From a39f7eb878e6c13be328dead290ab018927222df Mon Sep 17 00:00:00 2001 From: Denis Kirjanov Date: Mar 27 2024 10:16:27 +0000 Subject: Merge branch 'users/mfranc/SLE12-SP5/for-next' into SLE12-SP5 Pull s390 fixes from Miroslav Franc --- diff --git a/patches.suse/s390-ptrace-handle-setting-of-fpc-register-correctly.patch b/patches.suse/s390-ptrace-handle-setting-of-fpc-register-correctly.patch new file mode 100644 index 0000000..8487c11 --- /dev/null +++ b/patches.suse/s390-ptrace-handle-setting-of-fpc-register-correctly.patch @@ -0,0 +1,67 @@ +From: Heiko Carstens +Date: Thu, 30 Nov 2023 18:55:59 +0100 +Subject: s390/ptrace: handle setting of fpc register correctly +Git-commit: 8b13601d19c541158a6e18b278c00ba69ae37829 +Patch-mainline: v6.8-rc1 +References: CVE-2023-52598 bsc#1221060 git-fixes + +If the content of the floating point control (fpc) register of a traced +process is modified with the ptrace interface the new value is tested for +validity by temporarily loading it into the fpc register. + +This may lead to corruption of the fpc register of the tracing process: +if an interrupt happens while the value is temporarily loaded into the +fpc register, and within interrupt context floating point or vector +registers are used, the current fp/vx registers are saved with +save_fpu_regs() assuming they belong to user space and will be loaded into +fp/vx registers when returning to user space. + +test_fp_ctl() restores the original user space fpc register value, however +it will be discarded, when returning to user space. + +In result the tracer will incorrectly continue to run with the value that +was supposed to be used for the traced process. + +Fix this by saving fpu register contents with save_fpu_regs() before using +test_fp_ctl(). + +Reviewed-by: Claudio Imbrenda +Signed-off-by: Heiko Carstens +Signed-off-by: Alexander Gordeev +Acked-by: Miroslav Franc +--- + arch/s390/kernel/ptrace.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c +index 046403471c5d..c7ed302a6b59 100644 +--- a/arch/s390/kernel/ptrace.c ++++ b/arch/s390/kernel/ptrace.c +@@ -392,6 +392,7 @@ static int __poke_user(struct task_struct *child, addr_t addr, addr_t data) + /* + * floating point control reg. is in the thread structure + */ ++ save_fpu_regs(); + if ((unsigned int) data != 0 || + test_fp_ctl(data >> (BITS_PER_LONG - 32))) + return -EINVAL; +@@ -748,6 +749,7 @@ static int __poke_user_compat(struct task_struct *child, + /* + * floating point control reg. is in the thread structure + */ ++ save_fpu_regs(); + if (test_fp_ctl(tmp)) + return -EINVAL; + child->thread.fpu.fpc = data; +@@ -911,9 +913,7 @@ static int s390_fpregs_set(struct task_struct *target, + int rc = 0; + freg_t fprs[__NUM_FPRS]; + +- if (target == current) +- save_fpu_regs(); +- ++ save_fpu_regs(); + if (MACHINE_HAS_VX) + convert_vx_to_fp(fprs, target->thread.fpu.vxrs); + else + diff --git a/patches.suse/s390-vtime-fix-average-steal-time-calculation.patch b/patches.suse/s390-vtime-fix-average-steal-time-calculation.patch new file mode 100644 index 0000000..052522e --- /dev/null +++ b/patches.suse/s390-vtime-fix-average-steal-time-calculation.patch @@ -0,0 +1,60 @@ +From: Mete Durlu +Date: Wed, 6 Mar 2024 12:31:52 +0100 +Subject: s390/vtime: fix average steal time calculation +Git-commit: 367c50f78451d3bd7ad70bc5c89f9ba6dec46ca9 +Patch-mainline: v6.9-rc1 +References: git-fixes bsc#1221953 + +Current average steal timer calculation produces volatile and inflated +values. The only user of this value is KVM so far and it uses that to +decide whether or not to yield the vCPU which is seeing steal time. +KVM compares average steal timer to a threshold and if the threshold +is past then it does not allow CPU polling and yields it to host, else +it keeps the CPU by polling. +Since KVM's steal time threshold is very low by default (%10) it most +likely is not effected much by the bloated average steal timer values +because the operating region is pretty small. However there might be +new users in the future who might rely on this number. Fix average +steal timer calculation by changing the formula from: + + avg_steal_timer = avg_steal_timer / 2 + steal_timer; + +to the following: + + avg_steal_timer = (avg_steal_timer + steal_timer) / 2; + +This ensures that avg_steal_timer is actually a naive average of steal +timer values. It now closely follows steal timer values but of course +in a smoother manner. + +Fixes: 152e9b8676c6 ("s390/vtime: steal time exponential moving average") +Signed-off-by: Mete Durlu +Acked-by: Heiko Carstens +Acked-by: Christian Borntraeger +Signed-off-by: Heiko Carstens +Acked-by: Miroslav Franc +--- + arch/s390/kernel/vtime.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/s390/kernel/vtime.c b/arch/s390/kernel/vtime.c +index e0a88dcaf5cb..24a18e5ef6e8 100644 +--- a/arch/s390/kernel/vtime.c ++++ b/arch/s390/kernel/vtime.c +@@ -210,13 +210,13 @@ void vtime_flush(struct task_struct *tsk) + virt_timer_expire(); + + steal = S390_lowcore.steal_timer; +- avg_steal = S390_lowcore.avg_steal_timer / 2; ++ avg_steal = S390_lowcore.avg_steal_timer; + if ((s64) steal > 0) { + S390_lowcore.steal_timer = 0; + account_steal_time(cputime_to_nsecs(steal)); + avg_steal += steal; + } +- S390_lowcore.avg_steal_timer = avg_steal; ++ S390_lowcore.avg_steal_timer = avg_steal / 2; + } + + /* + diff --git a/series.conf b/series.conf index d3b9ae4..3fa8a94 100644 --- a/series.conf +++ b/series.conf @@ -64969,6 +64969,7 @@ patches.suse/pstore-ram_core-fix-possible-overflow-in-persistent_ram_init_ecc.patch patches.suse/NFSv4.1-pnfs-Ensure-we-handle-the-error-NFS4ERR_RETU.patch patches.suse/pNFS-Fix-the-pnfs-block-driver-s-calculation-of-layo.patch + patches.suse/s390-ptrace-handle-setting-of-fpc-register-correctly.patch patches.suse/KVM-s390-fix-setting-of-fpc-register.patch patches.suse/md-bypass-block-throttle-for-superblock-update-d6e0.patch patches.suse/Revert-md-raid5-Wait-for-MD_SB_CHANGE_PENDING-in-rai.patch @@ -65028,6 +65029,7 @@ patches.suse/wifi-ath10k-fix-NULL-pointer-dereference-in-ath10k_w.patch patches.suse/net-sunrpc-Fix-an-off-by-one-in-rpc_sockaddr2uaddr.patch patches.suse/NFS-Fix-an-off-by-one-in-root_nfs_cat.patch + patches.suse/s390-vtime-fix-average-steal-time-calculation.patch # dhowells/linux-fs keys-uefi patches.suse/0001-KEYS-Allow-unrestricted-boot-time-addition-of-keys-t.patch