From a45d2f78008858d2a22c276ec0c4f68f9c76ff5d Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker Date: Mar 09 2023 23:12:25 +0000 Subject: Merge 'SLE12-SP5' (58b3d663de2) into 'SLE12-SP5-RT' - Refresh: 0211-ptrace-fix-ptrace-vs-tasklist_lock-race.patch --- diff --git a/README b/README index db1a48a..96589fc 100644 --- a/README +++ b/README @@ -194,9 +194,11 @@ depending on the impact of your changes. Use scripts/tar-up.sh for creating an OBS package directory. The kernel source tree that scripts/sequence-patch.sh creates can be -test compiled as follows: +test-compiled. Before that, make sure all prerequisites are installed. +These include libopenssl-devel, libelf-devel, and dwarves (look into +rpm/kernel-binary.spec.in for a complete list). Then, the compilation +can be done as follows: - $ cp config/i386/default /var/tmp/scratch/linux-5.3-SLE15-SP3 $ cd /var/tmp/scratch/linux-5.3-SLE15-SP3 $ make oldconfig $ make diff --git a/blacklist.conf b/blacklist.conf index e871371..e7daae7 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -158,6 +158,7 @@ arch/powerpc/kvm/e500_mmu_host.c arch/powerpc/kvm/e500_mmu_host.h arch/powerpc/kvm/mpic.c arch/powerpc/kvm/trace_booke.h +arch/powerpc/math-emu/ arch/powerpc/mm/book3s32 arch/powerpc/mm/nohash arch/powerpc/mm/40x_mmu.c @@ -1250,7 +1251,6 @@ c3ca9064273c3d7bc1654d685d42f41ccf3744d7 # seccomp: reverting above a5008b59cd9d8de12ab623cb5052bb4735330e5c # not needed because of differences to upstream code 26e53d5ebe2e2a5ff7343e820f0ffd69dd503f8e # obsoleted by dffe8449c5dd63ff18b47709de75553586582cd8 0bfcd24b39c29dbaba81a188ca364563866e6ecc # already present as 8c2eb7b6468a -ad408a1596b45868e38d0504f2ec1d5fb06f17d4 # cosmetic change 7a625549ea8c14be70bc7cfaf30215401bba6da0 # breaks kABI 5c14a4d05f68415af9e41a4e667d1748d41d1baf # optimization b4c3fbe6360178dc2181b7b43b7ae793a192b282 # optimization, breaks kABI @@ -2581,3 +2581,32 @@ d071ae09a4a1414c1433d5ae9908959a7325b0ad # clang e898e69d6b9475bf123f99b3c5d1a67bb7cb2361 # clang 266d63a7d9d48c6d5dee486378ec0e8c86c4d74a # a cleanup 2361ae595352dec015d14292f1b539242d8446d6 # duplicated to 8f105d88195ada665dcff439ec98f661bc99bb10 +c307459b9d1fcb8bbf3ea5a4162979532322ef77 # not strictly needed and breaks kABI +b1468f3071f7312bdc78c380dd01273b5e4459c1 # a mips-only specific revert +78a5255ffb6a1af189a83e493d916ba1c54d8c75 # a cleanup to disable -Wmaybe-uninitialized +a6ecfb39ba9d7316057cea823b196b734f6b18ca # duplicate of 788e67f18d797abbd48a96143511261f4f3b4f21 +5aba2ba5030b66a6f8c93049b718556f9aacd7c6 # already applied +15bfe05c8d6386f1a90e9340d15336e85e32aad6 # already applied +acf1c02f023926b8b04672a9e81b1711ae681619 # already applied +c20a548792f15f8d8e38cd74356301c6db0d241f # no such code +e46772a6946a7d1f3fbbc1415871851d6651f1d4 # already applied +b6b5e8a691185606dfffff3198c89e3b4fd9d4f6 # already applied +a36700589b85443e28170be59fa11c8a104130a5 # cc731525f26a not present +0e48f51cbbfbdb79149806de14dcb8bf0f01ca94 # we need this workaround in 4.12 +ad5dbfc123e6ffbbde194e2a4603323e09f741ee # this would cause regressions with our boot system +563b9372f7ec57e44e8f9a8600c5107d7ffdd166 # inapplicable. Driver added in v4.14 +81c25247a2a03a0f97e4805d7aff7541ccff6baa # cleanup designed to break kABI +7602b957e2404e5f98d9a40b68f1fd27f0028712 # against a condition that should not happen. Cosmetic fix. +39a8883a2b989d1d21bd8dd99f5557f0c5e89694 # adds a feature unusable in our kernel configs +9b25436662d5fb4c66eb527ead53cab15f596ee0 # adds a parameter to the kernel command line. Not a fix +0e48f51cbbfbdb79149806de14dcb8bf0f01ca94 # cosmetic fix +11e31f608b499f044f24b20be73f1dcab3e43f8a # not a bugfix +fda31c50292a5062332fa0343c084bd9f46604d9 # performance optimization +9db89b41117024f80b38b15954017fb293133364 # unnecessary, see bsc#1207328 +79cc1ba7badf9e7a12af99695a557e9ce27ee967 # unnecessary, see bsc#1207328 +8b05aa26336113c4cea25f1c333ee8cd4fc212a6 # unnecessary, see bsc#1207328 +7535b832c6399b5ebfc5b53af5c51dd915ee2538 # unnecessary, see bsc#1207328 +8e1278444446fc97778a5e5c99bca1ce0bbc5ec9 # 32bit ppc unsupported +8634ef5e05311f32d7f2aee06f6b27a8834a3bd6 # Fixes a bug we don't have. +078b5fd92c4913dd367361db6c28568386077c89 # cosmetic - doesn't apply +05eb06d86685e7d9dac60e6bbb46d7f4c30b056e # significant conflicts with backport diff --git a/kabi/severities b/kabi/severities index 96f71ba..cb2b32e 100644 --- a/kabi/severities +++ b/kabi/severities @@ -143,3 +143,6 @@ drivers/net/wireless/ath/ath9k/* PASS # order to catch any wrong use bsc#1193767 drivers/tee/tee PASS include/linux/tee_drv.h PASS + +#l2tp local symbols +net/l2tp/* PASS diff --git a/patches.kabi/NFS-Pass-error-information-to-the-pgio-error-cleanup.patch b/patches.kabi/NFS-Pass-error-information-to-the-pgio-error-cleanup.patch new file mode 100644 index 0000000..5cd1490 --- /dev/null +++ b/patches.kabi/NFS-Pass-error-information-to-the-pgio-error-cleanup.patch @@ -0,0 +1,48 @@ +From: NeilBrown +Subject: KABI FIX FOR: NFS: Pass error information to the pgio error cleanup routine +Patch-mainline: Never, kabi +References: git-fixes + +Return this function signature to what it was. +It isn't obvious that this is safe, but I think it is. + +It is extremely unlikely that an external module would either define an +error_cleanup function (there is one for direct IO and one for async IO, +both internal) and it is also unlikely that an external module would +call one - all current calls are in pagelist.c which is very much +internal code. + +But suppose they did: + + If an external module defined a function, that function would be passed + and extra arg which it could ignore - and this is safe. The direct IO + error_cleanup function ignores the error code. + + If an external module called an error_cleanup function, that function + would read garbage for the error code. That garbage would almost + certainly be NOT recognised as a 'fatal' error so the pre-fix behaviour + would result which is what that caller expected. If by bad luck the + did appear fatal .... I think it would just cause the error to spread + to a few more requests. I think this is a mild consequence for an + extremely unlikely event. + +Signed-off-by: NeilBrown + +--- + include/linux/nfs_xdr.h | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/include/linux/nfs_xdr.h ++++ b/include/linux/nfs_xdr.h +@@ -1509,7 +1509,11 @@ struct nfs_commit_data { + }; + + struct nfs_pgio_completion_ops { ++#ifdef __GENKSYMS__ ++ void (*error_cleanup)(struct list_head *head); ++#else + void (*error_cleanup)(struct list_head *head, int); ++#endif + void (*init_hdr)(struct nfs_pgio_header *hdr); + void (*completion)(struct nfs_pgio_header *hdr); + void (*reschedule_io)(struct nfs_pgio_header *hdr); diff --git a/patches.kabi/SUNRPC-Fix-priority-queue-fairness.patch b/patches.kabi/SUNRPC-Fix-priority-queue-fairness.patch new file mode 100644 index 0000000..5ef922c --- /dev/null +++ b/patches.kabi/SUNRPC-Fix-priority-queue-fairness.patch @@ -0,0 +1,22 @@ +From: NeilBrown +Subject: KABI FIX FOR - SUNRPC: Fix priority queue fairness +Patch-mainline: Never, kabi +References: git-fixes + +Retore the 'owner' field. It is never used, but it must stay for kabi. + +Signed-off-by: NeilBrown +--- + include/linux/sunrpc/sched.h | 1 + + 1 file changed, 1 insertion(+) + +--- a/include/linux/sunrpc/sched.h ++++ b/include/linux/sunrpc/sched.h +@@ -188,6 +188,7 @@ struct rpc_timer { + struct rpc_wait_queue { + spinlock_t lock; + struct list_head tasks[RPC_NR_PRIORITY]; /* task queue for each priority level */ ++ pid_t owner; /* process id of last task serviced */ + unsigned char maxpriority; /* maximum priority (0 if queue is not a priority queue) */ + unsigned char priority; /* current priority */ + unsigned char nr; /* # tasks remaining for cookie */ diff --git a/patches.kabi/cpu-hotplug-Fix-SMT-disabled-by-BIOS-detection-for-K.patch b/patches.kabi/cpu-hotplug-Fix-SMT-disabled-by-BIOS-detection-for-K.patch new file mode 100644 index 0000000..84c7f1c --- /dev/null +++ b/patches.kabi/cpu-hotplug-Fix-SMT-disabled-by-BIOS-detection-for-K.patch @@ -0,0 +1,26 @@ +From: Jiri Slaby +Subject: kABI: cpu/hotplug: reexport cpu_smt_control +Patch-mainline: never, kabi +References: kabi + +Commit b284909abad4 (cpu/hotplug: Fix "SMT disabled by BIOS" detection +for KVM) removed an export of cpu_smt_control. This made the kABI +checker complaining. + +Reintroduce the export. + +Signed-off-by: Jiri Slaby +--- + kernel/cpu.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/kernel/cpu.c ++++ b/kernel/cpu.c +@@ -354,6 +354,7 @@ void __weak arch_smt_update(void) { } + + #ifdef CONFIG_HOTPLUG_SMT + enum cpuhp_smt_control cpu_smt_control __read_mostly = CPU_SMT_ENABLED; ++EXPORT_SYMBOL_GPL(cpu_smt_control); + + void __init cpu_smt_disable(bool force) + { diff --git a/patches.kabi/sock.h-fix-kabi.patch b/patches.kabi/sock.h-fix-kabi.patch new file mode 100644 index 0000000..9ccecbe --- /dev/null +++ b/patches.kabi/sock.h-fix-kabi.patch @@ -0,0 +1,31 @@ +From 1618c44776ec300a9be947dac5e6ed2e5120e3f2 Mon Sep 17 00:00:00 2001 +From: Denis Kirjanov +Date: Tue, 28 Feb 2023 18:17:51 +0300 +Subject: [PATCH] sock.h: hide new member +Patch-mainline: Never (kABI fixup) +References: bsc#1194535 CVE-2021-4203 + +Put a new member into the hole in struct sock (found by pahole) + +Signed-off-by: Denis Kirjanov +--- + include/net/sock.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/include/net/sock.h b/include/net/sock.h +index 890e7b01cae0..037888ec8ccf 100644 +--- a/include/net/sock.h ++++ b/include/net/sock.h +@@ -451,7 +451,9 @@ struct sock { + u32 sk_ack_backlog; + u32 sk_max_ack_backlog; + kuid_t sk_uid; ++#ifndef __GENKSYMS__ + spinlock_t sk_peer_lock; ++#endif + struct pid *sk_peer_pid; + const struct cred *sk_peer_cred; + +-- +2.35.3 + diff --git a/patches.rt/0211-ptrace-fix-ptrace-vs-tasklist_lock-race.patch b/patches.rt/0211-ptrace-fix-ptrace-vs-tasklist_lock-race.patch index f2f517d..b995e92 100644 --- a/patches.rt/0211-ptrace-fix-ptrace-vs-tasklist_lock-race.patch +++ b/patches.rt/0211-ptrace-fix-ptrace-vs-tasklist_lock-race.patch @@ -48,7 +48,7 @@ Signed-off-by: Mike Galbraith #define task_contributes_to_load(task) ((task->state & TASK_UNINTERRUPTIBLE) != 0 && \ (task->flags & PF_FROZEN) == 0 && \ (task->state & TASK_NOLOAD) == 0) -@@ -1535,6 +1531,51 @@ static inline int test_tsk_need_resched( +@@ -1551,6 +1547,51 @@ static inline int test_tsk_need_resched( return unlikely(test_tsk_thread_flag(tsk,TIF_NEED_RESCHED)); } @@ -102,10 +102,10 @@ Signed-off-by: Mike Galbraith * explicit rescheduling in places that are safe. The return --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -175,7 +175,14 @@ static bool ptrace_freeze_traced(struct - +@@ -190,7 +190,14 @@ static bool ptrace_freeze_traced(struct spin_lock_irq(&task->sighand->siglock); - if (task_is_traced(task) && !__fatal_signal_pending(task)) { + if (task_is_traced(task) && !looks_like_a_spurious_pid(task) && + !__fatal_signal_pending(task)) { - task->state = __TASK_TRACED; + unsigned long flags; + @@ -120,7 +120,7 @@ Signed-off-by: Mike Galbraith spin_unlock_irq(&task->sighand->siglock); --- a/kernel/sched/core.c +++ b/kernel/sched/core.c -@@ -1388,6 +1388,18 @@ int migrate_swap(struct task_struct *cur +@@ -1429,6 +1429,18 @@ out: } #endif /* CONFIG_NUMA_BALANCING */ @@ -139,7 +139,7 @@ Signed-off-by: Mike Galbraith /* * wait_task_inactive - wait for a thread to unschedule. * -@@ -1432,7 +1444,7 @@ unsigned long wait_task_inactive(struct +@@ -1473,7 +1485,7 @@ unsigned long wait_task_inactive(struct * is actually now running somewhere else! */ while (task_running(rq, p)) { @@ -148,7 +148,7 @@ Signed-off-by: Mike Galbraith return 0; cpu_relax(); } -@@ -1447,7 +1459,8 @@ unsigned long wait_task_inactive(struct +@@ -1488,7 +1500,8 @@ unsigned long wait_task_inactive(struct running = task_running(rq, p); queued = task_on_rq_queued(p); ncsw = 0; diff --git a/patches.suse/0001-drm-vmwgfx-Avoid-NULL-ptr-deref-in-vmw_cmd_dx_define.patch b/patches.suse/0001-drm-vmwgfx-Avoid-NULL-ptr-deref-in-vmw_cmd_dx_define.patch new file mode 100644 index 0000000..e067929 --- /dev/null +++ b/patches.suse/0001-drm-vmwgfx-Avoid-NULL-ptr-deref-in-vmw_cmd_dx_define.patch @@ -0,0 +1,30 @@ +From 905483d9ea93e05d019664b3cfd078870233faaa Mon Sep 17 00:00:00 2001 +From: Thomas Zimmermann +Date: Mon, 20 Feb 2023 10:38:08 +0100 +Subject: drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Patch-mainline: Never, quick fix for CVE-2022-38096 +References: bsc#1203331 CVE-2022-38096 + +See bsc#1203331. + +Suggested-by: Michal Koutný +Signed-off-by: Thomas Zimmermann +Acked-by: Thomas Zimmermann +--- + drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c +@@ -1405,7 +1405,7 @@ static int vmw_cmd_dx_define_query(struc + struct vmw_resource *cotable_res; + + +- if (ctx_node == NULL) { ++ if (!ctx_node || !ctx_node->res) { + DRM_ERROR("DX Context not set for query.\n"); + return -EINVAL; + } diff --git a/patches.suse/Makefile-link-with-z-noexecstack-no-warn-rwx-segment.patch b/patches.suse/Makefile-link-with-z-noexecstack-no-warn-rwx-segment.patch new file mode 100644 index 0000000..e76745a --- /dev/null +++ b/patches.suse/Makefile-link-with-z-noexecstack-no-warn-rwx-segment.patch @@ -0,0 +1,60 @@ +From: Nick Desaulniers +Date: Wed, 10 Aug 2022 15:24:40 -0700 +Subject: Makefile: link with -z noexecstack --no-warn-rwx-segments +Git-commit: 0d362be5b14200b77ecc2127936a5ff82fbffe41 +Patch-mainline: 6.0-rc1 +References: bsc#1203200 + +Users of GNU ld (BFD) from binutils 2.39+ will observe multiple +instances of a new warning when linking kernels in the form: + + ld: warning: vmlinux: missing .note.GNU-stack section implies executable stack + ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker + ld: warning: vmlinux has a LOAD segment with RWX permissions + +Generally, we would like to avoid the stack being executable. Because +there could be a need for the stack to be executable, assembler sources +have to opt-in to this security feature via explicit creation of the +.note.GNU-stack feature (which compilers create by default) or command +line flag --noexecstack. Or we can simply tell the linker the +production of such sections is irrelevant and to link the stack as +--noexecstack. + +LLVM's LLD linker defaults to -z noexecstack, so this flag isn't +strictly necessary when linking with LLD, only BFD, but it doesn't hurt +to be explicit here for all linkers IMO. --no-warn-rwx-segments is +currently BFD specific and only available in the current latest release, +so it's wrapped in an ld-option check. + +While the kernel makes extensive usage of ELF sections, it doesn't use +permissions from ELF segments. + +[js] no CONFIG_LD_IS_BFD, use "y" instead + use LDFLAGS instead of KBUILD_LDFLAGS (not present in 4.12) + +Link: https://lore.kernel.org/linux-block/3af4127a-f453-4cf7-f133-a181cce06f73@kernel.dk/ +Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 +Link: https://github.com/llvm/llvm-project/issues/57009 +Reported-and-tested-by: Jens Axboe +Suggested-by: Fangrui Song +Signed-off-by: Nick Desaulniers +Signed-off-by: Linus Torvalds +Signed-off-by: Jiri Slaby +--- + Makefile | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/Makefile ++++ b/Makefile +@@ -853,6 +853,11 @@ ifdef CONFIG_LD_DEAD_CODE_DATA_ELIMINATI + LDFLAGS_vmlinux += $(call ld-option, --gc-sections,) + endif + ++LDFLAGS += -z noexecstack ++ifeq (y,y) ++LDFLAGS += $(call ld-option,--no-warn-rwx-segments) ++endif ++ + ifeq ($(CONFIG_STRIP_ASM_SYMS),y) + LDFLAGS_vmlinux += $(call ld-option, -X,) + endif diff --git a/patches.suse/NFS-Ensure-O_DIRECT-reports-an-error-if-the-bytes-re.patch b/patches.suse/NFS-Ensure-O_DIRECT-reports-an-error-if-the-bytes-re.patch index b193ac0..2c71583 100644 --- a/patches.suse/NFS-Ensure-O_DIRECT-reports-an-error-if-the-bytes-re.patch +++ b/patches.suse/NFS-Ensure-O_DIRECT-reports-an-error-if-the-bytes-re.patch @@ -21,7 +21,7 @@ Acked-by: NeilBrown --- a/fs/nfs/direct.c +++ b/fs/nfs/direct.c -@@ -397,15 +397,21 @@ static void nfs_direct_read_completion(s +@@ -400,15 +400,21 @@ static void nfs_direct_read_completion(s unsigned long bytes = 0; struct nfs_direct_req *dreq = hdr->dreq; @@ -48,7 +48,7 @@ Acked-by: NeilBrown spin_unlock(&dreq->lock); while (!list_empty(&hdr->pages)) { -@@ -768,16 +774,19 @@ static void nfs_direct_write_completion( +@@ -775,16 +781,19 @@ static void nfs_direct_write_completion( bool request_commit = false; struct nfs_page *req = nfs_list_entry(hdr->pages.next); @@ -74,10 +74,10 @@ Acked-by: NeilBrown if (dreq->flags == NFS_ODIRECT_RESCHED_WRITES) --- a/fs/nfs/pagelist.c +++ b/fs/nfs/pagelist.c -@@ -1278,6 +1278,7 @@ int nfs_pageio_resend(struct nfs_pageio_ +@@ -1269,6 +1269,7 @@ int nfs_pageio_resend(struct nfs_pageio_ if (!list_empty(&pages)) { int err = desc->pg_error < 0 ? desc->pg_error : -EIO; - hdr->completion_ops->error_cleanup(&pages); + hdr->completion_ops->error_cleanup(&pages, err); + nfs_set_pgio_error(hdr, err, hdr->io_start); return err; } diff --git a/patches.suse/NFS-Pass-error-information-to-the-pgio-error-cleanup.patch b/patches.suse/NFS-Pass-error-information-to-the-pgio-error-cleanup.patch new file mode 100644 index 0000000..0152c6a --- /dev/null +++ b/patches.suse/NFS-Pass-error-information-to-the-pgio-error-cleanup.patch @@ -0,0 +1,117 @@ +From: Trond Myklebust +Date: Wed, 13 Feb 2019 10:39:39 -0500 +Subject: [PATCH] NFS: Pass error information to the pgio error cleanup routine +Git-commit: df3accb849607a86278a37c35e6b313635ccc48b +Patch-mainline: v5.1 +References: git-fixes + +Allow the caller to pass error information when cleaning up a failed +I/O request so that we can conditionally take action to cancel the +request altogether if the error turned out to be fatal. + +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/direct.c | 4 ++-- + fs/nfs/pagelist.c | 5 +++-- + fs/nfs/read.c | 2 +- + fs/nfs/write.c | 11 +++++++++-- + include/linux/nfs_xdr.h | 2 +- + 5 files changed, 16 insertions(+), 8 deletions(-) + +--- a/fs/nfs/direct.c ++++ b/fs/nfs/direct.c +@@ -428,7 +428,7 @@ out_put: + hdr->release(hdr); + } + +-static void nfs_read_sync_pgio_error(struct list_head *head) ++static void nfs_read_sync_pgio_error(struct list_head *head, int error) + { + struct nfs_page *req; + +@@ -821,7 +821,7 @@ out_put: + hdr->release(hdr); + } + +-static void nfs_write_sync_pgio_error(struct list_head *head) ++static void nfs_write_sync_pgio_error(struct list_head *head, int error) + { + struct nfs_page *req; + +--- a/fs/nfs/pagelist.c ++++ b/fs/nfs/pagelist.c +@@ -1014,7 +1014,7 @@ nfs_pageio_cleanup_request(struct nfs_pa + + nfs_list_remove_request(req); + nfs_list_add_request(req, &head); +- desc->pg_completion_ops->error_cleanup(&head); ++ desc->pg_completion_ops->error_cleanup(&head, desc->pg_error); + } + + /** +@@ -1150,7 +1150,8 @@ static void nfs_pageio_error_cleanup(str + + for (midx = 0; midx < desc->pg_mirror_count; midx++) { + mirror = &desc->pg_mirrors[midx]; +- desc->pg_completion_ops->error_cleanup(&mirror->pg_list); ++ desc->pg_completion_ops->error_cleanup(&mirror->pg_list, ++ desc->pg_error); + } + } + +--- a/fs/nfs/read.c ++++ b/fs/nfs/read.c +@@ -203,7 +203,7 @@ static void nfs_initiate_read(struct nfs + } + + static void +-nfs_async_read_error(struct list_head *head) ++nfs_async_read_error(struct list_head *head, int error) + { + struct nfs_page *req; + +--- a/fs/nfs/write.c ++++ b/fs/nfs/write.c +@@ -1423,20 +1423,27 @@ static void nfs_redirty_request(struct n + nfs_release_request(req); + } + +-static void nfs_async_write_error(struct list_head *head) ++static void nfs_async_write_error(struct list_head *head, int error) + { + struct nfs_page *req; + + while (!list_empty(head)) { + req = nfs_list_entry(head->next); + nfs_list_remove_request(req); ++ if (nfs_error_is_fatal(error)) { ++ nfs_context_set_write_error(req->wb_context, error); ++ if (nfs_error_is_fatal_on_server(error)) { ++ nfs_write_error_remove_page(req); ++ continue; ++ } ++ } + nfs_redirty_request(req); + } + } + + static void nfs_async_write_reschedule_io(struct nfs_pgio_header *hdr) + { +- nfs_async_write_error(&hdr->pages); ++ nfs_async_write_error(&hdr->pages, 0); + } + + static const struct nfs_pgio_completion_ops nfs_async_write_completion_ops = { +--- a/include/linux/nfs_xdr.h ++++ b/include/linux/nfs_xdr.h +@@ -1507,7 +1507,7 @@ struct nfs_commit_data { + }; + + struct nfs_pgio_completion_ops { +- void (*error_cleanup)(struct list_head *head); ++ void (*error_cleanup)(struct list_head *head, int); + void (*init_hdr)(struct nfs_pgio_header *hdr); + void (*completion)(struct nfs_pgio_header *hdr); + void (*reschedule_io)(struct nfs_pgio_header *hdr); diff --git a/patches.suse/NFSv4-pnfs-Fix-a-page-lock-leak-in-nfs_pageio_resend.patch b/patches.suse/NFSv4-pnfs-Fix-a-page-lock-leak-in-nfs_pageio_resend.patch index 4a38c85..f163040 100644 --- a/patches.suse/NFSv4-pnfs-Fix-a-page-lock-leak-in-nfs_pageio_resend.patch +++ b/patches.suse/NFSv4-pnfs-Fix-a-page-lock-leak-in-nfs_pageio_resend.patch @@ -19,7 +19,7 @@ Acked-by: NeilBrown --- a/fs/nfs/pagelist.c +++ b/fs/nfs/pagelist.c -@@ -1252,21 +1252,23 @@ static void nfs_pageio_complete_mirror(s +@@ -1253,21 +1253,23 @@ static void nfs_pageio_complete_mirror(s int nfs_pageio_resend(struct nfs_pageio_descriptor *desc, struct nfs_pgio_header *hdr) { @@ -45,7 +45,7 @@ Acked-by: NeilBrown - return desc->pg_error < 0 ? desc->pg_error : -EIO; + if (!list_empty(&pages)) { + int err = desc->pg_error < 0 ? desc->pg_error : -EIO; -+ hdr->completion_ops->error_cleanup(&pages); ++ hdr->completion_ops->error_cleanup(&pages, err); + return err; } return 0; diff --git a/patches.suse/SUNRPC-Fix-priority-queue-fairness.patch b/patches.suse/SUNRPC-Fix-priority-queue-fairness.patch new file mode 100644 index 0000000..1400063 --- /dev/null +++ b/patches.suse/SUNRPC-Fix-priority-queue-fairness.patch @@ -0,0 +1,219 @@ +From: Trond Myklebust +Date: Sat, 8 Sep 2018 22:09:48 -0400 +Subject: [PATCH] SUNRPC: Fix priority queue fairness +Git-commit: f42f7c283078ce3c1e8368b140e270755b1ae313 +Patch-mainline: v4.20 +References: git-fixes + +Fix up the priority queue to not batch by owner, but by queue, so that +we allow '1 << priority' elements to be dequeued before switching to +the next priority queue. +The owner field is still used to wake up requests in round robin order +by owner to avoid single processes hogging the RPC layer by loading the +queues. + +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + include/linux/sunrpc/sched.h | 2 + net/sunrpc/sched.c | 109 +++++++++++++++++++++---------------------- + 2 files changed, 54 insertions(+), 57 deletions(-) + +--- a/include/linux/sunrpc/sched.h ++++ b/include/linux/sunrpc/sched.h +@@ -187,7 +187,6 @@ struct rpc_timer { + struct rpc_wait_queue { + spinlock_t lock; + struct list_head tasks[RPC_NR_PRIORITY]; /* task queue for each priority level */ +- pid_t owner; /* process id of last task serviced */ + unsigned char maxpriority; /* maximum priority (0 if queue is not a priority queue) */ + unsigned char priority; /* current priority */ + unsigned char nr; /* # tasks remaining for cookie */ +@@ -203,7 +202,6 @@ struct rpc_wait_queue { + * from a single cookie. The aim is to improve + * performance of NFS operations such as read/write. + */ +-#define RPC_BATCH_COUNT 16 + #define RPC_IS_PRIORITY(q) ((q)->maxpriority > 0) + + /* +--- a/net/sunrpc/sched.c ++++ b/net/sunrpc/sched.c +@@ -99,65 +99,79 @@ __rpc_add_timer(struct rpc_wait_queue *q + list_add(&task->u.tk_wait.timer_list, &queue->timer_list.list); + } + +-static void rpc_rotate_queue_owner(struct rpc_wait_queue *queue) +-{ +- struct list_head *q = &queue->tasks[queue->priority]; +- struct rpc_task *task; +- +- if (!list_empty(q)) { +- task = list_first_entry(q, struct rpc_task, u.tk_wait.list); +- if (task->tk_owner == queue->owner) +- list_move_tail(&task->u.tk_wait.list, q); +- } +-} +- + static void rpc_set_waitqueue_priority(struct rpc_wait_queue *queue, int priority) + { + if (queue->priority != priority) { +- /* Fairness: rotate the list when changing priority */ +- rpc_rotate_queue_owner(queue); + queue->priority = priority; ++ queue->nr = 1U << priority; + } + } + +-static void rpc_set_waitqueue_owner(struct rpc_wait_queue *queue, pid_t pid) +-{ +- queue->owner = pid; +- queue->nr = RPC_BATCH_COUNT; +-} +- + static void rpc_reset_waitqueue_priority(struct rpc_wait_queue *queue) + { + rpc_set_waitqueue_priority(queue, queue->maxpriority); +- rpc_set_waitqueue_owner(queue, 0); + } + + /* +- * Add new request to a priority queue. ++ * Add a request to a queue list + */ +-static void __rpc_add_wait_queue_priority(struct rpc_wait_queue *queue, +- struct rpc_task *task, +- unsigned char queue_priority) ++static void ++__rpc_list_enqueue_task(struct list_head *q, struct rpc_task *task) + { +- struct list_head *q; + struct rpc_task *t; + +- INIT_LIST_HEAD(&task->u.tk_wait.links); +- if (unlikely(queue_priority > queue->maxpriority)) +- queue_priority = queue->maxpriority; +- if (queue_priority > queue->priority) +- rpc_set_waitqueue_priority(queue, queue_priority); +- q = &queue->tasks[queue_priority]; + list_for_each_entry(t, q, u.tk_wait.list) { + if (t->tk_owner == task->tk_owner) { +- list_add_tail(&task->u.tk_wait.list, &t->u.tk_wait.links); ++ list_add_tail(&task->u.tk_wait.links, ++ &t->u.tk_wait.links); ++ /* Cache the queue head in task->u.tk_wait.list */ ++ task->u.tk_wait.list.next = q; ++ task->u.tk_wait.list.prev = NULL; + return; + } + } ++ INIT_LIST_HEAD(&task->u.tk_wait.links); + list_add_tail(&task->u.tk_wait.list, q); + } + + /* ++ * Remove request from a queue list ++ */ ++static void ++__rpc_list_dequeue_task(struct rpc_task *task) ++{ ++ struct list_head *q; ++ struct rpc_task *t; ++ ++ if (task->u.tk_wait.list.prev == NULL) { ++ list_del(&task->u.tk_wait.links); ++ return; ++ } ++ if (!list_empty(&task->u.tk_wait.links)) { ++ t = list_first_entry(&task->u.tk_wait.links, ++ struct rpc_task, ++ u.tk_wait.links); ++ /* Assume __rpc_list_enqueue_task() cached the queue head */ ++ q = t->u.tk_wait.list.next; ++ list_add_tail(&t->u.tk_wait.list, q); ++ list_del(&task->u.tk_wait.links); ++ } ++ list_del(&task->u.tk_wait.list); ++} ++ ++/* ++ * Add new request to a priority queue. ++ */ ++static void __rpc_add_wait_queue_priority(struct rpc_wait_queue *queue, ++ struct rpc_task *task, ++ unsigned char queue_priority) ++{ ++ if (unlikely(queue_priority > queue->maxpriority)) ++ queue_priority = queue->maxpriority; ++ __rpc_list_enqueue_task(&queue->tasks[queue_priority], task); ++} ++ ++/* + * Add new request to wait queue. + * + * Swapper tasks always get inserted at the head of the queue. +@@ -194,13 +208,7 @@ static void __rpc_add_wait_queue(struct + */ + static void __rpc_remove_wait_queue_priority(struct rpc_task *task) + { +- struct rpc_task *t; +- +- if (!list_empty(&task->u.tk_wait.links)) { +- t = list_entry(task->u.tk_wait.links.next, struct rpc_task, u.tk_wait.list); +- list_move(&t->u.tk_wait.list, &task->u.tk_wait.list); +- list_splice_init(&task->u.tk_wait.links, &t->u.tk_wait.links); +- } ++ __rpc_list_dequeue_task(task); + } + + /* +@@ -212,7 +220,8 @@ static void __rpc_remove_wait_queue(stru + __rpc_disable_timer(queue, task); + if (RPC_IS_PRIORITY(queue)) + __rpc_remove_wait_queue_priority(task); +- list_del(&task->u.tk_wait.list); ++ else ++ list_del(&task->u.tk_wait.list); + queue->qlen--; + dprintk("RPC: %5u removed from queue %p \"%s\"\n", + task->tk_pid, queue, rpc_qname(queue)); +@@ -481,17 +490,9 @@ static struct rpc_task *__rpc_find_next_ + * Service a batch of tasks from a single owner. + */ + q = &queue->tasks[queue->priority]; +- if (!list_empty(q)) { +- task = list_entry(q->next, struct rpc_task, u.tk_wait.list); +- if (queue->owner == task->tk_owner) { +- if (--queue->nr) +- goto out; +- list_move_tail(&task->u.tk_wait.list, q); +- } +- /* +- * Check if we need to switch queues. +- */ +- goto new_owner; ++ if (!list_empty(q) && --queue->nr) { ++ task = list_first_entry(q, struct rpc_task, u.tk_wait.list); ++ goto out; + } + + /* +@@ -503,7 +504,7 @@ static struct rpc_task *__rpc_find_next_ + else + q = q - 1; + if (!list_empty(q)) { +- task = list_entry(q->next, struct rpc_task, u.tk_wait.list); ++ task = list_first_entry(q, struct rpc_task, u.tk_wait.list); + goto new_queue; + } + } while (q != &queue->tasks[queue->priority]); +@@ -513,8 +514,6 @@ static struct rpc_task *__rpc_find_next_ + + new_queue: + rpc_set_waitqueue_priority(queue, (unsigned int)(q - &queue->tasks[0])); +-new_owner: +- rpc_set_waitqueue_owner(queue, task->tk_owner); + out: + return task; + } diff --git a/patches.suse/SUNRPC-Fix-the-batch-tasks-count-wraparound.patch b/patches.suse/SUNRPC-Fix-the-batch-tasks-count-wraparound.patch index 4bb2e17..f89595a 100644 --- a/patches.suse/SUNRPC-Fix-the-batch-tasks-count-wraparound.patch +++ b/patches.suse/SUNRPC-Fix-the-batch-tasks-count-wraparound.patch @@ -29,20 +29,18 @@ Signed-off-by: Trond Myklebust Acked-by: NeilBrown --- - net/sunrpc/sched.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) + net/sunrpc/sched.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c -@@ -493,8 +493,10 @@ static struct rpc_task *__rpc_find_next_ - if (!list_empty(q)) { - task = list_entry(q->next, struct rpc_task, u.tk_wait.list); - if (queue->owner == task->tk_owner) { -- if (--queue->nr) -+ if (queue->nr) { -+ queue->nr--; - goto out; -+ } - list_move_tail(&task->u.tk_wait.list, q); - } - /* +@@ -490,7 +490,8 @@ static struct rpc_task *__rpc_find_next_ + * Service a batch of tasks from a single owner. + */ + q = &queue->tasks[queue->priority]; +- if (!list_empty(q) && --queue->nr) { ++ if (!list_empty(q) && queue->nr) { ++ queue->nr--; + task = list_first_entry(q, struct rpc_task, u.tk_wait.list); + goto out; + } diff --git a/patches.suse/SUNRPC-ensure-the-matching-upcall-is-in-flight-upon-.patch b/patches.suse/SUNRPC-ensure-the-matching-upcall-is-in-flight-upon-.patch new file mode 100644 index 0000000..0ca43c3 --- /dev/null +++ b/patches.suse/SUNRPC-ensure-the-matching-upcall-is-in-flight-upon-.patch @@ -0,0 +1,125 @@ +From: minoura makoto +Date: Tue, 13 Dec 2022 13:14:31 +0900 +Subject: [PATCH] SUNRPC: ensure the matching upcall is in-flight upon downcall +Git-commit: b18cba09e374637a0a3759d856a6bca94c133952 +Patch-mainline: v6.2 +References: git-fixes + +Commit 9130b8dbc6ac ("SUNRPC: allow for upcalls for the same uid +but different gss service") introduced `auth` argument to +__gss_find_upcall(), but in gss_pipe_downcall() it was left as NULL +since it (and auth->service) was not (yet) determined. + +When multiple upcalls with the same uid and different service are +ongoing, it could happen that __gss_find_upcall(), which returns the +first match found in the pipe->in_downcall list, could not find the +correct gss_msg corresponding to the downcall we are looking for. +Moreover, it might return a msg which is not sent to rpc.gssd yet. + +We could see mount.nfs process hung in D state with multiple mount.nfs +are executed in parallel. The call trace below is of CentOS 7.9 +kernel-3.10.0-1160.24.1.el7.x86_64 but we observed the same hang w/ +elrepo kernel-ml-6.0.7-1.el7. + +Pid: 71258 TASK: ffff91ebd4be0000 CPU: 36 COMMAND: "mount.nfs" + #0 [ffff9203ca3234f8] __schedule at ffffffffa3b8899f + #1 [ffff9203ca323580] schedule at ffffffffa3b88eb9 + #2 [ffff9203ca323590] gss_cred_init at ffffffffc0355818 [auth_rpcgss] + #3 [ffff9203ca323658] rpcauth_lookup_credcache at ffffffffc0421ebc +[sunrpc] + #4 [ffff9203ca3236d8] gss_lookup_cred at ffffffffc0353633 [auth_rpcgss] + #5 [ffff9203ca3236e8] rpcauth_lookupcred at ffffffffc0421581 [sunrpc] + #6 [ffff9203ca323740] rpcauth_refreshcred at ffffffffc04223d3 [sunrpc] + #7 [ffff9203ca3237a0] call_refresh at ffffffffc04103dc [sunrpc] + #8 [ffff9203ca3237b8] __rpc_execute at ffffffffc041e1c9 [sunrpc] + #9 [ffff9203ca323820] rpc_execute at ffffffffc0420a48 [sunrpc] + +The scenario is like this. Let's say there are two upcalls for +services A and B, A -> B in pipe->in_downcall, B -> A in pipe->pipe. + +When rpc.gssd reads pipe to get the upcall msg corresponding to +service B from pipe->pipe and then writes the response, in +gss_pipe_downcall the msg corresponding to service A will be picked +because only uid is used to find the msg and it is before the one for +B in pipe->in_downcall. And the process waiting for the msg +corresponding to service A will be woken up. + +Actual scheduing of that process might be after rpc.gssd processes the +next msg. In rpc_pipe_generic_upcall it clears msg->errno (for A). +The process is scheduled to see gss_msg->ctx == NULL and +gss_msg->msg.errno == 0, therefore it cannot break the loop in +gss_create_upcall and is never woken up after that. + +This patch adds a simple check to ensure that a msg which is not +sent to rpc.gssd yet is not chosen as the matching upcall upon +receiving a downcall. + +Signed-off-by: minoura makoto +Signed-off-by: Hiroshi Shimamoto +Tested-by: Hiroshi Shimamoto +Cc: Trond Myklebust +Fixes: 9130b8dbc6ac ("SUNRPC: allow for upcalls for same uid but different gss service") +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + include/linux/sunrpc/rpc_pipe_fs.h | 5 +++++ + net/sunrpc/auth_gss/auth_gss.c | 19 +++++++++++++++++-- + 2 files changed, 22 insertions(+), 2 deletions(-) + +--- a/include/linux/sunrpc/rpc_pipe_fs.h ++++ b/include/linux/sunrpc/rpc_pipe_fs.h +@@ -93,6 +93,11 @@ extern ssize_t rpc_pipe_generic_upcall(s + char __user *, size_t); + extern int rpc_queue_upcall(struct rpc_pipe *, struct rpc_pipe_msg *); + ++/* returns true if the msg is in-flight, i.e., already eaten by the peer */ ++static inline bool rpc_msg_is_inflight(const struct rpc_pipe_msg *msg) { ++ return (msg->copied != 0 && list_empty(&msg->list)); ++} ++ + struct rpc_clnt; + extern struct dentry *rpc_create_client_dir(struct dentry *, const char *, struct rpc_clnt *); + extern int rpc_remove_client_dir(struct rpc_clnt *); +--- a/net/sunrpc/auth_gss/auth_gss.c ++++ b/net/sunrpc/auth_gss/auth_gss.c +@@ -318,7 +318,7 @@ __gss_find_upcall(struct rpc_pipe *pipe, + list_for_each_entry(pos, &pipe->in_downcall, list) { + if (!uid_eq(pos->uid, uid)) + continue; +- if (auth && pos->auth->service != auth->service) ++ if (pos->auth->service != auth->service) + continue; + atomic_inc(&pos->count); + dprintk("RPC: %s found msg %p\n", __func__, pos); +@@ -654,6 +654,21 @@ out: + return err; + } + ++static struct gss_upcall_msg * ++gss_find_downcall(struct rpc_pipe *pipe, kuid_t uid) ++{ ++ struct gss_upcall_msg *pos; ++ list_for_each_entry(pos, &pipe->in_downcall, list) { ++ if (!uid_eq(pos->uid, uid)) ++ continue; ++ if (!rpc_msg_is_inflight(&pos->msg)) ++ continue; ++ atomic_inc(&pos->count); ++ return pos; ++ } ++ return NULL; ++} ++ + #define MSG_BUF_MAXSIZE 1024 + + static ssize_t +@@ -700,7 +715,7 @@ gss_pipe_downcall(struct file *filp, con + err = -ENOENT; + /* Find a matching upcall */ + spin_lock(&pipe->lock); +- gss_msg = __gss_find_upcall(pipe, uid, NULL); ++ gss_msg = gss_find_downcall(pipe, uid); + if (gss_msg == NULL) { + spin_unlock(&pipe->lock); + goto err_put_ctx; diff --git a/patches.suse/USB-serial-ch341-fix-disabled-rx-timer-on-older-devi.patch b/patches.suse/USB-serial-ch341-fix-disabled-rx-timer-on-older-devi.patch new file mode 100644 index 0000000..e4f040b --- /dev/null +++ b/patches.suse/USB-serial-ch341-fix-disabled-rx-timer-on-older-devi.patch @@ -0,0 +1,45 @@ +From 41ca302a697b64a3dab4676e01d0d11bb184737d Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Wed, 31 Aug 2022 10:15:25 +0200 +Subject: [PATCH] USB: serial: ch341: fix disabled rx timer on older devices +Git-commit: 41ca302a697b64a3dab4676e01d0d11bb184737d +References: git-fixes +Patch-mainline: v6.0-rc4 + +At least one older CH341 appears to have the RX timer enable bit +inverted so that setting it disables the RX timer and prevents the FIFO +from emptying until it is full. + +Only set the RX timer enable bit for devices with version newer than +0x27 (even though this probably affects all pre-0x30 devices). + +Reported-by: Jonathan Woithe +Tested-by: Jonathan Woithe +Link: https://lore.kernel.org/r/Ys1iPTfiZRWj2gXs@marvin.atrad.com.au +Fixes: 4e46c410e050 ("USB: serial: ch341: reinitialize chip on reconfiguration") +Cc: stable@vger.kernel.org # 4.10 +Signed-off-by: Johan Hovold +Signed-off-by: Oliver Neukum +--- + drivers/usb/serial/ch341.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/drivers/usb/serial/ch341.c ++++ b/drivers/usb/serial/ch341.c +@@ -255,7 +255,15 @@ static int ch341_set_baudrate_lcr(struct + if (priv->version < 0x30) + return 0; + +- val |= BIT(7); ++ /* ++ * CH341A buffers data until a full endpoint-size packet (32 bytes) ++ * has been received unless bit 7 is set. ++ * ++ * At least one device with version 0x27 appears to have this bit ++ * inverted. ++ */ ++ if (priv->version > 0x27) ++ val |= BIT(7); + + r = ch341_control_out(dev, CH341_REQ_WRITE_REG, 0x1312, val); + if (r) diff --git a/patches.suse/USB-serial-console-move-mutex_unlock-before-usb_seri.patch b/patches.suse/USB-serial-console-move-mutex_unlock-before-usb_seri.patch new file mode 100644 index 0000000..142db7e --- /dev/null +++ b/patches.suse/USB-serial-console-move-mutex_unlock-before-usb_seri.patch @@ -0,0 +1,39 @@ +From 61dfa797c731754642d1ac500a6ac42f9b47f920 Mon Sep 17 00:00:00 2001 +From: Liang He +Date: Mon, 19 Sep 2022 18:48:24 +0800 +Subject: [PATCH] USB: serial: console: move mutex_unlock() before + usb_serial_put() +Git-commit: 61dfa797c731754642d1ac500a6ac42f9b47f920 +References: git-fixes +Patch-mainline: v6.1-rc1 + +While in current version there is no use-after-free as USB serial +core holds another reference when the console is registered, we +should better unlock before dropping the reference in +usb_console_setup(). + +Fixes: 7bd032dc2793 ("USB serial: update the console driver") +Signed-off-by: Liang He +Signed-off-by: Johan Hovold +Signed-off-by: Oliver Neukum +--- + drivers/usb/serial/console.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c +index b97aa40ca4d1..da19a5fa414f 100644 +--- a/drivers/usb/serial/console.c ++++ b/drivers/usb/serial/console.c +@@ -189,8 +189,8 @@ static int usb_console_setup(struct console *co, char *options) + info->port = NULL; + usb_autopm_put_interface(serial->interface); + error_get_interface: +- usb_serial_put(serial); + mutex_unlock(&serial->disc_mutex); ++ usb_serial_put(serial); + return retval; + } + +-- +2.39.2 + diff --git a/patches.suse/af_unix-fix-races-in-sk_peer_pid-and-sk_peer_cred-ac.patch b/patches.suse/af_unix-fix-races-in-sk_peer_pid-and-sk_peer_cred-ac.patch new file mode 100644 index 0000000..638c5f4 --- /dev/null +++ b/patches.suse/af_unix-fix-races-in-sk_peer_pid-and-sk_peer_cred-ac.patch @@ -0,0 +1,144 @@ +From 7e50f5cea91d6ab90f04d769cceb436a0bf8e3a7 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Wed, 29 Sep 2021 15:57:50 -0700 +Subject: [PATCH] af_unix: fix races in sk_peer_pid and sk_peer_cred accesses +Git-commit: 35306eb23814444bd4021f8a1c3047d3cb0c8b2b +Patch-mainline: v5.15-rc4 +References: bsc#1194535 CVE-2021-4203 + +Jann Horn reported that SO_PEERCRED and SO_PEERGROUPS implementations +are racy, as af_unix can concurrently change sk_peer_pid and sk_peer_cred. + +In order to fix this issue, this patch adds a new spinlock that needs +to be used whenever these fields are read or written. + +Jann also pointed out that l2cap_sock_get_peer_pid_cb() is currently +reading sk->sk_peer_pid which makes no sense, as this field +is only possibly set by AF_UNIX sockets. +We will have to clean this in a separate patch. +This could be done by reverting b48596d1dc25 "Bluetooth: L2CAP: Add get_peer_pid callback" +or implementing what was truly expected. + +Fixes: 109f6e39fa07 ("af_unix: Allow SO_PEERCRED to work across namespaces.") +Signed-off-by: Eric Dumazet +Reported-by: Jann Horn +Cc: Eric W. Biederman +Cc: Luiz Augusto von Dentz +Cc: Marcel Holtmann +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + include/net/sock.h | 2 ++ + net/core/sock.c | 21 +++++++++++++++++++-- + net/unix/af_unix.c | 34 ++++++++++++++++++++++++++++------ + 3 files changed, 49 insertions(+), 8 deletions(-) + +diff --git a/include/net/sock.h b/include/net/sock.h +index 8375176ecee3..890e7b01cae0 100644 +--- a/include/net/sock.h ++++ b/include/net/sock.h +@@ -451,8 +451,10 @@ struct sock { + u32 sk_ack_backlog; + u32 sk_max_ack_backlog; + kuid_t sk_uid; ++ spinlock_t sk_peer_lock; + struct pid *sk_peer_pid; + const struct cred *sk_peer_cred; ++ + long sk_rcvtimeo; + ktime_t sk_stamp; + u16 sk_tsflags; +diff --git a/net/core/sock.c b/net/core/sock.c +index 2ca13103c749..9dbca0c72593 100644 +--- a/net/core/sock.c ++++ b/net/core/sock.c +@@ -1225,7 +1235,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname, + struct ucred peercred; + if (len > sizeof(peercred)) + len = sizeof(peercred); ++ ++ spin_lock(&sk->sk_peer_lock); + cred_to_ucred(sk->sk_peer_pid, sk->sk_peer_cred, &peercred); ++ spin_unlock(&sk->sk_peer_lock); ++ + if (copy_to_user(optval, &peercred, len)) + return -EFAULT; + goto lenout; +@@ -1533,9 +1547,10 @@ static void __sk_destruct(struct rcu_head *head) + sk->sk_frag.page = NULL; + } + +- if (sk->sk_peer_cred) +- put_cred(sk->sk_peer_cred); ++ /* We do not need to acquire sk->sk_peer_lock, we are the last user. */ ++ put_cred(sk->sk_peer_cred); + put_pid(sk->sk_peer_pid); ++ + if (likely(sk->sk_net_refcnt)) + put_net(sock_net(sk)); + sk_prot_free(sk->sk_prot_creator, sk); +@@ -2617,6 +2632,8 @@ void sock_init_data(struct socket *sock, struct sock *sk) + + sk->sk_peer_pid = NULL; + sk->sk_peer_cred = NULL; ++ spin_lock_init(&sk->sk_peer_lock); ++ + sk->sk_write_pending = 0; + sk->sk_rcvlowat = 1; + sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT; +diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c +index af92c7384c47..880562163641 100644 +--- a/net/unix/af_unix.c ++++ b/net/unix/af_unix.c +@@ -586,20 +586,42 @@ static void unix_release_sock(struct sock *sk, int embrion) + + static void init_peercred(struct sock *sk) + { +- put_pid(sk->sk_peer_pid); +- if (sk->sk_peer_cred) +- put_cred(sk->sk_peer_cred); ++ const struct cred *old_cred; ++ struct pid *old_pid; ++ ++ spin_lock(&sk->sk_peer_lock); ++ old_pid = sk->sk_peer_pid; ++ old_cred = sk->sk_peer_cred; + sk->sk_peer_pid = get_pid(task_tgid(current)); + sk->sk_peer_cred = get_current_cred(); ++ spin_unlock(&sk->sk_peer_lock); ++ ++ put_pid(old_pid); ++ put_cred(old_cred); + } + + static void copy_peercred(struct sock *sk, struct sock *peersk) + { +- put_pid(sk->sk_peer_pid); +- if (sk->sk_peer_cred) +- put_cred(sk->sk_peer_cred); ++ const struct cred *old_cred; ++ struct pid *old_pid; ++ ++ if (sk < peersk) { ++ spin_lock(&sk->sk_peer_lock); ++ spin_lock_nested(&peersk->sk_peer_lock, SINGLE_DEPTH_NESTING); ++ } else { ++ spin_lock(&peersk->sk_peer_lock); ++ spin_lock_nested(&sk->sk_peer_lock, SINGLE_DEPTH_NESTING); ++ } ++ old_pid = sk->sk_peer_pid; ++ old_cred = sk->sk_peer_cred; + sk->sk_peer_pid = get_pid(peersk->sk_peer_pid); + sk->sk_peer_cred = get_cred(peersk->sk_peer_cred); ++ ++ spin_unlock(&sk->sk_peer_lock); ++ spin_unlock(&peersk->sk_peer_lock); ++ ++ put_pid(old_pid); ++ put_cred(old_cred); + } + + static int unix_listen(struct socket *sock, int backlog) +-- +2.16.4 + diff --git a/patches.suse/block-bio-integrity-Copy-flags-when-bio_integrity_pa.patch b/patches.suse/block-bio-integrity-Copy-flags-when-bio_integrity_pa.patch new file mode 100644 index 0000000..46bc280 --- /dev/null +++ b/patches.suse/block-bio-integrity-Copy-flags-when-bio_integrity_pa.patch @@ -0,0 +1,37 @@ +From: "Martin K. Petersen" +Date: Wed, 15 Feb 2023 12:18:01 -0500 +Subject: block: bio-integrity: Copy flags when bio_integrity_payload is cloned +Patch-mainline: v6.3-rc1 +Git-commit: b6a4bdcda430e3ca43bbb9cb1d4d4d34ebe15c40 +References: bsc#1208541 + +Make sure to copy the flags when a bio_integrity_payload is cloned. +Otherwise per-I/O properties such as IP checksum flag will not be +passed down to the HBA driver. Since the integrity buffer is owned by +the original bio, the BIP_BLOCK_INTEGRITY flag needs to be masked off +to avoid a double free in the completion path. + +Fixes: aae7df50190a ("block: Integrity checksum flag") +Fixes: b1f01388574c ("block: Relocate bio integrity flags") +Reported-by: Saurav Kashyap +Tested-by: Saurav Kashyap +Signed-off-by: Martin K. Petersen +Reviewed-by: Christoph Hellwig +Reviewed-by: Chaitanya Kulkarni +Link: https://lore.kernel.org/r/20230215171801.21062-1-martin.petersen@oracle.com +Signed-off-by: Jens Axboe +Acked-by: Daniel Wagner +--- + block/bio-integrity.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/block/bio-integrity.c ++++ b/block/bio-integrity.c +@@ -435,6 +435,7 @@ int bio_integrity_clone(struct bio *bio, + + bip->bip_vcnt = bip_src->bip_vcnt; + bip->bip_iter = bip_src->bip_iter; ++ bip->bip_flags = bip_src->bip_flags & ~BIP_BLOCK_INTEGRITY; + + return 0; + } diff --git a/patches.suse/bonding-fix-802.3ad-state-sent-to-partner-when-unbin.patch b/patches.suse/bonding-fix-802.3ad-state-sent-to-partner-when-unbin.patch new file mode 100644 index 0000000..65b6527 --- /dev/null +++ b/patches.suse/bonding-fix-802.3ad-state-sent-to-partner-when-unbin.patch @@ -0,0 +1,62 @@ +From 339f98f09aaf520038a8cc4ae7b4a41118cfd9f6 Mon Sep 17 00:00:00 2001 +From: Toni Peltonen +Date: Tue, 27 Nov 2018 16:56:57 +0200 +Subject: [PATCH 3/7] bonding: fix 802.3ad state sent to partner when unbinding + slave +Git-commit: 3b5b3a3331d141e8f2a7aaae3a94dfa1e61ecbe4 +Patch-mainline: v4.20-rc6 +References: git-fixes + +Previously when unbinding a slave the 802.3ad implementation only told +partner that the port is not suitable for aggregation by setting the port +aggregation state from aggregatable to individual. This is not enough. If the +physical layer still stays up and we only unbinded this port from the bond there +is nothing in the aggregation status alone to prevent the partner from sending +traffic towards us. To ensure that the partner doesn't consider this +port at all anymore we should also disable collecting and distributing to +signal that this actor is going away. Also clear AD_STATE_SYNCHRONIZATION to +ensure partner exits collecting + distributing state. + +I have tested this behaviour againts Arista EOS switches with mlx5 cards +(physical link stays up even when interface is down) and simulated +the same situation virtually Linux <-> Linux with two network namespaces +running two veth device pairs. In both cases setting aggregation to +individual doesn't alone prevent traffic from being to sent towards this +port given that the link stays up in partners end. Partner still keeps +it's end in collecting + distributing state and continues until timeout is +reached. In most cases this means we are losing the traffic partner sends +towards our port while we wait for timeout. This is most visible with slow +periodic time (LACP rate slow). + +Other open source implementations like Open VSwitch and libreswitch, and +vendor implementations like Arista EOS, seem to disable collecting + +distributing to when doing similar port disabling/detaching/removing change. +With this patch kernel implementation would behave the same way and ensure +partner doesn't consider our actor viable anymore. + +Signed-off-by: Toni Peltonen +Signed-off-by: Jay Vosburgh +Acked-by: Jonathan Toppins +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/bonding/bond_3ad.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/net/bonding/bond_3ad.c b/drivers/net/bonding/bond_3ad.c +index e08d479f4d07..928134ba8db6 100644 +--- a/drivers/net/bonding/bond_3ad.c ++++ b/drivers/net/bonding/bond_3ad.c +@@ -2082,6 +2082,9 @@ void bond_3ad_unbind_slave(struct slave *slave) + aggregator->aggregator_identifier); + + /* Tell the partner that this port is not suitable for aggregation */ ++ port->actor_oper_port_state &= ~AD_STATE_SYNCHRONIZATION; ++ port->actor_oper_port_state &= ~AD_STATE_COLLECTING; ++ port->actor_oper_port_state &= ~AD_STATE_DISTRIBUTING; + port->actor_oper_port_state &= ~AD_STATE_AGGREGATION; + __update_lacpdu_from_port(port); + ad_lacpdu_send(port); +-- +2.16.4 + diff --git a/patches.suse/cpu-hotplug-Fix-SMT-disabled-by-BIOS-detection-for-K.patch b/patches.suse/cpu-hotplug-Fix-SMT-disabled-by-BIOS-detection-for-K.patch new file mode 100644 index 0000000..c7633d3 --- /dev/null +++ b/patches.suse/cpu-hotplug-Fix-SMT-disabled-by-BIOS-detection-for-K.patch @@ -0,0 +1,202 @@ +From: Josh Poimboeuf +Date: Wed, 30 Jan 2019 07:13:58 -0600 +Subject: cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM +Git-commit: b284909abad48b07d3071a9fc9b5692b3e64914b +Patch-mainline: 5.0-rc5 +References: git-fixes + +With the following commit: + + 73d5e2b47264 ("cpu/hotplug: detect SMT disabled by BIOS") + +... the hotplug code attempted to detect when SMT was disabled by BIOS, +in which case it reported SMT as permanently disabled. However, that +code broke a virt hotplug scenario, where the guest is booted with only +primary CPU threads, and a sibling is brought online later. + +The problem is that there doesn't seem to be a way to reliably +distinguish between the HW "SMT disabled by BIOS" case and the virt +"sibling not yet brought online" case. So the above-mentioned commit +was a bit misguided, as it permanently disabled SMT for both cases, +preventing future virt sibling hotplugs. + +Going back and reviewing the original problems which were attempted to +be solved by that commit, when SMT was disabled in BIOS: + + 1) /sys/devices/system/cpu/smt/control showed "on" instead of + "notsupported"; and + + 2) vmx_vm_init() was incorrectly showing the L1TF_MSG_SMT warning. + +I'd propose that we instead consider #1 above to not actually be a +problem. Because, at least in the virt case, it's possible that SMT +wasn't disabled by BIOS and a sibling thread could be brought online +later. So it makes sense to just always default the smt control to "on" +to allow for that possibility (assuming cpuid indicates that the CPU +supports SMT). + +The real problem is #2, which has a simple fix: change vmx_vm_init() to +query the actual current SMT state -- i.e., whether any siblings are +currently online -- instead of looking at the SMT "control" sysfs value. + +So fix it by: + + a) reverting the original "fix" and its followup fix: + + 73d5e2b47264 ("cpu/hotplug: detect SMT disabled by BIOS") + bc2d8d262cba ("cpu/hotplug: Fix SMT supported evaluation") + + and + + b) changing vmx_vm_init() to query the actual current SMT state -- + instead of the sysfs control value -- to determine whether the L1TF + warning is needed. This also requires the 'sched_smt_present' + variable to exported, instead of 'cpu_smt_control'. + +Fixes: 73d5e2b47264 ("cpu/hotplug: detect SMT disabled by BIOS") +Reported-by: Igor Mammedov +Signed-off-by: Josh Poimboeuf +Signed-off-by: Thomas Gleixner +Cc: Joe Mario +Cc: Jiri Kosina +Cc: Peter Zijlstra +Cc: kvm@vger.kernel.org +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/e3a85d585da28cc333ecbc1e78ee9216e6da9396.1548794349.git.jpoimboe@redhat.com +Signed-off-by: Jiri Slaby +--- + arch/x86/kernel/cpu/bugs.c | 2 +- + arch/x86/kvm/vmx.c | 3 ++- + include/linux/cpu.h | 2 -- + kernel/cpu.c | 33 ++++----------------------------- + kernel/sched/fair.c | 1 + + kernel/smp.c | 2 -- + 6 files changed, 8 insertions(+), 35 deletions(-) + +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -68,7 +68,7 @@ void __init check_bugs(void) + * identify_boot_cpu() initialized SMT support information, let the + * core code know. + */ +- cpu_smt_check_topology_early(); ++ cpu_smt_check_topology(); + + if (!IS_ENABLED(CONFIG_SMP)) { + pr_info("CPU: "); +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -10119,7 +10120,7 @@ static int vmx_vm_init(struct kvm *kvm) + * Warn upon starting the first VM in a potentially + * insecure environment. + */ +- if (cpu_smt_control == CPU_SMT_ENABLED) ++ if (sched_smt_active()) + pr_warn_once(L1TF_MSG_SMT); + if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER) + pr_warn_once(L1TF_MSG_L1D); +--- a/include/linux/cpu.h ++++ b/include/linux/cpu.h +@@ -187,12 +187,10 @@ enum cpuhp_smt_control { + #if defined(CONFIG_SMP) && defined(CONFIG_HOTPLUG_SMT) + extern enum cpuhp_smt_control cpu_smt_control; + extern void cpu_smt_disable(bool force); +-extern void cpu_smt_check_topology_early(void); + extern void cpu_smt_check_topology(void); + #else + # define cpu_smt_control (CPU_SMT_ENABLED) + static inline void cpu_smt_disable(bool force) { } +-static inline void cpu_smt_check_topology_early(void) { } + static inline void cpu_smt_check_topology(void) { } + #endif + +--- a/kernel/cpu.c ++++ b/kernel/cpu.c +@@ -354,9 +354,6 @@ void __weak arch_smt_update(void) { } + + #ifdef CONFIG_HOTPLUG_SMT + enum cpuhp_smt_control cpu_smt_control __read_mostly = CPU_SMT_ENABLED; +-EXPORT_SYMBOL_GPL(cpu_smt_control); +- +-static bool cpu_smt_available __read_mostly; + + void __init cpu_smt_disable(bool force) + { +@@ -374,25 +371,11 @@ void __init cpu_smt_disable(bool force) + + /* + * The decision whether SMT is supported can only be done after the full +- * CPU identification. Called from architecture code before non boot CPUs +- * are brought up. +- */ +-void __init cpu_smt_check_topology_early(void) +-{ +- if (!topology_smt_supported()) +- cpu_smt_control = CPU_SMT_NOT_SUPPORTED; +-} +- +-/* +- * If SMT was disabled by BIOS, detect it here, after the CPUs have been +- * brought online. This ensures the smt/l1tf sysfs entries are consistent +- * with reality. cpu_smt_available is set to true during the bringup of non +- * boot CPUs when a SMT sibling is detected. Note, this may overwrite +- * cpu_smt_control's previous setting. ++ * CPU identification. Called from architecture code. + */ + void __init cpu_smt_check_topology(void) + { +- if (!cpu_smt_available) ++ if (!topology_smt_supported()) + cpu_smt_control = CPU_SMT_NOT_SUPPORTED; + } + +@@ -405,18 +388,10 @@ early_param("nosmt", smt_cmdline_disable + + static inline bool cpu_smt_allowed(unsigned int cpu) + { +- if (topology_is_primary_thread(cpu)) ++ if (cpu_smt_control == CPU_SMT_ENABLED) + return true; + +- /* +- * If the CPU is not a 'primary' thread and the booted_once bit is +- * set then the processor has SMT support. Store this information +- * for the late check of SMT support in cpu_smt_check_topology(). +- */ +- if (per_cpu(cpuhp_state, cpu).booted_once) +- cpu_smt_available = true; +- +- if (cpu_smt_control == CPU_SMT_ENABLED) ++ if (topology_is_primary_thread(cpu)) + return true; + + /* +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -6071,6 +6071,7 @@ static inline int find_idlest_cpu(struct + + #ifdef CONFIG_SCHED_SMT + DEFINE_STATIC_KEY_FALSE(sched_smt_present); ++EXPORT_SYMBOL_GPL(sched_smt_present); + + static inline void set_idle_cores(int cpu, int val) + { +--- a/kernel/smp.c ++++ b/kernel/smp.c +@@ -584,8 +584,6 @@ void __init smp_init(void) + num_nodes, (num_nodes > 1 ? "s" : ""), + num_cpus, (num_cpus > 1 ? "s" : "")); + +- /* Final decision about SMT support */ +- cpu_smt_check_topology(); + /* Any cleanup work */ + smp_cpus_done(setup_max_cpus); + } diff --git a/patches.suse/cpu-smt-create-and-export-cpu_smt_possible.patch b/patches.suse/cpu-smt-create-and-export-cpu_smt_possible.patch index 09c35d2..7d0156b 100644 --- a/patches.suse/cpu-smt-create-and-export-cpu_smt_possible.patch +++ b/patches.suse/cpu-smt-create-and-export-cpu_smt_possible.patch @@ -19,15 +19,14 @@ Acked-by: Borislav Petkov --- a/include/linux/cpu.h +++ b/include/linux/cpu.h -@@ -191,11 +191,13 @@ extern enum cpuhp_smt_control cpu_smt_co +@@ -190,10 +190,12 @@ enum cpuhp_smt_control { + extern enum cpuhp_smt_control cpu_smt_control; extern void cpu_smt_disable(bool force); - extern void cpu_smt_check_topology_early(void); extern void cpu_smt_check_topology(void); +extern bool cpu_smt_possible(void); #else # define cpu_smt_control (CPU_SMT_ENABLED) static inline void cpu_smt_disable(bool force) { } - static inline void cpu_smt_check_topology_early(void) { } static inline void cpu_smt_check_topology(void) { } +static inline bool cpu_smt_possible(void) { return false; } #endif @@ -35,7 +34,7 @@ Acked-by: Borislav Petkov /* --- a/kernel/cpu.c +++ b/kernel/cpu.c -@@ -360,8 +360,7 @@ static bool cpu_smt_available __read_mos +@@ -357,8 +357,7 @@ enum cpuhp_smt_control cpu_smt_control _ void __init cpu_smt_disable(bool force) { @@ -45,7 +44,7 @@ Acked-by: Borislav Petkov return; if (force) { -@@ -427,6 +426,14 @@ static inline bool cpu_smt_allowed(unsig +@@ -402,6 +401,14 @@ static inline bool cpu_smt_allowed(unsig */ return !per_cpu(cpuhp_state, cpu).booted_once; } diff --git a/patches.suse/don-t-dump-the-threads-that-had-been-already-exiting.patch b/patches.suse/don-t-dump-the-threads-that-had-been-already-exiting.patch new file mode 100644 index 0000000..9143dca --- /dev/null +++ b/patches.suse/don-t-dump-the-threads-that-had-been-already-exiting.patch @@ -0,0 +1,69 @@ +From: Al Viro +Date: Wed, 28 Oct 2020 16:39:49 -0400 +Subject: don't dump the threads that had been already exiting when zapped. +Git-commit: 77f6ab8b7768cf5e6bdd0e72499270a0671506ee +Patch-mainline: 5.10-rc4 +References: git-fixes + +Coredump logics needs to report not only the registers of the dumping +thread, but (since 2.5.43) those of other threads getting killed. + +Doing that might require extra state saved on the stack in asm glue at +kernel entry; signal delivery logics does that (we need to be able to +save sigcontext there, at the very least) and so does seccomp. + +That covers all callers of do_coredump(). Secondary threads get hit with +SIGKILL and caught as soon as they reach exit_mm(), which normally happens +in signal delivery, so those are also fine most of the time. Unfortunately, +it is possible to end up with secondary zapped when it has already entered +exit(2) (or, worse yet, is oopsing). In those cases we reach exit_mm() +when mm->core_state is already set, but the stack contents is not what +we would have in signal delivery. + +At least on two architectures (alpha and m68k) it leads to infoleaks - we +end up with a chunk of kernel stack written into coredump, with the contents +consisting of normal C stack frames of the call chain leading to exit_mm() +instead of the expected copy of userland registers. In case of alpha we +leak 312 bytes of stack. Other architectures (including the regset-using +ones) might have similar problems - the normal user of regsets is ptrace +and the state of tracee at the time of such calls is special in the same +way signal delivery is. + +Note that had the zapper gotten to the exiting thread slightly later, +it wouldn't have been included into coredump anyway - we skip the threads +that have already cleared their ->mm. So let's pretend that zapper always +loses the race. IOW, have exit_mm() only insert into the dumper list if +we'd gotten there from handling a fatal signal[*] + +As the result, the callers of do_exit() that have *not* gone through get_signal() +are not seen by coredump logics as secondary threads. Which excludes voluntary +exit()/oopsen/traps/etc. The dumper thread itself is unaffected by that, +so seccomp is fine. + +[*] originally I intended to add a new flag in tsk->flags, but ebiederman pointed +out that PF_SIGNALED is already doing just what we need. + +Cc: stable@vger.kernel.org +Fixes: d89f3847def4 ("[PATCH] thread-aware coredumps, 2.5.43-C3") +History-tree: https://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git +Acked-by: "Eric W. Biederman" +Signed-off-by: Al Viro +Signed-off-by: Jiri Slaby +--- + kernel/exit.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/kernel/exit.c ++++ b/kernel/exit.c +@@ -528,7 +528,10 @@ static void exit_mm(void) + up_read(&mm->mmap_sem); + + self.task = current; +- self.next = xchg(&core_state->dumper.next, &self); ++ if (self.task->flags & PF_SIGNALED) ++ self.next = xchg(&core_state->dumper.next, &self); ++ else ++ self.task = NULL; + /* + * Implies mb(), the result of xchg() must be visible + * to core_state->dumper. diff --git a/patches.suse/gtp-set-NLM_F_MULTI-flag-in-gtp_genl_dump_pdp.patch b/patches.suse/gtp-set-NLM_F_MULTI-flag-in-gtp_genl_dump_pdp.patch new file mode 100644 index 0000000..913f443 --- /dev/null +++ b/patches.suse/gtp-set-NLM_F_MULTI-flag-in-gtp_genl_dump_pdp.patch @@ -0,0 +1,60 @@ +From 2e99dd047e6b180ac5698d9dbe594502e4a6eccc Mon Sep 17 00:00:00 2001 +From: Yoshiyuki Kurauchi +Date: Thu, 30 Apr 2020 14:01:36 +0900 +Subject: [PATCH 5/6] gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() +Git-commit: 846c68f7f1ac82c797a2f1db3344a2966c0fe2e1 +References: git-fixes +Patch-mainline: v5.7-rc5 + +In drivers/net/gtp.c, gtp_genl_dump_pdp() should set NLM_F_MULTI +flag since it returns multipart message. +This patch adds a new arg "flags" in gtp_genl_fill_info() so that +flags can be set by the callers. + +Signed-off-by: Yoshiyuki Kurauchi +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/gtp.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c +index 8c41a20c60a6..6e4d9ac08c9f 100644 +--- a/drivers/net/gtp.c ++++ b/drivers/net/gtp.c +@@ -1159,11 +1159,11 @@ static int gtp_genl_del_pdp(struct sk_buff *skb, struct genl_info *info) + static struct genl_family gtp_genl_family; + + static int gtp_genl_fill_info(struct sk_buff *skb, u32 snd_portid, u32 snd_seq, +- u32 type, struct pdp_ctx *pctx) ++ int flags, u32 type, struct pdp_ctx *pctx) + { + void *genlh; + +- genlh = genlmsg_put(skb, snd_portid, snd_seq, >p_genl_family, 0, ++ genlh = genlmsg_put(skb, snd_portid, snd_seq, >p_genl_family, flags, + type); + if (genlh == NULL) + goto nlmsg_failure; +@@ -1218,8 +1218,8 @@ static int gtp_genl_get_pdp(struct sk_buff *skb, struct genl_info *info) + goto err_unlock; + } + +- err = gtp_genl_fill_info(skb2, NETLINK_CB(skb).portid, +- info->snd_seq, info->nlhdr->nlmsg_type, pctx); ++ err = gtp_genl_fill_info(skb2, NETLINK_CB(skb).portid, info->snd_seq, ++ 0, info->nlhdr->nlmsg_type, pctx); + if (err < 0) + goto err_unlock_free; + +@@ -1262,6 +1262,7 @@ static int gtp_genl_dump_pdp(struct sk_buff *skb, + gtp_genl_fill_info(skb, + NETLINK_CB(cb->skb).portid, + cb->nlh->nlmsg_seq, ++ NLM_F_MULTI, + cb->nlh->nlmsg_type, pctx)) { + cb->args[0] = i; + cb->args[1] = j; +-- +2.16.4 + diff --git a/patches.suse/icmp-don-t-fail-on-fragment-reassembly-time-exceeded.patch b/patches.suse/icmp-don-t-fail-on-fragment-reassembly-time-exceeded.patch new file mode 100644 index 0000000..ddf4f8b --- /dev/null +++ b/patches.suse/icmp-don-t-fail-on-fragment-reassembly-time-exceeded.patch @@ -0,0 +1,103 @@ +From 8052243daee84f24ddf34c374117a4aedf068eb7 Mon Sep 17 00:00:00 2001 +From: Matteo Croce +Date: Thu, 12 Oct 2017 16:12:37 +0200 +Subject: [PATCH 3/7] icmp: don't fail on fragment reassembly time exceeded +Git-commit: 258bbb1b0e594ad5f5652cb526b3c63e6a7fad3d +Patch-mainline: v4.15-rc1 +References: git-fixes + +The ICMP implementation currently replies to an ICMP time exceeded message +(type 11) with an ICMP host unreachable message (type 3, code 1). + +However, time exceeded messages can either represent "time to live exceeded +in transit" (code 0) or "fragment reassembly time exceeded" (code 1). + +Unconditionally replying to "fragment reassembly time exceeded" with +host unreachable messages might cause unjustified connection resets +which are now easily triggered as UFO has been removed, because, in turn, +sending large buffers triggers IP fragmentation. + +The issue can be easily reproduced by running a lot of UDP streams +which is likely to trigger IP fragmentation: + + # start netserver in the test namespace + ip netns add test + ip netns exec test netserver + + # create a VETH pair + ip link add name veth0 type veth peer name veth0 netns test + ip link set veth0 up + ip -n test link set veth0 up + + for i in $(seq 20 29); do + # assign addresses to both ends + ip addr add dev veth0 192.168.$i.1/24 + ip -n test addr add dev veth0 192.168.$i.2/24 + + # start the traffic + netperf -L 192.168.$i.1 -H 192.168.$i.2 -t UDP_STREAM -l 0 & + done + + # wait + send_data: data send error: No route to host (errno 113) + netperf: send_omni: send_data failed: No route to host + +We need to differentiate instead: if fragment reassembly time exceeded +is reported, we need to silently drop the packet, +if time to live exceeded is reported, maintain the current behaviour. +In both cases increment the related error count "icmpInTimeExcds". + +While at it, fix a typo in a comment, and convert the if statement +into a switch to mate it more readable. + +Signed-off-by: Matteo Croce +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + net/ipv4/icmp.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c +index e2770ed6cf3f..6cbe3af5b21b 100644 +--- a/net/ipv4/icmp.c ++++ b/net/ipv4/icmp.c +@@ -786,7 +786,7 @@ static bool icmp_tag_validation(int proto) + } + + /* +- * Handle ICMP_DEST_UNREACH, ICMP_TIME_EXCEED, ICMP_QUENCH, and ++ * Handle ICMP_DEST_UNREACH, ICMP_TIME_EXCEEDED, ICMP_QUENCH, and + * ICMP_PARAMETERPROB. + */ + +@@ -814,7 +814,8 @@ static bool icmp_unreach(struct sk_buff *skb) + if (iph->ihl < 5) /* Mangled header, drop. */ + goto out_err; + +- if (icmph->type == ICMP_DEST_UNREACH) { ++ switch (icmph->type) { ++ case ICMP_DEST_UNREACH: + switch (icmph->code & 15) { + case ICMP_NET_UNREACH: + case ICMP_HOST_UNREACH: +@@ -850,8 +851,16 @@ static bool icmp_unreach(struct sk_buff *skb) + } + if (icmph->code > NR_ICMP_UNREACH) + goto out; +- } else if (icmph->type == ICMP_PARAMETERPROB) ++ break; ++ case ICMP_PARAMETERPROB: + info = ntohl(icmph->un.gateway) >> 24; ++ break; ++ case ICMP_TIME_EXCEEDED: ++ __ICMP_INC_STATS(net, ICMP_MIB_INTIMEEXCDS); ++ if (icmph->code == ICMP_EXC_FRAGTIME) ++ goto out; ++ break; ++ } + + /* + * Throw it at our lower layers +-- +2.16.4 + diff --git a/patches.suse/ipmi-Fix-UAF-when-uninstall-ipmi_si-and-ipmi_msghand.patch b/patches.suse/ipmi-Fix-UAF-when-uninstall-ipmi_si-and-ipmi_msghand.patch new file mode 100644 index 0000000..441bfc7 --- /dev/null +++ b/patches.suse/ipmi-Fix-UAF-when-uninstall-ipmi_si-and-ipmi_msghand.patch @@ -0,0 +1,143 @@ +From ffb76a86f8096a8206be03b14adda6092e18e275 Mon Sep 17 00:00:00 2001 +From: Wu Bo +Date: Tue, 21 Dec 2021 15:00:34 +0800 +Subject: [PATCH] ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler + module +Git-commit: ffb76a86f8096a8206be03b14adda6092e18e275 +References: git-fixes +Patch-mainline: v5.16-rc7 + +Hi, + +When testing install and uninstall of ipmi_si.ko and ipmi_msghandler.ko, +the system crashed. + +The log as follows: +[ 141.087026] BUG: unable to handle kernel paging request at ffffffffc09b3a5a +[ 141.087241] PGD 8fe4c0d067 P4D 8fe4c0d067 PUD 8fe4c0f067 PMD 103ad89067 PTE 0 +[ 141.087464] Oops: 0010 [#1] SMP NOPTI +[ 141.087580] CPU: 67 PID: 668 Comm: kworker/67:1 Kdump: loaded Not tainted 4.18.0.x86_64 #47 +[ 141.088009] Workqueue: events 0xffffffffc09b3a40 +[ 141.088009] RIP: 0010:0xffffffffc09b3a5a +[ 141.088009] Code: Bad RIP value. +[ 141.088009] RSP: 0018:ffffb9094e2c3e88 EFLAGS: 00010246 +[ 141.088009] RAX: 0000000000000000 RBX: ffff9abfdb1f04a0 RCX: 0000000000000000 +[ 141.088009] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246 +[ 141.088009] RBP: 0000000000000000 R08: ffff9abfffee3cb8 R09: 00000000000002e1 +[ 141.088009] R10: ffffb9094cb73d90 R11: 00000000000f4240 R12: ffff9abfffee8700 +[ 141.088009] R13: 0000000000000000 R14: ffff9abfdb1f04a0 R15: ffff9abfdb1f04a8 +[ 141.088009] FS: 0000000000000000(0000) GS:ffff9abfffec0000(0000) knlGS:0000000000000000 +[ 141.088009] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 141.088009] CR2: ffffffffc09b3a30 CR3: 0000008fe4c0a001 CR4: 00000000007606e0 +[ 141.088009] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 141.088009] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 141.088009] PKRU: 55555554 +[ 141.088009] Call Trace: +[ 141.088009] ? process_one_work+0x195/0x390 +[ 141.088009] ? worker_thread+0x30/0x390 +[ 141.088009] ? process_one_work+0x390/0x390 +[ 141.088009] ? kthread+0x10d/0x130 +[ 141.088009] ? kthread_flush_work_fn+0x10/0x10 +[ 141.088009] ? ret_from_fork+0x35/0x40] BUG: unable to handle kernel paging request at ffffffffc0b28a5a +[ 200.223240] PGD 97fe00d067 P4D 97fe00d067 PUD 97fe00f067 PMD a580cbf067 PTE 0 +[ 200.223464] Oops: 0010 [#1] SMP NOPTI +[ 200.223579] CPU: 63 PID: 664 Comm: kworker/63:1 Kdump: loaded Not tainted 4.18.0.x86_64 #46 +[ 200.224008] Workqueue: events 0xffffffffc0b28a40 +[ 200.224008] RIP: 0010:0xffffffffc0b28a5a +[ 200.224008] Code: Bad RIP value. +[ 200.224008] RSP: 0018:ffffbf3c8e2a3e88 EFLAGS: 00010246 +[ 200.224008] RAX: 0000000000000000 RBX: ffffa0799ad6bca0 RCX: 0000000000000000 +[ 200.224008] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246 +[ 200.224008] RBP: 0000000000000000 R08: ffff9fe43fde3cb8 R09: 00000000000000d5 +[ 200.224008] R10: ffffbf3c8cb53d90 R11: 00000000000f4240 R12: ffff9fe43fde8700 +[ 200.224008] R13: 0000000000000000 R14: ffffa0799ad6bca0 R15: ffffa0799ad6bca8 +[ 200.224008] FS: 0000000000000000(0000) GS:ffff9fe43fdc0000(0000) knlGS:0000000000000000 +[ 200.224008] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 200.224008] CR2: ffffffffc0b28a30 CR3: 00000097fe00a002 CR4: 00000000007606e0 +[ 200.224008] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 200.224008] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 200.224008] PKRU: 55555554 +[ 200.224008] Call Trace: +[ 200.224008] ? process_one_work+0x195/0x390 +[ 200.224008] ? worker_thread+0x30/0x390 +[ 200.224008] ? process_one_work+0x390/0x390 +[ 200.224008] ? kthread+0x10d/0x130 +[ 200.224008] ? kthread_flush_work_fn+0x10/0x10 +[ 200.224008] ? ret_from_fork+0x35/0x40 +[ 200.224008] kernel fault(0x1) notification starting on CPU 63 +[ 200.224008] kernel fault(0x1) notification finished on CPU 63 +[ 200.224008] CR2: ffffffffc0b28a5a +[ 200.224008] ---[ end trace c82a412d93f57412 ]--- + +The reason is as follows: +T1: rmmod ipmi_si. + ->ipmi_unregister_smi() + -> ipmi_bmc_unregister() + -> __ipmi_bmc_unregister() + -> kref_put(&bmc->usecount, cleanup_bmc_device); + -> schedule_work(&bmc->remove_work); + +T2: rmmod ipmi_msghandler. + ipmi_msghander module uninstalled, and the module space + will be freed. + +T3: bmc->remove_work doing cleanup the bmc resource. + -> cleanup_bmc_work() + -> platform_device_unregister(&bmc->pdev); + -> platform_device_del(pdev); + -> device_del(&pdev->dev); + -> kobject_uevent(&dev->kobj, KOBJ_REMOVE); + -> kobject_uevent_env() + -> dev_uevent() + -> if (dev->type && dev->type->name) + + 'dev->type'(bmc_device_type) pointer space has freed when uninstall + ipmi_msghander module, 'dev->type->name' cause the system crash. + +drivers/char/ipmi/ipmi_msghandler.c: +2820 static const struct device_type bmc_device_type = { +2821 .groups = bmc_dev_attr_groups, +2822 }; + +Steps to reproduce: +Add a time delay in cleanup_bmc_work() function, +and uninstall ipmi_si and ipmi_msghandler module. + +2910 static void cleanup_bmc_work(struct work_struct *work) +2911 { +2912 struct bmc_device *bmc = container_of(work, struct bmc_device, +2913 remove_work); +2914 int id = bmc->pdev.id; /* Unregister overwrites id */ +2915 +2916 msleep(3000); <--- +2917 platform_device_unregister(&bmc->pdev); +2918 ida_simple_remove(&ipmi_bmc_ida, id); +2919 } + +Use 'remove_work_wq' instead of 'system_wq' to solve this issues. + +Fixes: b2cfd8ab4add ("ipmi: Rework device id and guid handling to catch changing BMCs") +Signed-off-by: Wu Bo +Message-Id: <1640070034-56671-1-git-send-email-wubo40@huawei.com> +Signed-off-by: Corey Minyard +Signed-off-by: Oliver Neukum +--- + drivers/char/ipmi/ipmi_msghandler.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c +index 266c7bc58dda..c59265146e9c 100644 +--- a/drivers/char/ipmi/ipmi_msghandler.c ++++ b/drivers/char/ipmi/ipmi_msghandler.c +@@ -3031,7 +3031,7 @@ cleanup_bmc_device(struct kref *ref) + * with removing the device attributes while reading a device + * attribute. + */ +- schedule_work(&bmc->remove_work); ++ queue_work(remove_work_wq, &bmc->remove_work); + } + + /* +-- +2.39.2 + diff --git a/patches.suse/ipmi-Move-remove_work-to-dedicated-workqueue.patch b/patches.suse/ipmi-Move-remove_work-to-dedicated-workqueue.patch new file mode 100644 index 0000000..19c36ec --- /dev/null +++ b/patches.suse/ipmi-Move-remove_work-to-dedicated-workqueue.patch @@ -0,0 +1,83 @@ +From 1d49eb91e86e8c1c1614c72e3e958b6b7e2472a9 Mon Sep 17 00:00:00 2001 +From: Ioanna Alifieraki +Date: Mon, 15 Nov 2021 15:16:45 +0200 +Subject: [PATCH] ipmi: Move remove_work to dedicated workqueue +Git-commit: 1d49eb91e86e8c1c1614c72e3e958b6b7e2472a9 +References: git-fixes +Patch-mainline: v5.16-rc4 + +Currently when removing an ipmi_user the removal is deferred as a work on +the system's workqueue. Although this guarantees the free operation will +occur in non atomic context, it can race with the ipmi_msghandler module +removal (see [1]) . In case a remove_user work is scheduled for removal +and shortly after ipmi_msghandler module is removed we can end up in a +situation where the module is removed fist and when the work is executed +the system crashes with : +BUG: unable to handle page fault for address: ffffffffc05c3450 +PF: supervisor instruction fetch in kernel mode +PF: error_code(0x0010) - not-present page +because the pages of the module are gone. In cleanup_ipmi() there is no +easy way to detect if there are any pending works to flush them before +removing the module. This patch creates a separate workqueue and schedules +the remove_work works on it. When removing the module the workqueue is +drained when destroyed to avoid the race. + +[1] https://bugs.launchpad.net/bugs/1950666 + +Cc: stable@vger.kernel.org # 5.1 +Fixes: 3b9a907223d7 (ipmi: fix sleep-in-atomic in free_user at cleanup SRCU user->release_barrier) +Signed-off-by: Ioanna Alifieraki +Message-Id: <20211115131645.25116-1-ioanna-maria.alifieraki@canonical.com> +Signed-off-by: Corey Minyard +Signed-off-by: Oliver Neukum +--- + drivers/char/ipmi/ipmi_msghandler.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +--- a/drivers/char/ipmi/ipmi_msghandler.c ++++ b/drivers/char/ipmi/ipmi_msghandler.c +@@ -221,6 +221,8 @@ struct ipmi_user { + struct work_struct remove_work; + }; + ++struct workqueue_struct *remove_work_wq; ++ + static struct ipmi_user *acquire_ipmi_user(struct ipmi_user *user, int *index) + __acquires(user->release_barrier) + { +@@ -1226,7 +1228,7 @@ static void free_user(struct kref *ref) + struct ipmi_user *user = container_of(ref, struct ipmi_user, refcount); + + /* SRCU cleanup must happen in task context. */ +- schedule_work(&user->remove_work); ++ queue_work(remove_work_wq, &user->remove_work); + } + + static void _ipmi_destroy_user(struct ipmi_user *user) +@@ -5330,10 +5332,17 @@ static int ipmi_init_msghandler(void) + mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES); + + atomic_notifier_chain_register(&panic_notifier_list, &panic_block); ++ remove_work_wq = create_singlethread_workqueue("ipmi-msghandler-remove-wq"); ++ if (!remove_work_wq) { ++ pr_err("unable to create ipmi-msghandler-remove-wq workqueue"); ++ rv = -ENOMEM; ++ goto out; ++ } + + initialized = 1; + +- return 0; ++out: ++ return rv; + } + + static int __init ipmi_init_msghandler_mod(void) +@@ -5349,6 +5358,7 @@ static void __exit cleanup_ipmi(void) + if (!initialized) + return; + ++ destroy_workqueue(remove_work_wq); + atomic_notifier_chain_unregister(&panic_notifier_list, &panic_block); + + /* diff --git a/patches.suse/ipmi-fix-initialization-when-workqueue-allocation-fa.patch b/patches.suse/ipmi-fix-initialization-when-workqueue-allocation-fa.patch new file mode 100644 index 0000000..a372c83 --- /dev/null +++ b/patches.suse/ipmi-fix-initialization-when-workqueue-allocation-fa.patch @@ -0,0 +1,58 @@ +From 75d70d76cb7b927cace2cb34265d68ebb3306b13 Mon Sep 17 00:00:00 2001 +From: Thadeu Lima de Souza Cascardo +Date: Fri, 17 Dec 2021 12:44:10 -0300 +Subject: [PATCH] ipmi: fix initialization when workqueue allocation fails +Git-commit: 75d70d76cb7b927cace2cb34265d68ebb3306b13 +References: git-fixes +Patch-mainline: v5.16-rc7 + +If the workqueue allocation fails, the driver is marked as not initialized, +and timer and panic_notifier will be left registered. + +Instead of removing those when workqueue allocation fails, do the workqueue +initialization before doing it, and cleanup srcu_struct if it fails. + +Fixes: 1d49eb91e86e ("ipmi: Move remove_work to dedicated workqueue") +Signed-off-by: Thadeu Lima de Souza Cascardo +Cc: Corey Minyard +Cc: Ioanna Alifieraki +Cc: stable@vger.kernel.org +Message-Id: <20211217154410.1228673-2-cascardo@canonical.com> +Signed-off-by: Corey Minyard +Signed-off-by: Oliver Neukum +--- + drivers/char/ipmi/ipmi_msghandler.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +--- a/drivers/char/ipmi/ipmi_msghandler.c ++++ b/drivers/char/ipmi/ipmi_msghandler.c +@@ -5328,19 +5328,24 @@ static int ipmi_init_msghandler(void) + + #endif /* CONFIG_PROC_FS */ + +- setup_timer(&ipmi_timer, ipmi_timeout, 0); +- mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES); +- +- atomic_notifier_chain_register(&panic_notifier_list, &panic_block); + remove_work_wq = create_singlethread_workqueue("ipmi-msghandler-remove-wq"); + if (!remove_work_wq) { + pr_err("unable to create ipmi-msghandler-remove-wq workqueue"); + rv = -ENOMEM; +- goto out; ++ goto out_wq; + } + ++ setup_timer(&ipmi_timer, ipmi_timeout, 0); ++ mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES); ++ ++ atomic_notifier_chain_register(&panic_notifier_list, &panic_block); ++ + initialized = 1; + ++out_wq: ++ if (rv) ++ cleanup_srcu_struct(&ipmi_interfaces_srcu); ++ + out: + return rv; + } diff --git a/patches.suse/ipmi-fix-memleak-when-unload-ipmi-driver.patch b/patches.suse/ipmi-fix-memleak-when-unload-ipmi-driver.patch new file mode 100644 index 0000000..5f3b909 --- /dev/null +++ b/patches.suse/ipmi-fix-memleak-when-unload-ipmi-driver.patch @@ -0,0 +1,63 @@ +From 36992eb6b9b83f7f9cdc8e74fb5799d7b52e83e9 Mon Sep 17 00:00:00 2001 +From: Zhang Yuchen +Date: Fri, 7 Oct 2022 17:26:17 +0800 +Subject: [PATCH] ipmi: fix memleak when unload ipmi driver +Git-commit: 36992eb6b9b83f7f9cdc8e74fb5799d7b52e83e9 +References: git-fixes +Patch-mainline: v6.2-rc1 + +After the IPMI disconnect problem, the memory kept rising and we tried +to unload the driver to free the memory. However, only part of the +free memory is recovered after the driver is uninstalled. Using +ebpf to hook free functions, we find that neither ipmi_user nor +ipmi_smi_msg is free, only ipmi_recv_msg is free. + +We find that the deliver_smi_err_response call in clean_smi_msgs does +the destroy processing on each message from the xmit_msg queue without +checking the return value and free ipmi_smi_msg. + +deliver_smi_err_response is called only at this location. Adding the +free handling has no effect. + +To verify, try using ebpf to trace the free function. + + $ bpftrace -e 'kretprobe:ipmi_alloc_recv_msg {printf("alloc rcv + %p\n",retval);} kprobe:free_recv_msg {printf("free recv %p\n", + arg0)} kretprobe:ipmi_alloc_smi_msg {printf("alloc smi %p\n", + retval);} kprobe:free_smi_msg {printf("free smi %p\n",arg0)}' + +Signed-off-by: Zhang Yuchen +Message-Id: <20221007092617.87597-4-zhangyuchen.lcr@bytedance.com> +[Fixed the comment above handle_one_recv_msg().] +Signed-off-by: Corey Minyard +Signed-off-by: Oliver Neukum +--- + drivers/char/ipmi/ipmi_msghandler.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c +index 49a1707693c9..d5ee52be176d 100644 +--- a/drivers/char/ipmi/ipmi_msghandler.c ++++ b/drivers/char/ipmi/ipmi_msghandler.c +@@ -3704,12 +3704,16 @@ static void deliver_smi_err_response(struct ipmi_smi *intf, + struct ipmi_smi_msg *msg, + unsigned char err) + { ++ int rv; + msg->rsp[0] = msg->data[0] | 4; + msg->rsp[1] = msg->data[1]; + msg->rsp[2] = err; + msg->rsp_size = 3; +- /* It's an error, so it will never requeue, no need to check return. */ +- handle_one_recv_msg(intf, msg); ++ ++ /* This will never requeue, but it may ask us to free the message. */ ++ rv = handle_one_recv_msg(intf, msg); ++ if (rv == 0) ++ ipmi_free_smi_msg(msg); + } + + static void cleanup_smi_msgs(struct ipmi_smi *intf) +-- +2.39.2 + diff --git a/patches.suse/ipmi-fix-use-after-free-in-_ipmi_destroy_user.patch b/patches.suse/ipmi-fix-use-after-free-in-_ipmi_destroy_user.patch new file mode 100644 index 0000000..08b3385 --- /dev/null +++ b/patches.suse/ipmi-fix-use-after-free-in-_ipmi_destroy_user.patch @@ -0,0 +1,47 @@ +From a92ce570c81dc0feaeb12a429b4bc65686d17967 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Tue, 15 Nov 2022 16:17:43 +0300 +Subject: [PATCH] ipmi: fix use after free in _ipmi_destroy_user() +Git-commit: a92ce570c81dc0feaeb12a429b4bc65686d17967 +References: git-fixes +Patch-mainline: v6.2-rc1 + +The intf_free() function frees the "intf" pointer so we cannot +dereference it again on the next line. + +Fixes: cbb79863fc31 ("ipmi: Don't allow device module unload when in use") +Signed-off-by: Dan Carpenter +Message-Id: +Cc: # 5.5+ +Signed-off-by: Corey Minyard +Signed-off-by: Oliver Neukum +--- + drivers/char/ipmi/ipmi_msghandler.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c +index f6b8ca6df9b5..186f1fee7534 100644 +--- a/drivers/char/ipmi/ipmi_msghandler.c ++++ b/drivers/char/ipmi/ipmi_msghandler.c +@@ -1330,6 +1330,7 @@ static void _ipmi_destroy_user(struct ipmi_user *user) + unsigned long flags; + struct cmd_rcvr *rcvr; + struct cmd_rcvr *rcvrs = NULL; ++ struct module *owner; + + if (!acquire_ipmi_user(user, &i)) { + /* +@@ -1392,8 +1393,9 @@ static void _ipmi_destroy_user(struct ipmi_user *user) + kfree(rcvr); + } + ++ owner = intf->owner; + kref_put(&intf->refcount, intf_free); +- module_put(intf->owner); ++ module_put(owner); + } + + int ipmi_destroy_user(struct ipmi_user *user) +-- +2.39.2 + diff --git a/patches.suse/ipmi-msghandler-Make-symbol-remove_work_wq-static.patch b/patches.suse/ipmi-msghandler-Make-symbol-remove_work_wq-static.patch new file mode 100644 index 0000000..0dcf329 --- /dev/null +++ b/patches.suse/ipmi-msghandler-Make-symbol-remove_work_wq-static.patch @@ -0,0 +1,42 @@ +From 5a3ba99b62d8486de0316334e72ac620d4b94fdd Mon Sep 17 00:00:00 2001 +From: Wei Yongjun +Date: Tue, 23 Nov 2021 08:36:18 +0000 +Subject: [PATCH] ipmi: msghandler: Make symbol 'remove_work_wq' static +Git-commit: 5a3ba99b62d8486de0316334e72ac620d4b94fdd +References: git-fixes +Patch-mainline: v5.16-rc4 + +The sparse tool complains as follows: + +drivers/char/ipmi/ipmi_msghandler.c:194:25: warning: + symbol 'remove_work_wq' was not declared. Should it be static? + +This symbol is not used outside of ipmi_msghandler.c, so +marks it static. + +Fixes: 1d49eb91e86e ("ipmi: Move remove_work to dedicated workqueue") +Reported-by: Hulk Robot +Signed-off-by: Wei Yongjun +Message-Id: <20211123083618.2366808-1-weiyongjun1@huawei.com> +Signed-off-by: Corey Minyard +Signed-off-by: Oliver Neukum +--- + drivers/char/ipmi/ipmi_msghandler.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c +index 1ade72bfae0f..a2ec0171363a 100644 +--- a/drivers/char/ipmi/ipmi_msghandler.c ++++ b/drivers/char/ipmi/ipmi_msghandler.c +@@ -191,7 +191,7 @@ struct ipmi_user { + struct work_struct remove_work; + }; + +-struct workqueue_struct *remove_work_wq; ++static struct workqueue_struct *remove_work_wq; + + static struct ipmi_user *acquire_ipmi_user(struct ipmi_user *user, int *index) + __acquires(user->release_barrier) +-- +2.39.2 + diff --git a/patches.suse/kbuild-clear-LDFLAGS-in-the-top-Makefile.patch b/patches.suse/kbuild-clear-LDFLAGS-in-the-top-Makefile.patch new file mode 100644 index 0000000..15ba91f --- /dev/null +++ b/patches.suse/kbuild-clear-LDFLAGS-in-the-top-Makefile.patch @@ -0,0 +1,33 @@ +From: Masahiro Yamada +Date: Fri, 16 Mar 2018 16:37:09 +0900 +Subject: kbuild: clear LDFLAGS in the top Makefile +Git-commit: ce99d0bf312daf0178e640da9e3c93b773a67e7d +Patch-mainline: 4.17-rc1 +References: bsc#1203200 + +Currently LDFLAGS is not cleared, so same flags are accumulated in +LDFLAGS when the top Makefile is recursively invoked. + +I found unneeded rebuild for ARCH=arm64 when CONFIG_TRIM_UNUSED_KSYMS +is enabled. If include/generated/autoksyms.h is updated, the top +Makefile is recursively invoked, then arch/arm64/Makefile adds one +more '-maarch64linux'. Due to the command line change, modules are +rebuilt needlessly. + +Signed-off-by: Masahiro Yamada +Acked-by: Nicolas Pitre +Signed-off-by: Jiri Slaby +--- + Makefile | 1 + + 1 file changed, 1 insertion(+) + +--- a/Makefile ++++ b/Makefile +@@ -410,6 +410,7 @@ KBUILD_AFLAGS := -D__ASSEMBLY__ $(call + KBUILD_AFLAGS_MODULE := -DMODULE + KBUILD_CFLAGS_MODULE := -DMODULE + KBUILD_LDFLAGS_MODULE := -T $(srctree)/scripts/module-common.lds ++LDFLAGS := + + # Read KERNELRELEASE from include/config/kernel.release (if it exists) + KERNELRELEASE = $(shell cat include/config/kernel.release 2> /dev/null) diff --git a/patches.suse/kernel-sys.c-avoid-copying-possible-padding-bytes-in.patch b/patches.suse/kernel-sys.c-avoid-copying-possible-padding-bytes-in.patch new file mode 100644 index 0000000..430a0e0 --- /dev/null +++ b/patches.suse/kernel-sys.c-avoid-copying-possible-padding-bytes-in.patch @@ -0,0 +1,41 @@ +From: Joe Perches +Date: Wed, 4 Dec 2019 16:50:53 -0800 +Subject: kernel/sys.c: avoid copying possible padding bytes in copy_to_user +Git-commit: 5e1aada08cd19ea652b2d32a250501d09b02ff2e +Patch-mainline: 5.5-rc1 +References: git-fixes + +Initialization is not guaranteed to zero padding bytes so use an +explicit memset instead to avoid leaking any kernel content in any +possible padding bytes. + +Link: http://lkml.kernel.org/r/dfa331c00881d61c8ee51577a082d8bebd61805c.camel@perches.com +Signed-off-by: Joe Perches +Cc: Dan Carpenter +Cc: Julia Lawall +Cc: Thomas Gleixner +Cc: Kees Cook +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Jiri Slaby +--- + kernel/sys.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/kernel/sys.c ++++ b/kernel/sys.c +@@ -1199,11 +1199,13 @@ SYSCALL_DEFINE1(uname, struct old_utsnam + + SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) + { +- struct oldold_utsname tmp = {}; ++ struct oldold_utsname tmp; + + if (!name) + return -EFAULT; + ++ memset(&tmp, 0, sizeof(tmp)); ++ + down_read(&uts_sem); + memcpy(&tmp.sysname, &utsname()->sysname, __OLD_UTS_LEN); + memcpy(&tmp.nodename, &utsname()->nodename, __OLD_UTS_LEN); diff --git a/patches.suse/l2tp-Serialize-access-to-sk_user_data-with-sk_callba.patch b/patches.suse/l2tp-Serialize-access-to-sk_user_data-with-sk_callba.patch new file mode 100644 index 0000000..4563a4a --- /dev/null +++ b/patches.suse/l2tp-Serialize-access-to-sk_user_data-with-sk_callba.patch @@ -0,0 +1,127 @@ +From 48e1241abb30d388e687af13bb49b37baf148639 Mon Sep 17 00:00:00 2001 +From: Jakub Sitnicki +Date: Mon, 14 Nov 2022 20:16:19 +0100 +Subject: [PATCH 3/3] l2tp: Serialize access to sk_user_data with + sk_callback_lock +Git-commit: b68777d54fac21fc833ec26ea1a2a84f975ab035 +Patch-mainline: v6.1-rc6 +References: bsc#1205711 CVE-2022-4129 + +sk->sk_user_data has multiple users, which are not compatible with each +other. Writers must synchronize by grabbing the sk->sk_callback_lock. + +l2tp currently fails to grab the lock when modifying the underlying tunnel +socket fields. Fix it by adding appropriate locking. + +We err on the side of safety and grab the sk_callback_lock also inside the +sk_destruct callback overridden by l2tp, even though there should be no +refs allowing access to the sock at the time when sk_destruct gets called. + +v4: +- serialize write to sk_user_data in l2tp sk_destruct + +v3: +- switch from sock lock to sk_callback_lock +- document write-protection for sk_user_data + +v2: +- update Fixes to point to origin of the bug +- use real names in Reported/Tested-by tags + +Cc: Tom Parkin +Fixes: 3557baabf280 ("[L2TP]: PPP over L2TP driver core") +Reported-by: Haowei Yan +Signed-off-by: Jakub Sitnicki +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + include/net/sock.h | 2 +- + net/l2tp/l2tp_core.c | 22 ++++++++++++++-------- + 2 files changed, 15 insertions(+), 9 deletions(-) + +diff --git a/include/net/sock.h b/include/net/sock.h +index 8375176ecee3..238533d3553f 100644 +--- a/include/net/sock.h ++++ b/include/net/sock.h +@@ -291,7 +291,7 @@ struct sock_common { + * @sk_tsflags: SO_TIMESTAMPING socket options + * @sk_tskey: counter to disambiguate concurrent tstamp requests + * @sk_socket: Identd and reporting IO signals +- * @sk_user_data: RPC layer private data ++ * @sk_user_data: RPC layer private data. Write-protected by @sk_callback_lock. + * @sk_frag: cached page frag + * @sk_peek_off: current peek_offset value + * @sk_send_head: front of stuff to transmit +diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c +index c28cf5c0e80a..9ea1ea5a9d15 100644 +--- a/net/l2tp/l2tp_core.c ++++ b/net/l2tp/l2tp_core.c +@@ -1191,8 +1191,10 @@ static void l2tp_tunnel_destruct(struct sock *sk) + } + + /* Remove hooks into tunnel socket */ ++ write_lock_bh(&sk->sk_callback_lock); + sk->sk_destruct = tunnel->old_sk_destruct; + sk->sk_user_data = NULL; ++ write_unlock_bh(&sk->sk_callback_lock); + + /* Call the original destructor */ + if (sk->sk_destruct) +@@ -1509,20 +1511,21 @@ int l2tp_tunnel_register(struct l2tp_tunnel *tunnel, struct net *net, + sock = sockfd_lookup(tunnel->fd, &ret); + if (!sock) + goto err; +- +- ret = l2tp_validate_socket(sock->sk, net, tunnel->encap); +- if (ret < 0) +- goto err_sock; + } + + sk = sock->sk; ++ write_lock(&sk->sk_callback_lock); + +- sock_hold(sk); +- tunnel->sock = sk; +- tunnel->l2tp_net = net; ++ ret = l2tp_validate_socket(sk, net, tunnel->encap); ++ if (ret < 0) ++ goto err_sock; + ++ tunnel->l2tp_net = net; + pn = l2tp_pernet(net); + ++ sock_hold(sk); ++ tunnel->sock = sk; ++ + spin_lock_bh(&pn->l2tp_tunnel_list_lock); + list_for_each_entry(tunnel_walk, &pn->l2tp_tunnel_list, list) { + if (tunnel_walk->tunnel_id == tunnel->tunnel_id) { +@@ -1545,7 +1548,7 @@ int l2tp_tunnel_register(struct l2tp_tunnel *tunnel, struct net *net, + + setup_udp_tunnel_sock(net, sock, &udp_cfg); + } else { +- sk->sk_user_data = tunnel; ++ rcu_assign_sk_user_data(sk, tunnel); + } + + tunnel->old_sk_destruct = sk->sk_destruct; +@@ -1557,6 +1560,7 @@ int l2tp_tunnel_register(struct l2tp_tunnel *tunnel, struct net *net, + if (tunnel->fd >= 0) + sockfd_put(sock); + ++ write_unlock(&sk->sk_callback_lock); + return 0; + + err_sock: +@@ -1564,6 +1568,8 @@ int l2tp_tunnel_register(struct l2tp_tunnel *tunnel, struct net *net, + sock_release(sock); + else + sockfd_put(sock); ++ ++ write_unlock(&sk->sk_callback_lock); + err: + return ret; + } +-- +2.16.4 + diff --git a/patches.suse/l2tp-add-sk_family-checks-to-l2tp_validate_socket.patch b/patches.suse/l2tp-add-sk_family-checks-to-l2tp_validate_socket.patch index 1262a0b..1094af7 100644 --- a/patches.suse/l2tp-add-sk_family-checks-to-l2tp_validate_socket.patch +++ b/patches.suse/l2tp-add-sk_family-checks-to-l2tp_validate_socket.patch @@ -119,18 +119,20 @@ Reported-by: syzbot Acked-by: Guillaume Nault Signed-off-by: David S. Miller Signed-off-by: Jiri Slaby +Signed-off-by: Denis Kirjanov --- net/l2tp/l2tp_core.c | 2 ++ 1 file changed, 2 insertions(+) --- a/net/l2tp/l2tp_core.c +++ b/net/l2tp/l2tp_core.c -@@ -1480,6 +1480,8 @@ int l2tp_tunnel_create(struct net *net, - tunnel_id, fd); - goto err; - } +@@ -1485,6 +1485,9 @@ static int l2tp_validate_socket(const st + if (sk->sk_type != SOCK_DGRAM) + return -EPROTONOSUPPORT; + + if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) -+ goto err; - switch (encap) { - case L2TP_ENCAPTYPE_UDP: - if (sk->sk_protocol != IPPROTO_UDP) { ++ return -EINVAL; ++ + if ((encap == L2TP_ENCAPTYPE_UDP && sk->sk_protocol != IPPROTO_UDP) || + (encap == L2TP_ENCAPTYPE_IP && sk->sk_protocol != IPPROTO_L2TP)) + return -EPROTONOSUPPORT; diff --git a/patches.suse/l2tp-fix-race-in-duplicate-tunnel-detection.patch b/patches.suse/l2tp-fix-race-in-duplicate-tunnel-detection.patch new file mode 100644 index 0000000..ee002b4 --- /dev/null +++ b/patches.suse/l2tp-fix-race-in-duplicate-tunnel-detection.patch @@ -0,0 +1,126 @@ +From b100598ffd55b71a99567555d7971d07e7b42ac3 Mon Sep 17 00:00:00 2001 +From: Guillaume Nault +Date: Tue, 10 Apr 2018 21:01:13 +0200 +Subject: [PATCH 2/3] l2tp: fix race in duplicate tunnel detection +Git-commit: f6cd651b056ffd3b4e8496afd44d4ed44bf69136 +Patch-mainline: v4.17-rc1 +References: bsc#1205711 CVE-2022-4129 + +We can't use l2tp_tunnel_find() to prevent l2tp_nl_cmd_tunnel_create() +from creating a duplicate tunnel. A tunnel can be concurrently +registered after l2tp_tunnel_find() returns. Therefore, searching for +duplicates must be done at registration time. + +Finally, remove l2tp_tunnel_find() entirely as it isn't use anywhere +anymore. + +Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP") +Signed-off-by: Guillaume Nault +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + net/l2tp/l2tp_core.c | 35 ++++++++++++++--------------------- + net/l2tp/l2tp_core.h | 1 - + net/l2tp/l2tp_netlink.c | 6 ------ + 3 files changed, 14 insertions(+), 28 deletions(-) + +diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c +index b71becd4d522..c28cf5c0e80a 100644 +--- a/net/l2tp/l2tp_core.c ++++ b/net/l2tp/l2tp_core.c +@@ -334,26 +334,6 @@ int l2tp_session_register(struct l2tp_session *session, + } + EXPORT_SYMBOL_GPL(l2tp_session_register); + +-/* Lookup a tunnel by id +- */ +-struct l2tp_tunnel *l2tp_tunnel_find(const struct net *net, u32 tunnel_id) +-{ +- struct l2tp_tunnel *tunnel; +- struct l2tp_net *pn = l2tp_pernet(net); +- +- rcu_read_lock_bh(); +- list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) { +- if (tunnel->tunnel_id == tunnel_id) { +- rcu_read_unlock_bh(); +- return tunnel; +- } +- } +- rcu_read_unlock_bh(); +- +- return NULL; +-} +-EXPORT_SYMBOL_GPL(l2tp_tunnel_find); +- + struct l2tp_tunnel *l2tp_tunnel_find_nth(const struct net *net, int nth) + { + struct l2tp_net *pn = l2tp_pernet(net); +@@ -1513,6 +1493,7 @@ static int l2tp_validate_socket(const struct sock *sk, const struct net *net, + int l2tp_tunnel_register(struct l2tp_tunnel *tunnel, struct net *net, + struct l2tp_tunnel_cfg *cfg) + { ++ struct l2tp_tunnel *tunnel_walk; + struct l2tp_net *pn; + struct socket *sock; + struct sock *sk; +@@ -1541,7 +1522,16 @@ int l2tp_tunnel_register(struct l2tp_tunnel *tunnel, struct net *net, + tunnel->l2tp_net = net; + + pn = l2tp_pernet(net); ++ + spin_lock_bh(&pn->l2tp_tunnel_list_lock); ++ list_for_each_entry(tunnel_walk, &pn->l2tp_tunnel_list, list) { ++ if (tunnel_walk->tunnel_id == tunnel->tunnel_id) { ++ spin_unlock_bh(&pn->l2tp_tunnel_list_lock); ++ ++ ret = -EEXIST; ++ goto err_sock; ++ } ++ } + list_add_rcu(&tunnel->list, &pn->l2tp_tunnel_list); + spin_unlock_bh(&pn->l2tp_tunnel_list_lock); + +@@ -1570,7 +1560,10 @@ int l2tp_tunnel_register(struct l2tp_tunnel *tunnel, struct net *net, + return 0; + + err_sock: +- sockfd_put(sock); ++ if (tunnel->fd < 0) ++ sock_release(sock); ++ else ++ sockfd_put(sock); + err: + return ret; + } +diff --git a/net/l2tp/l2tp_core.h b/net/l2tp/l2tp_core.h +index 076f96f3772b..309ee6e70871 100644 +--- a/net/l2tp/l2tp_core.h ++++ b/net/l2tp/l2tp_core.h +@@ -251,7 +251,6 @@ struct l2tp_session *l2tp_session_get(const struct net *net, + struct l2tp_session *l2tp_session_get_nth(struct l2tp_tunnel *tunnel, int nth); + struct l2tp_session *l2tp_session_get_by_ifname(const struct net *net, + const char *ifname); +-struct l2tp_tunnel *l2tp_tunnel_find(const struct net *net, u32 tunnel_id); + struct l2tp_tunnel *l2tp_tunnel_find_nth(const struct net *net, int nth); + + int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, +diff --git a/net/l2tp/l2tp_netlink.c b/net/l2tp/l2tp_netlink.c +index bd12e695fae8..ad9170044f67 100644 +--- a/net/l2tp/l2tp_netlink.c ++++ b/net/l2tp/l2tp_netlink.c +@@ -236,12 +236,6 @@ static int l2tp_nl_cmd_tunnel_create(struct sk_buff *skb, struct genl_info *info + if (info->attrs[L2TP_ATTR_DEBUG]) + cfg.debug = nla_get_u32(info->attrs[L2TP_ATTR_DEBUG]); + +- tunnel = l2tp_tunnel_find(net, tunnel_id); +- if (tunnel != NULL) { +- ret = -EEXIST; +- goto out; +- } +- + ret = -EINVAL; + switch (cfg.encap) { + case L2TP_ENCAPTYPE_UDP: +-- +2.16.4 + diff --git a/patches.suse/l2tp-fix-races-in-tunnel-creation.patch b/patches.suse/l2tp-fix-races-in-tunnel-creation.patch new file mode 100644 index 0000000..4a5b676 --- /dev/null +++ b/patches.suse/l2tp-fix-races-in-tunnel-creation.patch @@ -0,0 +1,345 @@ +From bbfdf444b4ebd9e56ea6308bcf4e6029913e07b8 Mon Sep 17 00:00:00 2001 +From: Guillaume Nault +Date: Tue, 10 Apr 2018 21:01:12 +0200 +Subject: [PATCH 1/3] l2tp: fix races in tunnel creation +Git-commit: 6b9f34239b00e6956a267abed2bc559ede556ad6 +Patch-mainline: v4.17-rc1 +References: bsc#1205711 CVE-2022-4129 + +l2tp_tunnel_create() inserts the new tunnel into the namespace's tunnel +list and sets the socket's ->sk_user_data field, before returning it to +the caller. Therefore, there are two ways the tunnel can be accessed +and freed, before the caller even had the opportunity to take a +reference. In practice, syzbot could crash the module by closing the +socket right after a new tunnel was returned to pppol2tp_create(). + +This patch moves tunnel registration out of l2tp_tunnel_create(), so +that the caller can safely hold a reference before publishing the +tunnel. This second step is done with the new l2tp_tunnel_register() +function, which is now responsible for associating the tunnel to its +socket and for inserting it into the namespace's list. + +While moving the code to l2tp_tunnel_register(), a few modifications +have been done. First, the socket validation tests are done in a helper +function, for clarity. Also, modifying the socket is now done after +having inserted the tunnel to the namespace's tunnels list. This will +allow insertion to fail, without having to revert theses modifications +in the error path (a followup patch will check for duplicate tunnels +before insertion). Either the socket is a kernel socket which we +control, or it is a user-space socket for which we have a reference on +the file descriptor. In any case, the socket isn't going to be closed +from under us. + +Reported-by: syzbot+fbeeb5c3b538e8545644@syzkaller.appspotmail.com +Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts") +Signed-off-by: Guillaume Nault +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + net/l2tp/l2tp_core.c | 192 +++++++++++++++++++++--------------------------- + net/l2tp/l2tp_core.h | 3 + + net/l2tp/l2tp_netlink.c | 16 +++- + net/l2tp/l2tp_ppp.c | 9 +++ + 4 files changed, 110 insertions(+), 110 deletions(-) + +diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c +index 59b18164e271..b71becd4d522 100644 +--- a/net/l2tp/l2tp_core.c ++++ b/net/l2tp/l2tp_core.c +@@ -1448,74 +1448,11 @@ int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 + { + struct l2tp_tunnel *tunnel = NULL; + int err; +- struct socket *sock = NULL; +- struct sock *sk = NULL; +- struct l2tp_net *pn; + enum l2tp_encap_type encap = L2TP_ENCAPTYPE_UDP; + +- /* Get the tunnel socket from the fd, which was opened by +- * the userspace L2TP daemon. If not specified, create a +- * kernel socket. +- */ +- if (fd < 0) { +- err = l2tp_tunnel_sock_create(net, tunnel_id, peer_tunnel_id, +- cfg, &sock); +- if (err < 0) +- goto err; +- } else { +- sock = sockfd_lookup(fd, &err); +- if (!sock) { +- pr_err("tunl %u: sockfd_lookup(fd=%d) returned %d\n", +- tunnel_id, fd, err); +- err = -EBADF; +- goto err; +- } +- +- /* Reject namespace mismatches */ +- if (!net_eq(sock_net(sock->sk), net)) { +- pr_err("tunl %u: netns mismatch\n", tunnel_id); +- err = -EINVAL; +- goto err; +- } +- } +- +- sk = sock->sk; +- + if (cfg != NULL) + encap = cfg->encap; + +- /* Quick sanity checks */ +- err = -EPROTONOSUPPORT; +- if (sk->sk_type != SOCK_DGRAM) { +- pr_debug("tunl %hu: fd %d wrong socket type\n", +- tunnel_id, fd); +- goto err; +- } +- switch (encap) { +- case L2TP_ENCAPTYPE_UDP: +- if (sk->sk_protocol != IPPROTO_UDP) { +- pr_err("tunl %hu: fd %d wrong protocol, got %d, expected %d\n", +- tunnel_id, fd, sk->sk_protocol, IPPROTO_UDP); +- goto err; +- } +- break; +- case L2TP_ENCAPTYPE_IP: +- if (sk->sk_protocol != IPPROTO_L2TP) { +- pr_err("tunl %hu: fd %d wrong protocol, got %d, expected %d\n", +- tunnel_id, fd, sk->sk_protocol, IPPROTO_L2TP); +- goto err; +- } +- break; +- } +- +- /* Check if this socket has already been prepped */ +- tunnel = l2tp_tunnel(sk); +- if (tunnel != NULL) { +- /* This socket has already been prepped */ +- err = -EBUSY; +- goto err; +- } +- + tunnel = kzalloc(sizeof(struct l2tp_tunnel), GFP_KERNEL); + if (tunnel == NULL) { + err = -ENOMEM; +@@ -1532,72 +1469,113 @@ int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 + rwlock_init(&tunnel->hlist_lock); + tunnel->acpt_newsess = true; + +- /* The net we belong to */ +- tunnel->l2tp_net = net; +- pn = l2tp_pernet(net); +- + if (cfg != NULL) + tunnel->debug = cfg->debug; + +- /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */ + tunnel->encap = encap; +- if (encap == L2TP_ENCAPTYPE_UDP) { +- struct udp_tunnel_sock_cfg udp_cfg = { }; +- +- udp_cfg.sk_user_data = tunnel; +- udp_cfg.encap_type = UDP_ENCAP_L2TPINUDP; +- udp_cfg.encap_rcv = l2tp_udp_encap_recv; +- udp_cfg.encap_destroy = l2tp_udp_encap_destroy; +- +- setup_udp_tunnel_sock(net, sock, &udp_cfg); +- } else { +- sk->sk_user_data = tunnel; +- } + +- /* Bump the reference count. The tunnel context is deleted +- * only when this drops to zero. A reference is also held on +- * the tunnel socket to ensure that it is not released while +- * the tunnel is extant. Must be done before sk_destruct is +- * set. +- */ + l2tp_tunnel_inc_refcount(tunnel); +- sock_hold(sk); +- tunnel->sock = sk; + tunnel->fd = fd; + +- /* Hook on the tunnel socket destructor so that we can cleanup +- * if the tunnel socket goes away. +- */ +- tunnel->old_sk_destruct = sk->sk_destruct; +- sk->sk_destruct = &l2tp_tunnel_destruct; +- lockdep_set_class_and_name(&sk->sk_lock.slock, &l2tp_socket_class, "l2tp_sock"); +- +- sk->sk_allocation = GFP_ATOMIC; +- + /* Init delete workqueue struct */ + INIT_WORK(&tunnel->del_work, l2tp_tunnel_del_work); + +- /* Add tunnel to our list */ + INIT_LIST_HEAD(&tunnel->list); +- spin_lock_bh(&pn->l2tp_tunnel_list_lock); +- list_add_rcu(&tunnel->list, &pn->l2tp_tunnel_list); +- spin_unlock_bh(&pn->l2tp_tunnel_list_lock); + + err = 0; + err: + if (tunnelp) + *tunnelp = tunnel; + +- /* If tunnel's socket was created by the kernel, it doesn't +- * have a file. +- */ +- if (sock && sock->file) +- sockfd_put(sock); +- + return err; + } + EXPORT_SYMBOL_GPL(l2tp_tunnel_create); + ++static int l2tp_validate_socket(const struct sock *sk, const struct net *net, ++ enum l2tp_encap_type encap) ++{ ++ if (!net_eq(sock_net(sk), net)) ++ return -EINVAL; ++ ++ if (sk->sk_type != SOCK_DGRAM) ++ return -EPROTONOSUPPORT; ++ ++ if ((encap == L2TP_ENCAPTYPE_UDP && sk->sk_protocol != IPPROTO_UDP) || ++ (encap == L2TP_ENCAPTYPE_IP && sk->sk_protocol != IPPROTO_L2TP)) ++ return -EPROTONOSUPPORT; ++ ++ if (sk->sk_user_data) ++ return -EBUSY; ++ ++ return 0; ++} ++ ++int l2tp_tunnel_register(struct l2tp_tunnel *tunnel, struct net *net, ++ struct l2tp_tunnel_cfg *cfg) ++{ ++ struct l2tp_net *pn; ++ struct socket *sock; ++ struct sock *sk; ++ int ret; ++ ++ if (tunnel->fd < 0) { ++ ret = l2tp_tunnel_sock_create(net, tunnel->tunnel_id, ++ tunnel->peer_tunnel_id, cfg, ++ &sock); ++ if (ret < 0) ++ goto err; ++ } else { ++ sock = sockfd_lookup(tunnel->fd, &ret); ++ if (!sock) ++ goto err; ++ ++ ret = l2tp_validate_socket(sock->sk, net, tunnel->encap); ++ if (ret < 0) ++ goto err_sock; ++ } ++ ++ sk = sock->sk; ++ ++ sock_hold(sk); ++ tunnel->sock = sk; ++ tunnel->l2tp_net = net; ++ ++ pn = l2tp_pernet(net); ++ spin_lock_bh(&pn->l2tp_tunnel_list_lock); ++ list_add_rcu(&tunnel->list, &pn->l2tp_tunnel_list); ++ spin_unlock_bh(&pn->l2tp_tunnel_list_lock); ++ ++ if (tunnel->encap == L2TP_ENCAPTYPE_UDP) { ++ struct udp_tunnel_sock_cfg udp_cfg = { ++ .sk_user_data = tunnel, ++ .encap_type = UDP_ENCAP_L2TPINUDP, ++ .encap_rcv = l2tp_udp_encap_recv, ++ .encap_destroy = l2tp_udp_encap_destroy, ++ }; ++ ++ setup_udp_tunnel_sock(net, sock, &udp_cfg); ++ } else { ++ sk->sk_user_data = tunnel; ++ } ++ ++ tunnel->old_sk_destruct = sk->sk_destruct; ++ sk->sk_destruct = &l2tp_tunnel_destruct; ++ lockdep_set_class_and_name(&sk->sk_lock.slock, &l2tp_socket_class, ++ "l2tp_sock"); ++ sk->sk_allocation = GFP_ATOMIC; ++ ++ if (tunnel->fd >= 0) ++ sockfd_put(sock); ++ ++ return 0; ++ ++err_sock: ++ sockfd_put(sock); ++err: ++ return ret; ++} ++EXPORT_SYMBOL_GPL(l2tp_tunnel_register); ++ + /* This function is used by the netlink TUNNEL_DELETE command. + */ + void l2tp_tunnel_delete(struct l2tp_tunnel *tunnel) +diff --git a/net/l2tp/l2tp_core.h b/net/l2tp/l2tp_core.h +index 99c85c1cbdad..076f96f3772b 100644 +--- a/net/l2tp/l2tp_core.h ++++ b/net/l2tp/l2tp_core.h +@@ -257,6 +257,9 @@ struct l2tp_tunnel *l2tp_tunnel_find_nth(const struct net *net, int nth); + int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, + u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, + struct l2tp_tunnel **tunnelp); ++int l2tp_tunnel_register(struct l2tp_tunnel *tunnel, struct net *net, ++ struct l2tp_tunnel_cfg *cfg); ++ + void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel); + void l2tp_tunnel_delete(struct l2tp_tunnel *tunnel); + struct l2tp_session *l2tp_session_create(int priv_size, +diff --git a/net/l2tp/l2tp_netlink.c b/net/l2tp/l2tp_netlink.c +index 8068f5c05408..bd12e695fae8 100644 +--- a/net/l2tp/l2tp_netlink.c ++++ b/net/l2tp/l2tp_netlink.c +@@ -251,9 +251,19 @@ static int l2tp_nl_cmd_tunnel_create(struct sk_buff *skb, struct genl_info *info + break; + } + +- if (ret >= 0) +- ret = l2tp_tunnel_notify(&l2tp_nl_family, info, +- tunnel, L2TP_CMD_TUNNEL_CREATE); ++ if (ret < 0) ++ goto out; ++ ++ l2tp_tunnel_inc_refcount(tunnel); ++ ret = l2tp_tunnel_register(tunnel, net, &cfg); ++ if (ret < 0) { ++ kfree(tunnel); ++ goto out; ++ } ++ ret = l2tp_tunnel_notify(&l2tp_nl_family, info, tunnel, ++ L2TP_CMD_TUNNEL_CREATE); ++ l2tp_tunnel_dec_refcount(tunnel); ++ + out: + return ret; + } +diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c +index 2b527f1d1caa..a05dea0a5a8e 100644 +--- a/net/l2tp/l2tp_ppp.c ++++ b/net/l2tp/l2tp_ppp.c +@@ -734,6 +734,15 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr, + error = l2tp_tunnel_create(sock_net(sk), fd, ver, tunnel_id, peer_tunnel_id, &tcfg, &tunnel); + if (error < 0) + goto end; ++ ++ l2tp_tunnel_inc_refcount(tunnel); ++ error = l2tp_tunnel_register(tunnel, sock_net(sk), ++ &tcfg); ++ if (error < 0) { ++ kfree(tunnel); ++ goto end; ++ } ++ drop_tunnel = true; + } + } else { + /* Error if we can't find the tunnel */ +-- +2.16.4 + diff --git a/patches.suse/media-coda-Add-check-for-dcoda_iram_alloc.patch b/patches.suse/media-coda-Add-check-for-dcoda_iram_alloc.patch new file mode 100644 index 0000000..759c8ee --- /dev/null +++ b/patches.suse/media-coda-Add-check-for-dcoda_iram_alloc.patch @@ -0,0 +1,46 @@ +From 6b8082238fb8bb20f67e46388123e67a5bbc558d Mon Sep 17 00:00:00 2001 +From: Jiasheng Jiang +Date: Thu, 17 Nov 2022 14:56:52 +0800 +Subject: [PATCH] media: coda: Add check for dcoda_iram_alloc +Git-commit: 6b8082238fb8bb20f67e46388123e67a5bbc558d +References: git-fixes +Patch-mainline: v6.2-rc1 + +As the coda_iram_alloc may return NULL pointer, +it should be better to check the return value +in order to avoid NULL poineter dereference, +same as the others. + +Fixes: b313bcc9a467 ("[media] coda: simplify IRAM setup") +Signed-off-by: Jiasheng Jiang +Signed-off-by: Hans Verkuil +Signed-off-by: Oliver Neukum +--- + drivers/media/platform/chips-media/coda-bit.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/media/platform/chips-media/coda-bit.c b/drivers/media/platform/chips-media/coda-bit.c +index 2736a902e3df..6d816fd69a17 100644 +--- a/drivers/media/platform/coda/coda-bit.c ++++ b/drivers/media/platform/coda/coda-bit.c +@@ -854,7 +854,7 @@ static void coda_setup_iram(struct coda_ctx *ctx) + /* Only H.264BP and H.263P3 are considered */ + iram_info->buf_dbk_y_use = coda_iram_alloc(iram_info, w64); + iram_info->buf_dbk_c_use = coda_iram_alloc(iram_info, w64); +- if (!iram_info->buf_dbk_c_use) ++ if (!iram_info->buf_dbk_y_use || !iram_info->buf_dbk_c_use) + goto out; + iram_info->axi_sram_use |= dbk_bits; + +@@ -878,7 +878,7 @@ static void coda_setup_iram(struct coda_ctx *ctx) + + iram_info->buf_dbk_y_use = coda_iram_alloc(iram_info, w128); + iram_info->buf_dbk_c_use = coda_iram_alloc(iram_info, w128); +- if (!iram_info->buf_dbk_c_use) ++ if (!iram_info->buf_dbk_y_use || !iram_info->buf_dbk_c_use) + goto out; + iram_info->axi_sram_use |= dbk_bits; + +-- +2.39.2 + diff --git a/patches.suse/media-coda-Add-check-for-kmalloc.patch b/patches.suse/media-coda-Add-check-for-kmalloc.patch new file mode 100644 index 0000000..91d16c7 --- /dev/null +++ b/patches.suse/media-coda-Add-check-for-kmalloc.patch @@ -0,0 +1,47 @@ +From 6e5e5defdb8b0186312c2f855ace175aee6daf9b Mon Sep 17 00:00:00 2001 +From: Jiasheng Jiang +Date: Thu, 17 Nov 2022 15:02:36 +0800 +Subject: [PATCH] media: coda: Add check for kmalloc +Git-commit: 6e5e5defdb8b0186312c2f855ace175aee6daf9b +References: git-fixes +Patch-mainline: v6.2-rc1 + +As the kmalloc may return NULL pointer, +it should be better to check the return value +in order to avoid NULL poineter dereference, +same as the others. + +Fixes: cb1d3a336371 ("[media] coda: add CODA7541 JPEG support") +Signed-off-by: Jiasheng Jiang +Signed-off-by: Hans Verkuil +Signed-off-by: Oliver Neukum +--- + drivers/media/platform/chips-media/coda-bit.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/drivers/media/platform/chips-media/coda-bit.c b/drivers/media/platform/chips-media/coda-bit.c +index 6d816fd69a17..ed47d5bd8d61 100644 +--- a/drivers/media/platform/coda/coda-bit.c ++++ b/drivers/media/platform/coda/coda-bit.c +@@ -1084,10 +1084,16 @@ static int coda_start_encoding(struct coda_ctx *ctx) + } + + if (dst_fourcc == V4L2_PIX_FMT_JPEG) { +- if (!ctx->params.jpeg_qmat_tab[0]) ++ if (!ctx->params.jpeg_qmat_tab[0]) { + ctx->params.jpeg_qmat_tab[0] = kmalloc(64, GFP_KERNEL); +- if (!ctx->params.jpeg_qmat_tab[1]) ++ if (!ctx->params.jpeg_qmat_tab[0]) ++ return -ENOMEM; ++ } ++ if (!ctx->params.jpeg_qmat_tab[1]) { + ctx->params.jpeg_qmat_tab[1] = kmalloc(64, GFP_KERNEL); ++ if (!ctx->params.jpeg_qmat_tab[1]) ++ return -ENOMEM; ++ } + coda_set_jpeg_compression_quality(ctx, ctx->params.jpeg_quality); + } + +-- +2.39.2 + diff --git a/patches.suse/media-platform-ti-Add-missing-check-for-devm_regulat.patch b/patches.suse/media-platform-ti-Add-missing-check-for-devm_regulat.patch new file mode 100644 index 0000000..629bfa3 --- /dev/null +++ b/patches.suse/media-platform-ti-Add-missing-check-for-devm_regulat.patch @@ -0,0 +1,44 @@ +From da8e05f84a11c3cc3b0ba0a3c62d20e358002d99 Mon Sep 17 00:00:00 2001 +From: Jiasheng Jiang +Date: Wed, 4 Jan 2023 09:55:37 +0100 +Subject: [PATCH] media: platform: ti: Add missing check for devm_regulator_get +Git-commit: da8e05f84a11c3cc3b0ba0a3c62d20e358002d99 +References: git-fixes +Patch-mainline: v6.3-rc1 + +Add check for the return value of devm_regulator_get since it may return +error pointer. + +Fixes: 448de7e7850b ("[media] omap3isp: OMAP3 ISP core") +Signed-off-by: Jiasheng Jiang +Signed-off-by: Laurent Pinchart +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Oliver Neukum +--- + drivers/media/platform/ti/omap3isp/isp.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/drivers/media/platform/ti/omap3isp/isp.c b/drivers/media/platform/ti/omap3isp/isp.c +index 1d40bb59ff81..e7327e38482d 100644 +--- a/drivers/media/platform/omap3isp/isp.c ++++ b/drivers/media/platform/omap3isp/isp.c +@@ -2307,7 +2307,16 @@ static int isp_probe(struct platform_device *pdev) + + /* Regulators */ + isp->isp_csiphy1.vdd = devm_regulator_get(&pdev->dev, "vdd-csiphy1"); ++ if (IS_ERR(isp->isp_csiphy1.vdd)) { ++ ret = PTR_ERR(isp->isp_csiphy1.vdd); ++ goto error; ++ } ++ + isp->isp_csiphy2.vdd = devm_regulator_get(&pdev->dev, "vdd-csiphy2"); ++ if (IS_ERR(isp->isp_csiphy2.vdd)) { ++ ret = PTR_ERR(isp->isp_csiphy2.vdd); ++ goto error; ++ } + + /* Clocks + * +-- +2.39.2 + diff --git a/patches.suse/media-rc-Fix-use-after-free-bugs-caused-by-ene_tx_ir.patch b/patches.suse/media-rc-Fix-use-after-free-bugs-caused-by-ene_tx_ir.patch new file mode 100644 index 0000000..47b3951 --- /dev/null +++ b/patches.suse/media-rc-Fix-use-after-free-bugs-caused-by-ene_tx_ir.patch @@ -0,0 +1,83 @@ +From 29b0589a865b6f66d141d79b2dd1373e4e50fe17 Mon Sep 17 00:00:00 2001 +From: Duoming Zhou +Date: Tue, 24 Jan 2023 08:55:33 +0100 +Subject: [PATCH] media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() +Git-commit: 29b0589a865b6f66d141d79b2dd1373e4e50fe17 +Patch-mainline: v6.3-rc1 +References: CVE-2023-1118 bsc#1208837 + +When the ene device is detaching, function ene_remove() will +be called. But there is no function to cancel tx_sim_timer +in ene_remove(), the timer handler ene_tx_irqsim() could race +with ene_remove(). As a result, the UAF bugs could happen, +the process is shown below. + + (cleanup routine) | (timer routine) + | mod_timer(&dev->tx_sim_timer, ..) +ene_remove() | (wait a time) + | ene_tx_irqsim() + | dev->hw_lock //USE + | ene_tx_sample(dev) //USE + +Fix by adding del_timer_sync(&dev->tx_sim_timer) in ene_remove(), +The tx_sim_timer could stop before ene device is deallocated. + +What's more, The rc_unregister_device() and del_timer_sync() +should be called first in ene_remove() and the deallocated +functions such as free_irq(), release_region() and so on +should be called behind them. Because the rc_unregister_device() +is well synchronized. Otherwise, race conditions may happen. The +situations that may lead to race conditions are shown below. + +Firstly, the rx receiver is disabled with ene_rx_disable() +before rc_unregister_device() in ene_remove(), which means it +can be enabled again if a process opens /dev/lirc0 between +ene_rx_disable() and rc_unregister_device(). + +Secondly, the irqaction descriptor is freed by free_irq() +before the rc device is unregistered, which means irqaction +descriptor may be accessed again after it is deallocated. + +Thirdly, the timer can call ene_tx_sample() that can write +to the io ports, which means the io ports could be accessed +again after they are deallocated by release_region(). + +Therefore, the rc_unregister_device() and del_timer_sync() +should be called first in ene_remove(). + +Suggested by: Sean Young + +Fixes: 9ea53b74df9c ("V4L/DVB: STAGING: remove lirc_ene0100 driver") +Signed-off-by: Duoming Zhou +Signed-off-by: Sean Young +Signed-off-by: Mauro Carvalho Chehab +Acked-by: Takashi Iwai + +--- + drivers/media/rc/ene_ir.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/media/rc/ene_ir.c b/drivers/media/rc/ene_ir.c +index e09270916fbc..11ee21a7db8f 100644 +--- a/drivers/media/rc/ene_ir.c ++++ b/drivers/media/rc/ene_ir.c +@@ -1106,6 +1106,8 @@ static void ene_remove(struct pnp_dev *pnp_dev) + struct ene_device *dev = pnp_get_drvdata(pnp_dev); + unsigned long flags; + ++ rc_unregister_device(dev->rdev); ++ del_timer_sync(&dev->tx_sim_timer); + spin_lock_irqsave(&dev->hw_lock, flags); + ene_rx_disable(dev); + ene_rx_restore_hw_buffer(dev); +@@ -1113,7 +1115,6 @@ static void ene_remove(struct pnp_dev *pnp_dev) + + free_irq(dev->irq, dev); + release_region(dev->hw_io, ENE_IO_SIZE); +- rc_unregister_device(dev->rdev); + kfree(dev); + } + +-- +2.35.3 + diff --git a/patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch b/patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch new file mode 100644 index 0000000..549c9d9 --- /dev/null +++ b/patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch @@ -0,0 +1,80 @@ +From 811d581194f7412eda97acc03d17fc77824b561f Mon Sep 17 00:00:00 2001 +From: Alan Stern +Date: Fri, 3 Feb 2023 14:32:09 -0500 +Subject: [PATCH] net: USB: Fix wrong-direction WARNING in plusb.c +Git-commit: 811d581194f7412eda97acc03d17fc77824b561f +References: git-fixes +Patch-mainline: v6.2-rc8 + +The syzbot fuzzer detected a bug in the plusb network driver: A +zero-length control-OUT transfer was treated as a read instead of a +write. In modern kernels this error provokes a WARNING: + +usb 1-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0 +WARNING: CPU: 0 PID: 4645 at drivers/usb/core/urb.c:411 +usb_submit_urb+0x14a7/0x1880 drivers/usb/core/urb.c:411 +Modules linked in: +CPU: 1 PID: 4645 Comm: dhcpcd Not tainted +6.2.0-rc6-syzkaller-00050-g9f266ccaa2f5 #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google +01/12/2023 +RIP: 0010:usb_submit_urb+0x14a7/0x1880 drivers/usb/core/urb.c:411 +... +Call Trace: + + usb_start_wait_urb+0x101/0x4b0 drivers/usb/core/message.c:58 + usb_internal_control_msg drivers/usb/core/message.c:102 [inline] + usb_control_msg+0x320/0x4a0 drivers/usb/core/message.c:153 + __usbnet_read_cmd+0xb9/0x390 drivers/net/usb/usbnet.c:2010 + usbnet_read_cmd+0x96/0xf0 drivers/net/usb/usbnet.c:2068 + pl_vendor_req drivers/net/usb/plusb.c:60 [inline] + pl_set_QuickLink_features drivers/net/usb/plusb.c:75 [inline] + pl_reset+0x2f/0xf0 drivers/net/usb/plusb.c:85 + usbnet_open+0xcc/0x5d0 drivers/net/usb/usbnet.c:889 + __dev_open+0x297/0x4d0 net/core/dev.c:1417 + __dev_change_flags+0x587/0x750 net/core/dev.c:8530 + dev_change_flags+0x97/0x170 net/core/dev.c:8602 + devinet_ioctl+0x15a2/0x1d70 net/ipv4/devinet.c:1147 + inet_ioctl+0x33f/0x380 net/ipv4/af_inet.c:979 + sock_do_ioctl+0xcc/0x230 net/socket.c:1169 + sock_ioctl+0x1f8/0x680 net/socket.c:1286 + vfs_ioctl fs/ioctl.c:51 [inline] + __do_sys_ioctl fs/ioctl.c:870 [inline] + __se_sys_ioctl fs/ioctl.c:856 [inline] + __x64_sys_ioctl+0x197/0x210 fs/ioctl.c:856 + do_syscall_x64 arch/x86/entry/common.c:50 [inline] + do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 + entry_SYSCALL_64_after_hwframe+0x63/0xcd + +The fix is to call usbnet_write_cmd() instead of usbnet_read_cmd() and +remove the USB_DIR_IN flag. + +Reported-and-tested-by: syzbot+2a0e7abd24f1eb90ce25@syzkaller.appspotmail.com +Signed-off-by: Alan Stern +Fixes: 090ffa9d0e90 ("[PATCH] USB: usbnet (9/9) module for pl2301/2302 cables") +CC: stable@vger.kernel.org +Link: https://lore.kernel.org/r/00000000000052099f05f3b3e298@google.com/ +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/plusb.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/drivers/net/usb/plusb.c b/drivers/net/usb/plusb.c +index 2c82fbcaab22..7a2b0094de51 100644 +--- a/drivers/net/usb/plusb.c ++++ b/drivers/net/usb/plusb.c +@@ -57,9 +57,7 @@ + static inline int + pl_vendor_req(struct usbnet *dev, u8 req, u8 val, u8 index) + { +- return usbnet_read_cmd(dev, req, +- USB_DIR_IN | USB_TYPE_VENDOR | +- USB_RECIP_DEVICE, ++ return usbnet_write_cmd(dev, req, USB_TYPE_VENDOR | USB_RECIP_DEVICE, + val, index, NULL, 0); + } + +-- +2.39.2 + diff --git a/patches.suse/net-allwinner-Fix-use-correct-return-type-for-ndo_st.patch b/patches.suse/net-allwinner-Fix-use-correct-return-type-for-ndo_st.patch new file mode 100644 index 0000000..96816b6 --- /dev/null +++ b/patches.suse/net-allwinner-Fix-use-correct-return-type-for-ndo_st.patch @@ -0,0 +1,45 @@ +From ec9098adeaca6afac0caa74e00b5fc7f8bf8e8ef Mon Sep 17 00:00:00 2001 +From: Yunjian Wang +Date: Tue, 5 May 2020 10:49:20 +0800 +Subject: [PATCH 6/6] net: allwinner: Fix use correct return type for + ndo_start_xmit() +Git-commit: 09f6c44aaae0f1bdb8b983d7762676d5018c53bc +References: git-fixes +Patch-mainline: v5.8-rc1 + +The method ndo_start_xmit() returns a value of type netdev_tx_t. Fix +the ndo function to use the correct type. And emac_start_xmit() can +leak one skb if 'channel' == 3. + +Signed-off-by: Yunjian Wang +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/allwinner/sun4i-emac.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/allwinner/sun4i-emac.c b/drivers/net/ethernet/allwinner/sun4i-emac.c +index 3143de45baaa..c458b81ba63a 100644 +--- a/drivers/net/ethernet/allwinner/sun4i-emac.c ++++ b/drivers/net/ethernet/allwinner/sun4i-emac.c +@@ -433,7 +433,7 @@ static void emac_timeout(struct net_device *dev) + /* Hardware start transmission. + * Send a packet to media from the upper layer. + */ +-static int emac_start_xmit(struct sk_buff *skb, struct net_device *dev) ++static netdev_tx_t emac_start_xmit(struct sk_buff *skb, struct net_device *dev) + { + struct emac_board_info *db = netdev_priv(dev); + unsigned long channel; +@@ -441,7 +441,7 @@ static int emac_start_xmit(struct sk_buff *skb, struct net_device *dev) + + channel = db->tx_fifo_stat & 3; + if (channel == 3) +- return 1; ++ return NETDEV_TX_BUSY; + + channel = (channel == 1 ? 1 : 0); + +-- +2.16.4 + diff --git a/patches.suse/net-aquantia-fix-RSS-table-and-key-sizes.patch b/patches.suse/net-aquantia-fix-RSS-table-and-key-sizes.patch new file mode 100644 index 0000000..b42e030 --- /dev/null +++ b/patches.suse/net-aquantia-fix-RSS-table-and-key-sizes.patch @@ -0,0 +1,50 @@ +From 11ad28aa32be2829f0d9c6ce2ed076827d1a77e5 Mon Sep 17 00:00:00 2001 +From: Dmitry Bogdanov +Date: Fri, 7 Dec 2018 14:00:11 +0000 +Subject: [PATCH 4/7] net: aquantia: fix RSS table and key sizes +Git-commit: 474fb1150d40780e71f0b569aeac4f375df3af3d +Patch-mainline: v5.0-rc1 +References: git-fixes + +Set RSS indirection table and RSS hash key sizes to their real size. + +Signed-off-by: Dmitry Bogdanov +Signed-off-by: Igor Russkikh +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/aquantia/atlantic/aq_cfg.h | 4 ++-- + drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/ethernet/aquantia/atlantic/aq_cfg.h b/drivers/net/ethernet/aquantia/atlantic/aq_cfg.h +index 214986436ece..63d93d9b1299 100644 +--- a/drivers/net/ethernet/aquantia/atlantic/aq_cfg.h ++++ b/drivers/net/ethernet/aquantia/atlantic/aq_cfg.h +@@ -36,8 +36,8 @@ + #define AQ_CFG_IS_LRO_DEF 1U + + /* RSS */ +-#define AQ_CFG_RSS_INDIRECTION_TABLE_MAX 128U +-#define AQ_CFG_RSS_HASHKEY_SIZE 320U ++#define AQ_CFG_RSS_INDIRECTION_TABLE_MAX 64U ++#define AQ_CFG_RSS_HASHKEY_SIZE 40U + + #define AQ_CFG_IS_RSS_DEF 1U + #define AQ_CFG_NUM_RSS_QUEUES_DEF AQ_CFG_VECS_DEF +diff --git a/drivers/net/ethernet/aquantia/atlantic/aq_nic.c b/drivers/net/ethernet/aquantia/atlantic/aq_nic.c +index 78cdc6312ad0..33c7ed8e0666 100644 +--- a/drivers/net/ethernet/aquantia/atlantic/aq_nic.c ++++ b/drivers/net/ethernet/aquantia/atlantic/aq_nic.c +@@ -30,7 +30,7 @@ static void aq_nic_rss_init(struct aq_nic_s *self, unsigned int num_rss_queues) + struct aq_rss_parameters *rss_params = &cfg->aq_rss; + int i = 0; + +- static u8 rss_key[40] = { ++ static u8 rss_key[AQ_CFG_RSS_HASHKEY_SIZE] = { + 0x1e, 0xad, 0x71, 0x87, 0x65, 0xfc, 0x26, 0x7d, + 0x0d, 0x45, 0x67, 0x74, 0xcd, 0x06, 0x1a, 0x18, + 0xb6, 0xc1, 0xf0, 0xc7, 0xbb, 0x18, 0xbe, 0xf8, +-- +2.16.4 + diff --git a/patches.suse/net-bcmgenet-suppress-warnings-on-failed-Rx-SKB-allo.patch b/patches.suse/net-bcmgenet-suppress-warnings-on-failed-Rx-SKB-allo.patch new file mode 100644 index 0000000..4efdde8 --- /dev/null +++ b/patches.suse/net-bcmgenet-suppress-warnings-on-failed-Rx-SKB-allo.patch @@ -0,0 +1,47 @@ +From 69d5b217264c06eaa0ac58d1fbce5096b3862cbc Mon Sep 17 00:00:00 2001 +From: Doug Berger +Date: Thu, 23 Apr 2020 16:02:11 -0700 +Subject: [PATCH 3/6] net: bcmgenet: suppress warnings on failed Rx SKB + allocations +Git-commit: ecaeceb8a8a145d93c7e136f170238229165348f +References: git-fixes +Patch-mainline: v5.7-rc3 + +The driver is designed to drop Rx packets and reclaim the buffers +when an allocation fails, and the network interface needs to safely +handle this packet loss. Therefore, an allocation failure of Rx +SKBs is relatively benign. + +However, the output of the warning message occurs with a high +scheduling priority that can cause excessive jitter/latency for +other high priority processing. + +This commit suppresses the warning messages to prevent scheduling +problems while retaining the failure count in the statistics of +the network interface. + +Signed-off-by: Doug Berger +Acked-by: Florian Fainelli +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/broadcom/genet/bcmgenet.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c +index d2592e2d4cae..0067776a2cdc 100644 +--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c ++++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c +@@ -2174,7 +2174,8 @@ static struct sk_buff *bcmgenet_rx_refill(struct bcmgenet_priv *priv, + dma_addr_t mapping; + + /* Allocate a new Rx skb */ +- skb = netdev_alloc_skb(priv->dev, priv->rx_buf_len + SKB_ALIGNMENT); ++ skb = __netdev_alloc_skb(priv->dev, priv->rx_buf_len + SKB_ALIGNMENT, ++ GFP_ATOMIC | __GFP_NOWARN); + if (!skb) { + priv->mib.alloc_rx_buff_failed++; + netif_err(priv, rx_err, priv->dev, +-- +2.16.4 + diff --git a/patches.suse/net-bmac-Fix-read-of-MAC-address-from-ROM.patch b/patches.suse/net-bmac-Fix-read-of-MAC-address-from-ROM.patch new file mode 100644 index 0000000..325e575 --- /dev/null +++ b/patches.suse/net-bmac-Fix-read-of-MAC-address-from-ROM.patch @@ -0,0 +1,42 @@ +From e676963003245bbe19f8feb4ea37dd0e7c1b1101 Mon Sep 17 00:00:00 2001 +From: Jeremy Kerr +Date: Tue, 19 May 2020 09:05:58 +0800 +Subject: [PATCH] net: bmac: Fix read of MAC address from ROM +Git-commit: ef01cee2ee1b369c57a936166483d40942bcc3e3 +Patch-mainline: v5.7-rc7 +References: git-fixes + +In bmac_get_station_address, We're reading two bytes at a time from ROM, +but we do that six times, resulting in 12 bytes of read & writes. This +means we will write off the end of the six-byte destination buffer. + +This change fixes the for-loop to only read/write six bytes. + +Based on a proposed fix from Finn Thain . + +Signed-off-by: Jeremy Kerr +Reported-by: Stan Johnson +Tested-by: Stan Johnson +Reported-by: Finn Thain +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/apple/bmac.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/apple/bmac.c b/drivers/net/ethernet/apple/bmac.c +index 2b2d87089987..699a8c35d3fd 100644 +--- a/drivers/net/ethernet/apple/bmac.c ++++ b/drivers/net/ethernet/apple/bmac.c +@@ -1187,7 +1187,7 @@ bmac_get_station_address(struct net_device *dev, unsigned char *ea) + int i; + unsigned short data; + +- for (i = 0; i < 6; i++) ++ for (i = 0; i < 3; i++) + { + reset_and_select_srom(dev); + data = read_srom(dev, i + EnetAddressOffset/2, SROMAddressBits); +-- +2.16.4 + diff --git a/patches.suse/net-dsa-mv88e6xxx-Allow-dsa-and-cpu-ports-in-multipl.patch b/patches.suse/net-dsa-mv88e6xxx-Allow-dsa-and-cpu-ports-in-multipl.patch new file mode 100644 index 0000000..e28caf5 --- /dev/null +++ b/patches.suse/net-dsa-mv88e6xxx-Allow-dsa-and-cpu-ports-in-multipl.patch @@ -0,0 +1,40 @@ +From 1b0ee24f3a203013faab6fb59f7fce93d21b3a03 Mon Sep 17 00:00:00 2001 +From: Andrew Lunn +Date: Mon, 25 Sep 2017 23:32:20 +0200 +Subject: [PATCH] net: dsa: mv88e6xxx: Allow dsa and cpu ports in multiple + vlans +Git-commit: db06ae41945b14feb7f696dcafe8048cc37e8a20 +References: git-fixes +Patch-mainline: v4.14-rc4 + +Ports with the same VLAN must all be in the same bridge. However the +CPU and DSA ports need to be in multiple VLANs spread over multiple +bridges. So exclude them when performing this test. + +Fixes: b2f81d304cee ("net: dsa: add CPU and DSA ports as VLAN members") +Signed-off-by: Andrew Lunn +Reviewed-by: Vivien Didelot +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/dsa/mv88e6xxx/chip.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c +index d18b563b3e4a..b5eacd58ccd9 100644 +--- a/drivers/net/dsa/mv88e6xxx/chip.c ++++ b/drivers/net/dsa/mv88e6xxx/chip.c +@@ -1429,6 +1429,10 @@ static int mv88e6xxx_port_check_hw_vlan(struct dsa_switch *ds, int port, + }; + int i, err; + ++ /* DSA and CPU ports have to be members of multiple vlans */ ++ if (dsa_is_dsa_port(ds, port) || dsa_is_cpu_port(ds, port)) ++ return 0; ++ + if (!vid_begin) + return -EOPNOTSUPP; + +-- +2.16.4 + diff --git a/patches.suse/net-ethernet-freescale-rework-quiesce-activate-for-u.patch b/patches.suse/net-ethernet-freescale-rework-quiesce-activate-for-u.patch new file mode 100644 index 0000000..e0b15bb --- /dev/null +++ b/patches.suse/net-ethernet-freescale-rework-quiesce-activate-for-u.patch @@ -0,0 +1,77 @@ +From a172507090f97b255ac1f6bdad2712f133dfedee Mon Sep 17 00:00:00 2001 +From: Valentin Longchamp +Date: Wed, 20 May 2020 17:53:50 +0200 +Subject: [PATCH] net/ethernet/freescale: rework quiesce/activate for ucc_geth +Git-commit: 79dde73cf9bcf1dd317a2667f78b758e9fe139ed +Patch-mainline: v5.7-rc7 +References: git-fixes + +ugeth_quiesce/activate are used to halt the controller when there is a +link change that requires to reconfigure the mac. + +The previous implementation called netif_device_detach(). This however +causes the initial activation of the netdevice to fail precisely because +it's detached. For details, see [1]. + +A possible workaround was the revert of commit +net: linkwatch: add check for netdevice being present to linkwatch_do_dev +However, the check introduced in the above commit is correct and shall be +kept. + +The netif_device_detach() is thus replaced with +netif_tx_stop_all_queues() that prevents any tranmission. This allows to +perform mac config change required by the link change, without detaching +the corresponding netdevice and thus not preventing its initial +activation. + +[1] https://lists.openwall.net/netdev/2020/01/08/201 + +Signed-off-by: Valentin Longchamp +Acked-by: Matteo Ghidoni +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/freescale/ucc_geth.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/drivers/net/ethernet/freescale/ucc_geth.c b/drivers/net/ethernet/freescale/ucc_geth.c +index 168720d5b476..c3781334ada2 100644 +--- a/drivers/net/ethernet/freescale/ucc_geth.c ++++ b/drivers/net/ethernet/freescale/ucc_geth.c +@@ -45,6 +45,7 @@ + #include + #include + #include ++#include + + #include "ucc_geth.h" + +@@ -1551,11 +1552,8 @@ static int ugeth_disable(struct ucc_geth_private *ugeth, enum comm_dir mode) + + static void ugeth_quiesce(struct ucc_geth_private *ugeth) + { +- /* Prevent any further xmits, plus detach the device. */ +- netif_device_detach(ugeth->ndev); +- +- /* Wait for any current xmits to finish. */ +- netif_tx_disable(ugeth->ndev); ++ /* Prevent any further xmits */ ++ netif_tx_stop_all_queues(ugeth->ndev); + + /* Disable the interrupt to avoid NAPI rescheduling. */ + disable_irq(ugeth->ug_info->uf_info.irq); +@@ -1568,7 +1566,10 @@ static void ugeth_activate(struct ucc_geth_private *ugeth) + { + napi_enable(&ugeth->napi); + enable_irq(ugeth->ug_info->uf_info.irq); +- netif_device_attach(ugeth->ndev); ++ ++ /* allow to xmit again */ ++ netif_tx_wake_all_queues(ugeth->ndev); ++ __netdev_watchdog_up(ugeth->ndev); + } + + /* Called every time the controller might need to be made +-- +2.16.4 + diff --git a/patches.suse/net-mlx5e-Set-of-completion-request-bit-should-not-c.patch b/patches.suse/net-mlx5e-Set-of-completion-request-bit-should-not-c.patch new file mode 100644 index 0000000..6c209cd --- /dev/null +++ b/patches.suse/net-mlx5e-Set-of-completion-request-bit-should-not-c.patch @@ -0,0 +1,41 @@ +From 3466bc0bd87d8890b28df529afcc4994a24321a1 Mon Sep 17 00:00:00 2001 +From: Tariq Toukan +Date: Tue, 18 Feb 2020 12:27:25 +0200 +Subject: [PATCH 2/6] net/mlx5e: Set of completion request bit should not clear + other adjacent bits +Git-commit: 82fe2996419830b0bb2c7e1f2fed2d3a8a1a65cd +References: git-fixes +Patch-mainline: v5.8-rc1 + +In notify HW (ring doorbell) flow, we set the bit to request a completion +on the TX descriptor. +When doing so, we should not unset other bits in the same byte. +Currently, this does not fix a real issue, as we still don't have a flow +where both MLX5_WQE_CTRL_CQ_UPDATE and any adjacent bit are set together. + +Fixes: 542578c67936 ("net/mlx5e: Move helper functions to a new txrx datapath header") +Fixes: 864b2d715300 ("net/mlx5e: Generalize tx helper functions for different SQ types") +Signed-off-by: Tariq Toukan +Reviewed-by: Aya Levin +Signed-off-by: Saeed Mahameed +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/mellanox/mlx5/core/en.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en.h b/drivers/net/ethernet/mellanox/mlx5/core/en.h +index 7d9f8555fa20..93f776424584 100644 +--- a/drivers/net/ethernet/mellanox/mlx5/core/en.h ++++ b/drivers/net/ethernet/mellanox/mlx5/core/en.h +@@ -874,7 +874,7 @@ void mlx5e_notify_hw(struct mlx5_wq_cyc *wq, u16 pc, + void __iomem *uar_map, + struct mlx5_wqe_ctrl_seg *ctrl) + { +- ctrl->fm_ce_se = MLX5_WQE_CTRL_CQ_UPDATE; ++ ctrl->fm_ce_se |= MLX5_WQE_CTRL_CQ_UPDATE; + /* ensure wqe is visible to device before updating doorbell record */ + dma_wmb(); + +-- +2.16.4 + diff --git a/patches.suse/net-mpls-fix-stale-pointer-if-allocation-fails-durin.patch b/patches.suse/net-mpls-fix-stale-pointer-if-allocation-fails-durin.patch new file mode 100644 index 0000000..349a8b5 --- /dev/null +++ b/patches.suse/net-mpls-fix-stale-pointer-if-allocation-fails-durin.patch @@ -0,0 +1,52 @@ +From: Jakub Kicinski +Date: Mon, 13 Feb 2023 22:53:55 -0800 +Subject: net: mpls: fix stale pointer if allocation fails during device rename +Patch-mainline: v6.2 +Git-commit: fda6c89fe3d9aca073495a664e1d5aea28cd4377 +References: bsc#1208700 CVE-2023-26545 + +lianhui reports that when MPLS fails to register the sysctl table +under new location (during device rename) the old pointers won't +get overwritten and may be freed again (double free). + +Handle this gracefully. The best option would be unregistering +the MPLS from the device completely on failure, but unfortunately +mpls_ifdown() can fail. So failing fully is also unreliable. + +Another option is to register the new table first then only +remove old one if the new one succeeds. That requires more +code, changes order of notifications and two tables may be +visible at the same time. + +sysctl point is not used in the rest of the code - set to NULL +on failures and skip unregister if already NULL. + +Reported-by: lianhui tang +Fixes: 0fae3bf018d9 ("mpls: handle device renames for per-device sysctls") +Signed-off-by: Jakub Kicinski +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + net/mpls/af_mpls.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/net/mpls/af_mpls.c ++++ b/net/mpls/af_mpls.c +@@ -1275,6 +1275,7 @@ static int mpls_dev_sysctl_register(stru + free: + kfree(table); + out: ++ mdev->sysctl = NULL; + return -ENOBUFS; + } + +@@ -1284,6 +1285,9 @@ static void mpls_dev_sysctl_unregister(s + struct net *net = dev_net(dev); + struct ctl_table *table; + ++ if (!mdev->sysctl) ++ return; ++ + table = mdev->sysctl->ctl_table_arg; + unregister_net_sysctl_table(mdev->sysctl); + kfree(table); diff --git a/patches.suse/net-qed-Reduce-RX-and-TX-default-ring-count-when-run.patch b/patches.suse/net-qed-Reduce-RX-and-TX-default-ring-count-when-run.patch new file mode 100644 index 0000000..8a9bf76 --- /dev/null +++ b/patches.suse/net-qed-Reduce-RX-and-TX-default-ring-count-when-run.patch @@ -0,0 +1,144 @@ +From 4cd1a0d26272d69f74e6b3e859514b2b5d601883 Mon Sep 17 00:00:00 2001 +From: Bhupesh Sharma +Date: Mon, 11 May 2020 15:41:41 +0530 +Subject: [PATCH] net: qed*: Reduce RX and TX default ring count when running + inside kdump kernel +Git-commit: 73e030977f7884dbe1be0018bab517e8d02760f8 +Patch-mainline: v5.8-rc1 +References: git-fixes + +Normally kdump kernel(s) run under severe memory constraint with the +basic idea being to save the crashdump vmcore reliably when the primary +kernel panics/hangs. + +Currently the qed* ethernet driver ends up consuming a lot of memory in +the kdump kernel, leading to kdump kernel panic when one tries to save +the vmcore via ssh/nfs (thus utilizing the services of the underlying +qed* network interfaces). + +An example OOM message log seen in the kdump kernel can be seen here +[1], with crashkernel size reservation of 512M. + +Using tools like memstrack (see [2]), we can track the modules taking up +the bulk of memory in the kdump kernel and organize the memory usage +output as per 'highest allocator first'. An example log for the OOM case +indicates that the qed* modules end up allocating approximately 216M +memory, which is a large part of the total crashkernel size: + + dracut-pre-pivot[676]: ======== Report format module_summary: ======== + dracut-pre-pivot[676]: Module qed using 149.6MB (2394 pages), peak allocation 149.6MB (2394 pages) + dracut-pre-pivot[676]: Module qede using 65.3MB (1045 pages), peak allocation 65.3MB (1045 pages) + +This patch reduces the default RX and TX ring count from 1024 to 64 +when running inside kdump kernel, which leads to a significant memory +saving. + +An example log with the patch applied shows the reduced memory +allocation in the kdump kernel: + dracut-pre-pivot[674]: ======== Report format module_summary: ======== + dracut-pre-pivot[674]: Module qed using 141.8MB (2268 pages), peak allocation 141.8MB (2268 pages) + <..snip..> +[dracut-pre-pivot[674]: Module qede using 4.8MB (76 pages), peak allocation 4.9MB (78 pages) + +Tested crashdump vmcore save via ssh/nfs protocol using underlying qed* +network interface after applying this patch. + +[1] OOM log: +------------ + + kworker/0:6: page allocation failure: order:6, + mode:0x60c0c0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null) + kworker/0:6 cpuset=/ mems_allowed=0 + CPU: 0 PID: 145 Comm: kworker/0:6 Not tainted 4.18.0-109.el8.aarch64 #1 + Hardware name: To be filled by O.E.M. Saber/Saber, BIOS 0ACKL025 + 01/18/2019 + Workqueue: events work_for_cpu_fn + Call trace: + dump_backtrace+0x0/0x188 + show_stack+0x24/0x30 + dump_stack+0x90/0xb4 + warn_alloc+0xf4/0x178 + __alloc_pages_nodemask+0xcac/0xd58 + alloc_pages_current+0x8c/0xf8 + kmalloc_order_trace+0x38/0x108 + qed_iov_alloc+0x40/0x248 [qed] + qed_resc_alloc+0x224/0x518 [qed] + qed_slowpath_start+0x254/0x928 [qed] + __qede_probe+0xf8/0x5e0 [qede] + qede_probe+0x68/0xd8 [qede] + local_pci_probe+0x44/0xa8 + work_for_cpu_fn+0x20/0x30 + process_one_work+0x1ac/0x3e8 + worker_thread+0x44/0x448 + kthread+0x130/0x138 + ret_from_fork+0x10/0x18 + Cannot start slowpath + qede: probe of 0000:05:00.1 failed with error -12 + +[2]. Memstrack tool: https://github.com/ryncsn/memstrack + +Cc: kexec@lists.infradead.org +Cc: linux-kernel@vger.kernel.org +Cc: Ariel Elior +Cc: GR-everest-linux-l2@marvell.com +Cc: Manish Chopra +Cc: David S. Miller +Signed-off-by: Bhupesh Sharma +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/qlogic/qede/qede.h | 2 ++ + drivers/net/ethernet/qlogic/qede/qede_main.c | 11 +++++++++-- + 2 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/qlogic/qede/qede.h b/drivers/net/ethernet/qlogic/qede/qede.h +index 787cc990e8c0..8ada3b2f8cb3 100644 +--- a/drivers/net/ethernet/qlogic/qede/qede.h ++++ b/drivers/net/ethernet/qlogic/qede/qede.h +@@ -560,12 +560,14 @@ int qede_add_tc_flower_fltr(struct qede_dev *edev, __be16 proto, + #define RX_RING_SIZE ((u16)BIT(RX_RING_SIZE_POW)) + #define NUM_RX_BDS_MAX (RX_RING_SIZE - 1) + #define NUM_RX_BDS_MIN 128 ++#define NUM_RX_BDS_KDUMP_MIN 63 + #define NUM_RX_BDS_DEF ((u16)BIT(10) - 1) + + #define TX_RING_SIZE_POW 13 + #define TX_RING_SIZE ((u16)BIT(TX_RING_SIZE_POW)) + #define NUM_TX_BDS_MAX (TX_RING_SIZE - 1) + #define NUM_TX_BDS_MIN 128 ++#define NUM_TX_BDS_KDUMP_MIN 63 + #define NUM_TX_BDS_DEF NUM_TX_BDS_MAX + + #define QEDE_MIN_PKT_LEN 64 +diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c +index 010a08a0640e..985d3ae032d3 100644 +--- a/drivers/net/ethernet/qlogic/qede/qede_main.c ++++ b/drivers/net/ethernet/qlogic/qede/qede_main.c +@@ -29,6 +29,7 @@ + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ ++#include + #include + #include + #include +@@ -721,8 +722,14 @@ static struct qede_dev *qede_alloc_etherdev(struct qed_dev *cdev, + edev->dp_module = dp_module; + edev->dp_level = dp_level; + edev->ops = qed_ops; +- edev->q_num_rx_buffers = NUM_RX_BDS_DEF; +- edev->q_num_tx_buffers = NUM_TX_BDS_DEF; ++ ++ if (is_kdump_kernel()) { ++ edev->q_num_rx_buffers = NUM_RX_BDS_KDUMP_MIN; ++ edev->q_num_tx_buffers = NUM_TX_BDS_KDUMP_MIN; ++ } else { ++ edev->q_num_rx_buffers = NUM_RX_BDS_DEF; ++ edev->q_num_tx_buffers = NUM_TX_BDS_DEF; ++ } + + DP_INFO(edev, "Allocated netdev with %d tx queues and %d rx queues\n", + info->num_queues, info->num_queues); +-- +2.16.4 + diff --git a/patches.suse/net-stmmac-Fix-sub-second-increment.patch b/patches.suse/net-stmmac-Fix-sub-second-increment.patch new file mode 100644 index 0000000..b525a78 --- /dev/null +++ b/patches.suse/net-stmmac-Fix-sub-second-increment.patch @@ -0,0 +1,77 @@ +From 767ebed3db29314ecf5b11264b048b07e50a9849 Mon Sep 17 00:00:00 2001 +From: Julien Beraud +Date: Wed, 15 Apr 2020 14:24:32 +0200 +Subject: [PATCH 1/6] net: stmmac: Fix sub-second increment +Git-commit: 91a2559c1dc5b0f7e1256d42b1508935e8eabfbf +References: git-fixes +Patch-mainline: v5.7-rc3 + +In fine adjustement mode, which is the current default, the sub-second + increment register is the number of nanoseconds that will be added to + the clock when the accumulator overflows. At each clock cycle, the + value of the addend register is added to the accumulator. + Currently, we use 20ns = 1e09ns / 50MHz as this value whatever the + frequency of the ptp clock actually is. + The adjustment is then done on the addend register, only incrementing + every X clock cycles X being the ratio between 50MHz and ptp_clock_rate + (addend = 2^32 * 50MHz/ptp_clock_rate). + This causes the following issues : + - In case the frequency of the ptp clock is inferior or equal to 50MHz, + the addend value calculation will overflow and the default + addend value will be set to 0, causing the clock to not work at + all. (For instance, for ptp_clock_rate = 50MHz, addend = 2^32). + - The resolution of the timestamping clock is limited to 20ns while it + is not needed, thus limiting the accuracy of the timestamping to + 20ns. + + Fix this by setting sub-second increment to 2e09ns / ptp_clock_rate. + It will allow to reach the minimum possible frequency for + ptp_clk_ref, which is 5MHz for GMII 1000Mps Full-Duplex by setting the + sub-second-increment to a higher value. For instance, for 25MHz, it + gives ssinc = 80ns and default_addend = 2^31. + It will also allow to use a lower value for sub-second-increment, thus + improving the timestamping accuracy with frequencies higher than + 100MHz, for instance, for 200MHz, ssinc = 10ns and default_addend = + 2^31. + +v1->v2: + - Remove modifications to the calculation of default addend, which broke + compatibility with clock frequencies for which 2000000000 / ptp_clk_freq + is not an integer. + - Modify description according to discussions. + +Signed-off-by: Julien Beraud +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c +index 41d528fbebb4..ccf7381c8bae 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c +@@ -36,12 +36,16 @@ static u32 stmmac_config_sub_second_increment(void __iomem *ioaddr, + unsigned long data; + u32 reg_value; + +- /* For GMAC3.x, 4.x versions, convert the ptp_clock to nano second +- * formula = (1/ptp_clock) * 1000000000 +- * where ptp_clock is 50MHz if fine method is used to update system ++ /* For GMAC3.x, 4.x versions, in "fine adjustement mode" set sub-second ++ * increment to twice the number of nanoseconds of a clock cycle. ++ * The calculation of the default_addend value by the caller will set it ++ * to mid-range = 2^31 when the remainder of this division is zero, ++ * which will make the accumulator overflow once every 2 ptp_clock ++ * cycles, adding twice the number of nanoseconds of a clock cycle : ++ * 2000000000ULL / ptp_clock. + */ + if (value & PTP_TCR_TSCFUPDT) +- data = (1000000000ULL / 50000000); ++ data = (2000000000ULL / ptp_clock); + else + data = (1000000000ULL / ptp_clock); + +-- +2.16.4 + diff --git a/patches.suse/net-systemport-suppress-warnings-on-failed-Rx-SKB-al.patch b/patches.suse/net-systemport-suppress-warnings-on-failed-Rx-SKB-al.patch new file mode 100644 index 0000000..4493bd3 --- /dev/null +++ b/patches.suse/net-systemport-suppress-warnings-on-failed-Rx-SKB-al.patch @@ -0,0 +1,47 @@ +From 6567613030a2ea4a42e31ba53439e90644f6528e Mon Sep 17 00:00:00 2001 +From: Doug Berger +Date: Thu, 23 Apr 2020 16:13:30 -0700 +Subject: [PATCH 4/6] net: systemport: suppress warnings on failed Rx SKB + allocations +Git-commit: 3554e54a46125030c534820c297ed7f6c3907e24 +References: git-fixes +Patch-mainline: v5.7-rc3 + +The driver is designed to drop Rx packets and reclaim the buffers +when an allocation fails, and the network interface needs to safely +handle this packet loss. Therefore, an allocation failure of Rx +SKBs is relatively benign. + +However, the output of the warning message occurs with a high +scheduling priority that can cause excessive jitter/latency for +other high priority processing. + +This commit suppresses the warning messages to prevent scheduling +problems while retaining the failure count in the statistics of +the network interface. + +Signed-off-by: Doug Berger +Acked-by: Florian Fainelli +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/broadcom/bcmsysport.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/broadcom/bcmsysport.c b/drivers/net/ethernet/broadcom/bcmsysport.c +index 7ab72ce1e1a9..14ade8906476 100644 +--- a/drivers/net/ethernet/broadcom/bcmsysport.c ++++ b/drivers/net/ethernet/broadcom/bcmsysport.c +@@ -601,7 +601,8 @@ static struct sk_buff *bcm_sysport_rx_refill(struct bcm_sysport_priv *priv, + dma_addr_t mapping; + + /* Allocate a new SKB for a new packet */ +- skb = netdev_alloc_skb(priv->netdev, RX_BUF_LENGTH); ++ skb = __netdev_alloc_skb(priv->netdev, RX_BUF_LENGTH, ++ GFP_ATOMIC | __GFP_NOWARN); + if (!skb) { + priv->mib.alloc_rx_buff_failed++; + netif_err(priv, rx_err, ndev, "SKB alloc failed\n"); +-- +2.16.4 + diff --git a/patches.suse/net-usb-cdc_mbim-avoid-altsetting-toggling-for-Teli2.patch b/patches.suse/net-usb-cdc_mbim-avoid-altsetting-toggling-for-Teli2.patch new file mode 100644 index 0000000..7ff2c29 --- /dev/null +++ b/patches.suse/net-usb-cdc_mbim-avoid-altsetting-toggling-for-Teli2.patch @@ -0,0 +1,37 @@ +From 21e8a96377e6b6debae42164605bf9dcbe5720c5 Mon Sep 17 00:00:00 2001 +From: Daniele Palmas +Date: Tue, 15 Feb 2022 12:13:35 +0100 +Subject: [PATCH] net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 +Git-commit: 21e8a96377e6b6debae42164605bf9dcbe5720c5 +References: git-fixes +Patch-mainline: v5.17-rc5 + +Add quirk CDC_MBIM_FLAG_AVOID_ALTSETTING_TOGGLE for Telit FN990 +0x1071 composition in order to avoid bind error. + +Signed-off-by: Daniele Palmas +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/cdc_mbim.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/net/usb/cdc_mbim.c b/drivers/net/usb/cdc_mbim.c +index 82bb5ed94c48..c0b8b4aa78f3 100644 +--- a/drivers/net/usb/cdc_mbim.c ++++ b/drivers/net/usb/cdc_mbim.c +@@ -659,6 +659,11 @@ static const struct usb_device_id mbim_devs[] = { + .driver_info = (unsigned long)&cdc_mbim_info_avoid_altsetting_toggle, + }, + ++ /* Telit FN990 */ ++ { USB_DEVICE_AND_INTERFACE_INFO(0x1bc7, 0x1071, USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE), ++ .driver_info = (unsigned long)&cdc_mbim_info_avoid_altsetting_toggle, ++ }, ++ + /* default entry */ + { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE), + .driver_info = (unsigned long)&cdc_mbim_info_zlp, +-- +2.39.2 + diff --git a/patches.suse/net-usb-cdc_mbim-avoid-altsetting-toggling-for-Telit.patch b/patches.suse/net-usb-cdc_mbim-avoid-altsetting-toggling-for-Telit.patch new file mode 100644 index 0000000..a1b439b --- /dev/null +++ b/patches.suse/net-usb-cdc_mbim-avoid-altsetting-toggling-for-Telit.patch @@ -0,0 +1,37 @@ +From aabbdc67f3485b5db27ab4eba01e5fbf1ffea62c Mon Sep 17 00:00:00 2001 +From: Daniele Palmas +Date: Thu, 2 Sep 2021 12:51:22 +0200 +Subject: [PATCH] net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 +Git-commit: aabbdc67f3485b5db27ab4eba01e5fbf1ffea62c +References: git-fixes +Patch-mainline: v5.15-rc1 + +Add quirk CDC_MBIM_FLAG_AVOID_ALTSETTING_TOGGLE for Telit LN920 +0x1061 composition in order to avoid bind error. + +Signed-off-by: Daniele Palmas +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/cdc_mbim.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/net/usb/cdc_mbim.c b/drivers/net/usb/cdc_mbim.c +index 4c4ab7b38d78..82bb5ed94c48 100644 +--- a/drivers/net/usb/cdc_mbim.c ++++ b/drivers/net/usb/cdc_mbim.c +@@ -654,6 +654,11 @@ static const struct usb_device_id mbim_devs[] = { + .driver_info = (unsigned long)&cdc_mbim_info_avoid_altsetting_toggle, + }, + ++ /* Telit LN920 */ ++ { USB_DEVICE_AND_INTERFACE_INFO(0x1bc7, 0x1061, USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE), ++ .driver_info = (unsigned long)&cdc_mbim_info_avoid_altsetting_toggle, ++ }, ++ + /* default entry */ + { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE), + .driver_info = (unsigned long)&cdc_mbim_info_zlp, +-- +2.39.2 + diff --git a/patches.suse/net-usb-kalmia-Don-t-pass-act_len-in-usb_bulk_msg-er.patch b/patches.suse/net-usb-kalmia-Don-t-pass-act_len-in-usb_bulk_msg-er.patch new file mode 100644 index 0000000..8a8ca04 --- /dev/null +++ b/patches.suse/net-usb-kalmia-Don-t-pass-act_len-in-usb_bulk_msg-er.patch @@ -0,0 +1,59 @@ +From c68f345b7c425b38656e1791a0486769a8797016 Mon Sep 17 00:00:00 2001 +From: Miko Larsson +Date: Fri, 10 Feb 2023 09:13:44 +0100 +Subject: [PATCH] net/usb: kalmia: Don't pass act_len in usb_bulk_msg error + path +Git-commit: c68f345b7c425b38656e1791a0486769a8797016 +References: git-fixes +Patch-mainline: v6.2 + +syzbot reported that act_len in kalmia_send_init_packet() is +uninitialized when passing it to the first usb_bulk_msg error path. Jiri +Pirko noted that it's pointless to pass it in the error path, and that +the value that would be printed in the second error path would be the +value of act_len from the first call to usb_bulk_msg.[1] + +With this in mind, let's just not pass act_len to the usb_bulk_msg error +paths. + +1: https://lore.kernel.org/lkml/Y9pY61y1nwTuzMOa@nanopsycho/ + +Fixes: d40261236e8e ("net/usb: Add Samsung Kalmia driver for Samsung GT-B3730") +Reported-and-tested-by: syzbot+cd80c5ef5121bfe85b55@syzkaller.appspotmail.com +Signed-off-by: Miko Larsson +Reviewed-by: Alexander Duyck +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/kalmia.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/usb/kalmia.c b/drivers/net/usb/kalmia.c +index 9f2b70ef39aa..613fc6910f14 100644 +--- a/drivers/net/usb/kalmia.c ++++ b/drivers/net/usb/kalmia.c +@@ -65,8 +65,8 @@ kalmia_send_init_packet(struct usbnet *dev, u8 *init_msg, u8 init_msg_len, + init_msg, init_msg_len, &act_len, KALMIA_USB_TIMEOUT); + if (status != 0) { + netdev_err(dev->net, +- "Error sending init packet. Status %i, length %i\n", +- status, act_len); ++ "Error sending init packet. Status %i\n", ++ status); + return status; + } + else if (act_len != init_msg_len) { +@@ -83,8 +83,8 @@ kalmia_send_init_packet(struct usbnet *dev, u8 *init_msg, u8 init_msg_len, + + if (status != 0) + netdev_err(dev->net, +- "Error receiving init result. Status %i, length %i\n", +- status, act_len); ++ "Error receiving init result. Status %i\n", ++ status); + else if (act_len != expected_len) + netdev_err(dev->net, "Unexpected init result length: %i\n", + act_len); +-- +2.39.2 + diff --git a/patches.suse/net-usb-lan78xx-don-t-modify-phy_device-state-concur.patch b/patches.suse/net-usb-lan78xx-don-t-modify-phy_device-state-concur.patch new file mode 100644 index 0000000..bc530c2 --- /dev/null +++ b/patches.suse/net-usb-lan78xx-don-t-modify-phy_device-state-concur.patch @@ -0,0 +1,78 @@ +From 6b67d4d63edece1033972214704c04f36c5be89a Mon Sep 17 00:00:00 2001 +From: "Ivan T. Ivanov" +Date: Wed, 4 Aug 2021 11:13:39 +0300 +Subject: [PATCH] net: usb: lan78xx: don't modify phy_device state concurrently +Git-commit: 6b67d4d63edece1033972214704c04f36c5be89a +References: git-fixes +Patch-mainline: v5.14-rc5 + +Currently phy_device state could be left in inconsistent state shown +by following alert message[1]. This is because phy_read_status could +be called concurrently from lan78xx_delayedwork, phy_state_machine and +__ethtool_get_link. Fix this by making sure that phy_device state is +updated atomically. + +[1] lan78xx 1-1.1.1:1.0 eth0: No phy led trigger registered for speed(-1) + +Signed-off-by: Ivan T. Ivanov +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/lan78xx.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c +index 25489389ea49..6d092d78e0cb 100644 +--- a/drivers/net/usb/lan78xx.c ++++ b/drivers/net/usb/lan78xx.c +@@ -1154,7 +1154,7 @@ static int lan78xx_link_reset(struct lan78xx_net *dev) + { + struct phy_device *phydev = dev->net->phydev; + struct ethtool_link_ksettings ecmd; +- int ladv, radv, ret; ++ int ladv, radv, ret, link; + u32 buf; + + /* clear LAN78xx interrupt status */ +@@ -1162,9 +1162,12 @@ static int lan78xx_link_reset(struct lan78xx_net *dev) + if (unlikely(ret < 0)) + return -EIO; + ++ mutex_lock(&phydev->lock); + phy_read_status(phydev); ++ link = phydev->link; ++ mutex_unlock(&phydev->lock); + +- if (!phydev->link && dev->link_on) { ++ if (!link && dev->link_on) { + dev->link_on = false; + + /* reset MAC */ +@@ -1177,7 +1180,7 @@ static int lan78xx_link_reset(struct lan78xx_net *dev) + return -EIO; + + del_timer(&dev->stat_monitor); +- } else if (phydev->link && !dev->link_on) { ++ } else if (link && !dev->link_on) { + dev->link_on = true; + + phy_ethtool_ksettings_get(phydev, &ecmd); +@@ -1466,9 +1469,14 @@ static int lan78xx_set_eee(struct net_device *net, struct ethtool_eee *edata) + + static u32 lan78xx_get_link(struct net_device *net) + { ++ u32 link; ++ ++ mutex_lock(&net->phydev->lock); + phy_read_status(net->phydev); ++ link = net->phydev->link; ++ mutex_unlock(&net->phydev->lock); + +- return net->phydev->link; ++ return link; + } + + static void lan78xx_get_drvinfo(struct net_device *net, +-- +2.39.2 + diff --git a/patches.suse/net-usb-qmi_wwan-Add-support-for-Dell-DW5829e.patch b/patches.suse/net-usb-qmi_wwan-Add-support-for-Dell-DW5829e.patch new file mode 100644 index 0000000..e13d09b --- /dev/null +++ b/patches.suse/net-usb-qmi_wwan-Add-support-for-Dell-DW5829e.patch @@ -0,0 +1,64 @@ +From 8ecbb179286cbc91810c16caeb3396e06305cd0c Mon Sep 17 00:00:00 2001 +From: Slark Xiao +Date: Wed, 9 Feb 2022 10:47:17 +0800 +Subject: [PATCH] net: usb: qmi_wwan: Add support for Dell DW5829e +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 8ecbb179286cbc91810c16caeb3396e06305cd0c +References: git-fixes +Patch-mainline: v5.17-rc4 + +Dell DW5829e same as DW5821e except the CAT level. +DW5821e supports CAT16 but DW5829e supports CAT9. +Also, DW5829e includes normal and eSIM type. +Please see below test evidence: + +T: Bus=04 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 5 Spd=5000 MxCh= 0 +D: Ver= 3.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS= 9 #Cfgs= 1 +P: Vendor=413c ProdID=81e6 Rev=03.18 +S: Manufacturer=Dell Inc. +S: Product=DW5829e Snapdragon X20 LTE +S: SerialNumber=0123456789ABCDEF +C: #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=896mA +I: If#=0x0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan +I: If#=0x1 Alt= 0 #EPs= 1 Cls=03(HID ) Sub=00 Prot=00 Driver=usbhid +I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option +I: If#=0x3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option +I: If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option +I: If#=0x5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option + +T: Bus=04 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 7 Spd=5000 MxCh= 0 +D: Ver= 3.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS= 9 #Cfgs= 1 +P: Vendor=413c ProdID=81e4 Rev=03.18 +S: Manufacturer=Dell Inc. +S: Product=DW5829e-eSIM Snapdragon X20 LTE +S: SerialNumber=0123456789ABCDEF +C: #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=896mA +I: If#=0x0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan +I: If#=0x1 Alt= 0 #EPs= 1 Cls=03(HID ) Sub=00 Prot=00 Driver=usbhid +I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option +I: If#=0x3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option +I: If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option +I: If#=0x5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option + +Signed-off-by: Slark Xiao +Acked-by: Bjørn Mork +Link: https://lore.kernel.org/r/20220209024717.8564-1-slark_xiao@163.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/qmi_wwan.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/net/usb/qmi_wwan.c ++++ b/drivers/net/usb/qmi_wwan.c +@@ -1349,6 +1349,8 @@ static const struct usb_device_id produc + {QMI_FIXED_INTF(0x413c, 0x81d7, 0)}, /* Dell Wireless 5821e */ + {QMI_FIXED_INTF(0x413c, 0x81d7, 1)}, /* Dell Wireless 5821e preproduction config */ + {QMI_FIXED_INTF(0x413c, 0x81e0, 0)}, /* Dell Wireless 5821e with eSIM support*/ ++ {QMI_FIXED_INTF(0x413c, 0x81e4, 0)}, /* Dell Wireless 5829e with eSIM support*/ ++ {QMI_FIXED_INTF(0x413c, 0x81e6, 0)}, /* Dell Wireless 5829e */ + {QMI_FIXED_INTF(0x03f0, 0x4e1d, 8)}, /* HP lt4111 LTE/EV-DO/HSPA+ Gobi 4G Module */ + {QMI_FIXED_INTF(0x03f0, 0x9d1d, 1)}, /* HP lt4120 Snapdragon X5 LTE */ + {QMI_FIXED_INTF(0x22de, 0x9061, 3)}, /* WeTelecom WPD-600N */ diff --git a/patches.suse/net-usb-qmi_wwan-add-Quectel-RM520N.patch b/patches.suse/net-usb-qmi_wwan-add-Quectel-RM520N.patch new file mode 100644 index 0000000..e5e6637 --- /dev/null +++ b/patches.suse/net-usb-qmi_wwan-add-Quectel-RM520N.patch @@ -0,0 +1,66 @@ +From e1091e226a2bab4ded1fe26efba2aee1aab06450 Mon Sep 17 00:00:00 2001 +From: "jerry.meng" +Date: Mon, 5 Sep 2022 09:24:52 +0800 +Subject: [PATCH] net: usb: qmi_wwan: add Quectel RM520N +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: e1091e226a2bab4ded1fe26efba2aee1aab06450 +References: git-fixes +Patch-mainline: v6.0-rc5 + +add support for Quectel RM520N which is based on Qualcomm SDX62 chip. + +0x0801: DIAG + NMEA + AT + MODEM + RMNET + +T: Bus=03 Lev=01 Prnt=01 Port=01 Cnt=02 Dev#= 10 Spd=480 MxCh= 0 +D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 +P: Vendor=2c7c ProdID=0801 Rev= 5.04 +S: Manufacturer=Quectel +S: Product=RM520N-GL +S: SerialNumber=384af524 +C:* #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA +I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option +E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms +E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms +I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=40 Driver=option +E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms +E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms +E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms +I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option +E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms +E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms +E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms +I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option +E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms +E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms +E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms +I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan +E: Ad=88(I) Atr=03(Int.) MxPS= 8 Ivl=32ms +E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms +E: Ad=0f(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms + +Signed-off-by: jerry.meng +Acked-by: Bjørn Mork +Link: https://lore.kernel.org/r/tencent_E50CA8A206904897C2D20DDAE90731183C05@qq.com +Signed-off-by: Paolo Abeni +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/qmi_wwan.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c +index 709e3c59e340..0cb187def5bc 100644 +--- a/drivers/net/usb/qmi_wwan.c ++++ b/drivers/net/usb/qmi_wwan.c +@@ -1087,6 +1087,7 @@ static const struct usb_device_id products[] = { + {QMI_MATCH_FF_FF_FF(0x2c7c, 0x0512)}, /* Quectel EG12/EM12 */ + {QMI_MATCH_FF_FF_FF(0x2c7c, 0x0620)}, /* Quectel EM160R-GL */ + {QMI_MATCH_FF_FF_FF(0x2c7c, 0x0800)}, /* Quectel RM500Q-GL */ ++ {QMI_MATCH_FF_FF_FF(0x2c7c, 0x0801)}, /* Quectel RM520N */ + + /* 3. Combined interface devices matching on interface number */ + {QMI_FIXED_INTF(0x0408, 0xea42, 4)}, /* Yota / Megafon M100-1 */ +-- +2.39.2 + diff --git a/patches.suse/net-usb-sr9700-Handle-negative-len.patch b/patches.suse/net-usb-sr9700-Handle-negative-len.patch new file mode 100644 index 0000000..d50e938 --- /dev/null +++ b/patches.suse/net-usb-sr9700-Handle-negative-len.patch @@ -0,0 +1,41 @@ +From ecf7cf8efb59789e2b21d2f9ab926142579092b2 Mon Sep 17 00:00:00 2001 +From: Szymon Heidrich +Date: Sat, 14 Jan 2023 19:23:26 +0100 +Subject: [PATCH] net: usb: sr9700: Handle negative len +Git-commit: ecf7cf8efb59789e2b21d2f9ab926142579092b2 +Patch-mainline: v6.2-rc5 +References: git-fixes + +Packet len computed as difference of length word extracted from +skb data and four may result in a negative value. In such case +processing of the buffer should be interrupted rather than +setting sr_skb->len to an unexpectedly large value (due to cast +from signed to unsigned integer) and passing sr_skb to +usbnet_skb_return. + +Fixes: e9da0b56fe27 ("sr9700: sanity check for packet length") +Signed-off-by: Szymon Heidrich +Link: https://lore.kernel.org/r/20230114182326.30479-1-szymon.heidrich@gmail.com +Signed-off-by: Paolo Abeni +Signed-off-by: Oliver Neukum + +--- + drivers/net/usb/sr9700.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/usb/sr9700.c b/drivers/net/usb/sr9700.c +index 5a53e63d33a6..3164451e1010 100644 +--- a/drivers/net/usb/sr9700.c ++++ b/drivers/net/usb/sr9700.c +@@ -413,7 +413,7 @@ static int sr9700_rx_fixup(struct usbnet *dev, struct sk_buff *skb) + /* ignore the CRC length */ + len = (skb->data[1] | (skb->data[2] << 8)) - 4; + +- if (len > ETH_FRAME_LEN || len > skb->len) ++ if (len > ETH_FRAME_LEN || len > skb->len || len < 0) + return 0; + + /* the last packet of current skb */ +-- +2.35.3 + diff --git a/patches.suse/netfilter-ipvs-Fix-inappropriate-output-of-procfs.patch b/patches.suse/netfilter-ipvs-Fix-inappropriate-output-of-procfs.patch new file mode 100644 index 0000000..c3e1455 --- /dev/null +++ b/patches.suse/netfilter-ipvs-Fix-inappropriate-output-of-procfs.patch @@ -0,0 +1,80 @@ +From dbec498cb2cbb56a64e649972b54868388b6a805 Mon Sep 17 00:00:00 2001 +From: KUWAZAWA Takuya +Date: Sun, 15 Oct 2017 20:54:10 +0900 +Subject: [PATCH 6/7] netfilter: ipvs: Fix inappropriate output of procfs +Git-commit: c5504f724c86ee925e7ffb80aa342cfd57959b13 +Patch-mainline: v4.15-rc1 +References: git-fixes + +Information about ipvs in different network namespace can be seen via procfs. + +How to reproduce: + + # ip netns add ns01 + # ip netns add ns02 + # ip netns exec ns01 ip a add dev lo 127.0.0.1/8 + # ip netns exec ns02 ip a add dev lo 127.0.0.1/8 + # ip netns exec ns01 ipvsadm -A -t 10.1.1.1:80 + # ip netns exec ns02 ipvsadm -A -t 10.1.1.2:80 + +The ipvsadm displays information about its own network namespace only. + + # ip netns exec ns01 ipvsadm -Ln + IP Virtual Server version 1.2.1 (size=4096) + Prot LocalAddress:Port Scheduler Flags + -> RemoteAddress:Port Forward Weight ActiveConn InActConn + TCP 10.1.1.1:80 wlc + + # ip netns exec ns02 ipvsadm -Ln + IP Virtual Server version 1.2.1 (size=4096) + Prot LocalAddress:Port Scheduler Flags + -> RemoteAddress:Port Forward Weight ActiveConn InActConn + TCP 10.1.1.2:80 wlc + +But I can see information about other network namespace via procfs. + + # ip netns exec ns01 cat /proc/net/ip_vs + IP Virtual Server version 1.2.1 (size=4096) + Prot LocalAddress:Port Scheduler Flags + -> RemoteAddress:Port Forward Weight ActiveConn InActConn + TCP 0A010101:0050 wlc + TCP 0A010102:0050 wlc + + # ip netns exec ns02 cat /proc/net/ip_vs + IP Virtual Server version 1.2.1 (size=4096) + Prot LocalAddress:Port Scheduler Flags + -> RemoteAddress:Port Forward Weight ActiveConn InActConn + TCP 0A010102:0050 wlc + +Signed-off-by: KUWAZAWA Takuya +Acked-by: Julian Anastasov +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Denis Kirjanov +--- + net/netfilter/ipvs/ip_vs_ctl.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c +index 3e75b4f15784..281f6c57944c 100644 +--- a/net/netfilter/ipvs/ip_vs_ctl.c ++++ b/net/netfilter/ipvs/ip_vs_ctl.c +@@ -2037,12 +2037,16 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) + seq_puts(seq, + " -> RemoteAddress:Port Forward Weight ActiveConn InActConn\n"); + } else { ++ struct net *net = seq_file_net(seq); ++ struct netns_ipvs *ipvs = net_ipvs(net); + const struct ip_vs_service *svc = v; + const struct ip_vs_iter *iter = seq->private; + const struct ip_vs_dest *dest; + struct ip_vs_scheduler *sched = rcu_dereference(svc->scheduler); + char *sched_name = sched ? sched->name : "none"; + ++ if (svc->ipvs != ipvs) ++ return 0; + if (iter->table == ip_vs_svc_table) { + #ifdef CONFIG_IP_VS_IPV6 + if (svc->af == AF_INET6) +-- +2.16.4 + diff --git a/patches.suse/netfilter-xt_connlimit-don-t-store-address-in-the-co.patch b/patches.suse/netfilter-xt_connlimit-don-t-store-address-in-the-co.patch new file mode 100644 index 0000000..92d5190 --- /dev/null +++ b/patches.suse/netfilter-xt_connlimit-don-t-store-address-in-the-co.patch @@ -0,0 +1,51 @@ +From 86babfe48324ef6063c9e5eba38f25453fd53993 Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Sun, 15 Oct 2017 11:00:34 +0200 +Subject: [PATCH 5/7] netfilter: xt_connlimit: don't store address in the conn + nodes +Git-commit: ce49480dba8666cba0106e8e31a942c9ce4c438a +Patch-mainline: v4.15-rc1 +References: git-fixes + +Only stored, never read. This is a leftover from commit 7d08487777c8 +("netfilter: connlimit: use rbtree for per-host conntrack obj storage"), +which added the rbtree node struct that stores the address instead. + +Signed-off-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Denis Kirjanov +--- + net/netfilter/xt_connlimit.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c +index b8fd4ab762ed..89640b1a6527 100644 +--- a/net/netfilter/xt_connlimit.c ++++ b/net/netfilter/xt_connlimit.c +@@ -46,7 +46,6 @@ + struct xt_connlimit_conn { + struct hlist_node node; + struct nf_conntrack_tuple tuple; +- union nf_inet_addr addr; + }; + + struct xt_connlimit_rb { +@@ -126,7 +125,6 @@ static bool add_hlist(struct hlist_head *head, + if (conn == NULL) + return false; + conn->tuple = *tuple; +- conn->addr = *addr; + hlist_add_head(&conn->node, head); + return true; + } +@@ -274,7 +272,6 @@ count_tree(struct net *net, struct rb_root *root, + } + + conn->tuple = *tuple; +- conn->addr = *addr; + rbconn->addr = *addr; + + INIT_HLIST_HEAD(&rbconn->hhead); +-- +2.16.4 + diff --git a/patches.suse/nfs-Fix-nfsi-nrequests-count-error-on-nfs_inode_remo.patch b/patches.suse/nfs-Fix-nfsi-nrequests-count-error-on-nfs_inode_remo.patch new file mode 100644 index 0000000..28413b4 --- /dev/null +++ b/patches.suse/nfs-Fix-nfsi-nrequests-count-error-on-nfs_inode_remo.patch @@ -0,0 +1,88 @@ +From: ZhangXiaoxu +Date: Thu, 26 Sep 2019 14:29:38 +0800 +Subject: [PATCH] nfs: Fix nfsi->nrequests count error on + nfs_inode_remove_request +Git-commit: 33ea5aaa87cdae0f9af4d6b7ee4f650a1a36fd1d +Patch-mainline: v5.4 +References: git-fixes + +When xfstests testing, there are some WARNING as below: + +Warning: CPU: 0 PID: 6235 at fs/nfs/inode.c:122 nfs_clear_inode+0x9c/0xd8 +Modules linked in: +Cpu: 0 PID: 6235 Comm: umount.nfs +Hardware name: linux,dummy-virt (DT) +Pstate: 60000005 (nZCv daif -PAN -UAO) +pc : nfs_clear_inode+0x9c/0xd8 +lr : nfs_evict_inode+0x60/0x78 +sp : fffffc000f68fc00 +X29: fffffc000f68fc00 x28: fffffe00c53155c0 +X27: fffffe00c5315000 x26: fffffc0009a63748 +X25: fffffc000f68fd18 x24: fffffc000bfaaf40 +X23: fffffc000936d3c0 x22: fffffe00c4ff5e20 +X21: fffffc000bfaaf40 x20: fffffe00c4ff5d10 +X19: fffffc000c056000 x18: 000000000000003c +X17: 0000000000000000 x16: 0000000000000000 +X15: 0000000000000040 x14: 0000000000000228 +X13: fffffc000c3a2000 x12: 0000000000000045 +X11: 0000000000000000 x10: 0000000000000000 +x9 : 0000000000000000 x8 : 0000000000000000 +x7 : 0000000000000000 x6 : fffffc00084b027c +x5 : fffffc0009a64000 x4 : fffffe00c0e77400 +x3 : fffffc000c0563a8 x2 : fffffffffffffffb +x1 : 000000000000764e x0 : 0000000000000001 +Call trace: + nfs_clear_inode+0x9c/0xd8 + nfs_evict_inode+0x60/0x78 + evict+0x108/0x380 + dispose_list+0x70/0xa0 + evict_inodes+0x194/0x210 + generic_shutdown_super+0xb0/0x220 + nfs_kill_super+0x40/0x88 + deactivate_locked_super+0xb4/0x120 + deactivate_super+0x144/0x160 + cleanup_mnt+0x98/0x148 + __cleanup_mnt+0x38/0x50 + task_work_run+0x114/0x160 + do_notify_resume+0x2f8/0x308 + work_pending+0x8/0x14 + +The nrequest should be increased/decreased only if PG_INODE_REF flag +was setted. + +But in the nfs_inode_remove_request function, it maybe decrease when +no PG_INODE_REF flag, this maybe lead nrequests count error. + +Reported-by: Hulk Robot +Signed-off-by: ZhangXiaoxu +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/write.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/fs/nfs/write.c ++++ b/fs/nfs/write.c +@@ -820,16 +820,16 @@ static void nfs_inode_remove_request(str + ClearPagePrivate(head->wb_page); + clear_bit(PG_MAPPED, &head->wb_flags); + } +- nfsi->nrequests--; +- spin_unlock(&inode->i_lock); + } else { + spin_lock(&inode->i_lock); +- nfsi->nrequests--; +- spin_unlock(&inode->i_lock); + } + +- if (test_and_clear_bit(PG_INODE_REF, &req->wb_flags)) ++ if (test_and_clear_bit(PG_INODE_REF, &req->wb_flags)) { ++ nfsi->nrequests--; ++ spin_unlock(&inode->i_lock); + nfs_release_request(req); ++ } else ++ spin_unlock(&inode->i_lock); + } + + static void diff --git a/patches.suse/nfsd-fix-handling-of-readdir-in-v4root-vs.-mount-upc.patch b/patches.suse/nfsd-fix-handling-of-readdir-in-v4root-vs.-mount-upc.patch new file mode 100644 index 0000000..ce3d5b1 --- /dev/null +++ b/patches.suse/nfsd-fix-handling-of-readdir-in-v4root-vs.-mount-upc.patch @@ -0,0 +1,52 @@ +From: Jeff Layton +Date: Tue, 13 Dec 2022 13:08:26 -0500 +Subject: [PATCH] nfsd: fix handling of readdir in v4root vs. mount upcall + timeout +Git-commit: cad853374d85fe678d721512cecfabd7636e51f3 +Patch-mainline: v6.2 +References: git-fixes + +If v4 READDIR operation hits a mountpoint and gets back an error, +then it will include that entry in the reply and set RDATTR_ERROR for it +to the error. + +That's fine for "normal" exported filesystems, but on the v4root, we +need to be more careful to only expose the existence of dentries that +lead to exports. + +If the mountd upcall times out while checking to see whether a +mountpoint on the v4root is exported, then we have no recourse other +than to fail the whole operation. + +Cc: Steve Dickson +Link: https://bugzilla.kernel.org/show_bug.cgi?id=216777 +Reported-by: JianHong Yin +Signed-off-by: Jeff Layton +Signed-off-by: Chuck Lever +Cc: +Acked-by: NeilBrown + +--- + fs/nfsd/nfs4xdr.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -3032,6 +3032,17 @@ nfsd4_encode_dirent(void *ccdv, const ch + case nfserr_noent: + xdr_truncate_encode(xdr, start_offset); + goto skip_entry; ++ case nfserr_jukebox: ++ /* ++ * The pseudoroot should only display dentries that lead to ++ * exports. If we get EJUKEBOX here, then we can't tell whether ++ * this entry should be included. Just fail the whole READDIR ++ * with NFS4ERR_DELAY in that case, and hope that the situation ++ * will resolve itself by the client's next attempt. ++ */ ++ if (cd->rd_fhp->fh_export->ex_flags & NFSEXP_V4ROOT) ++ goto fail; ++ /* fallthrough */ + default: + /* + * If the client requested the RDATTR_ERROR attribute, diff --git a/patches.suse/nfsd-fix-race-to-check-ls_layouts.patch b/patches.suse/nfsd-fix-race-to-check-ls_layouts.patch new file mode 100644 index 0000000..cf0f00e --- /dev/null +++ b/patches.suse/nfsd-fix-race-to-check-ls_layouts.patch @@ -0,0 +1,40 @@ +From: Benjamin Coddington +Date: Fri, 27 Jan 2023 11:18:56 -0500 +Subject: [PATCH] nfsd: fix race to check ls_layouts +Git-commit: fb610c4dbc996415d57d7090957ecddd4fd64fb6 +Patch-mainline: v6.3 +References: git-fixes + +Its possible for __break_lease to find the layout's lease before we've +added the layout to the owner's ls_layouts list. In that case, setting +ls_recalled = true without actually recalling the layout will cause the +server to never send a recall callback. + +Move the check for ls_layouts before setting ls_recalled. + +Fixes: c5c707f96fc9 ("nfsd: implement pNFS layout recalls") +Signed-off-by: Benjamin Coddington +Reviewed-by: Jeff Layton +Signed-off-by: Chuck Lever +Acked-by: NeilBrown + +--- + fs/nfsd/nfs4layouts.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/nfsd/nfs4layouts.c ++++ b/fs/nfsd/nfs4layouts.c +@@ -328,11 +328,11 @@ nfsd4_recall_file_layout(struct nfs4_lay + if (ls->ls_recalled) + goto out_unlock; + +- ls->ls_recalled = true; +- atomic_inc(&ls->ls_stid.sc_file->fi_lo_recalls); + if (list_empty(&ls->ls_layouts)) + goto out_unlock; + ++ ls->ls_recalled = true; ++ atomic_inc(&ls->ls_stid.sc_file->fi_lo_recalls); + trace_layout_recall(&ls->ls_stid.sc_stateid); + + atomic_inc(&ls->ls_stid.sc_count); diff --git a/patches.suse/nfsd-under-NFSv4.1-fix-double-svc_xprt_put-on-rpc_cr.patch b/patches.suse/nfsd-under-NFSv4.1-fix-double-svc_xprt_put-on-rpc_cr.patch new file mode 100644 index 0000000..73afd72 --- /dev/null +++ b/patches.suse/nfsd-under-NFSv4.1-fix-double-svc_xprt_put-on-rpc_cr.patch @@ -0,0 +1,82 @@ +From: Dan Aloni +Date: Mon, 12 Dec 2022 13:11:06 +0200 +Subject: [PATCH] nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create + failure +Git-commit: 3bc8edc98bd43540dbe648e4ef91f443d6d20a24 +Patch-mainline: v6.2 +References: git-fixes + +On error situation `clp->cl_cb_conn.cb_xprt` should not be given +a reference to the xprt otherwise both client cleanup and the +error handling path of the caller call to put it. Better to +delay handing over the reference to a later branch. + +[ 72.530665] refcount_t: underflow; use-after-free. +[ 72.531933] WARNING: CPU: 0 PID: 173 at lib/refcount.c:28 refcount_warn_saturate+0xcf/0x120 +[ 72.533075] Modules linked in: nfsd(OE) nfsv4(OE) nfsv3(OE) nfs(OE) lockd(OE) compat_nfs_ssc(OE) nfs_acl(OE) rpcsec_gss_krb5(OE) auth_rpcgss(OE) rpcrdma(OE) dns_resolver fscache netfs grace rdma_cm iw_cm ib_cm sunrpc(OE) mlx5_ib mlx5_core mlxfw pci_hyperv_intf ib_uverbs ib_core xt_MASQUERADE nf_conntrack_netlink nft_counter xt_addrtype nft_compat br_netfilter bridge stp llc nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set overlay nf_tables nfnetlink crct10dif_pclmul crc32_pclmul ghash_clmulni_intel xfs serio_raw virtio_net virtio_blk net_failover failover fuse [last unloaded: sunrpc] +[ 72.540389] CPU: 0 PID: 173 Comm: kworker/u16:5 Tainted: G OE 5.15.82-dan #1 +[ 72.541511] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.16.0-3.module+el8.7.0+1084+97b81f61 04/01/2014 +[ 72.542717] Workqueue: nfsd4_callbacks nfsd4_run_cb_work [nfsd] +[ 72.543575] RIP: 0010:refcount_warn_saturate+0xcf/0x120 +[ 72.544299] Code: 55 00 0f 0b 5d e9 01 50 98 00 80 3d 75 9e 39 08 00 0f 85 74 ff ff ff 48 c7 c7 e8 d1 60 8e c6 05 61 9e 39 08 01 e8 f6 51 55 00 <0f> 0b 5d e9 d9 4f 98 00 80 3d 4b 9e 39 08 00 0f 85 4c ff ff ff 48 +[ 72.546666] RSP: 0018:ffffb3f841157cf0 EFLAGS: 00010286 +[ 72.547393] RAX: 0000000000000026 RBX: ffff89ac6231d478 RCX: 0000000000000000 +[ 72.548324] RDX: ffff89adb7c2c2c0 RSI: ffff89adb7c205c0 RDI: ffff89adb7c205c0 +[ 72.549271] RBP: ffffb3f841157cf0 R08: 0000000000000000 R09: c0000000ffefffff +[ 72.550209] R10: 0000000000000001 R11: ffffb3f841157ad0 R12: ffff89ac6231d180 +[ 72.551142] R13: ffff89ac6231d478 R14: ffff89ac40c06180 R15: ffff89ac6231d4b0 +[ 72.552089] FS: 0000000000000000(0000) GS:ffff89adb7c00000(0000) knlGS:0000000000000000 +[ 72.553175] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 72.553934] CR2: 0000563a310506a8 CR3: 0000000109a66000 CR4: 0000000000350ef0 +[ 72.554874] Call Trace: +[ 72.555278] +[ 72.555614] svc_xprt_put+0xaf/0xe0 [sunrpc] +[ 72.556276] nfsd4_process_cb_update.isra.11+0xb7/0x410 [nfsd] +[ 72.557087] ? update_load_avg+0x82/0x610 +[ 72.557652] ? cpuacct_charge+0x60/0x70 +[ 72.558212] ? dequeue_entity+0xdb/0x3e0 +[ 72.558765] ? queued_spin_unlock+0x9/0x20 +[ 72.559358] nfsd4_run_cb_work+0xfc/0x270 [nfsd] +[ 72.560031] process_one_work+0x1df/0x390 +[ 72.560600] worker_thread+0x37/0x3b0 +[ 72.561644] ? process_one_work+0x390/0x390 +[ 72.562247] kthread+0x12f/0x150 +[ 72.562710] ? set_kthread_struct+0x50/0x50 +[ 72.563309] ret_from_fork+0x22/0x30 +[ 72.563818] +[ 72.564189] ---[ end trace 031117b1c72ec616 ]--- +[ 72.566019] list_add corruption. next->prev should be prev (ffff89ac4977e538), but was ffff89ac4763e018. (next=ffff89ac4763e018). +[ 72.567647] ------------[ cut here ]------------ + +Fixes: a4abc6b12eb1 ("nfsd: Fix svc_xprt refcnt leak when setup callback client failed") +Cc: Xiyu Yang +Cc: J. Bruce Fields +Signed-off-by: Dan Aloni +Reviewed-by: Jeff Layton +Signed-off-by: Chuck Lever +Acked-by: NeilBrown + +--- + fs/nfsd/nfs4callback.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/fs/nfsd/nfs4callback.c ++++ b/fs/nfsd/nfs4callback.c +@@ -805,7 +805,6 @@ static int setup_callback_client(struct + } else { + if (!conn->cb_xprt) + return -EINVAL; +- clp->cl_cb_conn.cb_xprt = conn->cb_xprt; + clp->cl_cb_session = ses; + args.bc_xprt = conn->cb_xprt; + args.prognumber = clp->cl_cb_session->se_cb_prog; +@@ -825,6 +824,9 @@ static int setup_callback_client(struct + rpc_shutdown_client(client); + return PTR_ERR(cred); + } ++ ++ if (clp->cl_minorversion != 0) ++ clp->cl_cb_conn.cb_xprt = conn->cb_xprt; + clp->cl_cb_client = client; + clp->cl_cb_cred = cred; + return 0; diff --git a/patches.suse/ocfs2-fix-data-corruption-after-failed-write.patch b/patches.suse/ocfs2-fix-data-corruption-after-failed-write.patch new file mode 100644 index 0000000..5b5b15e --- /dev/null +++ b/patches.suse/ocfs2-fix-data-corruption-after-failed-write.patch @@ -0,0 +1,53 @@ +From: Jan Kara +Subject: [PATCH] ocfs2: Fix data corruption after failed write +Patch-mainline: Submitted, Mar 2 +References: bsc#1208542 + +When buffered write fails to copy data into underlying page cache page, +ocfs2_write_end_nolock() just zeroes out and dirties the page. This can +leave dirty page beyond EOF and if page writeback tries to write this +page before write succeeds and expands i_size, page gets into +inconsistent state where page dirty bit is clear but buffer dirty bits +stay set resulting in page data never getting written and so data copied +to the page is lost. Fix the problem by invalidating page beyond EOF +after failed write. + +Fixes: 6dbf7bb55598 ("fs: Don't invalidate page buffers in block_write_full_page()") +CC: stable@vger.kernel.org +Signed-off-by: Jan Kara +--- + +--- + fs/ocfs2/aops.c | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) + +--- a/fs/ocfs2/aops.c ++++ b/fs/ocfs2/aops.c +@@ -2001,11 +2001,25 @@ int ocfs2_write_end_nolock(struct addres + } + + if (unlikely(copied < len) && wc->w_target_page) { ++ loff_t new_isize; ++ + if (!PageUptodate(wc->w_target_page)) + copied = 0; + +- ocfs2_zero_new_buffers(wc->w_target_page, start+copied, +- start+len); ++ new_isize = max_t(loff_t, i_size_read(inode), pos + copied); ++ if (new_isize > page_offset(wc->w_target_page)) ++ ocfs2_zero_new_buffers(wc->w_target_page, start+copied, ++ start+len); ++ else { ++ /* ++ * When page is fully beyond new isize (data copy ++ * failed), do not bother zeroing the page. Invalidate ++ * it instead so that writeback does not get confused ++ * put page & buffer dirty bits into inconsistent ++ * state. ++ */ ++ block_invalidatepage(wc->w_target_page, 0, PAGE_SIZE); ++ } + } + if (wc->w_target_page) + flush_dcache_page(wc->w_target_page); diff --git a/patches.suse/pNFS-filelayout-Fix-coalescing-test-for-single-DS.patch b/patches.suse/pNFS-filelayout-Fix-coalescing-test-for-single-DS.patch new file mode 100644 index 0000000..96ae34c --- /dev/null +++ b/patches.suse/pNFS-filelayout-Fix-coalescing-test-for-single-DS.patch @@ -0,0 +1,43 @@ +From: Olga Kornievskaia +Date: Tue, 20 Dec 2022 12:31:29 -0500 +Subject: [PATCH] pNFS/filelayout: Fix coalescing test for single DS +Git-commit: a6b9d2fa0024e7e399c26facd0fb466b7396e2b9 +Patch-mainline: v6.2 +References: git-fixes + +When there is a single DS no striping constraints need to be placed on +the IO. When such constraint is applied then buffered reads don't +coalesce to the DS's rsize. + +Signed-off-by: Olga Kornievskaia +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/filelayout/filelayout.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/fs/nfs/filelayout/filelayout.c ++++ b/fs/nfs/filelayout/filelayout.c +@@ -865,6 +865,12 @@ filelayout_alloc_lseg(struct pnfs_layout + return &fl->generic_hdr; + } + ++static bool ++filelayout_lseg_is_striped(const struct nfs4_filelayout_segment *flseg) ++{ ++ return flseg->num_fh > 1; ++} ++ + /* + * filelayout_pg_test(). Called by nfs_can_coalesce_requests() + * +@@ -885,6 +891,8 @@ filelayout_pg_test(struct nfs_pageio_des + size = pnfs_generic_pg_test(pgio, prev, req); + if (!size) + return 0; ++ else if (!filelayout_lseg_is_striped(FILELAYOUT_LSEG(pgio->pg_lseg))) ++ return size; + + /* see if req and prev are in the same stripe */ + if (prev) { diff --git a/patches.suse/panic-unset-panic_on_warn-inside-panic.patch b/patches.suse/panic-unset-panic_on_warn-inside-panic.patch new file mode 100644 index 0000000..66faec3 --- /dev/null +++ b/patches.suse/panic-unset-panic_on_warn-inside-panic.patch @@ -0,0 +1,69 @@ +From: Tiezhu Yang +Date: Wed, 23 Mar 2022 16:06:51 -0700 +Subject: panic: unset panic_on_warn inside panic() +Git-commit: 1a2383e8b84c0451fd9b1eec3b9aab16f30b597c +Patch-mainline: 5.18-rc1 +References: git-fixes + +In the current code, the following three places need to unset +panic_on_warn before calling panic() to avoid recursive panics: + +kernel/kcsan/report.c: print_report() +kernel/sched/core.c: __schedule_bug() +mm/kfence/report.c: kfence_report_error() + +In order to avoid copy-pasting "panic_on_warn = 0" all over the places, +it is better to move it inside panic() and then remove it from the other +places. + +Link: https://lkml.kernel.org/r/1644324666-15947-4-git-send-email-yangtiezhu@loongson.cn +Signed-off-by: Tiezhu Yang +Reviewed-by: Marco Elver +Cc: Andrey Ryabinin +Cc: Baoquan He +Cc: Jonathan Corbet +Cc: Xuefeng Li +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Jiri Slaby +--- + kernel/panic.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +--- a/kernel/panic.c ++++ b/kernel/panic.c +@@ -138,6 +138,16 @@ void panic(const char *fmt, ...) + int old_cpu, this_cpu; + bool _crash_kexec_post_notifiers = crash_kexec_post_notifiers; + ++ if (panic_on_warn) { ++ /* ++ * This thread may hit another WARN() in the panic path. ++ * Resetting this prevents additional WARN() from panicking the ++ * system on this thread. Other threads are blocked by the ++ * panic_mutex in panic(). ++ */ ++ panic_on_warn = 0; ++ } ++ + /* + * Disable local interrupts. This will prevent panic_smp_self_stop + * from deadlocking the first cpu that invokes the panic, since +@@ -534,16 +544,8 @@ void __warn(const char *file, int line, + if (args) + vprintk(args->fmt, args->args); + +- if (panic_on_warn) { +- /* +- * This thread may hit another WARN() in the panic path. +- * Resetting this prevents additional WARN() from panicking the +- * system on this thread. Other threads are blocked by the +- * panic_mutex in panic(). +- */ +- panic_on_warn = 0; ++ if (panic_on_warn) + panic("panic_on_warn set ...\n"); +- } + + print_modules(); + diff --git a/patches.suse/powerpc-add-interrupt_cond_local_irq_enable-helper.patch b/patches.suse/powerpc-add-interrupt_cond_local_irq_enable-helper.patch index 8f2f238..24e7ed8 100644 --- a/patches.suse/powerpc-add-interrupt_cond_local_irq_enable-helper.patch +++ b/patches.suse/powerpc-add-interrupt_cond_local_irq_enable-helper.patch @@ -71,16 +71,16 @@ diff --git a/arch/powerpc/include/asm/irq.h b/arch/powerpc/include/asm/irq.h if (tm_abort_check(regs, TM_CAUSE_ALIGNMENT | TM_CAUSE_PERSISTENT)) goto bail; @@ -1887,9 +1883,7 @@ void facility_unavailable_exception(stru - facility_strings[status]) - facility = facility_strings[status]; + die("Unexpected facility unavailable exception", regs, SIGABRT); + } - /* We restore the interrupt state now */ - if (!arch_irq_disabled_regs(regs)) - local_irq_enable(); + interrupt_cond_local_irq_enable(regs); - pr_err_ratelimited("%sFacility '%s' unavailable (%d), exception at 0x%lx, MSR=%lx\n", - hv ? "Hypervisor " : "", facility, status, regs->nip, regs->msr); + if (status == FSCR_DSCR_LG) { + /* --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -251,9 +251,7 @@ int do_page_fault(struct pt_regs *regs, diff --git a/patches.suse/powerpc-eeh-Fix-use-after-release-of-EEH-driver.patch b/patches.suse/powerpc-eeh-Fix-use-after-release-of-EEH-driver.patch new file mode 100644 index 0000000..7d1279a --- /dev/null +++ b/patches.suse/powerpc-eeh-Fix-use-after-release-of-EEH-driver.patch @@ -0,0 +1,74 @@ +From 46d4be41b987a6b2d25a2ebdd94cafb44e21d6c5 Mon Sep 17 00:00:00 2001 +From: Sam Bobroff +Date: Fri, 25 May 2018 13:11:30 +1000 +Subject: [PATCH] powerpc/eeh: Fix use-after-release of EEH driver + +References: bsc#1065729 +Patch-mainline: v4.18-rc1 +Git-commit: 46d4be41b987a6b2d25a2ebdd94cafb44e21d6c5 + +Correct two cases where eeh_pcid_get() is used to reference the driver's +module but the reference is dropped before the driver pointer is used. + +In eeh_rmv_device() also refactor a little so that only two calls to +eeh_pcid_put() are needed, rather than three and the reference isn't +taken at all if it wasn't needed. + +Signed-off-by: Sam Bobroff +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/eeh_driver.c | 28 ++++++++++++++++------------ + 1 file changed, 16 insertions(+), 12 deletions(-) + +diff --git a/arch/powerpc/kernel/eeh_driver.c b/arch/powerpc/kernel/eeh_driver.c +index 07e0a42035ce..54333f6c9d67 100644 +--- a/arch/powerpc/kernel/eeh_driver.c ++++ b/arch/powerpc/kernel/eeh_driver.c +@@ -458,9 +458,11 @@ static void *eeh_add_virt_device(void *data, void *userdata) + + driver = eeh_pcid_get(dev); + if (driver) { +- eeh_pcid_put(dev); +- if (driver->err_handler) ++ if (driver->err_handler) { ++ eeh_pcid_put(dev); + return NULL; ++ } ++ eeh_pcid_put(dev); + } + + #ifdef CONFIG_PCI_IOV +@@ -497,17 +499,19 @@ static void *eeh_rmv_device(void *data, void *userdata) + if (eeh_dev_removed(edev)) + return NULL; + +- driver = eeh_pcid_get(dev); +- if (driver) { +- eeh_pcid_put(dev); +- if (removed && +- eeh_pe_passed(edev->pe)) +- return NULL; +- if (removed && +- driver->err_handler && +- driver->err_handler->error_detected && +- driver->err_handler->slot_reset) ++ if (removed) { ++ if (eeh_pe_passed(edev->pe)) + return NULL; ++ driver = eeh_pcid_get(dev); ++ if (driver) { ++ if (driver->err_handler && ++ driver->err_handler->error_detected && ++ driver->err_handler->slot_reset) { ++ eeh_pcid_put(dev); ++ return NULL; ++ } ++ eeh_pcid_put(dev); ++ } + } + + /* Remove it from PCI subsystem */ +-- +2.39.2 + diff --git a/patches.suse/powerpc-fscr-Enable-interrupts-earlier-before-callin.patch b/patches.suse/powerpc-fscr-Enable-interrupts-earlier-before-callin.patch new file mode 100644 index 0000000..9859509 --- /dev/null +++ b/patches.suse/powerpc-fscr-Enable-interrupts-earlier-before-callin.patch @@ -0,0 +1,86 @@ +From 709b973c844c0b4d115ac3a227a2e5a68722c912 Mon Sep 17 00:00:00 2001 +From: Anshuman Khandual +Date: Thu, 29 Mar 2018 11:53:37 +0530 +Subject: [PATCH] powerpc/fscr: Enable interrupts earlier before calling + get_user() + +References: bsc#1065729 +Patch-mainline: v4.17-rc1 +Git-commit: 709b973c844c0b4d115ac3a227a2e5a68722c912 + +The function get_user() can sleep while trying to fetch instruction +from user address space and causes the following warning from the +scheduler. + +BUG: sleeping function called from invalid context + +Though interrupts get enabled back but it happens bit later after +get_user() is called. This change moves enabling these interrupts +earlier covering the function get_user(). While at this, lets check +for kernel mode and crash as this interrupt should not have been +triggered from the kernel context. + +Signed-off-by: Anshuman Khandual +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/traps.c | 32 +++++++++++++++++--------------- + 1 file changed, 17 insertions(+), 15 deletions(-) + +diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c +index a2ef0c0e6c31..0904492e7032 100644 +--- a/arch/powerpc/kernel/traps.c ++++ b/arch/powerpc/kernel/traps.c +@@ -1613,6 +1613,22 @@ void facility_unavailable_exception(struct pt_regs *regs) + value = mfspr(SPRN_FSCR); + + status = value >> 56; ++ if ((hv || status >= 2) && ++ (status < ARRAY_SIZE(facility_strings)) && ++ facility_strings[status]) ++ facility = facility_strings[status]; ++ ++ /* We should not have taken this interrupt in kernel */ ++ if (!user_mode(regs)) { ++ pr_emerg("Facility '%s' unavailable (%d) exception in kernel mode at %lx\n", ++ facility, status, regs->nip); ++ die("Unexpected facility unavailable exception", regs, SIGABRT); ++ } ++ ++ /* We restore the interrupt state now */ ++ if (!arch_irq_disabled_regs(regs)) ++ local_irq_enable(); ++ + if (status == FSCR_DSCR_LG) { + /* + * User is accessing the DSCR register using the problem +@@ -1679,25 +1695,11 @@ void facility_unavailable_exception(struct pt_regs *regs) + return; + } + +- if ((hv || status >= 2) && +- (status < ARRAY_SIZE(facility_strings)) && +- facility_strings[status]) +- facility = facility_strings[status]; +- +- /* We restore the interrupt state now */ +- if (!arch_irq_disabled_regs(regs)) +- local_irq_enable(); +- + pr_err_ratelimited("%sFacility '%s' unavailable (%d), exception at 0x%lx, MSR=%lx\n", + hv ? "Hypervisor " : "", facility, status, regs->nip, regs->msr); + + out: +- if (user_mode(regs)) { +- _exception(SIGILL, regs, ILL_ILLOPC, regs->nip); +- return; +- } +- +- die("Unexpected facility unavailable exception", regs, SIGABRT); ++ _exception(SIGILL, regs, ILL_ILLOPC, regs->nip); + } + #endif + +-- +2.39.2 + diff --git a/patches.suse/powerpc-powernv-Fix-build-error-in-opal-imc.c-when-N.patch b/patches.suse/powerpc-powernv-Fix-build-error-in-opal-imc.c-when-N.patch new file mode 100644 index 0000000..48cac96 --- /dev/null +++ b/patches.suse/powerpc-powernv-Fix-build-error-in-opal-imc.c-when-N.patch @@ -0,0 +1,50 @@ +From 6538ac30841638b2fd345725a9fd155c6fe1768a Mon Sep 17 00:00:00 2001 +From: LABBE Corentin +Date: Wed, 16 Aug 2017 14:34:44 +0200 +Subject: [PATCH] powerpc/powernv: Fix build error in opal-imc.c when NUMA=n +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +References: bsc#1065729 +Patch-mainline: v4.14-rc1 +Git-commit: 6538ac30841638b2fd345725a9fd155c6fe1768a + +When building a random powerpc kernel I hit this build error: + + arch/powerpc/platforms/powernv/opal-imc.c:130:13: error : assignment + discards « const » qualifier from pointer target type + [-Werror=discarded-qualifiers] + l_cpumask = cpumask_of_node(nid); + ^ + +This happens because when CONFIG_NUMA=n cpumask_of_node() returns a +const pointer. + +This patch simply adds const to l_cpumask to fix this issue. + +Signed-off-by: Corentin Labbe +Reviewed-by: Madhavan Srinivasan +[mpe: Flesh out change log] +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/platforms/powernv/opal-imc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/platforms/powernv/opal-imc.c b/arch/powerpc/platforms/powernv/opal-imc.c +index b903bf5e6006..21f6531fae20 100644 +--- a/arch/powerpc/platforms/powernv/opal-imc.c ++++ b/arch/powerpc/platforms/powernv/opal-imc.c +@@ -123,7 +123,7 @@ static int imc_pmu_create(struct device_node *parent, int pmu_index, int domain) + static void disable_nest_pmu_counters(void) + { + int nid, cpu; +- struct cpumask *l_cpumask; ++ const struct cpumask *l_cpumask; + + get_online_cpus(); + for_each_online_node(nid) { +-- +2.39.2 + diff --git a/patches.suse/powerpc-powernv-IMC-fix-out-of-bounds-memory-access-.patch b/patches.suse/powerpc-powernv-IMC-fix-out-of-bounds-memory-access-.patch new file mode 100644 index 0000000..83fedcb --- /dev/null +++ b/patches.suse/powerpc-powernv-IMC-fix-out-of-bounds-memory-access-.patch @@ -0,0 +1,69 @@ +From e7bde88cdb4f0e432398a7d29ca2a15d2c18952a Mon Sep 17 00:00:00 2001 +From: Nicholas Piggin +Date: Tue, 13 Feb 2018 17:45:11 +1000 +Subject: [PATCH] powerpc/powernv: IMC fix out of bounds memory access at + shutdown + +References: bsc#1065729 +Patch-mainline: v4.16-rc2 +Git-commit: e7bde88cdb4f0e432398a7d29ca2a15d2c18952a + +The OPAL IMC driver's shutdown handler disables nest PMU counters by +walking nodes and taking the first CPU out of their cpumask, which is +used to index into the paca (get_hard_smp_processor_id()). This does +not always do the right thing, and in particular for CPU-less nodes it +returns NR_CPUS and that overruns the paca and dereferences random +memory. + +Fix it by being more careful about checking returned CPU, and only +using online CPUs. It's not clear this shutdown code makes sense after +commit 885dcd709b ("powerpc/perf: Add nest IMC PMU support"), but this +should not make things worse + +Currently the bug causes us to call OPAL with a junk CPU number. A +separate patch in development to change the way pacas are allocated +escalates this bug into a crash: + + Unable to handle kernel paging request for data at address 0x2a21af1eeb000076 + Faulting instruction address: 0xc0000000000a5468 + Oops: Kernel access of bad area, sig: 11 [#1] + ... + NIP opal_imc_counters_shutdown+0x148/0x1d0 + LR opal_imc_counters_shutdown+0x134/0x1d0 + Call Trace: + opal_imc_counters_shutdown+0x134/0x1d0 (unreliable) + platform_drv_shutdown+0x44/0x60 + device_shutdown+0x1f8/0x350 + kernel_restart_prepare+0x54/0x70 + kernel_restart+0x28/0xc0 + SyS_reboot+0x1d0/0x2c0 + system_call+0x58/0x6c + +Signed-off-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/platforms/powernv/opal-imc.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/arch/powerpc/platforms/powernv/opal-imc.c b/arch/powerpc/platforms/powernv/opal-imc.c +index dd4c9b8b8a81..f6f55ab4980e 100644 +--- a/arch/powerpc/platforms/powernv/opal-imc.c ++++ b/arch/powerpc/platforms/powernv/opal-imc.c +@@ -199,9 +199,11 @@ static void disable_nest_pmu_counters(void) + const struct cpumask *l_cpumask; + + get_online_cpus(); +- for_each_online_node(nid) { ++ for_each_node_with_cpus(nid) { + l_cpumask = cpumask_of_node(nid); +- cpu = cpumask_first(l_cpumask); ++ cpu = cpumask_first_and(l_cpumask, cpu_online_mask); ++ if (cpu >= nr_cpu_ids) ++ continue; + opal_imc_counters_stop(OPAL_IMC_COUNTERS_NEST, + get_hard_smp_processor_id(cpu)); + } +-- +2.39.2 + diff --git a/patches.suse/prlimit-do_prlimit-needs-to-have-a-speculation-check.patch b/patches.suse/prlimit-do_prlimit-needs-to-have-a-speculation-check.patch new file mode 100644 index 0000000..7ca9b25 --- /dev/null +++ b/patches.suse/prlimit-do_prlimit-needs-to-have-a-speculation-check.patch @@ -0,0 +1,32 @@ +From: Greg Kroah-Hartman +Date: Fri, 20 Jan 2023 11:03:20 +0100 +Subject: prlimit: do_prlimit needs to have a speculation check +Git-commit: 739790605705ddcf18f21782b9c99ad7d53a8c11 +Patch-mainline: 6.2-rc5 +References: git-fixes + +do_prlimit() adds the user-controlled resource value to a pointer that +will subsequently be dereferenced. In order to help prevent this +codepath from being used as a spectre "gadget" a barrier needs to be +added after checking the range. + +Reported-by: Jordy Zomer +Tested-by: Jordy Zomer +Suggested-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Jiri Slaby +--- + kernel/sys.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/kernel/sys.c ++++ b/kernel/sys.c +@@ -1381,6 +1381,8 @@ int do_prlimit(struct task_struct *tsk, + + if (resource >= RLIM_NLIMITS) + return -EINVAL; ++ resource = array_index_nospec(resource, RLIM_NLIMITS); ++ + if (new_rlim) { + if (new_rlim->rlim_cur > new_rlim->rlim_max) + return -EINVAL; diff --git a/patches.suse/ptrace-make-ptrace-fail-if-the-tracee-changed-its-pi.patch b/patches.suse/ptrace-make-ptrace-fail-if-the-tracee-changed-its-pi.patch new file mode 100644 index 0000000..8d64172 --- /dev/null +++ b/patches.suse/ptrace-make-ptrace-fail-if-the-tracee-changed-its-pi.patch @@ -0,0 +1,154 @@ +From: Oleg Nesterov +Date: Wed, 12 May 2021 15:33:08 +0200 +Subject: ptrace: make ptrace() fail if the tracee changed its pid unexpectedly +Git-commit: dbb5afad100a828c97e012c6106566d99f041db6 +Patch-mainline: 5.13-rc2 +References: git-fixes + +Suppose we have 2 threads, the group-leader L and a sub-theread T, +both parked in ptrace_stop(). Debugger tries to resume both threads +and does + + ptrace(PTRACE_CONT, T); + ptrace(PTRACE_CONT, L); + +If the sub-thread T execs in between, the 2nd PTRACE_CONT doesn not +resume the old leader L, it resumes the post-exec thread T which was +actually now stopped in PTHREAD_EVENT_EXEC. In this case the +PTHREAD_EVENT_EXEC event is lost, and the tracer can't know that the +tracee changed its pid. + +This patch makes ptrace() fail in this case until debugger does wait() +and consumes PTHREAD_EVENT_EXEC which reports old_pid. This affects all +ptrace requests except the "asynchronous" PTRACE_INTERRUPT/KILL. + +The patch doesn't add the new PTRACE_ option to not complicate the API, +and I _hope_ this won't cause any noticeable regression: + + - If debugger uses PTRACE_O_TRACEEXEC and the thread did an exec + and the tracer does a ptrace request without having consumed + the exec event, it's 100% sure that the thread the ptracer + thinks it is targeting does not exist anymore, or isn't the + same as the one it thinks it is targeting. + + - To some degree this patch adds nothing new. In the scenario + above ptrace(L) can fail with -ESRCH if it is called after the + execing sub-thread wakes the leader up and before it "steals" + the leader's pid. + +Test-case: + + #include + #include + #include + #include + #include + #include + #include + #include + + void *tf(void *arg) + { + execve("/usr/bin/true", NULL, NULL); + assert(0); + + return NULL; + } + + int main(void) + { + int leader = fork(); + if (!leader) { + kill(getpid(), SIGSTOP); + + pthread_t th; + pthread_create(&th, NULL, tf, NULL); + for (;;) + pause(); + + return 0; + } + + waitpid(leader, NULL, WSTOPPED); + + ptrace(PTRACE_SEIZE, leader, 0, + PTRACE_O_TRACECLONE | PTRACE_O_TRACEEXEC); + waitpid(leader, NULL, 0); + + ptrace(PTRACE_CONT, leader, 0,0); + waitpid(leader, NULL, 0); + + int status, thread = waitpid(-1, &status, 0); + assert(thread > 0 && thread != leader); + assert(status == 0x80137f); + + ptrace(PTRACE_CONT, thread, 0,0); + /* + * waitid() because waitpid(leader, &status, WNOWAIT) does not + * report status. Why ???? + * + * Why WEXITED? because we have another kernel problem connected + * to mt-exec. + */ + siginfo_t info; + assert(waitid(P_PID, leader, &info, WSTOPPED|WEXITED|WNOWAIT) == 0); + assert(info.si_pid == leader && info.si_status == 0x0405); + + /* OK, it sleeps in ptrace(PTRACE_EVENT_EXEC == 0x04) */ + assert(ptrace(PTRACE_CONT, leader, 0,0) == -1); + assert(errno == ESRCH); + + assert(leader == waitpid(leader, &status, WNOHANG)); + assert(status == 0x04057f); + + assert(ptrace(PTRACE_CONT, leader, 0,0) == 0); + + return 0; + } + +Signed-off-by: Oleg Nesterov +Reported-by: Simon Marchi +Acked-by: "Eric W. Biederman" +Acked-by: Pedro Alves +Acked-by: Simon Marchi +Acked-by: Jan Kratochvil +Signed-off-by: Linus Torvalds +Signed-off-by: Jiri Slaby +--- + kernel/ptrace.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +--- a/kernel/ptrace.c ++++ b/kernel/ptrace.c +@@ -163,6 +163,21 @@ void __ptrace_unlink(struct task_struct + spin_unlock(&child->sighand->siglock); + } + ++static bool looks_like_a_spurious_pid(struct task_struct *task) ++{ ++ if (task->exit_code != ((PTRACE_EVENT_EXEC << 8) | SIGTRAP)) ++ return false; ++ ++ if (task_pid_vnr(task) == task->ptrace_message) ++ return false; ++ /* ++ * The tracee changed its pid but the PTRACE_EVENT_EXEC event ++ * was not wait()'ed, most probably debugger targets the old ++ * leader which was destroyed in de_thread(). ++ */ ++ return true; ++} ++ + /* Ensure that nothing can wake it up, even SIGKILL */ + static bool ptrace_freeze_traced(struct task_struct *task) + { +@@ -173,7 +188,8 @@ static bool ptrace_freeze_traced(struct + return ret; + + spin_lock_irq(&task->sighand->siglock); +- if (task_is_traced(task) && !__fatal_signal_pending(task)) { ++ if (task_is_traced(task) && !looks_like_a_spurious_pid(task) && ++ !__fatal_signal_pending(task)) { + task->state = __TASK_TRACED; + ret = true; + } diff --git a/patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch b/patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch deleted file mode 100644 index 363d20a..0000000 --- a/patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch +++ /dev/null @@ -1,50 +0,0 @@ -From: David Bond -Date: Tue, 31 May 2022 08:53:10 -0600 -Subject: revert scsi: qla2xxx: Changes to support FCP2 Target -Patch-mainline: Never, revert of mainline commit causing customer issue for test package -References: bsc#1198438 - -Revert Adding changes to support FCP2 Target. ---- - ---- - drivers/scsi/qla2xxx/qla_init.c | 8 -------- - drivers/scsi/qla2xxx/qla_os.c | 10 ---------- - 2 files changed, 18 deletions(-) - ---- a/drivers/scsi/qla2xxx/qla_init.c -+++ b/drivers/scsi/qla2xxx/qla_init.c -@@ -1835,14 +1835,6 @@ void qla2x00_handle_rscn(scsi_qla_host_t - case RSCN_PORT_ADDR: - fcport = qla2x00_find_fcport_by_nportid(vha, &ea->id, 1); - if (fcport) { -- if (fcport->flags & FCF_FCP2_DEVICE && -- atomic_read(&fcport->state) == FCS_ONLINE) { -- ql_dbg(ql_dbg_disc, vha, 0x2115, -- "Delaying session delete for FCP2 portid=%06x %8phC ", -- fcport->d_id.b24, fcport->port_name); -- return; -- } -- - if (vha->hw->flags.edif_enabled && DBELL_ACTIVE(vha)) { - /* - * On ipsec start by remote port, Target port ---- a/drivers/scsi/qla2xxx/qla_os.c -+++ b/drivers/scsi/qla2xxx/qla_os.c -@@ -4085,16 +4085,6 @@ qla2x00_mark_all_devices_lost(scsi_qla_h - "Mark all dev lost\n"); - - list_for_each_entry(fcport, &vha->vp_fcports, list) { -- if (fcport->loop_id != FC_NO_LOOP_ID && -- (fcport->flags & FCF_FCP2_DEVICE) && -- fcport->port_type == FCT_TARGET && -- !qla2x00_reset_active(vha)) { -- ql_dbg(ql_dbg_disc, vha, 0x211a, -- "Delaying session delete for FCP2 flags 0x%x port_type = 0x%x port_id=%06x %phC", -- fcport->flags, fcport->port_type, -- fcport->d_id.b24, fcport->port_name); -- continue; -- } - fcport->scan_state = 0; - qlt_schedule_sess_for_deletion(fcport); - } diff --git a/patches.suse/scsi-qla2xxx-Add-option-to-disable-FC2-Target-suppor.patch b/patches.suse/scsi-qla2xxx-Add-option-to-disable-FC2-Target-suppor.patch new file mode 100644 index 0000000..4eac12a --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Add-option-to-disable-FC2-Target-suppor.patch @@ -0,0 +1,72 @@ +From: Daniel Wagner +Date: Wed, 8 Feb 2023 16:20:14 +0100 +Subject: scsi: qla2xxx: Add option to disable FC2 Target support +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Git-commit: 877b03795fcf29ff2e2351f7e574ecc9b9c51732 +References: bsc#1198438 bsc#1206103 + +Commit 44c57f205876 ("scsi: qla2xxx: Changes to support FCP2 Target") added +support for FC2 Targets. Unfortunately, there are older setups which break +with this new feature enabled. + +Allow to disable it via module option. + +Link: https://lore.kernel.org/r/20230208152014.109214-1-dwagner@suse.de +Signed-off-by: Daniel Wagner +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +--- + drivers/scsi/qla2xxx/qla_gbl.h | 1 + + drivers/scsi/qla2xxx/qla_init.c | 3 ++- + drivers/scsi/qla2xxx/qla_os.c | 10 +++++++++- + 3 files changed, 12 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_gbl.h ++++ b/drivers/scsi/qla2xxx/qla_gbl.h +@@ -193,6 +193,7 @@ extern int ql2xsecenable; + extern int ql2xenforce_iocb_limit; + extern int ql2xabts_wait_nvme; + extern u32 ql2xnvme_queues; ++extern int ql2xfc2target; + + extern int qla2x00_loop_reset(scsi_qla_host_t *); + extern void qla2x00_abort_all_cmds(scsi_qla_host_t *, int); +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -1843,7 +1843,8 @@ void qla2x00_handle_rscn(scsi_qla_host_t + case RSCN_PORT_ADDR: + fcport = qla2x00_find_fcport_by_nportid(vha, &ea->id, 1); + if (fcport) { +- if (fcport->flags & FCF_FCP2_DEVICE && ++ if (ql2xfc2target && ++ fcport->flags & FCF_FCP2_DEVICE && + atomic_read(&fcport->state) == FCS_ONLINE) { + ql_dbg(ql_dbg_disc, vha, 0x2115, + "Delaying session delete for FCP2 portid=%06x %8phC ", +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -357,6 +357,13 @@ MODULE_PARM_DESC(ql2xnvme_queues, + "1 - Minimum number of queues supported\n" + "8 - Default value"); + ++int ql2xfc2target = 1; ++module_param(ql2xfc2target, int, 0444); ++MODULE_PARM_DESC(qla2xfc2target, ++ "Enables FC2 Target support. " ++ "0 - FC2 Target support is disabled. " ++ "1 - FC2 Target support is enabled (default)."); ++ + static struct scsi_transport_template *qla2xxx_transport_template = NULL; + struct scsi_transport_template *qla2xxx_transport_vport_template = NULL; + +@@ -4093,7 +4100,8 @@ qla2x00_mark_all_devices_lost(scsi_qla_h + "Mark all dev lost\n"); + + list_for_each_entry(fcport, &vha->vp_fcports, list) { +- if (fcport->loop_id != FC_NO_LOOP_ID && ++ if (ql2xfc2target && ++ fcport->loop_id != FC_NO_LOOP_ID && + (fcport->flags & FCF_FCP2_DEVICE) && + fcport->port_type == FCT_TARGET && + !qla2x00_reset_active(vha)) { diff --git a/patches.suse/scsi-qla2xxx-check-if-port-is-online-before-sending-els.patch b/patches.suse/scsi-qla2xxx-check-if-port-is-online-before-sending-els.patch new file mode 100644 index 0000000..3d2999e --- /dev/null +++ b/patches.suse/scsi-qla2xxx-check-if-port-is-online-before-sending-els.patch @@ -0,0 +1,66 @@ +From: Shreyas Deodhar +Date: Mon, 19 Dec 2022 03:07:38 -0800 +Subject: scsi: qla2xxx: Check if port is online before sending ELS +Patch-mainline: v6.3-rc1 +Git-commit: 0c227dc22ca18856055983f27594feb2e0149965 +References: bsc#1208570 + +CT Ping and ELS cmds fail for NVMe targets. Check if port is online before +sending ELS instead of sending login. + +Cc: stable@vger.kernel.org +Signed-off-by: Shreyas Deodhar +Signed-off-by: Nilesh Javali +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_bsg.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_bsg.c b/drivers/scsi/qla2xxx/qla_bsg.c +index cd75b179410d..dba7bba788d7 100644 +--- a/drivers/scsi/qla2xxx/qla_bsg.c ++++ b/drivers/scsi/qla2xxx/qla_bsg.c +@@ -278,8 +278,8 @@ qla2x00_process_els(struct bsg_job *bsg_job) + const char *type; + int req_sg_cnt, rsp_sg_cnt; + int rval = (DID_ERROR << 16); +- uint16_t nextlid = 0; + uint32_t els_cmd = 0; ++ int qla_port_allocated = 0; + + if (bsg_request->msgcode == FC_BSG_RPT_ELS) { + rport = fc_bsg_to_rport(bsg_job); +@@ -329,9 +329,9 @@ qla2x00_process_els(struct bsg_job *bsg_job) + /* make sure the rport is logged in, + * if not perform fabric login + */ +- if (qla2x00_fabric_login(vha, fcport, &nextlid)) { ++ if (atomic_read(&fcport->state) != FCS_ONLINE) { + ql_dbg(ql_dbg_user, vha, 0x7003, +- "Failed to login port %06X for ELS passthru.\n", ++ "Port %06X is not online for ELS passthru.\n", + fcport->d_id.b24); + rval = -EIO; + goto done; +@@ -348,6 +348,7 @@ qla2x00_process_els(struct bsg_job *bsg_job) + goto done; + } + ++ qla_port_allocated = 1; + /* Initialize all required fields of fcport */ + fcport->vha = vha; + fcport->d_id.b.al_pa = +@@ -432,7 +433,7 @@ qla2x00_process_els(struct bsg_job *bsg_job) + goto done_free_fcport; + + done_free_fcport: +- if (bsg_request->msgcode != FC_BSG_RPT_ELS) ++ if (qla_port_allocated) + qla2x00_free_fcport(fcport); + done: + return rval; +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-edif-fix-clang-warning.patch b/patches.suse/scsi-qla2xxx-edif-fix-clang-warning.patch new file mode 100644 index 0000000..81f23b6 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-edif-fix-clang-warning.patch @@ -0,0 +1,74 @@ +From: Quinn Tran +Date: Wed, 21 Dec 2022 20:39:31 -0800 +Subject: scsi: qla2xxx: edif: Fix clang warning +Patch-mainline: v6.3-rc1 +Git-commit: 2f5fab1b6c3a8efc93ba52c28539c45a8d0142ad +References: bsc#1208570 + +clang warning: + + drivers/scsi/qla2xxx/qla_edif_bsg.h:93:12: warning: field remote_pid + within 'struct app_pinfo_req' is less aligned than 'port_id_t' and is + usually due to 'struct app_pinfo_req' being packed, which can lead to + unaligned accesses [-Wunaligned-access] + port_id_t remote_pid; + ^ + 2 warnings generated. + +Remove u32 field in remote_pid to silence warning. + +Reported-by: kernel test robot +Fixes: 7ebb336e45ef ("scsi: qla2xxx: edif: Add start + stop bsgs") +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_edif.c | 4 +++- + drivers/scsi/qla2xxx/qla_edif_bsg.h | 15 ++++++++++++++- + 2 files changed, 17 insertions(+), 2 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_edif.c b/drivers/scsi/qla2xxx/qla_edif.c +index 06e68a7ad86a..ec0e20255bd3 100644 +--- a/drivers/scsi/qla2xxx/qla_edif.c ++++ b/drivers/scsi/qla2xxx/qla_edif.c +@@ -967,7 +967,9 @@ qla_edif_app_getfcinfo(scsi_qla_host_t *vha, struct bsg_job *bsg_job) + if (!(fcport->flags & FCF_FCSP_DEVICE)) + continue; + +- tdid = app_req.remote_pid; ++ tdid.b.domain = app_req.remote_pid.domain; ++ tdid.b.area = app_req.remote_pid.area; ++ tdid.b.al_pa = app_req.remote_pid.al_pa; + + ql_dbg(ql_dbg_edif, vha, 0x2058, + "APP request entry - portid=%06x.\n", tdid.b24); +diff --git a/drivers/scsi/qla2xxx/qla_edif_bsg.h b/drivers/scsi/qla2xxx/qla_edif_bsg.h +index 0931f4e4e127..514c265ba86e 100644 +--- a/drivers/scsi/qla2xxx/qla_edif_bsg.h ++++ b/drivers/scsi/qla2xxx/qla_edif_bsg.h +@@ -89,7 +89,20 @@ struct app_plogi_reply { + struct app_pinfo_req { + struct app_id app_info; + uint8_t num_ports; +- port_id_t remote_pid; ++ struct { ++#ifdef __BIG_ENDIAN ++ uint8_t domain; ++ uint8_t area; ++ uint8_t al_pa; ++#elif defined(__LITTLE_ENDIAN) ++ uint8_t al_pa; ++ uint8_t area; ++ uint8_t domain; ++#else ++#error "__BIG_ENDIAN or __LITTLE_ENDIAN must be defined!" ++#endif ++ uint8_t rsvd_1; ++ } remote_pid; + uint8_t version; + uint8_t pad[VND_CMD_PAD_SIZE]; + uint8_t reserved[VND_CMD_APP_RESERVED_SIZE]; +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-edif-fix-performance-dip-due-to-lock-contention.patch b/patches.suse/scsi-qla2xxx-edif-fix-performance-dip-due-to-lock-contention.patch new file mode 100644 index 0000000..2b1d134 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-edif-fix-performance-dip-due-to-lock-contention.patch @@ -0,0 +1,408 @@ +From: Quinn Tran +Date: Wed, 21 Dec 2022 20:39:28 -0800 +Subject: scsi: qla2xxx: edif: Fix performance dip due to lock contention +Patch-mainline: v6.3-rc1 +Git-commit: 82d8dfd2a238261e06759ee792417dc99b93d60d +References: bsc#1208570 + +User experienced performance dip on measuring IOPS while EDIF +enabled. During I/O time, driver uses dma_pool_zalloc() call to allocate a +chunk of memory. This call contains a lock behind the scene which +contribute to lock contention. Save the allocated memory for reuse and +avoid the lock. + +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_def.h | 22 +++++- + drivers/scsi/qla2xxx/qla_edif.c | 29 ++------ + drivers/scsi/qla2xxx/qla_gbl.h | 5 +- + drivers/scsi/qla2xxx/qla_init.c | 12 ++++ + drivers/scsi/qla2xxx/qla_iocb.c | 10 +-- + drivers/scsi/qla2xxx/qla_mid.c | 116 ++++++++++++++++++++++++++++++++ + drivers/scsi/qla2xxx/qla_os.c | 12 ++-- + 7 files changed, 170 insertions(+), 36 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h +index 4bf167c00569..6f6190404939 100644 +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -384,6 +384,13 @@ struct els_reject { + struct req_que; + struct qla_tgt_sess; + ++struct qla_buf_dsc { ++ u16 tag; ++#define TAG_FREED 0xffff ++ void *buf; ++ dma_addr_t buf_dma; ++}; ++ + /* + * SCSI Request Block + */ +@@ -392,14 +399,16 @@ struct srb_cmd { + uint32_t request_sense_length; + uint32_t fw_sense_length; + uint8_t *request_sense_ptr; +- struct ct6_dsd *ct6_ctx; + struct crc_context *crc_ctx; ++ struct ct6_dsd ct6_ctx; ++ struct qla_buf_dsc buf_dsc; + }; + + /* + * SRB flag definitions + */ + #define SRB_DMA_VALID BIT_0 /* Command sent to ISP */ ++#define SRB_GOT_BUF BIT_1 + #define SRB_FCP_CMND_DMA_VALID BIT_12 /* DIF: DSD List valid */ + #define SRB_CRC_CTX_DMA_VALID BIT_2 /* DIF: context DMA valid */ + #define SRB_CRC_PROT_DMA_VALID BIT_4 /* DIF: prot DMA valid */ +@@ -3722,6 +3731,16 @@ struct qla_fw_resources { + + #define QLA_IOCB_PCT_LIMIT 95 + ++struct qla_buf_pool { ++ u16 num_bufs; ++ u16 num_active; ++ u16 max_used; ++ u16 reserved; ++ unsigned long *buf_map; ++ void **buf_array; ++ dma_addr_t *dma_array; ++}; ++ + /*Queue pair data structure */ + struct qla_qpair { + spinlock_t qp_lock; +@@ -3775,6 +3794,7 @@ struct qla_qpair { + struct qla_tgt_counters tgt_counters; + uint16_t cpuid; + struct qla_fw_resources fwres ____cacheline_aligned; ++ struct qla_buf_pool buf_pool; + u32 cmd_cnt; + u32 cmd_completion_cnt; + u32 prev_completion_cnt; +diff --git a/drivers/scsi/qla2xxx/qla_edif.c b/drivers/scsi/qla2xxx/qla_edif.c +index 53186a145962..ba58d8cb3183 100644 +--- a/drivers/scsi/qla2xxx/qla_edif.c ++++ b/drivers/scsi/qla2xxx/qla_edif.c +@@ -3007,26 +3007,16 @@ qla28xx_start_scsi_edif(srb_t *sp) + goto queuing_error; + } + +- ctx = sp->u.scmd.ct6_ctx = +- mempool_alloc(ha->ctx_mempool, GFP_ATOMIC); +- if (!ctx) { +- ql_log(ql_log_fatal, vha, 0x3010, +- "Failed to allocate ctx for cmd=%p.\n", cmd); +- goto queuing_error; +- } +- +- memset(ctx, 0, sizeof(struct ct6_dsd)); +- ctx->fcp_cmnd = dma_pool_zalloc(ha->fcp_cmnd_dma_pool, +- GFP_ATOMIC, &ctx->fcp_cmnd_dma); +- if (!ctx->fcp_cmnd) { ++ if (qla_get_buf(vha, sp->qpair, &sp->u.scmd.buf_dsc)) { + ql_log(ql_log_fatal, vha, 0x3011, +- "Failed to allocate fcp_cmnd for cmd=%p.\n", cmd); ++ "Failed to allocate buf for fcp_cmnd for cmd=%p.\n", cmd); + goto queuing_error; + } + +- /* Initialize the DSD list and dma handle */ +- INIT_LIST_HEAD(&ctx->dsd_list); +- ctx->dsd_use_cnt = 0; ++ sp->flags |= SRB_GOT_BUF; ++ ctx = &sp->u.scmd.ct6_ctx; ++ ctx->fcp_cmnd = sp->u.scmd.buf_dsc.buf; ++ ctx->fcp_cmnd_dma = sp->u.scmd.buf_dsc.buf_dma; + + if (cmd->cmd_len > 16) { + additional_cdb_len = cmd->cmd_len - 16; +@@ -3145,7 +3135,6 @@ qla28xx_start_scsi_edif(srb_t *sp) + cmd_pkt->fcp_cmnd_dseg_len = cpu_to_le16(ctx->fcp_cmnd_len); + put_unaligned_le64(ctx->fcp_cmnd_dma, &cmd_pkt->fcp_cmnd_dseg_address); + +- sp->flags |= SRB_FCP_CMND_DMA_VALID; + cmd_pkt->byte_count = cpu_to_le32((uint32_t)scsi_bufflen(cmd)); + /* Set total data segment count. */ + cmd_pkt->entry_count = (uint8_t)req_cnt; +@@ -3177,15 +3166,11 @@ qla28xx_start_scsi_edif(srb_t *sp) + return QLA_SUCCESS; + + queuing_error_fcp_cmnd: +- dma_pool_free(ha->fcp_cmnd_dma_pool, ctx->fcp_cmnd, ctx->fcp_cmnd_dma); + queuing_error: + if (tot_dsds) + scsi_dma_unmap(cmd); + +- if (sp->u.scmd.ct6_ctx) { +- mempool_free(sp->u.scmd.ct6_ctx, ha->ctx_mempool); +- sp->u.scmd.ct6_ctx = NULL; +- } ++ qla_put_buf(sp->qpair, &sp->u.scmd.buf_dsc); + qla_put_fw_resources(sp->qpair, &sp->iores); + spin_unlock_irqrestore(lock, flags); + +diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h +index 958892766321..d802d37fe739 100644 +--- a/drivers/scsi/qla2xxx/qla_gbl.h ++++ b/drivers/scsi/qla2xxx/qla_gbl.h +@@ -1015,5 +1015,8 @@ int qla2xxx_enable_port(struct Scsi_Host *shost); + + uint64_t qla2x00_get_num_tgts(scsi_qla_host_t *vha); + uint64_t qla2x00_count_set_bits(u32 num); +- ++int qla_create_buf_pool(struct scsi_qla_host *, struct qla_qpair *); ++void qla_free_buf_pool(struct qla_qpair *); ++int qla_get_buf(struct scsi_qla_host *, struct qla_qpair *, struct qla_buf_dsc *); ++void qla_put_buf(struct qla_qpair *, struct qla_buf_dsc *); + #endif /* _QLA_GBL_H */ +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c +index fc540bd13a90..ce9e28b4d339 100644 +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -9442,6 +9442,13 @@ struct qla_qpair *qla2xxx_create_qpair(struct scsi_qla_host *vha, int qos, + goto fail_mempool; + } + ++ if (qla_create_buf_pool(vha, qpair)) { ++ ql_log(ql_log_warn, vha, 0xd036, ++ "Failed to initialize buf pool for qpair %d\n", ++ qpair->id); ++ goto fail_bufpool; ++ } ++ + /* Mark as online */ + qpair->online = 1; + +@@ -9457,7 +9464,10 @@ struct qla_qpair *qla2xxx_create_qpair(struct scsi_qla_host *vha, int qos, + } + return qpair; + ++fail_bufpool: ++ mempool_destroy(qpair->srb_mempool); + fail_mempool: ++ qla25xx_delete_req_que(vha, qpair->req); + fail_req: + qla25xx_delete_rsp_que(vha, qpair->rsp); + fail_rsp: +@@ -9483,6 +9493,8 @@ int qla2xxx_delete_qpair(struct scsi_qla_host *vha, struct qla_qpair *qpair) + + qpair->delete_in_progress = 1; + ++ qla_free_buf_pool(qpair); ++ + ret = qla25xx_delete_req_que(vha, qpair->req); + if (ret != QLA_SUCCESS) + goto fail; +diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c +index 9a7cc0ba5f58..b9b3e6f80ea9 100644 +--- a/drivers/scsi/qla2xxx/qla_iocb.c ++++ b/drivers/scsi/qla2xxx/qla_iocb.c +@@ -623,7 +623,7 @@ qla24xx_build_scsi_type_6_iocbs(srb_t *sp, struct cmd_type_6 *cmd_pkt, + } + + cur_seg = scsi_sglist(cmd); +- ctx = sp->u.scmd.ct6_ctx; ++ ctx = &sp->u.scmd.ct6_ctx; + + while (tot_dsds) { + avail_dsds = (tot_dsds > QLA_DSDS_PER_IOCB) ? +@@ -3459,13 +3459,7 @@ qla82xx_start_scsi(srb_t *sp) + goto queuing_error; + } + +- ctx = sp->u.scmd.ct6_ctx = +- mempool_alloc(ha->ctx_mempool, GFP_ATOMIC); +- if (!ctx) { +- ql_log(ql_log_fatal, vha, 0x3010, +- "Failed to allocate ctx for cmd=%p.\n", cmd); +- goto queuing_error; +- } ++ ctx = &sp->u.scmd.ct6_ctx; + + memset(ctx, 0, sizeof(struct ct6_dsd)); + ctx->fcp_cmnd = dma_pool_zalloc(ha->fcp_cmnd_dma_pool, +diff --git a/drivers/scsi/qla2xxx/qla_mid.c b/drivers/scsi/qla2xxx/qla_mid.c +index 274d2ba70b81..5976a2f036e6 100644 +--- a/drivers/scsi/qla2xxx/qla_mid.c ++++ b/drivers/scsi/qla2xxx/qla_mid.c +@@ -1080,3 +1080,119 @@ void qla_update_host_map(struct scsi_qla_host *vha, port_id_t id) + qla_update_vp_map(vha, SET_AL_PA); + } + } ++ ++int qla_create_buf_pool(struct scsi_qla_host *vha, struct qla_qpair *qp) ++{ ++ int sz; ++ ++ qp->buf_pool.num_bufs = qp->req->length; ++ ++ sz = BITS_TO_LONGS(qp->req->length); ++ qp->buf_pool.buf_map = kcalloc(sz, sizeof(long), GFP_KERNEL); ++ if (!qp->buf_pool.buf_map) { ++ ql_log(ql_log_warn, vha, 0x0186, ++ "Failed to allocate buf_map(%ld).\n", sz * sizeof(unsigned long)); ++ return -ENOMEM; ++ } ++ sz = qp->req->length * sizeof(void *); ++ qp->buf_pool.buf_array = kcalloc(qp->req->length, sizeof(void *), GFP_KERNEL); ++ if (!qp->buf_pool.buf_array) { ++ ql_log(ql_log_warn, vha, 0x0186, ++ "Failed to allocate buf_array(%d).\n", sz); ++ kfree(qp->buf_pool.buf_map); ++ return -ENOMEM; ++ } ++ sz = qp->req->length * sizeof(dma_addr_t); ++ qp->buf_pool.dma_array = kcalloc(qp->req->length, sizeof(dma_addr_t), GFP_KERNEL); ++ if (!qp->buf_pool.dma_array) { ++ ql_log(ql_log_warn, vha, 0x0186, ++ "Failed to allocate dma_array(%d).\n", sz); ++ kfree(qp->buf_pool.buf_map); ++ kfree(qp->buf_pool.buf_array); ++ return -ENOMEM; ++ } ++ set_bit(0, qp->buf_pool.buf_map); ++ return 0; ++} ++ ++void qla_free_buf_pool(struct qla_qpair *qp) ++{ ++ int i; ++ struct qla_hw_data *ha = qp->vha->hw; ++ ++ for (i = 0; i < qp->buf_pool.num_bufs; i++) { ++ if (qp->buf_pool.buf_array[i] && qp->buf_pool.dma_array[i]) ++ dma_pool_free(ha->fcp_cmnd_dma_pool, qp->buf_pool.buf_array[i], ++ qp->buf_pool.dma_array[i]); ++ qp->buf_pool.buf_array[i] = NULL; ++ qp->buf_pool.dma_array[i] = 0; ++ } ++ ++ kfree(qp->buf_pool.dma_array); ++ kfree(qp->buf_pool.buf_array); ++ kfree(qp->buf_pool.buf_map); ++} ++ ++/* it is assume qp->qp_lock is held at this point */ ++int qla_get_buf(struct scsi_qla_host *vha, struct qla_qpair *qp, struct qla_buf_dsc *dsc) ++{ ++ u16 tag, i = 0; ++ void *buf; ++ dma_addr_t buf_dma; ++ struct qla_hw_data *ha = vha->hw; ++ ++ dsc->tag = TAG_FREED; ++again: ++ tag = find_first_zero_bit(qp->buf_pool.buf_map, qp->buf_pool.num_bufs); ++ if (tag >= qp->buf_pool.num_bufs) { ++ ql_dbg(ql_dbg_io, vha, 0x00e2, ++ "qp(%d) ran out of buf resource.\n", qp->id); ++ return -EIO; ++ } ++ if (tag == 0) { ++ set_bit(0, qp->buf_pool.buf_map); ++ i++; ++ if (i == 5) { ++ ql_dbg(ql_dbg_io, vha, 0x00e3, ++ "qp(%d) unable to get tag.\n", qp->id); ++ return -EIO; ++ } ++ goto again; ++ } ++ ++ if (!qp->buf_pool.buf_array[tag]) { ++ buf = dma_pool_zalloc(ha->fcp_cmnd_dma_pool, GFP_ATOMIC, &buf_dma); ++ if (!buf) { ++ ql_log(ql_log_fatal, vha, 0x13b1, ++ "Failed to allocate buf.\n"); ++ return -ENOMEM; ++ } ++ ++ dsc->buf = qp->buf_pool.buf_array[tag] = buf; ++ dsc->buf_dma = qp->buf_pool.dma_array[tag] = buf_dma; ++ } else { ++ dsc->buf = qp->buf_pool.buf_array[tag]; ++ dsc->buf_dma = qp->buf_pool.dma_array[tag]; ++ memset(dsc->buf, 0, FCP_CMND_DMA_POOL_SIZE); ++ } ++ ++ qp->buf_pool.num_active++; ++ if (qp->buf_pool.num_active > qp->buf_pool.max_used) ++ qp->buf_pool.max_used = qp->buf_pool.num_active; ++ ++ dsc->tag = tag; ++ set_bit(tag, qp->buf_pool.buf_map); ++ return 0; ++} ++ ++ ++/* it is assume qp->qp_lock is held at this point */ ++void qla_put_buf(struct qla_qpair *qp, struct qla_buf_dsc *dsc) ++{ ++ if (dsc->tag == TAG_FREED) ++ return; ++ ++ clear_bit(dsc->tag, qp->buf_pool.buf_map); ++ qp->buf_pool.num_active--; ++ dsc->tag = TAG_FREED; ++} +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c +index ac3d0bc1b230..f8758cea11d6 100644 +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -733,15 +733,17 @@ void qla2x00_sp_free_dma(srb_t *sp) + } + + if (sp->flags & SRB_FCP_CMND_DMA_VALID) { +- struct ct6_dsd *ctx1 = sp->u.scmd.ct6_ctx; ++ struct ct6_dsd *ctx1 = &sp->u.scmd.ct6_ctx; + + dma_pool_free(ha->fcp_cmnd_dma_pool, ctx1->fcp_cmnd, + ctx1->fcp_cmnd_dma); + list_splice(&ctx1->dsd_list, &ha->gbl_dsd_list); + ha->gbl_dsd_inuse -= ctx1->dsd_use_cnt; + ha->gbl_dsd_avail += ctx1->dsd_use_cnt; +- mempool_free(ctx1, ha->ctx_mempool); + } ++ ++ if (sp->flags & SRB_GOT_BUF) ++ qla_put_buf(sp->qpair, &sp->u.scmd.buf_dsc); + } + + void qla2x00_sp_compl(srb_t *sp, int res) +@@ -817,14 +819,13 @@ void qla2xxx_qpair_sp_free_dma(srb_t *sp) + } + + if (sp->flags & SRB_FCP_CMND_DMA_VALID) { +- struct ct6_dsd *ctx1 = sp->u.scmd.ct6_ctx; ++ struct ct6_dsd *ctx1 = &sp->u.scmd.ct6_ctx; + + dma_pool_free(ha->fcp_cmnd_dma_pool, ctx1->fcp_cmnd, + ctx1->fcp_cmnd_dma); + list_splice(&ctx1->dsd_list, &ha->gbl_dsd_list); + ha->gbl_dsd_inuse -= ctx1->dsd_use_cnt; + ha->gbl_dsd_avail += ctx1->dsd_use_cnt; +- mempool_free(ctx1, ha->ctx_mempool); + sp->flags &= ~SRB_FCP_CMND_DMA_VALID; + } + +@@ -834,6 +835,9 @@ void qla2xxx_qpair_sp_free_dma(srb_t *sp) + dma_pool_free(ha->dl_dma_pool, ctx0, ctx0->crc_ctx_dma); + sp->flags &= ~SRB_CRC_CTX_DMA_VALID; + } ++ ++ if (sp->flags & SRB_GOT_BUF) ++ qla_put_buf(sp->qpair, &sp->u.scmd.buf_dsc); + } + + void qla2xxx_qpair_sp_compl(srb_t *sp, int res) +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-edif-fix-stall-session-after-app-start.patch b/patches.suse/scsi-qla2xxx-edif-fix-stall-session-after-app-start.patch new file mode 100644 index 0000000..027ec3b --- /dev/null +++ b/patches.suse/scsi-qla2xxx-edif-fix-stall-session-after-app-start.patch @@ -0,0 +1,103 @@ +From: Quinn Tran +Date: Wed, 21 Dec 2022 20:39:29 -0800 +Subject: scsi: qla2xxx: edif: Fix stall session after app start +Patch-mainline: v6.3-rc1 +Git-commit: 129a7c40294fd4ab9e9bccf76e8002818f492d8a +References: bsc#1208570 + +For N2N, qla2x00_wait_for_sess_deletion call flushes +a session which accidentally clear the scan_flag and thus prevents +re-login to occur and causes session to stall. + +Use session delete to avoid the accidental clearing of scan_flag. + +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_edif.c | 56 ++++++++++++++++++++++++++++----- + 1 file changed, 49 insertions(+), 7 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_edif.c b/drivers/scsi/qla2xxx/qla_edif.c +index ba58d8cb3183..06e68a7ad86a 100644 +--- a/drivers/scsi/qla2xxx/qla_edif.c ++++ b/drivers/scsi/qla2xxx/qla_edif.c +@@ -479,6 +479,49 @@ void qla2x00_release_all_sadb(struct scsi_qla_host *vha, struct fc_port *fcport) + spin_unlock_irqrestore(&ha->sadb_lock, flags); + } + ++/** ++ * qla_delete_n2n_sess_and_wait: search for N2N session, tear it down and ++ * wait for tear down to complete. In N2N topology, there is only one ++ * session being active in tracking the remote device. ++ * @vha: host adapter pointer ++ * return code: 0 - found the session and completed the tear down. ++ * 1 - timeout occurred. Caller to use link bounce to reset. ++ */ ++static int qla_delete_n2n_sess_and_wait(scsi_qla_host_t *vha) ++{ ++ struct fc_port *fcport; ++ int rc = -EIO; ++ ulong expire = jiffies + 23 * HZ; ++ ++ if (!N2N_TOPO(vha->hw)) ++ return 0; ++ ++ fcport = NULL; ++ list_for_each_entry(fcport, &vha->vp_fcports, list) { ++ if (!fcport->n2n_flag) ++ continue; ++ ++ ql_dbg(ql_dbg_disc, fcport->vha, 0x2016, ++ "%s reset sess at app start \n", __func__); ++ ++ qla_edif_sa_ctl_init(vha, fcport); ++ qlt_schedule_sess_for_deletion(fcport); ++ ++ while (time_before_eq(jiffies, expire)) { ++ if (fcport->disc_state != DSC_DELETE_PEND) { ++ rc = 0; ++ break; ++ } ++ msleep(1); ++ } ++ ++ set_bit(RELOGIN_NEEDED, &vha->dpc_flags); ++ break; ++ } ++ ++ return rc; ++} ++ + /** + * qla_edif_app_start: application has announce its present + * @vha: host adapter pointer +@@ -518,18 +561,17 @@ qla_edif_app_start(scsi_qla_host_t *vha, struct bsg_job *bsg_job) + fcport->n2n_link_reset_cnt = 0; + + if (vha->hw->flags.n2n_fw_acc_sec) { +- list_for_each_entry_safe(fcport, tf, &vha->vp_fcports, list) +- qla_edif_sa_ctl_init(vha, fcport); +- ++ bool link_bounce = false; + /* + * While authentication app was not running, remote device + * could still try to login with this local port. Let's +- * clear the state and try again. ++ * reset the session, reconnect and re-authenticate. + */ +- qla2x00_wait_for_sess_deletion(vha); ++ if (qla_delete_n2n_sess_and_wait(vha)) ++ link_bounce = true; + +- /* bounce the link to get the other guy to relogin */ +- if (!vha->hw->flags.n2n_bigger) { ++ /* bounce the link to start login */ ++ if (!vha->hw->flags.n2n_bigger || link_bounce) { + set_bit(N2N_LINK_RESET, &vha->dpc_flags); + qla2xxx_wake_dpc(vha); + } +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-edif-reduce-memory-usage-during-low-i-o.patch b/patches.suse/scsi-qla2xxx-edif-reduce-memory-usage-during-low-i-o.patch new file mode 100644 index 0000000..accfc9a --- /dev/null +++ b/patches.suse/scsi-qla2xxx-edif-reduce-memory-usage-during-low-i-o.patch @@ -0,0 +1,197 @@ +From: Quinn Tran +Date: Wed, 21 Dec 2022 20:39:30 -0800 +Subject: scsi: qla2xxx: edif: Reduce memory usage during low I/O +Patch-mainline: v6.3-rc1 +Git-commit: 1f8f9c34127e9fae20c29a2b57f56fd47dbb43e4 +References: bsc#1208570 + +For edif, each I/O requires a secondary buffer to carry the FCP +cmnd. During high traffic time, these buffers are cached in the qpair. As +traffic dies down, these buffers will be trimmed as needed. If traffic is +reduced to none over 2 consecutive intervals, then these buffers will be +further trimmed. + +Free FCP cmnd buffers to reduce memory usage during slow I/O time. + +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_def.h | 6 ++- + drivers/scsi/qla2xxx/qla_gbl.h | 1 + + drivers/scsi/qla2xxx/qla_mid.c | 94 ++++++++++++++++++++++++++++++++++ + drivers/scsi/qla2xxx/qla_os.c | 1 + + 4 files changed, 101 insertions(+), 1 deletion(-) + +diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h +index 6f6190404939..972f1144b9d3 100644 +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -3735,7 +3735,10 @@ struct qla_buf_pool { + u16 num_bufs; + u16 num_active; + u16 max_used; +- u16 reserved; ++ u16 num_alloc; ++ u16 prev_max; ++ u16 pad; ++ uint32_t take_snapshot:1; + unsigned long *buf_map; + void **buf_array; + dma_addr_t *dma_array; +@@ -4874,6 +4877,7 @@ typedef struct scsi_qla_host { + #define LOOP_READY 5 + #define LOOP_DEAD 6 + ++ unsigned long buf_expired; + unsigned long relogin_jif; + unsigned long dpc_flags; + #define RESET_MARKER_NEEDED 0 /* Send marker to ISP. */ +diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h +index d802d37fe739..9142df876c73 100644 +--- a/drivers/scsi/qla2xxx/qla_gbl.h ++++ b/drivers/scsi/qla2xxx/qla_gbl.h +@@ -293,6 +293,7 @@ extern void qla2x00_alert_all_vps(struct rsp_que *, uint16_t *); + extern void qla2x00_async_event(scsi_qla_host_t *, struct rsp_que *, + uint16_t *); + extern int qla2x00_vp_abort_isp(scsi_qla_host_t *); ++void qla_adjust_buf(struct scsi_qla_host *); + + /* + * Global Function Prototypes in qla_iocb.c source file. +diff --git a/drivers/scsi/qla2xxx/qla_mid.c b/drivers/scsi/qla2xxx/qla_mid.c +index 5976a2f036e6..c6ca39b8e23d 100644 +--- a/drivers/scsi/qla2xxx/qla_mid.c ++++ b/drivers/scsi/qla2xxx/qla_mid.c +@@ -1170,6 +1170,7 @@ int qla_get_buf(struct scsi_qla_host *vha, struct qla_qpair *qp, struct qla_buf_ + + dsc->buf = qp->buf_pool.buf_array[tag] = buf; + dsc->buf_dma = qp->buf_pool.dma_array[tag] = buf_dma; ++ qp->buf_pool.num_alloc++; + } else { + dsc->buf = qp->buf_pool.buf_array[tag]; + dsc->buf_dma = qp->buf_pool.dma_array[tag]; +@@ -1185,14 +1186,107 @@ int qla_get_buf(struct scsi_qla_host *vha, struct qla_qpair *qp, struct qla_buf_ + return 0; + } + ++void qla_trim_buf(struct qla_qpair *qp, u16 trim) ++{ ++ int i, j; ++ struct qla_hw_data *ha = qp->vha->hw; ++ ++ if (!trim) ++ return; ++ ++ for (i = 0; i < trim; i++) { ++ j = qp->buf_pool.num_alloc - 1; ++ if (test_bit(j, qp->buf_pool.buf_map)) { ++ ql_dbg(ql_dbg_io + ql_dbg_verbose, qp->vha, 0x300b, ++ "QP id(%d): trim active buf[%d]. Remain %d bufs\n", ++ qp->id, j, qp->buf_pool.num_alloc); ++ return; ++ } ++ ++ if (qp->buf_pool.buf_array[j]) { ++ dma_pool_free(ha->fcp_cmnd_dma_pool, qp->buf_pool.buf_array[j], ++ qp->buf_pool.dma_array[j]); ++ qp->buf_pool.buf_array[j] = NULL; ++ qp->buf_pool.dma_array[j] = 0; ++ } ++ qp->buf_pool.num_alloc--; ++ if (!qp->buf_pool.num_alloc) ++ break; ++ } ++ ql_dbg(ql_dbg_io + ql_dbg_verbose, qp->vha, 0x3010, ++ "QP id(%d): trimmed %d bufs. Remain %d bufs\n", ++ qp->id, trim, qp->buf_pool.num_alloc); ++} ++ ++void __qla_adjust_buf(struct qla_qpair *qp) ++{ ++ u32 trim; ++ ++ qp->buf_pool.take_snapshot = 0; ++ qp->buf_pool.prev_max = qp->buf_pool.max_used; ++ qp->buf_pool.max_used = qp->buf_pool.num_active; ++ ++ if (qp->buf_pool.prev_max > qp->buf_pool.max_used && ++ qp->buf_pool.num_alloc > qp->buf_pool.max_used) { ++ /* down trend */ ++ trim = qp->buf_pool.num_alloc - qp->buf_pool.max_used; ++ trim = (trim * 10) / 100; ++ trim = trim ? trim : 1; ++ qla_trim_buf(qp, trim); ++ } else if (!qp->buf_pool.prev_max && !qp->buf_pool.max_used) { ++ /* 2 periods of no io */ ++ qla_trim_buf(qp, qp->buf_pool.num_alloc); ++ } ++} + + /* it is assume qp->qp_lock is held at this point */ + void qla_put_buf(struct qla_qpair *qp, struct qla_buf_dsc *dsc) + { + if (dsc->tag == TAG_FREED) + return; ++ lockdep_assert_held(qp->qp_lock_ptr); + + clear_bit(dsc->tag, qp->buf_pool.buf_map); + qp->buf_pool.num_active--; + dsc->tag = TAG_FREED; ++ ++ if (qp->buf_pool.take_snapshot) ++ __qla_adjust_buf(qp); ++} ++ ++#define EXPIRE (60 * HZ) ++void qla_adjust_buf(struct scsi_qla_host *vha) ++{ ++ unsigned long flags; ++ int i; ++ struct qla_qpair *qp; ++ ++ if (vha->vp_idx) ++ return; ++ ++ if (!vha->buf_expired) { ++ vha->buf_expired = jiffies + EXPIRE; ++ return; ++ } ++ if (time_before(jiffies, vha->buf_expired)) ++ return; ++ ++ vha->buf_expired = jiffies + EXPIRE; ++ ++ for (i = 0; i < vha->hw->num_qpairs; i++) { ++ qp = vha->hw->queue_pair_map[i]; ++ if (!qp) ++ continue; ++ if (!qp->buf_pool.num_alloc) ++ continue; ++ ++ if (qp->buf_pool.take_snapshot) { ++ /* no io has gone through in the last EXPIRE period */ ++ spin_lock_irqsave(qp->qp_lock_ptr, flags); ++ __qla_adjust_buf(qp); ++ spin_unlock_irqrestore(qp->qp_lock_ptr, flags); ++ } else { ++ qp->buf_pool.take_snapshot = 1; ++ } ++ } + } +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c +index f8758cea11d6..d07a914559d3 100644 +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -7522,6 +7522,7 @@ qla2x00_timer(struct timer_list *t) + set_bit(SET_ZIO_THRESHOLD_NEEDED, &vha->dpc_flags); + start_dpc++; + } ++ qla_adjust_buf(vha); + + /* borrowing w to signify dpc will run */ + w = 0; +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-fix-dma-api-call-trace-on-nvme-ls-requests.patch b/patches.suse/scsi-qla2xxx-fix-dma-api-call-trace-on-nvme-ls-requests.patch new file mode 100644 index 0000000..a8ba5b6 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-fix-dma-api-call-trace-on-nvme-ls-requests.patch @@ -0,0 +1,90 @@ +From: Arun Easi +Date: Mon, 19 Dec 2022 03:07:40 -0800 +Subject: scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests +Patch-mainline: v6.3-rc1 +Git-commit: c75e6aef5039830cce5d4cf764dd204522f89e6b +References: bsc#1208570 + +The following message and call trace was seen with debug kernels: + +DMA-API: qla2xxx 0000:41:00.0: device driver failed to check map +error [device address=0x00000002a3ff38d8] [size=1024 bytes] [mapped as +single] +WARNING: CPU: 0 PID: 2930 at kernel/dma/debug.c:1017 + check_unmap+0xf42/0x1990 + +Call Trace: + debug_dma_unmap_page+0xc9/0x100 + qla_nvme_ls_unmap+0x141/0x210 [qla2xxx] + +Remove DMA mapping from the driver altogether, as it is already done by FC +layer. This prevents the warning. + +Fixes: c85ab7d9e27a ("scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests") +Cc: stable@vger.kernel.org +Signed-off-by: Arun Easi +Signed-off-by: Nilesh Javali +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_nvme.c | 19 +------------------ + 1 file changed, 1 insertion(+), 18 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_nvme.c b/drivers/scsi/qla2xxx/qla_nvme.c +index 02fdeb0d31ec..8927ddc5e69c 100644 +--- a/drivers/scsi/qla2xxx/qla_nvme.c ++++ b/drivers/scsi/qla2xxx/qla_nvme.c +@@ -170,18 +170,6 @@ static void qla_nvme_release_fcp_cmd_kref(struct kref *kref) + qla2xxx_rel_qpair_sp(sp->qpair, sp); + } + +-static void qla_nvme_ls_unmap(struct srb *sp, struct nvmefc_ls_req *fd) +-{ +- if (sp->flags & SRB_DMA_VALID) { +- struct srb_iocb *nvme = &sp->u.iocb_cmd; +- struct qla_hw_data *ha = sp->fcport->vha->hw; +- +- dma_unmap_single(&ha->pdev->dev, nvme->u.nvme.cmd_dma, +- fd->rqstlen, DMA_TO_DEVICE); +- sp->flags &= ~SRB_DMA_VALID; +- } +-} +- + static void qla_nvme_release_ls_cmd_kref(struct kref *kref) + { + struct srb *sp = container_of(kref, struct srb, cmd_kref); +@@ -199,7 +187,6 @@ static void qla_nvme_release_ls_cmd_kref(struct kref *kref) + + fd = priv->fd; + +- qla_nvme_ls_unmap(sp, fd); + fd->done(fd, priv->comp_status); + out: + qla2x00_rel_sp(sp); +@@ -365,13 +352,10 @@ static int qla_nvme_ls_req(struct nvme_fc_local_port *lport, + nvme->u.nvme.rsp_len = fd->rsplen; + nvme->u.nvme.rsp_dma = fd->rspdma; + nvme->u.nvme.timeout_sec = fd->timeout; +- nvme->u.nvme.cmd_dma = dma_map_single(&ha->pdev->dev, fd->rqstaddr, +- fd->rqstlen, DMA_TO_DEVICE); ++ nvme->u.nvme.cmd_dma = fd->rqstdma; + dma_sync_single_for_device(&ha->pdev->dev, nvme->u.nvme.cmd_dma, + fd->rqstlen, DMA_TO_DEVICE); + +- sp->flags |= SRB_DMA_VALID; +- + rval = qla2x00_start_sp(sp); + if (rval != QLA_SUCCESS) { + ql_log(ql_log_warn, vha, 0x700e, +@@ -379,7 +363,6 @@ static int qla_nvme_ls_req(struct nvme_fc_local_port *lport, + wake_up(&sp->nvme_ls_waitq); + sp->priv = NULL; + priv->sp = NULL; +- qla_nvme_ls_unmap(sp, fd); + qla2x00_rel_sp(sp); + return rval; + } +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-fix-erroneous-link-down.patch b/patches.suse/scsi-qla2xxx-fix-erroneous-link-down.patch new file mode 100644 index 0000000..8a8aaf5 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-fix-erroneous-link-down.patch @@ -0,0 +1,53 @@ +From: Quinn Tran +Date: Mon, 19 Dec 2022 03:07:45 -0800 +Subject: scsi: qla2xxx: Fix erroneous link down +Patch-mainline: v6.3-rc1 +Git-commit: 3fbc74feb642deb688cc97f76d40b7287ddd4cb1 +References: bsc#1208570 + +If after an adapter reset the appearance of link is not recovered, the +devices are not rediscovered. This is result of a race condition between +adapter reset (abort_isp) and the topology scan. During adapter reset, the +ABORT_ISP_ACTIVE flag is set. Topology scan usually occurred after adapter +reset. In this case, the topology scan came earlier than usual where it +ran into problem due to ABORT_ISP_ACTIVE flag was still set. + +kernel: qla2xxx [0000:13:00.0]-1005:1: Cmd 0x6a aborted with timeout since ISP Abort is pending +kernel: qla2xxx [0000:13:00.0]-28a0:1: MBX_GET_PORT_NAME failed, No FL Port. +kernel: qla2xxx [0000:13:00.0]-286b:1: qla2x00_configure_loop: exiting normally. local port wwpn 51402ec0123d9a80 id 012300) +kernel: qla2xxx [0000:13:00.0]-8017:1: ADAPTER RESET SUCCEEDED nexus=1:0:15. + +Allow adapter reset to complete before any scan can start. + +Cc: stable@vger.kernel.org +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_os.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c +index 36d3cecab20e..2d86f804872b 100644 +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -7094,9 +7094,12 @@ qla2x00_do_dpc(void *data) + } + } + loop_resync_check: +- if (test_and_clear_bit(LOOP_RESYNC_NEEDED, ++ if (!qla2x00_reset_active(base_vha) && ++ test_and_clear_bit(LOOP_RESYNC_NEEDED, + &base_vha->dpc_flags)) { +- ++ /* ++ * Allow abort_isp to complete before moving on to scanning. ++ */ + ql_dbg(ql_dbg_dpc, base_vha, 0x400f, + "Loop resync scheduled.\n"); + +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-fix-exchange-oversubscription-for-management-commands.patch b/patches.suse/scsi-qla2xxx-fix-exchange-oversubscription-for-management-commands.patch new file mode 100644 index 0000000..cc69e6d --- /dev/null +++ b/patches.suse/scsi-qla2xxx-fix-exchange-oversubscription-for-management-commands.patch @@ -0,0 +1,181 @@ +From: Quinn Tran +Date: Mon, 19 Dec 2022 03:07:42 -0800 +Subject: scsi: qla2xxx: Fix exchange oversubscription for management commands +Patch-mainline: v6.3-rc1 +Git-commit: 5f63a163ed2f12c34dd4ae9b2757962ec7bb86e5 +References: bsc#1208570 + +Add resource checking for management (non-I/O) commands. + +Fixes: 89c72f4245a8 ("scsi: qla2xxx: Add IOCB resource tracking") +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_dfs.c | 10 ++++- + drivers/scsi/qla2xxx/qla_inline.h | 5 ++ + drivers/scsi/qla2xxx/qla_iocb.c | 67 ++++++++++++++++++++++++++++++++++++++ + drivers/scsi/qla2xxx/qla_isr.c | 1 + 4 files changed, 80 insertions(+), 3 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_dfs.c ++++ b/drivers/scsi/qla2xxx/qla_dfs.c +@@ -236,7 +236,7 @@ qla_dfs_fw_resource_cnt_show(struct seq_ + uint16_t mb[MAX_IOCB_MB_REG]; + int rc; + struct qla_hw_data *ha = vha->hw; +- u16 iocbs_used, i; ++ u16 iocbs_used, i, exch_used; + + rc = qla24xx_res_count_wait(vha, mb, SIZEOF_IOCB_MB_REG); + if (rc != QLA_SUCCESS) { +@@ -264,13 +264,19 @@ qla_dfs_fw_resource_cnt_show(struct seq_ + if (ql2xenforce_iocb_limit) { + /* lock is not require. It's an estimate. */ + iocbs_used = ha->base_qpair->fwres.iocbs_used; ++ exch_used = ha->base_qpair->fwres.exch_used; + for (i = 0; i < ha->max_qpairs; i++) { +- if (ha->queue_pair_map[i]) ++ if (ha->queue_pair_map[i]) { + iocbs_used += ha->queue_pair_map[i]->fwres.iocbs_used; ++ exch_used += ha->queue_pair_map[i]->fwres.exch_used; ++ } + } + + seq_printf(s, "Driver: estimate iocb used [%d] high water limit [%d]\n", + iocbs_used, ha->base_qpair->fwres.iocbs_limit); ++ ++ seq_printf(s, "estimate exchange used[%d] high water limit [%d] n", ++ exch_used, ha->base_qpair->fwres.exch_limit); + } + + return 0; +--- a/drivers/scsi/qla2xxx/qla_inline.h ++++ b/drivers/scsi/qla2xxx/qla_inline.h +@@ -381,7 +381,7 @@ qla2xxx_get_fc4_priority(struct scsi_qla + + enum { + RESOURCE_NONE, +- RESOURCE_IOCB = BIT_0, ++ RESOURCE_IOCB = BIT_0, + RESOURCE_EXCH = BIT_1, /* exchange */ + RESOURCE_FORCE = BIT_2, + }; +@@ -397,6 +397,8 @@ qla_get_fw_resources(struct qla_qpair *q + iores->res_type = RESOURCE_NONE; + return 0; + } ++ if (iores->res_type & RESOURCE_FORCE) ++ goto force; + + if ((iores->iocb_cnt + qp->fwres.iocbs_used) >= qp->fwres.iocbs_qp_limit) { + /* no need to acquire qpair lock. It's just rough calculation */ +@@ -424,6 +426,7 @@ qla_get_fw_resources(struct qla_qpair *q + return -ENOSPC; + } + } ++force: + qp->fwres.iocbs_used += iores->iocb_cnt; + qp->fwres.exch_used += iores->exch_cnt; + return 0; +--- a/drivers/scsi/qla2xxx/qla_iocb.c ++++ b/drivers/scsi/qla2xxx/qla_iocb.c +@@ -3820,6 +3820,65 @@ qla24xx_prlo_iocb(srb_t *sp, struct logi + logio->vp_index = sp->fcport->vha->vp_idx; + } + ++int qla_get_iocbs_resource(struct srb *sp) ++{ ++ bool get_exch; ++ bool push_it_through = false; ++ ++ if (!ql2xenforce_iocb_limit) { ++ sp->iores.res_type = RESOURCE_NONE; ++ return 0; ++ } ++ sp->iores.res_type = RESOURCE_NONE; ++ ++ switch (sp->type) { ++ case SRB_TM_CMD: ++ case SRB_PRLI_CMD: ++ case SRB_ADISC_CMD: ++ push_it_through = true; ++ /* fallthrough */ ++ case SRB_LOGIN_CMD: ++ case SRB_ELS_CMD_RPT: ++ case SRB_ELS_CMD_HST: ++ case SRB_ELS_CMD_HST_NOLOGIN: ++ case SRB_CT_CMD: ++ case SRB_NVME_LS: ++ case SRB_ELS_DCMD: ++ get_exch = true; ++ break; ++ ++ case SRB_FXIOCB_DCMD: ++ case SRB_FXIOCB_BCMD: ++ sp->iores.res_type = RESOURCE_NONE; ++ return 0; ++ ++ case SRB_SA_UPDATE: ++ case SRB_SA_REPLACE: ++ case SRB_MB_IOCB: ++ case SRB_ABT_CMD: ++ case SRB_NACK_PLOGI: ++ case SRB_NACK_PRLI: ++ case SRB_NACK_LOGO: ++ case SRB_LOGOUT_CMD: ++ case SRB_CTRL_VP: ++ push_it_through = true; ++ /* fallthrough */ ++ default: ++ get_exch = false; ++ } ++ ++ sp->iores.res_type |= RESOURCE_IOCB; ++ sp->iores.iocb_cnt = 1; ++ if (get_exch) { ++ sp->iores.res_type |= RESOURCE_EXCH; ++ sp->iores.exch_cnt = 1; ++ } ++ if (push_it_through) ++ sp->iores.res_type |= RESOURCE_FORCE; ++ ++ return qla_get_fw_resources(sp->qpair, &sp->iores); ++} ++ + int + qla2x00_start_sp(srb_t *sp) + { +@@ -3834,6 +3893,12 @@ qla2x00_start_sp(srb_t *sp) + return -EIO; + + spin_lock_irqsave(qp->qp_lock_ptr, flags); ++ rval = qla_get_iocbs_resource(sp); ++ if (rval) { ++ spin_unlock_irqrestore(qp->qp_lock_ptr, flags); ++ return -EAGAIN; ++ } ++ + pkt = __qla2x00_alloc_iocbs(sp->qpair, sp); + if (!pkt) { + rval = EAGAIN; +@@ -3934,6 +3999,8 @@ qla2x00_start_sp(srb_t *sp) + wmb(); + qla2x00_start_iocbs(vha, qp->req); + done: ++ if (rval) ++ qla_put_fw_resources(sp->qpair, &sp->iores); + spin_unlock_irqrestore(qp->qp_lock_ptr, flags); + return rval; + } +--- a/drivers/scsi/qla2xxx/qla_isr.c ++++ b/drivers/scsi/qla2xxx/qla_isr.c +@@ -3122,6 +3122,7 @@ qla25xx_process_bidir_status_iocb(scsi_q + } + bsg_reply->reply_payload_rcv_len = 0; + ++ qla_put_fw_resources(sp->qpair, &sp->iores); + done: + /* Return the vendor specific reply to API */ + bsg_reply->reply_data.vendor_reply.vendor_rsp[0] = rval; diff --git a/patches.suse/scsi-qla2xxx-fix-exchange-oversubscription.patch b/patches.suse/scsi-qla2xxx-fix-exchange-oversubscription.patch new file mode 100644 index 0000000..a111c78 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-fix-exchange-oversubscription.patch @@ -0,0 +1,382 @@ +From: Quinn Tran +Date: Mon, 19 Dec 2022 03:07:41 -0800 +Subject: scsi: qla2xxx: Fix exchange oversubscription +Patch-mainline: v6.3-rc1 +Git-commit: 41e5afe51f75f2858f5563145348f6c26d307b8f +References: bsc#1208570 + +In large environment, it is possible to experience command timeout and +escalation of path recovery. Currently the driver does not track the number +of exchanges/commands sent to FW. If there is a delay for commands at the +head of the queue, then this will create back pressure for commands at the +back of the queue. + +Check for exchange availability before command submission. + +Fixes: 89c72f4245a8 ("scsi: qla2xxx: Add IOCB resource tracking") +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_def.h | 6 +++- + drivers/scsi/qla2xxx/qla_edif.c | 7 +++-- + drivers/scsi/qla2xxx/qla_init.c | 13 ++++++++ + drivers/scsi/qla2xxx/qla_inline.h | 52 +++++++++++++++++++++---------- + drivers/scsi/qla2xxx/qla_iocb.c | 28 ++++++++++------- + drivers/scsi/qla2xxx/qla_isr.c | 3 +- + drivers/scsi/qla2xxx/qla_nvme.c | 15 ++++++++- + 7 files changed, 88 insertions(+), 36 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h +index a26a373be9da..cd4eb11b0707 100644 +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -660,7 +660,7 @@ enum { + + struct iocb_resource { + u8 res_type; +- u8 pad; ++ u8 exch_cnt; + u16 iocb_cnt; + }; + +@@ -3721,6 +3721,10 @@ struct qla_fw_resources { + u16 iocbs_limit; + u16 iocbs_qp_limit; + u16 iocbs_used; ++ u16 exch_total; ++ u16 exch_limit; ++ u16 exch_used; ++ u16 pad; + }; + + #define QLA_IOCB_PCT_LIMIT 95 +diff --git a/drivers/scsi/qla2xxx/qla_edif.c b/drivers/scsi/qla2xxx/qla_edif.c +index e4240aae5f9e..53186a145962 100644 +--- a/drivers/scsi/qla2xxx/qla_edif.c ++++ b/drivers/scsi/qla2xxx/qla_edif.c +@@ -2989,9 +2989,10 @@ qla28xx_start_scsi_edif(srb_t *sp) + tot_dsds = nseg; + req_cnt = qla24xx_calc_iocbs(vha, tot_dsds); + +- sp->iores.res_type = RESOURCE_INI; ++ sp->iores.res_type = RESOURCE_IOCB | RESOURCE_EXCH; ++ sp->iores.exch_cnt = 1; + sp->iores.iocb_cnt = req_cnt; +- if (qla_get_iocbs(sp->qpair, &sp->iores)) ++ if (qla_get_fw_resources(sp->qpair, &sp->iores)) + goto queuing_error; + + if (req->cnt < (req_cnt + 2)) { +@@ -3185,7 +3186,7 @@ qla28xx_start_scsi_edif(srb_t *sp) + mempool_free(sp->u.scmd.ct6_ctx, ha->ctx_mempool); + sp->u.scmd.ct6_ctx = NULL; + } +- qla_put_iocbs(sp->qpair, &sp->iores); ++ qla_put_fw_resources(sp->qpair, &sp->iores); + spin_unlock_irqrestore(lock, flags); + + return QLA_FUNCTION_FAILED; +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c +index 8d9ecabb1aac..fd27fb511479 100644 +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -128,12 +128,14 @@ static void qla24xx_abort_iocb_timeout(void *data) + sp->cmd_sp)) { + qpair->req->outstanding_cmds[handle] = NULL; + cmdsp_found = 1; ++ qla_put_fw_resources(qpair, &sp->cmd_sp->iores); + } + + /* removing the abort */ + if (qpair->req->outstanding_cmds[handle] == sp) { + qpair->req->outstanding_cmds[handle] = NULL; + sp_found = 1; ++ qla_put_fw_resources(qpair, &sp->iores); + break; + } + } +@@ -2000,6 +2002,7 @@ qla2x00_tmf_iocb_timeout(void *data) + for (h = 1; h < sp->qpair->req->num_outstanding_cmds; h++) { + if (sp->qpair->req->outstanding_cmds[h] == sp) { + sp->qpair->req->outstanding_cmds[h] = NULL; ++ qla_put_fw_resources(sp->qpair, &sp->iores); + break; + } + } +@@ -3943,6 +3946,12 @@ void qla_init_iocb_limit(scsi_qla_host_t *vha) + ha->base_qpair->fwres.iocbs_limit = limit; + ha->base_qpair->fwres.iocbs_qp_limit = limit / num_qps; + ha->base_qpair->fwres.iocbs_used = 0; ++ ++ ha->base_qpair->fwres.exch_total = ha->orig_fw_xcb_count; ++ ha->base_qpair->fwres.exch_limit = (ha->orig_fw_xcb_count * ++ QLA_IOCB_PCT_LIMIT) / 100; ++ ha->base_qpair->fwres.exch_used = 0; ++ + for (i = 0; i < ha->max_qpairs; i++) { + if (ha->queue_pair_map[i]) { + ha->queue_pair_map[i]->fwres.iocbs_total = +@@ -3951,6 +3960,10 @@ void qla_init_iocb_limit(scsi_qla_host_t *vha) + ha->queue_pair_map[i]->fwres.iocbs_qp_limit = + limit / num_qps; + ha->queue_pair_map[i]->fwres.iocbs_used = 0; ++ ha->queue_pair_map[i]->fwres.exch_total = ha->orig_fw_xcb_count; ++ ha->queue_pair_map[i]->fwres.exch_limit = ++ (ha->orig_fw_xcb_count * QLA_IOCB_PCT_LIMIT) / 100; ++ ha->queue_pair_map[i]->fwres.exch_used = 0; + } + } + } +diff --git a/drivers/scsi/qla2xxx/qla_inline.h b/drivers/scsi/qla2xxx/qla_inline.h +index 5185dc5daf80..2d5a275d8b00 100644 +--- a/drivers/scsi/qla2xxx/qla_inline.h ++++ b/drivers/scsi/qla2xxx/qla_inline.h +@@ -380,13 +380,16 @@ qla2xxx_get_fc4_priority(struct scsi_qla_host *vha) + + enum { + RESOURCE_NONE, +- RESOURCE_INI, ++ RESOURCE_IOCB = BIT_0, ++ RESOURCE_EXCH = BIT_1, /* exchange */ ++ RESOURCE_FORCE = BIT_2, + }; + + static inline int +-qla_get_iocbs(struct qla_qpair *qp, struct iocb_resource *iores) ++qla_get_fw_resources(struct qla_qpair *qp, struct iocb_resource *iores) + { + u16 iocbs_used, i; ++ u16 exch_used; + struct qla_hw_data *ha = qp->vha->hw; + + if (!ql2xenforce_iocb_limit) { +@@ -394,10 +397,7 @@ qla_get_iocbs(struct qla_qpair *qp, struct iocb_resource *iores) + return 0; + } + +- if ((iores->iocb_cnt + qp->fwres.iocbs_used) < qp->fwres.iocbs_qp_limit) { +- qp->fwres.iocbs_used += iores->iocb_cnt; +- return 0; +- } else { ++ if ((iores->iocb_cnt + qp->fwres.iocbs_used) >= qp->fwres.iocbs_qp_limit) { + /* no need to acquire qpair lock. It's just rough calculation */ + iocbs_used = ha->base_qpair->fwres.iocbs_used; + for (i = 0; i < ha->max_qpairs; i++) { +@@ -405,30 +405,48 @@ qla_get_iocbs(struct qla_qpair *qp, struct iocb_resource *iores) + iocbs_used += ha->queue_pair_map[i]->fwres.iocbs_used; + } + +- if ((iores->iocb_cnt + iocbs_used) < qp->fwres.iocbs_limit) { +- qp->fwres.iocbs_used += iores->iocb_cnt; +- return 0; +- } else { ++ if ((iores->iocb_cnt + iocbs_used) >= qp->fwres.iocbs_limit) { ++ iores->res_type = RESOURCE_NONE; ++ return -ENOSPC; ++ } ++ } ++ ++ if (iores->res_type & RESOURCE_EXCH) { ++ exch_used = ha->base_qpair->fwres.exch_used; ++ for (i = 0; i < ha->max_qpairs; i++) { ++ if (ha->queue_pair_map[i]) ++ exch_used += ha->queue_pair_map[i]->fwres.exch_used; ++ } ++ ++ if ((exch_used + iores->exch_cnt) >= qp->fwres.exch_limit) { + iores->res_type = RESOURCE_NONE; + return -ENOSPC; + } + } ++ qp->fwres.iocbs_used += iores->iocb_cnt; ++ qp->fwres.exch_used += iores->exch_cnt; ++ return 0; + } + + static inline void +-qla_put_iocbs(struct qla_qpair *qp, struct iocb_resource *iores) ++qla_put_fw_resources(struct qla_qpair *qp, struct iocb_resource *iores) + { +- switch (iores->res_type) { +- case RESOURCE_NONE: +- break; +- default: ++ if (iores->res_type & RESOURCE_IOCB) { + if (qp->fwres.iocbs_used >= iores->iocb_cnt) { + qp->fwres.iocbs_used -= iores->iocb_cnt; + } else { +- // should not happen ++ /* should not happen */ + qp->fwres.iocbs_used = 0; + } +- break; ++ } ++ ++ if (iores->res_type & RESOURCE_EXCH) { ++ if (qp->fwres.exch_used >= iores->exch_cnt) { ++ qp->fwres.exch_used -= iores->exch_cnt; ++ } else { ++ /* should not happen */ ++ qp->fwres.exch_used = 0; ++ } + } + iores->res_type = RESOURCE_NONE; + } +diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c +index 42ce4e1fe744..399ec8da2d73 100644 +--- a/drivers/scsi/qla2xxx/qla_iocb.c ++++ b/drivers/scsi/qla2xxx/qla_iocb.c +@@ -1589,9 +1589,10 @@ qla24xx_start_scsi(srb_t *sp) + tot_dsds = nseg; + req_cnt = qla24xx_calc_iocbs(vha, tot_dsds); + +- sp->iores.res_type = RESOURCE_INI; ++ sp->iores.res_type = RESOURCE_IOCB | RESOURCE_EXCH; ++ sp->iores.exch_cnt = 1; + sp->iores.iocb_cnt = req_cnt; +- if (qla_get_iocbs(sp->qpair, &sp->iores)) ++ if (qla_get_fw_resources(sp->qpair, &sp->iores)) + goto queuing_error; + + if (req->cnt < (req_cnt + 2)) { +@@ -1678,7 +1679,7 @@ qla24xx_start_scsi(srb_t *sp) + if (tot_dsds) + scsi_dma_unmap(cmd); + +- qla_put_iocbs(sp->qpair, &sp->iores); ++ qla_put_fw_resources(sp->qpair, &sp->iores); + spin_unlock_irqrestore(&ha->hardware_lock, flags); + + return QLA_FUNCTION_FAILED; +@@ -1793,9 +1794,10 @@ qla24xx_dif_start_scsi(srb_t *sp) + tot_prot_dsds = nseg; + tot_dsds += nseg; + +- sp->iores.res_type = RESOURCE_INI; ++ sp->iores.res_type = RESOURCE_IOCB | RESOURCE_EXCH; ++ sp->iores.exch_cnt = 1; + sp->iores.iocb_cnt = qla24xx_calc_iocbs(vha, tot_dsds); +- if (qla_get_iocbs(sp->qpair, &sp->iores)) ++ if (qla_get_fw_resources(sp->qpair, &sp->iores)) + goto queuing_error; + + if (req->cnt < (req_cnt + 2)) { +@@ -1883,7 +1885,7 @@ qla24xx_dif_start_scsi(srb_t *sp) + } + /* Cleanup will be performed by the caller (queuecommand) */ + +- qla_put_iocbs(sp->qpair, &sp->iores); ++ qla_put_fw_resources(sp->qpair, &sp->iores); + spin_unlock_irqrestore(&ha->hardware_lock, flags); + + return QLA_FUNCTION_FAILED; +@@ -1952,9 +1954,10 @@ qla2xxx_start_scsi_mq(srb_t *sp) + tot_dsds = nseg; + req_cnt = qla24xx_calc_iocbs(vha, tot_dsds); + +- sp->iores.res_type = RESOURCE_INI; ++ sp->iores.res_type = RESOURCE_IOCB | RESOURCE_EXCH; ++ sp->iores.exch_cnt = 1; + sp->iores.iocb_cnt = req_cnt; +- if (qla_get_iocbs(sp->qpair, &sp->iores)) ++ if (qla_get_fw_resources(sp->qpair, &sp->iores)) + goto queuing_error; + + if (req->cnt < (req_cnt + 2)) { +@@ -2041,7 +2044,7 @@ qla2xxx_start_scsi_mq(srb_t *sp) + if (tot_dsds) + scsi_dma_unmap(cmd); + +- qla_put_iocbs(sp->qpair, &sp->iores); ++ qla_put_fw_resources(sp->qpair, &sp->iores); + spin_unlock_irqrestore(&qpair->qp_lock, flags); + + return QLA_FUNCTION_FAILED; +@@ -2171,9 +2174,10 @@ qla2xxx_dif_start_scsi_mq(srb_t *sp) + tot_prot_dsds = nseg; + tot_dsds += nseg; + +- sp->iores.res_type = RESOURCE_INI; ++ sp->iores.res_type = RESOURCE_IOCB | RESOURCE_EXCH; ++ sp->iores.exch_cnt = 1; + sp->iores.iocb_cnt = qla24xx_calc_iocbs(vha, tot_dsds); +- if (qla_get_iocbs(sp->qpair, &sp->iores)) ++ if (qla_get_fw_resources(sp->qpair, &sp->iores)) + goto queuing_error; + + if (req->cnt < (req_cnt + 2)) { +@@ -2260,7 +2264,7 @@ qla2xxx_dif_start_scsi_mq(srb_t *sp) + } + /* Cleanup will be performed by the caller (queuecommand) */ + +- qla_put_iocbs(sp->qpair, &sp->iores); ++ qla_put_fw_resources(sp->qpair, &sp->iores); + spin_unlock_irqrestore(&qpair->qp_lock, flags); + + return QLA_FUNCTION_FAILED; +diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c +index e19fde304e5c..42d3d2de3d31 100644 +--- a/drivers/scsi/qla2xxx/qla_isr.c ++++ b/drivers/scsi/qla2xxx/qla_isr.c +@@ -3197,7 +3197,7 @@ qla2x00_status_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, void *pkt) + } + return; + } +- qla_put_iocbs(sp->qpair, &sp->iores); ++ qla_put_fw_resources(sp->qpair, &sp->iores); + + if (sp->cmd_type != TYPE_SRB) { + req->outstanding_cmds[handle] = NULL; +@@ -3618,7 +3618,6 @@ qla2x00_error_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, sts_entry_t *pkt) + default: + sp = qla2x00_get_sp_from_handle(vha, func, req, pkt); + if (sp) { +- qla_put_iocbs(sp->qpair, &sp->iores); + sp->done(sp, res); + return 0; + } +diff --git a/drivers/scsi/qla2xxx/qla_nvme.c b/drivers/scsi/qla2xxx/qla_nvme.c +index 8927ddc5e69c..c57e02a35521 100644 +--- a/drivers/scsi/qla2xxx/qla_nvme.c ++++ b/drivers/scsi/qla2xxx/qla_nvme.c +@@ -428,13 +428,24 @@ static inline int qla2x00_start_nvme_mq(srb_t *sp) + goto queuing_error; + } + req_cnt = qla24xx_calc_iocbs(vha, tot_dsds); ++ ++ sp->iores.res_type = RESOURCE_IOCB | RESOURCE_EXCH; ++ sp->iores.exch_cnt = 1; ++ sp->iores.iocb_cnt = req_cnt; ++ if (qla_get_fw_resources(sp->qpair, &sp->iores)) { ++ rval = -EBUSY; ++ goto queuing_error; ++ } ++ + if (req->cnt < (req_cnt + 2)) { + if (IS_SHADOW_REG_CAPABLE(ha)) { + cnt = *req->out_ptr; + } else { + cnt = rd_reg_dword_relaxed(req->req_q_out); +- if (qla2x00_check_reg16_for_disconnect(vha, cnt)) ++ if (qla2x00_check_reg16_for_disconnect(vha, cnt)) { ++ rval = -EBUSY; + goto queuing_error; ++ } + } + + if (req->ring_index < cnt) +@@ -583,6 +594,8 @@ static inline int qla2x00_start_nvme_mq(srb_t *sp) + qla24xx_process_response_queue(vha, rsp); + + queuing_error: ++ if (rval) ++ qla_put_fw_resources(sp->qpair, &sp->iores); + spin_unlock_irqrestore(&qpair->qp_lock, flags); + + return rval; +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-fix-iocb-resource-check-warning.patch b/patches.suse/scsi-qla2xxx-fix-iocb-resource-check-warning.patch new file mode 100644 index 0000000..f5ac32e --- /dev/null +++ b/patches.suse/scsi-qla2xxx-fix-iocb-resource-check-warning.patch @@ -0,0 +1,38 @@ +From: Nilesh Javali +Date: Mon, 19 Dec 2022 03:07:47 -0800 +Subject: scsi: qla2xxx: Fix IOCB resource check warning +Patch-mainline: v6.3-rc1 +Git-commit: 1e27648c848235046cfd83e656c1c0d360861f25 +References: bsc#1208570 + +Make qla_get_iocbs_resource() static to fix the warning: + +>> drivers/scsi/qla2xxx/qla_iocb.c:3820:5: warning: no previous prototype for +>> 'qla_get_iocbs_resource' [-Wmissing-prototypes] + 3820 | int qla_get_iocbs_resource(struct srb *sp) + | ^~~~~~~~~~~~~~~~~~~~~~ + +Reported-by: kernel test robot +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_iocb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c +index 4f48f098ea5a..6b91dcfd994d 100644 +--- a/drivers/scsi/qla2xxx/qla_iocb.c ++++ b/drivers/scsi/qla2xxx/qla_iocb.c +@@ -3817,7 +3817,7 @@ qla24xx_prlo_iocb(srb_t *sp, struct logio_entry_24xx *logio) + logio->vp_index = sp->fcport->vha->vp_idx; + } + +-int qla_get_iocbs_resource(struct srb *sp) ++static int qla_get_iocbs_resource(struct srb *sp) + { + bool get_exch; + bool push_it_through = false; +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-fix-link-failure-in-npiv-environment.patch b/patches.suse/scsi-qla2xxx-fix-link-failure-in-npiv-environment.patch new file mode 100644 index 0000000..3295f86 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-fix-link-failure-in-npiv-environment.patch @@ -0,0 +1,46 @@ +From: Quinn Tran +Date: Mon, 19 Dec 2022 03:07:39 -0800 +Subject: scsi: qla2xxx: Fix link failure in NPIV environment +Patch-mainline: v6.3-rc1 +Git-commit: b1ae65c082f74536ec292b15766f2846f0238373 +References: bsc#1208570 + +User experienced symptoms of adapter failure in NPIV environment. NPIV +hosts were allowed to trigger chip reset back to back due to NPIV link +state being slow to come online. + +Fix link failure in NPIV environment by removing NPIV host from directly +being able to perform chip reset. + + kernel: qla2xxx [0000:04:00.1]-6009:261: Loop down - aborting ISP. + kernel: qla2xxx [0000:04:00.1]-6009:262: Loop down - aborting ISP. + kernel: qla2xxx [0000:04:00.1]-6009:281: Loop down - aborting ISP. + kernel: qla2xxx [0000:04:00.1]-6009:285: Loop down - aborting ISP + +Fixes: 0d6e61bc6a4f ("[SCSI] qla2xxx: Correct various NPIV issues.") +Cc: stable@vger.kernel.org +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_os.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c +index 7fb28c207ee5..36d3cecab20e 100644 +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -7447,7 +7447,7 @@ qla2x00_timer(struct timer_list *t) + + /* if the loop has been down for 4 minutes, reinit adapter */ + if (atomic_dec_and_test(&vha->loop_down_timer) != 0) { +- if (!(vha->device_flags & DFLG_NO_CABLE)) { ++ if (!(vha->device_flags & DFLG_NO_CABLE) && !vha->vp_idx) { + ql_log(ql_log_warn, vha, 0x6009, + "Loop down - aborting ISP.\n"); + +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-fix-printk-format-string.patch b/patches.suse/scsi-qla2xxx-fix-printk-format-string.patch new file mode 100644 index 0000000..b920e68 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-fix-printk-format-string.patch @@ -0,0 +1,47 @@ +From: Arnd Bergmann +Date: Tue, 17 Jan 2023 18:00:15 +0100 +Subject: scsi: qla2xxx: Fix printk() format string +Patch-mainline: v6.3-rc1 +Git-commit: d794a23113b1a198e3d05f144aeba5b6ac87fe99 +References: bsc#1208570 + +Printing a size_t value that is the result of the sizeof() operator +requires using the %z format string modifier to avoid a warning on 32-bit +architectures: + +drivers/scsi/qla2xxx/qla_mid.c: In function 'qla_create_buf_pool': +drivers/scsi/qla2xxx/qla_mid.c:1094:51: error: format '%ld' expects argument of type 'long int', but argument 5 has type 'unsigned int' [-Werror=format=] + 1094 | "Failed to allocate buf_map(%ld).\n", sz * sizeof(unsigned long)); + | ~~^ ~~~~~~~~~~~~~~~~~~~~~~~~~~ + | | | + | long int unsigned int + | %d + +Fixes: 82d8dfd2a238 ("scsi: qla2xxx: edif: Fix performance dip due to lock contention") +Signed-off-by: Arnd Bergmann +Reviewed-by: Bart Van Assche +Reviewed-by: Himanshu Madhani > +Reviewed-by: Nick Desaulniers +Link: https://lore.kernel.org/r/20230117170029.2387516-1-arnd@kernel.org +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_mid.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/qla2xxx/qla_mid.c b/drivers/scsi/qla2xxx/qla_mid.c +index c6ca39b8e23d..1483f6258f92 100644 +--- a/drivers/scsi/qla2xxx/qla_mid.c ++++ b/drivers/scsi/qla2xxx/qla_mid.c +@@ -1091,7 +1091,7 @@ int qla_create_buf_pool(struct scsi_qla_host *vha, struct qla_qpair *qp) + qp->buf_pool.buf_map = kcalloc(sz, sizeof(long), GFP_KERNEL); + if (!qp->buf_pool.buf_map) { + ql_log(ql_log_warn, vha, 0x0186, +- "Failed to allocate buf_map(%ld).\n", sz * sizeof(unsigned long)); ++ "Failed to allocate buf_map(%zd).\n", sz * sizeof(unsigned long)); + return -ENOMEM; + } + sz = qp->req->length * sizeof(void *); +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-fix-stalled-login.patch b/patches.suse/scsi-qla2xxx-fix-stalled-login.patch new file mode 100644 index 0000000..cec7650 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-fix-stalled-login.patch @@ -0,0 +1,40 @@ +From: Quinn Tran +Date: Mon, 19 Dec 2022 03:07:43 -0800 +Subject: scsi: qla2xxx: Fix stalled login +Patch-mainline: v6.3-rc1 +Git-commit: 40f5b1b9a4af2917f97bd98f277baebad8cde323 +References: bsc#1208570 + +If a login failed due to low FW resources, the session can stall and will +not be connected. Reset session state to allow relogin logic to redrive +the connection. + +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_init.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c +index fd27fb511479..745fee298d56 100644 +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -390,6 +390,12 @@ qla2x00_async_login(struct scsi_qla_host *vha, fc_port_t *fcport, + fcport->flags &= ~FCF_ASYNC_SENT; + done: + fcport->flags &= ~FCF_ASYNC_ACTIVE; ++ ++ /* ++ * async login failed. Could be due to iocb/exchange resource ++ * being low. Set state DELETED for re-login process to start again. ++ */ ++ qla2x00_set_fcport_disc_state(fcport, DSC_DELETED); + return rval; + } + +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-make-qla_trim_buf-and-__qla_adjust_buf-static.patch b/patches.suse/scsi-qla2xxx-make-qla_trim_buf-and-__qla_adjust_buf-static.patch new file mode 100644 index 0000000..bb2d1ed --- /dev/null +++ b/patches.suse/scsi-qla2xxx-make-qla_trim_buf-and-__qla_adjust_buf-static.patch @@ -0,0 +1,48 @@ +From: Tom Rix +Date: Fri, 13 Jan 2023 20:37:24 -0500 +Subject: scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static +Patch-mainline: v6.3-rc1 +Git-commit: 54c51253b3d5544943fc3ec072cd0194915bac30 +References: bsc#1208570 + +Smatch reports: + +drivers/scsi/qla2xxx/qla_mid.c:1189:6: warning: symbol 'qla_trim_buf' was not declared. Should it be static? +drivers/scsi/qla2xxx/qla_mid.c:1221:6: warning: symbol '__qla_adjust_buf' was not declared. Should it be static? + +These functions are only used in qla_mid.c, so they should be static. + +Fixes: 1f8f9c34127e ("scsi: qla2xxx: edif: Reduce memory usage during low I/O") +Signed-off-by: Tom Rix +Link: https://lore.kernel.org/r/20230114013724.3943580-1-trix@redhat.com +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_mid.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_mid.c b/drivers/scsi/qla2xxx/qla_mid.c +index 1483f6258f92..78661b658dcd 100644 +--- a/drivers/scsi/qla2xxx/qla_mid.c ++++ b/drivers/scsi/qla2xxx/qla_mid.c +@@ -1186,7 +1186,7 @@ int qla_get_buf(struct scsi_qla_host *vha, struct qla_qpair *qp, struct qla_buf_ + return 0; + } + +-void qla_trim_buf(struct qla_qpair *qp, u16 trim) ++static void qla_trim_buf(struct qla_qpair *qp, u16 trim) + { + int i, j; + struct qla_hw_data *ha = qp->vha->hw; +@@ -1218,7 +1218,7 @@ void qla_trim_buf(struct qla_qpair *qp, u16 trim) + qp->id, trim, qp->buf_pool.num_alloc); + } + +-void __qla_adjust_buf(struct qla_qpair *qp) ++static void __qla_adjust_buf(struct qla_qpair *qp) + { + u32 trim; + +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-relocate-rename-vp-map.patch b/patches.suse/scsi-qla2xxx-relocate-rename-vp-map.patch new file mode 100644 index 0000000..9f519bc --- /dev/null +++ b/patches.suse/scsi-qla2xxx-relocate-rename-vp-map.patch @@ -0,0 +1,494 @@ +From: Quinn Tran +Date: Wed, 21 Dec 2022 20:39:27 -0800 +Subject: scsi: qla2xxx: Relocate/rename vp map +Patch-mainline: v6.3-rc1 +Git-commit: 430eef03a763e5e76a371ba6d02779ae4a64b6ea +References: bsc#1208570 + +There is no functional change in this patch. VP map resource is renamed +and relocated so it is not viewed as just a target mode resource. + +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_def.h | 4 - + drivers/scsi/qla2xxx/qla_edif.h | 2 + drivers/scsi/qla2xxx/qla_gbl.h | 5 + + drivers/scsi/qla2xxx/qla_init.c | 4 - + drivers/scsi/qla2xxx/qla_mbx.c | 8 +- + drivers/scsi/qla2xxx/qla_mid.c | 83 +++++++++++++++++++++++++++++- + drivers/scsi/qla2xxx/qla_os.c | 13 ++++ + drivers/scsi/qla2xxx/qla_target.c | 102 ++------------------------------------ + drivers/scsi/qla2xxx/qla_target.h | 1 + 9 files changed, 113 insertions(+), 109 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -3936,7 +3936,6 @@ struct qlt_hw_data { + __le32 __iomem *atio_q_out; + + const struct qla_tgt_func_tmpl *tgt_ops; +- struct qla_tgt_vp_map *tgt_vp_map; + + int saved_set; + __le16 saved_exchange_count; +@@ -4760,6 +4759,7 @@ struct qla_hw_data { + spinlock_t sadb_lock; /* protects list */ + struct els_reject elsrej; + u8 edif_post_stop_cnt_down; ++ struct qla_vp_map *vp_map; + }; + + #define RX_ELS_SIZE (roundup(sizeof(struct enode) + ELS_MAX_PAYLOAD, SMP_CACHE_BYTES)) +@@ -5060,7 +5060,7 @@ struct qla27xx_image_status { + #define SET_AL_PA 2 + #define RESET_VP_IDX 3 + #define RESET_AL_PA 4 +-struct qla_tgt_vp_map { ++struct qla_vp_map { + uint8_t idx; + scsi_qla_host_t *vha; + }; +--- a/drivers/scsi/qla2xxx/qla_edif.h ++++ b/drivers/scsi/qla2xxx/qla_edif.h +@@ -145,4 +145,6 @@ struct enode { + (qla_ini_mode_enabled(_s->vha) && (_s->disc_state == DSC_DELETE_PEND || \ + _s->disc_state == DSC_DELETED)) + ++#define EDIF_CAP(_ha) (ql2xsecenable && IS_QLA28XX(_ha)) ++ + #endif /* __QLA_EDIF_H */ +--- a/drivers/scsi/qla2xxx/qla_gbl.h ++++ b/drivers/scsi/qla2xxx/qla_gbl.h +@@ -258,6 +258,7 @@ struct edif_sa_ctl *qla_edif_find_sa_ctl + /* + * Global Functions in qla_mid.c source file. + */ ++extern void qla_update_vp_map(struct scsi_qla_host *, int); + extern struct scsi_host_template qla2xxx_driver_template; + extern struct scsi_transport_template *qla2xxx_transport_vport_template; + extern void qla2x00_timer(scsi_qla_host_t *); +@@ -958,7 +959,7 @@ extern struct fc_port *qlt_find_sess_inv + uint64_t wwn, port_id_t port_id, uint16_t loop_id, struct fc_port **); + void qla24xx_delete_sess_fn(struct work_struct *); + void qlt_unknown_atio_work_fn(struct work_struct *); +-void qlt_update_host_map(struct scsi_qla_host *, port_id_t); ++void qla_update_host_map(struct scsi_qla_host *, port_id_t); + void qla_remove_hostmap(struct qla_hw_data *ha); + void qlt_clr_qp_table(struct scsi_qla_host *vha); + void qlt_set_mode(struct scsi_qla_host *); +@@ -971,6 +972,8 @@ extern void qla_nvme_abort_set_option + (struct abort_entry_24xx *abt, srb_t *sp); + extern void qla_nvme_abort_process_comp_status + (struct abort_entry_24xx *abt, srb_t *sp); ++struct scsi_qla_host *qla_find_host_by_vp_idx(struct scsi_qla_host *vha, ++ uint16_t vp_idx); + + /* nvme.c */ + void qla_nvme_unregister_remote_port(struct fc_port *fcport); +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -4823,9 +4823,9 @@ qla2x00_configure_hba(scsi_qla_host_t *v + spin_lock_irqsave(&ha->hardware_lock, flags); + if (vha->hw->flags.edif_enabled) { + if (topo != 2) +- qlt_update_host_map(vha, id); ++ qla_update_host_map(vha, id); + } else if (!(topo == 2 && ha->flags.n2n_bigger)) +- qlt_update_host_map(vha, id); ++ qla_update_host_map(vha, id); + spin_unlock_irqrestore(&ha->hardware_lock, flags); + + if (!vha->flags.init_done) +--- a/drivers/scsi/qla2xxx/qla_mbx.c ++++ b/drivers/scsi/qla2xxx/qla_mbx.c +@@ -4011,7 +4011,7 @@ qla24xx_report_id_acquisition(scsi_qla_h + rptid_entry->port_id[2], rptid_entry->port_id[1], + rptid_entry->port_id[0]); + ha->current_topology = ISP_CFG_NL; +- qlt_update_host_map(vha, id); ++ qla_update_host_map(vha, id); + + } else if (rptid_entry->format == 1) { + /* fabric */ +@@ -4127,7 +4127,7 @@ qla24xx_report_id_acquisition(scsi_qla_h + WWN_SIZE); + } + +- qlt_update_host_map(vha, id); ++ qla_update_host_map(vha, id); + } + + set_bit(REGISTER_FC4_NEEDED, &vha->dpc_flags); +@@ -4154,7 +4154,7 @@ qla24xx_report_id_acquisition(scsi_qla_h + if (!found) + return; + +- qlt_update_host_map(vp, id); ++ qla_update_host_map(vp, id); + + /* + * Cannot configure here as we are still sitting on the +@@ -4185,7 +4185,7 @@ qla24xx_report_id_acquisition(scsi_qla_h + + ha->flags.n2n_ae = 1; + spin_lock_irqsave(&ha->vport_slock, flags); +- qlt_update_vp_map(vha, SET_AL_PA); ++ qla_update_vp_map(vha, SET_AL_PA); + spin_unlock_irqrestore(&ha->vport_slock, flags); + + list_for_each_entry(fcport, &vha->vp_fcports, list) { +--- a/drivers/scsi/qla2xxx/qla_mid.c ++++ b/drivers/scsi/qla2xxx/qla_mid.c +@@ -53,7 +53,7 @@ qla24xx_allocate_vp_id(scsi_qla_host_t * + spin_unlock_irqrestore(&ha->vport_slock, flags); + + spin_lock_irqsave(&ha->hardware_lock, flags); +- qlt_update_vp_map(vha, SET_VP_IDX); ++ qla_update_vp_map(vha, SET_VP_IDX); + spin_unlock_irqrestore(&ha->hardware_lock, flags); + + mutex_unlock(&ha->vport_lock); +@@ -81,7 +81,7 @@ qla24xx_deallocate_vp_id(scsi_qla_host_t + spin_lock_irqsave(&ha->vport_slock, flags); + if (atomic_read(&vha->vref_count) == 0) { + list_del(&vha->list); +- qlt_update_vp_map(vha, RESET_VP_IDX); ++ qla_update_vp_map(vha, RESET_VP_IDX); + bailout = 1; + } + spin_unlock_irqrestore(&ha->vport_slock, flags); +@@ -96,7 +96,7 @@ qla24xx_deallocate_vp_id(scsi_qla_host_t + "vha->vref_count=%u timeout\n", vha->vref_count.counter); + spin_lock_irqsave(&ha->vport_slock, flags); + list_del(&vha->list); +- qlt_update_vp_map(vha, RESET_VP_IDX); ++ qla_update_vp_map(vha, RESET_VP_IDX); + spin_unlock_irqrestore(&ha->vport_slock, flags); + } + +@@ -188,7 +188,7 @@ qla24xx_disable_vp(scsi_qla_host_t *vha) + + /* Remove port id from vp target map */ + spin_lock_irqsave(&vha->hw->hardware_lock, flags); +- qlt_update_vp_map(vha, RESET_AL_PA); ++ qla_update_vp_map(vha, RESET_AL_PA); + spin_unlock_irqrestore(&vha->hw->hardware_lock, flags); + + qla2x00_mark_vp_devices_dead(vha); +@@ -1006,3 +1006,78 @@ int qla24xx_control_vp(scsi_qla_host_t * + kref_put(&sp->cmd_kref, qla2x00_sp_release); + return rval; + } ++ ++struct scsi_qla_host *qla_find_host_by_vp_idx(struct scsi_qla_host *vha, uint16_t vp_idx) ++{ ++ struct qla_hw_data *ha = vha->hw; ++ ++ if (vha->vp_idx == vp_idx) ++ return vha; ++ ++ BUG_ON(ha->vp_map == NULL); ++ if (likely(test_bit(vp_idx, ha->vp_idx_map))) ++ return ha->vp_map[vp_idx].vha; ++ ++ return NULL; ++} ++ ++/* vport_slock to be held by the caller */ ++void ++qla_update_vp_map(struct scsi_qla_host *vha, int cmd) ++{ ++ void *slot; ++ u32 key; ++ int rc; ++ ++ if (!vha->hw->vp_map) ++ return; ++ ++ key = vha->d_id.b24; ++ ++ switch (cmd) { ++ case SET_VP_IDX: ++ vha->hw->vp_map[vha->vp_idx].vha = vha; ++ break; ++ case SET_AL_PA: ++ slot = btree_lookup32(&vha->hw->host_map, key); ++ if (!slot) { ++ ql_dbg(ql_dbg_disc, vha, 0xf018, ++ "Save vha in host_map %p %06x\n", vha, key); ++ rc = btree_insert32(&vha->hw->host_map, ++ key, vha, GFP_ATOMIC); ++ if (rc) ++ ql_log(ql_log_info, vha, 0xd03e, ++ "Unable to insert s_id into host_map: %06x\n", ++ key); ++ return; ++ } ++ ql_dbg(ql_dbg_disc, vha, 0xf019, ++ "replace existing vha in host_map %p %06x\n", vha, key); ++ btree_update32(&vha->hw->host_map, key, vha); ++ break; ++ case RESET_VP_IDX: ++ vha->hw->vp_map[vha->vp_idx].vha = NULL; ++ break; ++ case RESET_AL_PA: ++ ql_dbg(ql_dbg_disc, vha, 0xf01a, ++ "clear vha in host_map %p %06x\n", vha, key); ++ slot = btree_lookup32(&vha->hw->host_map, key); ++ if (slot) ++ btree_remove32(&vha->hw->host_map, key); ++ vha->d_id.b24 = 0; ++ break; ++ } ++} ++ ++void qla_update_host_map(struct scsi_qla_host *vha, port_id_t id) ++{ ++ ++ if (!vha->d_id.b24) { ++ vha->d_id = id; ++ qla_update_vp_map(vha, SET_AL_PA); ++ } else if (vha->d_id.b24 != id.b24) { ++ qla_update_vp_map(vha, RESET_AL_PA); ++ vha->d_id = id; ++ qla_update_vp_map(vha, SET_AL_PA); ++ } ++} +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -4126,10 +4126,16 @@ qla2x00_mem_alloc(struct qla_hw_data *ha + char name[16]; + int rc; + ++ if (QLA_TGT_MODE_ENABLED() || EDIF_CAP(ha)) { ++ ha->vp_map = kcalloc(MAX_MULTI_ID_FABRIC, sizeof(struct qla_vp_map), GFP_KERNEL); ++ if (!ha->vp_map) ++ goto fail; ++ } ++ + ha->init_cb = dma_alloc_coherent(&ha->pdev->dev, ha->init_cb_size, + &ha->init_cb_dma, GFP_KERNEL); + if (!ha->init_cb) +- goto fail; ++ goto fail_free_vp_map; + + rc = btree_init32(&ha->host_map); + if (rc) +@@ -4546,6 +4552,8 @@ qla2x00_mem_alloc(struct qla_hw_data *ha + ha->init_cb_dma); + ha->init_cb = NULL; + ha->init_cb_dma = 0; ++fail_free_vp_map: ++ kfree(ha->vp_map); + fail: + ql_log(ql_log_fatal, NULL, 0x0030, + "Memory allocation failure.\n"); +@@ -4987,6 +4995,9 @@ qla2x00_mem_free(struct qla_hw_data *ha) + ha->sf_init_cb = NULL; + ha->sf_init_cb_dma = 0; + ha->loop_id_map = NULL; ++ ++ kfree(ha->vp_map); ++ ha->vp_map = NULL; + } + + struct scsi_qla_host *qla2x00_create_host(struct scsi_host_template *sht, +--- a/drivers/scsi/qla2xxx/qla_target.c ++++ b/drivers/scsi/qla2xxx/qla_target.c +@@ -207,22 +207,6 @@ struct scsi_qla_host *qla_find_host_by_d + return host; + } + +-static inline +-struct scsi_qla_host *qlt_find_host_by_vp_idx(struct scsi_qla_host *vha, +- uint16_t vp_idx) +-{ +- struct qla_hw_data *ha = vha->hw; +- +- if (vha->vp_idx == vp_idx) +- return vha; +- +- BUG_ON(ha->tgt.tgt_vp_map == NULL); +- if (likely(test_bit(vp_idx, ha->vp_idx_map))) +- return ha->tgt.tgt_vp_map[vp_idx].vha; +- +- return NULL; +-} +- + static inline void qlt_incr_num_pend_cmds(struct scsi_qla_host *vha) + { + unsigned long flags; +@@ -380,7 +364,7 @@ static bool qlt_24xx_atio_pkt_all_vps(st + + if ((entry->u.isp24.vp_index != 0xFF) && + (entry->u.isp24.nport_handle != cpu_to_le16(0xFFFF))) { +- host = qlt_find_host_by_vp_idx(vha, ++ host = qla_find_host_by_vp_idx(vha, + entry->u.isp24.vp_index); + if (unlikely(!host)) { + ql_dbg(ql_dbg_tgt, vha, 0xe03f, +@@ -404,7 +388,7 @@ static bool qlt_24xx_atio_pkt_all_vps(st + { + struct abts_recv_from_24xx *entry = + (struct abts_recv_from_24xx *)atio; +- struct scsi_qla_host *host = qlt_find_host_by_vp_idx(vha, ++ struct scsi_qla_host *host = qla_find_host_by_vp_idx(vha, + entry->vp_index); + unsigned long flags; + +@@ -447,7 +431,7 @@ void qlt_response_pkt_all_vps(struct scs + case CTIO_TYPE7: + { + struct ctio7_from_24xx *entry = (struct ctio7_from_24xx *)pkt; +- struct scsi_qla_host *host = qlt_find_host_by_vp_idx(vha, ++ struct scsi_qla_host *host = qla_find_host_by_vp_idx(vha, + entry->vp_index); + if (unlikely(!host)) { + ql_dbg(ql_dbg_tgt, vha, 0xe041, +@@ -466,7 +450,7 @@ void qlt_response_pkt_all_vps(struct scs + struct imm_ntfy_from_isp *entry = + (struct imm_ntfy_from_isp *)pkt; + +- host = qlt_find_host_by_vp_idx(vha, entry->u.isp24.vp_index); ++ host = qla_find_host_by_vp_idx(vha, entry->u.isp24.vp_index); + if (unlikely(!host)) { + ql_dbg(ql_dbg_tgt, vha, 0xe042, + "qla_target(%d): Response pkt (IMMED_NOTIFY_TYPE) " +@@ -484,7 +468,7 @@ void qlt_response_pkt_all_vps(struct scs + struct nack_to_isp *entry = (struct nack_to_isp *)pkt; + + if (0xFF != entry->u.isp24.vp_index) { +- host = qlt_find_host_by_vp_idx(vha, ++ host = qla_find_host_by_vp_idx(vha, + entry->u.isp24.vp_index); + if (unlikely(!host)) { + ql_dbg(ql_dbg_tgt, vha, 0xe043, +@@ -504,7 +488,7 @@ void qlt_response_pkt_all_vps(struct scs + { + struct abts_recv_from_24xx *entry = + (struct abts_recv_from_24xx *)pkt; +- struct scsi_qla_host *host = qlt_find_host_by_vp_idx(vha, ++ struct scsi_qla_host *host = qla_find_host_by_vp_idx(vha, + entry->vp_index); + if (unlikely(!host)) { + ql_dbg(ql_dbg_tgt, vha, 0xe044, +@@ -521,7 +505,7 @@ void qlt_response_pkt_all_vps(struct scs + { + struct abts_resp_to_24xx *entry = + (struct abts_resp_to_24xx *)pkt; +- struct scsi_qla_host *host = qlt_find_host_by_vp_idx(vha, ++ struct scsi_qla_host *host = qla_find_host_by_vp_idx(vha, + entry->vp_index); + if (unlikely(!host)) { + ql_dbg(ql_dbg_tgt, vha, 0xe045, +@@ -7155,7 +7139,7 @@ qlt_probe_one_stage1(struct scsi_qla_hos + + qlt_clear_mode(base_vha); + +- qlt_update_vp_map(base_vha, SET_VP_IDX); ++ qla_update_vp_map(base_vha, SET_VP_IDX); + } + + irqreturn_t +@@ -7234,16 +7218,10 @@ qlt_mem_alloc(struct qla_hw_data *ha) + if (!QLA_TGT_MODE_ENABLED()) + return 0; + +- ha->tgt.tgt_vp_map = kzalloc(sizeof(struct qla_tgt_vp_map) * +- MAX_MULTI_ID_FABRIC, GFP_KERNEL); +- if (!ha->tgt.tgt_vp_map) +- return -ENOMEM; +- + ha->tgt.atio_ring = dma_alloc_coherent(&ha->pdev->dev, + (ha->tgt.atio_q_length + 1) * sizeof(struct atio_from_isp), + &ha->tgt.atio_dma, GFP_KERNEL); + if (!ha->tgt.atio_ring) { +- kfree(ha->tgt.tgt_vp_map); + return -ENOMEM; + } + return 0; +@@ -7262,70 +7240,6 @@ qlt_mem_free(struct qla_hw_data *ha) + } + ha->tgt.atio_ring = NULL; + ha->tgt.atio_dma = 0; +- kfree(ha->tgt.tgt_vp_map); +- ha->tgt.tgt_vp_map = NULL; +-} +- +-/* vport_slock to be held by the caller */ +-void +-qlt_update_vp_map(struct scsi_qla_host *vha, int cmd) +-{ +- void *slot; +- u32 key; +- int rc; +- +- key = vha->d_id.b24; +- +- switch (cmd) { +- case SET_VP_IDX: +- if (!QLA_TGT_MODE_ENABLED()) +- return; +- vha->hw->tgt.tgt_vp_map[vha->vp_idx].vha = vha; +- break; +- case SET_AL_PA: +- slot = btree_lookup32(&vha->hw->host_map, key); +- if (!slot) { +- ql_dbg(ql_dbg_tgt_mgt, vha, 0xf018, +- "Save vha in host_map %p %06x\n", vha, key); +- rc = btree_insert32(&vha->hw->host_map, +- key, vha, GFP_ATOMIC); +- if (rc) +- ql_log(ql_log_info, vha, 0xd03e, +- "Unable to insert s_id into host_map: %06x\n", +- key); +- return; +- } +- ql_dbg(ql_dbg_tgt_mgt, vha, 0xf019, +- "replace existing vha in host_map %p %06x\n", vha, key); +- btree_update32(&vha->hw->host_map, key, vha); +- break; +- case RESET_VP_IDX: +- if (!QLA_TGT_MODE_ENABLED()) +- return; +- vha->hw->tgt.tgt_vp_map[vha->vp_idx].vha = NULL; +- break; +- case RESET_AL_PA: +- ql_dbg(ql_dbg_tgt_mgt, vha, 0xf01a, +- "clear vha in host_map %p %06x\n", vha, key); +- slot = btree_lookup32(&vha->hw->host_map, key); +- if (slot) +- btree_remove32(&vha->hw->host_map, key); +- vha->d_id.b24 = 0; +- break; +- } +-} +- +-void qlt_update_host_map(struct scsi_qla_host *vha, port_id_t id) +-{ +- +- if (!vha->d_id.b24) { +- vha->d_id = id; +- qlt_update_vp_map(vha, SET_AL_PA); +- } else if (vha->d_id.b24 != id.b24) { +- qlt_update_vp_map(vha, RESET_AL_PA); +- vha->d_id = id; +- qlt_update_vp_map(vha, SET_AL_PA); +- } + } + + static int __init qlt_parse_ini_mode(void) +--- a/drivers/scsi/qla2xxx/qla_target.h ++++ b/drivers/scsi/qla2xxx/qla_target.h +@@ -1026,7 +1026,6 @@ extern void qlt_fc_port_added(struct scs + extern void qlt_fc_port_deleted(struct scsi_qla_host *, fc_port_t *, int); + extern int __init qlt_init(void); + extern void qlt_exit(void); +-extern void qlt_update_vp_map(struct scsi_qla_host *, int); + extern void qlt_free_session_done(struct work_struct *); + /* + * This macro is used during early initializations when host->active_mode diff --git a/patches.suse/scsi-qla2xxx-remove-dead-code-gnn-id.patch b/patches.suse/scsi-qla2xxx-remove-dead-code-gnn-id.patch new file mode 100644 index 0000000..6f355df --- /dev/null +++ b/patches.suse/scsi-qla2xxx-remove-dead-code-gnn-id.patch @@ -0,0 +1,220 @@ +From: Quinn Tran +Date: Wed, 21 Dec 2022 20:39:26 -0800 +Subject: scsi: qla2xxx: Remove dead code (GNN ID) +Patch-mainline: v6.3-rc1 +Git-commit: 87f6dafd50fb6d7214c32596a11b983138b09123 +References: bsc#1208570 + +Remove stale/unused code (GNN ID). + +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_def.h | 3 - + drivers/scsi/qla2xxx/qla_gbl.h | 3 - + drivers/scsi/qla2xxx/qla_gs.c | 110 -------------------------------- + drivers/scsi/qla2xxx/qla_init.c | 7 +- + drivers/scsi/qla2xxx/qla_os.c | 3 - + 5 files changed, 1 insertion(+), 125 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h +index 9ee9ce613c75..2ed04f71cfc5 100644 +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -2485,7 +2485,6 @@ struct ct_sns_desc { + + enum discovery_state { + DSC_DELETED, +- DSC_GNN_ID, + DSC_GNL, + DSC_LOGIN_PEND, + DSC_LOGIN_FAILED, +@@ -2699,7 +2698,6 @@ extern const char *const port_state_str[5]; + + static const char *const port_dstate_str[] = { + [DSC_DELETED] = "DELETED", +- [DSC_GNN_ID] = "GNN_ID", + [DSC_GNL] = "GNL", + [DSC_LOGIN_PEND] = "LOGIN_PEND", + [DSC_LOGIN_FAILED] = "LOGIN_FAILED", +@@ -3492,7 +3490,6 @@ enum qla_work_type { + QLA_EVT_GPNFT, + QLA_EVT_GPNFT_DONE, + QLA_EVT_GNNFT_DONE, +- QLA_EVT_GNNID, + QLA_EVT_GFPNID, + QLA_EVT_SP_RETRY, + QLA_EVT_IIDMA, +diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h +index 2acddc8dc943..08ea8dc6c6bb 100644 +--- a/drivers/scsi/qla2xxx/qla_gbl.h ++++ b/drivers/scsi/qla2xxx/qla_gbl.h +@@ -730,9 +730,6 @@ int qla24xx_async_gffid(scsi_qla_host_t *vha, fc_port_t *fcport, bool); + int qla24xx_async_gpnft(scsi_qla_host_t *, u8, srb_t *); + void qla24xx_async_gpnft_done(scsi_qla_host_t *, srb_t *); + void qla24xx_async_gnnft_done(scsi_qla_host_t *, srb_t *); +-int qla24xx_async_gnnid(scsi_qla_host_t *, fc_port_t *); +-void qla24xx_handle_gnnid_event(scsi_qla_host_t *, struct event_arg *); +-int qla24xx_post_gnnid_work(struct scsi_qla_host *, fc_port_t *); + int qla24xx_post_gfpnid_work(struct scsi_qla_host *, fc_port_t *); + int qla24xx_async_gfpnid(scsi_qla_host_t *, fc_port_t *); + void qla24xx_handle_gfpnid_event(scsi_qla_host_t *, struct event_arg *); +diff --git a/drivers/scsi/qla2xxx/qla_gs.c b/drivers/scsi/qla2xxx/qla_gs.c +index fe1eb06db654..4738f8935f7f 100644 +--- a/drivers/scsi/qla2xxx/qla_gs.c ++++ b/drivers/scsi/qla2xxx/qla_gs.c +@@ -3893,116 +3893,6 @@ void qla_scan_work_fn(struct work_struct *work) + spin_unlock_irqrestore(&vha->work_lock, flags); + } + +-/* GNN_ID */ +-void qla24xx_handle_gnnid_event(scsi_qla_host_t *vha, struct event_arg *ea) +-{ +- qla24xx_post_gnl_work(vha, ea->fcport); +-} +- +-static void qla2x00_async_gnnid_sp_done(srb_t *sp, int res) +-{ +- struct scsi_qla_host *vha = sp->vha; +- fc_port_t *fcport = sp->fcport; +- u8 *node_name = fcport->ct_desc.ct_sns->p.rsp.rsp.gnn_id.node_name; +- struct event_arg ea; +- u64 wwnn; +- +- fcport->flags &= ~FCF_ASYNC_SENT; +- wwnn = wwn_to_u64(node_name); +- if (wwnn) +- memcpy(fcport->node_name, node_name, WWN_SIZE); +- +- memset(&ea, 0, sizeof(ea)); +- ea.fcport = fcport; +- ea.sp = sp; +- ea.rc = res; +- +- ql_dbg(ql_dbg_disc, vha, 0x204f, +- "Async done-%s res %x, WWPN %8phC %8phC\n", +- sp->name, res, fcport->port_name, fcport->node_name); +- +- qla24xx_handle_gnnid_event(vha, &ea); +- +- /* ref: INIT */ +- kref_put(&sp->cmd_kref, qla2x00_sp_release); +-} +- +-int qla24xx_async_gnnid(scsi_qla_host_t *vha, fc_port_t *fcport) +-{ +- int rval = QLA_FUNCTION_FAILED; +- struct ct_sns_req *ct_req; +- srb_t *sp; +- +- if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT)) +- return rval; +- +- qla2x00_set_fcport_disc_state(fcport, DSC_GNN_ID); +- /* ref: INIT */ +- sp = qla2x00_get_sp(vha, fcport, GFP_ATOMIC); +- if (!sp) +- goto done; +- +- fcport->flags |= FCF_ASYNC_SENT; +- sp->type = SRB_CT_PTHRU_CMD; +- sp->name = "gnnid"; +- sp->gen1 = fcport->rscn_gen; +- sp->gen2 = fcport->login_gen; +- qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, +- qla2x00_async_gnnid_sp_done); +- +- /* CT_IU preamble */ +- ct_req = qla2x00_prep_ct_req(fcport->ct_desc.ct_sns, GNN_ID_CMD, +- GNN_ID_RSP_SIZE); +- +- /* GNN_ID req */ +- ct_req->req.port_id.port_id = port_id_to_be_id(fcport->d_id); +- +- +- /* req & rsp use the same buffer */ +- sp->u.iocb_cmd.u.ctarg.req = fcport->ct_desc.ct_sns; +- sp->u.iocb_cmd.u.ctarg.req_dma = fcport->ct_desc.ct_sns_dma; +- sp->u.iocb_cmd.u.ctarg.rsp = fcport->ct_desc.ct_sns; +- sp->u.iocb_cmd.u.ctarg.rsp_dma = fcport->ct_desc.ct_sns_dma; +- sp->u.iocb_cmd.u.ctarg.req_size = GNN_ID_REQ_SIZE; +- sp->u.iocb_cmd.u.ctarg.rsp_size = GNN_ID_RSP_SIZE; +- sp->u.iocb_cmd.u.ctarg.nport_handle = NPH_SNS; +- +- ql_dbg(ql_dbg_disc, vha, 0xffff, +- "Async-%s - %8phC hdl=%x loopid=%x portid %06x.\n", +- sp->name, fcport->port_name, +- sp->handle, fcport->loop_id, fcport->d_id.b24); +- +- rval = qla2x00_start_sp(sp); +- if (rval != QLA_SUCCESS) +- goto done_free_sp; +- return rval; +- +-done_free_sp: +- /* ref: INIT */ +- kref_put(&sp->cmd_kref, qla2x00_sp_release); +- fcport->flags &= ~FCF_ASYNC_SENT; +-done: +- return rval; +-} +- +-int qla24xx_post_gnnid_work(struct scsi_qla_host *vha, fc_port_t *fcport) +-{ +- struct qla_work_evt *e; +- int ls; +- +- ls = atomic_read(&vha->loop_state); +- if (((ls != LOOP_READY) && (ls != LOOP_UP)) || +- test_bit(UNLOADING, &vha->dpc_flags)) +- return 0; +- +- e = qla2x00_alloc_work(vha, QLA_EVT_GNNID); +- if (!e) +- return QLA_FUNCTION_FAILED; +- +- e->u.fcport.fcport = fcport; +- return qla2x00_post_work(vha, e); +-} +- + /* GPFN_ID */ + void qla24xx_handle_gfpnid_event(scsi_qla_host_t *vha, struct event_arg *ea) + { +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c +index c66a0106a7fc..a23cb2e5ab58 100644 +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -1718,12 +1718,7 @@ int qla24xx_fcport_handle_login(struct scsi_qla_host *vha, fc_port_t *fcport) + } + break; + default: +- if (wwn == 0) { +- ql_dbg(ql_dbg_disc, vha, 0xffff, +- "%s %d %8phC post GNNID\n", +- __func__, __LINE__, fcport->port_name); +- qla24xx_post_gnnid_work(vha, fcport); +- } else if (fcport->loop_id == FC_NO_LOOP_ID) { ++ if (fcport->loop_id == FC_NO_LOOP_ID) { + ql_dbg(ql_dbg_disc, vha, 0x20bd, + "%s %d %8phC post gnl\n", + __func__, __LINE__, fcport->port_name); +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c +index bbbdf2ffb682..c0ac6bfeeafe 100644 +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -5502,9 +5502,6 @@ qla2x00_do_work(struct scsi_qla_host *vha) + case QLA_EVT_GNNFT_DONE: + qla24xx_async_gnnft_done(vha, e->u.iosb.sp); + break; +- case QLA_EVT_GNNID: +- qla24xx_async_gnnid(vha, e->u.fcport.fcport); +- break; + case QLA_EVT_GFPNID: + qla24xx_async_gfpnid(vha, e->u.fcport.fcport); + break; +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-remove-dead-code-gpnid.patch b/patches.suse/scsi-qla2xxx-remove-dead-code-gpnid.patch new file mode 100644 index 0000000..4acf953 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-remove-dead-code-gpnid.patch @@ -0,0 +1,443 @@ +From: Quinn Tran +Date: Wed, 21 Dec 2022 20:39:25 -0800 +Subject: scsi: qla2xxx: Remove dead code (GPNID) +Patch-mainline: v6.3-rc1 +Git-commit: b9d87b60aaeb08ded3a8cfd4538085e6e2bc814f +References: bsc#1208570 + +Remove stale unused code for GPNID. + +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_def.h | 7 +- + drivers/scsi/qla2xxx/qla_gbl.h | 4 - + drivers/scsi/qla2xxx/qla_gs.c | 297 -------------------------------- + drivers/scsi/qla2xxx/qla_init.c | 2 +- + drivers/scsi/qla2xxx/qla_iocb.c | 2 +- + drivers/scsi/qla2xxx/qla_os.c | 4 - + 6 files changed, 3 insertions(+), 313 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h +index 0dde3fa9e258..9ee9ce613c75 100644 +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -3479,7 +3479,6 @@ enum qla_work_type { + QLA_EVT_ASYNC_ADISC, + QLA_EVT_UEVENT, + QLA_EVT_AENFX, +- QLA_EVT_GPNID, + QLA_EVT_UNMAP, + QLA_EVT_NEW_SESS, + QLA_EVT_GPDB, +@@ -3534,9 +3533,6 @@ struct qla_work_evt { + struct { + srb_t *sp; + } iosb; +- struct { +- port_id_t id; +- } gpnid; + struct { + port_id_t id; + u8 port_name[8]; +@@ -3544,7 +3540,7 @@ struct qla_work_evt { + void *pla; + u8 fc4_type; + } new_sess; +- struct { /*Get PDB, Get Speed, update fcport, gnl, gidpn */ ++ struct { /*Get PDB, Get Speed, update fcport, gnl */ + fc_port_t *fcport; + u8 opt; + } fcport; +@@ -5025,7 +5021,6 @@ typedef struct scsi_qla_host { + uint8_t n2n_port_name[WWN_SIZE]; + uint16_t n2n_id; + __le16 dport_data[4]; +- struct list_head gpnid_list; + struct fab_scan scan; + uint8_t scm_fabric_connection_flags; + +diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h +index e3256e721be1..2acddc8dc943 100644 +--- a/drivers/scsi/qla2xxx/qla_gbl.h ++++ b/drivers/scsi/qla2xxx/qla_gbl.h +@@ -721,10 +721,6 @@ extern int qla2x00_chk_ms_status(scsi_qla_host_t *, ms_iocb_entry_t *, + struct ct_sns_rsp *, const char *); + extern void qla2x00_async_iocb_timeout(void *data); + +-extern int qla24xx_post_gpnid_work(struct scsi_qla_host *, port_id_t *); +-extern int qla24xx_async_gpnid(scsi_qla_host_t *, port_id_t *); +-void qla24xx_handle_gpnid_event(scsi_qla_host_t *, struct event_arg *); +- + int qla24xx_post_gpsc_work(struct scsi_qla_host *, fc_port_t *); + int qla24xx_async_gpsc(scsi_qla_host_t *, fc_port_t *); + void qla24xx_handle_gpsc_event(scsi_qla_host_t *, struct event_arg *); +diff --git a/drivers/scsi/qla2xxx/qla_gs.c b/drivers/scsi/qla2xxx/qla_gs.c +index 64ab070b8716..fe1eb06db654 100644 +--- a/drivers/scsi/qla2xxx/qla_gs.c ++++ b/drivers/scsi/qla2xxx/qla_gs.c +@@ -2949,22 +2949,6 @@ int qla24xx_async_gpsc(scsi_qla_host_t *vha, fc_port_t *fcport) + return rval; + } + +-int qla24xx_post_gpnid_work(struct scsi_qla_host *vha, port_id_t *id) +-{ +- struct qla_work_evt *e; +- +- if (test_bit(UNLOADING, &vha->dpc_flags) || +- (vha->vp_idx && test_bit(VPORT_DELETE, &vha->dpc_flags))) +- return 0; +- +- e = qla2x00_alloc_work(vha, QLA_EVT_GPNID); +- if (!e) +- return QLA_FUNCTION_FAILED; +- +- e->u.gpnid.id = *id; +- return qla2x00_post_work(vha, e); +-} +- + void qla24xx_sp_unmap(scsi_qla_host_t *vha, srb_t *sp) + { + struct srb_iocb *c = &sp->u.iocb_cmd; +@@ -2997,287 +2981,6 @@ void qla24xx_sp_unmap(scsi_qla_host_t *vha, srb_t *sp) + kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + +-void qla24xx_handle_gpnid_event(scsi_qla_host_t *vha, struct event_arg *ea) +-{ +- fc_port_t *fcport, *conflict, *t; +- u16 data[2]; +- +- ql_dbg(ql_dbg_disc, vha, 0xffff, +- "%s %d port_id: %06x\n", +- __func__, __LINE__, ea->id.b24); +- +- if (ea->rc) { +- /* cable is disconnected */ +- list_for_each_entry_safe(fcport, t, &vha->vp_fcports, list) { +- if (fcport->d_id.b24 == ea->id.b24) +- fcport->scan_state = QLA_FCPORT_SCAN; +- +- qlt_schedule_sess_for_deletion(fcport); +- } +- } else { +- /* cable is connected */ +- fcport = qla2x00_find_fcport_by_wwpn(vha, ea->port_name, 1); +- if (fcport) { +- list_for_each_entry_safe(conflict, t, &vha->vp_fcports, +- list) { +- if ((conflict->d_id.b24 == ea->id.b24) && +- (fcport != conflict)) +- /* +- * 2 fcports with conflict Nport ID or +- * an existing fcport is having nport ID +- * conflict with new fcport. +- */ +- +- conflict->scan_state = QLA_FCPORT_SCAN; +- +- qlt_schedule_sess_for_deletion(conflict); +- } +- +- fcport->scan_needed = 0; +- fcport->rscn_gen++; +- fcport->scan_state = QLA_FCPORT_FOUND; +- fcport->flags |= FCF_FABRIC_DEVICE; +- if (fcport->login_retry == 0) { +- fcport->login_retry = +- vha->hw->login_retry_count; +- ql_dbg(ql_dbg_disc, vha, 0xffff, +- "Port login retry %8phN, lid 0x%04x cnt=%d.\n", +- fcport->port_name, fcport->loop_id, +- fcport->login_retry); +- } +- switch (fcport->disc_state) { +- case DSC_LOGIN_COMPLETE: +- /* recheck session is still intact. */ +- ql_dbg(ql_dbg_disc, vha, 0x210d, +- "%s %d %8phC revalidate session with ADISC\n", +- __func__, __LINE__, fcport->port_name); +- data[0] = data[1] = 0; +- qla2x00_post_async_adisc_work(vha, fcport, +- data); +- break; +- case DSC_DELETED: +- ql_dbg(ql_dbg_disc, vha, 0x210d, +- "%s %d %8phC login\n", __func__, __LINE__, +- fcport->port_name); +- fcport->d_id = ea->id; +- qla24xx_fcport_handle_login(vha, fcport); +- break; +- case DSC_DELETE_PEND: +- fcport->d_id = ea->id; +- break; +- default: +- fcport->d_id = ea->id; +- break; +- } +- } else { +- list_for_each_entry_safe(conflict, t, &vha->vp_fcports, +- list) { +- if (conflict->d_id.b24 == ea->id.b24) { +- /* 2 fcports with conflict Nport ID or +- * an existing fcport is having nport ID +- * conflict with new fcport. +- */ +- ql_dbg(ql_dbg_disc, vha, 0xffff, +- "%s %d %8phC DS %d\n", +- __func__, __LINE__, +- conflict->port_name, +- conflict->disc_state); +- +- conflict->scan_state = QLA_FCPORT_SCAN; +- qlt_schedule_sess_for_deletion(conflict); +- } +- } +- +- /* create new fcport */ +- ql_dbg(ql_dbg_disc, vha, 0x2065, +- "%s %d %8phC post new sess\n", +- __func__, __LINE__, ea->port_name); +- qla24xx_post_newsess_work(vha, &ea->id, +- ea->port_name, NULL, NULL, 0); +- } +- } +-} +- +-static void qla2x00_async_gpnid_sp_done(srb_t *sp, int res) +-{ +- struct scsi_qla_host *vha = sp->vha; +- struct ct_sns_req *ct_req = +- (struct ct_sns_req *)sp->u.iocb_cmd.u.ctarg.req; +- struct ct_sns_rsp *ct_rsp = +- (struct ct_sns_rsp *)sp->u.iocb_cmd.u.ctarg.rsp; +- struct event_arg ea; +- struct qla_work_evt *e; +- unsigned long flags; +- +- if (res) +- ql_dbg(ql_dbg_disc, vha, 0x2066, +- "Async done-%s fail res %x rscn gen %d ID %3phC. %8phC\n", +- sp->name, res, sp->gen1, &ct_req->req.port_id.port_id, +- ct_rsp->rsp.gpn_id.port_name); +- else +- ql_dbg(ql_dbg_disc, vha, 0x2066, +- "Async done-%s good rscn gen %d ID %3phC. %8phC\n", +- sp->name, sp->gen1, &ct_req->req.port_id.port_id, +- ct_rsp->rsp.gpn_id.port_name); +- +- memset(&ea, 0, sizeof(ea)); +- memcpy(ea.port_name, ct_rsp->rsp.gpn_id.port_name, WWN_SIZE); +- ea.sp = sp; +- ea.id = be_to_port_id(ct_req->req.port_id.port_id); +- ea.rc = res; +- +- spin_lock_irqsave(&vha->hw->tgt.sess_lock, flags); +- list_del(&sp->elem); +- spin_unlock_irqrestore(&vha->hw->tgt.sess_lock, flags); +- +- if (res) { +- if (res == QLA_FUNCTION_TIMEOUT) { +- qla24xx_post_gpnid_work(sp->vha, &ea.id); +- /* ref: INIT */ +- kref_put(&sp->cmd_kref, qla2x00_sp_release); +- return; +- } +- } else if (sp->gen1) { +- /* There was another RSCN for this Nport ID */ +- qla24xx_post_gpnid_work(sp->vha, &ea.id); +- /* ref: INIT */ +- kref_put(&sp->cmd_kref, qla2x00_sp_release); +- return; +- } +- +- qla24xx_handle_gpnid_event(vha, &ea); +- +- e = qla2x00_alloc_work(vha, QLA_EVT_UNMAP); +- if (!e) { +- /* please ignore kernel warning. otherwise, we have mem leak. */ +- dma_free_coherent(&vha->hw->pdev->dev, +- sp->u.iocb_cmd.u.ctarg.req_allocated_size, +- sp->u.iocb_cmd.u.ctarg.req, +- sp->u.iocb_cmd.u.ctarg.req_dma); +- sp->u.iocb_cmd.u.ctarg.req = NULL; +- +- dma_free_coherent(&vha->hw->pdev->dev, +- sp->u.iocb_cmd.u.ctarg.rsp_allocated_size, +- sp->u.iocb_cmd.u.ctarg.rsp, +- sp->u.iocb_cmd.u.ctarg.rsp_dma); +- sp->u.iocb_cmd.u.ctarg.rsp = NULL; +- +- /* ref: INIT */ +- kref_put(&sp->cmd_kref, qla2x00_sp_release); +- return; +- } +- +- e->u.iosb.sp = sp; +- qla2x00_post_work(vha, e); +-} +- +-/* Get WWPN with Nport ID. */ +-int qla24xx_async_gpnid(scsi_qla_host_t *vha, port_id_t *id) +-{ +- int rval = QLA_FUNCTION_FAILED; +- struct ct_sns_req *ct_req; +- srb_t *sp, *tsp; +- struct ct_sns_pkt *ct_sns; +- unsigned long flags; +- +- if (!vha->flags.online) +- goto done; +- +- /* ref: INIT */ +- sp = qla2x00_get_sp(vha, NULL, GFP_KERNEL); +- if (!sp) +- goto done; +- +- sp->type = SRB_CT_PTHRU_CMD; +- sp->name = "gpnid"; +- sp->u.iocb_cmd.u.ctarg.id = *id; +- sp->gen1 = 0; +- qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, +- qla2x00_async_gpnid_sp_done); +- +- spin_lock_irqsave(&vha->hw->tgt.sess_lock, flags); +- list_for_each_entry(tsp, &vha->gpnid_list, elem) { +- if (tsp->u.iocb_cmd.u.ctarg.id.b24 == id->b24) { +- tsp->gen1++; +- spin_unlock_irqrestore(&vha->hw->tgt.sess_lock, flags); +- /* ref: INIT */ +- kref_put(&sp->cmd_kref, qla2x00_sp_release); +- goto done; +- } +- } +- list_add_tail(&sp->elem, &vha->gpnid_list); +- spin_unlock_irqrestore(&vha->hw->tgt.sess_lock, flags); +- +- sp->u.iocb_cmd.u.ctarg.req = dma_alloc_coherent(&vha->hw->pdev->dev, +- sizeof(struct ct_sns_pkt), &sp->u.iocb_cmd.u.ctarg.req_dma, +- GFP_KERNEL); +- sp->u.iocb_cmd.u.ctarg.req_allocated_size = sizeof(struct ct_sns_pkt); +- if (!sp->u.iocb_cmd.u.ctarg.req) { +- ql_log(ql_log_warn, vha, 0xd041, +- "Failed to allocate ct_sns request.\n"); +- goto done_free_sp; +- } +- +- sp->u.iocb_cmd.u.ctarg.rsp = dma_alloc_coherent(&vha->hw->pdev->dev, +- sizeof(struct ct_sns_pkt), &sp->u.iocb_cmd.u.ctarg.rsp_dma, +- GFP_KERNEL); +- sp->u.iocb_cmd.u.ctarg.rsp_allocated_size = sizeof(struct ct_sns_pkt); +- if (!sp->u.iocb_cmd.u.ctarg.rsp) { +- ql_log(ql_log_warn, vha, 0xd042, +- "Failed to allocate ct_sns request.\n"); +- goto done_free_sp; +- } +- +- ct_sns = (struct ct_sns_pkt *)sp->u.iocb_cmd.u.ctarg.rsp; +- memset(ct_sns, 0, sizeof(*ct_sns)); +- +- ct_sns = (struct ct_sns_pkt *)sp->u.iocb_cmd.u.ctarg.req; +- /* CT_IU preamble */ +- ct_req = qla2x00_prep_ct_req(ct_sns, GPN_ID_CMD, GPN_ID_RSP_SIZE); +- +- /* GPN_ID req */ +- ct_req->req.port_id.port_id = port_id_to_be_id(*id); +- +- sp->u.iocb_cmd.u.ctarg.req_size = GPN_ID_REQ_SIZE; +- sp->u.iocb_cmd.u.ctarg.rsp_size = GPN_ID_RSP_SIZE; +- sp->u.iocb_cmd.u.ctarg.nport_handle = NPH_SNS; +- +- ql_dbg(ql_dbg_disc, vha, 0x2067, +- "Async-%s hdl=%x ID %3phC.\n", sp->name, +- sp->handle, &ct_req->req.port_id.port_id); +- +- rval = qla2x00_start_sp(sp); +- if (rval != QLA_SUCCESS) +- goto done_free_sp; +- +- return rval; +- +-done_free_sp: +- spin_lock_irqsave(&vha->hw->vport_slock, flags); +- list_del(&sp->elem); +- spin_unlock_irqrestore(&vha->hw->vport_slock, flags); +- +- if (sp->u.iocb_cmd.u.ctarg.req) { +- dma_free_coherent(&vha->hw->pdev->dev, +- sizeof(struct ct_sns_pkt), +- sp->u.iocb_cmd.u.ctarg.req, +- sp->u.iocb_cmd.u.ctarg.req_dma); +- sp->u.iocb_cmd.u.ctarg.req = NULL; +- } +- if (sp->u.iocb_cmd.u.ctarg.rsp) { +- dma_free_coherent(&vha->hw->pdev->dev, +- sizeof(struct ct_sns_pkt), +- sp->u.iocb_cmd.u.ctarg.rsp, +- sp->u.iocb_cmd.u.ctarg.rsp_dma); +- sp->u.iocb_cmd.u.ctarg.rsp = NULL; +- } +- /* ref: INIT */ +- kref_put(&sp->cmd_kref, qla2x00_sp_release); +-done: +- return rval; +-} +- +- + void qla24xx_async_gffid_sp_done(srb_t *sp, int res) + { + struct scsi_qla_host *vha = sp->vha; +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c +index ca216b820b1c..c66a0106a7fc 100644 +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -2323,7 +2323,7 @@ qla24xx_handle_plogi_done_event(struct scsi_qla_host *vha, struct event_arg *ea) + ea->fcport->login_pause = 1; + + ql_dbg(ql_dbg_disc, vha, 0x20ed, +- "%s %d %8phC NPortId %06x inuse with loopid 0x%x. post gidpn\n", ++ "%s %d %8phC NPortId %06x inuse with loopid 0x%x.\n", + __func__, __LINE__, ea->fcport->port_name, + ea->fcport->d_id.b24, lid); + } else { +diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c +index 6b91dcfd994d..9a7cc0ba5f58 100644 +--- a/drivers/scsi/qla2xxx/qla_iocb.c ++++ b/drivers/scsi/qla2xxx/qla_iocb.c +@@ -2920,7 +2920,7 @@ static void qla2x00_els_dcmd2_sp_done(srb_t *sp, int res) + conflict_fcport->conflict = fcport; + fcport->login_pause = 1; + ql_dbg(ql_dbg_disc, vha, 0x20ed, +- "%s %d %8phC pid %06x inuse with lid %#x post gidpn\n", ++ "%s %d %8phC pid %06x inuse with lid %#x.\n", + __func__, __LINE__, + fcport->port_name, + fcport->d_id.b24, lid); +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c +index 078b63b89189..bbbdf2ffb682 100644 +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -5016,7 +5016,6 @@ struct scsi_qla_host *qla2x00_create_host(struct scsi_host_template *sht, + INIT_LIST_HEAD(&vha->plogi_ack_list); + INIT_LIST_HEAD(&vha->qp_list); + INIT_LIST_HEAD(&vha->gnl.fcports); +- INIT_LIST_HEAD(&vha->gpnid_list); + INIT_WORK(&vha->iocb_work, qla2x00_iocb_work_fn); + + INIT_LIST_HEAD(&vha->purex_list.head); +@@ -5461,9 +5460,6 @@ qla2x00_do_work(struct scsi_qla_host *vha) + case QLA_EVT_AENFX: + qlafx00_process_aen(vha, e); + break; +- case QLA_EVT_GPNID: +- qla24xx_async_gpnid(vha, &e->u.gpnid.id); +- break; + case QLA_EVT_UNMAP: + qla24xx_sp_unmap(vha, e->u.iosb.sp); + break; +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-remove-dead-code.patch b/patches.suse/scsi-qla2xxx-remove-dead-code.patch new file mode 100644 index 0000000..1dadba4 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-remove-dead-code.patch @@ -0,0 +1,195 @@ +From: Quinn Tran +Date: Wed, 21 Dec 2022 20:39:24 -0800 +Subject: scsi: qla2xxx: Remove dead code +Patch-mainline: v6.3-rc1 +Git-commit: efd1bd12a04d7fffcb31662298e5e3e814bff49c +References: bsc#1208570 + +Removing drport field and FCPORT_UPDATE_NEEDED signals. + +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_attr.c | 5 ++-- + drivers/scsi/qla2xxx/qla_def.h | 3 +-- + drivers/scsi/qla2xxx/qla_init.c | 48 --------------------------------- + drivers/scsi/qla2xxx/qla_mid.c | 9 ------- + drivers/scsi/qla2xxx/qla_os.c | 13 ++------- + 5 files changed, 5 insertions(+), 73 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c +index b67ad30d56e6..70cfc94c3d43 100644 +--- a/drivers/scsi/qla2xxx/qla_attr.c ++++ b/drivers/scsi/qla2xxx/qla_attr.c +@@ -2732,7 +2732,7 @@ qla2x00_dev_loss_tmo_callbk(struct fc_rport *rport) + spin_lock_irqsave(host->host_lock, flags); + /* Confirm port has not reappeared before clearing pointers. */ + if (rport->port_state != FC_PORTSTATE_ONLINE) { +- fcport->rport = fcport->drport = NULL; ++ fcport->rport = NULL; + *((fc_port_t **)rport->dd_data) = NULL; + } + spin_unlock_irqrestore(host->host_lock, flags); +@@ -3171,8 +3171,7 @@ qla24xx_vport_delete(struct fc_vport *fc_vport) + + set_bit(VPORT_DELETE, &vha->dpc_flags); + +- while (test_bit(LOOP_RESYNC_ACTIVE, &vha->dpc_flags) || +- test_bit(FCPORT_UPDATE_NEEDED, &vha->dpc_flags)) ++ while (test_bit(LOOP_RESYNC_ACTIVE, &vha->dpc_flags)) + msleep(1000); + + +diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h +index cd4eb11b0707..0dde3fa9e258 100644 +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -2596,7 +2596,7 @@ typedef struct fc_port { + + int login_retry; + +- struct fc_rport *rport, *drport; ++ struct fc_rport *rport; + u32 supported_classes; + + uint8_t fc4_type; +@@ -4876,7 +4876,6 @@ typedef struct scsi_qla_host { + #define ISP_ABORT_RETRY 10 /* ISP aborted. */ + #define BEACON_BLINK_NEEDED 11 + #define REGISTER_FDMI_NEEDED 12 +-#define FCPORT_UPDATE_NEEDED 13 + #define VP_DPC_NEEDED 14 /* wake up for VP dpc handling */ + #define UNLOADING 15 + #define NPIV_CONFIG_NEEDED 16 +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c +index 6968e8d08968..ca216b820b1c 100644 +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -5224,27 +5224,6 @@ qla2x00_nvram_config(scsi_qla_host_t *vha) + return (rval); + } + +-static void +-qla2x00_rport_del(void *data) +-{ +- fc_port_t *fcport = data; +- struct fc_rport *rport; +- unsigned long flags; +- +- spin_lock_irqsave(fcport->vha->host->host_lock, flags); +- rport = fcport->drport ? fcport->drport : fcport->rport; +- fcport->drport = NULL; +- spin_unlock_irqrestore(fcport->vha->host->host_lock, flags); +- if (rport) { +- ql_dbg(ql_dbg_disc, fcport->vha, 0x210b, +- "%s %8phN. rport %p roles %x\n", +- __func__, fcport->port_name, rport, +- rport->roles); +- +- fc_remote_port_delete(rport); +- } +-} +- + void qla2x00_set_fcport_state(fc_port_t *fcport, int state) + { + int old_state; +@@ -6761,33 +6740,6 @@ int qla2x00_perform_loop_resync(scsi_qla_host_t *ha) + return rval; + } + +-void +-qla2x00_update_fcports(scsi_qla_host_t *base_vha) +-{ +- fc_port_t *fcport; +- struct scsi_qla_host *vha, *tvp; +- struct qla_hw_data *ha = base_vha->hw; +- unsigned long flags; +- +- spin_lock_irqsave(&ha->vport_slock, flags); +- /* Go with deferred removal of rport references. */ +- list_for_each_entry_safe(vha, tvp, &base_vha->hw->vp_list, list) { +- atomic_inc(&vha->vref_count); +- list_for_each_entry(fcport, &vha->vp_fcports, list) { +- if (fcport->drport && +- atomic_read(&fcport->state) != FCS_UNCONFIGURED) { +- spin_unlock_irqrestore(&ha->vport_slock, flags); +- qla2x00_rport_del(fcport); +- +- spin_lock_irqsave(&ha->vport_slock, flags); +- } +- } +- atomic_dec(&vha->vref_count); +- wake_up(&vha->vref_waitq); +- } +- spin_unlock_irqrestore(&ha->vport_slock, flags); +-} +- + /* Assumes idc_lock always held on entry */ + void + qla83xx_reset_ownership(scsi_qla_host_t *vha) +diff --git a/drivers/scsi/qla2xxx/qla_mid.c b/drivers/scsi/qla2xxx/qla_mid.c +index 16a9f22bb860..5fff17da0202 100644 +--- a/drivers/scsi/qla2xxx/qla_mid.c ++++ b/drivers/scsi/qla2xxx/qla_mid.c +@@ -384,15 +384,6 @@ qla2x00_do_dpc_vp(scsi_qla_host_t *vha) + } + } + +- if (test_bit(FCPORT_UPDATE_NEEDED, &vha->dpc_flags)) { +- ql_dbg(ql_dbg_dpc, vha, 0x4016, +- "FCPort update scheduled.\n"); +- qla2x00_update_fcports(vha); +- clear_bit(FCPORT_UPDATE_NEEDED, &vha->dpc_flags); +- ql_dbg(ql_dbg_dpc, vha, 0x4017, +- "FCPort update end.\n"); +- } +- + if (test_bit(RELOGIN_NEEDED, &vha->dpc_flags) && + !test_bit(LOOP_RESYNC_NEEDED, &vha->dpc_flags) && + atomic_read(&vha->loop_state) != LOOP_DOWN) { +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c +index 2d86f804872b..078b63b89189 100644 +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -7025,11 +7025,6 @@ qla2x00_do_dpc(void *data) + } + } + +- if (test_and_clear_bit(FCPORT_UPDATE_NEEDED, +- &base_vha->dpc_flags)) { +- qla2x00_update_fcports(base_vha); +- } +- + if (IS_QLAFX00(ha)) + goto loop_resync_check; + +@@ -7525,7 +7520,6 @@ qla2x00_timer(struct timer_list *t) + /* Schedule the DPC routine if needed */ + if ((test_bit(ISP_ABORT_NEEDED, &vha->dpc_flags) || + test_bit(LOOP_RESYNC_NEEDED, &vha->dpc_flags) || +- test_bit(FCPORT_UPDATE_NEEDED, &vha->dpc_flags) || + start_dpc || + test_bit(RESET_MARKER_NEEDED, &vha->dpc_flags) || + test_bit(BEACON_BLINK_NEEDED, &vha->dpc_flags) || +@@ -7536,13 +7530,10 @@ qla2x00_timer(struct timer_list *t) + test_bit(PROCESS_PUREX_IOCB, &vha->dpc_flags))) { + ql_dbg(ql_dbg_timer, vha, 0x600b, + "isp_abort_needed=%d loop_resync_needed=%d " +- "fcport_update_needed=%d start_dpc=%d " +- "reset_marker_needed=%d", ++ "start_dpc=%d reset_marker_needed=%d", + test_bit(ISP_ABORT_NEEDED, &vha->dpc_flags), + test_bit(LOOP_RESYNC_NEEDED, &vha->dpc_flags), +- test_bit(FCPORT_UPDATE_NEEDED, &vha->dpc_flags), +- start_dpc, +- test_bit(RESET_MARKER_NEEDED, &vha->dpc_flags)); ++ start_dpc, test_bit(RESET_MARKER_NEEDED, &vha->dpc_flags)); + ql_dbg(ql_dbg_timer, vha, 0x600c, + "beacon_blink_needed=%d isp_unrecoverable=%d " + "fcoe_ctx_reset_needed=%d vp_dpc_needed=%d " +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-remove-increment-of-interface-err-cnt.patch b/patches.suse/scsi-qla2xxx-remove-increment-of-interface-err-cnt.patch new file mode 100644 index 0000000..1a46456 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-remove-increment-of-interface-err-cnt.patch @@ -0,0 +1,37 @@ +From: Saurav Kashyap +Date: Mon, 19 Dec 2022 03:07:46 -0800 +Subject: scsi: qla2xxx: Remove increment of interface err cnt +Patch-mainline: v6.3-rc1 +Git-commit: d676a9e3d9efb7e93df460bcf4c445496c16314f +References: bsc#1208570 + +Residual underrun is not an interface error, hence no need to increment +that count. + +Fixes: dbf1f53cfd23 ("scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port") +Cc: stable@vger.kernel.org +Signed-off-by: Saurav Kashyap +Signed-off-by: Nilesh Javali +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_isr.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c +index 759bea69de12..cbbd7014da93 100644 +--- a/drivers/scsi/qla2xxx/qla_isr.c ++++ b/drivers/scsi/qla2xxx/qla_isr.c +@@ -3363,8 +3363,6 @@ qla2x00_status_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, void *pkt) + "Dropped frame(s) detected (0x%x of 0x%x bytes).\n", + resid, scsi_bufflen(cp)); + +- vha->interface_err_cnt++; +- + res = DID_ERROR << 16 | lscsi_status; + goto check_scsi_status; + } +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-remove-the-unused-variable-wwn.patch b/patches.suse/scsi-qla2xxx-remove-the-unused-variable-wwn.patch new file mode 100644 index 0000000..4038cc2 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-remove-the-unused-variable-wwn.patch @@ -0,0 +1,43 @@ +From: Jiapeng Chong +Date: Tue, 7 Feb 2023 13:22:34 +0800 +Subject: scsi: qla2xxx: Remove the unused variable wwn +Patch-mainline: v6.3-rc1 +Git-commit: d48a62381a73458d29393cdc3bad09b048b7b913 +References: bsc#1208570 + +Variable wwn is not used. Delete it. + +drivers/scsi/qla2xxx/qla_init.c:1657:6: warning: variable 'wwn' set but not used. + +Link: https://lore.kernel.org/r/20230207052234.24535-1-jiapeng.chong@linux.alibaba.com +Reported-by: Abaci Robot +Signed-off-by: Jiapeng Chong +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_init.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c +index c5e73d5a26b1..1dbc1496ebed 100644 +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -1654,7 +1654,6 @@ static void qla_chk_n2n_b4_login(struct scsi_qla_host *vha, fc_port_t *fcport) + int qla24xx_fcport_handle_login(struct scsi_qla_host *vha, fc_port_t *fcport) + { + u16 data[2]; +- u64 wwn; + u16 sec; + + ql_dbg(ql_dbg_disc, vha, 0x20d8, +@@ -1694,7 +1693,6 @@ int qla24xx_fcport_handle_login(struct scsi_qla_host *vha, fc_port_t *fcport) + + switch (fcport->disc_state) { + case DSC_DELETED: +- wwn = wwn_to_u64(fcport->node_name); + switch (vha->hw->current_topology) { + case ISP_CFG_N: + if (fcport_is_smaller(fcport)) { +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-remove-unintended-flag-clearing.patch b/patches.suse/scsi-qla2xxx-remove-unintended-flag-clearing.patch new file mode 100644 index 0000000..07e8406 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-remove-unintended-flag-clearing.patch @@ -0,0 +1,36 @@ +From: Quinn Tran +Date: Mon, 19 Dec 2022 03:07:44 -0800 +Subject: scsi: qla2xxx: Remove unintended flag clearing +Patch-mainline: v6.3-rc1 +Git-commit: 7e8a936a2d0f98dd6e5d05d4838affabe606cabc +References: bsc#1208570 + +FCF_ASYNC_SENT flag is used in session management. This flag is cleared in +task management path by accident. Remove unintended flag clearing. + +Fixes: 388a49959ee4 ("scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd") +Cc: stable@vger.kernel.org +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_init.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c +index 745fee298d56..6968e8d08968 100644 +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -2082,7 +2082,6 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint32_t lun, + done_free_sp: + /* ref: INIT */ + kref_put(&sp->cmd_kref, qla2x00_sp_release); +- fcport->flags &= ~FCF_ASYNC_SENT; + done: + return rval; + } +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-select-qpair-depending-on-which-cpu-post_cmd-gets.patch b/patches.suse/scsi-qla2xxx-select-qpair-depending-on-which-cpu-post_cmd-gets.patch new file mode 100644 index 0000000..e453b4a --- /dev/null +++ b/patches.suse/scsi-qla2xxx-select-qpair-depending-on-which-cpu-post_cmd-gets.patch @@ -0,0 +1,191 @@ +From: Shreyas Deodhar +Date: Wed, 21 Dec 2022 20:39:32 -0800 +Subject: scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets + called +Patch-mainline: v6.3-rc1 +Git-commit: 1d201c81d4cc6840735bbcc99e6031503e5cf3b8 +References: bsc#1208570 + +In current I/O path, Tx and Rx may not be processed on same CPU. This may +lead to thrashing and optimum performance may not be achieved. + +Pick qpair such that Tx and Rx are processed on same CPU. + +Signed-off-by: Shreyas Deodhar +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_def.h | 2 + + drivers/scsi/qla2xxx/qla_init.c | 2 - + drivers/scsi/qla2xxx/qla_inline.h | 55 ++++++++++++++++++++++++++++++++++++++ + drivers/scsi/qla2xxx/qla_isr.c | 3 +- + drivers/scsi/qla2xxx/qla_nvme.c | 4 ++ + drivers/scsi/qla2xxx/qla_os.c | 6 ++++ + 6 files changed, 69 insertions(+), 3 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -3470,6 +3470,7 @@ struct qla_msix_entry { + int have_irq; + int in_use; + uint32_t vector; ++ uint32_t vector_base0; + uint16_t entry; + char name[30]; + void *handle; +@@ -4126,6 +4127,7 @@ struct qla_hw_data { + struct req_que **req_q_map; + struct rsp_que **rsp_q_map; + struct qla_qpair **queue_pair_map; ++ struct qla_qpair **qp_cpu_map; + unsigned long req_qid_map[(QLA_MAX_QUEUES / 8) / sizeof(unsigned long)]; + unsigned long rsp_qid_map[(QLA_MAX_QUEUES / 8) / sizeof(unsigned long)]; + unsigned long qpair_qid_map[(QLA_MAX_QUEUES / 8) +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -9427,8 +9427,6 @@ struct qla_qpair *qla2xxx_create_qpair(s + qpair->req = ha->req_q_map[req_id]; + qpair->rsp->req = qpair->req; + qpair->rsp->qpair = qpair; +- /* init qpair to this cpu. Will adjust at run time. */ +- qla_cpu_update(qpair, raw_smp_processor_id()); + + if (IS_T10_PI_CAPABLE(ha) && ql2xenabledif) { + if (ha->fw_attributes & BIT_4) +--- a/drivers/scsi/qla2xxx/qla_inline.h ++++ b/drivers/scsi/qla2xxx/qla_inline.h +@@ -516,3 +516,58 @@ fcport_is_bigger(fc_port_t *fcport) + { + return !fcport_is_smaller(fcport); + } ++ ++static inline struct qla_qpair * ++qla_mapq_nvme_select_qpair(struct qla_hw_data *ha, struct qla_qpair *qpair) ++{ ++ int cpuid = smp_processor_id(); ++ ++ if (qpair->cpuid != cpuid && ++ ha->qp_cpu_map[cpuid]) { ++ qpair = ha->qp_cpu_map[cpuid]; ++ } ++ return qpair; ++} ++ ++static inline void ++qla_mapq_init_qp_cpu_map(struct qla_hw_data *ha, ++ struct qla_msix_entry *msix, ++ struct qla_qpair *qpair) ++{ ++ const struct cpumask *mask; ++ unsigned int cpu; ++ ++ if (!ha->qp_cpu_map) ++ return; ++ mask = pci_irq_get_affinity(ha->pdev, msix->vector_base0); ++ qpair->cpuid = cpumask_first(mask); ++ for_each_cpu(cpu, mask) { ++ ha->qp_cpu_map[cpu] = qpair; ++ } ++ msix->cpuid = qpair->cpuid; ++} ++ ++static inline void ++qla_mapq_free_qp_cpu_map(struct qla_hw_data *ha) ++{ ++ if (ha->qp_cpu_map) { ++ kfree(ha->qp_cpu_map); ++ ha->qp_cpu_map = NULL; ++ } ++} ++ ++static inline int qla_mapq_alloc_qp_cpu_map(struct qla_hw_data *ha) ++{ ++ scsi_qla_host_t *vha = pci_get_drvdata(ha->pdev); ++ ++ if (!ha->qp_cpu_map) { ++ ha->qp_cpu_map = kcalloc(NR_CPUS, sizeof(struct qla_qpair *), ++ GFP_KERNEL); ++ if (!ha->qp_cpu_map) { ++ ql_log(ql_log_fatal, vha, 0x0180, ++ "Unable to allocate memory for qp_cpu_map ptrs.\n"); ++ return -1; ++ } ++ } ++ return 0; ++} +--- a/drivers/scsi/qla2xxx/qla_isr.c ++++ b/drivers/scsi/qla2xxx/qla_isr.c +@@ -3779,7 +3779,6 @@ void qla24xx_process_response_queue(stru + + if (rsp->qpair->cpuid != smp_processor_id() || !rsp->qpair->rcv_intr) { + rsp->qpair->rcv_intr = 1; +- qla_cpu_update(rsp->qpair, smp_processor_id()); + } + + #define __update_rsp_in(_is_shadow_hba, _rsp, _rsp_in) \ +@@ -4387,6 +4386,7 @@ qla24xx_enable_msix(struct qla_hw_data * + for (i = 0; i < ha->msix_count; i++) { + qentry = &ha->msix_entries[i]; + qentry->vector = pci_irq_vector(ha->pdev, i); ++ qentry->vector_base0 = i; + qentry->entry = i; + qentry->have_irq = 0; + qentry->in_use = 0; +@@ -4614,6 +4614,7 @@ int qla25xx_request_irq(struct qla_hw_da + } + msix->have_irq = 1; + msix->handle = qpair; ++ qla_mapq_init_qp_cpu_map(ha, msix, qpair); + return ret; + } + +--- a/drivers/scsi/qla2xxx/qla_nvme.c ++++ b/drivers/scsi/qla2xxx/qla_nvme.c +@@ -619,6 +619,7 @@ static int qla_nvme_post_cmd(struct nvme + fc_port_t *fcport; + struct srb_iocb *nvme; + struct scsi_qla_host *vha; ++ struct qla_hw_data *ha; + int rval; + srb_t *sp; + struct qla_qpair *qpair = hw_queue_handle; +@@ -639,6 +640,7 @@ static int qla_nvme_post_cmd(struct nvme + return -ENODEV; + + vha = fcport->vha; ++ ha = vha->hw; + + if (test_bit(ABORT_ISP_ACTIVE, &vha->dpc_flags)) + return -EBUSY; +@@ -653,6 +655,8 @@ static int qla_nvme_post_cmd(struct nvme + if (fcport->nvme_flag & NVME_FLAG_RESETTING) + return -EBUSY; + ++ qpair = qla_mapq_nvme_select_qpair(ha, qpair); ++ + /* Alloc SRB structure */ + sp = qla2xxx_get_qpair_sp(vha, qpair, fcport, GFP_ATOMIC); + if (!sp) +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -471,6 +471,11 @@ static int qla2x00_alloc_queues(struct q + "Unable to allocate memory for queue pair ptrs.\n"); + goto fail_qpair_map; + } ++ if (qla_mapq_alloc_qp_cpu_map(ha) != 0) { ++ kfree(ha->queue_pair_map); ++ ha->queue_pair_map = NULL; ++ goto fail_qpair_map; ++ } + } + + /* +@@ -545,6 +550,7 @@ static void qla2x00_free_queues(struct q + ha->base_qpair = NULL; + } + ++ qla_mapq_free_qp_cpu_map(ha); + spin_lock_irqsave(&ha->hardware_lock, flags); + for (cnt = 0; cnt < ha->max_req_queues; cnt++) { + if (!test_bit(cnt, ha->req_qid_map)) diff --git a/patches.suse/scsi-qla2xxx-simplify-if-condition-evaluation.patch b/patches.suse/scsi-qla2xxx-simplify-if-condition-evaluation.patch new file mode 100644 index 0000000..16c10bc --- /dev/null +++ b/patches.suse/scsi-qla2xxx-simplify-if-condition-evaluation.patch @@ -0,0 +1,37 @@ +From: Deepak R Varma +Date: Thu, 12 Jan 2023 11:56:46 +0530 +Subject: scsi: qla2xxx: Simplify if condition evaluation +Patch-mainline: v6.3-rc1 +Git-commit: 5a5ef64f28edda2d62109e9dfc87a9212f06bf5b +References: bsc#1208570 + +A logical evaluation of type (!A || A && B) can be simplified as (!A || B). +Improvement by suggested by excluded_middle.cocci Coccinelel semantic +patch. + +Link: https://lore.kernel.org/r/Y7+oJuah0MgEW0PQ@ubun2204.myguest.virtualbox.org +Signed-off-by: Deepak R Varma +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_target.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c +index dbd6660c0bf8..aa0cf5ca6c1c 100644 +--- a/drivers/scsi/qla2xxx/qla_target.c ++++ b/drivers/scsi/qla2xxx/qla_target.c +@@ -1012,8 +1012,7 @@ void qlt_free_session_done(struct work_struct *work) + } + + if (ha->flags.edif_enabled && +- (!own || (own && +- own->iocb.u.isp24.status_subcode == ELS_PLOGI))) { ++ (!own || own->iocb.u.isp24.status_subcode == ELS_PLOGI)) { + sess->edif.authok = 0; + if (!ha->flags.host_shutting_down) { + ql_dbg(ql_dbg_edif, vha, 0x911e, +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-update-version-to-10.02.08.100-k.patch b/patches.suse/scsi-qla2xxx-update-version-to-10.02.08.100-k.patch new file mode 100644 index 0000000..f14a0c6 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-update-version-to-10.02.08.100-k.patch @@ -0,0 +1,35 @@ +From: Nilesh Javali +Date: Mon, 19 Dec 2022 03:07:48 -0800 +Subject: scsi: qla2xxx: Update version to 10.02.08.100-k +Patch-mainline: v6.3-rc1 +Git-commit: f590c2554c7764a91e83f29347a1e27c4d9f1335 +References: bsc#1208570 + +Signed-off-by: Nilesh Javali +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_version.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_version.h b/drivers/scsi/qla2xxx/qla_version.h +index 03f3e2cd62b5..9f55f75c5890 100644 +--- a/drivers/scsi/qla2xxx/qla_version.h ++++ b/drivers/scsi/qla2xxx/qla_version.h +@@ -6,9 +6,9 @@ + /* + * Driver version + */ +-#define QLA2XXX_VERSION "10.02.07.900-k" ++#define QLA2XXX_VERSION "10.02.08.100-k" + + #define QLA_DRIVER_MAJOR_VER 10 + #define QLA_DRIVER_MINOR_VER 2 +-#define QLA_DRIVER_PATCH_VER 7 +-#define QLA_DRIVER_BETA_VER 900 ++#define QLA_DRIVER_PATCH_VER 8 ++#define QLA_DRIVER_BETA_VER 100 +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-update-version-to-10.02.08.200-k.patch b/patches.suse/scsi-qla2xxx-update-version-to-10.02.08.200-k.patch new file mode 100644 index 0000000..6cc322e --- /dev/null +++ b/patches.suse/scsi-qla2xxx-update-version-to-10.02.08.200-k.patch @@ -0,0 +1,33 @@ +From: Nilesh Javali +Date: Wed, 21 Dec 2022 20:39:33 -0800 +Subject: scsi: qla2xxx: Update version to 10.02.08.200-k +Patch-mainline: v6.3-rc1 +Git-commit: f7d1ba350fb3bca7b158d6cb9963acc1cf00d729 +References: bsc#1208570 + +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_version.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_version.h b/drivers/scsi/qla2xxx/qla_version.h +index 9f55f75c5890..42d69d89834f 100644 +--- a/drivers/scsi/qla2xxx/qla_version.h ++++ b/drivers/scsi/qla2xxx/qla_version.h +@@ -6,9 +6,9 @@ + /* + * Driver version + */ +-#define QLA2XXX_VERSION "10.02.08.100-k" ++#define QLA2XXX_VERSION "10.02.08.200-k" + + #define QLA_DRIVER_MAJOR_VER 10 + #define QLA_DRIVER_MINOR_VER 2 + #define QLA_DRIVER_PATCH_VER 8 +-#define QLA_DRIVER_BETA_VER 100 ++#define QLA_DRIVER_BETA_VER 200 +-- +2.35.3 + diff --git a/patches.suse/scsi-qla2xxx-use-a-variable-for-repeated-mem_size-computation.patch b/patches.suse/scsi-qla2xxx-use-a-variable-for-repeated-mem_size-computation.patch new file mode 100644 index 0000000..14b3497 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-use-a-variable-for-repeated-mem_size-computation.patch @@ -0,0 +1,51 @@ +From: Deepak R Varma +Date: Mon, 9 Jan 2023 02:08:24 +0530 +Subject: scsi: qla2xxx: Use a variable for repeated mem_size computation +Patch-mainline: v6.3-rc1 +Git-commit: 4fd62973739de61cf4c83b960db7d1824bd854a3 +References: bsc#1208570 + +Use a variable to compute memory size to be allocated once instead of +repeatedly computing it at different locations in the function. Issue +identified using the array_size_dup Coccinelle semantic patch. + +Link: https://lore.kernel.org/r/Y7spwF8HTt0c0l7y@ubun2204.myguest.virtualbox.org +Signed-off-by: Deepak R Varma +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/tcm_qla2xxx.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +--- a/drivers/scsi/qla2xxx/tcm_qla2xxx.c ++++ b/drivers/scsi/qla2xxx/tcm_qla2xxx.c +@@ -1655,6 +1655,7 @@ static const struct qla_tgt_func_tmpl tc + static int tcm_qla2xxx_init_lport(struct tcm_qla2xxx_lport *lport) + { + int rc; ++ size_t map_sz; + + rc = btree_init32(&lport->lport_fcport_map); + if (rc) { +@@ -1662,15 +1663,15 @@ static int tcm_qla2xxx_init_lport(struct + return rc; + } + +- lport->lport_loopid_map = vzalloc(sizeof(struct tcm_qla2xxx_fc_loopid) * 65536); ++ map_sz = array_size(65536, sizeof(struct tcm_qla2xxx_fc_loopid)); ++ ++ lport->lport_loopid_map = vzalloc(map_sz); + if (!lport->lport_loopid_map) { +- pr_err("Unable to allocate lport->lport_loopid_map of %zu bytes\n", +- sizeof(struct tcm_qla2xxx_fc_loopid) * 65536); ++ pr_err("Unable to allocate lport->lport_loopid_map of %zu bytes\n", map_sz); + btree_destroy32(&lport->lport_fcport_map); + return -ENOMEM; + } +- pr_debug("qla2xxx: Allocated lport_loopid_map of %zu bytes\n", +- sizeof(struct tcm_qla2xxx_fc_loopid) * 65536); ++ pr_debug("qla2xxx: Allocated lport_loopid_map of %zu bytes\n", map_sz); + return 0; + } + diff --git a/patches.suse/signal-handling-don-t-use-BUG_ON-for-debugging.patch b/patches.suse/signal-handling-don-t-use-BUG_ON-for-debugging.patch new file mode 100644 index 0000000..da8443b --- /dev/null +++ b/patches.suse/signal-handling-don-t-use-BUG_ON-for-debugging.patch @@ -0,0 +1,47 @@ +From: Linus Torvalds +Date: Wed, 6 Jul 2022 12:20:59 -0700 +Subject: signal handling: don't use BUG_ON() for debugging +Git-commit: a382f8fee42ca10c9bfce0d2352d4153f931f5dc +Patch-mainline: 5.19-rc6 +References: git-fixes + +These are indeed "should not happen" situations, but it turns out recent +changes made the 'task_is_stopped_or_trace()' case trigger (fix for that +exists, is pending more testing), and the BUG_ON() makes it +unnecessarily hard to actually debug for no good reason. + +It's been that way for a long time, but let's make it clear: BUG_ON() is +not good for debugging, and should never be used in situations where you +could just say "this shouldn't happen, but we can continue". + +Use WARN_ON_ONCE() instead to make sure it gets logged, and then just +continue running. Instead of making the system basically unusuable +because you crashed the machine while potentially holding some very core +locks (eg this function is commonly called while holding 'tasklist_lock' +for writing). + +Signed-off-by: Linus Torvalds +Signed-off-by: Jiri Slaby +--- + kernel/signal.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -1645,12 +1645,12 @@ bool do_notify_parent(struct task_struct + bool autoreap = false; + u64 utime, stime; + +- BUG_ON(sig == -1); ++ WARN_ON_ONCE(sig == -1); + +- /* do_notify_parent_cldstop should have been called instead. */ +- BUG_ON(task_is_stopped_or_traced(tsk)); ++ /* do_notify_parent_cldstop should have been called instead. */ ++ WARN_ON_ONCE(task_is_stopped_or_traced(tsk)); + +- BUG_ON(!tsk->ptrace && ++ WARN_ON_ONCE(!tsk->ptrace && + (tsk->group_leader != tsk || !thread_group_empty(tsk))); + + if (sig != SIGCHLD) { diff --git a/patches.suse/sunrpc-make-lockless-test-safe.patch b/patches.suse/sunrpc-make-lockless-test-safe.patch new file mode 100644 index 0000000..5412b6c --- /dev/null +++ b/patches.suse/sunrpc-make-lockless-test-safe.patch @@ -0,0 +1,34 @@ +From: NeilBrown +Subject: SUNRPC: make lockless test safe. +Patch-mainline: never, code has changed substantually +References: bsc#1207201 + +When queuing a newly ready socket, we perform a lockless test of +RQ_BUSY. That can sometimes use old data and a thread can appear to +still be busy even though it has already cleared the BUSY flag and and +checked that the queue is empty one last time. This can result in all +threads waiting even though a socket as been queued: the ghost RQ_BUSY +prevented a wakeup. + +So add a memory barrier after queuing the socket to ensure that the +subsequent test of RQ_BUSY is proplery ordered. + +Signed-off-by: NeilBrown + +--- + net/sunrpc/svc_xprt.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/net/sunrpc/svc_xprt.c ++++ b/net/sunrpc/svc_xprt.c +@@ -460,6 +460,10 @@ redo_search: + list_add_tail(&xprt->xpt_ready, &pool->sp_sockets); + pool->sp_stats.sockets_queued++; + spin_unlock_bh(&pool->sp_lock); ++ /* Ensure the "lockless check" of RQ_BUSY sees rq_flags ++ * *after* we have added to the sp_sockets queue. ++ */ ++ smp_mb(); + goto redo_search; + } + rqstp = NULL; diff --git a/patches.suse/supported-flag b/patches.suse/supported-flag index 9f3d3bb..6c696f4 100644 --- a/patches.suse/supported-flag +++ b/patches.suse/supported-flag @@ -29,7 +29,7 @@ Signed-off-by: Andreas Gruenbacher --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -4651,6 +4651,14 @@ +@@ -4766,6 +4766,14 @@ unknown_nmi_panic [X86] Cause panic on unknown NMI. @@ -67,9 +67,9 @@ Signed-off-by: Andreas Gruenbacher --- a/Makefile +++ b/Makefile -@@ -411,6 +411,11 @@ KBUILD_AFLAGS_MODULE := -DMODULE - KBUILD_CFLAGS_MODULE := -DMODULE +@@ -412,6 +412,11 @@ KBUILD_CFLAGS_MODULE := -DMODULE KBUILD_LDFLAGS_MODULE := -T $(srctree)/scripts/module-common.lds + LDFLAGS := +# Warn about unsupported modules in kernels built inside Autobuild +ifneq ($(wildcard /.buildenv),) @@ -148,7 +148,7 @@ Signed-off-by: Andreas Gruenbacher + --- a/kernel/ksysfs.c +++ b/kernel/ksysfs.c -@@ -210,6 +210,30 @@ static struct bin_attribute notes_attr _ +@@ -215,6 +215,30 @@ static struct bin_attribute notes_attr _ struct kobject *kernel_kobj; EXPORT_SYMBOL_GPL(kernel_kobj); @@ -179,7 +179,7 @@ Signed-off-by: Andreas Gruenbacher static struct attribute * kernel_attrs[] = { &fscaps_attr.attr, &uevent_seqnum_attr.attr, -@@ -231,6 +255,9 @@ static struct attribute * kernel_attrs[] +@@ -236,6 +260,9 @@ static struct attribute * kernel_attrs[] &rcu_expedited_attr.attr, &rcu_normal_attr.attr, #endif @@ -308,7 +308,7 @@ Signed-off-by: Andreas Gruenbacher out_unreg_param: module_param_sysfs_remove(mod); out_unreg_holders: -@@ -4344,6 +4424,9 @@ void print_modules(void) +@@ -4492,6 +4572,9 @@ void print_modules(void) if (last_unloaded_module[0]) pr_cont(" [last unloaded: %s]", last_unloaded_module); pr_cont("\n"); @@ -342,7 +342,7 @@ Signed-off-by: Andreas Gruenbacher */ --- a/kernel/sysctl.c +++ b/kernel/sysctl.c -@@ -795,6 +795,15 @@ static struct ctl_table kern_table[] = { +@@ -825,6 +825,15 @@ static struct ctl_table kern_table[] = { .extra1 = &pid_max_min, .extra2 = &pid_max_max, }, diff --git a/patches.suse/usb-dwc3-fix-PHY-disable-sequence.patch b/patches.suse/usb-dwc3-fix-PHY-disable-sequence.patch new file mode 100644 index 0000000..611f053 --- /dev/null +++ b/patches.suse/usb-dwc3-fix-PHY-disable-sequence.patch @@ -0,0 +1,57 @@ +From d2ac7bef95c9ead307801ccb6cb6dfbeb14247bf Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Thu, 4 Aug 2022 17:09:53 +0200 +Subject: [PATCH] usb: dwc3: fix PHY disable sequence +Git-commit: d2ac7bef95c9ead307801ccb6cb6dfbeb14247bf +References: git-fixes +Patch-mainline: v6.0-rc4 + +Generic PHYs must be powered-off before they can be tore down. + +Similarly, suspending legacy PHYs after having powered them off makes no +sense. + +Fix the dwc3_core_exit() (e.g. called during suspend) and open-coded +dwc3_probe() error-path sequences that got this wrong. + +Note that this makes dwc3_core_exit() match the dwc3_core_init() error +path with respect to powering off the PHYs. + +Fixes: 03c1fd622f72 ("usb: dwc3: core: add phy cleanup for probe error handling") +Fixes: c499ff71ff2a ("usb: dwc3: core: re-factor init and exit paths") +Cc: stable@vger.kernel.org # 4.8 +Reviewed-by: Andrew Halaney +Reviewed-by: Matthias Kaehlcke +Reviewed-by: Manivannan Sadhasivam +Signed-off-by: Johan Hovold +Link: https://lore.kernel.org/r/20220804151001.23612-2-johan+linaro@kernel.org +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Oliver Neukum +--- + drivers/usb/dwc3/core.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/drivers/usb/dwc3/core.c ++++ b/drivers/usb/dwc3/core.c +@@ -1285,16 +1285,16 @@ static int dwc3_probe(struct platform_de + err5: + dwc3_event_buffers_cleanup(dwc); + +- usb_phy_shutdown(dwc->usb2_phy); +- usb_phy_shutdown(dwc->usb3_phy); +- phy_exit(dwc->usb2_generic_phy); +- phy_exit(dwc->usb3_generic_phy); +- + usb_phy_set_suspend(dwc->usb2_phy, 1); + usb_phy_set_suspend(dwc->usb3_phy, 1); + phy_power_off(dwc->usb2_generic_phy); + phy_power_off(dwc->usb3_generic_phy); + ++ usb_phy_shutdown(dwc->usb2_phy); ++ usb_phy_shutdown(dwc->usb3_phy); ++ phy_exit(dwc->usb2_generic_phy); ++ phy_exit(dwc->usb3_generic_phy); ++ + dwc3_ulpi_exit(dwc); + + err4: diff --git a/patches.suse/usb-dwc3-gadget-Fix-event-pending-check.patch b/patches.suse/usb-dwc3-gadget-Fix-event-pending-check.patch new file mode 100644 index 0000000..e90cb18 --- /dev/null +++ b/patches.suse/usb-dwc3-gadget-Fix-event-pending-check.patch @@ -0,0 +1,56 @@ +From 7441b273388b9a59d8387a03ffbbca9d5af6348c Mon Sep 17 00:00:00 2001 +From: Thinh Nguyen +Date: Mon, 27 Jun 2022 18:41:19 -0700 +Subject: [PATCH] usb: dwc3: gadget: Fix event pending check +Git-commit: 7441b273388b9a59d8387a03ffbbca9d5af6348c +References: git-fixes +Patch-mainline: v5.19-rc7 + +The DWC3_EVENT_PENDING flag is used to protect against invalid call to +top-half interrupt handler, which can occur when there's a delay in +software detection of the interrupt line deassertion. + +However, the clearing of this flag was done prior to unmasking the +interrupt line, creating opportunity where the top-half handler can +come. This breaks the serialization and creates a race between the +top-half and bottom-half handler, resulting in losing synchronization +between the controller and the driver when processing events. + +To fix this, make sure the clearing of the DWC3_EVENT_PENDING is done at +the end of the bottom-half handler. + +Fixes: d325a1de49d6 ("usb: dwc3: gadget: Prevent losing events in event cache") +Cc: stable@vger.kernel.org +Signed-off-by: Thinh Nguyen +Link: https://lore.kernel.org/r/8670aaf1cf52e7d1e6df2a827af2d77263b93b75.1656380429.git.Thinh.Nguyen@synopsys.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Oliver Neukum +--- + drivers/usb/dwc3/gadget.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c +index 8716bece1072..0d89dfa6eef5 100644 +--- a/drivers/usb/dwc3/gadget.c ++++ b/drivers/usb/dwc3/gadget.c +@@ -4249,7 +4249,6 @@ static irqreturn_t dwc3_process_event_buf(struct dwc3_event_buffer *evt) + } + + evt->count = 0; +- evt->flags &= ~DWC3_EVENT_PENDING; + ret = IRQ_HANDLED; + + /* Unmask interrupt */ +@@ -4261,6 +4260,9 @@ static irqreturn_t dwc3_process_event_buf(struct dwc3_event_buffer *evt) + dwc3_writel(dwc->regs, DWC3_DEV_IMOD(0), dwc->imod_interval); + } + ++ /* Keep the clearing of DWC3_EVENT_PENDING at the end */ ++ evt->flags &= ~DWC3_EVENT_PENDING; ++ + return ret; + } + +-- +2.39.2 + diff --git a/patches.suse/usb-host-Fix-refcount-leak-in-ehci_hcd_ppc_of_probe.patch b/patches.suse/usb-host-Fix-refcount-leak-in-ehci_hcd_ppc_of_probe.patch new file mode 100644 index 0000000..1424525 --- /dev/null +++ b/patches.suse/usb-host-Fix-refcount-leak-in-ehci_hcd_ppc_of_probe.patch @@ -0,0 +1,37 @@ +From b5c5b13cb45e2c88181308186b0001992cb41954 Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Thu, 2 Jun 2022 15:08:49 +0400 +Subject: [PATCH] usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe +Git-commit: b5c5b13cb45e2c88181308186b0001992cb41954 +References: git-fixes +Patch-mainline: v6.0-rc1 + +of_find_compatible_node() returns a node pointer with refcount +incremented, we should use of_node_put() on it when done. +Add missing of_node_put() to avoid refcount leak. + +Fixes: 796bcae7361c ("USB: powerpc: Workaround for the PPC440EPX USBH_23 errata [take 3]") +Acked-by: Alan Stern +Signed-off-by: Miaoqian Lin +Link: https://lore.kernel.org/r/20220602110849.58549-1-linmq006@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Oliver Neukum +--- + drivers/usb/host/ehci-ppc-of.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/usb/host/ehci-ppc-of.c b/drivers/usb/host/ehci-ppc-of.c +index 6bbaee74f7e7..28a19693c19f 100644 +--- a/drivers/usb/host/ehci-ppc-of.c ++++ b/drivers/usb/host/ehci-ppc-of.c +@@ -148,6 +148,7 @@ static int ehci_hcd_ppc_of_probe(struct platform_device *op) + } else { + ehci->has_amcc_usb23 = 1; + } ++ of_node_put(np); + } + + if (of_get_property(dn, "big-endian", NULL)) { +-- +2.39.2 + diff --git a/patches.suse/usb-musb-fix-MUSB_QUIRK_B_DISCONNECT_99-handling.patch b/patches.suse/usb-musb-fix-MUSB_QUIRK_B_DISCONNECT_99-handling.patch new file mode 100644 index 0000000..aa8bde8 --- /dev/null +++ b/patches.suse/usb-musb-fix-MUSB_QUIRK_B_DISCONNECT_99-handling.patch @@ -0,0 +1,59 @@ +From b65ba0c362be665192381cc59e3ac3ef6f0dd1e1 Mon Sep 17 00:00:00 2001 +From: Thomas Petazzoni +Date: Fri, 28 May 2021 16:04:46 +0200 +Subject: [PATCH] usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling +Git-commit: b65ba0c362be665192381cc59e3ac3ef6f0dd1e1 +References: git-fixes +Patch-mainline: v5.13-rc6 + +In commit 92af4fc6ec33 ("usb: musb: Fix suspend with devices +connected for a64"), the logic to support the +MUSB_QUIRK_B_DISCONNECT_99 quirk was modified to only conditionally +schedule the musb->irq_work delayed work. + +This commit badly breaks ECM Gadget on AM335X. Indeed, with this +commit, one can observe massive packet loss: + +$ ping 192.168.0.100 +... +15 packets transmitted, 3 received, 80% packet loss, time 14316ms + +Reverting this commit brings back a properly functioning ECM +Gadget. An analysis of the commit seems to indicate that a mistake was +made: the previous code was not falling through into the +MUSB_QUIRK_B_INVALID_VBUS_91, but now it is, unless the condition is +taken. + +Changing the logic to be as it was before the problematic commit *and* +only conditionally scheduling musb->irq_work resolves the regression: + +$ ping 192.168.0.100 +... +64 packets transmitted, 64 received, 0% packet loss, time 64475ms + +Fixes: 92af4fc6ec33 ("usb: musb: Fix suspend with devices connected for a64") +Cc: stable@vger.kernel.org +Tested-by: Alexandre Belloni +Tested-by: Drew Fustini +Acked-by: Tony Lindgren +Signed-off-by: Thomas Petazzoni +Link: https://lore.kernel.org/r/20210528140446.278076-1-thomas.petazzoni@bootlin.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Oliver Neukum +--- + drivers/usb/musb/musb_core.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/usb/musb/musb_core.c ++++ b/drivers/usb/musb/musb_core.c +@@ -1869,9 +1869,8 @@ static void musb_pm_runtime_check_sessio + schedule_delayed_work(&musb->irq_work, + msecs_to_jiffies(1000)); + musb->quirk_retries--; +- break; + } +- /* fall through */ ++ break; + case MUSB_QUIRK_B_INVALID_VBUS_91: + if (musb->quirk_retries && !musb->flush_irq_work) { + musb_dbg(musb, diff --git a/patches.suse/usb-ohci-nxp-Fix-refcount-leak-in-ohci_hcd_nxp_probe.patch b/patches.suse/usb-ohci-nxp-Fix-refcount-leak-in-ohci_hcd_nxp_probe.patch new file mode 100644 index 0000000..1e48194 --- /dev/null +++ b/patches.suse/usb-ohci-nxp-Fix-refcount-leak-in-ohci_hcd_nxp_probe.patch @@ -0,0 +1,37 @@ +From 302970b4cad3ebfda2c05ce06c322ccdc447d17e Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Fri, 3 Jun 2022 18:12:30 +0400 +Subject: [PATCH] usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe +Git-commit: 302970b4cad3ebfda2c05ce06c322ccdc447d17e +References: git-fixes +Patch-mainline: v6.0-rc1 + +of_parse_phandle() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not need anymore. +Add missing of_node_put() to avoid refcount leak. + +Fixes: 73108aa90cbf ("USB: ohci-nxp: Use isp1301 driver") +Acked-by: Alan Stern +Signed-off-by: Miaoqian Lin +Link: https://lore.kernel.org/r/20220603141231.979-1-linmq006@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Oliver Neukum +--- + drivers/usb/host/ohci-nxp.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/usb/host/ohci-nxp.c b/drivers/usb/host/ohci-nxp.c +index 85878e8ad331..106a6bcefb08 100644 +--- a/drivers/usb/host/ohci-nxp.c ++++ b/drivers/usb/host/ohci-nxp.c +@@ -164,6 +164,7 @@ static int ohci_hcd_nxp_probe(struct platform_device *pdev) + } + + isp1301_i2c_client = isp1301_get_client(isp1301_node); ++ of_node_put(isp1301_node); + if (!isp1301_i2c_client) + return -EPROBE_DEFER; + +-- +2.39.2 + diff --git a/patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch b/patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch new file mode 100644 index 0000000..515e30d --- /dev/null +++ b/patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch @@ -0,0 +1,43 @@ +From c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2 Mon Sep 17 00:00:00 2001 +From: Szymon Heidrich +Date: Tue, 3 Jan 2023 10:17:09 +0100 +Subject: [PATCH] usb: rndis_host: Secure rndis_query check against int + overflow +Git-commit: c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2 +References: CVE-2023-23559 bsc#1207051 +Patch-mainline: v6.2-rc3 + +Variables off and len typed as uint32 in rndis_query function +are controlled by incoming RNDIS response message thus their +value may be manipulated. Setting off to a unexpectetly large +value will cause the sum with len and 8 to overflow and pass +the implemented validation step. Consequently the response +pointer will be referring to a location past the expected +buffer boundaries allowing information leakage e.g. via +RNDIS_OID_802_3_PERMANENT_ADDRESS OID. + +Fixes: ddda08624013 ("USB: rndis_host, various cleanups") +Signed-off-by: Szymon Heidrich +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/rndis_host.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/usb/rndis_host.c b/drivers/net/usb/rndis_host.c +index f79333fe1783..7b3739b29c8f 100644 +--- a/drivers/net/usb/rndis_host.c ++++ b/drivers/net/usb/rndis_host.c +@@ -255,7 +255,8 @@ static int rndis_query(struct usbnet *dev, struct usb_interface *intf, + + off = le32_to_cpu(u.get_c->offset); + len = le32_to_cpu(u.get_c->len); +- if (unlikely((8 + off + len) > CONTROL_BUFFER_SIZE)) ++ if (unlikely((off > CONTROL_BUFFER_SIZE - 8) || ++ (len > CONTROL_BUFFER_SIZE - 8 - off))) + goto response_error; + + if (*reply_len != -1 && len != *reply_len) +-- +2.39.1 + diff --git a/patches.suse/vlan-Fix-out-of-order-vlan-headers-with-reorder-head.patch b/patches.suse/vlan-Fix-out-of-order-vlan-headers-with-reorder-head.patch new file mode 100644 index 0000000..a46bfaf --- /dev/null +++ b/patches.suse/vlan-Fix-out-of-order-vlan-headers-with-reorder-head.patch @@ -0,0 +1,171 @@ +From c285d511ea86fab88bc0ce5e1654ef3dd63ce113 Mon Sep 17 00:00:00 2001 +From: Toshiaki Makita +Date: Tue, 13 Mar 2018 14:51:28 +0900 +Subject: [PATCH 1/7] vlan: Fix out of order vlan headers with reorder header + off +Git-commit: cbe7128c4b92e2004984f477fd38dfa81662f02e +Patch-mainline: v4.16-rc7 +References: git-fixes + +With reorder header off, received packets are untagged in skb_vlan_untag() +called from within __netif_receive_skb_core(), and later the tag will be +inserted back in vlan_do_receive(). + +This caused out of order vlan headers when we create a vlan device on top +of another vlan device, because vlan_do_receive() inserts a tag as the +outermost vlan tag. E.g. the outer tag is first removed in skb_vlan_untag() +and inserted back in vlan_do_receive(), then the inner tag is next removed +and inserted back as the outermost tag. + +This patch fixes the behaviour by inserting the inner tag at the right +position. + +Signed-off-by: Toshiaki Makita +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + include/linux/if_vlan.h | 66 ++++++++++++++++++++++++++++++++++++++++--------- + net/8021q/vlan_core.c | 4 +-- + 2 files changed, 57 insertions(+), 13 deletions(-) + +diff --git a/include/linux/if_vlan.h b/include/linux/if_vlan.h +index 5774fbe105dc..c7b8f60d34d8 100644 +--- a/include/linux/if_vlan.h ++++ b/include/linux/if_vlan.h +@@ -303,30 +303,34 @@ static inline bool vlan_hw_offload_capable(netdev_features_t features, + } + + /** +- * __vlan_insert_tag - regular VLAN tag inserting ++ * __vlan_insert_inner_tag - inner VLAN tag inserting + * @skb: skbuff to tag + * @vlan_proto: VLAN encapsulation protocol + * @vlan_tci: VLAN TCI to insert ++ * @mac_len: MAC header length including outer vlan headers + * +- * Inserts the VLAN tag into @skb as part of the payload ++ * Inserts the VLAN tag into @skb as part of the payload at offset mac_len + * Returns error if skb_cow_head failes. + * + * Does not change skb->protocol so this function can be used during receive. + */ +-static inline int __vlan_insert_tag(struct sk_buff *skb, +- __be16 vlan_proto, u16 vlan_tci) ++static inline int __vlan_insert_inner_tag(struct sk_buff *skb, ++ __be16 vlan_proto, u16 vlan_tci, ++ unsigned int mac_len) + { + struct vlan_ethhdr *veth; + + if (skb_cow_head(skb, VLAN_HLEN) < 0) + return -ENOMEM; + +- veth = skb_push(skb, VLAN_HLEN); ++ skb_push(skb, VLAN_HLEN); + +- /* Move the mac addresses to the beginning of the new header. */ +- memmove(skb->data, skb->data + VLAN_HLEN, 2 * ETH_ALEN); ++ /* Move the mac header sans proto to the beginning of the new header. */ ++ memmove(skb->data, skb->data + VLAN_HLEN, mac_len - ETH_TLEN); + skb->mac_header -= VLAN_HLEN; + ++ veth = (struct vlan_ethhdr *)(skb->data + mac_len - ETH_HLEN); ++ + /* first, the ethernet type */ + veth->h_vlan_proto = vlan_proto; + +@@ -337,12 +341,30 @@ static inline int __vlan_insert_tag(struct sk_buff *skb, + } + + /** +- * vlan_insert_tag - regular VLAN tag inserting ++ * __vlan_insert_tag - regular VLAN tag inserting + * @skb: skbuff to tag + * @vlan_proto: VLAN encapsulation protocol + * @vlan_tci: VLAN TCI to insert + * + * Inserts the VLAN tag into @skb as part of the payload ++ * Returns error if skb_cow_head failes. ++ * ++ * Does not change skb->protocol so this function can be used during receive. ++ */ ++static inline int __vlan_insert_tag(struct sk_buff *skb, ++ __be16 vlan_proto, u16 vlan_tci) ++{ ++ return __vlan_insert_inner_tag(skb, vlan_proto, vlan_tci, ETH_HLEN); ++} ++ ++/** ++ * vlan_insert_inner_tag - inner VLAN tag inserting ++ * @skb: skbuff to tag ++ * @vlan_proto: VLAN encapsulation protocol ++ * @vlan_tci: VLAN TCI to insert ++ * @mac_len: MAC header length including outer vlan headers ++ * ++ * Inserts the VLAN tag into @skb as part of the payload at offset mac_len + * Returns a VLAN tagged skb. If a new skb is created, @skb is freed. + * + * Following the skb_unshare() example, in case of error, the calling function +@@ -350,12 +372,14 @@ static inline int __vlan_insert_tag(struct sk_buff *skb, + * + * Does not change skb->protocol so this function can be used during receive. + */ +-static inline struct sk_buff *vlan_insert_tag(struct sk_buff *skb, +- __be16 vlan_proto, u16 vlan_tci) ++static inline struct sk_buff *vlan_insert_inner_tag(struct sk_buff *skb, ++ __be16 vlan_proto, ++ u16 vlan_tci, ++ unsigned int mac_len) + { + int err; + +- err = __vlan_insert_tag(skb, vlan_proto, vlan_tci); ++ err = __vlan_insert_inner_tag(skb, vlan_proto, vlan_tci, mac_len); + if (err) { + dev_kfree_skb_any(skb); + return NULL; +@@ -363,6 +387,26 @@ static inline struct sk_buff *vlan_insert_tag(struct sk_buff *skb, + return skb; + } + ++/** ++ * vlan_insert_tag - regular VLAN tag inserting ++ * @skb: skbuff to tag ++ * @vlan_proto: VLAN encapsulation protocol ++ * @vlan_tci: VLAN TCI to insert ++ * ++ * Inserts the VLAN tag into @skb as part of the payload ++ * Returns a VLAN tagged skb. If a new skb is created, @skb is freed. ++ * ++ * Following the skb_unshare() example, in case of error, the calling function ++ * doesn't have to worry about freeing the original skb. ++ * ++ * Does not change skb->protocol so this function can be used during receive. ++ */ ++static inline struct sk_buff *vlan_insert_tag(struct sk_buff *skb, ++ __be16 vlan_proto, u16 vlan_tci) ++{ ++ return vlan_insert_inner_tag(skb, vlan_proto, vlan_tci, ETH_HLEN); ++} ++ + /** + * vlan_insert_tag_set_proto - regular VLAN tag inserting + * @skb: skbuff to tag +diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c +index e2ed69850489..e4ae65ac516d 100644 +--- a/net/8021q/vlan_core.c ++++ b/net/8021q/vlan_core.c +@@ -41,8 +41,8 @@ bool vlan_do_receive(struct sk_buff **skbp) + * original position later + */ + skb_push(skb, offset); +- skb = *skbp = vlan_insert_tag(skb, skb->vlan_proto, +- skb->vlan_tci); ++ skb = *skbp = vlan_insert_inner_tag(skb, skb->vlan_proto, ++ skb->vlan_tci, skb->mac_len); + if (!skb) + return false; + skb_pull(skb, offset + VLAN_HLEN); +-- +2.16.4 + diff --git a/patches.suse/vlan-Fix-vlan-insertion-for-packets-without-ethernet.patch b/patches.suse/vlan-Fix-vlan-insertion-for-packets-without-ethernet.patch new file mode 100644 index 0000000..efc5e18 --- /dev/null +++ b/patches.suse/vlan-Fix-vlan-insertion-for-packets-without-ethernet.patch @@ -0,0 +1,66 @@ +From 88b54d2af2cc2253f9afbd51f79d3d72a8755a41 Mon Sep 17 00:00:00 2001 +From: Toshiaki Makita +Date: Thu, 29 Mar 2018 19:05:30 +0900 +Subject: [PATCH 2/7] vlan: Fix vlan insertion for packets without ethernet + header +Git-commit: c769accdf3d8a103940bea2979b65556718567e9 +Patch-mainline: v4.16 +References: git-fixes + +In some situation vlan packets do not have ethernet headers. One example +is packets from tun devices. Users can specify vlan protocol in tun_pi +field instead of IP protocol. When we have a vlan device with reorder_hdr +disabled on top of the tun device, such packets from tun devices are +untagged in skb_vlan_untag() and vlan headers will be inserted back in +vlan_insert_inner_tag(). + +vlan_insert_inner_tag() however did not expect packets without ethernet +headers, so in such a case size argument for memmove() underflowed. + +We don't need to copy headers for packets which do not have preceding +headers of vlan headers, so skip memmove() in that case. +Also don't write vlan protocol in skb->data when it does not have enough +room for it. + +Fixes: cbe7128c4b92 ("vlan: Fix out of order vlan headers with reorder header off") +Signed-off-by: Toshiaki Makita +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + include/linux/if_vlan.h | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/include/linux/if_vlan.h b/include/linux/if_vlan.h +index c7b8f60d34d8..8fecd8a6b3ff 100644 +--- a/include/linux/if_vlan.h ++++ b/include/linux/if_vlan.h +@@ -326,13 +326,24 @@ static inline int __vlan_insert_inner_tag(struct sk_buff *skb, + skb_push(skb, VLAN_HLEN); + + /* Move the mac header sans proto to the beginning of the new header. */ +- memmove(skb->data, skb->data + VLAN_HLEN, mac_len - ETH_TLEN); ++ if (likely(mac_len > ETH_TLEN)) ++ memmove(skb->data, skb->data + VLAN_HLEN, mac_len - ETH_TLEN); + skb->mac_header -= VLAN_HLEN; + + veth = (struct vlan_ethhdr *)(skb->data + mac_len - ETH_HLEN); + + /* first, the ethernet type */ +- veth->h_vlan_proto = vlan_proto; ++ if (likely(mac_len >= ETH_TLEN)) { ++ /* h_vlan_encapsulated_proto should already be populated, and ++ * skb->data has space for h_vlan_proto ++ */ ++ veth->h_vlan_proto = vlan_proto; ++ } else { ++ /* h_vlan_encapsulated_proto should not be populated, and ++ * skb->data has no space for h_vlan_proto ++ */ ++ veth->h_vlan_encapsulated_proto = skb->protocol; ++ } + + /* now, the TCI */ + veth->h_vlan_TCI = htons(vlan_tci); +-- +2.16.4 + diff --git a/patches.suse/vxlan-Fix-error-path-in-__vxlan_dev_create.patch b/patches.suse/vxlan-Fix-error-path-in-__vxlan_dev_create.patch new file mode 100644 index 0000000..120819f --- /dev/null +++ b/patches.suse/vxlan-Fix-error-path-in-__vxlan_dev_create.patch @@ -0,0 +1,82 @@ +From 982013b32d47075bc05c5af7ae1bb16543cc2b99 Mon Sep 17 00:00:00 2001 +From: Petr Machata +Date: Tue, 18 Dec 2018 13:16:00 +0000 +Subject: [PATCH 5/7] vxlan: Fix error path in __vxlan_dev_create() +Git-commit: 6db9246871394b3a136cd52001a0763676563840 +Patch-mainline: v4.20 +References: git-fixes + +When a failure occurs in rtnl_configure_link(), the current code +calls unregister_netdevice() to roll back the earlier call to +register_netdevice(), and jumps to errout, which calls +vxlan_fdb_destroy(). + +However unregister_netdevice() calls transitively ndo_uninit, which is +vxlan_uninit(), and that already takes care of deleting the default FDB +entry by calling vxlan_fdb_delete_default(). Since the entry added +earlier in __vxlan_dev_create() is exactly the default entry, the +cleanup code in the errout block always leads to double free and thus a +panic. + +Besides, since vxlan_fdb_delete_default() always destroys the FDB entry +with notification enabled, the deletion of the default entry is notified +even before the addition was notified. + +Instead, move the unregister_netdevice() call after the manual destroy, +which solves both problems. + +Fixes: 0241b836732f ("vxlan: fix default fdb entry netlink notify ordering during netdev create") +Signed-off-by: Petr Machata +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/vxlan.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c +index d56b76da4f24..e305b26785ff 100644 +--- a/drivers/net/vxlan.c ++++ b/drivers/net/vxlan.c +@@ -3169,6 +3169,7 @@ static int __vxlan_dev_create(struct net *net, struct net_device *dev, + struct vxlan_net *vn = net_generic(net, vxlan_net_id); + struct vxlan_dev *vxlan = netdev_priv(dev); + struct vxlan_fdb *f = NULL; ++ bool unregister = false; + int err; + + err = vxlan_dev_configure(net, dev, conf, false); +@@ -3194,12 +3195,11 @@ static int __vxlan_dev_create(struct net *net, struct net_device *dev, + err = register_netdevice(dev); + if (err) + goto errout; ++ unregister = true; + + err = rtnl_configure_link(dev, NULL); +- if (err) { +- unregister_netdevice(dev); ++ if (err) + goto errout; +- } + + /* notify default fdb entry */ + if (f) +@@ -3207,9 +3207,16 @@ static int __vxlan_dev_create(struct net *net, struct net_device *dev, + + list_add(&vxlan->next, &vn->vxlan_list); + return 0; ++ + errout: ++ /* unregister_netdevice() destroys the default FDB entry with deletion ++ * notification. But the addition notification was not sent yet, so ++ * destroy the entry by hand here. ++ */ + if (f) + vxlan_fdb_destroy(vxlan, f, false); ++ if (unregister) ++ unregister_netdevice(dev); + return err; + } + +-- +2.16.4 + diff --git a/patches.suse/vxlan-changelink-Fix-handling-of-default-remotes.patch b/patches.suse/vxlan-changelink-Fix-handling-of-default-remotes.patch new file mode 100644 index 0000000..06871d0 --- /dev/null +++ b/patches.suse/vxlan-changelink-Fix-handling-of-default-remotes.patch @@ -0,0 +1,93 @@ +From 3465f145b40ead6f805c9bd553b64ef37ab1ddcf Mon Sep 17 00:00:00 2001 +From: Petr Machata +Date: Tue, 18 Dec 2018 13:16:02 +0000 +Subject: [PATCH 6/7] vxlan: changelink: Fix handling of default remotes +Git-commit: ce5e098f7a10b4bf8e948c12fa350320c5c3afad +Patch-mainline: v4.20 +References: git-fixes + +Default remotes are stored as FDB entries with an Ethernet address of +00:00:00:00:00:00. When a request is made to change a remote address of +a VXLAN device, vxlan_changelink() first deletes the existing default +remote, and then creates a new FDB entry. + +This works well as long as the list of default remotes matches exactly +the configuration of a VXLAN remote address. Thus when the VXLAN device +has a remote of X, there should be exactly one default remote FDB entry +X. If the VXLAN device has no remote address, there should be no such +entry. + +Besides using "ip link set", it is possible to manipulate the list of +default remotes by using the "bridge fdb". It is therefore easy to break +the above condition. Under such circumstances, the __vxlan_fdb_delete() +call doesn't delete the FDB entry itself, but just one remote. The +following vxlan_fdb_create() then creates a new FDB entry, leading to a +situation where two entries exist for the address 00:00:00:00:00:00, +each with a different subset of default remotes. + +An even more obvious breakage rooted in the same cause can be observed +when a remote address is configured for a VXLAN device that did not have +one before. In that case vxlan_changelink() doesn't remove any remote, +and just creates a new FDB entry for the new address: + +$ ip link add name vx up type vxlan id 2000 dstport 4789 +$ bridge fdb ap dev vx 00:00:00:00:00:00 dst 192.0.2.20 self permanent +$ bridge fdb ap dev vx 00:00:00:00:00:00 dst 192.0.2.30 self permanent +$ ip link set dev vx type vxlan remote 192.0.2.30 +$ bridge fdb sh dev vx | grep 00:00:00:00:00:00 +00:00:00:00:00:00 dst 192.0.2.30 self permanent <- new entry, 1 rdst +00:00:00:00:00:00 dst 192.0.2.20 self permanent <- orig. entry, 2 rdsts +00:00:00:00:00:00 dst 192.0.2.30 self permanent + +To fix this, instead of calling vxlan_fdb_create() directly, defer to +vxlan_fdb_update(). That has logic to handle the duplicates properly. +Additionally, it also handles notifications, so drop that call from +changelink as well. + +Fixes: 0241b836732f ("vxlan: fix default fdb entry netlink notify ordering during netdev create") +Signed-off-by: Petr Machata +Acked-by: Roopa Prabhu +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/vxlan.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c +index e305b26785ff..3d578e4c931d 100644 +--- a/drivers/net/vxlan.c ++++ b/drivers/net/vxlan.c +@@ -3441,7 +3441,6 @@ static int vxlan_changelink(struct net_device *dev, struct nlattr *tb[], + struct vxlan_rdst *dst = &vxlan->default_dst; + struct vxlan_rdst old_dst; + struct vxlan_config conf; +- struct vxlan_fdb *f = NULL; + int err; + + err = vxlan_nl2conf(tb, data, +@@ -3467,19 +3466,19 @@ static int vxlan_changelink(struct net_device *dev, struct nlattr *tb[], + old_dst.remote_ifindex, 0); + + if (!vxlan_addr_any(&dst->remote_ip)) { +- err = vxlan_fdb_create(vxlan, all_zeros_mac, ++ err = vxlan_fdb_update(vxlan, all_zeros_mac, + &dst->remote_ip, + NUD_REACHABLE | NUD_PERMANENT, ++ NLM_F_APPEND | NLM_F_CREATE, + vxlan->cfg.dst_port, + dst->remote_vni, + dst->remote_vni, + dst->remote_ifindex, +- NTF_SELF, &f); ++ NTF_SELF); + if (err) { + spin_unlock_bh(&vxlan->hash_lock); + return err; + } +- vxlan_fdb_notify(vxlan, f, first_remote_rtnl(f), RTM_NEWNEIGH); + } + spin_unlock_bh(&vxlan->hash_lock); + } +-- +2.16.4 + diff --git a/patches.suse/x86-cpu_entry_area-Map-also-trace_idt_table.patch b/patches.suse/x86-cpu_entry_area-Map-also-trace_idt_table.patch index 8624e7e..414cd5f 100644 --- a/patches.suse/x86-cpu_entry_area-Map-also-trace_idt_table.patch +++ b/patches.suse/x86-cpu_entry_area-Map-also-trace_idt_table.patch @@ -17,16 +17,14 @@ https://lkml.kernel.org/r/20170828064715.802987421@linutronix.de. Signed-off-by: Petr Mladek Signed-off-by: Jessica Yu --- - arch/x86/include/asm/cpu_entry_area.h | 4 +++- - arch/x86/include/asm/pgtable_32_types.h | 3 ++- - arch/x86/kernel/traps.c | 6 ++++++ + arch/x86/include/asm/cpu_entry_area.h | 4 +++- + arch/x86/include/asm/pgtable_32_types.h | 3 ++- + arch/x86/kernel/traps.c | 6 ++++++ 3 files changed, 11 insertions(+), 2 deletions(-) -diff --git a/arch/x86/include/asm/cpu_entry_area.h b/arch/x86/include/asm/cpu_entry_area.h -index 4a7884b8dca5..d19a1823e554 100644 --- a/arch/x86/include/asm/cpu_entry_area.h +++ b/arch/x86/include/asm/cpu_entry_area.h -@@ -64,9 +64,11 @@ extern void setup_cpu_entry_areas(void); +@@ -63,9 +63,11 @@ extern void setup_cpu_entry_areas(void); extern void cea_set_pte(void *cea_vaddr, phys_addr_t pa, pgprot_t flags); #define CPU_ENTRY_AREA_RO_IDT CPU_ENTRY_AREA_BASE @@ -37,13 +35,11 @@ index 4a7884b8dca5..d19a1823e554 100644 #define CPU_ENTRY_AREA_RO_IDT_VADDR ((void *)CPU_ENTRY_AREA_RO_IDT) +#define CPU_ENTRY_AREA_RO_TRACE_IDT_VADDR ((void *)CPU_ENTRY_AREA_RO_TRACE_IDT) - #define CPU_ENTRY_AREA_MAP_SIZE \ - (CPU_ENTRY_AREA_PER_CPU + CPU_ENTRY_AREA_TOT_SIZE - CPU_ENTRY_AREA_BASE) -diff --git a/arch/x86/include/asm/pgtable_32_types.h b/arch/x86/include/asm/pgtable_32_types.h -index 67b60e11b70d..d2046a3b3f03 100644 + #ifdef CONFIG_X86_32 + #define CPU_ENTRY_AREA_MAP_SIZE (CPU_ENTRY_AREA_PER_CPU + \ --- a/arch/x86/include/asm/pgtable_32_types.h +++ b/arch/x86/include/asm/pgtable_32_types.h -@@ -43,8 +43,9 @@ extern bool __vmalloc_start_set; /* set once high_memory is set */ +@@ -43,8 +43,9 @@ extern bool __vmalloc_start_set; /* set */ #define CPU_ENTRY_AREA_PAGES (NR_CPUS * 40) @@ -54,11 +50,9 @@ index 67b60e11b70d..d2046a3b3f03 100644 #define PKMAP_BASE \ ((CPU_ENTRY_AREA_BASE - PAGE_SIZE) & PMD_MASK) -diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index a21ec5727315..66746cbdd105 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c -@@ -1042,6 +1042,12 @@ void __init trap_init(void) +@@ -1035,6 +1035,12 @@ void __init trap_init(void) PAGE_KERNEL_RO); idt_descr.address = CPU_ENTRY_AREA_RO_IDT; @@ -71,6 +65,3 @@ index a21ec5727315..66746cbdd105 100644 /* * Should be a barrier for any external CPU state: */ --- -2.12.3 - diff --git a/patches.suse/x86-link-vdso-and-boot-with-z-noexecstack-no-warn-rw.patch b/patches.suse/x86-link-vdso-and-boot-with-z-noexecstack-no-warn-rw.patch new file mode 100644 index 0000000..3a9e35e --- /dev/null +++ b/patches.suse/x86-link-vdso-and-boot-with-z-noexecstack-no-warn-rw.patch @@ -0,0 +1,84 @@ +From: Nick Desaulniers +Date: Wed, 10 Aug 2022 15:24:41 -0700 +Subject: x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments +Git-commit: ffcf9c5700e49c0aee42dcba9a12ba21338e8136 +Patch-mainline: 6.0-rc1 +References: bsc#1203200 + +Users of GNU ld (BFD) from binutils 2.39+ will observe multiple +instances of a new warning when linking kernels in the form: + + ld: warning: arch/x86/boot/pmjump.o: missing .note.GNU-stack section implies executable stack + ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker + ld: warning: arch/x86/boot/compressed/vmlinux has a LOAD segment with RWX permissions + +Generally, we would like to avoid the stack being executable. Because +there could be a need for the stack to be executable, assembler sources +have to opt-in to this security feature via explicit creation of the +.note.GNU-stack feature (which compilers create by default) or command +line flag --noexecstack. Or we can simply tell the linker the +production of such sections is irrelevant and to link the stack as +--noexecstack. + +LLVM's LLD linker defaults to -z noexecstack, so this flag isn't +strictly necessary when linking with LLD, only BFD, but it doesn't hurt +to be explicit here for all linkers IMO. --no-warn-rwx-segments is +currently BFD specific and only available in the current latest release, +so it's wrapped in an ld-option check. + +While the kernel makes extensive usage of ELF sections, it doesn't use +permissions from ELF segments. + +[js] no CONFIG_LD_IS_BFD, use "y" instead + +Link: https://lore.kernel.org/linux-block/3af4127a-f453-4cf7-f133-a181cce06f73@kernel.dk/ +Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 +Link: https://github.com/llvm/llvm-project/issues/57009 +Reported-and-tested-by: Jens Axboe +Suggested-by: Fangrui Song +Signed-off-by: Nick Desaulniers +Signed-off-by: Linus Torvalds +Signed-off-by: Jiri Slaby +--- + arch/x86/boot/Makefile | 2 +- + arch/x86/boot/compressed/Makefile | 6 +++++- + arch/x86/entry/vdso/Makefile | 2 +- + 3 files changed, 7 insertions(+), 3 deletions(-) + +--- a/arch/x86/boot/Makefile ++++ b/arch/x86/boot/Makefile +@@ -99,7 +99,7 @@ $(obj)/zoffset.h: $(obj)/compressed/vmli + AFLAGS_header.o += -I$(objtree)/$(obj) + $(obj)/header.o: $(obj)/zoffset.h + +-LDFLAGS_setup.elf := -T ++LDFLAGS_setup.elf := -z noexecstack -T + $(obj)/setup.elf: $(src)/setup.ld $(SETUP_OBJS) FORCE + $(call if_changed,ld) + +--- a/arch/x86/boot/compressed/Makefile ++++ b/arch/x86/boot/compressed/Makefile +@@ -52,7 +52,11 @@ else + LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \ + && echo "-z noreloc-overflow -pie --no-dynamic-linker") + endif +-LDFLAGS_vmlinux := -T ++LDFLAGS_vmlinux := -z noexecstack ++ifeq (y,y) ++LDFLAGS_vmlinux += $(call ld-option,--no-warn-rwx-segments) ++endif ++LDFLAGS_vmlinux += -T + + hostprogs-y := mkpiggy + HOST_EXTRACFLAGS += -I$(srctree)/tools/include +--- a/arch/x86/entry/vdso/Makefile ++++ b/arch/x86/entry/vdso/Makefile +@@ -175,7 +175,7 @@ quiet_cmd_vdso = VDSO $@ + sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@' + + VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=both) \ +- $(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS) ++ $(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS) -z noexecstack + GCOV_PROFILE := n + + # diff --git a/patches.suse/x86-mce-Fix-Wmissing-prototypes-warnings.patch b/patches.suse/x86-mce-Fix-Wmissing-prototypes-warnings.patch new file mode 100644 index 0000000..9478436 --- /dev/null +++ b/patches.suse/x86-mce-Fix-Wmissing-prototypes-warnings.patch @@ -0,0 +1,108 @@ +From: Borislav Petkov +Date: Fri, 9 Nov 2018 23:13:13 +0100 +Subject: x86/mce: Fix -Wmissing-prototypes warnings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 68b5e4326e4b8ac9080835005d8254fed0fb3c56 +Patch-mainline: 5.0-rc1 +References: git-fixes + +Add the proper includes and make smca_get_name() static. + +Fix an actual bug too which the warning triggered: + + arch/x86/kernel/cpu/mcheck/therm_throt.c:395:39: error: conflicting \ + types for ‘smp_thermal_interrupt’ + asmlinkage __visible void __irq_entry smp_thermal_interrupt(struct pt_regs *r) + ^~~~~~~~~~~~~~~~~~~~~ + In file included from arch/x86/kernel/cpu/mcheck/therm_throt.c:29: + ./arch/x86/include/asm/traps.h:107:17: note: previous declaration of \ + ‘smp_thermal_interrupt’ was here + asmlinkage void smp_thermal_interrupt(void); + +Signed-off-by: Borislav Petkov +Cc: Yi Wang +Cc: Michael Matz +Cc: x86@kernel.org +Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1811081633160.1549@nanos.tec.linutronix.de +Signed-off-by: Jiri Slaby +--- + arch/x86/include/asm/traps.h | 6 +++--- + arch/x86/kernel/cpu/mcheck/mce_amd.c | 5 +++-- + arch/x86/kernel/cpu/mcheck/therm_throt.c | 1 + + arch/x86/kernel/cpu/mcheck/threshold.c | 3 ++- + 4 files changed, 9 insertions(+), 6 deletions(-) + +--- a/arch/x86/include/asm/traps.h ++++ b/arch/x86/include/asm/traps.h +@@ -121,9 +121,9 @@ extern int panic_on_unrecovered_nmi; + + void math_emulate(struct math_emu_info *); + #ifndef CONFIG_X86_32 +-asmlinkage void smp_thermal_interrupt(void); +-asmlinkage void smp_threshold_interrupt(void); +-asmlinkage void smp_deferred_error_interrupt(void); ++asmlinkage void smp_thermal_interrupt(struct pt_regs *regs); ++asmlinkage void smp_threshold_interrupt(struct pt_regs *regs); ++asmlinkage void smp_deferred_error_interrupt(struct pt_regs *regs); + #endif + + extern void ist_enter(struct pt_regs *regs); +--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c ++++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c +@@ -23,6 +23,7 @@ + #include + + #include ++#include + #include + #include + #include +@@ -92,7 +93,7 @@ static struct smca_bank_name smca_names[ + [SMCA_SMU] = { "smu", "System Management Unit" }, + }; + +-const char *smca_get_name(enum smca_bank_types t) ++static const char *smca_get_name(enum smca_bank_types t) + { + if (t >= N_SMCA_BANK_TYPES) + return NULL; +@@ -857,7 +858,7 @@ static inline void __smp_deferred_error_ + deferred_error_int_vector(); + } + +-asmlinkage __visible void __irq_entry smp_deferred_error_interrupt(void) ++asmlinkage __visible void __irq_entry smp_deferred_error_interrupt(struct pt_regs *regs) + { + entering_irq(); + __smp_deferred_error_interrupt(); +--- a/arch/x86/kernel/cpu/mcheck/therm_throt.c ++++ b/arch/x86/kernel/cpu/mcheck/therm_throt.c +@@ -25,6 +25,7 @@ + #include + + #include ++#include + #include + #include + #include +--- a/arch/x86/kernel/cpu/mcheck/threshold.c ++++ b/arch/x86/kernel/cpu/mcheck/threshold.c +@@ -5,6 +5,7 @@ + #include + + #include ++#include + #include + #include + #include +@@ -23,7 +24,7 @@ static inline void __smp_threshold_inter + mce_threshold_vector(); + } + +-asmlinkage __visible void __irq_entry smp_threshold_interrupt(void) ++asmlinkage __visible void __irq_entry smp_threshold_interrupt(struct pt_regs *regs) + { + entering_irq(); + __smp_threshold_interrupt(); diff --git a/patches.suse/x86-mce-amd-edac-mce_amd-add-new-mp5-nbio-and-pcie-smca-bank-types.patch b/patches.suse/x86-mce-amd-edac-mce_amd-add-new-mp5-nbio-and-pcie-smca-bank-types.patch index 4ca99e1..ee12adc 100644 --- a/patches.suse/x86-mce-amd-edac-mce_amd-add-new-mp5-nbio-and-pcie-smca-bank-types.patch +++ b/patches.suse/x86-mce-amd-edac-mce_amd-add-new-mp5-nbio-and-pcie-smca-bank-types.patch @@ -35,7 +35,7 @@ Link: https://lkml.kernel.org/r/20190201225534.8177-2-Yazen.Ghannam@amd.com --- a/arch/x86/include/asm/mce.h +++ b/arch/x86/include/asm/mce.h -@@ -366,6 +366,9 @@ enum smca_bank_types { +@@ -368,6 +368,9 @@ enum smca_bank_types { SMCA_PB, /* Parameter Block */ SMCA_PSP, /* Platform Security Processor */ SMCA_SMU, /* System Management Unit */ @@ -47,7 +47,7 @@ Link: https://lkml.kernel.org/r/20190201225534.8177-2-Yazen.Ghannam@amd.com --- a/arch/x86/kernel/cpu/mcheck/mce_amd.c +++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c -@@ -90,6 +90,9 @@ static struct smca_bank_name smca_names[ +@@ -91,6 +91,9 @@ static struct smca_bank_name smca_names[ [SMCA_PB] = { "param_block", "Parameter Block" }, [SMCA_PSP] = { "psp", "Platform Security Processor" }, [SMCA_SMU] = { "smu", "System Management Unit" }, @@ -56,8 +56,8 @@ Link: https://lkml.kernel.org/r/20190201225534.8177-2-Yazen.Ghannam@amd.com + [SMCA_PCIE] = { "pcie", "PCI Express Unit" }, }; - const char *smca_get_name(enum smca_bank_types t) -@@ -154,6 +157,15 @@ static struct smca_hwid smca_hwid_mcatyp + static const char *smca_get_name(enum smca_bank_types t) +@@ -155,6 +158,15 @@ static struct smca_hwid smca_hwid_mcatyp /* System Management Unit MCA type */ { SMCA_SMU, HWID_MCATYPE(0x01, 0x0), 0x1 }, diff --git a/patches.suse/x86-mm-Randomize-per-cpu-entry-area.patch b/patches.suse/x86-mm-Randomize-per-cpu-entry-area.patch new file mode 100644 index 0000000..6cbf12e --- /dev/null +++ b/patches.suse/x86-mm-Randomize-per-cpu-entry-area.patch @@ -0,0 +1,148 @@ +From: Peter Zijlstra +Date: Thu, 27 Oct 2022 14:54:41 -0700 +Subject: x86/mm: Randomize per-cpu entry area +Git-commit: 97e3d26b5e5f371b3ee223d94dd123e6c442ba80 +Patch-mainline: v6.2-rc1 +References: bsc#1207845 CVE-2023-0597 + +Seth found that the CPU-entry-area; the piece of per-cpu data that is +mapped into the userspace page-tables for kPTI is not subject to any +randomization -- irrespective of kASLR settings. + +On x86_64 a whole P4D (512 GB) of virtual address space is reserved for +this structure, which is plenty large enough to randomize things a +little. + +As such, use a straight forward randomization scheme that avoids +duplicates to spread the existing CPUs over the available space. + + [ bp: Fix le build. ] + +Reported-by: Seth Jenkins +Reviewed-by: Kees Cook +Signed-off-by: Peter Zijlstra (Intel) +Signed-off-by: Dave Hansen +Signed-off-by: Borislav Petkov +[mkoutny: v5.14 backport: init_cea_offsets() is called way before + prandom_init_early() initcall, prandom_u32_max() is not properly + seeded yet. Use KASLR seed and local state to generate CPU entry + areas offsets, this is based on the approach in + kernel_randomize_memory() and should provide same randomness + guarantees -- beware we don't get cryptographically secure random + offsets. This reduces effective entropy in exfiltrating *all* CPU + entry areas by log2(nr_cpus) bits, entropy for *any* CPU is + unaffected. + This was chosen instead of backporting f62384995e4c ("random: split + initialization into early step and later step") and crng related + reworks.] +[mkoutny: v5.3 backport: dropped hw_breakpoint hunk without 24ae0c91cbc5 + ("x86/hw_breakpoint: Prevent data breakpoints on cpu_entry_area"), + adjusted context for missing doublefault_stack on 32b] +[mkoutny: v4.12 backport: adjust context for missing 7623f37e4111 + ("x86/cpu_entry_area: Provide exception stack accessor"] +Acked-by: Michal Koutný +--- + arch/x86/include/asm/cpu_entry_area.h | 10 +++++-- + arch/x86/mm/cpu_entry_area.c | 47 +++++++++++++++++++++++++++++++++- + 2 files changed, 53 insertions(+), 4 deletions(-) + +--- a/arch/x86/include/asm/cpu_entry_area.h ++++ b/arch/x86/include/asm/cpu_entry_area.h +@@ -56,7 +56,6 @@ struct cpu_entry_area { + }; + + #define CPU_ENTRY_AREA_SIZE (sizeof(struct cpu_entry_area)) +-#define CPU_ENTRY_AREA_TOT_SIZE (CPU_ENTRY_AREA_SIZE * NR_CPUS) + + DECLARE_PER_CPU(struct cpu_entry_area *, cpu_entry_area); + +@@ -68,8 +67,13 @@ extern void cea_set_pte(void *cea_vaddr, + + #define CPU_ENTRY_AREA_RO_IDT_VADDR ((void *)CPU_ENTRY_AREA_RO_IDT) + +-#define CPU_ENTRY_AREA_MAP_SIZE \ +- (CPU_ENTRY_AREA_PER_CPU + CPU_ENTRY_AREA_TOT_SIZE - CPU_ENTRY_AREA_BASE) ++#ifdef CONFIG_X86_32 ++#define CPU_ENTRY_AREA_MAP_SIZE (CPU_ENTRY_AREA_PER_CPU + \ ++ (CPU_ENTRY_AREA_SIZE * NR_CPUS) - \ ++ CPU_ENTRY_AREA_BASE) ++#else ++#define CPU_ENTRY_AREA_MAP_SIZE P4D_SIZE ++#endif + + extern struct cpu_entry_area *get_cpu_entry_area(int cpu); + +--- a/arch/x86/mm/cpu_entry_area.c ++++ b/arch/x86/mm/cpu_entry_area.c +@@ -2,6 +2,7 @@ + + #include + #include ++#include + + #include + #include +@@ -13,11 +14,53 @@ static DEFINE_PER_CPU_PAGE_ALIGNED(struc + #ifdef CONFIG_X86_64 + static DEFINE_PER_CPU_PAGE_ALIGNED(char, exception_stacks + [(N_EXCEPTION_STACKS - 1) * EXCEPTION_STKSZ + DEBUG_STKSZ]); ++ ++static DEFINE_PER_CPU_READ_MOSTLY(unsigned long, _cea_offset); ++ ++static __always_inline unsigned int cea_offset(unsigned int cpu) ++{ ++ return per_cpu(_cea_offset, cpu); ++} ++ ++static __init void init_cea_offsets(void) ++{ ++ struct rnd_state rand_state; ++ unsigned int max_cea, rand; ++ unsigned int i, j; ++ ++ max_cea = (CPU_ENTRY_AREA_MAP_SIZE - PAGE_SIZE) / CPU_ENTRY_AREA_SIZE; ++ prandom_seed_state(&rand_state, kaslr_get_random_long("CPU entry")); ++ ++ /* O(sodding terrible) */ ++ for_each_possible_cpu(i) { ++ unsigned int cea; ++ ++again: ++ prandom_bytes_state(&rand_state, &rand, sizeof(rand)); ++ cea = rand % max_cea; ++ ++ for_each_possible_cpu(j) { ++ if (cea_offset(j) == cea) ++ goto again; ++ ++ if (i == j) ++ break; ++ } ++ ++ per_cpu(_cea_offset, i) = cea; ++ } ++} ++#else /* !X86_64 */ ++static __always_inline unsigned int cea_offset(unsigned int cpu) ++{ ++ return cpu; ++} ++static inline void init_cea_offsets(void) { } + #endif + + struct cpu_entry_area *get_cpu_entry_area(int cpu) + { +- unsigned long va = CPU_ENTRY_AREA_PER_CPU + cpu * CPU_ENTRY_AREA_SIZE; ++ unsigned long va = CPU_ENTRY_AREA_PER_CPU + cea_offset(cpu) * CPU_ENTRY_AREA_SIZE; + BUILD_BUG_ON(sizeof(struct cpu_entry_area) % PAGE_SIZE != 0); + + return (struct cpu_entry_area *) va; +@@ -158,6 +201,8 @@ void __init setup_cpu_entry_areas(void) + { + unsigned int cpu; + ++ init_cea_offsets(); ++ + setup_cpu_entry_area_ptes(); + + for_each_possible_cpu(cpu) diff --git a/patches.suse/xfrm-Copy-policy-family-in-clone_policy.patch b/patches.suse/xfrm-Copy-policy-family-in-clone_policy.patch new file mode 100644 index 0000000..ce75d1f --- /dev/null +++ b/patches.suse/xfrm-Copy-policy-family-in-clone_policy.patch @@ -0,0 +1,39 @@ +From 063527fd358f6a223343748e2cf215b5dfc743fe Mon Sep 17 00:00:00 2001 +From: Herbert Xu +Date: Fri, 10 Nov 2017 14:14:06 +1100 +Subject: [PATCH 7/7] xfrm: Copy policy family in clone_policy +Git-commit: 0e74aa1d79a5bbc663e03a2804399cae418a0321 +Patch-mainline: v4.15-rc1 +References: git-fixes + +The syzbot found an ancient bug in the IPsec code. When we cloned +a socket policy (for example, for a child TCP socket derived from a +listening socket), we did not copy the family field. This results +in a live policy with a zero family field. This triggers a BUG_ON +check in the af_key code when the cloned policy is retrieved. + +This patch fixes it by copying the family field over. + +Reported-by: syzbot +Signed-off-by: Herbert Xu +Signed-off-by: Steffen Klassert +Signed-off-by: Denis Kirjanov +--- + net/xfrm/xfrm_policy.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index 0fa6c726362d..8463a59983e1 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -1395,6 +1395,7 @@ static struct xfrm_policy *clone_policy(const struct xfrm_policy *old, int dir) + newp->xfrm_nr = old->xfrm_nr; + newp->index = old->index; + newp->type = old->type; ++ newp->family = old->family; + memcpy(newp->xfrm_vec, old->xfrm_vec, + newp->xfrm_nr*sizeof(struct xfrm_tmpl)); + spin_lock_bh(&net->xfrm.xfrm_policy_lock); +-- +2.16.4 + diff --git a/patches.suse/xfs-Fix-UBSAN-null-ptr-deref-in-xfs_sysfs_init.patch b/patches.suse/xfs-Fix-UBSAN-null-ptr-deref-in-xfs_sysfs_init.patch new file mode 100644 index 0000000..a20ca8f --- /dev/null +++ b/patches.suse/xfs-Fix-UBSAN-null-ptr-deref-in-xfs_sysfs_init.patch @@ -0,0 +1,59 @@ +From 96cf2a2c75567ff56195fe3126d497a2e7e4379f Mon Sep 17 00:00:00 2001 +From: Eiichi Tsukata +Date: Thu, 6 Aug 2020 15:18:48 -0700 +Subject: [PATCH] xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init +Git-commit: 96cf2a2c75567ff56195fe3126d497a2e7e4379f +Patch-mainline: v5.9-rc1 +References: git-fixes + +If xfs_sysfs_init is called with parent_kobj == NULL, UBSAN +shows the following warning: + + UBSAN: null-ptr-deref in ./fs/xfs/xfs_sysfs.h:37:23 + member access within null pointer of type 'struct xfs_kobj' + Call Trace: + dump_stack+0x10e/0x195 + ubsan_type_mismatch_common+0x241/0x280 + __ubsan_handle_type_mismatch_v1+0x32/0x40 + init_xfs_fs+0x12b/0x28f + do_one_initcall+0xdd/0x1d0 + do_initcall_level+0x151/0x1b6 + do_initcalls+0x50/0x8f + do_basic_setup+0x29/0x2b + kernel_init_freeable+0x19f/0x20b + kernel_init+0x11/0x1e0 + ret_from_fork+0x22/0x30 + +Fix it by checking parent_kobj before the code accesses its member. + +Signed-off-by: Eiichi Tsukata +Reviewed-by: Darrick J. Wong +[darrick: minor whitespace edits] +Signed-off-by: Darrick J. Wong +Acked-by: Anthony Iliopoulos + +--- + fs/xfs/xfs_sysfs.h | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/fs/xfs/xfs_sysfs.h b/fs/xfs/xfs_sysfs.h +index e9f810fc6731..43585850f154 100644 +--- a/fs/xfs/xfs_sysfs.h ++++ b/fs/xfs/xfs_sysfs.h +@@ -32,9 +32,11 @@ xfs_sysfs_init( + struct xfs_kobj *parent_kobj, + const char *name) + { ++ struct kobject *parent; ++ ++ parent = parent_kobj ? &parent_kobj->kobject : NULL; + init_completion(&kobj->complete); +- return kobject_init_and_add(&kobj->kobject, ktype, +- &parent_kobj->kobject, "%s", name); ++ return kobject_init_and_add(&kobj->kobject, ktype, parent, "%s", name); + } + + static inline void +-- +2.35.3 + diff --git a/patches.suse/xfs-Fix-bulkstat-compat-ioctls-on-x32-userspace.patch b/patches.suse/xfs-Fix-bulkstat-compat-ioctls-on-x32-userspace.patch new file mode 100644 index 0000000..767d868 --- /dev/null +++ b/patches.suse/xfs-Fix-bulkstat-compat-ioctls-on-x32-userspace.patch @@ -0,0 +1,94 @@ +From 7ca860e3c1a74ad6bd8949364073ef1044cad758 Mon Sep 17 00:00:00 2001 +From: Nick Bowler +Date: Mon, 17 Dec 2018 09:35:27 -0800 +Subject: [PATCH] xfs: Fix bulkstat compat ioctls on x32 userspace. +Git-commit: 7ca860e3c1a74ad6bd8949364073ef1044cad758 +Patch-mainline: v5.0-rc1 +References: git-fixes + +The bulkstat family of ioctls are problematic on x32, because there is +a mixup of native 32-bit and 64-bit conventions. The xfs_fsop_bulkreq +struct contains pointers and 32-bit integers so that matches the native +32-bit layout, and that means the ioctl implementation goes into the +regular compat path on x32. + +However, the 'ubuffer' member of that struct in turn refers to either +struct xfs_inogrp or xfs_bstat (or an array of these). On x32, those +structures match the native 64-bit layout. The compat implementation +writes out the 32-bit version of these structures. This is not the +expected format for x32 userspace, causing problems. + +Fortunately the functions which actually output these xfs_inogrp and +xfs_bstat structures have an easy way to select which output format +is required, so we just need a little tweak to select the right format +on x32. + +Signed-off-by: Nick Bowler +Reviewed-by: Darrick J. Wong +Signed-off-by: Darrick J. Wong +Acked-by: Anthony Iliopoulos + +--- + fs/xfs/xfs_ioctl32.c | 34 ++++++++++++++++++++++++++++++---- + 1 file changed, 30 insertions(+), 4 deletions(-) + +diff --git a/fs/xfs/xfs_ioctl32.c b/fs/xfs/xfs_ioctl32.c +index 4c34efcbf7e8..b044f7d36782 100644 +--- a/fs/xfs/xfs_ioctl32.c ++++ b/fs/xfs/xfs_ioctl32.c +@@ -241,6 +241,32 @@ xfs_compat_ioc_bulkstat( + int done; + int error; + ++ /* ++ * Output structure handling functions. Depending on the command, ++ * either the xfs_bstat and xfs_inogrp structures are written out ++ * to userpace memory via bulkreq.ubuffer. Normally the compat ++ * functions and structure size are the correct ones to use ... ++ */ ++ inumbers_fmt_pf inumbers_func = xfs_inumbers_fmt_compat; ++ bulkstat_one_pf bs_one_func = xfs_bulkstat_one_compat; ++ size_t bs_one_size = sizeof(struct compat_xfs_bstat); ++ ++#ifdef CONFIG_X86_X32 ++ if (in_x32_syscall()) { ++ /* ++ * ... but on x32 the input xfs_fsop_bulkreq has pointers ++ * which must be handled in the "compat" (32-bit) way, while ++ * the xfs_bstat and xfs_inogrp structures follow native 64- ++ * bit layout convention. So adjust accordingly, otherwise ++ * the data written out in compat layout will not match what ++ * x32 userspace expects. ++ */ ++ inumbers_func = xfs_inumbers_fmt; ++ bs_one_func = xfs_bulkstat_one; ++ bs_one_size = sizeof(struct xfs_bstat); ++ } ++#endif ++ + /* done = 1 if there are more stats to get and if bulkstat */ + /* should be called again (unused here, but used in dmapi) */ + +@@ -272,15 +298,15 @@ xfs_compat_ioc_bulkstat( + + if (cmd == XFS_IOC_FSINUMBERS_32) { + error = xfs_inumbers(mp, &inlast, &count, +- bulkreq.ubuffer, xfs_inumbers_fmt_compat); ++ bulkreq.ubuffer, inumbers_func); + } else if (cmd == XFS_IOC_FSBULKSTAT_SINGLE_32) { + int res; + +- error = xfs_bulkstat_one_compat(mp, inlast, bulkreq.ubuffer, +- sizeof(compat_xfs_bstat_t), NULL, &res); ++ error = bs_one_func(mp, inlast, bulkreq.ubuffer, ++ bs_one_size, NULL, &res); + } else if (cmd == XFS_IOC_FSBULKSTAT_32) { + error = xfs_bulkstat(mp, &inlast, &count, +- xfs_bulkstat_one_compat, sizeof(compat_xfs_bstat_t), ++ bs_one_func, bs_one_size, + bulkreq.ubuffer, &done); + } else + error = -EINVAL; +-- +2.35.3 + diff --git a/patches.suse/xfs-Fix-unreferenced-object-reported-by-kmemleak-in-.patch b/patches.suse/xfs-Fix-unreferenced-object-reported-by-kmemleak-in-.patch new file mode 100644 index 0000000..52ad74b --- /dev/null +++ b/patches.suse/xfs-Fix-unreferenced-object-reported-by-kmemleak-in-.patch @@ -0,0 +1,69 @@ +From d08af40340cad0e025d643c3982781a8f99d5032 Mon Sep 17 00:00:00 2001 +From: Li Zetao +Date: Tue, 18 Oct 2022 14:38:29 -0700 +Subject: [PATCH] xfs: Fix unreferenced object reported by kmemleak in + xfs_sysfs_init() +Git-commit: d08af40340cad0e025d643c3982781a8f99d5032 +Patch-mainline: v6.1-rc4 +References: git-fixes + +kmemleak reported a sequence of memory leaks, and one of them indicated we +failed to free a pointer: + comm "mount", pid 19610, jiffies 4297086464 (age 60.635s) + hex dump (first 8 bytes): + 73 64 61 00 81 88 ff ff sda..... + backtrace: + [<00000000d77f3e04>] kstrdup_const+0x46/0x70 + [<00000000e51fa804>] kobject_set_name_vargs+0x2f/0xb0 + [<00000000247cd595>] kobject_init_and_add+0xb0/0x120 + [<00000000f9139aaf>] xfs_mountfs+0x367/0xfc0 + [<00000000250d3caf>] xfs_fs_fill_super+0xa16/0xdc0 + [<000000008d873d38>] get_tree_bdev+0x256/0x390 + [<000000004881f3fa>] vfs_get_tree+0x41/0xf0 + [<000000008291ab52>] path_mount+0x9b3/0xdd0 + [<0000000022ba8f2d>] __x64_sys_mount+0x190/0x1d0 + +As mentioned in kobject_init_and_add() comment, if this function +returns an error, kobject_put() must be called to properly clean up +the memory associated with the object. Apparently, xfs_sysfs_init() +does not follow such a requirement. When kobject_init_and_add() +returns an error, the space of kobj->kobject.name alloced by +kstrdup_const() is unfree, which will cause the above stack. + +Fix it by adding kobject_put() when kobject_init_and_add returns an +error. + +Fixes: a31b1d3d89e4 ("xfs: add xfs_mount sysfs kobject") +Signed-off-by: Li Zetao +Reviewed-by: Darrick J. Wong +Signed-off-by: Darrick J. Wong +Acked-by: Anthony Iliopoulos + +--- + fs/xfs/xfs_sysfs.h | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/fs/xfs/xfs_sysfs.h b/fs/xfs/xfs_sysfs.h +index 43585850f154..513095e353a5 100644 +--- a/fs/xfs/xfs_sysfs.h ++++ b/fs/xfs/xfs_sysfs.h +@@ -33,10 +33,15 @@ xfs_sysfs_init( + const char *name) + { + struct kobject *parent; ++ int err; + + parent = parent_kobj ? &parent_kobj->kobject : NULL; + init_completion(&kobj->complete); +- return kobject_init_and_add(&kobj->kobject, ktype, parent, "%s", name); ++ err = kobject_init_and_add(&kobj->kobject, ktype, parent, "%s", name); ++ if (err) ++ kobject_put(&kobj->kobject); ++ ++ return err; + } + + static inline void +-- +2.35.3 + diff --git a/patches.suse/xfs-fix-attr-leaf-header-freemap.size-underflow.patch b/patches.suse/xfs-fix-attr-leaf-header-freemap.size-underflow.patch new file mode 100644 index 0000000..eaee572 --- /dev/null +++ b/patches.suse/xfs-fix-attr-leaf-header-freemap.size-underflow.patch @@ -0,0 +1,59 @@ +From 2a2b5932db67586bacc560cc065d62faece5b996 Mon Sep 17 00:00:00 2001 +From: Brian Foster +Date: Fri, 15 Nov 2019 21:15:08 -0800 +Subject: [PATCH] xfs: fix attr leaf header freemap.size underflow +Git-commit: 2a2b5932db67586bacc560cc065d62faece5b996 +Patch-mainline: v5.5-rc1 +References: git-fixes + +The leaf format xattr addition helper xfs_attr3_leaf_add_work() +adjusts the block freemap in a couple places. The first update drops +the size of the freemap that the caller had already selected to +place the xattr name/value data. Before the function returns, it +also checks whether the entries array has encroached on a freemap +range by virtue of the new entry addition. This is necessary because +the entries array grows from the start of the block (but end of the +block header) towards the end of the block while the name/value data +grows from the end of the block in the opposite direction. If the +associated freemap is already empty, however, size is zero and the +subtraction underflows the field and causes corruption. + +This is reproduced rarely by generic/070. The observed behavior is +that a smaller sized freemap is aligned to the end of the entries +list, several subsequent xattr additions land in larger freemaps and +the entries list expands into the smaller freemap until it is fully +consumed and then underflows. Note that it is not otherwise a +corruption for the entries array to consume an empty freemap because +the nameval list (i.e. the firstused pointer in the xattr header) +starts beyond the end of the corrupted freemap. + +Update the freemap size modification to account for the fact that +the freemap entry can be empty and thus stale. + +Signed-off-by: Brian Foster +Reviewed-by: Darrick J. Wong +Signed-off-by: Darrick J. Wong +Acked-by: Anthony Iliopoulos + +--- + fs/xfs/libxfs/xfs_attr_leaf.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c +index 85ec5945d29f..86155260d8b9 100644 +--- a/fs/xfs/libxfs/xfs_attr_leaf.c ++++ b/fs/xfs/libxfs/xfs_attr_leaf.c +@@ -1510,7 +1510,9 @@ xfs_attr3_leaf_add_work( + for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) { + if (ichdr->freemap[i].base == tmp) { + ichdr->freemap[i].base += sizeof(xfs_attr_leaf_entry_t); +- ichdr->freemap[i].size -= sizeof(xfs_attr_leaf_entry_t); ++ ichdr->freemap[i].size -= ++ min_t(uint16_t, ichdr->freemap[i].size, ++ sizeof(xfs_attr_leaf_entry_t)); + } + } + ichdr->usedbytes += xfs_attr_leaf_entsize(leaf, args->index); +-- +2.35.3 + diff --git a/patches.suse/xfs-fix-leaks-on-corruption-errors-in-xfs_bmap.c.patch b/patches.suse/xfs-fix-leaks-on-corruption-errors-in-xfs_bmap.c.patch new file mode 100644 index 0000000..70c583d --- /dev/null +++ b/patches.suse/xfs-fix-leaks-on-corruption-errors-in-xfs_bmap.c.patch @@ -0,0 +1,49 @@ +From d41c6172bd4031979eab722c265a2e5764383c3c Mon Sep 17 00:00:00 2001 +From: Eric Sandeen +Date: Mon, 27 Nov 2017 18:23:32 -0800 +Subject: [PATCH] xfs: fix leaks on corruption errors in xfs_bmap.c +Git-commit: d41c6172bd4031979eab722c265a2e5764383c3c +Patch-mainline: v4.15-rc2 +References: git-fixes + +Use _GOTO instead of _RETURN so we can free the allocated +cursor on error. + +Fixes: bf80628 ("xfs: remove xfs_bmse_shift_one") +Fixes-coverity-id: 1423813, 1423676 +Signed-off-by: Eric Sandeen +Reviewed-by: Darrick J. Wong +Signed-off-by: Darrick J. Wong +Acked-by: Anthony Iliopoulos + +--- + fs/xfs/libxfs/xfs_bmap.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c +index 08df809e2315..1210f684d3c2 100644 +--- a/fs/xfs/libxfs/xfs_bmap.c ++++ b/fs/xfs/libxfs/xfs_bmap.c +@@ -5662,7 +5662,8 @@ xfs_bmap_collapse_extents( + *done = true; + goto del_cursor; + } +- XFS_WANT_CORRUPTED_RETURN(mp, !isnullstartblock(got.br_startblock)); ++ XFS_WANT_CORRUPTED_GOTO(mp, !isnullstartblock(got.br_startblock), ++ del_cursor); + + new_startoff = got.br_startoff - offset_shift_fsb; + if (xfs_iext_peek_prev_extent(ifp, &icur, &prev)) { +@@ -5767,7 +5768,8 @@ xfs_bmap_insert_extents( + goto del_cursor; + } + } +- XFS_WANT_CORRUPTED_RETURN(mp, !isnullstartblock(got.br_startblock)); ++ XFS_WANT_CORRUPTED_GOTO(mp, !isnullstartblock(got.br_startblock), ++ del_cursor); + + if (stop_fsb >= got.br_startoff + got.br_blockcount) { + error = -EIO; +-- +2.35.3 + diff --git a/patches.suse/xfs-fix-mount-failure-crash-on-invalid-iclog-memory-.patch b/patches.suse/xfs-fix-mount-failure-crash-on-invalid-iclog-memory-.patch new file mode 100644 index 0000000..df3328a --- /dev/null +++ b/patches.suse/xfs-fix-mount-failure-crash-on-invalid-iclog-memory-.patch @@ -0,0 +1,42 @@ +From 798a9cada4694ca8d970259f216cec47e675bfd5 Mon Sep 17 00:00:00 2001 +From: Brian Foster +Date: Tue, 3 Dec 2019 07:53:15 -0800 +Subject: [PATCH] xfs: fix mount failure crash on invalid iclog memory access +Git-commit: 798a9cada4694ca8d970259f216cec47e675bfd5 +Patch-mainline: v5.5-rc1 +References: git-fixes + +syzbot (via KASAN) reports a use-after-free in the error path of +xlog_alloc_log(). Specifically, the iclog freeing loop doesn't +handle the case of a fully initialized ->l_iclog linked list. +Instead, it assumes that the list is partially constructed and NULL +terminated. + +This bug manifested because there was no possible error scenario +after iclog list setup when the original code was added. Subsequent +code and associated error conditions were added some time later, +while the original error handling code was never updated. Fix up the +error loop to terminate either on a NULL iclog or reaching the end +of the list. + +Reported-by: syzbot+c732f8644185de340492@syzkaller.appspotmail.com +Signed-off-by: Brian Foster +Reviewed-by: Darrick J. Wong +Signed-off-by: Darrick J. Wong +Acked-by: Anthony Iliopoulos + +--- + fs/xfs/xfs_log.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/xfs/xfs_log.c ++++ b/fs/xfs/xfs_log.c +@@ -1570,6 +1570,8 @@ out_free_iclog: + if (iclog->ic_bp) + xfs_buf_free(iclog->ic_bp); + kmem_free(iclog); ++ if (prev_iclog == log->l_iclog) ++ break; + } + spinlock_destroy(&log->l_icloglock); + xfs_buf_free(log->l_xbuf); diff --git a/patches.suse/xfs-fix-partially-uninitialized-structure-in-xfs_ref.patch b/patches.suse/xfs-fix-partially-uninitialized-structure-in-xfs_ref.patch new file mode 100644 index 0000000..81f1e7f --- /dev/null +++ b/patches.suse/xfs-fix-partially-uninitialized-structure-in-xfs_ref.patch @@ -0,0 +1,39 @@ +From c142932c29e533ee892f87b44d8abc5719edceec Mon Sep 17 00:00:00 2001 +From: "Darrick J. Wong" +Date: Sun, 12 Apr 2020 13:11:11 -0700 +Subject: [PATCH] xfs: fix partially uninitialized structure in + xfs_reflink_remap_extent +Git-commit: c142932c29e533ee892f87b44d8abc5719edceec +Patch-mainline: v5.7-rc2 +References: git-fixes + +In the reflink extent remap function, it turns out that uirec (the block +mapping corresponding only to the part of the passed-in mapping that got +unmapped) was not fully initialized. Specifically, br_state was not +being copied from the passed-in struct to the uirec. This could lead to +unpredictable results such as the reflinked mapping being marked +unwritten in the destination file. + +Signed-off-by: Darrick J. Wong +Reviewed-by: Brian Foster +Acked-by: Anthony Iliopoulos + +--- + fs/xfs/xfs_reflink.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fs/xfs/xfs_reflink.c b/fs/xfs/xfs_reflink.c +index b0ce04ffd3cd..107bf2a2f344 100644 +--- a/fs/xfs/xfs_reflink.c ++++ b/fs/xfs/xfs_reflink.c +@@ -1051,6 +1051,7 @@ xfs_reflink_remap_extent( + uirec.br_startblock = irec->br_startblock + rlen; + uirec.br_startoff = irec->br_startoff + rlen; + uirec.br_blockcount = unmap_len - rlen; ++ uirec.br_state = irec->br_state; + unmap_len = rlen; + + /* If this isn't a real mapping, we're done. */ +-- +2.35.3 + diff --git a/patches.suse/xfs-fix-realtime-bitmap-summary-file-truncation-when.patch b/patches.suse/xfs-fix-realtime-bitmap-summary-file-truncation-when.patch new file mode 100644 index 0000000..42e1771 --- /dev/null +++ b/patches.suse/xfs-fix-realtime-bitmap-summary-file-truncation-when.patch @@ -0,0 +1,70 @@ +From f4c32e87de7d66074d5612567c5eac7325024428 Mon Sep 17 00:00:00 2001 +From: "Darrick J. Wong" +Date: Wed, 7 Oct 2020 13:55:16 -0700 +Subject: [PATCH] xfs: fix realtime bitmap/summary file truncation when growing + rt volume +Git-commit: f4c32e87de7d66074d5612567c5eac7325024428 +Patch-mainline: v5.10-rc1 +References: git-fixes + +The realtime bitmap and summary files are regular files that are hidden +away from the directory tree. Since they're regular files, inode +inactivation will try to purge what it thinks are speculative +preallocations beyond the incore size of the file. Unfortunately, +xfs_growfs_rt forgets to update the incore size when it resizes the +inodes, with the result that inactivating the rt inodes at unmount time +will cause their contents to be truncated. + +Fix this by updating the incore size when we change the ondisk size as +part of updating the superblock. Note that we don't do this when we're +allocating blocks to the rt inodes because we actually want those blocks +to get purged if the growfs fails. + +This fixes corruption complaints from the online rtsummary checker when +running xfs/233. Since that test requires rmap, one can also trigger +this by growing an rt volume, cycling the mount, and creating rt files. + +Signed-off-by: Darrick J. Wong +Reviewed-by: Chandan Babu R +Acked-by: Anthony Iliopoulos + +--- + fs/xfs/xfs_rtalloc.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/fs/xfs/xfs_rtalloc.c b/fs/xfs/xfs_rtalloc.c +index 9d4e33d70d2a..1c3969807fb9 100644 +--- a/fs/xfs/xfs_rtalloc.c ++++ b/fs/xfs/xfs_rtalloc.c +@@ -1027,10 +1027,13 @@ xfs_growfs_rt( + xfs_ilock(mp->m_rbmip, XFS_ILOCK_EXCL); + xfs_trans_ijoin(tp, mp->m_rbmip, XFS_ILOCK_EXCL); + /* +- * Update the bitmap inode's size. ++ * Update the bitmap inode's size ondisk and incore. We need ++ * to update the incore size so that inode inactivation won't ++ * punch what it thinks are "posteof" blocks. + */ + mp->m_rbmip->i_d.di_size = + nsbp->sb_rbmblocks * nsbp->sb_blocksize; ++ i_size_write(VFS_I(mp->m_rbmip), mp->m_rbmip->i_d.di_size); + xfs_trans_log_inode(tp, mp->m_rbmip, XFS_ILOG_CORE); + /* + * Get the summary inode into the transaction. +@@ -1038,9 +1041,12 @@ xfs_growfs_rt( + xfs_ilock(mp->m_rsumip, XFS_ILOCK_EXCL); + xfs_trans_ijoin(tp, mp->m_rsumip, XFS_ILOCK_EXCL); + /* +- * Update the summary inode's size. ++ * Update the summary inode's size. We need to update the ++ * incore size so that inode inactivation won't punch what it ++ * thinks are "posteof" blocks. + */ + mp->m_rsumip->i_d.di_size = nmp->m_rsumsize; ++ i_size_write(VFS_I(mp->m_rsumip), mp->m_rsumip->i_d.di_size); + xfs_trans_log_inode(tp, mp->m_rsumip, XFS_ILOG_CORE); + /* + * Copy summary data from old to new sizes. +-- +2.35.3 + diff --git a/patches.suse/xfs-fix-use-after-free-race-in-xfs_buf_rele.patch b/patches.suse/xfs-fix-use-after-free-race-in-xfs_buf_rele.patch new file mode 100644 index 0000000..e4916ca --- /dev/null +++ b/patches.suse/xfs-fix-use-after-free-race-in-xfs_buf_rele.patch @@ -0,0 +1,123 @@ +From 37fd1678245f7a5898c1b05128bc481fb403c290 Mon Sep 17 00:00:00 2001 +From: Dave Chinner +Date: Thu, 18 Oct 2018 17:21:29 +1100 +Subject: [PATCH] xfs: fix use-after-free race in xfs_buf_rele +Git-commit: 37fd1678245f7a5898c1b05128bc481fb403c290 +Patch-mainline: v4.20-rc1 +References: git-fixes + +When looking at a 4.18 based KASAN use after free report, I noticed +that racing xfs_buf_rele() may race on dropping the last reference +to the buffer and taking the buffer lock. This was the symptom +displayed by the KASAN report, but the actual issue that was +reported had already been fixed in 4.19-rc1 by commit e339dd8d8b04 +("xfs: use sync buffer I/O for sync delwri queue submission"). + +Despite this, I think there is still an issue with xfs_buf_rele() +in this code: + + release = atomic_dec_and_lock(&bp->b_hold, &pag->pag_buf_lock); + spin_lock(&bp->b_lock); + if (!release) { +..... + +If two threads race on the b_lock after both dropping a reference +and one getting dropping the last reference so release = true, we +end up with: + +CPU 0 CPU 1 +atomic_dec_and_lock() + atomic_dec_and_lock() + spin_lock(&bp->b_lock) +spin_lock(&bp->b_lock) + + b_lru_ref = 0> + + freebuf = true + spin_unlock(&bp->b_lock) + xfs_buf_free(bp) + + +spin_unlock(&bp->b_lock) + +IOWs, we can't safely take bp->b_lock after dropping the hold +reference because the buffer may go away at any time after we +drop that reference. However, this can be fixed simply by taking the +bp->b_lock before we drop the reference. + +It is safe to nest the pag_buf_lock inside bp->b_lock as the +pag_buf_lock is only used to serialise against lookup in +xfs_buf_find() and no other locks are held over or under the +pag_buf_lock there. Make this clear by documenting the buffer lock +orders at the top of the file. + +Signed-off-by: Dave Chinner +Reviewed-by: Brian Foster +Reviewed-by: Carlos Maiolino +Acked-by: Anthony Iliopoulos + +--- + fs/xfs/xfs_buf.c | 38 +++++++++++++++++++++++++++++++++++++- + 1 file changed, 37 insertions(+), 1 deletion(-) + +diff --git a/fs/xfs/xfs_buf.c b/fs/xfs/xfs_buf.c +index 06149bac2f58..a372476e265d 100644 +--- a/fs/xfs/xfs_buf.c ++++ b/fs/xfs/xfs_buf.c +@@ -37,6 +37,32 @@ static kmem_zone_t *xfs_buf_zone; + #define xb_to_gfp(flags) \ + ((((flags) & XBF_READ_AHEAD) ? __GFP_NORETRY : GFP_NOFS) | __GFP_NOWARN) + ++/* ++ * Locking orders ++ * ++ * xfs_buf_ioacct_inc: ++ * xfs_buf_ioacct_dec: ++ * b_sema (caller holds) ++ * b_lock ++ * ++ * xfs_buf_stale: ++ * b_sema (caller holds) ++ * b_lock ++ * lru_lock ++ * ++ * xfs_buf_rele: ++ * b_lock ++ * pag_buf_lock ++ * lru_lock ++ * ++ * xfs_buftarg_wait_rele ++ * lru_lock ++ * b_lock (trylock due to inversion) ++ * ++ * xfs_buftarg_isolate ++ * lru_lock ++ * b_lock (trylock due to inversion) ++ */ + + static inline int + xfs_buf_is_vmapped( +@@ -1036,8 +1062,18 @@ xfs_buf_rele( + + ASSERT(atomic_read(&bp->b_hold) > 0); + +- release = atomic_dec_and_lock(&bp->b_hold, &pag->pag_buf_lock); ++ /* ++ * We grab the b_lock here first to serialise racing xfs_buf_rele() ++ * calls. The pag_buf_lock being taken on the last reference only ++ * serialises against racing lookups in xfs_buf_find(). IOWs, the second ++ * to last reference we drop here is not serialised against the last ++ * reference until we take bp->b_lock. Hence if we don't grab b_lock ++ * first, the last "release" reference can win the race to the lock and ++ * free the buffer before the second-to-last reference is processed, ++ * leading to a use-after-free scenario. ++ */ + spin_lock(&bp->b_lock); ++ release = atomic_dec_and_lock(&bp->b_hold, &pag->pag_buf_lock); + if (!release) { + /* + * Drop the in-flight state if the buffer is already on the LRU +-- +2.35.3 + diff --git a/patches.suse/xfs-initialize-the-shortform-attr-header-padding-ent.patch b/patches.suse/xfs-initialize-the-shortform-attr-header-padding-ent.patch new file mode 100644 index 0000000..4dfaf43 --- /dev/null +++ b/patches.suse/xfs-initialize-the-shortform-attr-header-padding-ent.patch @@ -0,0 +1,38 @@ +From 125eac243806e021f33a1fdea3687eccbb9f7636 Mon Sep 17 00:00:00 2001 +From: "Darrick J. Wong" +Date: Wed, 26 Aug 2020 14:12:18 -0700 +Subject: [PATCH] xfs: initialize the shortform attr header padding entry +Git-commit: 125eac243806e021f33a1fdea3687eccbb9f7636 +Patch-mainline: v5.9-rc4 +References: git-fixes + +Don't leak kernel memory contents into the shortform attr fork. + +Signed-off-by: Darrick J. Wong +Reviewed-by: Eric Sandeen +Reviewed-by: Dave Chinner +Reviewed-by: Christoph Hellwig +Acked-by: Anthony Iliopoulos + +--- + fs/xfs/libxfs/xfs_attr_leaf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c +index 383b08f2ac61..305d4bc07337 100644 +--- a/fs/xfs/libxfs/xfs_attr_leaf.c ++++ b/fs/xfs/libxfs/xfs_attr_leaf.c +@@ -653,8 +653,8 @@ xfs_attr_shortform_create( + ASSERT(ifp->if_flags & XFS_IFINLINE); + } + xfs_idata_realloc(dp, sizeof(*hdr), XFS_ATTR_FORK); +- hdr = (xfs_attr_sf_hdr_t *)ifp->if_u1.if_data; +- hdr->count = 0; ++ hdr = (struct xfs_attr_sf_hdr *)ifp->if_u1.if_data; ++ memset(hdr, 0, sizeof(*hdr)); + hdr->totsize = cpu_to_be16(sizeof(*hdr)); + xfs_trans_log_inode(args->trans, dp, XFS_ILOG_CORE | XFS_ILOG_ADATA); + } +-- +2.35.3 + diff --git a/patches.suse/xfs-make-sure-the-rt-allocator-doesn-t-run-off-the-e.patch b/patches.suse/xfs-make-sure-the-rt-allocator-doesn-t-run-off-the-e.patch new file mode 100644 index 0000000..e18243c --- /dev/null +++ b/patches.suse/xfs-make-sure-the-rt-allocator-doesn-t-run-off-the-e.patch @@ -0,0 +1,58 @@ +From 2a6ca4baed620303d414934aa1b7b0a8e7bab05f Mon Sep 17 00:00:00 2001 +From: "Darrick J. Wong" +Date: Wed, 9 Sep 2020 14:21:06 -0700 +Subject: [PATCH] xfs: make sure the rt allocator doesn't run off the end +Git-commit: 2a6ca4baed620303d414934aa1b7b0a8e7bab05f +Patch-mainline: v5.10-rc1 +References: git-fixes + +There's an overflow bug in the realtime allocator. If the rt volume is +large enough to handle a single allocation request that is larger than +the maximum bmap extent length and the rt bitmap ends exactly on a +bitmap block boundary, it's possible that the near allocator will try to +check the freeness of a range that extends past the end of the bitmap. +This fails with a corruption error and shuts down the fs. + +Therefore, constrain maxlen so that the range scan cannot run off the +end of the rt bitmap. + +Signed-off-by: Darrick J. Wong +Reviewed-by: Christoph Hellwig +Acked-by: Anthony Iliopoulos + +--- + fs/xfs/xfs_rtalloc.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/fs/xfs/xfs_rtalloc.c b/fs/xfs/xfs_rtalloc.c +index 0558f92ecdb8..5b89c12f1566 100644 +--- a/fs/xfs/xfs_rtalloc.c ++++ b/fs/xfs/xfs_rtalloc.c +@@ -247,6 +247,9 @@ xfs_rtallocate_extent_block( + end = XFS_BLOCKTOBIT(mp, bbno + 1) - 1; + i <= end; + i++) { ++ /* Make sure we don't scan off the end of the rt volume. */ ++ maxlen = min(mp->m_sb.sb_rextents, i + maxlen) - i; ++ + /* + * See if there's a free extent of maxlen starting at i. + * If it's not so then next will contain the first non-free. +@@ -442,6 +445,14 @@ xfs_rtallocate_extent_near( + */ + if (bno >= mp->m_sb.sb_rextents) + bno = mp->m_sb.sb_rextents - 1; ++ ++ /* Make sure we don't run off the end of the rt volume. */ ++ maxlen = min(mp->m_sb.sb_rextents, bno + maxlen) - bno; ++ if (maxlen < minlen) { ++ *rtblock = NULLRTBLOCK; ++ return 0; ++ } ++ + /* + * Try the exact allocation first. + */ +-- +2.35.3 + diff --git a/patches.suse/xfs-require-both-realtime-inodes-to-mount.patch b/patches.suse/xfs-require-both-realtime-inodes-to-mount.patch new file mode 100644 index 0000000..d4dbb7c --- /dev/null +++ b/patches.suse/xfs-require-both-realtime-inodes-to-mount.patch @@ -0,0 +1,40 @@ +From 64bafd2f1e484e27071e7584642005d56516cb77 Mon Sep 17 00:00:00 2001 +From: "Darrick J. Wong" +Date: Wed, 12 Dec 2018 15:18:52 -0800 +Subject: [PATCH] xfs: require both realtime inodes to mount +Git-commit: 64bafd2f1e484e27071e7584642005d56516cb77 +Patch-mainline: v5.0-rc1 +References: git-fixes + +Since mkfs always formats the filesystem with the realtime bitmap and +summary inodes immediately after the root directory, we should expect +that both of them are present and loadable, even if there isn't a +realtime volume attached. There's no reason to skip this if rbmino == +NULLFSINO; in fact, this causes an immediate crash if the there /is/ a +realtime volume and someone writes to it. + +Signed-off-by: Darrick J. Wong +Reviewed-by: Bill O'Donnell +Acked-by: Anthony Iliopoulos + +--- + fs/xfs/xfs_rtalloc.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/fs/xfs/xfs_rtalloc.c ++++ b/fs/xfs/xfs_rtalloc.c +@@ -1214,13 +1214,11 @@ xfs_rtmount_inodes( + xfs_sb_t *sbp; + + sbp = &mp->m_sb; +- if (sbp->sb_rbmino == NULLFSINO) +- return 0; + error = xfs_iget(mp, NULL, sbp->sb_rbmino, 0, 0, &mp->m_rbmip); + if (error) + return error; + ASSERT(mp->m_rbmip != NULL); +- ASSERT(sbp->sb_rsumino != NULLFSINO); ++ + error = xfs_iget(mp, NULL, sbp->sb_rsumino, 0, 0, &mp->m_rsumip); + if (error) { + IRELE(mp->m_rbmip); diff --git a/patches.suse/xhci-Don-t-show-warning-for-reinit-on-known-broken-s.patch b/patches.suse/xhci-Don-t-show-warning-for-reinit-on-known-broken-s.patch new file mode 100644 index 0000000..640fc02 --- /dev/null +++ b/patches.suse/xhci-Don-t-show-warning-for-reinit-on-known-broken-s.patch @@ -0,0 +1,47 @@ +From 484d6f7aa3283d082c87654b7fe7a7f725423dfb Mon Sep 17 00:00:00 2001 +From: Mario Limonciello +Date: Wed, 21 Sep 2022 15:34:47 +0300 +Subject: [PATCH] xhci: Don't show warning for reinit on known broken suspend +Git-commit: 484d6f7aa3283d082c87654b7fe7a7f725423dfb +References: git-fixes +Patch-mainline: v6.1-rc1 + +commit 8b328f8002bc ("xhci: re-initialize the HC during resume if HCE was +set") introduced a new warning message when the host controller error +was set and re-initializing. + +This is expected behavior on some designs which already set +`xhci->broken_suspend` so the new warning is alarming to some users. + +Modify the code to only show the warning if this was a surprising behavior +to the XHCI driver. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=216470 +Fixes: 8b328f8002bc ("xhci: re-initialize the HC during resume if HCE was set") +Reported-by: Artem S. Tashkinov +Signed-off-by: Mario Limonciello +Signed-off-by: Mathias Nyman +Link: https://lore.kernel.org/r/20220921123450.671459-4-mathias.nyman@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Oliver Neukum +--- + drivers/usb/host/xhci.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c +index e8837c5d6f5c..9f6b55281f44 100644 +--- a/drivers/usb/host/xhci.c ++++ b/drivers/usb/host/xhci.c +@@ -1183,7 +1183,8 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated) + /* re-initialize the HC on Restore Error, or Host Controller Error */ + if (temp & (STS_SRE | STS_HCE)) { + reinit_xhc = true; +- xhci_warn(xhci, "xHC error in resume, USBSTS 0x%x, Reinit\n", temp); ++ if (!xhci->broken_suspend) ++ xhci_warn(xhci, "xHC error in resume, USBSTS 0x%x, Reinit\n", temp); + } + + if (reinit_xhc) { +-- +2.39.2 + diff --git a/rpm/group-source-files.pl b/rpm/group-source-files.pl index 768ecff..89fa8e8 100755 --- a/rpm/group-source-files.pl +++ b/rpm/group-source-files.pl @@ -66,7 +66,7 @@ sub calc_dirs do { $path =~ s{/[^/]+$}{}; $dirs{$path} = 1; - } while ($path ne $base); + } while ($path ne $base and $path ne ""); # This loop also makes sure that $base itself is included. } diff --git a/rpm/kernel-binary.spec.in b/rpm/kernel-binary.spec.in index 0a0f856..e9a2439 100644 --- a/rpm/kernel-binary.spec.in +++ b/rpm/kernel-binary.spec.in @@ -718,6 +718,10 @@ export BRP_PESIGN_FILES %if "%{compress_modules}" != "none" export BRP_PESIGN_COMPRESS_MODULE=%{compress_modules} %endif +# Do not sign vanilla kernels released in official projects +%if %build_vanilla && ! %vanilla_only +BRP_PESIGN_FILES="" +%endif if test -x /usr/lib/rpm/pesign/gen-hmac; then $_ -r %buildroot /boot/%image-%kernelrelease-%build_flavor diff --git a/rpm/kernel-module-subpackage b/rpm/kernel-module-subpackage index 6645965..3a3d18c 100644 --- a/rpm/kernel-module-subpackage +++ b/rpm/kernel-module-subpackage @@ -82,23 +82,28 @@ END { exit(! good) } ' $spec ) %pre -n %{-n*}-kmp-%1 -%{-b:KMP_NEEDS_MKINITRD=1} /usr/lib/module-init-tools/kernel-scriptlets/kmp-pre --name "%{-n*}-kmp-%1" \ +%{-b:KMP_NEEDS_MKINITRD=1; export KMP_NEEDS_MKINITRD} +/usr/lib/module-init-tools/kernel-scriptlets/kmp-pre --name "%{-n*}-kmp-%1" \ --version "%_this_kmp_version" --release "%{-r*}" --kernelrelease "%2" \ --flavor "%1" --usrmerged "0%{?usrmerged}" "$@" %post -n %{-n*}-kmp-%1 -%{-b:KMP_NEEDS_MKINITRD=1} /usr/lib/module-init-tools/kernel-scriptlets/kmp-post --name "%{-n*}-kmp-%1" \ +%{-b:KMP_NEEDS_MKINITRD=1; export KMP_NEEDS_MKINITRD} +/usr/lib/module-init-tools/kernel-scriptlets/kmp-post --name "%{-n*}-kmp-%1" \ --version "%_this_kmp_version" --release "%{-r*}" --kernelrelease "%2" \ --flavor "%1" --usrmerged "0%{?usrmerged}" "$@" %preun -n %{-n*}-kmp-%1 -%{-b:KMP_NEEDS_MKINITRD=1} %run_if_exists /usr/lib/module-init-tools/kernel-scriptlets/kmp-preun --name "%{-n*}-kmp-%1" \ +%{-b:KMP_NEEDS_MKINITRD=1; export KMP_NEEDS_MKINITRD} +%run_if_exists /usr/lib/module-init-tools/kernel-scriptlets/kmp-preun --name "%{-n*}-kmp-%1" \ --version "%_this_kmp_version" --release "%{-r*}" --kernelrelease "%2" \ --flavor "%1" --usrmerged "0%{?usrmerged}" "$@" %postun -n %{-n*}-kmp-%1 -%{-b:KMP_NEEDS_MKINITRD=1} %run_if_exists /usr/lib/module-init-tools/kernel-scriptlets/kmp-postun --name "%{-n*}-kmp-%1" \ +%{-b:KMP_NEEDS_MKINITRD=1; export KMP_NEEDS_MKINITRD} +%run_if_exists /usr/lib/module-init-tools/kernel-scriptlets/kmp-postun --name "%{-n*}-kmp-%1" \ --version "%_this_kmp_version" --release "%{-r*}" --kernelrelease "%2" \ --flavor "%1" --usrmerged "0%{?usrmerged}" "$@" %posttrans -n %{-n*}-kmp-%1 -%{-b:KMP_NEEDS_MKINITRD=1} /usr/lib/module-init-tools/kernel-scriptlets/kmp-posttrans --name "%{-n*}-kmp-%1" \ +%{-b:KMP_NEEDS_MKINITRD=1; export KMP_NEEDS_MKINITRD} +/usr/lib/module-init-tools/kernel-scriptlets/kmp-posttrans --name "%{-n*}-kmp-%1" \ --version "%_this_kmp_version" --release "%{-r*}" --kernelrelease "%2" \ --flavor "%1" --usrmerged "0%{?usrmerged}" "$@" %files -n %{-n*}-kmp-%1 diff --git a/scripts/git_sort/tests/opensuse-15.3/Dockerfile b/scripts/git_sort/tests/opensuse-15.3/Dockerfile deleted file mode 100644 index 6c45bc6..0000000 --- a/scripts/git_sort/tests/opensuse-15.3/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# https://hub.docker.com/r/opensuse/leap/ -FROM opensuse/leap:15.3 AS base - -RUN zypper -n ref - -FROM base AS packages - -RUN zypper -n in git python3 python3-dbm rcs - -RUN git config --global user.email "you@example.com" -RUN git config --global user.name "Your Name" - -RUN zypper -n ar -G https://download.opensuse.org/repositories/Kernel:/tools/openSUSE_Leap_15.3/Kernel:tools.repo -RUN zypper -n in python3-pygit2 quilt - -FROM packages - -VOLUME /scripts - -WORKDIR /scripts/git_sort - -CMD python3 -m unittest discover -v diff --git a/scripts/git_sort/tests/opensuse-15.4/Dockerfile b/scripts/git_sort/tests/opensuse-15.4/Dockerfile new file mode 100644 index 0000000..1d5cbc7 --- /dev/null +++ b/scripts/git_sort/tests/opensuse-15.4/Dockerfile @@ -0,0 +1,24 @@ +# https://hub.docker.com/r/opensuse/leap/ +FROM opensuse/leap:15.4 AS base + +RUN zypper -n ref + +FROM base AS packages + +RUN zypper -n in git python3 python3-dbm rcs + +RUN git config --global user.email "you@example.com" +RUN git config --global user.name "Your Name" + +COPY Kernel.gpg /tmp +RUN rpmkeys --import /tmp/Kernel.gpg +RUN zypper -n ar https://download.opensuse.org/repositories/Kernel:/tools/SLE_15_SP4/Kernel:tools.repo +RUN zypper -n in python3-pygit2 quilt + +FROM packages + +VOLUME /scripts + +WORKDIR /scripts/git_sort + +CMD python3 -m unittest discover -v diff --git a/scripts/git_sort/tests/opensuse-tumbleweed/Dockerfile b/scripts/git_sort/tests/opensuse-tumbleweed/Dockerfile index 205d2c8..af6cfbc 100644 --- a/scripts/git_sort/tests/opensuse-tumbleweed/Dockerfile +++ b/scripts/git_sort/tests/opensuse-tumbleweed/Dockerfile @@ -10,7 +10,9 @@ RUN zypper -n in git python3 python3-dbm python3-pygit2 rcs util-linux RUN git config --global user.email "you@example.com" RUN git config --global user.name "Your Name" -RUN zypper -n ar -G https://download.opensuse.org/repositories/Kernel:/tools/openSUSE_Factory/Kernel:tools.repo +COPY Kernel.gpg /tmp +RUN rpmkeys --import /tmp/Kernel.gpg +RUN zypper -n ar https://download.opensuse.org/repositories/Kernel:/tools/openSUSE_Factory/Kernel:tools.repo RUN zypper -n in --from Kernel_tools quilt FROM packages diff --git a/scripts/git_sort/tests/run_all.sh b/scripts/git_sort/tests/run_all.sh index 0177c1a..f63ab5b 100755 --- a/scripts/git_sort/tests/run_all.sh +++ b/scripts/git_sort/tests/run_all.sh @@ -6,13 +6,19 @@ for release in \ sle12-sp4 \ sle12-sp5 \ sle15 \ - opensuse-15.3 \ + opensuse-15.4 \ opensuse-tumbleweed \ ; do echo "Building container image for $release..." + cp -a $libdir/../../lib/SUSE/Kernel.gpg $libdir/$release docker build -q -t gs-test-$release "$libdir/$release" + ret=$? + rm -f $libdir/$release/Kernel.gpg + [ $ret -eq 0 ] || exit $? echo "Running tests in $release:" docker run --rm --name=gs-test-$release \ --mount type=bind,source="$libdir/../../",target=/scripts,readonly \ gs-test-$release + ret=$? + [ $ret -eq 0 ] || exit $? done diff --git a/scripts/git_sort/tests/sle12-sp4/Dockerfile b/scripts/git_sort/tests/sle12-sp4/Dockerfile index e0c545b..49d8f9c 100644 --- a/scripts/git_sort/tests/sle12-sp4/Dockerfile +++ b/scripts/git_sort/tests/sle12-sp4/Dockerfile @@ -2,13 +2,13 @@ FROM registry.suse.de/suse/containers/sle-server/12-sp4/containers/suse/sles12sp4:latest AS base RUN rpm -e container-suseconnect -RUN zypper -n ar -G http://download.suse.de/ibs/SUSE:/SLE-12:/GA/standard/SUSE:SLE-12:GA.repo -RUN zypper -n ar -G http://download.suse.de/ibs/SUSE:/SLE-12:/Update/standard/SUSE:SLE-12:Update.repo -RUN zypper -n ar -G http://download.suse.de/install/SLP/SLE-12-SP4-Server-GM/$(rpm -E %_arch)/DVD1/ DVD1 -RUN zypper -n ar -G http://download.suse.de/install/SLP/SLE-12-SP4-Server-GM/$(rpm -E %_arch)/DVD2/ DVD2 -RUN zypper -n ar -G http://download.suse.de/install/SLP/SLE-12-SP4-Server-GM/$(rpm -E %_arch)/DVD3/ DVD3 +RUN zypper -n ar http://download.suse.de/ibs/SUSE:/SLE-12:/GA/standard/SUSE:SLE-12:GA.repo +RUN zypper -n ar http://download.suse.de/ibs/SUSE:/SLE-12:/Update/standard/SUSE:SLE-12:Update.repo +RUN zypper -n ar http://download.suse.de/install/SLP/SLE-12-SP4-Server-GM/$(rpm -E %_arch)/DVD1/ DVD1 +RUN zypper -n ar http://download.suse.de/install/SLP/SLE-12-SP4-Server-GM/$(rpm -E %_arch)/DVD2/ DVD2 +RUN zypper -n ar http://download.suse.de/install/SLP/SLE-12-SP4-Server-GM/$(rpm -E %_arch)/DVD3/ DVD3 # RUN zypper -n ar -G http://updates.suse.de/SUSE/Products/SLE-SDK/12-SP4/$(rpm -E %_arch)/product/ SDK -RUN zypper -n ar -G http://download.suse.de/update/build.suse.de/SUSE/Updates/SLE-SERVER/12-SP4/$(rpm -E %_arch)/update/SUSE:Updates:SLE-SERVER:12-SP4:$(rpm -E %_arch).repo +RUN zypper -n ar http://download.suse.de/update/build.suse.de/SUSE/Updates/SLE-SERVER/12-SP4/$(rpm -E %_arch)/update/SUSE:Updates:SLE-SERVER:12-SP4:$(rpm -E %_arch).repo RUN zypper -n ref @@ -19,7 +19,9 @@ RUN zypper -n in git-core python3 python3-dbm rcs RUN git config --global user.email "you@example.com" RUN git config --global user.name "Your Name" -RUN zypper -n ar -G https://download.opensuse.org/repositories/Kernel:/tools/SLE_12_SP4/Kernel:tools.repo +COPY Kernel.gpg /tmp +RUN rpmkeys --import /tmp/Kernel.gpg +RUN zypper -n ar https://download.opensuse.org/repositories/Kernel:/tools/SLE_12_SP4/Kernel:tools.repo RUN zypper -n in python3-pygit2 quilt FROM packages diff --git a/scripts/git_sort/tests/sle12-sp5/Dockerfile b/scripts/git_sort/tests/sle12-sp5/Dockerfile index c8b601d..f5e2f58 100644 --- a/scripts/git_sort/tests/sle12-sp5/Dockerfile +++ b/scripts/git_sort/tests/sle12-sp5/Dockerfile @@ -2,13 +2,13 @@ FROM registry.suse.de/suse/containers/sle-server/12-sp5/containers/suse/sles12sp5:latest AS base RUN rpm -e container-suseconnect -RUN zypper -n ar -G http://download.suse.de/ibs/SUSE:/SLE-12:/GA/standard/SUSE:SLE-12:GA.repo -RUN zypper -n ar -G http://download.suse.de/ibs/SUSE:/SLE-12:/Update/standard/SUSE:SLE-12:Update.repo -RUN zypper -n ar -G http://download.suse.de/install/SLP/SLE-12-SP5-Server-GM/$(rpm -E %_arch)/DVD1/ DVD1 -RUN zypper -n ar -G http://download.suse.de/install/SLP/SLE-12-SP5-Server-GM/$(rpm -E %_arch)/DVD2/ DVD2 -RUN zypper -n ar -G http://download.suse.de/install/SLP/SLE-12-SP5-Server-GM/$(rpm -E %_arch)/DVD3/ DVD3 +RUN zypper -n ar http://download.suse.de/ibs/SUSE:/SLE-12:/GA/standard/SUSE:SLE-12:GA.repo +RUN zypper -n ar http://download.suse.de/ibs/SUSE:/SLE-12:/Update/standard/SUSE:SLE-12:Update.repo +RUN zypper -n ar http://download.suse.de/install/SLP/SLE-12-SP5-Server-GM/$(rpm -E %_arch)/DVD1/ DVD1 +RUN zypper -n ar http://download.suse.de/install/SLP/SLE-12-SP5-Server-GM/$(rpm -E %_arch)/DVD2/ DVD2 +RUN zypper -n ar http://download.suse.de/install/SLP/SLE-12-SP5-Server-GM/$(rpm -E %_arch)/DVD3/ DVD3 # RUN zypper -n ar -G http://updates.suse.de/SUSE/Products/SLE-SDK/12-SP5/$(rpm -E %_arch)/product/ SDK -RUN zypper -n ar -G http://download.suse.de/update/build.suse.de/SUSE/Updates/SLE-SERVER/12-SP5/$(rpm -E %_arch)/update/SUSE:Updates:SLE-SERVER:12-SP5:$(rpm -E %_arch).repo +RUN zypper -n ar http://download.suse.de/update/build.suse.de/SUSE/Updates/SLE-SERVER/12-SP5/$(rpm -E %_arch)/update/SUSE:Updates:SLE-SERVER:12-SP5:$(rpm -E %_arch).repo RUN zypper -n ref @@ -19,7 +19,9 @@ RUN zypper -n in git-core python3 python3-dbm rcs RUN git config --global user.email "you@example.com" RUN git config --global user.name "Your Name" -RUN zypper -n ar -G https://download.opensuse.org/repositories/Kernel:/tools/SLE_12_SP5/Kernel:tools.repo +COPY Kernel.gpg /tmp +RUN rpmkeys --import /tmp/Kernel.gpg +RUN zypper -n ar https://download.opensuse.org/repositories/Kernel:/tools/SLE_12_SP5/Kernel:tools.repo RUN zypper -n in python3-pygit2 quilt FROM packages diff --git a/scripts/git_sort/tests/sle15/Dockerfile b/scripts/git_sort/tests/sle15/Dockerfile index 3fd5bf4..002074f 100644 --- a/scripts/git_sort/tests/sle15/Dockerfile +++ b/scripts/git_sort/tests/sle15/Dockerfile @@ -1,9 +1,9 @@ # http://registry.suse.de/ -FROM registry.suse.de/suse/containers/sle-server/15/containers/bci/python:3.9 AS base +FROM registry.suse.de/suse/containers/sle-server/15/containers/bci/python:3.6 AS base RUN rpm -e container-suseconnect -RUN zypper -n ar -G http://download.suse.de/ibs/SUSE:/SLE-15:/GA/standard/SUSE:SLE-15:GA.repo -RUN zypper -n ar -G http://download.suse.de/ibs/SUSE:/SLE-15:/Update/standard/SUSE:SLE-15:Update.repo +RUN zypper -n ar http://download.suse.de/ibs/SUSE:/SLE-15:/GA/standard/SUSE:SLE-15:GA.repo +RUN zypper -n ar http://download.suse.de/ibs/SUSE:/SLE-15:/Update/standard/SUSE:SLE-15:Update.repo RUN zypper -n ref FROM base AS packages @@ -13,7 +13,9 @@ RUN zypper -n in git-core python3 python3-dbm rcs awk RUN git config --global user.email "you@example.com" RUN git config --global user.name "Your Name" -RUN zypper -n ar -G https://download.opensuse.org/repositories/Kernel:/tools/SLE_15/Kernel:tools.repo +COPY Kernel.gpg /tmp +RUN rpmkeys --import /tmp/Kernel.gpg +RUN zypper -n ar https://download.opensuse.org/repositories/Kernel:/tools/SLE_15/Kernel:tools.repo RUN zypper -n in python3-pygit2 quilt FROM packages diff --git a/scripts/git_sort/tests/test_series_sort.py b/scripts/git_sort/tests/test_series_sort.py index f0ffe5b..25f80a9 100755 --- a/scripts/git_sort/tests/test_series_sort.py +++ b/scripts/git_sort/tests/test_series_sort.py @@ -293,8 +293,8 @@ class TestFromPatch(unittest.TestCase): self.repo.remotes.create("rdma", self.rdma_repo) self.dledford_repo = k_org_canon_prefix + "dledford/rdma.git" self.repo.remotes.create("dledford/rdma", self.dledford_repo) - self.nf_repo = k_org_canon_prefix + "pablo/nf.git" - self.repo.remotes.create("pablo/nf", self.nf_repo) + self.nf_repo = k_org_canon_prefix + "netfilter/nf.git" + self.repo.remotes.create("netfilter/nf", self.nf_repo) self.commits = {} self.commits["mainline 0"] = self.repo.create_commit( @@ -377,7 +377,7 @@ class TestFromPatch(unittest.TestCase): tree.write(), [self.commits["mainline 0"]] ) - self.repo.references.create("refs/remotes/pablo/nf/master", + self.repo.references.create("refs/remotes/netfilter/nf/master", self.commits["nf 0"]) self.commits["mainline 2"] = self.repo.create_commit( @@ -822,13 +822,13 @@ class TestFromPatch(unittest.TestCase): with open("series.conf", mode="w") as f: f.write(tests.support.format_series(( - ("pablo/nf-next", ( + ("netfilter/nf-next", ( name, )), ))) series2 = tests.support.format_series(( - ("pablo/nf", ( + ("netfilter/nf", ( name, )), )) @@ -838,9 +838,9 @@ class TestFromPatch(unittest.TestCase): def test_found_notindexed_upstream_bad2_moveupstream(self): """ - patch sorted in pablo nf-next (not fetched), commit found in pablo nf, + patch sorted in netfilter nf-next (not fetched), commit found in netfilter nf, git-repo tag is bad - moves to pablo nf + moves to netfilter nf tag is NOT updated This is a special case. See the log of commit 0ac6457e94e8 @@ -854,7 +854,7 @@ class TestFromPatch(unittest.TestCase): def test_found_notindexed_upstream_bad2_nomoveupstream(self): """ - patch sorted in pablo nf-next (not fetched), commit found in pablo nf, + patch sorted in netfilter nf-next (not fetched), commit found in netfilter nf, git-repo tag is bad error, possible causes: section is wrong or Git-repo is wrong diff --git a/scripts/lib/SUSE/Kernel.gpg b/scripts/lib/SUSE/Kernel.gpg new file mode 100644 index 0000000..4d7dbc7 --- /dev/null +++ b/scripts/lib/SUSE/Kernel.gpg @@ -0,0 +1,20 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.5 (GNU/Linux) + +mQENBFEaM/IBCADo3+2CX4/tZoGIooy7QF8+J94rwr7Tov3kXFADlXr+aG7zHMrz +r398QiSCmLsE7kJ8DcapHH+TaYrpy5yuS06RV4euhlJjo2+SHEcSzTGDIjrPTDvM +8KZE3CWZgyRTVZnTq7bRPtVhSIzkTPNyJe1AMMDZH8YYgDgo0zleZWR3w3VA75dC +fGUYjFTjymAM2QtzK3WAgywqZK0F21MKOCUWrz8ZFbCmdcZh/mAYDhmNlFcN6mZS +E/yD5E6pqGEF1Pr4dfwP0NbPBpsYq8wP3T5TIdaD5wr38u2QJNORxCKi8fuCqpf7 +HQx5v3x2EVz4VhRzzc31TPVz1LX5MPby8ypBABEBAAG0Lktlcm5lbCBPQlMgUHJv +amVjdCA8S2VybmVsQGJ1aWxkLm9wZW5zdXNlLm9yZz6JATwEEwECACYFAmFcgfcC +GwMFCRRg/gUGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRDs7vIQA1ecHYjiB/9j +HSpLuZUnN2YIg6BFTXs4thRLcH0oaYqqvn9j9B4JR9ORHkCharrsBGLRw8zk+Rxt +fCKkty0hkF8yEnnrQV1SaTIBotadf+OnK3Rll4XTO/i7ww7vNcBklYDl801j8z21 +rDoDt9WPRMO748XFHbc1lcQxw7kyfT5XrmpMA1aKcP8jGk2Zs0+1dR4ZlHMs5yq3 +txVIq5dZE+cB+5F4ab3QhFdtGJlW5oM4kzojLSvPJq2NMH4NZPM0fbotbrKSiVDO +QjYURv7Crh/3uPs2OHgh3QRaEva4rU7z2Q/z6Lo5iinQJ9WcRfL8cMOHxSMArUCw +IwudjqU4hN/AyJ+OIYK0iEYEExECAAYFAlEaM/IACgkQOzARt2udZSOyewCguDRQ +jsRPwMa3DqdijMtrGaWTtdcAn20WA8ufB0LM8evtkMiv4PmlYfEz +=ehs+ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/scripts/lib/SUSE/SUSE_Trust_Root.pem b/scripts/lib/SUSE/SUSE_Trust_Root.pem index 27cb843..85975b5 100644 --- a/scripts/lib/SUSE/SUSE_Trust_Root.pem +++ b/scripts/lib/SUSE/SUSE_Trust_Root.pem @@ -1,4 +1,4 @@ ------BEGIN TRUSTED CERTIFICATE----- +-----BEGIN CERTIFICATE----- MIIG6DCCBNCgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBqDELMAkGA1UEBhMCREUx EjAQBgNVBAgTCUZyYW5jb25pYTESMBAGA1UEBxMJTnVyZW1iZXJnMSEwHwYDVQQK ExhTVVNFIExpbnV4IFByb2R1Y3RzIEdtYkgxFTATBgNVBAsTDE9QUyBTZXJ2aWNl @@ -35,6 +35,5 @@ OL+vEVNBlzGiU2mPuk/E75V43dhnaI3ktqph5oNq6gEZWArLkze2nksWdexjH7G5 42cij0RBO/+5RjmVzG9IXzmScE2V57McJpVDf0lPV57+xCkn6msqyRiJoDS3DPfV ySq1QlcPxhQUNSbDIL663gwirdJyf98C4W/zVcwjnUc+zGgxVInqhJVpuWvte9h/ bIf8cLGxGtSyQ616qwdS92vg1atJoG51Jdxw0EhzFtxJ8QVrfkGn1IT2ngUYYaOK -W8NcaXbJ/yeblISOdtHRxuCpZs8P9MxDAQn/X873eYfcim1xfqSimgJ2dpAwEQwP -U1VTRSBUcnVzdCBSb290 ------END TRUSTED CERTIFICATE----- +W8NcaXbJ/yeblISOdtHRxuCpZs8P9MxDAQn/X873eYfcim1xfqSimgJ2dpA= +-----END CERTIFICATE----- diff --git a/scripts/osc_wrapper b/scripts/osc_wrapper index 83f98c1..1869e6c 100755 --- a/scripts/osc_wrapper +++ b/scripts/osc_wrapper @@ -251,11 +251,7 @@ do_build() shift ;; *.spec) - if test $# -eq 1; then - spec=$1 - else - osc_args=("${osc_args[@]}" "$1") - fi + spec=$1 shift ;; *) diff --git a/scripts/renamepatches b/scripts/renamepatches index f86d7da..81a4e44 100755 --- a/scripts/renamepatches +++ b/scripts/renamepatches @@ -29,14 +29,20 @@ fi branch=$1 trap 'rm -f "$temp"' EXIT temp=$(mktemp) -git grep -iE '^(Git-commit:|No-fix:|\(cherry picked from commit)' $branch | grep -vF patches.kernel.org > $temp +git grep -iE '^(Git-commit:|No-fix:|\(cherry picked from commit)' $branch -- 'patches.*' | tr ':' ' ' | \ + awk '!/patches.kernel.org/ {fn=$2; hash=$NF; map[hash]=map[hash] fn;} + END { for (hash in map) printf("map[%s]=\"%s\"\n", hash, map[hash]); }' \ + >$temp -grep -E "^[[:space:]]*patches\.[a-z]+\/" < series.conf | while read patch ; do - commit="$([ -f $patch ] && { grep -iE "^(Git-commit|No-fix):" < $patch | awk '{ print $2}' ; - grep -i "^(cherry picked from commit" < $patch | awk '{ print $5}' ; } )" - [ -n "$commit" ] && echo "$commit" | while read c ; do - grep -F $c < $temp | tr ':' ' ' | while read junk fn blah ; do - [ -n "$fn" ] && [ $fn != $patch ] && git mv $patch $fn && sed -i -e "s,$patch,$fn," series.conf - done - done +declare -A map +source $temp + +grep -E "^[[:space:]]*patches\.[a-z]+/" < series.conf | while read patch ; do + [ ! -f "$patch" ] && continue + commit="$(awk -v IGNORECASE=1 '/^(Git-commit|No-fix):/ { print $2} + /^\(cherry picked from commit/ { print $5}' $patch)" + [ -z "$commit" ] && continue + for fn in ${map[$commit]} ; do + [ $fn != $patch ] && git mv $patch $fn && sed -i -e "s,$patch,$fn," series.conf + done done diff --git a/scripts/sequence-patch.sh b/scripts/sequence-patch.sh index 15f9409..bdfac19 100755 --- a/scripts/sequence-patch.sh +++ b/scripts/sequence-patch.sh @@ -503,7 +503,7 @@ if ! [ -d $ORIG_DIR ]; then fi if $VANILLA; then - PATCHES=( $(scripts/guards $SYMBOLS < series.conf | egrep '^patches\.(kernel\.org|rpmify)/') ) + PATCHES=( $(scripts/guards $SYMBOLS < series.conf | grep -E '^patches\.(kernel\.org|rpmify)/') ) else PATCHES=( $(scripts/guards $SYMBOLS < series.conf) ) fi diff --git a/series.conf b/series.conf index 9e50d8a..d82a848 100644 --- a/series.conf +++ b/series.conf @@ -9507,6 +9507,7 @@ patches.suse/powerpc-mm-Make-switch_mm_irqs_off-out-of-line.patch patches.suse/powerpc-64s-masked_interrupt-returns-to-kernel-so-av.patch patches.suse/powerpc-xive-06-Fix-the-size-of-the-cpumask-used-in-xive_find_target_in_mask.patch + patches.suse/powerpc-powernv-Fix-build-error-in-opal-imc.c-when-N.patch patches.suse/KVM-PPC-Book3S-HV-POWER9-does-not-require-secondary-.patch patches.suse/powerpc-64s-Move-IDLE_STATE_ENTER_SEQ-_NORET-into-id.patch patches.suse/powerpc-64s-POWER9-can-execute-stop-without-a-sync-s.patch @@ -11186,6 +11187,7 @@ patches.suse/net-mvpp2-fix-port-list-indexing.patch patches.suse/net-mvpp2-do-not-select-the-internal-source-clock.patch patches.suse/inetpeer-fix-RCU-lookup-again.patch + patches.suse/net-dsa-mv88e6xxx-Allow-dsa-and-cpu-ports-in-multipl.patch patches.suse/net-dsa-Fix-network-device-registration-order.patch patches.suse/packet-in-packet_do_bind-test-fanout-with-bind_lock-.patch patches.suse/packet-only-test-po-has_vnet_hdr-once-in-packet_snd.patch @@ -13731,6 +13733,7 @@ patches.suse/sched-act-ife-update-parameters-via-rcu-handling.patch patches.suse/ipvlan-always-use-the-current-L2-addr-of-the-master.patch patches.suse/net-phy-broadcom-support-new-device-flag-for-setting.patch + patches.suse/icmp-don-t-fail-on-fragment-reassembly-time-exceeded.patch patches.suse/0010-net-stmmac-Use-correct-values-in-TQS-RQS-fields.patch patches.suse/bpf-verifier-set-reg_type-on-context-accesses-in-sec.patch patches.suse/nfp-bpf-reorder-arguments-to-emit_ld_field_any.patch @@ -14361,6 +14364,8 @@ patches.suse/0022-fsl-fman-Add-a-missing-of_node_put-call-in-an-error-.patch patches.suse/0023-fsl-fman-Remove-a-useless-dev_err-call.patch patches.suse/net-mvpp2-add-ethtool-GOP-statistics.patch + patches.suse/netfilter-xt_connlimit-don-t-store-address-in-the-co.patch + patches.suse/netfilter-ipvs-Fix-inappropriate-output-of-procfs.patch patches.suse/net-bridge-Add-del-switchdev-object-on-host-join-lea.patch patches.suse/net-mlx5e-Rename-VLAN-related-variables-and-function.patch patches.suse/net-mlx5e-Add-rollback-on-add-VLAN-failure.patch @@ -17826,6 +17831,7 @@ patches.suse/genetlink-fix-genlmsg_nlhdr.patch patches.suse/qed-use-kzalloc-instead-of-kmalloc-and-memset.patch patches.suse/msft-hv-1550-hv_netvsc-preserve-hw_features-on-mtu-channels-ringp.patch + patches.suse/xfrm-Copy-policy-family-in-clone_policy.patch patches.suse/fealnx-Fix-building-error-on-MIPS.patch patches.suse/net-sctp-Always-set-scope_id-in-sctp_inet6_skb_msgna.patch patches.suse/nfp-fix-flower-offload-metadata-flag-usage.patch @@ -18357,6 +18363,7 @@ patches.suse/0007-arm64-context-Fix-comments-and-remove-pointless-smp_.patch patches.suse/xfs-always-free-inline-data-before-resetting-inode-f.patch patches.suse/xfs-fortify-xfs_alloc_buftarg-error-handling.patch + patches.suse/xfs-fix-leaks-on-corruption-errors-in-xfs_bmap.c.patch patches.suse/xfs-ubsan-fixes.patch patches.suse/xfs-remove-unused-parameter-from-xfs_writepage_map.patch patches.suse/xfs-Properly-retry-failed-dquot-items-in-case-of-err.patch @@ -24709,6 +24716,7 @@ patches.suse/0015-arm64-Add-missing-Falkor-part-number-for-branch-pred.patch patches.suse/0001-arm64-proc-Set-PTE_NG-for-table-entries-to-avoid-tra.patch patches.suse/powerpc-xive-Use-hw-CPU-ids-when-configuring-the-CPU.patch + patches.suse/powerpc-powernv-IMC-fix-out-of-bounds-memory-access-.patch patches.suse/powerpc-pseries-Add-empty-update_numa_cpu_lookup_tab.patch patches.suse/powerpc-pseries-Check-for-zero-filled-ibm-dynamic-me.patch patches.suse/mtd-nand-vf610-set-correct-ooblayout.patch @@ -25550,6 +25558,7 @@ patches.suse/s390-sles15sp1-00-11-062-net-smc-simplify-wait-when-closing-listen-socket.patch patches.suse/net-sched-actions-return-explicit-error-when-tunnel_.patch patches.suse/0010-net-Fix-vlan-untag-for-bridge-and-vlan_dev-with-reor.patch + patches.suse/vlan-Fix-out-of-order-vlan-headers-with-reorder-head.patch patches.suse/kcm-lock-lower-socket-in-kcm_attach.patch patches.suse/net-systemport-Rewrite-__bcm_sysport_tx_reclaim.patch patches.suse/net-iucv-Free-memory-obtained-by-kzalloc.patch @@ -25791,6 +25800,7 @@ patches.suse/tools-bpftool-don-t-use-hex-numbers-in-JSON-output.patch patches.suse/nfp-bpf-fix-check-of-program-max-insn-count.patch patches.suse/0001-net-Fix-untag-for-vlan-packets-without-ethernet-head.patch + patches.suse/vlan-Fix-vlan-insertion-for-packets-without-ethernet.patch patches.suse/net-dim-Fix-int-overflow.patch patches.suse/ipv6-sr-fix-seg6-encap-performances-with-TSO-enabled.patch patches.suse/vrf-Fix-use-after-free-and-double-free-in-vrf_finish.patch @@ -28350,6 +28360,7 @@ patches.suse/net-bgmac-Correctly-annotate-register-space.patch patches.suse/net-bgmac-Fix-endian-access-in-bgmac_dma_tx_ring_fre.patch patches.suse/ipv6-frags-fix-proc-sys-net-ipv6-ip6frag_low_thresh.patch + patches.suse/kbuild-clear-LDFLAGS-in-the-top-Makefile.patch patches.suse/media-au0828-fix-VIDEO_V4L2-dependency patches.suse/0001-media-usbtv-prevent-double-free-in-error-case.patch patches.suse/media-cx25821-prevent-out-of-bounds-read-on-array-ca @@ -29882,6 +29893,8 @@ patches.suse/lan78xx-Don-t-reset-the-interface-on-open.patch patches.suse/tun-set-the-flags-before-registering-the-netdevice.patch patches.suse/tun-send-netlink-notification-when-the-device-is-mod.patch + patches.suse/l2tp-fix-races-in-tunnel-creation.patch + patches.suse/l2tp-fix-race-in-duplicate-tunnel-detection.patch patches.suse/xprtrdma-Fix-latency-regression-on-NUMA-NFS-RDMA-cli.patch patches.suse/xprtrdma-Remove-arbitrary-limit-on-initiator-depth.patch patches.suse/xprtrdma-Remove-xprt-specific-connect-cookie.patch @@ -30010,6 +30023,7 @@ patches.suse/kexec-export-pg_swapbacked-to-vmcoreinfo patches.suse/mm-slab-reschedule-cache_reap-on-the-same-cpu.patch patches.suse/powerpc-64s-Fix-section-mismatch-warnings-from-setup.patch + patches.suse/powerpc-fscr-Enable-interrupts-earlier-before-callin.patch patches.suse/4.4.129-042-powerpc-powernv-define-a-standard-delay-for-O.patch patches.suse/4.4.129-043-powerpc-powernv-Fix-OPAL-NVRAM-driver-OPAL_BU.patch patches.suse/powerpc-8xx-Fix-build-with-hugetlbfs-enabled.patch @@ -34133,6 +34147,7 @@ patches.suse/4.4.139-043-powerpc-mm-hash-Add-missing-isync-prior-to-ke.patch patches.suse/powerpc-mm-hash-hard-disable-irq-in-the-SLB-insert-p.patch patches.suse/hvc_opal-don-t-set-tb_ticks_per_usec-in-udbg_init_op.patch + patches.suse/powerpc-eeh-Fix-use-after-release-of-EEH-driver.patch patches.suse/powerpc-64s-Add-barrier_nospec.patch patches.suse/powerpc-64s-Add-support-for-ori-barrier_nospec-patch.patch patches.suse/powerpc-64s-Patch-barrier_nospec-in-modules.patch @@ -42626,6 +42641,7 @@ patches.suse/gfs2_meta-mount-can-get-NULL-dev_name.patch patches.suse/gfs2-Don-t-leave-s_fs_info-pointing-to-freed-memory-.patch patches.suse/xfs-remove-XFS_IO_INVALID.patch + patches.suse/xfs-fix-use-after-free-race-in-xfs_buf_rele.patch patches.suse/xfs-Fix-xqmstats-offsets-in-proc-fs-xfs-xqmstat.patch patches.suse/ext4-fix-argument-checking-in-EXT4_IOC_MOVE_EXT.patch patches.suse/ext4-fix-EXT4_IOC_SWAP_BOOT.patch @@ -43463,6 +43479,7 @@ patches.suse/smb3-add-debug-for-unexpected-mid-cancellation.patch patches.suse/cifs-update-internal-module-version-number-for-cifs-ko-to-2-14.patch patches.suse/SUNRPC-Clean-up-initialisation-of-the-struct-rpc_rqs.patch + patches.suse/SUNRPC-Fix-priority-queue-fairness.patch patches.suse/NFSv4.1-Fix-the-r-wsize-checking.patch patches.suse/NFS-Fix-dentry-revalidation-on-NFSv4-lookup.patch patches.suse/NFS-Refactor-nfs_lookup_revalidate.patch @@ -44662,6 +44679,7 @@ patches.suse/net-fix-XPS-static_key-accounting.patch patches.suse/net-Prevent-invalid-access-to-skb-prev-in-__qdisc_dr.patch patches.suse/liquidio-fix-spelling-mistake-deferal-deferral.patch + patches.suse/bonding-fix-802.3ad-state-sent-to-partner-when-unbin.patch patches.suse/nfp-flower-release-metadata-on-offload-failure.patch patches.suse/nfp-flower-prevent-offload-if-rhashtable-insert-fail.patch patches.suse/net-sched-act_police-fix-memory-leak-in-case-of-inva.patch @@ -44850,6 +44868,8 @@ patches.suse/0001-net-macb-fix-dropped-RX-frames-due-to-a-race.patch patches.suse/0002-net-macb-add-missing-barriers-when-reading-descripto.patch patches.suse/vxlan-Unmark-offloaded-bit-on-replaced-FDB-entries.patch + patches.suse/vxlan-Fix-error-path-in-__vxlan_dev_create.patch + patches.suse/vxlan-changelink-Fix-handling-of-default-remotes.patch patches.suse/lan78xx-Resolve-issue-with-changing-MAC-address.patch patches.suse/net-phy-Fix-the-issue-that-netif-always-links-up-aft.patch patches.suse/0001-xen-netfront-tolerate-frags-with-no-data.patch @@ -45299,6 +45319,7 @@ patches.suse/x86-amd_nb-add-pci-device-ids-for-family-17h-model-30h.patch patches.suse/hwmon-k10temp-add-support-for-amd-family-17h-model-30h-cpus.patch patches.suse/x86-vdso-remove-obsolete-fake-section-table-reservation.patch + patches.suse/x86-mce-Fix-Wmissing-prototypes-warnings.patch patches.suse/x86-umip-print-umip-line-only-once.patch patches.suse/x86-umip-make-the-umip-activated-message-generic.patch patches.suse/x86-fpu-Add-might_fault-to-user_insn.patch @@ -45556,6 +45577,7 @@ patches.suse/brcmfmac-Call-brcmf_dmi_probe-before-brcmf_of_probe.patch patches.suse/brcmfmac-Fix-out-of-bounds-memory-access-during-fw-l.patch patches.suse/qed-fix-spelling-mistake-Dispalying-Displaying.patch + patches.suse/net-aquantia-fix-RSS-table-and-key-sizes.patch patches.suse/net-hns3-remove-existing-process-error-functions-and.patch patches.suse/net-hns3-rename-enable-error-interrupt-functions.patch patches.suse/net-hns3-re-enable-error-interrupts-on-hw-reset.patch @@ -45741,7 +45763,9 @@ patches.suse/dlm-memory-leaks-on-error-path-in-dlm_user_request.patch patches.suse/udf-Fix-BUG-on-corrupted-inode.patch patches.suse/quota-Lock-s_umount-in-exclusive-mode-for-Q_XQUOTA-O.patch + patches.suse/xfs-require-both-realtime-inodes-to-mount.patch patches.suse/xfs-Align-compat-attrlist_by_handle-with-native-impl.patch + patches.suse/xfs-Fix-bulkstat-compat-ioctls-on-x32-userspace.patch patches.suse/ext4-fix-possible-use-after-free-in-ext4_quota_enabl.patch patches.suse/ext4-missing-unlock-put_page-in-ext4_try_to_write_in.patch patches.suse/ext4-fix-EXT4_IOC_GROUP_ADD-ioctl.patch @@ -46776,6 +46800,7 @@ patches.suse/0017-btrfs-don-t-end-the-transaction-for-delayed-refs-in-throttle.patch patches.suse/0005-btrfs-clean-up-pending-block-groups-when-transaction.patch patches.suse/x86-speculation-remove-redundant-arch_smt_update-invocation.patch + patches.suse/cpu-hotplug-Fix-SMT-disabled-by-BIOS-detection-for-K.patch patches.suse/x86-cpu-Add-Atom-Tremont-Jacobsville.patch patches.suse/x86-microcode-amd-don-t-falsely-trick-the-late-loading-mechanism.patch patches.suse/x86-kexec-Don-t-setup-EFI-info-if-EFI-runtime-is-not.patch @@ -48159,6 +48184,7 @@ patches.suse/NFS-Fix-I-O-request-leakages.patch patches.suse/NFS-Fix-an-I-O-request-leakage-in-nfs_do_recoalesce.patch patches.suse/NFS-Don-t-recoalesce-on-error-in-nfs_pageio_complete.patch + patches.suse/NFS-Pass-error-information-to-the-pgio-error-cleanup.patch patches.suse/fs-nfs-Fix-nfs_parse_devname-to-not-modify-it-s-argu.patch patches.suse/NFS-Remove-redundant-semicolon.patch patches.suse/NFS-Fix-a-soft-lockup-in-the-delegation-recovery-cod.patch @@ -53095,6 +53121,7 @@ patches.suse/smb3-Fix-regression-in-time-handling.patch patches.suse/CIFS-Force-revalidate-inode-when-dentry-is-stale.patch patches.suse/CIFS-Force-reval-dentry-if-LOOKUP_REVAL-flag-is-set.patch + patches.suse/nfs-Fix-nfsi-nrequests-count-error-on-nfs_inode_remo.patch patches.suse/NFS-Fix-O_DIRECT-accounting-of-number-of-bytes-read-.patch patches.suse/NFSv4-Fix-leak-of-clp-cl_acceptor-string.patch patches.suse/s390-cio-fix-virtio-ccw-dma-without-pv @@ -54165,6 +54192,7 @@ patches.suse/scsi-iscsi-Don-t-send-data-to-unbound-connection.patch patches.suse/xfs-Sanity-check-flags-of-Q_XQUOTARM-call.patch patches.suse/xfs-use-a-struct-timespec64-for-the-in-core-crtime.patch + patches.suse/xfs-fix-attr-leaf-header-freemap.size-underflow.patch patches.suse/clocksource-drivers-asm9260-Add-a-check-for-of_clk_g.patch patches.suse/0009-hrtimer-Annotate-lockless-access-to-timer-state.patch patches.suse/s390-always-inline-disabled_wait.patch @@ -54214,6 +54242,7 @@ patches.suse/ACPI-bus-Fix-NULL-pointer-check-in-acpi_bus_get_priv.patch patches.suse/ACPI-sysfs-Change-ACPI_MASKABLE_GPE_MAX-to-0x100.patch patches.suse/kvm-x86-fix-out-of-bounds-write-in-kvm_get_emulated_cpuid-cve-2019-19332 + patches.suse/kernel-sys.c-avoid-copying-possible-padding-bytes-in.patch patches.suse/drm-limit-to-INT_MAX-in-create_blob-ioctl.patch patches.suse/thermal-Fix-deadlock-in-thermal-thermal_zone_device_.patch patches.suse/moduleparam-fix-parameter-description-mismatch.patch @@ -54244,6 +54273,7 @@ patches.suse/sunrpc-fix-crash-when-cache_head-become-valid-before.patch patches.suse/SUNRPC-Fix-svcauth_gss_proxy_init.patch patches.suse/nfsd-Ensure-CLONE-persists-data-and-metadata-changes.patch + patches.suse/xfs-fix-mount-failure-crash-on-invalid-iclog-memory-.patch patches.suse/Input-goodix-add-upside-down-quirk-for-Teclast-X89-t.patch patches.suse/Input-synaptics-rmi4-don-t-increment-rmiaddr-for-SMB.patch patches.suse/CIFS-Fix-NULL-pointer-dereference-in-smb2_push_mandatory_locks.patch @@ -56088,6 +56118,7 @@ patches.suse/xen-xenbus-ensure-xenbus_map_ring_valloc-returns-pro.patch patches.suse/watchdog-sp805-fix-restart-handler.patch patches.suse/0008-drm-amd-powerplay-force-the-trim-of-the-mclk-dpm_lev.patch + patches.suse/xfs-fix-partially-uninitialized-structure-in-xfs_ref.patch patches.suse/hwmon-jc42-Fix-name-to-have-no-illegal-characters.patch patches.suse/scsi-qla2xxx-Fix-regression-warnings.patch patches.suse/scsi-sg-add-sg_remove_request-in-sg_common_write @@ -56128,6 +56159,7 @@ patches.suse/scsi-sg-add-sg_remove_request-in-sg_write patches.suse/net-netrom-Fix-potential-nr_neigh-refcnt-leak-in-nr_.patch patches.suse/wimax-i2400m-Fix-potential-urb-refcnt-leak.patch + patches.suse/net-stmmac-Fix-sub-second-increment.patch patches.suse/net-mlx4_en-avoid-indirect-call-in-TX-completion.patch patches.suse/tcp-cache-line-align-MAX_TCP_HEADER.patch patches.suse/ipv6-fix-restrict-IPV6_ADDRFORM-operation.patch @@ -56149,6 +56181,8 @@ patches.suse/net-bcmgenet-correct-per-TX-RX-ring-statistics.patch patches.suse/iwlwifi-pcie-actually-release-queue-memory-in-TVQM.patch patches.suse/macsec-avoid-to-set-wrong-mtu.patch + patches.suse/net-bcmgenet-suppress-warnings-on-failed-Rx-SKB-allo.patch + patches.suse/net-systemport-suppress-warnings-on-failed-Rx-SKB-al.patch patches.suse/cpumap-Avoid-warning-when-CONFIG_DEBUG_PER_CPU_MAPS-.patch patches.suse/bpf-Forbid-XADD-on-spilled-pointers-for-unprivileged.patch patches.suse/powerpc-setup_64-Set-cache-line-size-based-on-cache-.patch @@ -56254,6 +56288,7 @@ patches.suse/mlxsw-spectrum_acl_tcam-Position-vchunk-in-a-vregion.patch patches.suse/msft-hv-2073-hv_netvsc-Fix-netvsc_start_xmit-s-return-type.patch patches.suse/devlink-fix-return-value-after-hitting-end-in-region.patch + patches.suse/gtp-set-NLM_F_MULTI-flag-in-gtp_genl_dump_pdp.patch patches.suse/net_sched-sch_skbprio-add-message-validation-to-skbp.patch patches.suse/net-usb-qmi_wwan-add-support-for-DW5816e.patch patches.suse/net-mlx4_core-Fix-use-of-ENOSPC-around-mlx4_counter_.patch @@ -56363,6 +56398,7 @@ patches.suse/net-dsa-mt7530-fix-roaming-from-DSA-user-ports.patch patches.suse/net-revert-net-get-rid-of-an-signed-integer-overflow.patch patches.suse/net-sched-fix-reporting-the-first-time-use-timestamp.patch + patches.suse/net-bmac-Fix-read-of-MAC-address-from-ROM.patch patches.suse/r8152-support-additional-Microsoft-Surface-Ethernet-.patch patches.suse/net-inet_csk-Fix-so_reuseport-bind-address-cache-in-.patch patches.suse/__netif_receive_skb_core-pass-skb-by-reference.patch @@ -56371,6 +56407,7 @@ patches.suse/net-qrtr-Fix-passing-invalid-reference-to-qrtr_local.patch patches.suse/net-ipip-fix-wrong-address-family-in-init-error-path.patch patches.suse/sctp-Start-shutdown-on-association-restart-if-in-SHU.patch + patches.suse/net-ethernet-freescale-rework-quiesce-activate-for-u.patch patches.suse/mlxsw-spectrum-Fix-use-after-free-of-split-unsplit-t.patch patches.suse/0002-net-sun-fix-missing-release-regions-in-cas_init_one.patch patches.suse/net-mlx4_core-fix-a-memory-leak-bug.patch @@ -56505,6 +56542,7 @@ patches.suse/kvm-x86-mmu-set-mmio_value-to-0-if-reserved-pf-can-t-be-generated patches.suse/Bluetooth-hci_bcm-fix-freeing-not-requested-IRQ.patch patches.suse/e1000-Distribute-switch-variables-for-initialization.patch + patches.suse/net-mlx5e-Set-of-completion-request-bit-should-not-c.patch patches.suse/0005-net-bcmgenet-set-Rx-mode-before-starting-netif.patch patches.suse/0006-net-bcmgenet-Fix-WoL-with-password-after-deep-sleep.patch patches.suse/0007-Revert-net-bcmgenet-remove-unused-function-in-bcmgen.patch @@ -56523,6 +56561,7 @@ patches.suse/net-ena-use-SHUTDOWN-as-reset-reason-when-closing-in.patch patches.suse/net-ena-cosmetic-remove-unnecessary-spaces-and-tabs-.patch patches.suse/net-ena-cosmetic-extract-code-to-ena_indirection_tab.patch + patches.suse/net-allwinner-Fix-use-correct-return-type-for-ndo_st.patch patches.suse/Revert-crypto-chelsio-Inline-single-pdu-only.patch patches.suse/Crypto-chcr-fix-for-ccm-aes-failed-test.patch patches.suse/ath9k-Fix-use-after-free-Read-in-ath9k_wmi_ctrl_rx.patch @@ -56535,6 +56574,7 @@ patches.suse/carl9170-remove-P2P_GO-support.patch patches.suse/ath9k_htc-Silence-undersized-packet-warnings.patch patches.suse/net-usb-ax88179_178a-remove-redundant-assignment-to-.patch + patches.suse/net-qed-Reduce-RX-and-TX-default-ring-count-when-run.patch patches.suse/Bluetooth-Handle-Inquiry-Cancel-error-after-Inquiry-.patch patches.suse/veth-Adjust-hard_start-offset-on-redirect-XDP-frames.patch patches.suse/ixgbe-Fix-XDP-redirect-on-archs-with-PAGE_SIZE-above.patch @@ -57628,6 +57668,7 @@ patches.suse/ceph-fix-potential-mdsc-use-after-free-crash.patch patches.suse/ceph-fix-use-after-free-for-fsc-mdsc.patch patches.suse/ceph-handle-zero-length-feature-mask-in-session-messages.patch + patches.suse/xfs-Fix-UBSAN-null-ptr-deref-in-xfs_sysfs_init.patch patches.suse/btrfs-inode-fix-NULL-pointer-dereference-if-inode-do.patch patches.suse/btrfs-fix-memory-leaks-after-failure-to-lookup-check.patch patches.suse/i2c-rcar-slave-only-send-STOP-event-when-we-have-bee.patch @@ -57790,6 +57831,7 @@ patches.suse/sdhci-tegra-Remove-SDHCI_QUIRK_DATA_TIMEOUT_USES_SDC.patch patches.suse/btrfs-tree-checker-fix-the-error-message-for-transid.patch patches.suse/fix-regression-in-epoll-Keep-a-reference-on-files-added-to-the-check-list.patch + patches.suse/xfs-initialize-the-shortform-attr-header-padding-ent.patch patches.suse/0001-dm-writecache-handle-DAX-to-partitions-on-persistent.patch patches.suse/0001-dm-cache-metadata-Avoid-returning-cmd-bm-wild-pointe.patch patches.suse/0002-dm-thin-metadata-Avoid-returning-cmd-bm-wild-pointer.patch @@ -58127,6 +58169,7 @@ patches.suse/xfs-widen-ondisk-inode-timestamps-to-deal-with-y2038.patch patches.suse/xfs-widen-ondisk-quota-expiration-timestamps-to-hand.patch patches.suse/xfs-enable-big-timestamps.patch + patches.suse/xfs-make-sure-the-rt-allocator-doesn-t-run-off-the-e.patch patches.suse/scsi-ufs-ufs-qcom-Fix-race-conditions-caused-by-ufs_qcom_testbus_config.patch patches.suse/scsi-ufs-properly-release-resources-if-a-task-is-aborted-successfully patches.suse/scsi-smartpqi-identify-physical-devices-without-issuing-inquiry.patch @@ -58432,6 +58475,7 @@ patches.suse/kernel-smp-Provide-CSD-lock-timeout-diagnostics.patch patches.suse/fuse-fix-page-dereference-after-free.patch patches.suse/xfs-limit-entries-returned-when-counting-fsmap-recor.patch + patches.suse/xfs-fix-realtime-bitmap-summary-file-truncation-when.patch patches.suse/xen-events-avoid-removing-an-event-channel-while-han.patch patches.suse/0001-xen-events-add-a-proper-barrier-to-2-level-uevent-un.patch patches.suse/0002-xen-events-fix-race-in-evtchn_fifo_unmask.patch @@ -58662,6 +58706,7 @@ patches.suse/ext4-correctly-report-not-supported-for-usr-grp-jquo.patch patches.suse/ext4-unlock-xattr_sem-properly-in-ext4_inline_data_t.patch patches.suse/powercap-Restrict-energy-meter-to-root-access.patch + patches.suse/don-t-dump-the-threads-that-had-been-already-exiting.patch patches.suse/swiotlb-fix-x86-Don-t-panic-if-can-not-alloc-buffer-.patch patches.suse/ACPI-GED-fix-Wformat.patch patches.suse/bpf-Zero-fill-re-used-per-cpu-map-element.patch @@ -60407,6 +60452,7 @@ patches.suse/x86-kvm-Disable-kvmclock-on-all-CPUs-on-shutdown.patch patches.suse/x86-kvm-Disable-all-PV-features-on-crash.patch patches.suse/x86-kvm-Unify-kvm_pv_guest_cpu_reboot-with-kvm_guest.patch + patches.suse/ptrace-make-ptrace-fail-if-the-tracee-changed-its-pi.patch patches.suse/tpm-fix-error-return-code-in-tpm2_get_cc_attrs_tbl.patch patches.suse/vgacon-Record-video-mode-changes-with-VT_RESIZEX.patch patches.suse/drm-radeon-dpm-Disable-sclk-switching-on-Oland-when-.patch @@ -60564,6 +60610,7 @@ patches.suse/ftrace-Do-not-blindly-read-the-ip-address-in-ftrace_bug.patch patches.suse/tracing-Correct-the-length-check-which-causes-memory-corruption.patch patches.suse/staging-rtl8723bs-Fix-uninitialized-variables.patch + patches.suse/usb-musb-fix-MUSB_QUIRK_B_DISCONNECT_99-handling.patch patches.suse/usb-pd-Set-PD_T_SINK_WAIT_CAP-to-310ms.patch patches.suse/USB-serial-quatech2-fix-control-request-directions.patch patches.suse/USB-serial-omninet-add-device-id-for-Zyxel-Omni-56K-.patch @@ -61083,6 +61130,7 @@ patches.suse/Bluetooth-defer-cleanup-of-resources-in-hci_unregist.patch patches.suse/net-natsemi-Fix-missing-pci_disable_device-in-probe-.patch patches.suse/nfp-update-ethtool-reporting-of-pauseframe-control.patch + patches.suse/net-usb-lan78xx-don-t-modify-phy_device-state-concur.patch patches.suse/bnx2x-fix-an-error-code-in-bnx2x_nic_load.patch patches.suse/net-pegasus-fix-uninit-value-in-get_interrupt_interv.patch patches.suse/net-vxge-fix-use-after-free-in-vxge_device_unregiste.patch @@ -61364,6 +61412,7 @@ patches.suse/KVM-s390-index-kvm-arch.idle_mask-by-vcpu_idx patches.suse/KVM-x86-Update-vCPU-s-hv_clock-before-back-to-guest-.patch patches.suse/net-hso-add-failure-handler-for-add_net_device.patch + patches.suse/net-usb-cdc_mbim-avoid-altsetting-toggling-for-Telit.patch patches.suse/net-usb-qmi_wwan-add-Telit-0x1060-composition.patch patches.suse/qlcnic-Remove-redundant-unlock-in-qlcnic_pinit_from_.patch patches.suse/msft-hv-2426-PCI-hv-Support-for-create-interrupt-v3.patch @@ -61443,6 +61492,7 @@ patches.suse/e100-fix-length-calculation-in-e100_get_regs_len.patch patches.suse/e100-fix-buffer-overrun-in-e100_get_regs.patch patches.suse/net-hns3-do-not-allow-call-hns3_nic_net_open-repeate.patch + patches.suse/af_unix-fix-races-in-sk_peer_pid-and-sk_peer_cred-ac.patch patches.suse/scsi-ses-Fix-unsigned-comparison-with-less-than-zero.patch patches.suse/scsi-virtio_scsi-Fix-spelling-mistake-Unsupport-Unsupported.patch patches.suse/scsi-qla2xxx-Fix-excessive-messages-during-device-lo.patch @@ -61745,6 +61795,8 @@ patches.suse/tracing-Check-pid-filtering-when-creating-events.patch patches.suse/tracing-Fix-pid-filtering-when-triggers-are-attached.patch patches.suse/KVM-arm64-Avoid-setting-the-upper-32-bits-of-TCR_EL2-and-CPTR_EL2-to-1.patch + patches.suse/ipmi-Move-remove_work-to-dedicated-workqueue.patch + patches.suse/ipmi-msghandler-Make-symbol-remove_work_wq-static.patch patches.suse/tracing-Fix-a-kmemleak-false-positive-in-tracing_map.patch patches.suse/kprobes-limit-max-data_size-of-the-kretprobe-instances.patch patches.suse/net-usb-lan78xx-lan78xx_phy_init-use-PHY_POLL-instea.patch @@ -61793,6 +61845,8 @@ patches.suse/xen-netback-don-t-queue-unlimited-number-of-packages.patch patches.suse/IB-qib-Fix-memory-leak-in-qib_user_sdma_queue_pkts.patch patches.suse/HID-holtek-fix-mouse-probing.patch + patches.suse/ipmi-fix-initialization-when-workqueue-allocation-fa.patch + patches.suse/ipmi-Fix-UAF-when-uninstall-ipmi_si-and-ipmi_msghand.patch patches.suse/tee-handle-lookup-of-shm-with-reference-count-0.patch patches.suse/asix-fix-uninit-value-in-asix_mdio_read.patch patches.suse/asix-fix-wrong-return-value-in-asix_check_host_enabl.patch @@ -61992,6 +62046,7 @@ patches.suse/netfilter-conntrack-re-init-state-for-retransmitted-.patch patches.suse/gve-Recording-rx-queue-before-sending-to-napi.patch patches.suse/bonding-pair-enable_port-with-slave_arr_updates.patch + patches.suse/net-usb-qmi_wwan-Add-support-for-Dell-DW5829e.patch patches.suse/tracing-Fix-tp_printk-option-related-with-tp_printk_stop_on_boot.patch patches.suse/usb-ulpi-Move-of_node_put-to-ulpi_dev_release.patch patches.suse/usb-ulpi-Call-of_node_put-correctly.patch @@ -62008,6 +62063,7 @@ patches.suse/mmc-block-fix-read-single-on-recovery-logic.patch patches.suse/net_sched-add-__rcu-annotation-to-netdev-qdisc.patch patches.suse/USB-zaurus-support-another-broken-Zaurus.patch + patches.suse/net-usb-cdc_mbim-avoid-altsetting-toggling-for-Teli2.patch patches.suse/cifs-fix-set-of-group-SID-via-NTSD-xattrs.patch patches.suse/cifs-do-not-use-uninitialized-data-in-the-owner-group-sid.patch patches.suse/cifs-fix-double-free-race-when-mount-fails-in-cifs_get_root-.patch @@ -62122,6 +62178,7 @@ patches.suse/drivers-net-xgene-Fix-regression-in-CRC-stripping.patch patches.suse/llc-fix-netdevice-reference-leaks-in-llc_ui_bind.patch patches.suse/netfilter-nf_tables-initialize-registers-in-nft_do_c.patch + patches.suse/panic-unset-panic_on_warn-inside-panic.patch patches.suse/0006-drm-fb-helper-Mark-screen-buffers-in-system-memory-w.patch patches.suse/0074-dm-ioctl-prevent-potential-spectre-v1-gadget.patch patches.suse/0007-dm-crypt-fix-get_key_size-compiler-warning-if-CONFIG.patch @@ -62482,6 +62539,7 @@ patches.suse/xen-netfront-fix-leaking-data-in-shared-pages.patch patches.suse/xen-netfront-force-data-bouncing-when-backend-is-unt.patch patches.suse/xen-blkfront-force-data-bouncing-when-backend-is-unt.patch + patches.suse/signal-handling-don-t-use-BUG_ON-for-debugging.patch patches.suse/ibmvnic-Properly-dispose-of-all-skbs-during-a-failov.patch patches.suse/usbnet-fix-memory-leak-in-error-case.patch patches.suse/fbcon-Disallow-setting-font-bigger-than-screen-size.patch @@ -62528,6 +62586,7 @@ patches.suse/serial-mvebu-uart-correctly-report-configured-baudra.patch patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch + patches.suse/usb-dwc3-gadget-Fix-event-pending-check.patch patches.suse/USB-serial-ftdi_sio-add-Belimo-device-ids.patch patches.suse/mm-Force-TLB-flush-for-PFNMAP-mappings-before-unlink_file_vma.patch patches.suse/xfrm-xfrm_policy-fix-a-possible-double-xfrm_pols_put.patch @@ -62551,6 +62610,8 @@ patches.suse/usbnet-Fix-linkwatch-use-after-free-on-disconnect.patch patches.suse/usbnet-smsc95xx-Fix-deadlock-on-runtime-resume.patch patches.suse/spmi-trace-fix-stack-out-of-bound-access-in-SPMI-tracing-functions.patch + patches.suse/usb-host-Fix-refcount-leak-in-ehci_hcd_ppc_of_probe.patch + patches.suse/usb-ohci-nxp-Fix-refcount-leak-in-ohci_hcd_nxp_probe.patch patches.suse/KVM-x86-Mark-TSS-busy-during-LTR-emulation-_after_-a.patch patches.suse/KVM-x86-Set-error-code-to-segment-selector-on-LLDT-L.patch patches.suse/KVM-nVMX-Set-UMIP-bit-CR4_FIXED1-MSR-when-emulating-.patch @@ -62654,6 +62715,8 @@ patches.suse/fs-move-S_ISGID-stripping-into-the-vfs_-helpers.patch patches.suse/NFSv4.1-RECLAIM_COMPLETE-must-handle-EACCES.patch patches.suse/SUNRPC-Reinitialise-the-backchannel-request-buffers-.patch + patches.suse/Makefile-link-with-z-noexecstack-no-warn-rwx-segment.patch + patches.suse/x86-link-vdso-and-boot-with-z-noexecstack-no-warn-rw.patch patches.suse/ceph-don-t-truncate-file-in-atomic_open.patch patches.suse/atm-idt77252-fix-use-after-free-bugs-caused-by-tst_t.patch patches.suse/vsock-Fix-memory-leak-in-vsock_connect.patch @@ -62681,6 +62744,7 @@ patches.suse/s390-mm-do-not-trigger-write-fault-when-vma-does-not-allow-VM_WRITE patches.suse/mm-rmap-Fix-anon_vma-degree-ambiguity-leading-to-double-reuse.patch patches.suse/usb-storage-Add-ignore-residue-quirk-for-NXP-PN7462A.patch + patches.suse/usb-dwc3-fix-PHY-disable-sequence.patch patches.suse/usb-typec-altmodes-displayport-correct-pin-assignmen.patch patches.suse/USB-cdc-acm-Add-Icom-PMR-F3400-support-0c26-0020.patch patches.suse/usb-dwc2-fix-wrong-order-of-phy_power_on-and-phy_ini.patch @@ -62691,6 +62755,7 @@ patches.suse/USB-serial-ftdi_sio-add-Omron-CS1W-CIF31-device-id.patch patches.suse/USB-serial-cp210x-add-Decagon-UCA-device-id.patch patches.suse/USB-serial-ch341-fix-lost-character-on-LCR-updates.patch + patches.suse/USB-serial-ch341-fix-disabled-rx-timer-on-older-devi.patch patches.suse/staging-rtl8712-fix-use-after-free-bugs.patch patches.suse/Input-iforce-wake-up-after-clearing-IFORCE_XMIT_RUNN.patch patches.suse/s390-fix-nospec-table-alignments @@ -62699,6 +62764,7 @@ patches.suse/sch_sfb-Don-t-assume-the-skb-is-still-around-after-e.patch patches.suse/netfilter-nf_conntrack_irc-Fix-forged-IP-logic.patch patches.suse/i40e-Fix-kernel-crash-during-module-removal.patch + patches.suse/net-usb-qmi_wwan-add-Quectel-RM520N.patch patches.suse/sch_sfb-Also-store-skb-len-before-calling-child-enqu.patch patches.suse/ALSA-pcm-oss-Fix-race-at-SNDCTL_DSP_SYNC.patch patches.suse/scsi-lpfc-Add-missing-destroy_workqueue-in-error-path.patch @@ -62755,6 +62821,8 @@ patches.suse/scsi-qla2xxx-remove-unused-declarations-for-qla2xxx.patch patches.suse/scsi-libsas-Fix-use-after-free-bug-in-smp_execute_task_sg.patch patches.suse/scsi-stex-Properly-zero-out-the-passthrough-command-structure.patch + patches.suse/USB-serial-console-move-mutex_unlock-before-usb_seri.patch + patches.suse/xhci-Don-t-show-warning-for-reinit-on-known-broken-s.patch patches.suse/usb-mon-make-mmapped-memory-read-only.patch patches.suse/KVM-x86-emulator-Fix-handing-of-POP-SS-to-correctly-.patch patches.suse/powerpc-pci_dn-Add-missing-of_node_put.patch @@ -62805,6 +62873,7 @@ patches.suse/Bluetooth-L2CAP-Fix-accepting-connection-request-for.patch patches.suse/Bluetooth-L2CAP-Fix-attempting-to-access-uninitializ.patch patches.suse/ibmvnic-Free-rwi-on-reset-success.patch + patches.suse/xfs-Fix-unreferenced-object-reported-by-kmemleak-in-.patch patches.suse/ring-buffer-Check-for-NULL-cpu_buffer-in-ring_buffer_wake_waiters.patch patches.suse/ftrace-Fix-use-after-free-for-dynamic-ftrace_ops.patch patches.suse/ext4-fix-warning-in-ext4_da_release_space.patch @@ -62813,6 +62882,7 @@ patches.suse/scsi-ibmvfc-Avoid-path-failures-during-live-migratio.patch patches.suse/x86-cpu-Restore-AMD-s-DE_CFG-MSR-after-resume.patch patches.suse/xen-pcpu-fix-possible-memory-leak-in-register_pcpu.patch + patches.suse/l2tp-Serialize-access-to-sk_user_data-with-sk_callba.patch patches.suse/net-usb-qmi_wwan-add-Telit-0x103a-composition.patch patches.suse/0084-dm-ioctl-fix-misbehavior-if-list_versions-races-with-module-loading.patch patches.suse/drbd-use-after-free-in-drbd_create_device.patch @@ -62855,7 +62925,11 @@ patches.suse/0090-dm-cache-set-needs_check-flag-after-aborting-metadata.patch patches.suse/0091-dm-thin-resume-even-if-in-FAIL-mode.patch patches.suse/0092-dm-thin-Use-last-transaction-s-pmd-root-when-commit-failed.patch + patches.suse/media-coda-Add-check-for-dcoda_iram_alloc.patch + patches.suse/media-coda-Add-check-for-kmalloc.patch patches.suse/drm-vmwgfx-Validate-the-box-size-for-the-snooped-cur.patch + patches.suse/ipmi-fix-memleak-when-unload-ipmi-driver.patch + patches.suse/ipmi-fix-use-after-free-in-_ipmi_destroy_user.patch patches.suse/ibmveth-Always-stop-tx-queues-during-close.patch patches.suse/scsi-qla2xxx-Fix-set-but-not-used-variable-warnings.patch patches.suse/scsi-qla2xxx-Remove-unused-variable-found_devs.patch @@ -62875,26 +62949,67 @@ patches.suse/PCI-Check-for-alloc-failure-in-pci_request_irq.patch patches.suse/PCI-sysfs-Fix-double-free-in-error-path.patch patches.suse/tracing-Fix-infinite-loop-in-tracing_read_pipe-on-overflowed-print_trace_line.patch + patches.suse/x86-mm-Randomize-per-cpu-entry-area.patch patches.suse/powerpc-xive-add-missing-iounmap-in-error-path-in-xi.patch patches.suse/powerpc-perf-callchain-validate-kernel-stack-pointer.patch patches.suse/powerpc-pseries-unregister-VPA-when-hot-unplugging-a.patch patches.suse/powerpc-rtas-avoid-device-tree-lookups-in-rtas_os_te.patch patches.suse/powerpc-rtas-avoid-scheduling-in-rtas_os_term.patch patches.suse/powerpc-pseries-eeh-use-correct-API-for-error-log-si.patch + patches.suse/nfsd-under-NFSv4.1-fix-double-svc_xprt_put-on-rpc_cr.patch patches.suse/scsi-qla2xxx-Fix-crash-when-I-O-abort-times-out.patch + patches.suse/nfsd-fix-handling-of-readdir-in-v4root-vs.-mount-upc.patch patches.suse/x86-bugs-Flush-IBP-in-ib_prctl_set.patch patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch + patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch + patches.suse/SUNRPC-ensure-the-matching-upcall-is-in-flight-upon-.patch + patches.suse/pNFS-filelayout-Fix-coalescing-test-for-single-DS.patch patches.suse/net-sched-disallow-noqueue-for-qdisc-classes.patch patches.suse/ipv6-raw-Deduct-extension-header-length-in-rawv6_pus.patch patches.suse/ALSA-pcm-Move-rwsem-lock-inside-snd_ctl_elem_read-to.patch patches.suse/HID-check-empty-report_list-in-hid_validate_values.patch patches.suse/HID-betop-check-shape-of-output-reports.patch + patches.suse/net-usb-sr9700-Handle-negative-len.patch + patches.suse/prlimit-do_prlimit-needs-to-have-a-speculation-check.patch patches.suse/scsi-hpsa-Fix-allocation-size-for-scsi_host_alloc.patch patches.suse/module-Don-t-wait-for-GOING-modules.patch patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch patches.suse/tracing-Make-sure-trace_printk-can-output-as-soon-as-it-can-be-used.patch + patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch + patches.suse/net-usb-kalmia-Don-t-pass-act_len-in-usb_bulk_msg-er.patch + patches.suse/net-mpls-fix-stale-pointer-if-allocation-fails-durin.patch + patches.suse/block-bio-integrity-Copy-flags-when-bio_integrity_pa.patch + patches.suse/scsi-qla2xxx-check-if-port-is-online-before-sending-els.patch + patches.suse/scsi-qla2xxx-fix-link-failure-in-npiv-environment.patch + patches.suse/scsi-qla2xxx-fix-dma-api-call-trace-on-nvme-ls-requests.patch + patches.suse/scsi-qla2xxx-fix-exchange-oversubscription.patch + patches.suse/scsi-qla2xxx-fix-exchange-oversubscription-for-management-commands.patch + patches.suse/scsi-qla2xxx-fix-stalled-login.patch + patches.suse/scsi-qla2xxx-remove-unintended-flag-clearing.patch + patches.suse/scsi-qla2xxx-fix-erroneous-link-down.patch + patches.suse/scsi-qla2xxx-remove-increment-of-interface-err-cnt.patch + patches.suse/scsi-qla2xxx-fix-iocb-resource-check-warning.patch + patches.suse/scsi-qla2xxx-update-version-to-10.02.08.100-k.patch + patches.suse/scsi-qla2xxx-remove-dead-code.patch + patches.suse/scsi-qla2xxx-remove-dead-code-gpnid.patch + patches.suse/scsi-qla2xxx-remove-dead-code-gnn-id.patch + patches.suse/scsi-qla2xxx-relocate-rename-vp-map.patch + patches.suse/scsi-qla2xxx-edif-fix-performance-dip-due-to-lock-contention.patch + patches.suse/scsi-qla2xxx-edif-fix-stall-session-after-app-start.patch + patches.suse/scsi-qla2xxx-edif-reduce-memory-usage-during-low-i-o.patch + patches.suse/scsi-qla2xxx-edif-fix-clang-warning.patch + patches.suse/scsi-qla2xxx-select-qpair-depending-on-which-cpu-post_cmd-gets.patch + patches.suse/scsi-qla2xxx-update-version-to-10.02.08.200-k.patch + patches.suse/scsi-qla2xxx-fix-printk-format-string.patch + patches.suse/scsi-qla2xxx-make-qla_trim_buf-and-__qla_adjust_buf-static.patch + patches.suse/scsi-qla2xxx-use-a-variable-for-repeated-mem_size-computation.patch + patches.suse/scsi-qla2xxx-simplify-if-condition-evaluation.patch + patches.suse/scsi-qla2xxx-remove-the-unused-variable-wwn.patch + patches.suse/nfsd-fix-race-to-check-ls_layouts.patch + patches.suse/media-platform-ti-Add-missing-check-for-devm_regulat.patch + patches.suse/media-rc-Fix-use-after-free-bugs-caused-by-ene_tx_ir.patch # dhowells/linux-fs keys-uefi patches.suse/0001-KEYS-Allow-unrestricted-boot-time-addition-of-keys-t.patch @@ -62903,6 +63018,9 @@ patches.suse/0005-MODSIGN-Allow-the-db-UEFI-variable-to-be-suppressed.patch patches.suse/0006-modsign-Use-secondary-trust-keyring-for-module-signi.patch + # mkp/scsi fixes + patches.suse/scsi-qla2xxx-Add-option-to-disable-FC2-Target-suppor.patch + # out-of-tree patches patches.suse/net-mvpp2-fix-condition-for-setting-up-link-interrup.patch patches.suse/cifs-handle-netapp-error-codes.patch @@ -63106,6 +63224,8 @@ # bsc#1154366 patches.suse/mm-Avoid-calling-build_all_zonelists_init-under-hotp.patch + patches.suse/ocfs2-fix-data-corruption-after-failed-write.patch + ######################################################## # misc small fixes ######################################################## @@ -63315,6 +63435,7 @@ patches.suse/SUNRPC-change-locking-for-xs_swap_enable-disable.patch patches.suse/nfs-access-cache-no-negative.patch patches.suse/NFS-Handle-missing-attributes-in-OPEN.patch + patches.suse/sunrpc-make-lockless-test-safe.patch ######################################################## # Overlayfs @@ -63339,9 +63460,6 @@ patches.suse/dasd_fba-Display-00000000-for-zero-page-when-dumping.patch patches.suse/scsi-lpfc-update-the-obsolete-adapter-list.patch - #bsc#1198438 - patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch - # NVMe patches.suse/nvme-Do-not-remove-namespaces-during-reset.patch patches.suse/nvme-flush-scan_work-when-resetting-controller.patch @@ -63411,6 +63529,8 @@ patches.suse/0001-drm-qxl-Return-error-if-fbdev-is-not-32-bpp.patch patches.suse/drm-fix-spectre-issue-in-vmw_execbuf_ioctl.patch + patches.suse/0001-drm-vmwgfx-Avoid-NULL-ptr-deref-in-vmw_cmd_dx_define.patch + ######################################################## # Out-of-tree networking ######################################################## @@ -63925,6 +64045,10 @@ patches.kabi/move-new-members-of-struct-usbnet-to-end.patch patches.kabi/struct-dwc3-move-new-members-to-the-end.patch patches.kabi/iforce-restore-old-iforce_dump_packet.patch + patches.kabi/cpu-hotplug-Fix-SMT-disabled-by-BIOS-detection-for-K.patch + patches.kabi/sock.h-fix-kabi.patch + patches.kabi/SUNRPC-Fix-priority-queue-fairness.patch + patches.kabi/NFS-Pass-error-information-to-the-pgio-error-cleanup.patch ######################################################## # You'd better have a good reason for adding a patch