(cf_z15, DFLT_CCFINISH, 0x00109); + CPUMF_EVENT_ATTR(cf_z15, MT_DIAG_CYCLES_ONE_THR_ACTIVE, 0x01c0); + CPUMF_EVENT_ATTR(cf_z15, MT_DIAG_CYCLES_TWO_THR_ACTIVE, 0x01c1); + +@@ -629,7 +629,7 @@ static struct attribute *cpumcf_z15_pmu_ + CPUMF_EVENT_PTR(cf_z15, DFLT_ACCESS), + CPUMF_EVENT_PTR(cf_z15, DFLT_CYCLES), + CPUMF_EVENT_PTR(cf_z15, DFLT_CC), +- CPUMF_EVENT_PTR(cf_z15, DFLT_CCERROR), ++ CPUMF_EVENT_PTR(cf_z15, DFLT_CCFINISH), + CPUMF_EVENT_PTR(cf_z15, MT_DIAG_CYCLES_ONE_THR_ACTIVE), + CPUMF_EVENT_PTR(cf_z15, MT_DIAG_CYCLES_TWO_THR_ACTIVE), + NULL, diff --git a/patches.suse/s390-zcrypt-fix-kmalloc-256k-failure b/patches.suse/s390-zcrypt-fix-kmalloc-256k-failure new file mode 100644 index 0000000..a7b4e3d --- /dev/null +++ b/patches.suse/s390-zcrypt-fix-kmalloc-256k-failure @@ -0,0 +1,45 @@ +From: Harald Freudenberger +Date: Wed, 9 Sep 2020 11:59:43 +0200 +Subject: s390/zcrypt: fix kmalloc 256k failure +Git-commit: b6186d7fb53349efd274263a45f0b08749ccaa2d +Patch-mainline: v5.9-rc6 +References: bsc#1177066 LTC#188341 + +Tests showed that under stress conditions the kernel may +temporary fail to allocate 256k with kmalloc. However, +this fix reworks the related code in the cca_findcard2() +function to use kvmalloc instead. + +Signed-off-by: Harald Freudenberger +Reviewed-by: Ingo Franzki +Cc: Stable +Signed-off-by: Vasily Gorbik +Acked-by: Petr Tesarik +--- + drivers/s390/crypto/zcrypt_ccamisc.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/s390/crypto/zcrypt_ccamisc.c ++++ b/drivers/s390/crypto/zcrypt_ccamisc.c +@@ -1684,9 +1684,9 @@ int cca_findcard2(u32 **apqns, u32 *nr_a + *nr_apqns = 0; + + /* fetch status of all crypto cards */ +- device_status = kmalloc_array(MAX_ZDEV_ENTRIES_EXT, +- sizeof(struct zcrypt_device_status_ext), +- GFP_KERNEL); ++ device_status = kvmalloc_array(MAX_ZDEV_ENTRIES_EXT, ++ sizeof(struct zcrypt_device_status_ext), ++ GFP_KERNEL); + if (!device_status) + return -ENOMEM; + zcrypt_device_status_mask_ext(device_status); +@@ -1754,7 +1754,7 @@ int cca_findcard2(u32 **apqns, u32 *nr_a + verify = 0; + } + +- kfree(device_status); ++ kvfree(device_status); + return rc; + } + EXPORT_SYMBOL(cca_findcard2); diff --git a/patches.suse/s390-zcrypt-fix-zcrypt_perdev_reqcnt-ioctl b/patches.suse/s390-zcrypt-fix-zcrypt_perdev_reqcnt-ioctl new file mode 100644 index 0000000..e85db43 --- /dev/null +++ b/patches.suse/s390-zcrypt-fix-zcrypt_perdev_reqcnt-ioctl @@ -0,0 +1,34 @@ +From: Christian Borntraeger +Date: Mon, 21 Sep 2020 12:48:36 +0200 +Subject: s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl +Git-commit: f7e80983f0cf470bb82036e73bff4d5a7daf8fc2 +Patch-mainline: v5.9-rc7 +References: bsc#1177070 LTC#188342 + +reqcnt is an u32 pointer but we do copy sizeof(reqcnt) which is the +size of the pointer. This means we only copy 8 byte. Let us copy +the full monty. + +Signed-off-by: Christian Borntraeger +Cc: Harald Freudenberger +Cc: stable@vger.kernel.org +Fixes: af4a72276d49 ("s390/zcrypt: Support up to 256 crypto adapters.") +Reviewed-by: Harald Freudenberger +Signed-off-by: Vasily Gorbik +Acked-by: Petr Tesarik +--- + drivers/s390/crypto/zcrypt_api.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/s390/crypto/zcrypt_api.c ++++ b/drivers/s390/crypto/zcrypt_api.c +@@ -1426,7 +1426,8 @@ static long zcrypt_unlocked_ioctl(struct + if (!reqcnt) + return -ENOMEM; + zcrypt_perdev_reqcnt(reqcnt, AP_DEVICES); +- if (copy_to_user((int __user *) arg, reqcnt, sizeof(reqcnt))) ++ if (copy_to_user((int __user *) arg, reqcnt, ++ sizeof(u32) * AP_DEVICES)) + rc = -EFAULT; + kfree(reqcnt); + return rc; diff --git a/patches.suse/sched-Fix-rq-nr_iowait-ordering.patch b/patches.suse/sched-Fix-rq-nr_iowait-ordering.patch new file mode 100644 index 0000000..0b5b69f --- /dev/null +++ b/patches.suse/sched-Fix-rq-nr_iowait-ordering.patch @@ -0,0 +1,73 @@ +From 326b8f0fff79d3985564754d140c81376af174d3 Mon Sep 17 00:00:00 2001 +From: Peter Zijlstra +Date: Thu, 24 Sep 2020 13:50:42 +0200 +Subject: [PATCH] sched: Fix rq->nr_iowait ordering + +References: git fixes (sched) +Patch-mainline: v5.10-rc5 +Git-commit: ec618b84f6e15281cc3660664d34cd0dd2f2579e + + schedule() ttwu() + deactivate_task(); if (p->on_rq && ...) // false + atomic_dec(&task_rq(p)->nr_iowait); + if (prev->in_iowait) + atomic_inc(&rq->nr_iowait); + +Allows nr_iowait to be decremented before it gets incremented, +resulting in more dodgy IO-wait numbers than usual. + +Note that because we can now do ttwu_queue_wakelist() before +p->on_cpu==0, we lose the natural ordering and have to further delay +the decrement. + +Fixes: c6e7bd7afaeb ("sched/core: Optimize ttwu() spinning on p->on_cpu") +Reported-by: Tejun Heo +Signed-off-by: Peter Zijlstra (Intel) +Acked-by: Mel Gorman +Link: https://lkml.kernel.org/r/20201117093829.GD3121429@hirez.programming.kicks-ass.net +Signed-off-by: Mel Gorman +--- + kernel/sched/core.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/kernel/sched/core.c b/kernel/sched/core.c +index a8d623c2f012..668ea6b16407 100644 +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -2226,7 +2226,12 @@ ttwu_do_activate(struct rq *rq, struct task_struct *p, int wake_flags, + #ifdef CONFIG_SMP + if (wake_flags & WF_MIGRATED) + en_flags |= ENQUEUE_MIGRATED; ++ else + #endif ++ if (p->in_iowait) { ++ delayacct_blkio_end(p); ++ atomic_dec(&task_rq(p)->nr_iowait); ++ } + + activate_task(rq, p, en_flags); + ttwu_do_wakeup(rq, p, wake_flags, rf); +@@ -2636,11 +2641,6 @@ try_to_wake_up(struct task_struct *p, unsigned int state, int wake_flags) + if (READ_ONCE(p->on_rq) && ttwu_runnable(p, wake_flags)) + goto unlock; + +- if (p->in_iowait) { +- delayacct_blkio_end(p); +- atomic_dec(&task_rq(p)->nr_iowait); +- } +- + #ifdef CONFIG_SMP + /* + * Ensure we load p->on_cpu _after_ p->on_rq, otherwise it would be +@@ -2711,6 +2711,11 @@ try_to_wake_up(struct task_struct *p, unsigned int state, int wake_flags) + + cpu = select_task_rq(p, p->wake_cpu, SD_BALANCE_WAKE, wake_flags); + if (task_cpu(p) != cpu) { ++ if (p->in_iowait) { ++ delayacct_blkio_end(p); ++ atomic_dec(&task_rq(p)->nr_iowait); ++ } ++ + wake_flags |= WF_MIGRATED; + psi_ttwu_dequeue(p); + set_task_cpu(p, cpu); diff --git a/patches.suse/sched-fair-Ensure-tasks-spreading-in-LLC-during-LB.patch b/patches.suse/sched-fair-Ensure-tasks-spreading-in-LLC-during-LB.patch new file mode 100644 index 0000000..6f90a90 --- /dev/null +++ b/patches.suse/sched-fair-Ensure-tasks-spreading-in-LLC-during-LB.patch @@ -0,0 +1,72 @@ +From 5f047b82c420638b649b93aa97518d12ef571111 Mon Sep 17 00:00:00 2001 +From: Vincent Guittot +Date: Mon, 2 Nov 2020 11:24:57 +0100 +Subject: [PATCH] sched/fair: Ensure tasks spreading in LLC during LB + +References: git fixes (sched) +Patch-mainline: v5.10-rc4 +Git-commit: 16b0a7a1a0af9db6e008fecd195fe4d6cb366d83 + +schbench shows latency increase for 95 percentile above since: + commit 0b0695f2b34a ("sched/fair: Rework load_balance()") + +Align the behavior of the load balancer with the wake up path, which tries +to select an idle CPU which belongs to the LLC for a waking task. + +calculate_imbalance() will use nr_running instead of the spare +capacity when CPUs share resources (ie cache) at the domain level. This +will ensure a better spread of tasks on idle CPUs. + +Running schbench on a hikey (8cores arm64) shows the problem: + +tip/sched/core : +schbench -m 2 -t 4 -s 10000 -c 1000000 -r 10 +Latency percentiles (usec) + 50.0th: 33 + 75.0th: 45 + 90.0th: 51 + 95.0th: 4152 + *99.0th: 14288 + 99.5th: 14288 + 99.9th: 14288 + min=0, max=14276 + +tip/sched/core + patch : +schbench -m 2 -t 4 -s 10000 -c 1000000 -r 10 +Latency percentiles (usec) + 50.0th: 34 + 75.0th: 47 + 90.0th: 52 + 95.0th: 78 + *99.0th: 94 + 99.5th: 94 + 99.9th: 94 + min=0, max=94 + +Fixes: 0b0695f2b34a ("sched/fair: Rework load_balance()") +Reported-by: Chris Mason +Suggested-by: Rik van Riel +Signed-off-by: Vincent Guittot +Signed-off-by: Peter Zijlstra (Intel) +Reviewed-by: Rik van Riel +Tested-by: Rik van Riel +Link: https://lkml.kernel.org/r/20201102102457.28808-1-vincent.guittot@linaro.org +Signed-off-by: Mel Gorman +--- + kernel/sched/fair.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c +index 522be61935b7..2eb9db9ec913 100644 +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -8964,7 +8964,8 @@ static inline void calculate_imbalance(struct lb_env *env, struct sd_lb_stats *s + * emptying busiest. + */ + if (local->group_type == group_has_spare) { +- if (busiest->group_type > group_fully_busy) { ++ if ((busiest->group_type > group_fully_busy) && ++ !(env->sd->flags & SD_SHARE_PKG_RESOURCES)) { + /* + * If busiest is overloaded, try to fill spare + * capacity. This might end up creating spare capacity diff --git a/patches.suse/sched-fair-Fix-unthrottle_cfs_rq-for-leaf_cfs_rq-list.patch b/patches.suse/sched-fair-Fix-unthrottle_cfs_rq-for-leaf_cfs_rq-list.patch new file mode 100644 index 0000000..0b1d092 --- /dev/null +++ b/patches.suse/sched-fair-Fix-unthrottle_cfs_rq-for-leaf_cfs_rq-list.patch @@ -0,0 +1,104 @@ +From fe39497e8a7959c44ff67d4b94a94cf81d1390fe Mon Sep 17 00:00:00 2001 +From: Vincent Guittot +Date: Wed, 13 May 2020 15:55:28 +0200 +Subject: [PATCH] sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list + +References: git fixes (sched) +Patch-mainline: v5.7-rc7 +Git-commit: 39f23ce07b9355d05a64ae303ce20d1c4b92b957 + +Although not exactly identical, unthrottle_cfs_rq() and enqueue_task_fair() +are quite close and follow the same sequence for enqueuing an entity in the +cfs hierarchy. Modify unthrottle_cfs_rq() to use the same pattern as +enqueue_task_fair(). This fixes a problem already faced with the latter and +add an optimization in the last for_each_sched_entity loop. + +Fixes: fe61468b2cb (sched/fair: Fix enqueue_task_fair warning) +Reported-by Tao Zhou +Signed-off-by: Vincent Guittot +Signed-off-by: Peter Zijlstra (Intel) +Reviewed-by: Phil Auld +Reviewed-by: Ben Segall +Link: https://lkml.kernel.org/r/20200513135528.4742-1-vincent.guittot@linaro.org +Signed-off-by: Mel Gorman +--- + kernel/sched/fair.c | 42 ++++++++++++++++++++++++++++++------------ + 1 file changed, 30 insertions(+), 12 deletions(-) + +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c +index 2eb9db9ec913..d0fa2b619b31 100644 +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -4778,7 +4778,6 @@ void unthrottle_cfs_rq(struct cfs_rq *cfs_rq) + struct rq *rq = rq_of(cfs_rq); + struct cfs_bandwidth *cfs_b = tg_cfs_bandwidth(cfs_rq->tg); + struct sched_entity *se; +- int enqueue = 1; + long task_delta, idle_task_delta; + + se = cfs_rq->tg->se[cpu_of(rq)]; +@@ -4802,26 +4801,44 @@ void unthrottle_cfs_rq(struct cfs_rq *cfs_rq) + idle_task_delta = cfs_rq->idle_h_nr_running; + for_each_sched_entity(se) { + if (se->on_rq) +- enqueue = 0; ++ break; ++ cfs_rq = cfs_rq_of(se); ++ enqueue_entity(cfs_rq, se, ENQUEUE_WAKEUP); ++ ++ cfs_rq->h_nr_running += task_delta; ++ cfs_rq->idle_h_nr_running += idle_task_delta; ++ ++ /* end evaluation on encountering a throttled cfs_rq */ ++ if (cfs_rq_throttled(cfs_rq)) ++ goto unthrottle_throttle; ++ } + ++ for_each_sched_entity(se) { + cfs_rq = cfs_rq_of(se); +- if (enqueue) { +- enqueue_entity(cfs_rq, se, ENQUEUE_WAKEUP); +- } else { +- update_load_avg(cfs_rq, se, 0); +- se_update_runnable(se); +- } ++ ++ update_load_avg(cfs_rq, se, UPDATE_TG); ++ se_update_runnable(se); + + cfs_rq->h_nr_running += task_delta; + cfs_rq->idle_h_nr_running += idle_task_delta; + ++ ++ /* end evaluation on encountering a throttled cfs_rq */ + if (cfs_rq_throttled(cfs_rq)) +- break; ++ goto unthrottle_throttle; ++ ++ /* ++ * One parent has been throttled and cfs_rq removed from the ++ * list. Add it back to not break the leaf list. ++ */ ++ if (throttled_hierarchy(cfs_rq)) ++ list_add_leaf_cfs_rq(cfs_rq); + } + +- if (!se) +- add_nr_running(rq, task_delta); ++ /* At this point se is NULL and we are at root level*/ ++ add_nr_running(rq, task_delta); + ++unthrottle_throttle: + /* + * The cfs_rq_throttled() breaks in the above iteration can result in + * incomplete leaf list maintenance, resulting in triggering the +@@ -4830,7 +4847,8 @@ void unthrottle_cfs_rq(struct cfs_rq *cfs_rq) + for_each_sched_entity(se) { + cfs_rq = cfs_rq_of(se); + +- list_add_leaf_cfs_rq(cfs_rq); ++ if (list_add_leaf_cfs_rq(cfs_rq)) ++ break; + } + + assert_list_leaf_cfs_rq(rq); diff --git a/patches.suse/serial-8250-fix-null-ptr-deref-in-serial8250_start_t.patch b/patches.suse/serial-8250-fix-null-ptr-deref-in-serial8250_start_t.patch index c6d7f47..b84cccc 100644 --- a/patches.suse/serial-8250-fix-null-ptr-deref-in-serial8250_start_t.patch +++ b/patches.suse/serial-8250-fix-null-ptr-deref-in-serial8250_start_t.patch @@ -4,7 +4,7 @@ Date: Tue, 21 Jul 2020 14:38:52 +0000 Subject: [PATCH] serial: 8250: fix null-ptr-deref in serial8250_start_tx() Git-commit: f4c23a140d80ef5e6d3d1f8f57007649014b60fa Patch-mainline: v5.8-rc7 -References: git-fixes +References: CVE-2020-15437 bsc#1179140 I got null-ptr-deref in serial8250_start_tx(): diff --git a/patches.suse/sunrpc-fix-general-protection-fault-in-trace_rpc_xdr_overflow.patch b/patches.suse/sunrpc-fix-general-protection-fault-in-trace_rpc_xdr_overflow.patch new file mode 100644 index 0000000..d1895b0 --- /dev/null +++ b/patches.suse/sunrpc-fix-general-protection-fault-in-trace_rpc_xdr_overflow.patch @@ -0,0 +1,38 @@ +From: Chuck Lever +Date: Fri, 23 Oct 2020 10:41:07 -0400 +Subject: SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() +Git-commit: d321ff589c16d8c2207485a6d7fbdb14e873d46e +Patch-mainline: v5.10-rc4 +References: git-fixes + +The TP_fast_assign() section is careful enough not to dereference +xdr->rqst if it's NULL. The TP_STRUCT__entry section is not. + +Fixes: 5582863f450c ("SUNRPC: Add XDR overflow trace event") +Signed-off-by: Chuck Lever +Signed-off-by: J. Bruce Fields +Acked-by: Miroslav Benes +--- + include/trace/events/sunrpc.h | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/include/trace/events/sunrpc.h b/include/trace/events/sunrpc.h +index f45b3c01370c..2477014e3fa6 100644 +--- a/include/trace/events/sunrpc.h ++++ b/include/trace/events/sunrpc.h +@@ -655,10 +655,10 @@ TRACE_EVENT(rpc_xdr_overflow, + __field(size_t, tail_len) + __field(unsigned int, page_len) + __field(unsigned int, len) +- __string(progname, +- xdr->rqst->rq_task->tk_client->cl_program->name) +- __string(procedure, +- xdr->rqst->rq_task->tk_msg.rpc_proc->p_name) ++ __string(progname, xdr->rqst ? ++ xdr->rqst->rq_task->tk_client->cl_program->name : "unknown") ++ __string(procedure, xdr->rqst ? ++ xdr->rqst->rq_task->tk_msg.rpc_proc->p_name : "unknown") + ), + + TP_fast_assign( + diff --git a/patches.suse/vt-Disable-KD_FONT_OP_COPY.patch b/patches.suse/vt-Disable-KD_FONT_OP_COPY.patch index 2d3ec58..ecc39fd 100644 --- a/patches.suse/vt-Disable-KD_FONT_OP_COPY.patch +++ b/patches.suse/vt-Disable-KD_FONT_OP_COPY.patch @@ -4,7 +4,7 @@ Date: Sun, 8 Nov 2020 16:38:06 +0100 Subject: [PATCH] vt: Disable KD_FONT_OP_COPY Git-commit: 3c4e0dff2095c579b142d5a0693257f1c58b4804 Patch-mainline: v5.10-rc3 -References: bsc#1178589 +References: CVE-2020-28974 bsc#1178589 It's buggy: diff --git a/patches.suse/x86-microcode-intel-check-patch-signature-before-saving-microcode-for-early-loading.patch b/patches.suse/x86-microcode-intel-check-patch-signature-before-saving-microcode-for-early-loading.patch new file mode 100644 index 0000000..7691043 --- /dev/null +++ b/patches.suse/x86-microcode-intel-check-patch-signature-before-saving-microcode-for-early-loading.patch @@ -0,0 +1,173 @@ +From: Chen Yu +Date: Fri, 13 Nov 2020 09:59:23 +0800 +Subject: x86/microcode/intel: Check patch signature before saving microcode + for early loading +Git-commit: 1a371e67dc77125736cc56d3a0893f06b75855b6 +Patch-mainline: v5.10-rc5 +References: bsc#1152489 + +Currently, scan_microcode() leverages microcode_matches() to check +if the microcode matches the CPU by comparing the family and model. +However, the processor stepping and flags of the microcode signature +should also be considered when saving a microcode patch for early +update. + +Use find_matching_signature() in scan_microcode() and get rid of the +now-unused microcode_matches() which is a good cleanup in itself. + +Complete the verification of the patch being saved for early loading in +save_microcode_patch() directly. This needs to be done there too because +save_mc_for_early() will call save_microcode_patch() too. + +The second reason why this needs to be done is because the loader still +tries to support, at least hypothetically, mixed-steppings systems and +thus adds all patches to the cache that belong to the same CPU model +albeit with different steppings. + +For example: + + microcode: CPU: sig=0x906ec, pf=0x2, rev=0xd6 + microcode: mc_saved[0]: sig=0x906e9, pf=0x2a, rev=0xd6, total size=0x19400, date = 2020-04-23 + microcode: mc_saved[1]: sig=0x906ea, pf=0x22, rev=0xd6, total size=0x19000, date = 2020-04-27 + microcode: mc_saved[2]: sig=0x906eb, pf=0x2, rev=0xd6, total size=0x19400, date = 2020-04-23 + microcode: mc_saved[3]: sig=0x906ec, pf=0x22, rev=0xd6, total size=0x19000, date = 2020-04-27 + microcode: mc_saved[4]: sig=0x906ed, pf=0x22, rev=0xd6, total size=0x19400, date = 2020-04-23 + +The patch which is being saved for early loading, however, can only be +the one which fits the CPU this runs on so do the signature verification +before saving. + + [ bp: Do signature verification in save_microcode_patch() + and rewrite commit message. ] + +Fixes: ec400ddeff20 ("x86/microcode_intel_early.c: Early update ucode on Intel's CPU") +Signed-off-by: Chen Yu +Signed-off-by: Borislav Petkov +Cc: stable@vger.kernel.org +Link: https://bugzilla.kernel.org/show_bug.cgi?id=208535 +Link: https://lkml.kernel.org/r/20201113015923.13960-1-yu.c.chen@intel.com +--- + arch/x86/kernel/cpu/microcode/intel.c | 63 ++++++----------------------------- + 1 file changed, 10 insertions(+), 53 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c +index 6a99535d7f37..7e8e07bddd5f 100644 +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -100,53 +100,6 @@ static int has_newer_microcode(void *mc, unsigned int csig, int cpf, int new_rev + return find_matching_signature(mc, csig, cpf); + } + +-/* +- * Given CPU signature and a microcode patch, this function finds if the +- * microcode patch has matching family and model with the CPU. +- * +- * %true - if there's a match +- * %false - otherwise +- */ +-static bool microcode_matches(struct microcode_header_intel *mc_header, +- unsigned long sig) +-{ +- unsigned long total_size = get_totalsize(mc_header); +- unsigned long data_size = get_datasize(mc_header); +- struct extended_sigtable *ext_header; +- unsigned int fam_ucode, model_ucode; +- struct extended_signature *ext_sig; +- unsigned int fam, model; +- int ext_sigcount, i; +- +- fam = x86_family(sig); +- model = x86_model(sig); +- +- fam_ucode = x86_family(mc_header->sig); +- model_ucode = x86_model(mc_header->sig); +- +- if (fam == fam_ucode && model == model_ucode) +- return true; +- +- /* Look for ext. headers: */ +- if (total_size <= data_size + MC_HEADER_SIZE) +- return false; +- +- ext_header = (void *) mc_header + data_size + MC_HEADER_SIZE; +- ext_sig = (void *)ext_header + EXT_HEADER_SIZE; +- ext_sigcount = ext_header->count; +- +- for (i = 0; i < ext_sigcount; i++) { +- fam_ucode = x86_family(ext_sig->sig); +- model_ucode = x86_model(ext_sig->sig); +- +- if (fam == fam_ucode && model == model_ucode) +- return true; +- +- ext_sig++; +- } +- return false; +-} +- + static struct ucode_patch *memdup_patch(void *data, unsigned int size) + { + struct ucode_patch *p; +@@ -164,7 +117,7 @@ static struct ucode_patch *memdup_patch(void *data, unsigned int size) + return p; + } + +-static void save_microcode_patch(void *data, unsigned int size) ++static void save_microcode_patch(struct ucode_cpu_info *uci, void *data, unsigned int size) + { + struct microcode_header_intel *mc_hdr, *mc_saved_hdr; + struct ucode_patch *iter, *tmp, *p = NULL; +@@ -210,6 +163,9 @@ static void save_microcode_patch(void *data, unsigned int size) + if (!p) + return; + ++ if (!find_matching_signature(p->data, uci->cpu_sig.sig, uci->cpu_sig.pf)) ++ return; ++ + /* + * Save for early loading. On 32-bit, that needs to be a physical + * address as the APs are running from physical addresses, before +@@ -344,13 +300,14 @@ scan_microcode(void *data, size_t size, struct ucode_cpu_info *uci, bool save) + + size -= mc_size; + +- if (!microcode_matches(mc_header, uci->cpu_sig.sig)) { ++ if (!find_matching_signature(data, uci->cpu_sig.sig, ++ uci->cpu_sig.pf)) { + data += mc_size; + continue; + } + + if (save) { +- save_microcode_patch(data, mc_size); ++ save_microcode_patch(uci, data, mc_size); + goto next; + } + +@@ -483,14 +440,14 @@ static void show_saved_mc(void) + * Save this microcode patch. It will be loaded early when a CPU is + * hot-added or resumes. + */ +-static void save_mc_for_early(u8 *mc, unsigned int size) ++static void save_mc_for_early(struct ucode_cpu_info *uci, u8 *mc, unsigned int size) + { + /* Synchronization during CPU hotplug. */ + static DEFINE_MUTEX(x86_cpu_microcode_mutex); + + mutex_lock(&x86_cpu_microcode_mutex); + +- save_microcode_patch(mc, size); ++ save_microcode_patch(uci, mc, size); + show_saved_mc(); + + mutex_unlock(&x86_cpu_microcode_mutex); +@@ -935,7 +892,7 @@ static enum ucode_state generic_load_microcode(int cpu, struct iov_iter *iter) + * permanent memory. So it will be loaded early when a CPU is hot added + * or resumes. + */ +- save_mc_for_early(new_mc, new_mc_size); ++ save_mc_for_early(uci, new_mc, new_mc_size); + + pr_debug("CPU%d found a matching microcode update with version 0x%x (current=0x%x)\n", + cpu, new_rev, uci->cpu_sig.rev); + diff --git a/patches.suse/x86-speculation-allow-ibpb-to-be-conditionally-enabled-on-cpus-with-always-on-stibp.patch b/patches.suse/x86-speculation-allow-ibpb-to-be-conditionally-enabled-on-cpus-with-always-on-stibp.patch new file mode 100644 index 0000000..43353d1 --- /dev/null +++ b/patches.suse/x86-speculation-allow-ibpb-to-be-conditionally-enabled-on-cpus-with-always-on-stibp.patch @@ -0,0 +1,145 @@ +From: Anand K Mistry +Date: Thu, 5 Nov 2020 16:33:04 +1100 +Subject: x86/speculation: Allow IBPB to be conditionally enabled on CPUs with + always-on STIBP +Git-commit: 1978b3a53a74e3230cd46932b149c6e62e832e9a +Patch-mainline: v5.10-rc3 +References: bsc#1152489 + +On AMD CPUs which have the feature X86_FEATURE_AMD_STIBP_ALWAYS_ON, +STIBP is set to on and + + spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED + +At the same time, IBPB can be set to conditional. + +However, this leads to the case where it's impossible to turn on IBPB +for a process because in the PR_SPEC_DISABLE case in ib_prctl_set() the + + spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED + +condition leads to a return before the task flag is set. Similarly, +ib_prctl_get() will return PR_SPEC_DISABLE even though IBPB is set to +conditional. + +More generally, the following cases are possible: + +1. STIBP = conditional && IBPB = on for spectre_v2_user=seccomp,ibpb +2. STIBP = on && IBPB = conditional for AMD CPUs with + X86_FEATURE_AMD_STIBP_ALWAYS_ON + +The first case functions correctly today, but only because +spectre_v2_user_ibpb isn't updated to reflect the IBPB mode. + +At a high level, this change does one thing. If either STIBP or IBPB +is set to conditional, allow the prctl to change the task flag. +Also, reflect that capability when querying the state. This isn't +perfect since it doesn't take into account if only STIBP or IBPB is +unconditionally on. But it allows the conditional feature to work as +expected, without affecting the unconditional one. + + [ bp: Massage commit message and comment; space out statements for + better readability. ] + +Fixes: 21998a351512 ("x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.") +Signed-off-by: Anand K Mistry +Signed-off-by: Borislav Petkov +Acked-by: Thomas Gleixner +Acked-by: Tom Lendacky +Link: https://lkml.kernel.org/r/20201105163246.v2.1.Ifd7243cd3e2c2206a893ad0a5b9a4f19549e22c6@changeid +--- + arch/x86/kernel/cpu/bugs.c | 52 ++++++++++++++++++++++++++++----------------- + 1 file changed, 33 insertions(+), 19 deletions(-) + +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -1253,6 +1253,14 @@ static int ssb_prctl_set(struct task_str + return 0; + } + ++static bool is_spec_ib_user_controlled(void) ++{ ++ return spectre_v2_user_ibpb == SPECTRE_V2_USER_PRCTL || ++ spectre_v2_user_ibpb == SPECTRE_V2_USER_SECCOMP || ++ spectre_v2_user_stibp == SPECTRE_V2_USER_PRCTL || ++ spectre_v2_user_stibp == SPECTRE_V2_USER_SECCOMP; ++} ++ + static int ib_prctl_set(struct task_struct *task, unsigned long ctrl) + { + switch (ctrl) { +@@ -1260,17 +1268,26 @@ static int ib_prctl_set(struct task_stru + if (spectre_v2_user_ibpb == SPECTRE_V2_USER_NONE && + spectre_v2_user_stibp == SPECTRE_V2_USER_NONE) + return 0; +- /* +- * Indirect branch speculation is always disabled in strict +- * mode. It can neither be enabled if it was force-disabled +- * by a previous prctl call. + ++ /* ++ * With strict mode for both IBPB and STIBP, the instruction ++ * code paths avoid checking this task flag and instead, ++ * unconditionally run the instruction. However, STIBP and IBPB ++ * are independent and either can be set to conditionally ++ * enabled regardless of the mode of the other. ++ * ++ * If either is set to conditional, allow the task flag to be ++ * updated, unless it was force-disabled by a previous prctl ++ * call. Currently, this is possible on an AMD CPU which has the ++ * feature X86_FEATURE_AMD_STIBP_ALWAYS_ON. In this case, if the ++ * kernel is booted with 'spectre_v2_user=seccomp', then ++ * spectre_v2_user_ibpb == SPECTRE_V2_USER_SECCOMP and ++ * spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED. + */ +- if (spectre_v2_user_ibpb == SPECTRE_V2_USER_STRICT || +- spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT || +- spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED || ++ if (!is_spec_ib_user_controlled() || + task_spec_ib_force_disable(task)) + return -EPERM; ++ + task_clear_spec_ib_disable(task); + task_update_spec_tif(task); + break; +@@ -1283,10 +1300,10 @@ static int ib_prctl_set(struct task_stru + if (spectre_v2_user_ibpb == SPECTRE_V2_USER_NONE && + spectre_v2_user_stibp == SPECTRE_V2_USER_NONE) + return -EPERM; +- if (spectre_v2_user_ibpb == SPECTRE_V2_USER_STRICT || +- spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT || +- spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED) ++ ++ if (!is_spec_ib_user_controlled()) + return 0; ++ + task_set_spec_ib_disable(task); + if (ctrl == PR_SPEC_FORCE_DISABLE) + task_set_spec_ib_force_disable(task); +@@ -1351,20 +1368,17 @@ static int ib_prctl_get(struct task_stru + if (spectre_v2_user_ibpb == SPECTRE_V2_USER_NONE && + spectre_v2_user_stibp == SPECTRE_V2_USER_NONE) + return PR_SPEC_ENABLE; +- else if (spectre_v2_user_ibpb == SPECTRE_V2_USER_STRICT || +- spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT || +- spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED) +- return PR_SPEC_DISABLE; +- else if (spectre_v2_user_ibpb == SPECTRE_V2_USER_PRCTL || +- spectre_v2_user_ibpb == SPECTRE_V2_USER_SECCOMP || +- spectre_v2_user_stibp == SPECTRE_V2_USER_PRCTL || +- spectre_v2_user_stibp == SPECTRE_V2_USER_SECCOMP) { ++ else if (is_spec_ib_user_controlled()) { + if (task_spec_ib_force_disable(task)) + return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE; + if (task_spec_ib_disable(task)) + return PR_SPEC_PRCTL | PR_SPEC_DISABLE; + return PR_SPEC_PRCTL | PR_SPEC_ENABLE; +- } else ++ } else if (spectre_v2_user_ibpb == SPECTRE_V2_USER_STRICT || ++ spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT || ++ spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED) ++ return PR_SPEC_DISABLE; ++ else + return PR_SPEC_NOT_AFFECTED; + } + diff --git a/series.conf b/series.conf index 374e3de..4bbbeb5 100644 --- a/series.conf +++ b/series.conf @@ -28539,6 +28539,7 @@ patches.suse/net-mlx5e-CT-Correctly-get-flow-rule.patch patches.suse/net-mlx5-Fix-error-flow-in-case-of-function_setup-fa.patch patches.suse/sched-fair-Fix-enqueue_task_fair-warning-some-more.patch + patches.suse/sched-fair-Fix-unthrottle_cfs_rq-for-leaf_cfs_rq-list.patch patches.suse/x86-unwind-orc-fix-unwind_get_return_address_ptr-for-inactive-tasks.patch patches.suse/1581-device_cgroup-Cleanup-cgroup-eBPF-device-filter-code.patch patches.suse/Input-mms114-fix-handling-of-mms345l.patch @@ -34959,6 +34960,7 @@ patches.suse/exfat-fix-wrong-hint_stat-initialization-in-exfat_find_dir_entry.patch patches.suse/exfat-fix-wrong-size-update-of-stream-entry-by-typo.patch patches.suse/exfat-fix-name_hash-computation-on-big-endian-systems.patch + patches.suse/s390-cpum_cf-perf-change-dflt_ccerror-counter-name patches.suse/1439-drm-sun4i-hdmi-Fix-inverted-HPD-result.patch patches.suse/1440-drm-lima-fix-wait-pp-reset-timeout.patch patches.suse/1441-drm-amd-powerplay-fix-a-crash-when-overclocking-Vega.patch @@ -38969,6 +38971,7 @@ patches.suse/powerpc-papr_scm-Limit-the-readability-of-perf_stats.patch patches.suse/arm64-bpf-Fix-branch-offset-in-JIT.patch patches.suse/arm64-paravirt-Initialize-steal-time-when-cpu-is-onl.patch + patches.suse/s390-zcrypt-fix-kmalloc-256k-failure patches.suse/s390-pci-fix-leak-of-dma-tables-on-hard-unplug patches.suse/i2c-aspeed-Mask-IRQ-status-to-relevant-bits.patch patches.suse/i2c-i801-Fix-resume-bug.patch @@ -39135,6 +39138,7 @@ patches.suse/s390-mm-gup-fix-gup_fast-with-dynamic-page-table-folding.patch patches.suse/0001-mm-replace-memmap_context-by-meminit_context.patch patches.suse/0002-mm-don-t-rely-on-system-state-to-detect-hot-plug-ope.patch + patches.suse/s390-zcrypt-fix-zcrypt_perdev_reqcnt-ioctl patches.suse/nvme-return-errors-for-hwmon-init.patch patches.suse/nvme-pci-fix-NULL-req-in-completion-handler.patch patches.suse/nvme-fc-fail-new-connections-to-a-deleted-host-or-re.patch @@ -40316,6 +40320,7 @@ patches.suse/net-smc-fix-use-after-free-of-delayed-events patches.suse/net-smc-fix-valid-dmbe-buffer-sizes patches.suse/net-smc-fix-invalid-return-code-in-smcd_new_buf_create + patches.suse/net-fix-pos-incrementment-in-ipv6_route_seq_next.patch patches.suse/0001-mm-fix-a-race-during-THP-splitting.patch patches.suse/mm-hwpoison-cleanup-unused-PageHuge-check.patch patches.suse/mm-hwpoison-remove-recalculating-hpage.patch @@ -40421,7 +40426,11 @@ patches.suse/mtd-spi-nor-intel-spi-Add-support-for-Intel-Alder-La.patch patches.suse/i3c-master-add-i3c_master_attach_boardinfo-to-preser.patch patches.suse/i3c-master-Fix-error-return-in-cdns_i3c_master_probe.patch + patches.suse/RDMA-ucma-Add-missing-locking-around-rdma_leave_mult.patch + patches.suse/RDMA-qedr-Fix-return-code-if-accept-is-called-on-a-d.patch patches.suse/0001-RDMA-iw_cxgb4-Disable-delayed-ack-by-default.patch + patches.suse/RDMA-hns-Solve-the-overflow-of-the-calc_pg_sz.patch + patches.suse/RDMA-hns-Fix-the-wrong-value-of-rnr_retry-when-query.patch patches.suse/overflow-Include-header-file-with-SIZE_MAX-declarati.patch patches.suse/mailbox-avoid-timer-start-from-callback.patch patches.suse/xfs-limit-entries-returned-when-counting-fsmap-recor.patch @@ -40457,6 +40466,7 @@ patches.suse/watchdog-sp5100-Fix-definition-of-EFCH_PM_DECODEEN3.patch patches.suse/9P-Cast-to-loff_t-before-multiplying.patch patches.suse/svcrdma-fix-bounce-buffers-for-unaligned-offsets-and.patch + patches.suse/SUNRPC-fix-copying-of-multiple-pages-in-gss_read_pro.patch patches.suse/PCI-aardvark-Check-for-errors-from-pci_bridge_emul_i.patch patches.suse/msft-hv-2163-PCI-hv-Fix-hibernation-in-case-interrupts-are-not-re.patch patches.suse/pwm-img-Fix-null-pointer-access-in-probe.patch @@ -40523,6 +40533,7 @@ patches.suse/msft-hv-2164-hyperv_fb-Update-screen_info-after-removing-old-fram.patch patches.suse/x86-unwind-orc-Fix-inactive-tasks-with-stack-pointer.patch patches.suse/x86-alternative-Don-t-call-text_poke-in-lazy-TLB-mod.patch + patches.suse/RDMA-mlx5-Fix-devlink-deadlock-on-net-namespace-dele.patch patches.suse/ionic-clean-up-sparse-complaints.patch patches.suse/ionic-no-rx-flush-in-deinit.patch patches.suse/ionic-fix-mem-leak-in-rx_empty.patch @@ -40617,6 +40628,7 @@ patches.suse/i2c-sh_mobile-implement-atomic-transfers.patch patches.suse/futex-Handle-transient-ownerless-rtmutex-state-corre.patch patches.suse/perf-core-fix-a-memory-leak-in-perf_event_parse_addr_filter.patch + patches.suse/x86-speculation-allow-ibpb-to-be-conditionally-enabled-on-cpus-with-always-on-stibp.patch patches.suse/x86-platform-uv-Fix-missing-OEM_TABLE_ID.patch patches.suse/x86-platform-uv-Remove-spaces-from-OEM-IDs.patch patches.suse/x86-platform-uv-Recognize-UV5-hubless-system-identif.patch @@ -40635,6 +40647,7 @@ patches.suse/tty-serial-imx-enable-earlycon-by-default-if-IMX_SER.patch patches.suse/serial-txx9-add-missing-platform_driver_unregister-o.patch patches.suse/vt-Disable-KD_FONT_OP_COPY.patch + patches.suse/sunrpc-fix-general-protection-fault-in-trace_rpc_xdr_overflow.patch patches.suse/ACPI-GED-fix-Wformat.patch patches.suse/bpf-Don-t-rely-on-GCC-__attribute__-optimize-to-disa.patch patches.suse/libbpf-hashmap-Fix-undefined-behavior-in-hash_bits.patch @@ -40645,6 +40658,7 @@ patches.suse/lan743x-fix-BUG-invalid-wait-context-when-setting-rx.patch patches.suse/cosa-Add-missing-kfree-in-error-path-of-cosa_write.patch patches.suse/i40e-xsk-uninitialized-variable-in-i40e_clean_rx_irq.patch + patches.suse/msft-hv-2170-video-hyperv_fb-include-vmalloc.h.patch patches.suse/mmc-renesas_sdhi_core-Add-missing-tmio_mmc_host_free.patch patches.suse/mmc-sdhci-of-esdhc-Handle-pulse-width-detection-erra.patch patches.suse/gpio-aspeed-fix-ast2600-bank-properties2.patch @@ -40666,6 +40680,7 @@ patches.suse/reboot-fix-overflow-parsing-reboot-cpu-number.patch patches.suse/kernel-watchdog-fix-watchdog_allowed_mask-not-used-w.patch patches.suse/futex-Don-t-enable-IRQs-unconditionally-in-put_pi_st.patch + patches.suse/sched-fair-Ensure-tasks-spreading-in-LLC-during-LB.patch patches.suse/x86-platform-uv-Drop-last-traces-of-uv_flush_tlb_oth.patch patches.suse/x86-platform-uv-Fix-copied-UV5-output-archtype.patch patches.suse/thunderbolt-Add-the-missed-ida_simple_remove-in-ring.patch @@ -40708,6 +40723,8 @@ patches.suse/can-flexcan-flexcan_setup_stop_mode-add-missing-req_.patch patches.suse/can-m_can-m_can_handle_state_change-fix-state-change.patch patches.suse/can-m_can-m_can_stop-set-device-to-software-init-mod.patch + patches.suse/net-mlx5-Clear-bw_share-upon-VF-disable.patch + patches.suse/net-mlx5-E-Switch-Fail-mlx5_esw_modify_vport_rate-if.patch patches.suse/can-kvaser_usb-kvaser_usb_hydra-Fix-KCAN-bittiming-l.patch patches.suse/ALSA-hda-realtek-Add-supported-for-Lenovo-ThinkPad-H.patch patches.suse/ALSA-hda-realtek-Add-some-Clove-SSID-in-the-ALC293-A.patch @@ -40732,6 +40749,8 @@ patches.suse/iio-light-fix-kconfig-dependency-bug-for-VCNL4035.patch patches.suse/iio-accel-kxcjk1013-Replace-is_smo8500_device-with-a.patch patches.suse/iio-accel-kxcjk1013-Add-support-for-KIOX010A-ACPI-DS.patch + patches.suse/x86-microcode-intel-check-patch-signature-before-saving-microcode-for-early-loading.patch + patches.suse/sched-Fix-rq-nr_iowait-ordering.patch patches.suse/HID-logitech-hidpp-Add-PID-for-MX-Anywhere-2.patch patches.suse/HID-logitech-dj-Handle-quad-bluetooth-keyboards-with.patch patches.suse/HID-logitech-dj-Fix-an-error-in-mse_bluetooth_descri.patch @@ -40742,7 +40761,6 @@ # out-of-tree patches patches.suse/ASoC-SOF-use-the-sof_ipc_comp-reserved-bytes-for-ext.patch - patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch ######################################################## # end of sorted patches @@ -40776,6 +40794,7 @@ patches.suse/rpadlpar_io-Add-MODULE_DESCRIPTION-entries-to-kernel.patch patches.suse/qla2xxx-return-ebusy-on-fcport-deletion.patch patches.suse/powercap-Restrict-energy-meter-to-root-access.patch + patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch patches.suse/PCI-RCEC-Add-RCEC-class-code-and-extended-capability.patch patches.suse/PCI-RCEC-Bind-RCEC-devices-to-the-Root-Port-driver.patch