From c41a65cc53c75946b60a5fbe31064d501207867b Mon Sep 17 00:00:00 2001 From: Michal Kubecek Date: Apr 14 2021 10:10:07 +0000 Subject: Merge branches 'users/bpetkov/SLE15-SP2/for-next', 'users/glin/SLE15-SP2/for-next', 'users/jroedel/SLE15-SP2/for-next', 'users/lhenriques/SLE15-SP2/for-next' and 'users/mwilck/SLE15-SP2/for-next' into SLE15-SP2 Pull a blacklist update from Borislav Petkov. Pull bpf fixes from Gary Lin. Pull an iommu fix from Jörg Roedel. Pull a CVE reference update from Luis Henriques. Pull a dm fix from Martin Wilck. --- diff --git a/blacklist.conf b/blacklist.conf index d6501fd..754b7f3 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -561,5 +561,7 @@ c915ef890d5dc79f483e1ca3b3a5b5f1a170690c # Affected code does not exist: drm/amd 0cc4a0c486f37af1ea3932ae8f76afbefe105a32 # cosmetic fix 69baf338fc16a4d55c78da8874ce3f06feb38c78 # breaks kABI 04b38d012556199ba4c31195940160e0c44c64f0 # touches ifdeffed out code, all configs have CONFIG_SECCOMP_FILTER=y +dda44eb29c235735a5ceae283dc521cfca27885c # requires c420644c0a8f8839ca7269acbb8a3fc7fe1ec97d powerpc: Use mm_context vas_windows counter to issue CP_ABORT +c420644c0a8f8839ca7269acbb8a3fc7fe1ec97d # only required for dda44eb29c235735a5ceae283dc521cfca27885c dd926880da8dbbe409e709c1d3c1620729a94732 # commit message says "does not affect current users of mainline kernels on x86." 66c1b6d74cd7035e85c426f0af4aede19e805c8a # not really needed define move diff --git a/patches.kabi/kABI-powerpc-pmem-Include-pmem-prototypes.patch b/patches.kabi/kABI-powerpc-pmem-Include-pmem-prototypes.patch new file mode 100644 index 0000000..5470ba3 --- /dev/null +++ b/patches.kabi/kABI-powerpc-pmem-Include-pmem-prototypes.patch @@ -0,0 +1,21 @@ +From: Michal Suchanek +Subject: kABI: powerpc/pmem: Include pmem prototypes + +References: bsc#1113295 git-fixes +Patch-mainline: never, kABI + +Acked-by: Michal Suchanek +--- + +--- a/arch/powerpc/lib/pmem.c ++++ b/arch/powerpc/lib/pmem.c +@@ -6,7 +6,9 @@ + #include + #include + #include ++#ifndef __GENKSYMS__ + #include ++#endif + + #include + diff --git a/patches.suse/Documentation-ABI-sysfs-platform-ideapad-laptop-upda.patch b/patches.suse/Documentation-ABI-sysfs-platform-ideapad-laptop-upda.patch new file mode 100644 index 0000000..1b13026 --- /dev/null +++ b/patches.suse/Documentation-ABI-sysfs-platform-ideapad-laptop-upda.patch @@ -0,0 +1,65 @@ +From 725f41339a70b78cd10dba71ee8ec252083b40ec Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Barnab=C3=A1s=20P=C5=91cze?= +Date: Wed, 3 Feb 2021 21:57:19 +0000 +Subject: [PATCH] Documentation/ABI: sysfs-platform-ideapad-laptop: update + device attribute paths +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 725f41339a70b78cd10dba71ee8ec252083b40ec +References: git-fixes +Patch-mainline: v5.12-rc1 + +The documentation referred to non-existent device +attributes under a non-existent platform device. +Update it with the current location of the attributes. + +Fixes: b5c37b798f2d ("ideapad_laptop: convert ideapad device/driver to platform bus") +Signed-off-by: Barnabás Pőcze +Link: https://lore.kernel.org/r/20210203215403.290792-29-pobrn@protonmail.com +Reviewed-by: Hans de Goede +Signed-off-by: Hans de Goede +Signed-off-by: Oliver Neukum +--- + Documentation/ABI/testing/sysfs-platform-ideapad-laptop | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/Documentation/ABI/testing/sysfs-platform-ideapad-laptop b/Documentation/ABI/testing/sysfs-platform-ideapad-laptop +index b17688d73922..5ec0dee9e707 100644 +--- a/Documentation/ABI/testing/sysfs-platform-ideapad-laptop ++++ b/Documentation/ABI/testing/sysfs-platform-ideapad-laptop +@@ -1,11 +1,11 @@ +-What: /sys/devices/platform/ideapad/camera_power ++What: /sys/bus/platform/devices/VPC2004:*/camera_power + Date: Dec 2010 + KernelVersion: 2.6.37 + Contact: "Ike Panhc " + Description: + Control the power of camera module. 1 means on, 0 means off. + +-What: /sys/devices/platform/ideapad/fan_mode ++What: /sys/bus/platform/devices/VPC2004:*/fan_mode + Date: June 2012 + KernelVersion: 3.6 + Contact: "Maxim Mikityanskiy " +@@ -18,7 +18,7 @@ Description: + * 2 -> Dust Cleaning + * 4 -> Efficient Thermal Dissipation Mode + +-What: /sys/devices/platform/ideapad/touchpad ++What: /sys/bus/platform/devices/VPC2004:*/touchpad + Date: May 2017 + KernelVersion: 4.13 + Contact: "Ritesh Raj Sarraf " +@@ -27,7 +27,7 @@ Description: + * 1 -> Switched On + * 0 -> Switched Off + +-What: /sys/bus/pci/devices///VPC2004:00/fn_lock ++What: /sys/bus/platform/devices/VPC2004:*/fn_lock + Date: May 2018 + KernelVersion: 4.18 + Contact: "Oleg Keri " +-- +2.26.2 + diff --git a/patches.suse/atl1c-fix-error-return-code-in-atl1c_probe.patch b/patches.suse/atl1c-fix-error-return-code-in-atl1c_probe.patch new file mode 100644 index 0000000..f68dc4e --- /dev/null +++ b/patches.suse/atl1c-fix-error-return-code-in-atl1c_probe.patch @@ -0,0 +1,39 @@ +From 1e49f4690acb0ed0926d7becf3d3bc4ec0597b2d Mon Sep 17 00:00:00 2001 +From: Zhang Changzhong +Date: Tue, 17 Nov 2020 10:55:21 +0800 +Subject: [PATCH 07/14] atl1c: fix error return code in atl1c_probe() +Git-commit: 537a14726582c4e7bfe4dff9cb7fca19dc912cf6 +Patch-mainline: v5.10-rc5 +References: git-fixes + +Fix to return a negative error code from the error handling +case instead of 0, as done elsewhere in this function. + +Fixes: 43250ddd75a3 ("atl1c: Atheros L1C Gigabit Ethernet driver") +Reported-by: Hulk Robot +Signed-off-by: Zhang Changzhong +Link: https://lore.kernel.org/r/1605581721-36028-1-git-send-email-zhangchangzhong@huawei.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/atheros/atl1c/atl1c_main.c b/drivers/net/ethernet/atheros/atl1c/atl1c_main.c +index 9e970f5f773c..3befb727a7fb 100644 +--- a/drivers/net/ethernet/atheros/atl1c/atl1c_main.c ++++ b/drivers/net/ethernet/atheros/atl1c/atl1c_main.c +@@ -2553,8 +2553,8 @@ static int atl1c_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + * various kernel subsystems to support the mechanics required by a + * fixed-high-32-bit system. + */ +- if ((dma_set_mask(&pdev->dev, DMA_BIT_MASK(32)) != 0) || +- (dma_set_coherent_mask(&pdev->dev, DMA_BIT_MASK(32)) != 0)) { ++ err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(32)); ++ if (err) { + dev_err(&pdev->dev, "No usable DMA configuration,aborting\n"); + goto err_dma; + } +-- +2.16.4 + diff --git a/patches.suse/atl1e-fix-error-return-code-in-atl1e_probe.patch b/patches.suse/atl1e-fix-error-return-code-in-atl1e_probe.patch new file mode 100644 index 0000000..985563b --- /dev/null +++ b/patches.suse/atl1e-fix-error-return-code-in-atl1e_probe.patch @@ -0,0 +1,39 @@ +From 8948eca3e08e2c21b2c0e8ffb6f901e1e811546a Mon Sep 17 00:00:00 2001 +From: Zhang Changzhong +Date: Tue, 17 Nov 2020 10:57:55 +0800 +Subject: [PATCH 08/14] atl1e: fix error return code in atl1e_probe() +Git-commit: 3a36060bf294e7b7e33c5dddcc4f5d2c1c834e56 +Patch-mainline: v5.10-rc5 +References: git-fixes + +Fix to return a negative error code from the error handling +case instead of 0, as done elsewhere in this function. + +Fixes: a6a5325239c2 ("atl1e: Atheros L1E Gigabit Ethernet driver") +Reported-by: Hulk Robot +Signed-off-by: Zhang Changzhong +Link: https://lore.kernel.org/r/1605581875-36281-1-git-send-email-zhangchangzhong@huawei.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c +index 9c149237d48a..775413547136 100644 +--- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c ++++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c +@@ -2315,8 +2315,8 @@ static int atl1e_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + * various kernel subsystems to support the mechanics required by a + * fixed-high-32-bit system. + */ +- if ((dma_set_mask(&pdev->dev, DMA_BIT_MASK(32)) != 0) || +- (dma_set_coherent_mask(&pdev->dev, DMA_BIT_MASK(32)) != 0)) { ++ err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(32)); ++ if (err) { + dev_err(&pdev->dev, "No usable DMA configuration,aborting\n"); + goto err_dma; + } +-- +2.16.4 + diff --git a/patches.suse/batman-adv-initialize-struct-batadv_tvlv_tt_vlan_dat.patch b/patches.suse/batman-adv-initialize-struct-batadv_tvlv_tt_vlan_dat.patch new file mode 100644 index 0000000..c560654 --- /dev/null +++ b/patches.suse/batman-adv-initialize-struct-batadv_tvlv_tt_vlan_dat.patch @@ -0,0 +1,48 @@ +From 08c27f3322fec11950b8f1384aa0f3b11d028528 Mon Sep 17 00:00:00 2001 +From: Tetsuo Handa +Date: Mon, 5 Apr 2021 19:16:50 +0900 +Subject: [PATCH] batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field +Git-commit: 08c27f3322fec11950b8f1384aa0f3b11d028528 +Patch-mainline: v5.12-rc7 +References: git-fixes + +KMSAN found uninitialized value at batadv_tt_prepare_tvlv_local_data() +[1], for commit ced72933a5e8ab52 ("batman-adv: use CRC32C instead of CRC16 +in TT code") inserted 'reserved' field into "struct batadv_tvlv_tt_data" +and commit 7ea7b4a142758dea ("batman-adv: make the TT CRC logic VLAN +specific") moved that field to "struct batadv_tvlv_tt_vlan_data" but left +that field uninitialized. + +[1] https://syzkaller.appspot.com/bug?id=07f3e6dba96f0eb3cabab986adcd8a58b9bdbe9d + +Reported-by: syzbot +Tested-by: syzbot +Signed-off-by: Tetsuo Handa +Fixes: ced72933a5e8ab52 ("batman-adv: use CRC32C instead of CRC16 in TT code") +Fixes: 7ea7b4a142758dea ("batman-adv: make the TT CRC logic VLAN specific") +Acked-by: Sven Eckelmann +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + net/batman-adv/translation-table.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/batman-adv/translation-table.c ++++ b/net/batman-adv/translation-table.c +@@ -891,6 +891,7 @@ batadv_tt_prepare_tvlv_global_data(struc + hlist_for_each_entry_rcu(vlan, &orig_node->vlan_list, list) { + tt_vlan->vid = htons(vlan->vid); + tt_vlan->crc = htonl(vlan->tt.crc); ++ tt_vlan->reserved = 0; + + tt_vlan++; + } +@@ -974,6 +975,7 @@ batadv_tt_prepare_tvlv_local_data(struct + + tt_vlan->vid = htons(vlan->vid); + tt_vlan->crc = htonl(vlan->tt.crc); ++ tt_vlan->reserved = 0; + + tt_vlan++; + } diff --git a/patches.suse/bpf-Fix-verifier-jsgt-branch-analysis-on-max-bound.patch b/patches.suse/bpf-Fix-verifier-jsgt-branch-analysis-on-max-bound.patch new file mode 100644 index 0000000..7061805 --- /dev/null +++ b/patches.suse/bpf-Fix-verifier-jsgt-branch-analysis-on-max-bound.patch @@ -0,0 +1,44 @@ +From: Daniel Borkmann +Date: Fri, 5 Feb 2021 17:20:14 +0100 +Subject: bpf: Fix verifier jsgt branch analysis on max bound +Patch-mainline: v5.11 +Git-commit: ee114dd64c0071500345439fc79dd5e0f9d106ed +References: bsc#1155518 + +Fix incorrect is_branch{32,64}_taken() analysis for the jsgt case. The return +code for both will tell the caller whether a given conditional jump is taken +or not, e.g. 1 means branch will be taken [for the involved registers] and the +goto target will be executed, 0 means branch will not be taken and instead we +fall-through to the next insn, and last but not least a -1 denotes that it is +not known at verification time whether a branch will be taken or not. Now while +the jsgt has the branch-taken case correct with reg->s32_min_value > sval, the +branch-not-taken case is off-by-one when testing for reg->s32_max_value < sval +since the branch will also be taken for reg->s32_max_value == sval. The jgt +branch analysis, for example, gets this right. + +Fixes: 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") +Fixes: 4f7b3e82589e ("bpf: improve verifier branch analysis") +Signed-off-by: Daniel Borkmann +Reviewed-by: John Fastabend +Acked-by: Alexei Starovoitov +Acked-by: Gary Lin + +NOTE from Gary: + * This patch is modified for SLE15-SP2 only. Since 3f50f132d840 is not merged, + the diff for is_branch32_taken() is omitted. + +--- + kernel/bpf/verifier.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/bpf/verifier.c ++++ b/kernel/bpf/verifier.c +@@ -5499,7 +5499,7 @@ static int is_branch_taken(struct bpf_re + case BPF_JSGT: + if (reg->smin_value > sval) + return 1; +- else if (reg->smax_value < sval) ++ else if (reg->smax_value <= sval) + return 0; + break; + case BPF_JLT: diff --git a/patches.suse/bpf-Remove-MTU-check-in-__bpf_skb_max_len.patch b/patches.suse/bpf-Remove-MTU-check-in-__bpf_skb_max_len.patch new file mode 100644 index 0000000..4920353 --- /dev/null +++ b/patches.suse/bpf-Remove-MTU-check-in-__bpf_skb_max_len.patch @@ -0,0 +1,80 @@ +From: Jesper Dangaard Brouer +Date: Tue, 9 Feb 2021 14:38:09 +0100 +Subject: bpf: Remove MTU check in __bpf_skb_max_len +Patch-mainline: v5.12-rc1 +Git-commit: 6306c1189e77a513bf02720450bb43bd4ba5d8ae +References: bsc#1155518 + +Multiple BPF-helpers that can manipulate/increase the size of the SKB uses +__bpf_skb_max_len() as the max-length. This function limit size against +the current net_device MTU (skb->dev->mtu). + +When a BPF-prog grow the packet size, then it should not be limited to the +MTU. The MTU is a transmit limitation, and software receiving this packet +should be allowed to increase the size. Further more, current MTU check in +__bpf_skb_max_len uses the MTU from ingress/current net_device, which in +case of redirects uses the wrong net_device. + +This patch keeps a sanity max limit of SKB_MAX_ALLOC (16KiB). The real limit +is elsewhere in the system. Jesper's testing[1] showed it was not possible +to exceed 8KiB when expanding the SKB size via BPF-helper. The limiting +factor is the define KMALLOC_MAX_CACHE_SIZE which is 8192 for +SLUB-allocator (CONFIG_SLUB) in-case PAGE_SIZE is 4096. This define is +in-effect due to this being called from softirq context see code +__gfp_pfmemalloc_flags() and __do_kmalloc_node(). Jakub's testing showed +that frames above 16KiB can cause NICs to reset (but not crash). Keep this +sanity limit at this level as memory layer can differ based on kernel +config. + +[1] https://github.com/xdp-project/bpf-examples/tree/master/MTU-tests + +Signed-off-by: Jesper Dangaard Brouer +Signed-off-by: Daniel Borkmann +Acked-by: John Fastabend +Link: https://lore.kernel.org/bpf/161287788936.790810.2937823995775097177.stgit@firesoul +Acked-by: Gary Lin +--- + net/core/filter.c | 12 ++++-------- + 1 file changed, 4 insertions(+), 8 deletions(-) + +--- a/net/core/filter.c ++++ b/net/core/filter.c +@@ -3144,18 +3144,14 @@ static int bpf_skb_net_shrink(struct sk_ + return 0; + } + +-static u32 __bpf_skb_max_len(const struct sk_buff *skb) +-{ +- return skb->dev ? skb->dev->mtu + skb->dev->hard_header_len : +- SKB_MAX_ALLOC; +-} ++#define BPF_SKB_MAX_LEN SKB_MAX_ALLOC + + BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff, + u32, mode, u64, flags) + { + u32 len_cur, len_diff_abs = abs(len_diff); + u32 len_min = bpf_skb_net_base_len(skb); +- u32 len_max = __bpf_skb_max_len(skb); ++ u32 len_max = BPF_SKB_MAX_LEN; + __be16 proto = skb->protocol; + bool shrink = len_diff < 0; + u32 off; +@@ -3235,7 +3231,7 @@ static int bpf_skb_trim_rcsum(struct sk_ + static inline int __bpf_skb_change_tail(struct sk_buff *skb, u32 new_len, + u64 flags) + { +- u32 max_len = __bpf_skb_max_len(skb); ++ u32 max_len = BPF_SKB_MAX_LEN; + u32 min_len = __bpf_skb_min_len(skb); + int ret; + +@@ -3311,7 +3307,7 @@ static const struct bpf_func_proto sk_sk + static inline int __bpf_skb_change_head(struct sk_buff *skb, u32 head_room, + u64 flags) + { +- u32 max_len = __bpf_skb_max_len(skb); ++ u32 max_len = BPF_SKB_MAX_LEN; + u32 new_len = skb->len + head_room; + int ret; + diff --git a/patches.suse/bpf-sockmap-Fix-sk-prot-unhash-op-reset.patch b/patches.suse/bpf-sockmap-Fix-sk-prot-unhash-op-reset.patch new file mode 100644 index 0000000..c304d0d --- /dev/null +++ b/patches.suse/bpf-sockmap-Fix-sk-prot-unhash-op-reset.patch @@ -0,0 +1,89 @@ +From: John Fastabend +Date: Thu, 1 Apr 2021 15:00:19 -0700 +Subject: bpf, sockmap: Fix sk->prot unhash op reset +Patch-mainline: v5.12-rc7 +Git-commit: 1c84b33101c82683dee8b06761ca1f69e78c8ee7 +References: bsc#1155518 + +In '4da6a196f93b1' we fixed a potential unhash loop caused when +a TLS socket in a sockmap was removed from the sockmap. This +happened because the unhash operation on the TLS ctx continued +to point at the sockmap implementation of unhash even though the +psock has already been removed. The sockmap unhash handler when a +psock is removed does the following, + + void sock_map_unhash(struct sock *sk) + { + void (*saved_unhash)(struct sock *sk); + struct sk_psock *psock; + + rcu_read_lock(); + psock = sk_psock(sk); + if (unlikely(!psock)) { + rcu_read_unlock(); + if (sk->sk_prot->unhash) + sk->sk_prot->unhash(sk); + return; + } + [...] + } + +The unlikely() case is there to handle the case where psock is detached +but the proto ops have not been updated yet. But, in the above case +with TLS and removed psock we never fixed sk_prot->unhash() and unhash() +points back to sock_map_unhash resulting in a loop. To fix this we added +this bit of code, + + static inline void sk_psock_restore_proto(struct sock *sk, + struct sk_psock *psock) + { + sk->sk_prot->unhash = psock->saved_unhash; + +This will set the sk_prot->unhash back to its saved value. This is the +correct callback for a TLS socket that has been removed from the sock_map. +Unfortunately, this also overwrites the unhash pointer for all psocks. +We effectively break sockmap unhash handling for any future socks. +Omitting the unhash operation will leave stale entries in the map if +a socket transition through unhash, but does not do close() op. + +To fix set unhash correctly before calling into tls_update. This way the +TLS enabled socket will point to the saved unhash() handler. + +Fixes: 4da6a196f93b1 ("bpf: Sockmap/tls, during free we may call tcp_bpf_unhash() in loop") +Reported-by: Cong Wang +Reported-by: Lorenz Bauer +Suggested-by: Cong Wang +Signed-off-by: John Fastabend +Signed-off-by: Daniel Borkmann +Link: https://lore.kernel.org/bpf/161731441904.68884.15593917809745631972.stgit@john-XPS-13-9370 +Acked-by: Gary Lin + +NOTE from Gary: + * This patch is modified to fit SLE15-SP2. + +--- + include/linux/skmsg.h | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/include/linux/skmsg.h ++++ b/include/linux/skmsg.h +@@ -358,13 +358,17 @@ static inline void sk_psock_update_proto + static inline void sk_psock_restore_proto(struct sock *sk, + struct sk_psock *psock) + { +- sk->sk_prot->unhash = psock->saved_unhash; +- + if (psock->sk_proto) { + struct inet_connection_sock *icsk = inet_csk(sk); + bool has_ulp = !!icsk->icsk_ulp_data; + + if (has_ulp) { ++ /* TLS does not have an unhash proto in SW cases, but we need ++ * to ensure we stop using the sock_map unhash routine because ++ * the associated psock is being removed. So use the original ++ * unhash handler. ++ */ ++ WRITE_ONCE(sk->sk_prot->unhash, psock->saved_unhash); + tcp_update_ulp(sk, psock->sk_proto, + psock->saved_write_space); + } else { diff --git a/patches.suse/bpf-x86-Validate-computation-of-branch-displacements-26f55a59.patch b/patches.suse/bpf-x86-Validate-computation-of-branch-displacements-26f55a59.patch new file mode 100644 index 0000000..a6c5ba9 --- /dev/null +++ b/patches.suse/bpf-x86-Validate-computation-of-branch-displacements-26f55a59.patch @@ -0,0 +1,58 @@ +From: Piotr Krysiuk +Date: Tue, 6 Apr 2021 21:59:39 +0100 +Subject: bpf, x86: Validate computation of branch displacements for x86-32 +Patch-mainline: v5.12-rc7 +Git-commit: 26f55a59dc65ff77cd1c4b37991e26497fc68049 +References: bsc#1184391 CVE-2021-29154 + +The branch displacement logic in the BPF JIT compilers for x86 assumes +that, for any generated branch instruction, the distance cannot +increase between optimization passes. + +But this assumption can be violated due to how the distances are +computed. Specifically, whenever a backward branch is processed in +do_jit(), the distance is computed by subtracting the positions in the +machine code from different optimization passes. This is because part +of addrs[] is already updated for the current optimization pass, before +the branch instruction is visited. + +And so the optimizer can expand blocks of machine code in some cases. + +This can confuse the optimizer logic, where it assumes that a fixed +point has been reached for all machine code blocks once the total +program size stops changing. And then the JIT compiler can output +abnormal machine code containing incorrect branch displacements. + +To mitigate this issue, we assert that a fixed point is reached while +populating the output image. This rejects any problematic programs. +The issue affects both x86-32 and x86-64. We mitigate separately to +ease backporting. + +Signed-off-by: Piotr Krysiuk +Reviewed-by: Daniel Borkmann +Signed-off-by: Daniel Borkmann +Acked-by: Gary Lin +--- + arch/x86/net/bpf_jit_comp32.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/arch/x86/net/bpf_jit_comp32.c ++++ b/arch/x86/net/bpf_jit_comp32.c +@@ -2260,7 +2260,16 @@ notyet: + } + + if (image) { +- if (unlikely(proglen + ilen > oldproglen)) { ++ /* ++ * When populating the image, assert that: ++ * ++ * i) We do not write beyond the allocated space, and ++ * ii) addrs[i] did not change from the prior run, in order ++ * to validate assumptions made for computing branch ++ * displacements. ++ */ ++ if (unlikely(proglen + ilen > oldproglen || ++ proglen + ilen != addrs[i])) { + pr_err("bpf_jit: fatal error\n"); + return -EFAULT; + } diff --git a/patches.suse/bpf-x86-Validate-computation-of-branch-displacements.patch b/patches.suse/bpf-x86-Validate-computation-of-branch-displacements.patch new file mode 100644 index 0000000..ca90198 --- /dev/null +++ b/patches.suse/bpf-x86-Validate-computation-of-branch-displacements.patch @@ -0,0 +1,58 @@ +From: Piotr Krysiuk +Date: Mon, 5 Apr 2021 22:52:15 +0100 +Subject: bpf, x86: Validate computation of branch displacements for x86-64 +Patch-mainline: v5.12-rc7 +Git-commit: e4d4d456436bfb2fe412ee2cd489f7658449b098 +References: bsc#1184391 CVE-2021-29154 + +The branch displacement logic in the BPF JIT compilers for x86 assumes +that, for any generated branch instruction, the distance cannot +increase between optimization passes. + +But this assumption can be violated due to how the distances are +computed. Specifically, whenever a backward branch is processed in +do_jit(), the distance is computed by subtracting the positions in the +machine code from different optimization passes. This is because part +of addrs[] is already updated for the current optimization pass, before +the branch instruction is visited. + +And so the optimizer can expand blocks of machine code in some cases. + +This can confuse the optimizer logic, where it assumes that a fixed +point has been reached for all machine code blocks once the total +program size stops changing. And then the JIT compiler can output +abnormal machine code containing incorrect branch displacements. + +To mitigate this issue, we assert that a fixed point is reached while +populating the output image. This rejects any problematic programs. +The issue affects both x86-32 and x86-64. We mitigate separately to +ease backporting. + +Signed-off-by: Piotr Krysiuk +Reviewed-by: Daniel Borkmann +Signed-off-by: Daniel Borkmann +Acked-by: Gary Lin +--- + arch/x86/net/bpf_jit_comp.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/arch/x86/net/bpf_jit_comp.c ++++ b/arch/x86/net/bpf_jit_comp.c +@@ -1394,7 +1394,16 @@ emit_jmp: + } + + if (image) { +- if (unlikely(proglen + ilen > oldproglen)) { ++ /* ++ * When populating the image, assert that: ++ * ++ * i) We do not write beyond the allocated space, and ++ * ii) addrs[i] did not change from the prior run, in order ++ * to validate assumptions made for computing branch ++ * displacements. ++ */ ++ if (unlikely(proglen + ilen > oldproglen || ++ proglen + ilen != addrs[i])) { + pr_err("bpf_jit: fatal error\n"); + return -EFAULT; + } diff --git a/patches.suse/bus-ti-sysc-Fix-warning-on-unbind-if-reset-is-not-de.patch b/patches.suse/bus-ti-sysc-Fix-warning-on-unbind-if-reset-is-not-de.patch new file mode 100644 index 0000000..53d5ac3 --- /dev/null +++ b/patches.suse/bus-ti-sysc-Fix-warning-on-unbind-if-reset-is-not-de.patch @@ -0,0 +1,47 @@ +From a7b5d7c4969aba8d1f04c29048906abaa71fb6a9 Mon Sep 17 00:00:00 2001 +From: Tony Lindgren +Date: Thu, 18 Feb 2021 13:06:57 +0200 +Subject: [PATCH] bus: ti-sysc: Fix warning on unbind if reset is not deasserted +Git-commit: a7b5d7c4969aba8d1f04c29048906abaa71fb6a9 +Patch-mainline: v5.12-rc5 +References: git-fixes + +We currently get thefollowing on driver unbind if a reset is configured +and asserted: + +Warning: CPU: 0 PID: 993 at drivers/reset/core.c:432 reset_control_assert +... +(reset_control_assert) from [] (sysc_remove+0x190/0x1e4) +(sysc_remove) from [] (platform_remove+0x24/0x3c) +(platform_remove) from [] (__device_release_driver+0x154/0x214) +(__device_release_driver) from [] (device_driver_detach+0x3c/0x8c) +(device_driver_detach) from [] (unbind_store+0x60/0xd4) +(unbind_store) from [] (kernfs_fop_write_iter+0x10c/0x1cc) + +Let's fix it by checking the reset status. + +Signed-off-by: Tony Lindgren +Acked-by: Takashi Iwai + +--- + drivers/bus/ti-sysc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/bus/ti-sysc.c b/drivers/bus/ti-sysc.c +index a27d751cf219..3d74f237f005 100644 +--- a/drivers/bus/ti-sysc.c ++++ b/drivers/bus/ti-sysc.c +@@ -3053,7 +3053,9 @@ static int sysc_remove(struct platform_device *pdev) + + pm_runtime_put_sync(&pdev->dev); + pm_runtime_disable(&pdev->dev); +- reset_control_assert(ddata->rsts); ++ ++ if (!reset_control_status(ddata->rsts)) ++ reset_control_assert(ddata->rsts); + + unprepare: + sysc_unprepare(ddata); +-- +2.26.2 + diff --git a/patches.suse/clk-fix-invalid-usage-of-list-cursor-in-register.patch b/patches.suse/clk-fix-invalid-usage-of-list-cursor-in-register.patch new file mode 100644 index 0000000..97452b3 --- /dev/null +++ b/patches.suse/clk-fix-invalid-usage-of-list-cursor-in-register.patch @@ -0,0 +1,84 @@ +From 8d3c0c01cb2e36b2bf3c06a82b18b228d0c8f5d0 Mon Sep 17 00:00:00 2001 +From: Lukasz Bartosik +Date: Fri, 2 Apr 2021 00:51:48 +0200 +Subject: [PATCH] clk: fix invalid usage of list cursor in register +Git-commit: 8d3c0c01cb2e36b2bf3c06a82b18b228d0c8f5d0 +Patch-mainline: v5.12-rc7 +References: git-fixes + +Fix invalid usage of a list_for_each_entry cursor in +clk_notifier_register(). When list is empty or if the list +is completely traversed (without breaking from the loop on one +of the entries) then the list cursor does not point to a valid +entry and therefore should not be used. + +The issue was dicovered when running 5.12-rc1 kernel on x86_64 +with KASAN enabled: +Bug: KASAN: global-out-of-bounds in clk_notifier_register+0xab/0x230 +Read of size 8 at addr ffffffffa0d10588 by task swapper/0/1 + +Cpu: 1 PID: 1 Comm: swapper/0 Not tainted 5.12.0-rc1 #1 +Hardware name: Google Caroline/Caroline, +BIOS Google_Caroline.7820.430.0 07/20/2018 +Call Trace: + dump_stack+0xee/0x15c + print_address_description+0x1e/0x2dc + kasan_report+0x188/0x1ce + ? clk_notifier_register+0xab/0x230 + ? clk_prepare_lock+0x15/0x7b + ? clk_notifier_register+0xab/0x230 + clk_notifier_register+0xab/0x230 + dw8250_probe+0xc01/0x10d4 +... +Memory state around the buggy address: + ffffffffa0d10480: 00 00 00 00 00 03 f9 f9 f9 f9 f9 f9 00 00 00 00 + ffffffffa0d10500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 +>ffffffffa0d10580: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 ^ ffffffffa0d10600: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 ffffffffa0d10680: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00 ================================================================== + +Fixes: b2476490ef11 ("clk: introduce the common clock framework") +Reported-by: Lukasz Majczak +Signed-off-by: Lukasz Bartosik +Link: https://lore.kernel.org/r/20210401225149.18826-1-lb@semihalf.com +Signed-off-by: Stephen Boyd +Acked-by: Takashi Iwai + +--- + drivers/clk/clk.c | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) + +diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c +index 5052541a0986..16634d5912be 100644 +--- a/drivers/clk/clk.c ++++ b/drivers/clk/clk.c +@@ -4357,20 +4357,19 @@ int clk_notifier_register(struct clk *clk, struct notifier_block *nb) + /* search the list of notifiers for this clk */ + list_for_each_entry(cn, &clk_notifier_list, node) + if (cn->clk == clk) +- break; ++ goto found; + + /* if clk wasn't in the notifier list, allocate new clk_notifier */ +- if (cn->clk != clk) { +- cn = kzalloc(sizeof(*cn), GFP_KERNEL); +- if (!cn) +- goto out; ++ cn = kzalloc(sizeof(*cn), GFP_KERNEL); ++ if (!cn) ++ goto out; + +- cn->clk = clk; +- srcu_init_notifier_head(&cn->notifier_head); ++ cn->clk = clk; ++ srcu_init_notifier_head(&cn->notifier_head); + +- list_add(&cn->node, &clk_notifier_list); +- } ++ list_add(&cn->node, &clk_notifier_list); + ++found: + ret = srcu_notifier_chain_register(&cn->notifier_head, nb); + + clk->core->notifier_count++; +-- +2.26.2 + diff --git a/patches.suse/clk-fix-invalid-usage-of-list-cursor-in-unregister.patch b/patches.suse/clk-fix-invalid-usage-of-list-cursor-in-unregister.patch new file mode 100644 index 0000000..fd91c97 --- /dev/null +++ b/patches.suse/clk-fix-invalid-usage-of-list-cursor-in-unregister.patch @@ -0,0 +1,107 @@ +From 7045465500e465b09f09d6e5bdc260a9f1aab97b Mon Sep 17 00:00:00 2001 +From: Lukasz Bartosik +Date: Fri, 2 Apr 2021 00:51:49 +0200 +Subject: [PATCH] clk: fix invalid usage of list cursor in unregister +Git-commit: 7045465500e465b09f09d6e5bdc260a9f1aab97b +Patch-mainline: v5.12-rc7 +References: git-fixes + +Fix invalid usage of a list_for_each_entry cursor in +clk_notifier_unregister(). When list is empty or if the list +is completely traversed (without breaking from the loop on one +of the entries) then the list cursor does not point to a valid +entry and therefore should not be used. The patch fixes a logical +bug that hasn't been seen in pratice however it is analogus +to the bug fixed in clk_notifier_register(). + +The issue was dicovered when running 5.12-rc1 kernel on x86_64 +with KASAN enabled: +Bug: KASAN: global-out-of-bounds in clk_notifier_register+0xab/0x230 +Read of size 8 at addr ffffffffa0d10588 by task swapper/0/1 + +Cpu: 1 PID: 1 Comm: swapper/0 Not tainted 5.12.0-rc1 #1 +Hardware name: Google Caroline/Caroline, +BIOS Google_Caroline.7820.430.0 07/20/2018 +Call Trace: + dump_stack+0xee/0x15c + print_address_description+0x1e/0x2dc + kasan_report+0x188/0x1ce + ? clk_notifier_register+0xab/0x230 + ? clk_prepare_lock+0x15/0x7b + ? clk_notifier_register+0xab/0x230 + clk_notifier_register+0xab/0x230 + dw8250_probe+0xc01/0x10d4 + ... + Memory state around the buggy address: + ffffffffa0d10480: 00 00 00 00 00 03 f9 f9 f9 f9 f9 f9 00 00 00 00 + ffffffffa0d10500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 + >ffffffffa0d10580: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 + ^ + ffffffffa0d10600: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 + ffffffffa0d10680: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00 + ================================================================== + +Fixes: b2476490ef11 ("clk: introduce the common clock framework") +Reported-by: Lukasz Majczak +Signed-off-by: Lukasz Bartosik +Link: https://lore.kernel.org/r/20210401225149.18826-2-lb@semihalf.com +Signed-off-by: Stephen Boyd +Acked-by: Takashi Iwai + +--- + drivers/clk/clk.c | 30 +++++++++++++----------------- + 1 file changed, 13 insertions(+), 17 deletions(-) + +diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c +index 16634d5912be..39cfc6c6a8d2 100644 +--- a/drivers/clk/clk.c ++++ b/drivers/clk/clk.c +@@ -4394,32 +4394,28 @@ EXPORT_SYMBOL_GPL(clk_notifier_register); + */ + int clk_notifier_unregister(struct clk *clk, struct notifier_block *nb) + { +- struct clk_notifier *cn = NULL; +- int ret = -EINVAL; ++ struct clk_notifier *cn; ++ int ret = -ENOENT; + + if (!clk || !nb) + return -EINVAL; + + clk_prepare_lock(); + +- list_for_each_entry(cn, &clk_notifier_list, node) +- if (cn->clk == clk) +- break; +- +- if (cn->clk == clk) { +- ret = srcu_notifier_chain_unregister(&cn->notifier_head, nb); ++ list_for_each_entry(cn, &clk_notifier_list, node) { ++ if (cn->clk == clk) { ++ ret = srcu_notifier_chain_unregister(&cn->notifier_head, nb); + +- clk->core->notifier_count--; ++ clk->core->notifier_count--; + +- /* XXX the notifier code should handle this better */ +- if (!cn->notifier_head.head) { +- srcu_cleanup_notifier_head(&cn->notifier_head); +- list_del(&cn->node); +- kfree(cn); ++ /* XXX the notifier code should handle this better */ ++ if (!cn->notifier_head.head) { ++ srcu_cleanup_notifier_head(&cn->notifier_head); ++ list_del(&cn->node); ++ kfree(cn); ++ } ++ break; + } +- +- } else { +- ret = -ENOENT; + } + + clk_prepare_unlock(); +-- +2.26.2 + diff --git a/patches.suse/clk-socfpga-fix-iomem-pointer-cast-on-64-bit.patch b/patches.suse/clk-socfpga-fix-iomem-pointer-cast-on-64-bit.patch new file mode 100644 index 0000000..fcb41ba --- /dev/null +++ b/patches.suse/clk-socfpga-fix-iomem-pointer-cast-on-64-bit.patch @@ -0,0 +1,44 @@ +From 2867b9746cef78745c594894aece6f8ef826e0b4 Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Sun, 14 Mar 2021 12:07:09 +0100 +Subject: [PATCH] clk: socfpga: fix iomem pointer cast on 64-bit +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 2867b9746cef78745c594894aece6f8ef826e0b4 +Patch-mainline: v5.12-rc7 +References: git-fixes + +Pointers should be cast with uintptr_t instead of integer. This fixes +warning when compile testing on ARM64: + + drivers/clk/socfpga/clk-gate.c: In function ‘socfpga_clk_recalc_rate’: + drivers/clk/socfpga/clk-gate.c:102:7: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] + +Fixes: b7cec13f082f ("clk: socfpga: Look for the GPIO_DB_CLK by its offset") +Signed-off-by: Krzysztof Kozlowski +Acked-by: Dinh Nguyen +Link: https://lore.kernel.org/r/20210314110709.32599-1-krzysztof.kozlowski@canonical.com +Signed-off-by: Stephen Boyd +Acked-by: Takashi Iwai + +--- + drivers/clk/socfpga/clk-gate.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/clk/socfpga/clk-gate.c b/drivers/clk/socfpga/clk-gate.c +index 43ecd507bf83..cf94a12459ea 100644 +--- a/drivers/clk/socfpga/clk-gate.c ++++ b/drivers/clk/socfpga/clk-gate.c +@@ -99,7 +99,7 @@ static unsigned long socfpga_clk_recalc_rate(struct clk_hw *hwclk, + val = readl(socfpgaclk->div_reg) >> socfpgaclk->shift; + val &= GENMASK(socfpgaclk->width - 1, 0); + /* Check for GPIO_DB_CLK by its offset */ +- if ((int) socfpgaclk->div_reg & SOCFPGA_GPIO_DB_CLK_OFFSET) ++ if ((uintptr_t) socfpgaclk->div_reg & SOCFPGA_GPIO_DB_CLK_OFFSET) + div = val + 1; + else + div = (1 << val); +-- +2.26.2 + diff --git a/patches.suse/dm-mpath-switch-paths-in-dm_blk_ioctl-code-path.patch b/patches.suse/dm-mpath-switch-paths-in-dm_blk_ioctl-code-path.patch new file mode 100644 index 0000000..14e487f --- /dev/null +++ b/patches.suse/dm-mpath-switch-paths-in-dm_blk_ioctl-code-path.patch @@ -0,0 +1,41 @@ +From: Martin Wilck +Date: Mon, 20 Apr 2020 22:29:09 +0200 +Subject: dm mpath: switch paths in dm_blk_ioctl() code path +Patch-mainline: v5.8-rc1 +Git-commit: 2361ae595352dec015d14292f1b539242d8446d6 +References: bsc#1167574, bsc#1175995, bsc#1184485 + +SCSI LUN passthrough code such as qemu's "scsi-block" device model +pass every IO to the host via SG_IO ioctls. Currently, dm-multipath +calls choose_pgpath() only in the block IO code path, not in the ioctl +code path (unless current_pgpath is NULL). This has the effect that no +path switching and thus no load balancing is done for SCSI-passthrough +IO, unless the active path fails. + +Fix this by using the same logic in multipath_prepare_ioctl() as in +multipath_clone_and_map(). + +Note: The allegedly best path selection algorithm, service-time, +still wouldn't work perfectly, because the io size of the current +request is always set to 0. Changing that for the IO passthrough +case would require the ioctl cmd and arg to be passed to dm's +prepare_ioctl() method. + +Signed-off-by: Martin Wilck +Reviewed-by: Hannes Reinecke +Signed-off-by: Mike Snitzer +--- + drivers/md/dm-mpath.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/md/dm-mpath.c ++++ b/drivers/md/dm-mpath.c +@@ -1862,7 +1862,7 @@ static int multipath_prepare_ioctl(struc + int r; + + current_pgpath = READ_ONCE(m->current_pgpath); +- if (!current_pgpath) ++ if (!current_pgpath || !test_bit(MPATHF_QUEUE_IO, &m->flags)) + current_pgpath = choose_pgpath(m, 0); + + if (current_pgpath) { diff --git a/patches.suse/drm-msm-Ratelimit-invalid-fence-message.patch b/patches.suse/drm-msm-Ratelimit-invalid-fence-message.patch new file mode 100644 index 0000000..25ee22a --- /dev/null +++ b/patches.suse/drm-msm-Ratelimit-invalid-fence-message.patch @@ -0,0 +1,37 @@ +From 7ad48d27a2846bfda29214fb454d001c3e02b9e7 Mon Sep 17 00:00:00 2001 +From: Rob Clark +Date: Wed, 17 Mar 2021 09:40:38 -0700 +Subject: [PATCH] drm/msm: Ratelimit invalid-fence message +Git-commit: 7ad48d27a2846bfda29214fb454d001c3e02b9e7 +Patch-mainline: v5.12-rc5 +References: git-fixes + +We have seen a couple cases where low memory situations cause something +bad to happen, followed by a flood of these messages obscuring the root +cause. Lets ratelimit the dmesg spam so that next time it happens we +don't lose the kernel traces leading up to this. + +Signed-off-by: Rob Clark +Reviewed-by: Douglas Anderson +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/msm/msm_fence.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/msm/msm_fence.c b/drivers/gpu/drm/msm/msm_fence.c +index ad2703698b05..cd59a5918038 100644 +--- a/drivers/gpu/drm/msm/msm_fence.c ++++ b/drivers/gpu/drm/msm/msm_fence.c +@@ -45,7 +45,7 @@ int msm_wait_fence(struct msm_fence_context *fctx, uint32_t fence, + int ret; + + if (fence > fctx->last_fence) { +- DRM_ERROR("%s: waiting on invalid fence: %u (of %u)\n", ++ DRM_ERROR_RATELIMITED("%s: waiting on invalid fence: %u (of %u)\n", + fctx->name, fence, fctx->last_fence); + return -EINVAL; + } +-- +2.26.2 + diff --git a/patches.suse/drm-msm-Set-drvdata-to-NULL-when-msm_drm_init-fails.patch b/patches.suse/drm-msm-Set-drvdata-to-NULL-when-msm_drm_init-fails.patch new file mode 100644 index 0000000..3fa8890 --- /dev/null +++ b/patches.suse/drm-msm-Set-drvdata-to-NULL-when-msm_drm_init-fails.patch @@ -0,0 +1,54 @@ +From 5620b135aea49a8f41c86aaecfcb1598a7774121 Mon Sep 17 00:00:00 2001 +From: Stephen Boyd +Date: Thu, 25 Mar 2021 14:28:22 -0700 +Subject: [PATCH] drm/msm: Set drvdata to NULL when msm_drm_init() fails +Git-commit: 5620b135aea49a8f41c86aaecfcb1598a7774121 +Patch-mainline: v5.12-rc7 +References: git-fixes + +We should set the platform device's driver data to NULL here so that +code doesn't assume the struct drm_device pointer is valid when it could +have been destroyed. The lifetime of this pointer is managed by a kref +but when msm_drm_init() fails we call drm_dev_put() on the pointer which +will free the pointer's memory. This driver uses the component model, so +there's sort of two "probes" in this file, one for the platform device +i.e. msm_pdev_probe() and one for the component i.e. msm_drm_bind(). The +msm_drm_bind() code is using the platform device's driver data to store +struct drm_device so the two functions are intertwined. + +This relationship becomes a problem for msm_pdev_shutdown() when it +tests the NULL-ness of the pointer to see if it should call +drm_atomic_helper_shutdown(). The NULL test is a proxy check for if the +pointer has been freed by kref_put(). If the drm_device has been +destroyed, then we shouldn't call the shutdown helper, and we know that +is the case if msm_drm_init() failed, therefore set the driver data to +NULL so that this pointer liveness is tracked properly. + +Fixes: 9d5cbf5fe46e ("drm/msm: add shutdown support for display platform_driver") +Cc: Dmitry Baryshkov +Cc: Fabio Estevam +Cc: Krishna Manikandan +Signed-off-by: Stephen Boyd +Message-id: <20210325212822.3663144-1-swboyd@chromium.org> +Signed-off-by: Rob Clark +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/msm/msm_drv.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c +index a5c6b8c23336..196907689c82 100644 +--- a/drivers/gpu/drm/msm/msm_drv.c ++++ b/drivers/gpu/drm/msm/msm_drv.c +@@ -570,6 +570,7 @@ static int msm_drm_init(struct device *dev, const struct drm_driver *drv) + kfree(priv); + err_put_drm_dev: + drm_dev_put(ddev); ++ platform_set_drvdata(pdev, NULL); + return ret; + } + +-- +2.26.2 + diff --git a/patches.suse/drm-msm-adreno-a5xx_power-Don-t-apply-A540-lm_setup-.patch b/patches.suse/drm-msm-adreno-a5xx_power-Don-t-apply-A540-lm_setup-.patch new file mode 100644 index 0000000..485757a --- /dev/null +++ b/patches.suse/drm-msm-adreno-a5xx_power-Don-t-apply-A540-lm_setup-.patch @@ -0,0 +1,37 @@ +From 4a9d36b0610aa7034340e976652e5b43320dd7c5 Mon Sep 17 00:00:00 2001 +From: Konrad Dybcio +Date: Sun, 28 Feb 2021 13:36:51 +0100 +Subject: [PATCH] drm/msm/adreno: a5xx_power: Don't apply A540 lm_setup to other GPUs +Git-commit: 4a9d36b0610aa7034340e976652e5b43320dd7c5 +Patch-mainline: v5.12-rc5 +References: git-fixes + +While passing the A530-specific lm_setup func to A530 and A540 +to !A530 was fine back when only these two were supported, it +certainly is not a good idea to send A540 specifics to smaller +GPUs like A508 and friends. + +Signed-off-by: Konrad Dybcio +Signed-off-by: Rob Clark +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/msm/adreno/a5xx_power.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/msm/adreno/a5xx_power.c b/drivers/gpu/drm/msm/adreno/a5xx_power.c +index 5ccc9da455a1..c35b06b46fcc 100644 +--- a/drivers/gpu/drm/msm/adreno/a5xx_power.c ++++ b/drivers/gpu/drm/msm/adreno/a5xx_power.c +@@ -304,7 +304,7 @@ int a5xx_power_init(struct msm_gpu *gpu) + /* Set up the limits management */ + if (adreno_is_a530(adreno_gpu)) + a530_lm_setup(gpu); +- else ++ else if (adreno_is_a540(adreno_gpu)) + a540_lm_setup(gpu); + + /* Set up SP/TP power collpase */ +-- +2.26.2 + diff --git a/patches.suse/enetc-Fix-reporting-of-h-w-packet-counters.patch b/patches.suse/enetc-Fix-reporting-of-h-w-packet-counters.patch new file mode 100644 index 0000000..645a55f --- /dev/null +++ b/patches.suse/enetc-Fix-reporting-of-h-w-packet-counters.patch @@ -0,0 +1,86 @@ +From 0d455718461b9cba11c262d2c24d263ccc17dc1f Mon Sep 17 00:00:00 2001 +From: Claudiu Manoil +Date: Fri, 4 Dec 2020 19:15:05 +0200 +Subject: [PATCH 10/14] enetc: Fix reporting of h/w packet counters +Git-commit: eb96b686fc2c601e78903cc61b6cf4588ddde013 +Patch-mainline: v5.10 +References: git-fixes + +Noticed some inconsistencies in packet statistics reporting. +This patch adds the missing Tx packet counter registers to +ethtool reporting and fixes the information strings for a +few of them. + +Fixes: 16eb4c85c964 ("enetc: Add ethtool statistics") +Signed-off-by: Claudiu Manoil +Link: https://lore.kernel.org/r/20201204171505.21389-1-claudiu.manoil@nxp.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/freescale/enetc/enetc_ethtool.c | 10 +++++++--- + drivers/net/ethernet/freescale/enetc/enetc_hw.h | 10 +++++++--- + 2 files changed, 14 insertions(+), 6 deletions(-) + +diff --git a/drivers/net/ethernet/freescale/enetc/enetc_ethtool.c b/drivers/net/ethernet/freescale/enetc/enetc_ethtool.c +index 301ee0dde02d..a6abd4fd7388 100644 +--- a/drivers/net/ethernet/freescale/enetc/enetc_ethtool.c ++++ b/drivers/net/ethernet/freescale/enetc/enetc_ethtool.c +@@ -141,8 +141,8 @@ static const struct { + { ENETC_PM0_R255, "MAC rx 128-255 byte packets" }, + { ENETC_PM0_R511, "MAC rx 256-511 byte packets" }, + { ENETC_PM0_R1023, "MAC rx 512-1023 byte packets" }, +- { ENETC_PM0_R1518, "MAC rx 1024-1518 byte packets" }, +- { ENETC_PM0_R1519X, "MAC rx 1519 to max-octet packets" }, ++ { ENETC_PM0_R1522, "MAC rx 1024-1522 byte packets" }, ++ { ENETC_PM0_R1523X, "MAC rx 1523 to max-octet packets" }, + { ENETC_PM0_ROVR, "MAC rx oversized packets" }, + { ENETC_PM0_RJBR, "MAC rx jabber packets" }, + { ENETC_PM0_RFRG, "MAC rx fragment packets" }, +@@ -161,9 +161,13 @@ static const struct { + { ENETC_PM0_TBCA, "MAC tx broadcast frames" }, + { ENETC_PM0_TPKT, "MAC tx packets" }, + { ENETC_PM0_TUND, "MAC tx undersized packets" }, ++ { ENETC_PM0_T64, "MAC tx 64 byte packets" }, + { ENETC_PM0_T127, "MAC tx 65-127 byte packets" }, ++ { ENETC_PM0_T255, "MAC tx 128-255 byte packets" }, ++ { ENETC_PM0_T511, "MAC tx 256-511 byte packets" }, + { ENETC_PM0_T1023, "MAC tx 512-1023 byte packets" }, +- { ENETC_PM0_T1518, "MAC tx 1024-1518 byte packets" }, ++ { ENETC_PM0_T1522, "MAC tx 1024-1522 byte packets" }, ++ { ENETC_PM0_T1523X, "MAC tx 1523 to max-octet packets" }, + { ENETC_PM0_TCNP, "MAC tx control packets" }, + { ENETC_PM0_TDFR, "MAC tx deferred packets" }, + { ENETC_PM0_TMCOL, "MAC tx multiple collisions" }, +diff --git a/drivers/net/ethernet/freescale/enetc/enetc_hw.h b/drivers/net/ethernet/freescale/enetc/enetc_hw.h +index 7df4482af1b7..862aa1d722e2 100644 +--- a/drivers/net/ethernet/freescale/enetc/enetc_hw.h ++++ b/drivers/net/ethernet/freescale/enetc/enetc_hw.h +@@ -248,8 +248,8 @@ enum enetc_bdr_type {TX, RX}; + #define ENETC_PM0_R255 0x8180 + #define ENETC_PM0_R511 0x8188 + #define ENETC_PM0_R1023 0x8190 +-#define ENETC_PM0_R1518 0x8198 +-#define ENETC_PM0_R1519X 0x81A0 ++#define ENETC_PM0_R1522 0x8198 ++#define ENETC_PM0_R1523X 0x81A0 + #define ENETC_PM0_ROVR 0x81A8 + #define ENETC_PM0_RJBR 0x81B0 + #define ENETC_PM0_RFRG 0x81B8 +@@ -268,9 +268,13 @@ enum enetc_bdr_type {TX, RX}; + #define ENETC_PM0_TBCA 0x8250 + #define ENETC_PM0_TPKT 0x8260 + #define ENETC_PM0_TUND 0x8268 ++#define ENETC_PM0_T64 0x8270 + #define ENETC_PM0_T127 0x8278 ++#define ENETC_PM0_T255 0x8280 ++#define ENETC_PM0_T511 0x8288 + #define ENETC_PM0_T1023 0x8290 +-#define ENETC_PM0_T1518 0x8298 ++#define ENETC_PM0_T1522 0x8298 ++#define ENETC_PM0_T1523X 0x82A0 + #define ENETC_PM0_TCNP 0x82C0 + #define ENETC_PM0_TDFR 0x82D0 + #define ENETC_PM0_TMCOL 0x82D8 +-- +2.16.4 + diff --git a/patches.suse/fuse-fix-bad-inode.patch b/patches.suse/fuse-fix-bad-inode.patch index d802c68..16326d9 100644 --- a/patches.suse/fuse-fix-bad-inode.patch +++ b/patches.suse/fuse-fix-bad-inode.patch @@ -3,7 +3,7 @@ Date: Thu, 10 Dec 2020 15:33:14 +0100 Subject: fuse: fix bad inode Git-commit: 5d069dbe8aaf2a197142558b6fb2978189ba3454 Patch-mainline: v5.11-rc1 -References: bsc#1184211 +References: bsc#1184211 CVE-2020-36322 Jan Kara's analysis of the syzbot report (edited): diff --git a/patches.suse/fuse-fix-live-lock-in-fuse_iget.patch b/patches.suse/fuse-fix-live-lock-in-fuse_iget.patch index 6610422..b9fd07f 100644 --- a/patches.suse/fuse-fix-live-lock-in-fuse_iget.patch +++ b/patches.suse/fuse-fix-live-lock-in-fuse_iget.patch @@ -3,7 +3,7 @@ Date: Thu, 4 Mar 2021 11:09:12 +0200 Subject: fuse: fix live lock in fuse_iget() Git-commit: 775c5033a0d164622d9d10dd0f0a5531639ed3ed Patch-mainline: v5.12-rc4 -References: bsc#1184211 +References: bsc#1184211 CVE-2021-28950 Commit 5d069dbe8aaf ("fuse: fix bad inode") replaced make_bad_inode() in fuse_iget() with a private implementation fuse_make_bad(). diff --git a/patches.suse/gianfar-Handle-error-code-at-MAC-address-change.patch b/patches.suse/gianfar-Handle-error-code-at-MAC-address-change.patch new file mode 100644 index 0000000..6f46ef7 --- /dev/null +++ b/patches.suse/gianfar-Handle-error-code-at-MAC-address-change.patch @@ -0,0 +1,39 @@ +From bff5b62585123823842833ab20b1c0a7fa437f8c Mon Sep 17 00:00:00 2001 +From: Claudiu Manoil +Date: Mon, 29 Mar 2021 17:08:47 +0300 +Subject: [PATCH] gianfar: Handle error code at MAC address change +Git-commit: bff5b62585123823842833ab20b1c0a7fa437f8c +Patch-mainline: v5.12-rc7 +References: git-fixes + +Handle return error code of eth_mac_addr(); + +Fixes: 3d23a05c75c7 ("gianfar: Enable changing mac addr when if up") +Signed-off-by: Claudiu Manoil +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + drivers/net/ethernet/freescale/gianfar.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c +index 1cf8ef717453..3ec4d9fddd52 100644 +--- a/drivers/net/ethernet/freescale/gianfar.c ++++ b/drivers/net/ethernet/freescale/gianfar.c +@@ -363,7 +363,11 @@ static void gfar_set_mac_for_addr(struct net_device *dev, int num, + + static int gfar_set_mac_addr(struct net_device *dev, void *p) + { +- eth_mac_addr(dev, p); ++ int ret; ++ ++ ret = eth_mac_addr(dev, p); ++ if (ret) ++ return ret; + + gfar_set_mac_for_addr(dev, 0, dev->dev_addr); + +-- +2.26.2 + diff --git a/patches.suse/i40e-Fix-parameters-in-aq_get_phy_register.patch b/patches.suse/i40e-Fix-parameters-in-aq_get_phy_register.patch new file mode 100644 index 0000000..cafc0b8 --- /dev/null +++ b/patches.suse/i40e-Fix-parameters-in-aq_get_phy_register.patch @@ -0,0 +1,32 @@ +From: Grzegorz Siwik +Date: Wed, 24 Mar 2021 09:58:27 +0100 +Subject: i40e: Fix parameters in aq_get_phy_register() +Patch-mainline: v5.12-rc7 +Git-commit: b2d0efc4be7ed320e33eaa9b6dd6f3f6011ffb8e +References: jsc#SLE-8025 + +Change parameters order in aq_get_phy_register() due to wrong +statistics in PHY reported by ethtool. Previously all PHY statistics were +exactly the same for all interfaces +Now statistics are reported correctly - different for different interfaces + +Fixes: 0514db37dd78 ("i40e: Extend PHY access with page change flag") +Signed-off-by: Grzegorz Siwik +Tested-by: Dave Switzer +Signed-off-by: Tony Nguyen +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/ethernet/intel/i40e/i40e_ethtool.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_ethtool.c +@@ -5223,7 +5223,7 @@ static int i40e_get_module_eeprom(struct + + status = i40e_aq_get_phy_register(hw, + I40E_AQ_PHY_REG_ACCESS_EXTERNAL_MODULE, +- true, addr, offset, &value, NULL); ++ addr, true, offset, &value, NULL); + if (status) + return -EIO; + data[i] = value; diff --git a/patches.suse/i40e-Fix-sparse-error-vsi-netdev-could-be-null.patch b/patches.suse/i40e-Fix-sparse-error-vsi-netdev-could-be-null.patch new file mode 100644 index 0000000..babc7d3 --- /dev/null +++ b/patches.suse/i40e-Fix-sparse-error-vsi-netdev-could-be-null.patch @@ -0,0 +1,37 @@ +From: Arkadiusz Kubalewski +Date: Fri, 26 Mar 2021 19:43:42 +0100 +Subject: i40e: Fix sparse error: 'vsi->netdev' could be null +Patch-mainline: v5.12-rc7 +Git-commit: 6b5674fe6b9bf05394886ebcec62b2d7dae88c42 +References: jsc#SLE-8025 + +Remove vsi->netdev->name from the trace. +This is redundant information. With the devinfo trace, the adapter +is already identifiable. + +Previously following error was produced when compiling against sparse. +i40e_main.c:2571 i40e_sync_vsi_filters() error: + we previously assumed 'vsi->netdev' could be null (see line 2323) + +Fixes: b603f9dc20af ("i40e: Log info when PF is entering and leaving Allmulti mode.") +Signed-off-by: Aleksandr Loktionov +Signed-off-by: Arkadiusz Kubalewski +Tested-by: Dave Switzer +Signed-off-by: Tony Nguyen +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/intel/i40e/i40e_main.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/net/ethernet/intel/i40e/i40e_main.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c +@@ -2557,8 +2557,7 @@ int i40e_sync_vsi_filters(struct i40e_vs + i40e_stat_str(hw, aq_ret), + i40e_aq_str(hw, hw->aq.asq_last_status)); + } else { +- dev_info(&pf->pdev->dev, "%s is %s allmulti mode.\n", +- vsi->netdev->name, ++ dev_info(&pf->pdev->dev, "%s allmulti mode.\n", + cur_multipromisc ? "entering" : "leaving"); + } + } diff --git a/patches.suse/ice-remove-DCBNL_DEVRESET-bit-from-PF-state.patch b/patches.suse/ice-remove-DCBNL_DEVRESET-bit-from-PF-state.patch new file mode 100644 index 0000000..018dfb0 --- /dev/null +++ b/patches.suse/ice-remove-DCBNL_DEVRESET-bit-from-PF-state.patch @@ -0,0 +1,68 @@ +From: Dave Ertman +Date: Fri, 26 Feb 2021 13:19:28 -0800 +Subject: ice: remove DCBNL_DEVRESET bit from PF state +Patch-mainline: v5.12-rc7 +Git-commit: 741b7b743bbcb5a3848e4e55982064214f900d2f +References: jsc#SLE-7926 + +The original purpose of the ICE_DCBNL_DEVRESET was to protect +the driver during DCBNL device resets. But, the flow for +DCBNL device resets now consists of only calls up the stack +such as dev_close() and dev_open() that will result in NDO calls +to the driver. These will be handled with state changes from the +stack. Also, there is a problem of the dev_close and dev_open +being blocked by checks for reset in progress also using the +ICE_DCBNL_DEVRESET bit. + +Since the ICE_DCBNL_DEVRESET bit is not necessary for protecting +the driver from DCBNL device resets and it is actually blocking +changes coming from the DCBNL interface, remove the bit from the +PF state and don't block driver function based on DCBNL reset in +progress. + +Fixes: b94b013eb626 ("ice: Implement DCBNL support") +Signed-off-by: Dave Ertman +Tested-by: Tony Brelinski +Signed-off-by: Tony Nguyen +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/intel/ice/ice.h | 1 - + drivers/net/ethernet/intel/ice/ice_dcb_nl.c | 2 -- + drivers/net/ethernet/intel/ice/ice_lib.c | 1 - + 3 files changed, 4 deletions(-) + +--- a/drivers/net/ethernet/intel/ice/ice.h ++++ b/drivers/net/ethernet/intel/ice/ice.h +@@ -186,7 +186,6 @@ enum ice_state { + __ICE_NEEDS_RESTART, + __ICE_PREPARED_FOR_RESET, /* set by driver when prepared */ + __ICE_RESET_OICR_RECV, /* set by driver after rcv reset OICR */ +- __ICE_DCBNL_DEVRESET, /* set by dcbnl devreset */ + __ICE_PFR_REQ, /* set by driver and peers */ + __ICE_CORER_REQ, /* set by driver and peers */ + __ICE_GLOBR_REQ, /* set by driver and peers */ +--- a/drivers/net/ethernet/intel/ice/ice_dcb_nl.c ++++ b/drivers/net/ethernet/intel/ice/ice_dcb_nl.c +@@ -20,12 +20,10 @@ static void ice_dcbnl_devreset(struct ne + while (ice_is_reset_in_progress(pf->state)) + usleep_range(1000, 2000); + +- set_bit(__ICE_DCBNL_DEVRESET, pf->state); + dev_close(netdev); + netdev_state_change(netdev); + dev_open(netdev, NULL); + netdev_state_change(netdev); +- clear_bit(__ICE_DCBNL_DEVRESET, pf->state); + } + + /** +--- a/drivers/net/ethernet/intel/ice/ice_lib.c ++++ b/drivers/net/ethernet/intel/ice/ice_lib.c +@@ -2810,7 +2810,6 @@ err_vsi: + bool ice_is_reset_in_progress(unsigned long *state) + { + return test_bit(__ICE_RESET_OICR_RECV, state) || +- test_bit(__ICE_DCBNL_DEVRESET, state) || + test_bit(__ICE_PFR_REQ, state) || + test_bit(__ICE_CORER_REQ, state) || + test_bit(__ICE_GLOBR_REQ, state); diff --git a/patches.suse/iommu-vt-d-fix-ineffective-devtlb-invalidation-for-subdevices b/patches.suse/iommu-vt-d-fix-ineffective-devtlb-invalidation-for-subdevices index 17958a0..18996ac 100644 --- a/patches.suse/iommu-vt-d-fix-ineffective-devtlb-invalidation-for-subdevices +++ b/patches.suse/iommu-vt-d-fix-ineffective-devtlb-invalidation-for-subdevices @@ -26,8 +26,8 @@ Acked-by: Joerg Roedel --- a/drivers/iommu/intel-iommu.c +++ b/drivers/iommu/intel-iommu.c -@@ -695,12 +695,16 @@ static int domain_update_iommu_superpage - return fls(mask); +@@ -723,6 +723,8 @@ static int domain_update_device_node(str + return nid; } +static void domain_update_iotlb(struct dmar_domain *domain); @@ -35,15 +35,16 @@ Acked-by: Joerg Roedel /* Some capabilities may be different across iommus */ static void domain_update_iommu_cap(struct dmar_domain *domain) { - domain_update_iommu_coherency(domain); - domain->iommu_snooping = domain_update_iommu_snooping(NULL); - domain->iommu_superpage = domain_update_iommu_superpage(NULL); +@@ -736,6 +738,8 @@ static void domain_update_iommu_cap(stru + */ + if (domain->nid == NUMA_NO_NODE) + domain->nid = domain_update_device_node(domain); + + domain_update_iotlb(domain); } struct context_entry *iommu_context_addr(struct intel_iommu *iommu, u8 bus, -@@ -1383,17 +1387,22 @@ static void domain_update_iotlb(struct d +@@ -1418,17 +1422,22 @@ static void domain_update_iotlb(struct d assert_spin_locked(&device_domain_lock); @@ -74,7 +75,7 @@ Acked-by: Joerg Roedel } domain->has_iotlb_device = has_iotlb_device; -@@ -1475,25 +1484,37 @@ static void iommu_disable_dev_iotlb(stru +@@ -1510,25 +1519,37 @@ static void iommu_disable_dev_iotlb(stru #endif } @@ -120,4 +121,3 @@ Acked-by: Joerg Roedel } spin_unlock_irqrestore(&device_domain_lock, flags); } - diff --git a/patches.suse/iommu-vt-d-use-device-numa-domain-if-rhsa-is-missing b/patches.suse/iommu-vt-d-use-device-numa-domain-if-rhsa-is-missing new file mode 100644 index 0000000..c4fc8b4 --- /dev/null +++ b/patches.suse/iommu-vt-d-use-device-numa-domain-if-rhsa-is-missing @@ -0,0 +1,81 @@ +From: Lu Baolu +Date: Tue, 22 Sep 2020 14:08:43 +0800 +Subject: iommu/vt-d: Use device numa domain if RHSA is missing +Git-commit: d2ef0962492c3be3563e53a431c285678849b3c1 +Patch-mainline: v5.10-rc1 +References: bsc#1184585 + +If there are multiple NUMA domains but the RHSA is missing in ACPI/DMAR +table, we could default to the device NUMA domain as fall back. + +Signed-off-by: Lu Baolu +Reviewed-by: Kevin Tian +Cc: Jacob Pan +Cc: Kevin Tian +Cc: Ashok Raj +Link: https://lore.kernel.org/r/20200904010303.2961-1-baolu.lu@linux.intel.com +Link: https://lore.kernel.org/r/20200922060843.31546-2-baolu.lu@linux.intel.com +Signed-off-by: Joerg Roedel +--- + drivers/iommu/intel-iommu.c | 37 +++++++++++++++++++++++++++++++++++-- + 1 file changed, 35 insertions(+), 2 deletions(-) + +--- a/drivers/iommu/intel-iommu.c ++++ b/drivers/iommu/intel-iommu.c +@@ -695,12 +695,47 @@ static int domain_update_iommu_superpage + return fls(mask); + } + ++static int domain_update_device_node(struct dmar_domain *domain) ++{ ++ struct device_domain_info *info; ++ int nid = NUMA_NO_NODE; ++ ++ assert_spin_locked(&device_domain_lock); ++ ++ if (list_empty(&domain->devices)) ++ return NUMA_NO_NODE; ++ ++ list_for_each_entry(info, &domain->devices, link) { ++ if (!info->dev) ++ continue; ++ ++ /* ++ * There could possibly be multiple device numa nodes as devices ++ * within the same domain may sit behind different IOMMUs. There ++ * isn't perfect answer in such situation, so we select first ++ * come first served policy. ++ */ ++ nid = dev_to_node(info->dev); ++ if (nid != NUMA_NO_NODE) ++ break; ++ } ++ ++ return nid; ++} ++ + /* Some capabilities may be different across iommus */ + static void domain_update_iommu_cap(struct dmar_domain *domain) + { + domain_update_iommu_coherency(domain); + domain->iommu_snooping = domain_update_iommu_snooping(NULL); + domain->iommu_superpage = domain_update_iommu_superpage(NULL); ++ ++ /* ++ * If RHSA is missing, we should default to the device numa domain ++ * as fall back. ++ */ ++ if (domain->nid == NUMA_NO_NODE) ++ domain->nid = domain_update_device_node(domain); + } + + struct context_entry *iommu_context_addr(struct intel_iommu *iommu, u8 bus, +@@ -4943,8 +4978,6 @@ static struct iommu_domain *intel_iommu_ + intel_iommu_strict = 1; + } + +- domain_update_iommu_cap(dmar_domain); +- + domain = &dmar_domain->domain; + domain->geometry.aperture_start = 0; + domain->geometry.aperture_end = diff --git a/patches.suse/kvm-fix-memory-leak-in-kvm_io_bus_unregister_dev b/patches.suse/kvm-fix-memory-leak-in-kvm_io_bus_unregister_dev new file mode 100644 index 0000000..3fd91d4 --- /dev/null +++ b/patches.suse/kvm-fix-memory-leak-in-kvm_io_bus_unregister_dev @@ -0,0 +1,64 @@ +From: Rustam Kovhaev +Date: Mon, 7 Sep 2020 11:55:35 -0700 +Subject: KVM: fix memory leak in kvm_io_bus_unregister_dev() +Git-commit: f65886606c2d3b562716de030706dfe1bea4ed5e +Patch-mainline: v5.9-rc5 +References: CVE-2020-36312 bsc#1184509 + +when kmalloc() fails in kvm_io_bus_unregister_dev(), before removing +the bus, we should iterate over all other devices linked to it and call +kvm_iodevice_destructor() for them + +Fixes: 90db10434b16 ("KVM: kvm_io_bus_unregister_dev() should never fail") +Cc: stable@vger.kernel.org +Reported-and-tested-by: syzbot+f196caa45793d6374707@syzkaller.appspotmail.com +Link: https://syzkaller.appspot.com/bug?extid=f196caa45793d6374707 +Signed-off-by: Rustam Kovhaev +Reviewed-by: Vitaly Kuznetsov +Message-Id: <20200907185535.233114-1-rkovhaev@gmail.com> +Signed-off-by: Paolo Bonzini +Acked-by: Joerg Roedel +--- + virt/kvm/kvm_main.c | 21 ++++++++++++--------- + 1 file changed, 12 insertions(+), 9 deletions(-) + +--- a/virt/kvm/kvm_main.c ++++ b/virt/kvm/kvm_main.c +@@ -3998,7 +3998,7 @@ int kvm_io_bus_register_dev(struct kvm * + void kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx, + struct kvm_io_device *dev) + { +- int i; ++ int i, j; + struct kvm_io_bus *new_bus, *bus; + + bus = kvm_get_bus(kvm, bus_idx); +@@ -4015,17 +4015,20 @@ void kvm_io_bus_unregister_dev(struct kv + + new_bus = kmalloc(struct_size(bus, range, bus->dev_count - 1), + GFP_KERNEL_ACCOUNT); +- if (!new_bus) { ++ if (new_bus) { ++ memcpy(new_bus, bus, sizeof(*bus) + i * sizeof(struct kvm_io_range)); ++ new_bus->dev_count--; ++ memcpy(new_bus->range + i, bus->range + i + 1, ++ (new_bus->dev_count - i) * sizeof(struct kvm_io_range)); ++ } else { + pr_err("kvm: failed to shrink bus, removing it completely\n"); +- goto broken; ++ for (j = 0; j < bus->dev_count; j++) { ++ if (j == i) ++ continue; ++ kvm_iodevice_destructor(bus->range[j].dev); ++ } + } + +- memcpy(new_bus, bus, sizeof(*bus) + i * sizeof(struct kvm_io_range)); +- new_bus->dev_count--; +- memcpy(new_bus->range + i, bus->range + i + 1, +- (new_bus->dev_count - i) * sizeof(struct kvm_io_range)); +- +-broken: + rcu_assign_pointer(kvm->buses[bus_idx], new_bus); + synchronize_srcu_expedited(&kvm->srcu); + kfree(bus); diff --git a/patches.suse/kvm-svm-avoid-infinite-loop-on-npf-from-bad-address b/patches.suse/kvm-svm-avoid-infinite-loop-on-npf-from-bad-address new file mode 100644 index 0000000..3af3f2e --- /dev/null +++ b/patches.suse/kvm-svm-avoid-infinite-loop-on-npf-from-bad-address @@ -0,0 +1,52 @@ +From: Paolo Bonzini +Date: Fri, 17 Apr 2020 12:21:06 -0400 +Subject: KVM: SVM: avoid infinite loop on NPF from bad address +Git-commit: e72436bc3a5206f95bb384e741154166ddb3202e +Patch-mainline: v5.8-rc1 +References: CVE-2020-36310 bsc#1184512 + +When a nested page fault is taken from an address that does not have +a memslot associated to it, kvm_mmu_do_page_fault returns RET_PF_EMULATE +(via mmu_set_spte) and kvm_mmu_page_fault then invokes svm_need_emulation_on_page_fault. + +The default answer there is to return false, but in this case this just +causes the page fault to be retried ad libitum. Since this is not a +fast path, and the only other case where it is taken is an erratum, +just stick a kvm_vcpu_gfn_to_memslot check in there to detect the +common case where the erratum is not happening. + +This fixes an infinite loop in the new set_memory_region_test. + +Signed-off-by: Paolo Bonzini +Acked-by: Joerg Roedel +--- + arch/x86/kvm/svm.c | 7 +++++++ + virt/kvm/kvm_main.c | 1 + + 2 files changed, 8 insertions(+) + +--- a/arch/x86/kvm/svm.c ++++ b/arch/x86/kvm/svm.c +@@ -7204,6 +7204,13 @@ static bool svm_need_emulation_on_page_f + bool is_user = svm_get_cpl(vcpu) == 3; + + /* ++ * If RIP is invalid, go ahead with emulation which will cause an ++ * internal error exit. ++ */ ++ if (!kvm_vcpu_gfn_to_memslot(vcpu, kvm_rip_read(vcpu) >> PAGE_SHIFT)) ++ return true; ++ ++ /* + * Detect and workaround Errata 1096 Fam_17h_00_0Fh. + * + * Errata: +--- a/virt/kvm/kvm_main.c ++++ b/virt/kvm/kvm_main.c +@@ -1369,6 +1369,7 @@ struct kvm_memory_slot *kvm_vcpu_gfn_to_ + { + return __gfn_to_memslot(kvm_vcpu_memslots(vcpu), gfn); + } ++EXPORT_SYMBOL_GPL(kvm_vcpu_gfn_to_memslot); + + bool kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn) + { diff --git a/patches.suse/libbpf-Fix-INSTALL-flag-order.patch b/patches.suse/libbpf-Fix-INSTALL-flag-order.patch new file mode 100644 index 0000000..2bf7b6d --- /dev/null +++ b/patches.suse/libbpf-Fix-INSTALL-flag-order.patch @@ -0,0 +1,34 @@ +From: Georgi Valkov +Date: Mon, 8 Mar 2021 10:30:38 -0800 +Subject: libbpf: Fix INSTALL flag order +Patch-mainline: v5.12-rc5 +Git-commit: e7fb6465d4c8e767e39cbee72464e0060ab3d20c +References: bsc#1155518 + +It was reported ([0]) that having optional -m flag between source and +destination arguments in install command breaks bpftools cross-build +on MacOS. Move -m to the front to fix this issue. + + [0] https://github.com/openwrt/openwrt/pull/3959 + +Fixes: 7110d80d53f4 ("libbpf: Makefile set specified permission mode") +Signed-off-by: Georgi Valkov +Signed-off-by: Andrii Nakryiko +Signed-off-by: Daniel Borkmann +Link: https://lore.kernel.org/bpf/20210308183038.613432-1-andrii@kernel.org +Acked-by: Gary Lin +--- + tools/lib/bpf/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/tools/lib/bpf/Makefile ++++ b/tools/lib/bpf/Makefile +@@ -243,7 +243,7 @@ define do_install + if [ ! -d '$(DESTDIR_SQ)$2' ]; then \ + $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$2'; \ + fi; \ +- $(INSTALL) $1 $(if $3,-m $3,) '$(DESTDIR_SQ)$2' ++ $(INSTALL) $(if $3,-m $3,) $1 '$(DESTDIR_SQ)$2' + endef + + install_lib: all_cmd diff --git a/patches.suse/libbpf-Only-create-rx-and-tx-XDP-rings-when-necessar.patch b/patches.suse/libbpf-Only-create-rx-and-tx-XDP-rings-when-necessar.patch new file mode 100644 index 0000000..ce0c485 --- /dev/null +++ b/patches.suse/libbpf-Only-create-rx-and-tx-XDP-rings-when-necessar.patch @@ -0,0 +1,85 @@ +From: Ciara Loftus +Date: Wed, 31 Mar 2021 06:12:18 +0000 +Subject: libbpf: Only create rx and tx XDP rings when necessary +Patch-mainline: v5.12-rc7 +Git-commit: ca7a83e2487ad0bc9a3e0e7a8645354aa1782f13 +References: bsc#1155518 + +Prior to this commit xsk_socket__create(_shared) always attempted to create +the rx and tx rings for the socket. However this causes an issue when the +socket being setup is that which shares the fd with the UMEM. If a +previous call to this function failed with this socket after the rings were +set up, a subsequent call would always fail because the rings are not torn +down after the first call and when we try to set them up again we encounter +an error because they already exist. Solve this by remembering whether the +rings were set up by introducing new bools to struct xsk_umem which +represent the ring setup status and using them to determine whether or +not to set up the rings. + +Fixes: 1cad07884239 ("libbpf: add support for using AF_XDP sockets") +Signed-off-by: Ciara Loftus +Signed-off-by: Alexei Starovoitov +Link: https://lore.kernel.org/bpf/20210331061218.1647-4-ciara.loftus@intel.com +Acked-by: Gary Lin +--- + tools/lib/bpf/xsk.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +--- a/tools/lib/bpf/xsk.c ++++ b/tools/lib/bpf/xsk.c +@@ -51,6 +51,8 @@ struct xsk_umem { + struct xsk_umem_config config; + int fd; + int refcount; ++ bool rx_ring_setup_done; ++ bool tx_ring_setup_done; + }; + + struct xsk_socket { +@@ -561,6 +563,7 @@ int xsk_socket__create(struct xsk_socket + struct xdp_mmap_offsets off; + struct xsk_socket *xsk; + int err; ++ bool rx_setup_done = false, tx_setup_done = false; + + if (!umem || !xsk_ptr || !rx || !tx) + return -EFAULT; +@@ -582,6 +585,8 @@ int xsk_socket__create(struct xsk_socket + } + } else { + xsk->fd = umem->fd; ++ rx_setup_done = umem->rx_ring_setup_done; ++ tx_setup_done = umem->tx_ring_setup_done; + } + + xsk->outstanding_tx = 0; +@@ -599,7 +604,7 @@ int xsk_socket__create(struct xsk_socket + if (err) + goto out_socket; + +- if (rx) { ++ if (rx && !rx_setup_done) { + err = setsockopt(xsk->fd, SOL_XDP, XDP_RX_RING, + &xsk->config.rx_size, + sizeof(xsk->config.rx_size)); +@@ -607,8 +612,10 @@ int xsk_socket__create(struct xsk_socket + err = -errno; + goto out_socket; + } ++ if (xsk->fd == umem->fd) ++ umem->rx_ring_setup_done = true; + } +- if (tx) { ++ if (tx && !tx_setup_done) { + err = setsockopt(xsk->fd, SOL_XDP, XDP_TX_RING, + &xsk->config.tx_size, + sizeof(xsk->config.tx_size)); +@@ -616,6 +623,8 @@ int xsk_socket__create(struct xsk_socket + err = -errno; + goto out_socket; + } ++ if (xsk->fd == umem->fd) ++ umem->rx_ring_setup_done = true; + } + + err = xsk_get_mmap_offsets(xsk->fd, &off); diff --git a/patches.suse/mISDN-fix-crash-in-fritzpci.patch b/patches.suse/mISDN-fix-crash-in-fritzpci.patch new file mode 100644 index 0000000..bff05f8 --- /dev/null +++ b/patches.suse/mISDN-fix-crash-in-fritzpci.patch @@ -0,0 +1,86 @@ +From a9f81244d2e33e6dfcef120fefd30c96b3f7cdb0 Mon Sep 17 00:00:00 2001 +From: Tong Zhang +Date: Wed, 10 Mar 2021 23:27:35 -0500 +Subject: [PATCH] mISDN: fix crash in fritzpci +Git-commit: a9f81244d2e33e6dfcef120fefd30c96b3f7cdb0 +Patch-mainline: v5.12-rc5 +References: git-fixes + +setup_fritz() in avmfritz.c might fail with -EIO and in this case the +isac.type and isac.write_reg is not initialized and remains 0(NULL). +A subsequent call to isac_release() will dereference isac->write_reg and +crash. + +[ 1.737444] BUG: kernel NULL pointer dereference, address: 0000000000000000 +[ 1.737809] #PF: supervisor instruction fetch in kernel mode +[ 1.738106] #PF: error_code(0x0010) - not-present page +[ 1.738378] PGD 0 P4D 0 +[ 1.738515] Oops: 0010 [#1] SMP NOPTI +[ 1.738711] CPU: 0 PID: 180 Comm: systemd-udevd Not tainted 5.12.0-rc2+ #78 +[ 1.739077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-48-gd9c812dda519-p +rebuilt.qemu.org 04/01/2014 +[ 1.739664] RIP: 0010:0x0 +[ 1.739807] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. +[ 1.740200] RSP: 0018:ffffc9000027ba10 EFLAGS: 00010202 +[ 1.740478] RAX: 0000000000000000 RBX: ffff888102f41840 RCX: 0000000000000027 +[ 1.740853] RDX: 00000000000000ff RSI: 0000000000000020 RDI: ffff888102f41800 +[ 1.741226] RBP: ffffc9000027ba20 R08: ffff88817bc18440 R09: ffffc9000027b808 +[ 1.741600] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888102f41840 +[ 1.741976] R13: 00000000fffffffb R14: ffff888102f41800 R15: ffff8881008b0000 +[ 1.742351] FS: 00007fda3a38a8c0(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 +[ 1.742774] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 1.743076] CR2: ffffffffffffffd6 CR3: 00000001021ec000 CR4: 00000000000006f0 +[ 1.743452] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 1.743828] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 1.744206] Call Trace: +[ 1.744339] isac_release+0xcc/0xe0 [mISDNipac] +[ 1.744582] fritzpci_probe.cold+0x282/0x739 [avmfritz] +[ 1.744861] local_pci_probe+0x48/0x80 +[ 1.745063] pci_device_probe+0x10f/0x1c0 +[ 1.745278] really_probe+0xfb/0x420 +[ 1.745471] driver_probe_device+0xe9/0x160 +[ 1.745693] device_driver_attach+0x5d/0x70 +[ 1.745917] __driver_attach+0x8f/0x150 +[ 1.746123] ? device_driver_attach+0x70/0x70 +[ 1.746354] bus_for_each_dev+0x7e/0xc0 +[ 1.746560] driver_attach+0x1e/0x20 +[ 1.746751] bus_add_driver+0x152/0x1f0 +[ 1.746957] driver_register+0x74/0xd0 +[ 1.747157] ? 0xffffffffc00d8000 +[ 1.747334] __pci_register_driver+0x54/0x60 +[ 1.747562] AVM_init+0x36/0x1000 [avmfritz] +[ 1.747791] do_one_initcall+0x48/0x1d0 +[ 1.747997] ? __cond_resched+0x19/0x30 +[ 1.748206] ? kmem_cache_alloc_trace+0x390/0x440 +[ 1.748458] ? do_init_module+0x28/0x250 +[ 1.748669] do_init_module+0x62/0x250 +[ 1.748870] load_module+0x23ee/0x26a0 +[ 1.749073] __do_sys_finit_module+0xc2/0x120 +[ 1.749307] ? __do_sys_finit_module+0xc2/0x120 +[ 1.749549] __x64_sys_finit_module+0x1a/0x20 +[ 1.749782] do_syscall_64+0x38/0x90 + +Signed-off-by: Tong Zhang +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + drivers/isdn/hardware/mISDN/mISDNipac.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/isdn/hardware/mISDN/mISDNipac.c b/drivers/isdn/hardware/mISDN/mISDNipac.c +index ec475087fbf9..39f841b42488 100644 +--- a/drivers/isdn/hardware/mISDN/mISDNipac.c ++++ b/drivers/isdn/hardware/mISDN/mISDNipac.c +@@ -694,7 +694,7 @@ isac_release(struct isac_hw *isac) + { + if (isac->type & IPAC_TYPE_ISACX) + WriteISAC(isac, ISACX_MASK, 0xff); +- else ++ else if (isac->type != 0) + WriteISAC(isac, ISAC_MASK, 0xff); + if (isac->dch.timer.function != NULL) { + del_timer(&isac->dch.timer); +-- +2.26.2 + diff --git a/patches.suse/mac80211-choose-first-enabled-channel-for-monitor.patch b/patches.suse/mac80211-choose-first-enabled-channel-for-monitor.patch new file mode 100644 index 0000000..f3ca76b --- /dev/null +++ b/patches.suse/mac80211-choose-first-enabled-channel-for-monitor.patch @@ -0,0 +1,54 @@ +From 041c881a0ba8a75f71118bd9766b78f04beed469 Mon Sep 17 00:00:00 2001 +From: Karthikeyan Kathirvel +Date: Thu, 11 Mar 2021 10:59:07 +0530 +Subject: [PATCH] mac80211: choose first enabled channel for monitor +Git-commit: 041c881a0ba8a75f71118bd9766b78f04beed469 +Patch-mainline: v5.12-rc5 +References: git-fixes + +Even if the first channel from sband channel list is invalid +or disabled mac80211 ends up choosing it as the default channel +for monitor interfaces, making them not usable. + +Fix this by assigning the first available valid or enabled +channel instead. + +Signed-off-by: Karthikeyan Kathirvel +Link: https://lore.kernel.org/r/1615440547-7661-1-git-send-email-kathirve@codeaurora.org +[reword commit message, comment, code cleanups] + +Signed-off-by: Johannes Berg +Acked-by: Takashi Iwai + +--- + net/mac80211/main.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/net/mac80211/main.c b/net/mac80211/main.c +index 4f3f8bb58e76..1b9c82616606 100644 +--- a/net/mac80211/main.c ++++ b/net/mac80211/main.c +@@ -973,8 +973,19 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) + continue; + + if (!dflt_chandef.chan) { ++ /* ++ * Assign the first enabled channel to dflt_chandef ++ * from the list of channels ++ */ ++ for (i = 0; i < sband->n_channels; i++) ++ if (!(sband->channels[i].flags & ++ IEEE80211_CHAN_DISABLED)) ++ break; ++ /* if none found then use the first anyway */ ++ if (i == sband->n_channels) ++ i = 0; + cfg80211_chandef_create(&dflt_chandef, +- &sband->channels[0], ++ &sband->channels[i], + NL80211_CHAN_NO_HT); + /* init channel we're on */ + if (!local->use_chanctx && !local->_oper_chandef.chan) { +-- +2.26.2 + diff --git a/patches.suse/mac80211-fix-TXQ-AC-confusion.patch b/patches.suse/mac80211-fix-TXQ-AC-confusion.patch new file mode 100644 index 0000000..52d7667 --- /dev/null +++ b/patches.suse/mac80211-fix-TXQ-AC-confusion.patch @@ -0,0 +1,79 @@ +From 1153a74768a9212daadbb50767aa400bc6a0c9b0 Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Tue, 23 Mar 2021 21:05:01 +0100 +Subject: [PATCH] mac80211: fix TXQ AC confusion +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 1153a74768a9212daadbb50767aa400bc6a0c9b0 +Patch-mainline: v5.12-rc7 +References: git-fixes + +Normally, TXQs have + + txq->tid = tid; + txq->ac = ieee80211_ac_from_tid(tid); + +However, the special management TXQ actually has + + txq->tid = IEEE80211_NUM_TIDS; // 16 + txq->ac = IEEE80211_AC_VO; + +This makes sense, but ieee80211_ac_from_tid(16) is the same +as ieee80211_ac_from_tid(0) which is just IEEE80211_AC_BE. + +Now, normally this is fine. However, if the netdev queues +were stopped, then the code in ieee80211_tx_dequeue() will +propagate the stop from the interface (vif->txqs_stopped[]) +if the AC 2 (ieee80211_ac_from_tid(txq->tid)) is marked as +stopped. On wake, however, __ieee80211_wake_txqs() will wake +the TXQ if AC 0 (txq->ac) is woken up. + +If a driver stops all queues with ieee80211_stop_tx_queues() +and then wakes them again with ieee80211_wake_tx_queues(), +the ieee80211_wake_txqs() tasklet will run to resync queue +and TXQ state. If all queues were woken, then what'll happen +is that _ieee80211_wake_txqs() will run in order of HW queues +0-3, typically (and certainly for iwlwifi) corresponding to +ACs 0-3, so it'll call __ieee80211_wake_txqs() for each AC in +order 0-3. + +When __ieee80211_wake_txqs() is called for AC 0 (VO) that'll +wake up the management TXQ (remember its tid is 16), and the +driver's wake_tx_queue() will be called. That tries to get a +frame, which will immediately *stop* the TXQ again, because +now we check against AC 2, and AC 2 hasn't yet been marked as +woken up again in sdata->vif.txqs_stopped[] since we're only +in the __ieee80211_wake_txqs() call for AC 0. + +Thus, the management TXQ will never be started again. + +Fix this by checking txq->ac directly instead of calculating +the AC as ieee80211_ac_from_tid(txq->tid). + +Fixes: adf8ed01e4fd ("mac80211: add an optional TXQ for other PS-buffered frames") +Acked-by: Toke Høiland-Jørgensen +Link: https://lore.kernel.org/r/20210323210500.bf4d50afea4a.I136ffde910486301f8818f5442e3c9bf8670a9c4@changeid +Signed-off-by: Johannes Berg +Acked-by: Takashi Iwai + +--- + net/mac80211/tx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c +index 5d06de61047a..3b3bcefbf657 100644 +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -3573,7 +3573,7 @@ struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw, + test_bit(IEEE80211_TXQ_STOP_NETIF_TX, &txqi->flags)) + goto out; + +- if (vif->txqs_stopped[ieee80211_ac_from_tid(txq->tid)]) { ++ if (vif->txqs_stopped[txq->ac]) { + set_bit(IEEE80211_TXQ_STOP_NETIF_TX, &txqi->flags); + goto out; + } +-- +2.26.2 + diff --git a/patches.suse/net-atheros-switch-from-pci_-to-dma_-API.patch b/patches.suse/net-atheros-switch-from-pci_-to-dma_-API.patch new file mode 100644 index 0000000..e58a717 --- /dev/null +++ b/patches.suse/net-atheros-switch-from-pci_-to-dma_-API.patch @@ -0,0 +1,556 @@ +From 3eb002458e9cd042f72da3f6d6faba02c4885603 Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Sun, 23 Aug 2020 10:03:53 +0200 +Subject: [PATCH 06/14] net: atheros: switch from 'pci_' to 'dma_' API +Git-commit: 85eb5bc33717eea3642148632f3ecbefb7ae6a02 +Patch-mainline: v5.10-rc1 +References: git-fixes + +The wrappers in include/linux/pci-dma-compat.h should go away. + +The patch has been generated with the coccinelle script below and has been +hand modified to replace GFP_ with a correct flag. +It has been compile tested. + +When memory is allocated in 'atl1e_setup_ring_resources()' (atl1e_main.c), +'atl1_setup_ring_resources()' (atl1.c) and 'atl2_setup_ring_resources()' +(atl2.c) GFP_KERNEL can be used because it can be called from a .ndo_open. + +'atl1_setup_ring_resources()' (atl1.c) can also be called from a +'.set_ringparam' (see struct ethtool_ops) where sleep is also allowed. + +Both cases are protected by 'rtnl_lock()' which is a mutex. So these +function can sleep. + +@@ +@@ +- PCI_DMA_BIDIRECTIONAL ++ DMA_BIDIRECTIONAL + +@@ +@@ +- PCI_DMA_TODEVICE ++ DMA_TO_DEVICE + +@@ +@@ +- PCI_DMA_FROMDEVICE ++ DMA_FROM_DEVICE + +@@ +@@ +- PCI_DMA_NONE ++ DMA_NONE + +@@ +expression e1, e2, e3; +@@ +- pci_alloc_consistent(e1, e2, e3) ++ dma_alloc_coherent(&e1->dev, e2, e3, GFP_) + +@@ +expression e1, e2, e3; +@@ +- pci_zalloc_consistent(e1, e2, e3) ++ dma_alloc_coherent(&e1->dev, e2, e3, GFP_) + +@@ +expression e1, e2, e3, e4; +@@ +- pci_free_consistent(e1, e2, e3, e4) ++ dma_free_coherent(&e1->dev, e2, e3, e4) + +@@ +expression e1, e2, e3, e4; +@@ +- pci_map_single(e1, e2, e3, e4) ++ dma_map_single(&e1->dev, e2, e3, e4) + +@@ +expression e1, e2, e3, e4; +@@ +- pci_unmap_single(e1, e2, e3, e4) ++ dma_unmap_single(&e1->dev, e2, e3, e4) + +@@ +expression e1, e2, e3, e4, e5; +@@ +- pci_map_page(e1, e2, e3, e4, e5) ++ dma_map_page(&e1->dev, e2, e3, e4, e5) + +@@ +expression e1, e2, e3, e4; +@@ +- pci_unmap_page(e1, e2, e3, e4) ++ dma_unmap_page(&e1->dev, e2, e3, e4) + +@@ +expression e1, e2, e3, e4; +@@ +- pci_map_sg(e1, e2, e3, e4) ++ dma_map_sg(&e1->dev, e2, e3, e4) + +@@ +expression e1, e2, e3, e4; +@@ +- pci_unmap_sg(e1, e2, e3, e4) ++ dma_unmap_sg(&e1->dev, e2, e3, e4) + +@@ +expression e1, e2, e3, e4; +@@ +- pci_dma_sync_single_for_cpu(e1, e2, e3, e4) ++ dma_sync_single_for_cpu(&e1->dev, e2, e3, e4) + +@@ +expression e1, e2, e3, e4; +@@ +- pci_dma_sync_single_for_device(e1, e2, e3, e4) ++ dma_sync_single_for_device(&e1->dev, e2, e3, e4) + +@@ +expression e1, e2, e3, e4; +@@ +- pci_dma_sync_sg_for_cpu(e1, e2, e3, e4) ++ dma_sync_sg_for_cpu(&e1->dev, e2, e3, e4) + +@@ +expression e1, e2, e3, e4; +@@ +- pci_dma_sync_sg_for_device(e1, e2, e3, e4) ++ dma_sync_sg_for_device(&e1->dev, e2, e3, e4) + +@@ +expression e1, e2; +@@ +- pci_dma_mapping_error(e1, e2) ++ dma_mapping_error(&e1->dev, e2) + +@@ +expression e1, e2; +@@ +- pci_set_dma_mask(e1, e2) ++ dma_set_mask(&e1->dev, e2) + +@@ +expression e1, e2; +@@ +- pci_set_consistent_dma_mask(e1, e2) ++ dma_set_coherent_mask(&e1->dev, e2) + +Signed-off-by: Christophe JAILLET +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 48 ++++++++++----------- + drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 57 +++++++++++++++---------- + drivers/net/ethernet/atheros/atlx/atl1.c | 48 +++++++++++---------- + drivers/net/ethernet/atheros/atlx/atl2.c | 12 +++--- + 4 files changed, 88 insertions(+), 77 deletions(-) + +diff --git a/drivers/net/ethernet/atheros/atl1c/atl1c_main.c b/drivers/net/ethernet/atheros/atl1c/atl1c_main.c +index 179ad62a2bd2..9e970f5f773c 100644 +--- a/drivers/net/ethernet/atheros/atl1c/atl1c_main.c ++++ b/drivers/net/ethernet/atheros/atl1c/atl1c_main.c +@@ -829,16 +829,16 @@ static inline void atl1c_clean_buffer(struct pci_dev *pdev, + return; + if (buffer_info->dma) { + if (buffer_info->flags & ATL1C_PCIMAP_FROMDEVICE) +- pci_driection = PCI_DMA_FROMDEVICE; ++ pci_driection = DMA_FROM_DEVICE; + else +- pci_driection = PCI_DMA_TODEVICE; ++ pci_driection = DMA_TO_DEVICE; + + if (buffer_info->flags & ATL1C_PCIMAP_SINGLE) +- pci_unmap_single(pdev, buffer_info->dma, +- buffer_info->length, pci_driection); ++ dma_unmap_single(&pdev->dev, buffer_info->dma, ++ buffer_info->length, pci_driection); + else if (buffer_info->flags & ATL1C_PCIMAP_PAGE) +- pci_unmap_page(pdev, buffer_info->dma, +- buffer_info->length, pci_driection); ++ dma_unmap_page(&pdev->dev, buffer_info->dma, ++ buffer_info->length, pci_driection); + } + if (buffer_info->skb) + dev_consume_skb_any(buffer_info->skb); +@@ -936,9 +936,8 @@ static void atl1c_free_ring_resources(struct atl1c_adapter *adapter) + { + struct pci_dev *pdev = adapter->pdev; + +- pci_free_consistent(pdev, adapter->ring_header.size, +- adapter->ring_header.desc, +- adapter->ring_header.dma); ++ dma_free_coherent(&pdev->dev, adapter->ring_header.size, ++ adapter->ring_header.desc, adapter->ring_header.dma); + adapter->ring_header.desc = NULL; + + /* Note: just free tdp_ring.buffer_info, +@@ -1720,10 +1719,9 @@ static int atl1c_alloc_rx_buffer(struct atl1c_adapter *adapter) + ATL1C_SET_BUFFER_STATE(buffer_info, ATL1C_BUFFER_BUSY); + buffer_info->skb = skb; + buffer_info->length = adapter->rx_buffer_len; +- mapping = pci_map_single(pdev, vir_addr, +- buffer_info->length, +- PCI_DMA_FROMDEVICE); +- if (unlikely(pci_dma_mapping_error(pdev, mapping))) { ++ mapping = dma_map_single(&pdev->dev, vir_addr, ++ buffer_info->length, DMA_FROM_DEVICE); ++ if (unlikely(dma_mapping_error(&pdev->dev, mapping))) { + dev_kfree_skb(skb); + buffer_info->skb = NULL; + buffer_info->length = 0; +@@ -1834,8 +1832,8 @@ static void atl1c_clean_rx_irq(struct atl1c_adapter *adapter, + rfd_index = (rrs->word0 >> RRS_RX_RFD_INDEX_SHIFT) & + RRS_RX_RFD_INDEX_MASK; + buffer_info = &rfd_ring->buffer_info[rfd_index]; +- pci_unmap_single(pdev, buffer_info->dma, +- buffer_info->length, PCI_DMA_FROMDEVICE); ++ dma_unmap_single(&pdev->dev, buffer_info->dma, ++ buffer_info->length, DMA_FROM_DEVICE); + skb = buffer_info->skb; + } else { + /* TODO */ +@@ -2111,10 +2109,10 @@ static int atl1c_tx_map(struct atl1c_adapter *adapter, + + buffer_info = atl1c_get_tx_buffer(adapter, use_tpd); + buffer_info->length = map_len; +- buffer_info->dma = pci_map_single(adapter->pdev, +- skb->data, hdr_len, PCI_DMA_TODEVICE); +- if (unlikely(pci_dma_mapping_error(adapter->pdev, +- buffer_info->dma))) ++ buffer_info->dma = dma_map_single(&adapter->pdev->dev, ++ skb->data, hdr_len, ++ DMA_TO_DEVICE); ++ if (unlikely(dma_mapping_error(&adapter->pdev->dev, buffer_info->dma))) + goto err_dma; + ATL1C_SET_BUFFER_STATE(buffer_info, ATL1C_BUFFER_BUSY); + ATL1C_SET_PCIMAP_TYPE(buffer_info, ATL1C_PCIMAP_SINGLE, +@@ -2136,10 +2134,10 @@ static int atl1c_tx_map(struct atl1c_adapter *adapter, + buffer_info = atl1c_get_tx_buffer(adapter, use_tpd); + buffer_info->length = buf_len - mapped_len; + buffer_info->dma = +- pci_map_single(adapter->pdev, skb->data + mapped_len, +- buffer_info->length, PCI_DMA_TODEVICE); +- if (unlikely(pci_dma_mapping_error(adapter->pdev, +- buffer_info->dma))) ++ dma_map_single(&adapter->pdev->dev, ++ skb->data + mapped_len, ++ buffer_info->length, DMA_TO_DEVICE); ++ if (unlikely(dma_mapping_error(&adapter->pdev->dev, buffer_info->dma))) + goto err_dma; + + ATL1C_SET_BUFFER_STATE(buffer_info, ATL1C_BUFFER_BUSY); +@@ -2555,8 +2553,8 @@ static int atl1c_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + * various kernel subsystems to support the mechanics required by a + * fixed-high-32-bit system. + */ +- if ((pci_set_dma_mask(pdev, DMA_BIT_MASK(32)) != 0) || +- (pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(32)) != 0)) { ++ if ((dma_set_mask(&pdev->dev, DMA_BIT_MASK(32)) != 0) || ++ (dma_set_coherent_mask(&pdev->dev, DMA_BIT_MASK(32)) != 0)) { + dev_err(&pdev->dev, "No usable DMA configuration,aborting\n"); + goto err_dma; + } +diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c +index 4f7b65825c15..9c149237d48a 100644 +--- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c ++++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c +@@ -658,11 +658,13 @@ static void atl1e_clean_tx_ring(struct atl1e_adapter *adapter) + tx_buffer = &tx_ring->tx_buffer[index]; + if (tx_buffer->dma) { + if (tx_buffer->flags & ATL1E_TX_PCIMAP_SINGLE) +- pci_unmap_single(pdev, tx_buffer->dma, +- tx_buffer->length, PCI_DMA_TODEVICE); ++ dma_unmap_single(&pdev->dev, tx_buffer->dma, ++ tx_buffer->length, ++ DMA_TO_DEVICE); + else if (tx_buffer->flags & ATL1E_TX_PCIMAP_PAGE) +- pci_unmap_page(pdev, tx_buffer->dma, +- tx_buffer->length, PCI_DMA_TODEVICE); ++ dma_unmap_page(&pdev->dev, tx_buffer->dma, ++ tx_buffer->length, ++ DMA_TO_DEVICE); + tx_buffer->dma = 0; + } + } +@@ -778,8 +780,8 @@ static void atl1e_free_ring_resources(struct atl1e_adapter *adapter) + atl1e_clean_rx_ring(adapter); + + if (adapter->ring_vir_addr) { +- pci_free_consistent(pdev, adapter->ring_size, +- adapter->ring_vir_addr, adapter->ring_dma); ++ dma_free_coherent(&pdev->dev, adapter->ring_size, ++ adapter->ring_vir_addr, adapter->ring_dma); + adapter->ring_vir_addr = NULL; + } + +@@ -814,11 +816,12 @@ static int atl1e_setup_ring_resources(struct atl1e_adapter *adapter) + /* real ring DMA buffer */ + + size = adapter->ring_size; +- adapter->ring_vir_addr = pci_zalloc_consistent(pdev, adapter->ring_size, +- &adapter->ring_dma); ++ adapter->ring_vir_addr = dma_alloc_coherent(&pdev->dev, ++ adapter->ring_size, ++ &adapter->ring_dma, GFP_KERNEL); + if (adapter->ring_vir_addr == NULL) { + netdev_err(adapter->netdev, +- "pci_alloc_consistent failed, size = D%d\n", size); ++ "dma_alloc_coherent failed, size = D%d\n", size); + return -ENOMEM; + } + +@@ -874,8 +877,8 @@ static int atl1e_setup_ring_resources(struct atl1e_adapter *adapter) + return 0; + failed: + if (adapter->ring_vir_addr != NULL) { +- pci_free_consistent(pdev, adapter->ring_size, +- adapter->ring_vir_addr, adapter->ring_dma); ++ dma_free_coherent(&pdev->dev, adapter->ring_size, ++ adapter->ring_vir_addr, adapter->ring_dma); + adapter->ring_vir_addr = NULL; + } + return err; +@@ -1237,11 +1240,15 @@ static bool atl1e_clean_tx_irq(struct atl1e_adapter *adapter) + tx_buffer = &tx_ring->tx_buffer[next_to_clean]; + if (tx_buffer->dma) { + if (tx_buffer->flags & ATL1E_TX_PCIMAP_SINGLE) +- pci_unmap_single(adapter->pdev, tx_buffer->dma, +- tx_buffer->length, PCI_DMA_TODEVICE); ++ dma_unmap_single(&adapter->pdev->dev, ++ tx_buffer->dma, ++ tx_buffer->length, ++ DMA_TO_DEVICE); + else if (tx_buffer->flags & ATL1E_TX_PCIMAP_PAGE) +- pci_unmap_page(adapter->pdev, tx_buffer->dma, +- tx_buffer->length, PCI_DMA_TODEVICE); ++ dma_unmap_page(&adapter->pdev->dev, ++ tx_buffer->dma, ++ tx_buffer->length, ++ DMA_TO_DEVICE); + tx_buffer->dma = 0; + } + +@@ -1714,8 +1721,9 @@ static int atl1e_tx_map(struct atl1e_adapter *adapter, + + tx_buffer = atl1e_get_tx_buffer(adapter, use_tpd); + tx_buffer->length = map_len; +- tx_buffer->dma = pci_map_single(adapter->pdev, +- skb->data, hdr_len, PCI_DMA_TODEVICE); ++ tx_buffer->dma = dma_map_single(&adapter->pdev->dev, ++ skb->data, hdr_len, ++ DMA_TO_DEVICE); + if (dma_mapping_error(&adapter->pdev->dev, tx_buffer->dma)) + return -ENOSPC; + +@@ -1743,8 +1751,9 @@ static int atl1e_tx_map(struct atl1e_adapter *adapter, + ((buf_len - mapped_len) >= MAX_TX_BUF_LEN) ? + MAX_TX_BUF_LEN : (buf_len - mapped_len); + tx_buffer->dma = +- pci_map_single(adapter->pdev, skb->data + mapped_len, +- map_len, PCI_DMA_TODEVICE); ++ dma_map_single(&adapter->pdev->dev, ++ skb->data + mapped_len, map_len, ++ DMA_TO_DEVICE); + + if (dma_mapping_error(&adapter->pdev->dev, tx_buffer->dma)) { + /* We need to unwind the mappings we've done */ +@@ -1753,8 +1762,10 @@ static int atl1e_tx_map(struct atl1e_adapter *adapter, + while (adapter->tx_ring.next_to_use != ring_end) { + tpd = atl1e_get_tpd(adapter); + tx_buffer = atl1e_get_tx_buffer(adapter, tpd); +- pci_unmap_single(adapter->pdev, tx_buffer->dma, +- tx_buffer->length, PCI_DMA_TODEVICE); ++ dma_unmap_single(&adapter->pdev->dev, ++ tx_buffer->dma, ++ tx_buffer->length, ++ DMA_TO_DEVICE); + } + /* Reset the tx rings next pointer */ + adapter->tx_ring.next_to_use = ring_start; +@@ -2304,8 +2315,8 @@ static int atl1e_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + * various kernel subsystems to support the mechanics required by a + * fixed-high-32-bit system. + */ +- if ((pci_set_dma_mask(pdev, DMA_BIT_MASK(32)) != 0) || +- (pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(32)) != 0)) { ++ if ((dma_set_mask(&pdev->dev, DMA_BIT_MASK(32)) != 0) || ++ (dma_set_coherent_mask(&pdev->dev, DMA_BIT_MASK(32)) != 0)) { + dev_err(&pdev->dev, "No usable DMA configuration,aborting\n"); + goto err_dma; + } +diff --git a/drivers/net/ethernet/atheros/atlx/atl1.c b/drivers/net/ethernet/atheros/atlx/atl1.c +index 5f420c17bf3e..55d332c0c9c1 100644 +--- a/drivers/net/ethernet/atheros/atlx/atl1.c ++++ b/drivers/net/ethernet/atheros/atlx/atl1.c +@@ -1052,11 +1052,11 @@ static s32 atl1_setup_ring_resources(struct atl1_adapter *adapter) + + sizeof(struct stats_msg_block) + + 40; + +- ring_header->desc = pci_alloc_consistent(pdev, ring_header->size, +- &ring_header->dma); ++ ring_header->desc = dma_alloc_coherent(&pdev->dev, ring_header->size, ++ &ring_header->dma, GFP_KERNEL); + if (unlikely(!ring_header->desc)) { + if (netif_msg_drv(adapter)) +- dev_err(&pdev->dev, "pci_alloc_consistent failed\n"); ++ dev_err(&pdev->dev, "dma_alloc_coherent failed\n"); + goto err_nomem; + } + +@@ -1138,8 +1138,8 @@ static void atl1_clean_rx_ring(struct atl1_adapter *adapter) + for (i = 0; i < rfd_ring->count; i++) { + buffer_info = &rfd_ring->buffer_info[i]; + if (buffer_info->dma) { +- pci_unmap_page(pdev, buffer_info->dma, +- buffer_info->length, PCI_DMA_FROMDEVICE); ++ dma_unmap_page(&pdev->dev, buffer_info->dma, ++ buffer_info->length, DMA_FROM_DEVICE); + buffer_info->dma = 0; + } + if (buffer_info->skb) { +@@ -1177,8 +1177,8 @@ static void atl1_clean_tx_ring(struct atl1_adapter *adapter) + for (i = 0; i < tpd_ring->count; i++) { + buffer_info = &tpd_ring->buffer_info[i]; + if (buffer_info->dma) { +- pci_unmap_page(pdev, buffer_info->dma, +- buffer_info->length, PCI_DMA_TODEVICE); ++ dma_unmap_page(&pdev->dev, buffer_info->dma, ++ buffer_info->length, DMA_TO_DEVICE); + buffer_info->dma = 0; + } + } +@@ -1219,8 +1219,8 @@ static void atl1_free_ring_resources(struct atl1_adapter *adapter) + atl1_clean_rx_ring(adapter); + + kfree(tpd_ring->buffer_info); +- pci_free_consistent(pdev, ring_header->size, ring_header->desc, +- ring_header->dma); ++ dma_free_coherent(&pdev->dev, ring_header->size, ring_header->desc, ++ ring_header->dma); + + tpd_ring->buffer_info = NULL; + tpd_ring->desc = NULL; +@@ -1868,9 +1868,9 @@ static u16 atl1_alloc_rx_buffers(struct atl1_adapter *adapter) + buffer_info->length = (u16) adapter->rx_buffer_len; + page = virt_to_page(skb->data); + offset = offset_in_page(skb->data); +- buffer_info->dma = pci_map_page(pdev, page, offset, ++ buffer_info->dma = dma_map_page(&pdev->dev, page, offset, + adapter->rx_buffer_len, +- PCI_DMA_FROMDEVICE); ++ DMA_FROM_DEVICE); + rfd_desc->buffer_addr = cpu_to_le64(buffer_info->dma); + rfd_desc->buf_len = cpu_to_le16(adapter->rx_buffer_len); + rfd_desc->coalese = 0; +@@ -1994,8 +1994,8 @@ static int atl1_intr_rx(struct atl1_adapter *adapter, int budget) + } + + /* Good Receive */ +- pci_unmap_page(adapter->pdev, buffer_info->dma, +- buffer_info->length, PCI_DMA_FROMDEVICE); ++ dma_unmap_page(&adapter->pdev->dev, buffer_info->dma, ++ buffer_info->length, DMA_FROM_DEVICE); + buffer_info->dma = 0; + skb = buffer_info->skb; + length = le16_to_cpu(rrd->xsz.xsum_sz.pkt_size); +@@ -2064,8 +2064,8 @@ static int atl1_intr_tx(struct atl1_adapter *adapter) + while (cmb_tpd_next_to_clean != sw_tpd_next_to_clean) { + buffer_info = &tpd_ring->buffer_info[sw_tpd_next_to_clean]; + if (buffer_info->dma) { +- pci_unmap_page(adapter->pdev, buffer_info->dma, +- buffer_info->length, PCI_DMA_TODEVICE); ++ dma_unmap_page(&adapter->pdev->dev, buffer_info->dma, ++ buffer_info->length, DMA_TO_DEVICE); + buffer_info->dma = 0; + } + +@@ -2212,9 +2212,9 @@ static void atl1_tx_map(struct atl1_adapter *adapter, struct sk_buff *skb, + buffer_info->length = hdr_len; + page = virt_to_page(skb->data); + offset = offset_in_page(skb->data); +- buffer_info->dma = pci_map_page(adapter->pdev, page, ++ buffer_info->dma = dma_map_page(&adapter->pdev->dev, page, + offset, hdr_len, +- PCI_DMA_TODEVICE); ++ DMA_TO_DEVICE); + + if (++next_to_use == tpd_ring->count) + next_to_use = 0; +@@ -2237,9 +2237,10 @@ static void atl1_tx_map(struct atl1_adapter *adapter, struct sk_buff *skb, + (hdr_len + i * ATL1_MAX_TX_BUF_LEN)); + offset = offset_in_page(skb->data + + (hdr_len + i * ATL1_MAX_TX_BUF_LEN)); +- buffer_info->dma = pci_map_page(adapter->pdev, +- page, offset, buffer_info->length, +- PCI_DMA_TODEVICE); ++ buffer_info->dma = dma_map_page(&adapter->pdev->dev, ++ page, offset, ++ buffer_info->length, ++ DMA_TO_DEVICE); + if (++next_to_use == tpd_ring->count) + next_to_use = 0; + } +@@ -2249,8 +2250,9 @@ static void atl1_tx_map(struct atl1_adapter *adapter, struct sk_buff *skb, + buffer_info->length = buf_len; + page = virt_to_page(skb->data); + offset = offset_in_page(skb->data); +- buffer_info->dma = pci_map_page(adapter->pdev, page, +- offset, buf_len, PCI_DMA_TODEVICE); ++ buffer_info->dma = dma_map_page(&adapter->pdev->dev, page, ++ offset, buf_len, ++ DMA_TO_DEVICE); + if (++next_to_use == tpd_ring->count) + next_to_use = 0; + } +@@ -2926,7 +2928,7 @@ static int atl1_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + * various kernel subsystems to support the mechanics required by a + * fixed-high-32-bit system. + */ +- err = pci_set_dma_mask(pdev, DMA_BIT_MASK(32)); ++ err = dma_set_mask(&pdev->dev, DMA_BIT_MASK(32)); + if (err) { + dev_err(&pdev->dev, "no usable DMA configuration\n"); + goto err_dma; +diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethernet/atheros/atlx/atl2.c +index 3aba38322717..80b050ecae3c 100644 +--- a/drivers/net/ethernet/atheros/atlx/atl2.c ++++ b/drivers/net/ethernet/atheros/atlx/atl2.c +@@ -287,8 +287,8 @@ static s32 atl2_setup_ring_resources(struct atl2_adapter *adapter) + adapter->txs_ring_size * 4 + 7 + /* dword align */ + adapter->rxd_ring_size * 1536 + 127; /* 128bytes align */ + +- adapter->ring_vir_addr = pci_alloc_consistent(pdev, size, +- &adapter->ring_dma); ++ adapter->ring_vir_addr = dma_alloc_coherent(&pdev->dev, size, ++ &adapter->ring_dma, GFP_KERNEL); + if (!adapter->ring_vir_addr) + return -ENOMEM; + +@@ -669,8 +669,8 @@ static int atl2_request_irq(struct atl2_adapter *adapter) + static void atl2_free_ring_resources(struct atl2_adapter *adapter) + { + struct pci_dev *pdev = adapter->pdev; +- pci_free_consistent(pdev, adapter->ring_size, adapter->ring_vir_addr, +- adapter->ring_dma); ++ dma_free_coherent(&pdev->dev, adapter->ring_size, ++ adapter->ring_vir_addr, adapter->ring_dma); + } + + /** +@@ -1334,8 +1334,8 @@ static int atl2_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + * until the kernel has the proper infrastructure to support 64-bit DMA + * on these devices. + */ +- if (pci_set_dma_mask(pdev, DMA_BIT_MASK(32)) && +- pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(32))) { ++ if (dma_set_mask(&pdev->dev, DMA_BIT_MASK(32)) && ++ dma_set_coherent_mask(&pdev->dev, DMA_BIT_MASK(32))) { + printk(KERN_ERR "atl2: No usable DMA configuration, aborting\n"); + err = -EIO; + goto err_dma; +-- +2.16.4 + diff --git a/patches.suse/net-b44-fix-error-return-code-in-b44_init_one.patch b/patches.suse/net-b44-fix-error-return-code-in-b44_init_one.patch new file mode 100644 index 0000000..be41884 --- /dev/null +++ b/patches.suse/net-b44-fix-error-return-code-in-b44_init_one.patch @@ -0,0 +1,39 @@ +From 1933ee56befa0ae158fae1afd317b805e4a77525 Mon Sep 17 00:00:00 2001 +From: Zhang Changzhong +Date: Tue, 17 Nov 2020 11:02:11 +0800 +Subject: [PATCH 05/14] net: b44: fix error return code in b44_init_one() +Git-commit: 7b027c249da54f492699c43e26cba486cfd48035 +Patch-mainline: v5.10-rc5 +References: git-fixes + +Fix to return a negative error code from the error handling +case instead of 0, as done elsewhere in this function. + +Fixes: 39a6f4bce6b4 ("b44: replace the ssb_dma API with the generic DMA API") +Reported-by: Hulk Robot +Signed-off-by: Zhang Changzhong +Reviewed-by: Michael Chan +Link: https://lore.kernel.org/r/1605582131-36735-1-git-send-email-zhangchangzhong@huawei.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/broadcom/b44.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/broadcom/b44.c b/drivers/net/ethernet/broadcom/b44.c +index 97ab0dd25552..5b46dd16dc83 100644 +--- a/drivers/net/ethernet/broadcom/b44.c ++++ b/drivers/net/ethernet/broadcom/b44.c +@@ -2388,7 +2388,8 @@ static int b44_init_one(struct ssb_device *sdev, + goto err_out_free_dev; + } + +- if (dma_set_mask_and_coherent(sdev->dma_dev, DMA_BIT_MASK(30))) { ++ err = dma_set_mask_and_coherent(sdev->dma_dev, DMA_BIT_MASK(30)); ++ if (err) { + dev_err(sdev->dev, + "Required 30BIT DMA mask unsupported by the system\n"); + goto err_out_powerdown; +-- +2.16.4 + diff --git a/patches.suse/net-ethernet-ti-cpsw-fix-error-return-code-in-cpsw_p.patch b/patches.suse/net-ethernet-ti-cpsw-fix-error-return-code-in-cpsw_p.patch new file mode 100644 index 0000000..d43e6f2 --- /dev/null +++ b/patches.suse/net-ethernet-ti-cpsw-fix-error-return-code-in-cpsw_p.patch @@ -0,0 +1,37 @@ +From 71a188c4013e1b170bd7377851302a9b54d1bcc2 Mon Sep 17 00:00:00 2001 +From: Zhang Changzhong +Date: Fri, 13 Nov 2020 14:49:33 +0800 +Subject: [PATCH 03/14] net: ethernet: ti: cpsw: fix error return code in + cpsw_probe() +Git-commit: 35f735c665114840dcd3142f41148d07870f51f7 +Patch-mainline: v5.10-rc5 +References: git-fixes + +Fix to return a negative error code from the error handling +case instead of 0, as done elsewhere in this function. + +Fixes: 83a8471ba255 ("net: ethernet: ti: cpsw: refactor probe to group common hw initialization") +Reported-by: Hulk Robot +Signed-off-by: Zhang Changzhong +Link: https://lore.kernel.org/r/1605250173-18438-1-git-send-email-zhangchangzhong@huawei.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/ti/cpsw.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/ethernet/ti/cpsw.c b/drivers/net/ethernet/ti/cpsw.c +index 978eaded8f00..59b0433a780c 100644 +--- a/drivers/net/ethernet/ti/cpsw.c ++++ b/drivers/net/ethernet/ti/cpsw.c +@@ -2876,6 +2876,7 @@ static int cpsw_probe(struct platform_device *pdev) + CPSW_MAX_QUEUES, CPSW_MAX_QUEUES); + if (!ndev) { + dev_err(dev, "error allocating net_device\n"); ++ ret = -ENOMEM; + goto clean_cpts; + } + +-- +2.16.4 + diff --git a/patches.suse/net-hns3-Remove-the-left-over-redundant-check-assign.patch b/patches.suse/net-hns3-Remove-the-left-over-redundant-check-assign.patch new file mode 100644 index 0000000..83875fc --- /dev/null +++ b/patches.suse/net-hns3-Remove-the-left-over-redundant-check-assign.patch @@ -0,0 +1,38 @@ +From: Salil Mehta +Date: Mon, 5 Apr 2021 18:06:44 +0100 +Subject: net: hns3: Remove the left over redundant check & assignment +Patch-mainline: v5.12-rc7 +Git-commit: 9a6aaf61487e6d96ce0bf9b84a784c528dbf6e5e +References: bsc#1154353 + +This removes the left over check and assignment which is no longer used +anywhere in the function and should have been removed as part of the +below mentioned patch. + +Fixes: 012fcb52f67c ("net: hns3: activate reset timer when calling reset_event") +Signed-off-by: Salil Mehta +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 --- + 1 file changed, 3 deletions(-) + +--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c ++++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c +@@ -3844,7 +3844,6 @@ static void hclge_reset_event(struct pci + * normalcy is to reset. + * 2. A new reset request from the stack due to timeout + * +- * For the first case,error event might not have ae handle available. + * check if this is a new reset request and we are not here just because + * last reset attempt did not succeed and watchdog hit us again. We will + * know this if last reset request did not occur very recently (watchdog +@@ -3854,8 +3853,6 @@ static void hclge_reset_event(struct pci + * want to make sure we throttle the reset request. Therefore, we will + * not allow it again before 3*HZ times. + */ +- if (!handle) +- handle = &hdev->vport[0].nic; + + if (time_before(jiffies, (hdev->last_reset_time + + HCLGE_RESET_INTERVAL))) { diff --git a/patches.suse/net-lantiq-Wait-for-the-GPHY-firmware-to-be-ready.patch b/patches.suse/net-lantiq-Wait-for-the-GPHY-firmware-to-be-ready.patch new file mode 100644 index 0000000..ce456a7 --- /dev/null +++ b/patches.suse/net-lantiq-Wait-for-the-GPHY-firmware-to-be-ready.patch @@ -0,0 +1,77 @@ +From 2d6a88d8a4fbabb2b03286a61cbdd66eda38bc04 Mon Sep 17 00:00:00 2001 +From: Martin Blumenstingl +Date: Sun, 15 Nov 2020 17:57:57 +0100 +Subject: [PATCH 01/14] net: lantiq: Wait for the GPHY firmware to be ready +Git-commit: 2a1828e378c1b5ba1ff283ed8f8c5cc37bb391dc +Patch-mainline: v5.10-rc5 +References: git-fixes + +A user reports (slightly shortened from the original message): + libphy: lantiq,xrx200-mdio: probed + mdio_bus 1e108000.switch-mii: MDIO device at address 17 is missing. + gswip 1e108000.switch lan: no phy at 2 + gswip 1e108000.switch lan: failed to connect to port 2: -19 + lantiq,xrx200-net 1e10b308.eth eth0: error -19 setting up slave phy + +This is a single-port board using the internal Fast Ethernet PHY. The +user reports that switching to PHY scanning instead of configuring the +PHY within device-tree works around this issue. + +The documentation for the standalone variant of the PHY11G (which is +probably very similar to what is used inside the xRX200 SoCs but having +the firmware burnt onto that standalone chip in the factory) states that +the PHY needs 300ms to be ready for MDIO communication after releasing +the reset. + +Add a 300ms delay after initializing all GPHYs to ensure that the GPHY +firmware had enough time to initialize and to appear on the MDIO bus. +Unfortunately there is no (known) documentation on what the minimum time +to wait after releasing the reset on an internal PHY so play safe and +take the one for the external variant. Only wait after the last GPHY +firmware is loaded to not slow down the initialization too much ( +xRX200 has two GPHYs but newer SoCs have at least three GPHYs). + +Fixes: 14fceff4771e51 ("net: dsa: Add Lantiq / Intel DSA driver for vrx200") +Reviewed-by: Andrew Lunn +Signed-off-by: Martin Blumenstingl +Acked-by: Hauke Mehrtens +Reviewed-by: Florian Fainelli +Link: https://lore.kernel.org/r/20201115165757.552641-1-martin.blumenstingl@googlemail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/dsa/lantiq_gswip.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/drivers/net/dsa/lantiq_gswip.c b/drivers/net/dsa/lantiq_gswip.c +index ecaa6690f159..4b69f782f8e3 100644 +--- a/drivers/net/dsa/lantiq_gswip.c ++++ b/drivers/net/dsa/lantiq_gswip.c +@@ -26,6 +26,7 @@ + */ + + #include ++#include + #include + #include + #include +@@ -1812,6 +1813,16 @@ static int gswip_gphy_fw_list(struct gswip_priv *priv, + i++; + } + ++ /* The standalone PHY11G requires 300ms to be fully ++ * initialized and ready for any MDIO communication after being ++ * taken out of reset. For the SoC-internal GPHY variant there ++ * is no (known) documentation for the minimum time after a ++ * reset. Use the same value as for the standalone variant as ++ * some users have reported internal PHYs not being detected ++ * without any delay. ++ */ ++ msleep(300); ++ + return 0; + + remove_gphy: +-- +2.16.4 + diff --git a/patches.suse/net-mlx5-Fix-PPLM-register-mapping.patch b/patches.suse/net-mlx5-Fix-PPLM-register-mapping.patch new file mode 100644 index 0000000..14d6dba --- /dev/null +++ b/patches.suse/net-mlx5-Fix-PPLM-register-mapping.patch @@ -0,0 +1,31 @@ +From: Aya Levin +Date: Sun, 4 Apr 2021 10:50:50 +0300 +Subject: net/mlx5: Fix PPLM register mapping +Patch-mainline: v5.12-rc7 +Git-commit: ce28f0fd670ddffcd564ce7119bdefbaf08f02d3 +References: jsc#SLE-8464 + +Add reserved mapping to cover all the register in order to avoid +setting arbitrary values to newer FW which implements the reserved +fields. + +Fixes: a58837f52d43 ("net/mlx5e: Expose FEC feilds and related capability bit") +Signed-off-by: Aya Levin +Reviewed-by: Moshe Shemesh +Signed-off-by: Saeed Mahameed +Acked-by: Thomas Bogendoerfer +--- + include/linux/mlx5/mlx5_ifc.h | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/include/linux/mlx5/mlx5_ifc.h ++++ b/include/linux/mlx5/mlx5_ifc.h +@@ -8620,6 +8620,8 @@ struct mlx5_ifc_pplm_reg_bits { + + u8 fec_override_admin_100g_2x[0x10]; + u8 fec_override_admin_50g_1x[0x10]; ++ ++ u8 reserved_at_140[0x140]; + }; + + struct mlx5_ifc_ppcnt_reg_bits { diff --git a/patches.suse/net-pasemi-fix-error-return-code-in-pasemi_mac_open.patch b/patches.suse/net-pasemi-fix-error-return-code-in-pasemi_mac_open.patch new file mode 100644 index 0000000..bf245fc --- /dev/null +++ b/patches.suse/net-pasemi-fix-error-return-code-in-pasemi_mac_open.patch @@ -0,0 +1,52 @@ +From ddee1c7836e993932971a8938d308656bc5a53e2 Mon Sep 17 00:00:00 2001 +From: Zhang Changzhong +Date: Wed, 2 Dec 2020 17:57:15 +0800 +Subject: [PATCH 09/14] net: pasemi: fix error return code in pasemi_mac_open() +Git-commit: aba84871bd4f52c4dfcf3ad5d4501a6c9d2de90e +Patch-mainline: v5.10-rc7 +References: git-fixes + +Fix to return a negative error code from the error handling +case instead of 0, as done elsewhere in this function. + +Fixes: 72b05b9940f0 ("pasemi_mac: RX/TX ring management cleanup") +Fixes: 8d636d8bc5ff ("pasemi_mac: jumbo frame support") +Reported-by: Hulk Robot +Signed-off-by: Zhang Changzhong +Link: https://lore.kernel.org/r/1606903035-1838-1-git-send-email-zhangchangzhong@huawei.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/pasemi/pasemi_mac.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/pasemi/pasemi_mac.c b/drivers/net/ethernet/pasemi/pasemi_mac.c +index be6660128b55..040a15a828b4 100644 +--- a/drivers/net/ethernet/pasemi/pasemi_mac.c ++++ b/drivers/net/ethernet/pasemi/pasemi_mac.c +@@ -1078,16 +1078,20 @@ static int pasemi_mac_open(struct net_device *dev) + + mac->tx = pasemi_mac_setup_tx_resources(dev); + +- if (!mac->tx) ++ if (!mac->tx) { ++ ret = -ENOMEM; + goto out_tx_ring; ++ } + + /* We might already have allocated rings in case mtu was changed + * before interface was brought up. + */ + if (dev->mtu > 1500 && !mac->num_cs) { + pasemi_mac_setup_csrings(mac); +- if (!mac->num_cs) ++ if (!mac->num_cs) { ++ ret = -ENOMEM; + goto out_tx_ring; ++ } + } + + /* Zero out rmon counters */ +-- +2.16.4 + diff --git a/patches.suse/net-phy-broadcom-Only-advertise-EEE-for-supported-mo.patch b/patches.suse/net-phy-broadcom-Only-advertise-EEE-for-supported-mo.patch new file mode 100644 index 0000000..c13c487 --- /dev/null +++ b/patches.suse/net-phy-broadcom-Only-advertise-EEE-for-supported-mo.patch @@ -0,0 +1,56 @@ +From c056d480b40a68f2520ccc156c7fae672d69d57d Mon Sep 17 00:00:00 2001 +From: Florian Fainelli +Date: Tue, 30 Mar 2021 15:00:24 -0700 +Subject: [PATCH] net: phy: broadcom: Only advertise EEE for supported modes +Git-commit: c056d480b40a68f2520ccc156c7fae672d69d57d +Patch-mainline: v5.12-rc7 +References: git-fixes + +We should not be advertising EEE for modes that we do not support, +correct that oversight by looking at the PHY device supported linkmodes. + +Fixes: 99cec8a4dda2 ("net: phy: broadcom: Allow enabling or disabling of EEE") +Signed-off-by: Florian Fainelli +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + drivers/net/phy/bcm-phy-lib.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/phy/bcm-phy-lib.c b/drivers/net/phy/bcm-phy-lib.c +index 53282a6d5928..287cccf8f7f4 100644 +--- a/drivers/net/phy/bcm-phy-lib.c ++++ b/drivers/net/phy/bcm-phy-lib.c +@@ -369,7 +369,7 @@ EXPORT_SYMBOL_GPL(bcm_phy_enable_apd); + + int bcm_phy_set_eee(struct phy_device *phydev, bool enable) + { +- int val; ++ int val, mask = 0; + + /* Enable EEE at PHY level */ + val = phy_read_mmd(phydev, MDIO_MMD_AN, BRCM_CL45VEN_EEE_CONTROL); +@@ -388,10 +388,17 @@ int bcm_phy_set_eee(struct phy_device *phydev, bool enable) + if (val < 0) + return val; + ++ if (linkmode_test_bit(ETHTOOL_LINK_MODE_1000baseT_Full_BIT, ++ phydev->supported)) ++ mask |= MDIO_EEE_1000T; ++ if (linkmode_test_bit(ETHTOOL_LINK_MODE_100baseT_Full_BIT, ++ phydev->supported)) ++ mask |= MDIO_EEE_100TX; ++ + if (enable) +- val |= (MDIO_EEE_100TX | MDIO_EEE_1000T); ++ val |= mask; + else +- val &= ~(MDIO_EEE_100TX | MDIO_EEE_1000T); ++ val &= ~mask; + + phy_write_mmd(phydev, MDIO_MMD_AN, BCM_CL45VEN_EEE_ADV, (u32)val); + +-- +2.26.2 + diff --git a/patches.suse/net-qualcomm-rmnet-Fix-incorrect-receive-packet-hand.patch b/patches.suse/net-qualcomm-rmnet-Fix-incorrect-receive-packet-hand.patch new file mode 100644 index 0000000..a1d5b29 --- /dev/null +++ b/patches.suse/net-qualcomm-rmnet-Fix-incorrect-receive-packet-hand.patch @@ -0,0 +1,59 @@ +From 04fd8c8fa4dab20c4b83a3cc61618af8ba72ad3a Mon Sep 17 00:00:00 2001 +From: Subash Abhinov Kasiviswanathan +Date: Fri, 13 Nov 2020 13:12:05 -0700 +Subject: [PATCH 04/14] net: qualcomm: rmnet: Fix incorrect receive packet + handling during cleanup +Git-commit: fc70f5bf5e525dde81565f0a30d5e39168062eba +Patch-mainline: v5.10-rc5 +References: git-fixes + +During rmnet unregistration, the real device rx_handler is first cleared +followed by the removal of rx_handler_data after the rcu synchronization. + +Any packets in the receive path may observe that the rx_handler is NULL. +However, there is no check when dereferencing this value to use the +rmnet_port information. + +This fixes following splat by adding the NULL check. + +Unable to handle kernel NULL pointer dereference at virtual +address 000000000000000d +pc : rmnet_rx_handler+0x124/0x284 +lr : rmnet_rx_handler+0x124/0x284 + rmnet_rx_handler+0x124/0x284 + __netif_receive_skb_core+0x758/0xd74 + __netif_receive_skb+0x50/0x17c + process_backlog+0x15c/0x1b8 + napi_poll+0x88/0x284 + net_rx_action+0xbc/0x23c + __do_softirq+0x20c/0x48c + +Fixes: ceed73a2cf4a ("drivers: net: ethernet: qualcomm: rmnet: Initial implementation") +Signed-off-by: Sean Tranchetti +Signed-off-by: Subash Abhinov Kasiviswanathan +Link: https://lore.kernel.org/r/1605298325-3705-1-git-send-email-subashab@codeaurora.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c +index 29a7bfa2584d..3d7d3ab383f8 100644 +--- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c ++++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c +@@ -188,6 +188,11 @@ rx_handler_result_t rmnet_rx_handler(struct sk_buff **pskb) + + dev = skb->dev; + port = rmnet_get_port_rcu(dev); ++ if (unlikely(!port)) { ++ atomic_long_inc(&skb->dev->rx_nohandler); ++ kfree_skb(skb); ++ goto done; ++ } + + switch (port->rmnet_mode) { + case RMNET_EPMODE_VND: +-- +2.16.4 + diff --git a/patches.suse/nfc-Avoid-endless-loops-caused-by-repeated-llcp_sock.patch b/patches.suse/nfc-Avoid-endless-loops-caused-by-repeated-llcp_sock.patch new file mode 100644 index 0000000..01b58c7 --- /dev/null +++ b/patches.suse/nfc-Avoid-endless-loops-caused-by-repeated-llcp_sock.patch @@ -0,0 +1,49 @@ +From 4b5db93e7f2afbdfe3b78e37879a85290187e6f1 Mon Sep 17 00:00:00 2001 +From: Xiaoming Ni +Date: Thu, 25 Mar 2021 11:51:13 +0800 +Subject: [PATCH] nfc: Avoid endless loops caused by repeated llcp_sock_connect() +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 4b5db93e7f2afbdfe3b78e37879a85290187e6f1 +Patch-mainline: v5.12-rc7 +References: CVE-2020-25673 bsc#1178181 + +When sock_wait_state() returns -EINPROGRESS, "sk->sk_state" is + LLCP_CONNECTING. In this case, llcp_sock_connect() is repeatedly invoked, + nfc_llcp_sock_link() will add sk to local->connecting_sockets twice. + sk->sk_node->next will point to itself, that will make an endless loop + and hang-up the system. +To fix it, check whether sk->sk_state is LLCP_CONNECTING in + llcp_sock_connect() to avoid repeated invoking. + +Fixes: b4011239a08e ("NFC: llcp: Fix non blocking sockets connections") +Reported-by: "kiyin(尹亮)" +Link: https://www.openwall.com/lists/oss-security/2020/11/01/1 +Cc: #v3.11 +Signed-off-by: Xiaoming Ni +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + net/nfc/llcp_sock.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c +index 59172614b249..a3b46f888803 100644 +--- a/net/nfc/llcp_sock.c ++++ b/net/nfc/llcp_sock.c +@@ -673,6 +673,10 @@ static int llcp_sock_connect(struct socket *sock, struct sockaddr *_addr, + ret = -EISCONN; + goto error; + } ++ if (sk->sk_state == LLCP_CONNECTING) { ++ ret = -EINPROGRESS; ++ goto error; ++ } + + dev = nfc_get_device(addr->dev_idx); + if (dev == NULL) { +-- +2.26.2 + diff --git a/patches.suse/nfc-fix-memory-leak-in-llcp_sock_connect.patch b/patches.suse/nfc-fix-memory-leak-in-llcp_sock_connect.patch new file mode 100644 index 0000000..efcd589 --- /dev/null +++ b/patches.suse/nfc-fix-memory-leak-in-llcp_sock_connect.patch @@ -0,0 +1,46 @@ +From 7574fcdbdcb335763b6b322f6928dc0fd5730451 Mon Sep 17 00:00:00 2001 +From: Xiaoming Ni +Date: Thu, 25 Mar 2021 11:51:12 +0800 +Subject: [PATCH] nfc: fix memory leak in llcp_sock_connect() +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 7574fcdbdcb335763b6b322f6928dc0fd5730451 +Patch-mainline: v5.12-rc7 +References: CVE-2020-25672 bsc#1178181 + +In llcp_sock_connect(), use kmemdup to allocate memory for + "llcp_sock->service_name". The memory is not released in the sock_unlink +label of the subsequent failure branch. +As a result, memory leakage occurs. + +fix CVE-2020-25672 + +Fixes: d646960f7986 ("NFC: Initial LLCP support") +Reported-by: "kiyin(尹亮)" +Link: https://www.openwall.com/lists/oss-security/2020/11/01/1 +Cc: #v3.3 +Signed-off-by: Xiaoming Ni +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + net/nfc/llcp_sock.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c +index 9e2799ee1595..59172614b249 100644 +--- a/net/nfc/llcp_sock.c ++++ b/net/nfc/llcp_sock.c +@@ -746,6 +746,8 @@ static int llcp_sock_connect(struct socket *sock, struct sockaddr *_addr, + + sock_unlink: + nfc_llcp_sock_unlink(&local->connecting_sockets, sk); ++ kfree(llcp_sock->service_name); ++ llcp_sock->service_name = NULL; + + sock_llcp_release: + nfc_llcp_put_ssap(local, llcp_sock->ssap); +-- +2.26.2 + diff --git a/patches.suse/nfc-fix-refcount-leak-in-llcp_sock_bind.patch b/patches.suse/nfc-fix-refcount-leak-in-llcp_sock_bind.patch new file mode 100644 index 0000000..d48a166 --- /dev/null +++ b/patches.suse/nfc-fix-refcount-leak-in-llcp_sock_bind.patch @@ -0,0 +1,51 @@ +From c33b1cc62ac05c1dbb1cdafe2eb66da01c76ca8d Mon Sep 17 00:00:00 2001 +From: Xiaoming Ni +Date: Thu, 25 Mar 2021 11:51:10 +0800 +Subject: [PATCH] nfc: fix refcount leak in llcp_sock_bind() +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: c33b1cc62ac05c1dbb1cdafe2eb66da01c76ca8d +Patch-mainline: v5.12-rc7 +References: CVE-2020-25670 bsc#1178181 + +nfc_llcp_local_get() is invoked in llcp_sock_bind(), +but nfc_llcp_local_put() is not invoked in subsequent failure branches. +As a result, refcount leakage occurs. +To fix it, add calling nfc_llcp_local_put(). + +fix CVE-2020-25670 + +Fixes: c7aa12252f51 ("NFC: Take a reference on the LLCP local pointer when creating a socket") +Reported-by: "kiyin(尹亮)" +Link: https://www.openwall.com/lists/oss-security/2020/11/01/1 +Cc: #v3.6 +Signed-off-by: Xiaoming Ni +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + net/nfc/llcp_sock.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c +index d257ed3b732a..68832ee4b9f8 100644 +--- a/net/nfc/llcp_sock.c ++++ b/net/nfc/llcp_sock.c +@@ -108,11 +108,13 @@ static int llcp_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) + llcp_sock->service_name_len, + GFP_KERNEL); + if (!llcp_sock->service_name) { ++ nfc_llcp_local_put(llcp_sock->local); + ret = -ENOMEM; + goto put_dev; + } + llcp_sock->ssap = nfc_llcp_get_sdp_ssap(local, llcp_sock); + if (llcp_sock->ssap == LLCP_SAP_MAX) { ++ nfc_llcp_local_put(llcp_sock->local); + kfree(llcp_sock->service_name); + llcp_sock->service_name = NULL; + ret = -EADDRINUSE; +-- +2.26.2 + diff --git a/patches.suse/nfc-fix-refcount-leak-in-llcp_sock_connect.patch b/patches.suse/nfc-fix-refcount-leak-in-llcp_sock_connect.patch new file mode 100644 index 0000000..4c0caa9 --- /dev/null +++ b/patches.suse/nfc-fix-refcount-leak-in-llcp_sock_connect.patch @@ -0,0 +1,53 @@ +From 8a4cd82d62b5ec7e5482333a72b58a4eea4979f0 Mon Sep 17 00:00:00 2001 +From: Xiaoming Ni +Date: Thu, 25 Mar 2021 11:51:11 +0800 +Subject: [PATCH] nfc: fix refcount leak in llcp_sock_connect() +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 8a4cd82d62b5ec7e5482333a72b58a4eea4979f0 +Patch-mainline: v5.12-rc7 +References: CVE-2020-25671 bsc#1178181 + +nfc_llcp_local_get() is invoked in llcp_sock_connect(), +but nfc_llcp_local_put() is not invoked in subsequent failure branches. +As a result, refcount leakage occurs. +To fix it, add calling nfc_llcp_local_put(). + +fix CVE-2020-25671 + +Fixes: c7aa12252f51 ("NFC: Take a reference on the LLCP local pointer when creating a socket") +Reported-by: "kiyin(尹亮)" +Link: https://www.openwall.com/lists/oss-security/2020/11/01/1 +Cc: #v3.6 +Signed-off-by: Xiaoming Ni +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + net/nfc/llcp_sock.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c +index 68832ee4b9f8..9e2799ee1595 100644 +--- a/net/nfc/llcp_sock.c ++++ b/net/nfc/llcp_sock.c +@@ -704,6 +704,7 @@ static int llcp_sock_connect(struct socket *sock, struct sockaddr *_addr, + llcp_sock->local = nfc_llcp_local_get(local); + llcp_sock->ssap = nfc_llcp_get_local_ssap(local); + if (llcp_sock->ssap == LLCP_SAP_MAX) { ++ nfc_llcp_local_put(llcp_sock->local); + ret = -ENOMEM; + goto put_dev; + } +@@ -748,6 +749,7 @@ static int llcp_sock_connect(struct socket *sock, struct sockaddr *_addr, + + sock_llcp_release: + nfc_llcp_put_ssap(local, llcp_sock->ssap); ++ nfc_llcp_local_put(llcp_sock->local); + + put_dev: + nfc_put_device(dev); +-- +2.26.2 + diff --git a/patches.suse/platform-x86-intel-hid-Support-Lenovo-ThinkPad-X1-Ta.patch b/patches.suse/platform-x86-intel-hid-Support-Lenovo-ThinkPad-X1-Ta.patch new file mode 100644 index 0000000..02da152 --- /dev/null +++ b/patches.suse/platform-x86-intel-hid-Support-Lenovo-ThinkPad-X1-Ta.patch @@ -0,0 +1,44 @@ +From 56678a5f44ef5f0ad9a67194bbee2280c6286534 Mon Sep 17 00:00:00 2001 +From: Alban Bedel +Date: Mon, 22 Feb 2021 15:15:59 +0100 +Subject: [PATCH] platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 +Git-commit: 56678a5f44ef5f0ad9a67194bbee2280c6286534 +Patch-mainline: v5.12-rc5 +References: git-fixes + +Like a few other system the Lenovo ThinkPad X1 Tablet Gen 2 miss the +HEBC method, which prevent the power button from working. Add a quirk +to enable the button array on this system family and fix the power +button. + +Signed-off-by: Alban Bedel +Tested-by: Alexander Kobel +Link: https://lore.kernel.org/r/20210222141559.3775-1-albeu@free.fr +Signed-off-by: Hans de Goede +Acked-by: Takashi Iwai + +--- + drivers/platform/x86/intel-hid.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/platform/x86/intel-hid.c b/drivers/platform/x86/intel-hid.c +index 2f5b8d09143e..57cc92891a57 100644 +--- a/drivers/platform/x86/intel-hid.c ++++ b/drivers/platform/x86/intel-hid.c +@@ -90,6 +90,13 @@ static const struct dmi_system_id button_array_table[] = { + DMI_MATCH(DMI_PRODUCT_NAME, "HP Spectre x2 Detachable"), + }, + }, ++ { ++ .ident = "Lenovo ThinkPad X1 Tablet Gen 2", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), ++ DMI_MATCH(DMI_PRODUCT_FAMILY, "ThinkPad X1 Tablet Gen 2"), ++ }, ++ }, + { } + }; + +-- +2.26.2 + diff --git a/patches.suse/platform-x86-thinkpad_acpi-Allow-the-FnLock-LED-to-c.patch b/patches.suse/platform-x86-thinkpad_acpi-Allow-the-FnLock-LED-to-c.patch new file mode 100644 index 0000000..621cefc --- /dev/null +++ b/patches.suse/platform-x86-thinkpad_acpi-Allow-the-FnLock-LED-to-c.patch @@ -0,0 +1,72 @@ +From 3d677f12ea3a2097a16ded570623567403dea959 Mon Sep 17 00:00:00 2001 +From: Esteve Varela Colominas +Date: Mon, 15 Mar 2021 20:58:24 +0100 +Subject: [PATCH] platform/x86: thinkpad_acpi: Allow the FnLock LED to change state +Git-commit: 3d677f12ea3a2097a16ded570623567403dea959 +Patch-mainline: v5.12-rc5 +References: git-fixes + +On many recent ThinkPad laptops, there's a new LED next to the ESC key, +that indicates the FnLock status. +When the Fn+ESC combo is pressed, FnLock is toggled, which causes the +Media Key functionality to change, making it so that the media keys +either perform their media key function, or function as an F-key by +default. The Fn key can be used the access the alternate function at any +time. + +With the current linux kernel, the LED doens't change state if you press +the Fn+ESC key combo. However, the media key functionality *does* +change. This is annoying, since the LED will stay on if it was on during +bootup, and it makes it hard to keep track what the current state of the +FnLock is. + +This patch calls an ACPI function, that gets the current media key +state, when the Fn+ESC key combo is pressed. Through testing it was +discovered that this function causes the LED to update correctly to +reflect the current state when this function is called. + +The relevant ACPI calls are the following: +\_sb_.pci0.lpc0.ec0_.hkey.gmks: Get media key state, returns 0x603 if the FnLock mode is enabled, and 0x602 if it's disabled. +\_sb_.pci0.lpc0.ec0_.hkey.smks: Set media key state, sending a 1 will enable FnLock mode, and a 0 will disable it. + +Relevant discussion: +https://bugzilla.kernel.org/show_bug.cgi?id=207841 +https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1881015 + +Signed-off-by: Esteve Varela Colominas +Link: https://lore.kernel.org/r/20210315195823.23212-1-esteve.varela@gmail.com +Signed-off-by: Hans de Goede +Acked-by: Takashi Iwai + +--- + drivers/platform/x86/thinkpad_acpi.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c +index f7de90a47e28..8569c1d2a52c 100644 +--- a/drivers/platform/x86/thinkpad_acpi.c ++++ b/drivers/platform/x86/thinkpad_acpi.c +@@ -4081,13 +4081,19 @@ static bool hotkey_notify_6xxx(const u32 hkey, + + case TP_HKEY_EV_KEY_NUMLOCK: + case TP_HKEY_EV_KEY_FN: +- case TP_HKEY_EV_KEY_FN_ESC: + /* key press events, we just ignore them as long as the EC + * is still reporting them in the normal keyboard stream */ + *send_acpi_ev = false; + *ignore_acpi_ev = true; + return true; + ++ case TP_HKEY_EV_KEY_FN_ESC: ++ /* Get the media key status to foce the status LED to update */ ++ acpi_evalf(hkey_handle, NULL, "GMKS", "v"); ++ *send_acpi_ev = false; ++ *ignore_acpi_ev = true; ++ return true; ++ + case TP_HKEY_EV_TABLET_CHANGED: + tpacpi_input_send_tabletsw(); + hotkey_tablet_mode_notify_change(); +-- +2.26.2 + diff --git a/patches.suse/powerpc-64s-Fix-instruction-encoding-for-lis-in-ppc_.patch b/patches.suse/powerpc-64s-Fix-instruction-encoding-for-lis-in-ppc_.patch new file mode 100644 index 0000000..2094ee9 --- /dev/null +++ b/patches.suse/powerpc-64s-Fix-instruction-encoding-for-lis-in-ppc_.patch @@ -0,0 +1,42 @@ +From cea15316ceee2d4a51dfdecd79e08a438135416c Mon Sep 17 00:00:00 2001 +From: "Naveen N. Rao" +Date: Thu, 4 Mar 2021 07:34:11 +0530 +Subject: [PATCH] powerpc/64s: Fix instruction encoding for lis in + ppc_function_entry() + +References: bsc#1065729 +Patch-mainline: v5.12-rc3 +Git-commit: cea15316ceee2d4a51dfdecd79e08a438135416c + +'lis r2,N' is 'addis r2,0,N' and the instruction encoding in the macro +LIS_R2 is incorrect (it currently maps to 'addis r0,r2,N'). Fix the +same. + +Fixes: c71b7eff426f ("powerpc: Add ABIv2 support to ppc_function_entry") +Cc: stable@vger.kernel.org # v3.16+ +Reported-by: Jiri Olsa +Signed-off-by: Naveen N. Rao +Acked-by: Segher Boessenkool +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20210304020411.16796-1-naveen.n.rao@linux.vnet.ibm.com +Acked-by: Michal Suchanek +--- + arch/powerpc/include/asm/code-patching.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/include/asm/code-patching.h b/arch/powerpc/include/asm/code-patching.h +index eacc9102c251..d5b3c3bb95b4 100644 +--- a/arch/powerpc/include/asm/code-patching.h ++++ b/arch/powerpc/include/asm/code-patching.h +@@ -73,7 +73,7 @@ void __patch_exception(int exc, unsigned long addr); + #endif + + #define OP_RT_RA_MASK 0xffff0000UL +-#define LIS_R2 0x3c020000UL ++#define LIS_R2 0x3c400000UL + #define ADDIS_R2_R12 0x3c4c0000UL + #define ADDI_R2_R2 0x38420000UL + +-- +2.26.2 + diff --git a/patches.suse/powerpc-pmem-Include-pmem-prototypes.patch b/patches.suse/powerpc-pmem-Include-pmem-prototypes.patch new file mode 100644 index 0000000..c2ba34d --- /dev/null +++ b/patches.suse/powerpc-pmem-Include-pmem-prototypes.patch @@ -0,0 +1,45 @@ +From d03f210e6ed8f5d64b00f0f07b03db74aa5b95a1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= +Date: Mon, 4 Jan 2021 15:31:48 +0100 +Subject: [PATCH] powerpc/pmem: Include pmem prototypes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +References: bsc#1113295 git-fixes +Patch-mainline: v5.12-rc1 +Git-commit: d03f210e6ed8f5d64b00f0f07b03db74aa5b95a1 + +It fixes this W=1 compile error : + +../arch/powerpc/lib/pmem.c:51:6: error: no previous prototype for ‘arch_wb_cache_pmem’ [-Werror=missing-prototypes] + 51 | void arch_wb_cache_pmem(void *addr, size_t size) + | ^~~~~~~~~~~~~~~~~~ +../arch/powerpc/lib/pmem.c:58:6: error: no previous prototype for ‘arch_invalidate_pmem’ [-Werror=missing-prototypes] + 58 | void arch_invalidate_pmem(void *addr, size_t size) + | ^~~~~~~~~~~~~~~~~~~~ + +Fixes: 32ce3862af3c ("powerpc/lib: Implement PMEM API") +Signed-off-by: Cédric Le Goater +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20210104143206.695198-6-clg@kaod.org +Acked-by: Michal Suchanek +--- + arch/powerpc/lib/pmem.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/powerpc/lib/pmem.c b/arch/powerpc/lib/pmem.c +index 1550e0d2513a..eb2919ddf9b9 100644 +--- a/arch/powerpc/lib/pmem.c ++++ b/arch/powerpc/lib/pmem.c +@@ -6,6 +6,7 @@ + #include + #include + #include ++#include + + #include + +-- +2.26.2 + diff --git a/patches.suse/powerpc-pseries-ras-Remove-unused-variable-status.patch b/patches.suse/powerpc-pseries-ras-Remove-unused-variable-status.patch new file mode 100644 index 0000000..5effbe3 --- /dev/null +++ b/patches.suse/powerpc-pseries-ras-Remove-unused-variable-status.patch @@ -0,0 +1,66 @@ +From aa23ea0c5f7f9a46e6aa3be0a4cfdfb80fabca6d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= +Date: Mon, 4 Jan 2021 15:31:45 +0100 +Subject: [PATCH] powerpc/pseries/ras: Remove unused variable 'status' +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +References: bsc#1065729 +Patch-mainline: v5.12-rc1 +Git-commit: aa23ea0c5f7f9a46e6aa3be0a4cfdfb80fabca6d + +The last use of 'status' was removed in 2012. Remove the variable to +fix this W=1 compile error. + +../arch/powerpc/platforms/pseries/ras.c: In function ‘ras_epow_interrupt’: +../arch/powerpc/platforms/pseries/ras.c:318:6: error: variable ‘status’ set but not used [-Werror=unused-but-set-variable] + 318 | int status; + | ^~~~~~ + +Fixes: 55fc0c561742 ("powerpc/pseries: Parse and handle EPOW interrupts") +Signed-off-by: Cédric Le Goater +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20210104143206.695198-3-clg@kaod.org +Acked-by: Michal Suchanek +--- + arch/powerpc/platforms/pseries/ras.c | 13 ++++--------- + 1 file changed, 4 insertions(+), 9 deletions(-) + +diff --git a/arch/powerpc/platforms/pseries/ras.c b/arch/powerpc/platforms/pseries/ras.c +index 149cec2212e6..bcb614ffce6a 100644 +--- a/arch/powerpc/platforms/pseries/ras.c ++++ b/arch/powerpc/platforms/pseries/ras.c +@@ -315,12 +315,10 @@ static irqreturn_t ras_hotplug_interrupt(int irq, void *dev_id) + /* Handle environmental and power warning (EPOW) interrupts. */ + static irqreturn_t ras_epow_interrupt(int irq, void *dev_id) + { +- int status; + int state; + int critical; + +- status = rtas_get_sensor_fast(EPOW_SENSOR_TOKEN, EPOW_SENSOR_INDEX, +- &state); ++ rtas_get_sensor_fast(EPOW_SENSOR_TOKEN, EPOW_SENSOR_INDEX, &state); + + if (state > 3) + critical = 1; /* Time Critical */ +@@ -329,12 +327,9 @@ static irqreturn_t ras_epow_interrupt(int irq, void *dev_id) + + spin_lock(&ras_log_buf_lock); + +- status = rtas_call(ras_check_exception_token, 6, 1, NULL, +- RTAS_VECTOR_EXTERNAL_INTERRUPT, +- virq_to_hw(irq), +- RTAS_EPOW_WARNING, +- critical, __pa(&ras_log_buf), +- rtas_get_error_log_max()); ++ rtas_call(ras_check_exception_token, 6, 1, NULL, RTAS_VECTOR_EXTERNAL_INTERRUPT, ++ virq_to_hw(irq), RTAS_EPOW_WARNING, critical, __pa(&ras_log_buf), ++ rtas_get_error_log_max()); + + log_error(ras_log_buf, ERR_TYPE_RTAS_LOG, 0); + +-- +2.26.2 + diff --git a/patches.suse/powerpc-sstep-Check-instruction-validity-against-ISA.patch b/patches.suse/powerpc-sstep-Check-instruction-validity-against-ISA.patch new file mode 100644 index 0000000..6072913 --- /dev/null +++ b/patches.suse/powerpc-sstep-Check-instruction-validity-against-ISA.patch @@ -0,0 +1,298 @@ +From 8813ff49607eab3caaf40fe8929b0ce7dc68e85f Mon Sep 17 00:00:00 2001 +From: Ananth N Mavinakayanahalli +Date: Mon, 25 Jan 2021 18:36:22 +0530 +Subject: [PATCH] powerpc/sstep: Check instruction validity against ISA version + before emulation + +References: bsc#1156395 +Patch-mainline: v5.12-rc1 +Git-commit: 8813ff49607eab3caaf40fe8929b0ce7dc68e85f + +We currently unconditionally try to emulate newer instructions on older +Power versions that could cause issues. Gate it. + +Fixes: 350779a29f11 ("powerpc: Handle most loads and stores in instruction emulation code") +Signed-off-by: Ananth N Mavinakayanahalli +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/161157995977.64773.13794501093457185080.stgit@thinktux.local +[drop ARCH_31 and scv hunks] +Acked-by: Michal Suchanek +--- + arch/powerpc/lib/sstep.c | 78 +++++++++++++++++++++++++++++++--------- + 1 file changed, 62 insertions(+), 16 deletions(-) + +diff --git a/arch/powerpc/lib/sstep.c b/arch/powerpc/lib/sstep.c +--- a/arch/powerpc/lib/sstep.c ++++ b/arch/powerpc/lib/sstep.c +@@ -1444,7 +1446,7 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + #ifdef __powerpc64__ + case 4: + if (!cpu_has_feature(CPU_FTR_ARCH_300)) +- return -1; ++ goto unknown_opcode; + + switch (instr & 0x3f) { + case 48: /* maddhd */ +@@ -1530,6 +1532,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + case 19: + if (((instr >> 1) & 0x1f) == 2) { + /* addpcis */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + imm = (short) (instr & 0xffc1); /* d0 + d2 fields */ + imm |= (instr >> 15) & 0x3e; /* d1 field */ + op->val = regs->nip + (imm << 16) + 4; +@@ -1842,7 +1846,7 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + #ifdef __powerpc64__ + case 265: /* modud */ + if (!cpu_has_feature(CPU_FTR_ARCH_300)) +- return -1; ++ goto unknown_opcode; + op->val = regs->gpr[ra] % regs->gpr[rb]; + goto compute_done; + #endif +@@ -1852,7 +1856,7 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + + case 267: /* moduw */ + if (!cpu_has_feature(CPU_FTR_ARCH_300)) +- return -1; ++ goto unknown_opcode; + op->val = (unsigned int) regs->gpr[ra] % + (unsigned int) regs->gpr[rb]; + goto compute_done; +@@ -1889,7 +1893,7 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + + case 755: /* darn */ + if (!cpu_has_feature(CPU_FTR_ARCH_300)) +- return -1; ++ goto unknown_opcode; + switch (ra & 0x3) { + case 0: + /* 32-bit conditioned */ +@@ -1911,14 +1915,14 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + #ifdef __powerpc64__ + case 777: /* modsd */ + if (!cpu_has_feature(CPU_FTR_ARCH_300)) +- return -1; ++ goto unknown_opcode; + op->val = (long int) regs->gpr[ra] % + (long int) regs->gpr[rb]; + goto compute_done; + #endif + case 779: /* modsw */ + if (!cpu_has_feature(CPU_FTR_ARCH_300)) +- return -1; ++ goto unknown_opcode; + op->val = (int) regs->gpr[ra] % + (int) regs->gpr[rb]; + goto compute_done; +@@ -1995,14 +1999,14 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + #endif + case 538: /* cnttzw */ + if (!cpu_has_feature(CPU_FTR_ARCH_300)) +- return -1; ++ goto unknown_opcode; + val = (unsigned int) regs->gpr[rd]; + op->val = (val ? __builtin_ctz(val) : 32); + goto logical_done; + #ifdef __powerpc64__ + case 570: /* cnttzd */ + if (!cpu_has_feature(CPU_FTR_ARCH_300)) +- return -1; ++ goto unknown_opcode; + val = regs->gpr[rd]; + op->val = (val ? __builtin_ctzl(val) : 64); + goto logical_done; +@@ -2112,7 +2116,7 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + case 890: /* extswsli with sh_5 = 0 */ + case 891: /* extswsli with sh_5 = 1 */ + if (!cpu_has_feature(CPU_FTR_ARCH_300)) +- return -1; ++ goto unknown_opcode; + op->type = COMPUTE + SETREG; + sh = rb | ((instr & 2) << 4); + val = (signed int) regs->gpr[rd]; +@@ -2439,6 +2443,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + break; + + case 268: /* lxvx */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->reg = rd | ((instr & 1) << 5); + op->type = MKOP(LOAD_VSX, 0, 16); + op->element_size = 16; +@@ -2448,6 +2454,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + case 269: /* lxvl */ + case 301: { /* lxvll */ + int nb; ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->reg = rd | ((instr & 1) << 5); + op->ea = ra ? regs->gpr[ra] : 0; + nb = regs->gpr[rb] & 0xff; +@@ -2468,6 +2476,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + break; + + case 364: /* lxvwsx */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->reg = rd | ((instr & 1) << 5); + op->type = MKOP(LOAD_VSX, 0, 4); + op->element_size = 4; +@@ -2482,6 +2492,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + break; + + case 396: /* stxvx */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->reg = rd | ((instr & 1) << 5); + op->type = MKOP(STORE_VSX, 0, 16); + op->element_size = 16; +@@ -2491,6 +2503,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + case 397: /* stxvl */ + case 429: { /* stxvll */ + int nb; ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->reg = rd | ((instr & 1) << 5); + op->ea = ra ? regs->gpr[ra] : 0; + nb = regs->gpr[rb] & 0xff; +@@ -2542,6 +2556,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + break; + + case 781: /* lxsibzx */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->reg = rd | ((instr & 1) << 5); + op->type = MKOP(LOAD_VSX, 0, 1); + op->element_size = 8; +@@ -2549,6 +2565,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + break; + + case 812: /* lxvh8x */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->reg = rd | ((instr & 1) << 5); + op->type = MKOP(LOAD_VSX, 0, 16); + op->element_size = 2; +@@ -2556,6 +2574,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + break; + + case 813: /* lxsihzx */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->reg = rd | ((instr & 1) << 5); + op->type = MKOP(LOAD_VSX, 0, 2); + op->element_size = 8; +@@ -2569,6 +2589,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + break; + + case 876: /* lxvb16x */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->reg = rd | ((instr & 1) << 5); + op->type = MKOP(LOAD_VSX, 0, 16); + op->element_size = 1; +@@ -2582,6 +2604,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + break; + + case 909: /* stxsibx */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->reg = rd | ((instr & 1) << 5); + op->type = MKOP(STORE_VSX, 0, 1); + op->element_size = 8; +@@ -2589,6 +2613,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + break; + + case 940: /* stxvh8x */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->reg = rd | ((instr & 1) << 5); + op->type = MKOP(STORE_VSX, 0, 16); + op->element_size = 2; +@@ -2596,6 +2622,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + break; + + case 941: /* stxsihx */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->reg = rd | ((instr & 1) << 5); + op->type = MKOP(STORE_VSX, 0, 2); + op->element_size = 8; +@@ -2609,6 +2637,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + break; + + case 1004: /* stxvb16x */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->reg = rd | ((instr & 1) << 5); + op->type = MKOP(STORE_VSX, 0, 16); + op->element_size = 1; +@@ -2717,12 +2747,16 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + op->type = MKOP(LOAD_FP, 0, 16); + break; + case 2: /* lxsd */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->reg = rd + 32; + op->type = MKOP(LOAD_VSX, 0, 8); + op->element_size = 8; + op->vsx_flags = VSX_CHECK_VEC; + break; + case 3: /* lxssp */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->reg = rd + 32; + op->type = MKOP(LOAD_VSX, 0, 4); + op->element_size = 8; +@@ -2775,6 +2809,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + break; + + case 1: /* lxv */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->ea = dqform_ea(instr, regs); + if (instr & 8) + op->reg = rd + 32; +@@ -2785,6 +2821,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + + case 2: /* stxsd with LSB of DS field = 0 */ + case 6: /* stxsd with LSB of DS field = 1 */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->ea = dsform_ea(instr, regs); + op->reg = rd + 32; + op->type = MKOP(STORE_VSX, 0, 8); +@@ -2794,6 +2832,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + + case 3: /* stxssp with LSB of DS field = 0 */ + case 7: /* stxssp with LSB of DS field = 1 */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->ea = dsform_ea(instr, regs); + op->reg = rd + 32; + op->type = MKOP(STORE_VSX, 0, 4); +@@ -2802,6 +2842,8 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + break; + + case 5: /* stxv */ ++ if (!cpu_has_feature(CPU_FTR_ARCH_300)) ++ goto unknown_opcode; + op->ea = dqform_ea(instr, regs); + if (instr & 8) + op->reg = rd + 32; +@@ -2980,6 +3022,10 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + + return 0; + ++ unknown_opcode: ++ op->type = UNKNOWN; ++ return 0; ++ + logical_done: + if (instr & 1) + set_cr0(regs, op); +-- +2.26.2 + diff --git a/patches.suse/powerpc-sstep-Fix-darn-emulation.patch b/patches.suse/powerpc-sstep-Fix-darn-emulation.patch new file mode 100644 index 0000000..43d0b84 --- /dev/null +++ b/patches.suse/powerpc-sstep-Fix-darn-emulation.patch @@ -0,0 +1,39 @@ +From 22b89ba178dd0a66a26699ead014a3e73ff8e044 Mon Sep 17 00:00:00 2001 +From: Sandipan Das +Date: Thu, 4 Feb 2021 13:37:44 +0530 +Subject: [PATCH] powerpc/sstep: Fix darn emulation + +References: bsc#1156395 +Patch-mainline: v5.12-rc1 +Git-commit: 22b89ba178dd0a66a26699ead014a3e73ff8e044 + +Commit 8813ff49607e ("powerpc/sstep: Check instruction validity +against ISA version before emulation") introduced a proper way to skip +unknown instructions. This makes sure that the same is used for the +darn instruction when the range selection bits have a reserved value. + +Fixes: a23987ef267a ("powerpc: sstep: Add support for darn instruction") +Signed-off-by: Sandipan Das +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20210204080744.135785-2-sandipan@linux.ibm.com +Acked-by: Michal Suchanek +--- + arch/powerpc/lib/sstep.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/lib/sstep.c b/arch/powerpc/lib/sstep.c +index 11f14b209d7f..683f7c20f74b 100644 +--- a/arch/powerpc/lib/sstep.c ++++ b/arch/powerpc/lib/sstep.c +@@ -1916,7 +1916,7 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + goto compute_done; + } + +- return -1; ++ goto unknown_opcode; + #ifdef __powerpc64__ + case 777: /* modsd */ + if (!cpu_has_feature(CPU_FTR_ARCH_300)) +-- +2.26.2 + diff --git a/patches.suse/powerpc-sstep-Fix-incorrect-return-from-analyze_inst.patch b/patches.suse/powerpc-sstep-Fix-incorrect-return-from-analyze_inst.patch new file mode 100644 index 0000000..f105f20 --- /dev/null +++ b/patches.suse/powerpc-sstep-Fix-incorrect-return-from-analyze_inst.patch @@ -0,0 +1,57 @@ +From 718aae916fa6619c57c348beaedd675835cf1aa1 Mon Sep 17 00:00:00 2001 +From: Ananth N Mavinakayanahalli +Date: Mon, 25 Jan 2021 18:36:43 +0530 +Subject: [PATCH] powerpc/sstep: Fix incorrect return from analyze_instr() + +References: bsc#1156395 +Patch-mainline: v5.12-rc1 +Git-commit: 718aae916fa6619c57c348beaedd675835cf1aa1 + +We currently just percolate the return value from analyze_instr() +to the caller of emulate_step(), especially if it is a -1. + +For one particular case (opcode = 4) for instructions that aren't +currently emulated, we are returning 'should not be single-stepped' +while we should have returned 0 which says 'did not emulate, may +have to single-step'. + +Fixes: 930d6288a26787 ("powerpc: sstep: Add support for maddhd, maddhdu, maddld instructions") +Signed-off-by: Ananth N Mavinakayanahalli +Suggested-by: Michael Ellerman +Tested-by: Naveen N. Rao +Reviewed-by: Sandipan Das +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/161157999039.64773.14950289716779364766.stgit@thinktux.local +Acked-by: Michal Suchanek +--- + arch/powerpc/lib/sstep.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/arch/powerpc/lib/sstep.c b/arch/powerpc/lib/sstep.c +index f859cbbb6375..e96cff845ef7 100644 +--- a/arch/powerpc/lib/sstep.c ++++ b/arch/powerpc/lib/sstep.c +@@ -1445,6 +1445,11 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + + #ifdef __powerpc64__ + case 4: ++ /* ++ * There are very many instructions with this primary opcode ++ * introduced in the ISA as early as v2.03. However, the ones ++ * we currently emulate were all introduced with ISA 3.0 ++ */ + if (!cpu_has_feature(CPU_FTR_ARCH_300)) + goto unknown_opcode; + +@@ -1472,7 +1477,7 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + * There are other instructions from ISA 3.0 with the same + * primary opcode which do not have emulation support yet. + */ +- return -1; ++ goto unknown_opcode; + #endif + + case 7: /* mulli */ +-- +2.26.2 + diff --git a/patches.suse/powerpc-sstep-Fix-load-store-and-update-emulation.patch b/patches.suse/powerpc-sstep-Fix-load-store-and-update-emulation.patch new file mode 100644 index 0000000..39e14bd --- /dev/null +++ b/patches.suse/powerpc-sstep-Fix-load-store-and-update-emulation.patch @@ -0,0 +1,101 @@ +From bbda4b6c7d7c7f79da71f95c92a5d76be22c3efd Mon Sep 17 00:00:00 2001 +From: Sandipan Das +Date: Thu, 4 Feb 2021 13:37:43 +0530 +Subject: [PATCH] powerpc/sstep: Fix load-store and update emulation + +References: bsc#1156395 +Patch-mainline: v5.12-rc1 +Git-commit: bbda4b6c7d7c7f79da71f95c92a5d76be22c3efd + +The Power ISA says that the fixed-point load and update instructions +must neither use R0 for the base address (RA) nor have the +destination (RT) and the base address (RA) as the same register. +Similarly, for fixed-point stores and floating-point loads and stores, +the instruction is invalid when R0 is used as the base address (RA). + +This is applicable to the following instructions. + * Load Byte and Zero with Update (lbzu) + * Load Byte and Zero with Update Indexed (lbzux) + * Load Halfword and Zero with Update (lhzu) + * Load Halfword and Zero with Update Indexed (lhzux) + * Load Halfword Algebraic with Update (lhau) + * Load Halfword Algebraic with Update Indexed (lhaux) + * Load Word and Zero with Update (lwzu) + * Load Word and Zero with Update Indexed (lwzux) + * Load Word Algebraic with Update Indexed (lwaux) + * Load Doubleword with Update (ldu) + * Load Doubleword with Update Indexed (ldux) + * Load Floating Single with Update (lfsu) + * Load Floating Single with Update Indexed (lfsux) + * Load Floating Double with Update (lfdu) + * Load Floating Double with Update Indexed (lfdux) + * Store Byte with Update (stbu) + * Store Byte with Update Indexed (stbux) + * Store Halfword with Update (sthu) + * Store Halfword with Update Indexed (sthux) + * Store Word with Update (stwu) + * Store Word with Update Indexed (stwux) + * Store Doubleword with Update (stdu) + * Store Doubleword with Update Indexed (stdux) + * Store Floating Single with Update (stfsu) + * Store Floating Single with Update Indexed (stfsux) + * Store Floating Double with Update (stfdu) + * Store Floating Double with Update Indexed (stfdux) + +E.g. the following behaviour is observed for an invalid load and +update instruction having RA = RT. + +While a userspace program having an instruction word like 0xe9ce0001, +i.e. ldu r14, 0(r14), runs without getting receiving a SIGILL on a +Power system (observed on P8 and P9), the outcome of executing that +instruction word varies and its behaviour can be considered to be +undefined. + +Attaching an uprobe at that instruction's address results in emulation +which currently performs the load as well as writes the effective +address back to the base register. This might not match the outcome +from hardware. + +To remove any inconsistencies, this adds additional checks for the +aforementioned instructions to make sure that the emulation +infrastructure treats them as unknown. The kernel can then fallback to +executing such instructions on hardware. + +Fixes: 0016a4cf5582 ("powerpc: Emulate most Book I instructions in emulate_step()") +Signed-off-by: Sandipan Das +Reviewed-by: Naveen N. Rao +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20210204080744.135785-1-sandipan@linux.ibm.com +Acked-by: Michal Suchanek +--- + arch/powerpc/lib/sstep.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/arch/powerpc/lib/sstep.c b/arch/powerpc/lib/sstep.c +index e96cff845ef7..11f14b209d7f 100644 +--- a/arch/powerpc/lib/sstep.c ++++ b/arch/powerpc/lib/sstep.c +@@ -3017,6 +3017,20 @@ int analyse_instr(struct instruction_op *op, const struct pt_regs *regs, + + } + ++ if (OP_IS_LOAD_STORE(op->type) && (op->type & UPDATE)) { ++ switch (GETTYPE(op->type)) { ++ case LOAD: ++ if (ra == rd) ++ goto unknown_opcode; ++ fallthrough; ++ case STORE: ++ case LOAD_FP: ++ case STORE_FP: ++ if (ra == 0) ++ goto unknown_opcode; ++ } ++ } ++ + #ifdef CONFIG_VSX + if ((GETTYPE(op->type) == LOAD_VSX || + GETTYPE(op->type) == STORE_VSX) && +-- +2.26.2 + diff --git a/patches.suse/qlcnic-fix-error-return-code-in-qlcnic_83xx_restart_.patch b/patches.suse/qlcnic-fix-error-return-code-in-qlcnic_83xx_restart_.patch new file mode 100644 index 0000000..ea8c7f1 --- /dev/null +++ b/patches.suse/qlcnic-fix-error-return-code-in-qlcnic_83xx_restart_.patch @@ -0,0 +1,39 @@ +From 0367baa38d8c5037a1751d2b39502846f727302d Mon Sep 17 00:00:00 2001 +From: Zhang Changzhong +Date: Fri, 13 Nov 2020 14:16:26 +0800 +Subject: [PATCH 02/14] qlcnic: fix error return code in + qlcnic_83xx_restart_hw() +Git-commit: 3beb9be165083c2964eba1923601c3bfac0b02d4 +Patch-mainline: v5.10-rc5 +References: git-fixes + +Fix to return a negative error code from the error handling +case instead of 0, as done elsewhere in this function. + +Fixes: 3ced0a88cd4c ("qlcnic: Add support to run firmware POST") +Reported-by: Hulk Robot +Signed-off-by: Zhang Changzhong +Link: https://lore.kernel.org/r/1605248186-16013-1-git-send-email-zhangchangzhong@huawei.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c +index 07f9067affc6..efa19041cc5d 100644 +--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c ++++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c +@@ -2251,7 +2251,8 @@ static int qlcnic_83xx_restart_hw(struct qlcnic_adapter *adapter) + + /* Boot either flash image or firmware image from host file system */ + if (qlcnic_load_fw_file == 1) { +- if (qlcnic_83xx_load_fw_image_from_host(adapter)) ++ err = qlcnic_83xx_load_fw_image_from_host(adapter); ++ if (err) + return err; + } else { + QLC_SHARED_REG_WR32(adapter, QLCNIC_FW_IMG_VALID, +-- +2.16.4 + diff --git a/patches.suse/samples-bpf-Fix-possible-hang-in-xdpsock-with-multip.patch b/patches.suse/samples-bpf-Fix-possible-hang-in-xdpsock-with-multip.patch new file mode 100644 index 0000000..65a37e3 --- /dev/null +++ b/patches.suse/samples-bpf-Fix-possible-hang-in-xdpsock-with-multip.patch @@ -0,0 +1,35 @@ +From: Magnus Karlsson +Date: Thu, 10 Dec 2020 17:34:07 +0100 +Subject: samples/bpf: Fix possible hang in xdpsock with multiple threads +Patch-mainline: v5.11-rc1 +Git-commit: 092fde0f863b72b67c4d6dc03844f5658fc00a35 +References: bsc#1155518 + +Fix a possible hang in xdpsock that can occur when using multiple +threads. In this case, one or more of the threads might get stuck in +the while-loop in tx_only after the user has signaled the main thread +to stop execution. In this case, no more Tx packets will be sent, so a +thread might get stuck in the aforementioned while-loop. Fix this by +introducing a test inside the while-loop to check if the benchmark has +been terminated. If so, return from the function. + +Fixes: cd9e72b6f210 ("samples/bpf: xdpsock: Add option to specify batch size") +Signed-off-by: Magnus Karlsson +Signed-off-by: Daniel Borkmann +Link: https://lore.kernel.org/bpf/20201210163407.22066-1-magnus.karlsson@gmail.com +Acked-by: Gary Lin +--- + samples/bpf/xdpsock_user.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/samples/bpf/xdpsock_user.c ++++ b/samples/bpf/xdpsock_user.c +@@ -929,6 +929,8 @@ static void tx_only(struct xsk_socket_in + while (xsk_ring_prod__reserve(&xsk->tx, batch_size, &idx) < + batch_size) { + complete_tx_only(xsk, batch_size); ++ if (benchmark_done) ++ return; + } + + for (i = 0; i < batch_size; i++) { diff --git a/patches.suse/scsi-ibmvfc-Fix-invalid-state-machine-BUG_ON.patch b/patches.suse/scsi-ibmvfc-Fix-invalid-state-machine-BUG_ON.patch new file mode 100644 index 0000000..6943fc5 --- /dev/null +++ b/patches.suse/scsi-ibmvfc-Fix-invalid-state-machine-BUG_ON.patch @@ -0,0 +1,131 @@ +From 15cfef8623a449d40d16541687afd58e78033be3 Mon Sep 17 00:00:00 2001 +From: Brian King +Date: Mon, 12 Apr 2021 18:10:09 -0600 +Subject: [PATCH] scsi: ibmvfc: Fix invalid state machine BUG_ON() +Patch-mainline: queued +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Git-commit: 15cfef8623a449d40d16541687afd58e78033be3 +References: bsc#1184647 ltc#191231 + +This fixes an issue hitting the BUG_ON() in ibmvfc_do_work(). When going +through a host action of IBMVFC_HOST_ACTION_RESET, we change the action to +IBMVFC_HOST_ACTION_TGT_DEL, then drop the host lock, and reset the CRQ, +which changes the host state to IBMVFC_NO_CRQ. If, prior to setting the +host state to IBMVFC_NO_CRQ, ibmvfc_init_host() is called, it can then end +up changing the host action to IBMVFC_HOST_ACTION_INIT. If we then change +the host state to IBMVFC_NO_CRQ, we will then hit the BUG_ON(). + +Make a couple of changes to avoid this. Leave the host action to be +IBMVFC_HOST_ACTION_RESET or IBMVFC_HOST_ACTION_REENABLE until after we drop +the host lock and reset or reenable the CRQ. Also harden the host state +machine to ensure we cannot leave the reset / reenable state until we've +finished processing the reset or reenable. + +Link: https://lore.kernel.org/r/20210413001009.902400-1-tyreld@linux.ibm.com +Fixes: 73ee5d867287 ("[SCSI] ibmvfc: Fix soft lockup on resume") +Signed-off-by: Brian King +[tyreld: added fixes tag] +Signed-off-by: Tyrel Datwyler +[mkp: fix comment checkpatch warnings] +Signed-off-by: Martin K. Petersen +Acked-by: Michal Suchanek +--- + drivers/scsi/ibmvscsi/ibmvfc.c | 57 ++++++++++++++++++++++------------ + 1 file changed, 38 insertions(+), 19 deletions(-) + +diff --git a/drivers/scsi/ibmvscsi/ibmvfc.c b/drivers/scsi/ibmvscsi/ibmvfc.c +--- a/drivers/scsi/ibmvscsi/ibmvfc.c ++++ b/drivers/scsi/ibmvscsi/ibmvfc.c +@@ -604,8 +604,17 @@ static void ibmvfc_set_host_action(struct ibmvfc_host *vhost, + if (vhost->action == IBMVFC_HOST_ACTION_ALLOC_TGTS) + vhost->action = action; + break; ++ case IBMVFC_HOST_ACTION_REENABLE: ++ case IBMVFC_HOST_ACTION_RESET: ++ vhost->action = action; ++ break; + case IBMVFC_HOST_ACTION_INIT: + case IBMVFC_HOST_ACTION_TGT_DEL: ++ case IBMVFC_HOST_ACTION_LOGO: ++ case IBMVFC_HOST_ACTION_QUERY_TGTS: ++ case IBMVFC_HOST_ACTION_TGT_DEL_FAILED: ++ case IBMVFC_HOST_ACTION_NONE: ++ default: + switch (vhost->action) { + case IBMVFC_HOST_ACTION_RESET: + case IBMVFC_HOST_ACTION_REENABLE: +@@ -615,15 +624,6 @@ static void ibmvfc_set_host_action(struct ibmvfc_host *vhost, + break; + } + break; +- case IBMVFC_HOST_ACTION_LOGO: +- case IBMVFC_HOST_ACTION_QUERY_TGTS: +- case IBMVFC_HOST_ACTION_TGT_DEL_FAILED: +- case IBMVFC_HOST_ACTION_NONE: +- case IBMVFC_HOST_ACTION_RESET: +- case IBMVFC_HOST_ACTION_REENABLE: +- default: +- vhost->action = action; +- break; + } + } + +@@ -5380,26 +5380,45 @@ static void ibmvfc_do_work(struct ibmvfc_host *vhost) + case IBMVFC_HOST_ACTION_INIT_WAIT: + break; + case IBMVFC_HOST_ACTION_RESET: +- vhost->action = IBMVFC_HOST_ACTION_TGT_DEL; + spin_unlock_irqrestore(vhost->host->host_lock, flags); + rc = ibmvfc_reset_crq(vhost); ++ + spin_lock_irqsave(vhost->host->host_lock, flags); +- if (rc == H_CLOSED) ++ if (!rc || rc == H_CLOSED) + vio_enable_interrupts(to_vio_dev(vhost->dev)); +- if (rc || (rc = ibmvfc_send_crq_init(vhost)) || +- (rc = vio_enable_interrupts(to_vio_dev(vhost->dev)))) { +- ibmvfc_link_down(vhost, IBMVFC_LINK_DEAD); +- dev_err(vhost->dev, "Error after reset (rc=%d)\n", rc); ++ if (vhost->action == IBMVFC_HOST_ACTION_RESET) { ++ /* ++ * The only action we could have changed to would have ++ * been reenable, in which case, we skip the rest of ++ * this path and wait until we've done the re-enable ++ * before sending the crq init. ++ */ ++ vhost->action = IBMVFC_HOST_ACTION_TGT_DEL; ++ ++ if (rc || (rc = ibmvfc_send_crq_init(vhost)) || ++ (rc = vio_enable_interrupts(to_vio_dev(vhost->dev)))) { ++ ibmvfc_link_down(vhost, IBMVFC_LINK_DEAD); ++ dev_err(vhost->dev, "Error after reset (rc=%d)\n", rc); ++ } + } + break; + case IBMVFC_HOST_ACTION_REENABLE: +- vhost->action = IBMVFC_HOST_ACTION_TGT_DEL; + spin_unlock_irqrestore(vhost->host->host_lock, flags); + rc = ibmvfc_reenable_crq_queue(vhost); ++ + spin_lock_irqsave(vhost->host->host_lock, flags); +- if (rc || (rc = ibmvfc_send_crq_init(vhost))) { +- ibmvfc_link_down(vhost, IBMVFC_LINK_DEAD); +- dev_err(vhost->dev, "Error after enable (rc=%d)\n", rc); ++ if (vhost->action == IBMVFC_HOST_ACTION_REENABLE) { ++ /* ++ * The only action we could have changed to would have ++ * been reset, in which case, we skip the rest of this ++ * path and wait until we've done the reset before ++ * sending the crq init. ++ */ ++ vhost->action = IBMVFC_HOST_ACTION_TGT_DEL; ++ if (rc || (rc = ibmvfc_send_crq_init(vhost))) { ++ ibmvfc_link_down(vhost, IBMVFC_LINK_DEAD); ++ dev_err(vhost->dev, "Error after enable (rc=%d)\n", rc); ++ } + } + break; + case IBMVFC_HOST_ACTION_LOGO: +-- +2.26.2 + diff --git a/patches.suse/xen-events-fix-setting-irq-affinity.patch b/patches.suse/xen-events-fix-setting-irq-affinity.patch new file mode 100644 index 0000000..2dfdc98 --- /dev/null +++ b/patches.suse/xen-events-fix-setting-irq-affinity.patch @@ -0,0 +1,49 @@ +From: Juergen Gross +Date: Mon, 12 Apr 2021 07:50:03 +0200 +Subject: [PATCH] xen/events: fix setting irq affinity +Patch-mainline: Never, only applies to backports to 5.10 and older +References: bsc#1184583 XSA-332 CVE-2020-27673 + +The backport of upstream patch 25da4618af240fbec61 ("xen/events: don't +unmask an event channel when an eoi is pending") introduced a +regression for stable kernels 5.10 and older: setting IRQ affinity for +IRQs related to interdomain events would no longer work, as moving the +IRQ to its new cpu was not included in the irq_ack callback for those +events. + +Fix that by adding the needed call. + +Note that kernels 5.11 and later don't need the explicit moving of the +IRQ to the target cpu in the irq_ack callback, due to a rework of the +affinity setting in kernel 5.11. + +Signed-off-by: Juergen Gross +--- + drivers/xen/events/events_base.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c +index 7bd03f6e0422..ee5269331406 100644 +--- a/drivers/xen/events/events_base.c ++++ b/drivers/xen/events/events_base.c +@@ -1809,7 +1809,7 @@ static void lateeoi_ack_dynirq(struct irq_data *data) + + if (VALID_EVTCHN(evtchn)) { + do_mask(info, EVT_MASK_REASON_EOI_PENDING); +- event_handler_exit(info); ++ ack_dynirq(data); + } + } + +@@ -1820,7 +1820,7 @@ static void lateeoi_mask_ack_dynirq(struct irq_data *data) + + if (VALID_EVTCHN(evtchn)) { + do_mask(info, EVT_MASK_REASON_EXPLICIT); +- event_handler_exit(info); ++ ack_dynirq(data); + } + } + +-- +2.26.2 + diff --git a/rpm/kernel-binary.spec.in b/rpm/kernel-binary.spec.in index 320dacf..9f40087 100644 --- a/rpm/kernel-binary.spec.in +++ b/rpm/kernel-binary.spec.in @@ -1049,6 +1049,7 @@ Summary: Development files necessary for building kernel modules Group: Development/Sources Provides: %name-devel = %version-%source_rel Provides: multiversion(kernel) +Requires: %{name} = %version-%source_rel %if ! %build_vanilla Requires: kernel-devel%variant = %version-%source_rel Recommends: make diff --git a/series.conf b/series.conf index 847e686..b6a6699 100644 --- a/series.conf +++ b/series.conf @@ -13396,6 +13396,7 @@ patches.suse/PCI-Don-t-disable-decoding-when-mmio_always_on-is-se.patch patches.suse/kgdb-Fix-spurious-true-from-in_dbg_master.patch patches.suse/kgdb-Drop-malformed-kernel-doc-comment.patch + patches.suse/kvm-svm-avoid-infinite-loop-on-npf-from-bad-address patches.suse/kvm-x86-only-do-l1tf-workaround-on-affected-processors patches.suse/kvm-x86-mmu-set-mmio_value-to-0-if-reserved-pf-can-t-be-generated patches.suse/kvm-x86-allow-kvm_state_nested_mtf_pending-in-kvm_state-flags @@ -13722,6 +13723,7 @@ patches.suse/scsi-qla2xxx-Remove-return-value-from-qla_nvme_ls.patch patches.suse/scsi-lpfc-Fix-lpfc_nodelist-leak-when-processing-uns.patch patches.suse/scsi-mpt3sas-fix-reply-queue-count-in-non-rdpq-mode + patches.suse/dm-mpath-switch-paths-in-dm_blk_ioctl-code-path.patch patches.suse/0002-dm-crypt-avoid-truncating-the-logical-block-size.patch patches.suse/ext4-fix-EXT_MAX_EXTENT-INDEX-to-check-for-zeroed-eh.patch patches.suse/ext4-Avoid-freeing-inodes-on-dirty-list.patch @@ -15753,6 +15755,7 @@ patches.suse/btrfs-require-only-sector-size-alignment-for-parent-.patch patches.suse/btrfs-fix-NULL-pointer-dereference-after-failure-to-.patch patches.suse/0003-dax-fix-detection-of-dax-support-for-non-persistent-.patch + patches.suse/kvm-fix-memory-leak-in-kvm_io_bus_unregister_dev patches.suse/kvm-svm-periodically-schedule-when-unregistering-regions-on-destroy.patch patches.suse/soundwire-fix-double-free-of-dangling-pointer.patch patches.suse/video-fbdev-fix-OOB-read-in-vga_8planes_imageblit.patch @@ -16117,6 +16120,7 @@ patches.suse/ACPI-extlog-Check-for-RDMSR-failure.patch patches.suse/ACPI-button-fix-handling-lid-state-changes-when-inpu.patch patches.suse/iommu-qcom-add-missing-put_device-call-in-qcom_iommu_of_xlate + patches.suse/iommu-vt-d-use-device-numa-domain-if-rhsa-is-missing patches.suse/iommu-vt-d-gracefully-handle-dmar-units-with-no-supported-address-widths patches.suse/iomap-fix-WARN_ON_ONCE-from-unprivileged-users.patch patches.suse/iomap-Clear-page-error-before-beginning-a-write.patch @@ -16340,6 +16344,7 @@ patches.suse/ima-Remove-semicolon-at-the-end-of-ima_get_binary_ru.patch patches.suse/ibmvnic-store-RX-and-TX-subCRQ-handle-array-in-ibmvn.patch patches.suse/ibmvnic-Fix-use-after-free-of-VNIC-login-response-bu.patch + patches.suse/net-atheros-switch-from-pci_-to-dma_-API.patch patches.suse/ibmvnic-compare-adapter-init_done_rc-with-more-reada.patch patches.suse/ibmvnic-improve-ibmvnic_init-and-ibmvnic_reset_init.patch patches.suse/ibmvnic-remove-never-executed-if-statement.patch @@ -16845,9 +16850,16 @@ patches.suse/can-m_can-m_can_stop-set-device-to-software-init-mod.patch patches.suse/pm-runtime-add-pm_runtime_resume_and_get-to-deal-with-usage-counter patches.suse/net-fec-Fix-reference-count-leak-in-fec-series-ops.patch + patches.suse/net-lantiq-Wait-for-the-GPHY-firmware-to-be-ready.patch + patches.suse/qlcnic-fix-error-return-code-in-qlcnic_83xx_restart_.patch + patches.suse/net-ethernet-ti-cpsw-fix-error-return-code-in-cpsw_p.patch patches.suse/net-stmmac-Use-rtnl_lock-unlock-on-netif_set_real_nu.patch + patches.suse/net-qualcomm-rmnet-Fix-incorrect-receive-packet-hand.patch patches.suse/bnxt_en-read-EEPROM-A2h-address-using-page-0.patch patches.suse/qed-fix-error-return-code-in-qed_iwarp_ll2_start.patch + patches.suse/net-b44-fix-error-return-code-in-b44_init_one.patch + patches.suse/atl1c-fix-error-return-code-in-atl1c_probe.patch + patches.suse/atl1e-fix-error-return-code-in-atl1e_probe.patch patches.suse/mlxsw-core-Use-variable-timeout-for-EMAD-retries.patch patches.suse/net-mlx5-Add-handling-of-port-type-in-rule-deletion.patch patches.suse/net-mlx5-Clear-bw_share-upon-VF-disable.patch @@ -17013,6 +17025,7 @@ patches.suse/geneve-pull-IP-header-before-ECN-decapsulation.patch patches.suse/net-x25-prevent-a-couple-of-overflows.patch patches.suse/cxgb3-fix-error-return-code-in-t3_sge_alloc_qset.patch + patches.suse/net-pasemi-fix-error-return-code-in-pasemi_mac_open.patch patches.suse/chelsio-chtls-fix-a-double-free-in-chtls_setkey.patch patches.suse/net-mvpp2-Fix-error-return-code-in-mvpp2_open.patch patches.suse/iwlwifi-pcie-add-one-missing-entry-for-AX210.patch @@ -17056,6 +17069,7 @@ patches.suse/mac80211-mesh-fix-mesh_pathtbl_init-error-path.patch patches.suse/can-softing-softing_netdev_open-fix-error-handling.patch patches.suse/net-hns3-remove-a-misused-pragma-packed.patch + patches.suse/enetc-Fix-reporting-of-h-w-packet-counters.patch patches.suse/Revert-geneve-pull-IP-header-before-ECN-decapsulatio.patch patches.suse/net-mlx4_en-Avoid-scheduling-restart-task-if-it-is-a.patch patches.suse/net-mlx4_en-Handle-TX-error-CQE.patch @@ -17199,6 +17213,7 @@ patches.suse/mwifiex-Fix-possible-buffer-overflows-in-mwifiex_2.patch patches.suse/iwlwifi-mvm-hook-up-missing-RX-handlers.patch patches.suse/selftests-bpf-Print-reason-when-a-tester-could-not-r.patch + patches.suse/samples-bpf-Fix-possible-hang-in-xdpsock-with-multip.patch patches.suse/nfc-s3fwrn5-Release-the-nfc-firmware.patch patches.suse/net-fix-proc_fs-init-handling-in-af_packet-and-tls.patch patches.suse/ALSA-seq-remove-useless-function.patch @@ -17962,6 +17977,7 @@ patches.suse/mt76-dma-fix-a-possible-memory-leak-in-mt76_add_frag.patch patches.suse/ibmvnic-Clear-failover_pending-if-unable-to-schedule.patch patches.suse/net-hns3-add-a-check-for-queue_id-in-hclge_reset_vf_.patch + patches.suse/bpf-Fix-verifier-jsgt-branch-analysis-on-max-bound.patch patches.suse/bpf-Fix-32-bit-src-register-truncation-on-div-mod.patch patches.suse/tracing-check-length-before-giving-out-the-filter-buffer.patch patches.suse/0002-drm-vc4-hvs-Fix-buffer-overflow-with-the-dlist-handl.patch @@ -18010,6 +18026,7 @@ patches.suse/ibmvnic-substitute-mb-with-dma_wmb-for-send_-crq-fun.patch patches.suse/bpf-x64-Pad-NOPs-to-make-images-converge-more-easily.patch patches.suse/bpf_lru_list-Read-double-checked-variable-once-witho.patch + patches.suse/bpf-Remove-MTU-check-in-__bpf_skb_max_len.patch patches.suse/ibmvnic-Set-to-CLOSED-state-even-on-error.patch patches.suse/net-mlx5e-E-switch-Fix-rate-calculation-for-overflow-0e22bfb7.patch patches.suse/net-mlx5-Disable-devlink-reload-for-multi-port-slave.patch @@ -18157,6 +18174,7 @@ patches.suse/crypto-ecdh_helper-Ensure-len-secret.len-in-decode_k.patch patches.suse/Platform-OLPC-Fix-probe-error-handling.patch patches.suse/Revert-platform-x86-ideapad-laptop-Switch-touchpad-a.patch + patches.suse/Documentation-ABI-sysfs-platform-ideapad-laptop-upda.patch patches.suse/i2c-rcar-faster-irq-code-to-minimize-HW-race-conditi.patch patches.suse/i2c-rcar-optimize-cacheline-to-minimize-HW-race-cond.patch patches.suse/i2c-iproc-handle-only-slave-interrupts-which-are-ena.patch @@ -18219,11 +18237,17 @@ patches.suse/clocksource-drivers-ixp4xx-Select-TIMER_OF-when-need.patch patches.suse/amba-Fix-resource-leak-for-drivers-without-.remove.patch patches.suse/powerpc-perf-hv-24x7-Dont-create-sysfs-event-files-f.patch + patches.suse/powerpc-pseries-ras-Remove-unused-variable-status.patch patches.suse/powerpc-pseries-eeh-Make-pseries_pcibios_bus_add_dev.patch patches.suse/powerpc-pseries-ras-Make-init_ras_hotplug_IRQ-static.patch + patches.suse/powerpc-pmem-Include-pmem-prototypes.patch + patches.suse/powerpc-sstep-Check-instruction-validity-against-ISA.patch + patches.suse/powerpc-sstep-Fix-incorrect-return-from-analyze_inst.patch patches.suse/powerpc-prom-Fix-ibm-arch-vec-5-platform-support-sca.patch patches.suse/powerpc-Fix-build-error-in-paravirt.h.patch patches.suse/powerpc-pseries-dlpar-handle-ibm-configure-connector.patch + patches.suse/powerpc-sstep-Fix-load-store-and-update-emulation.patch + patches.suse/powerpc-sstep-Fix-darn-emulation.patch patches.suse/objtool-fix-error-handling-for-std-cld-warnings.patch patches.suse/objtool-fix-retpoline-detection-in-asm-code.patch patches.suse/objtool-fix-cold-section-suffix-check-for-newer-versions-of-gcc.patch @@ -18407,6 +18431,7 @@ patches.suse/stop_machine-mark-helpers-__always_inline.patch patches.suse/binfmt_misc-fix-possible-deadlock-in-bm_register_wri.patch patches.suse/include-linux-sched-mm.h-use-rcu_dereference-in-in_v.patch + patches.suse/powerpc-64s-Fix-instruction-encoding-for-lis-in-ppc_.patch patches.suse/fuse-fix-live-lock-in-fuse_iget.patch patches.suse/thermal-core-Add-NULL-pointer-check-before-using-coo.patch patches.suse/btrfs-fix-race-when-cloning-extent-buffer-during-rew.patch @@ -18457,10 +18482,14 @@ patches.suse/iio-gyro-mpu3050-Fix-error-handling-in-mpu3050_trigg.patch patches.suse/staging-comedi-cb_pcidas-fix-request_irq-warn.patch patches.suse/staging-comedi-cb_pcidas64-fix-request_irq-warn.patch + patches.suse/platform-x86-intel-hid-Support-Lenovo-ThinkPad-X1-Ta.patch + patches.suse/platform-x86-thinkpad_acpi-Allow-the-FnLock-LED-to-c.patch patches.suse/platform-x86-intel-vbtn-Stop-reporting-SW_DOCK-event.patch + patches.suse/libbpf-Fix-INSTALL-flag-order.patch patches.suse/bpf-Don-t-do-bpf_cgroup_storage_set-for-kuprobe-tp-p.patch patches.suse/net-mlx5e-E-switch-Fix-rate-calculation-division.patch patches.suse/igc-Fix-igc_ptp_rx_pktstamp.patch + patches.suse/mISDN-fix-crash-in-fritzpci.patch patches.suse/Revert-net-bonding-fix-error-return-code-of-bond_nei.patch patches.suse/net-qrtr-fix-a-kernel-infoleak-in-qrtr_recvmsg.patch patches.suse/flow_dissector-fix-byteorder-of-dissected-ICMP-ID.patch @@ -18473,6 +18502,7 @@ patches.suse/ionic-linearize-tso-skb-with-too-many-frags.patch patches.suse/mac80211-fix-rate-mask-reset.patch patches.suse/mac80211-fix-double-free-in-ibss_leave.patch + patches.suse/mac80211-choose-first-enabled-channel-for-monitor.patch patches.suse/selftests-bpf-Set-gopt-opt_class-to-0-if-get-tunnel-.patch patches.suse/bpf-Prohibit-alu-ops-for-pointer-types-not-defining-.patch patches.suse/bpf-Fix-off-by-one-for-area-size-in-creating-mask-to.patch @@ -18484,8 +18514,11 @@ patches.suse/libbpf-Fix-BTF-dump-of-pointer-to-array-of-struct.patch patches.suse/can-peak_usb-Revert-can-peak_usb-add-forgotten-suppo.patch patches.suse/btrfs-fix-subvolume-snapshot-deletion-not-triggered-.patch + patches.suse/drm-msm-adreno-a5xx_power-Don-t-apply-A540-lm_setup-.patch + patches.suse/drm-msm-Ratelimit-invalid-fence-message.patch patches.suse/drm-msm-fix-shutdown-hook-in-case-GPU-components-fai.patch patches.suse/bus-omap_l3_noc-mark-l3-irqs-as-IRQF_NO_THREAD.patch + patches.suse/bus-ti-sysc-Fix-warning-on-unbind-if-reset-is-not-de.patch patches.suse/PM-EM-postpone-creating-the-debugfs-dir-till-fs_init.patch patches.suse/ACPICA-Always-create-namespace-nodes-using-acpi_ns_c.patch patches.suse/ACPI-video-Add-missing-callback-back-for-Sony-VPCEH3.patch @@ -18535,6 +18568,27 @@ patches.suse/ASoC-sunxi-sun4i-codec-fill-ASoC-card-owner.patch patches.suse/ASoC-fsl_esai-Fix-TDM-slot-setup-for-I2S-mode.patch patches.suse/ALSA-hda-realtek-Fix-speaker-amp-setup-on-Acer-Aspir.patch + patches.suse/drm-msm-Set-drvdata-to-NULL-when-msm_drm_init-fails.patch + patches.suse/nfc-fix-refcount-leak-in-llcp_sock_bind.patch + patches.suse/nfc-fix-refcount-leak-in-llcp_sock_connect.patch + patches.suse/nfc-fix-memory-leak-in-llcp_sock_connect.patch + patches.suse/nfc-Avoid-endless-loops-caused-by-repeated-llcp_sock.patch + patches.suse/gianfar-Handle-error-code-at-MAC-address-change.patch + patches.suse/ice-remove-DCBNL_DEVRESET-bit-from-PF-state.patch + patches.suse/net-phy-broadcom-Only-advertise-EEE-for-supported-mo.patch + patches.suse/libbpf-Only-create-rx-and-tx-XDP-rings-when-necessar.patch + patches.suse/net-hns3-Remove-the-left-over-redundant-check-assign.patch + patches.suse/batman-adv-initialize-struct-batadv_tvlv_tt_vlan_dat.patch + patches.suse/net-mlx5-Fix-PPLM-register-mapping.patch + patches.suse/mac80211-fix-TXQ-AC-confusion.patch + patches.suse/bpf-sockmap-Fix-sk-prot-unhash-op-reset.patch + patches.suse/bpf-x86-Validate-computation-of-branch-displacements.patch + patches.suse/bpf-x86-Validate-computation-of-branch-displacements-26f55a59.patch + patches.suse/i40e-Fix-parameters-in-aq_get_phy_register.patch + patches.suse/i40e-Fix-sparse-error-vsi-netdev-could-be-null.patch + patches.suse/clk-socfpga-fix-iomem-pointer-cast-on-64-bit.patch + patches.suse/clk-fix-invalid-usage-of-list-cursor-in-register.patch + patches.suse/clk-fix-invalid-usage-of-list-cursor-in-unregister.patch patches.suse/ras-cec-correct-ce_add_elem-s-returned-values.patch # jejb/scsi for-next @@ -18601,6 +18655,7 @@ patches.suse/kernel-smp-add-more-data-to-CSD-lock-debugging.patch patches.suse/0001-squashfs-fix-inode-lookup-sanity-checks.patch patches.suse/0002-squashfs-fix-xattr-id-and-id-lookup-sanity-checks.patch + patches.suse/scsi-ibmvfc-Fix-invalid-state-machine-BUG_ON.patch ######################################################## # kbuild/module infrastructure fixes @@ -18835,6 +18890,7 @@ patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch patches.suse/0001-kvm-Reintroduce-nopvspin-kernel-parameter.patch patches.suse/0001-xen-don-t-reschedule-in-preemption-off-sections.patch + patches.suse/xen-events-fix-setting-irq-affinity.patch ######################################################## # Other core patches @@ -19106,6 +19162,7 @@ patches.kabi/kabi-repair-after-nvmx-emulate-mtf-when-performing-instruction-emulation patches.kabi/fix-kabi-after-call_single_data-modification.patch patches.kabi/kabi-fix-after-nvmx-properly-handle-userspace-interrupt-window-request + patches.kabi/kABI-powerpc-pmem-Include-pmem-prototypes.patch ######################################################## # You'd better have a good reason for adding a patch