From d660bd1d2fa11eb475feb9796b435e11f0b36e6f Mon Sep 17 00:00:00 2001 From: Mel Gorman Date: Jun 21 2021 10:34:47 +0000 Subject: Merge branch 'SLE15-SP3' (0483fe0d28dc) into 'SLE15-SP3-RT' - No -rt specific changes this merge. --- diff --git a/blacklist.conf b/blacklist.conf index 7a5937b..a98cbaf 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -1271,3 +1271,6 @@ c6433083f5930fdf52ad47c8c0459719c810dc89 # device-tree fix 4bb1eb3cd4bd6241d5e5f99bbfd801ea5a007b6c # device-tree fix b0fc70ce1f028e14a37c186d9f7a55e51439b83a # Berlin SOC not supported a20dcf53ea9836387b229c4878f9559cf1b55b71 # depends on USB PD 3.0, which we do not have in SP3 +4f06dd92b5d0a6f8eec6a34b8d6ef3e1f4ac1e10 # very old bug (v2.6.26), too risky to backport +78570f8873c8cd44c12714c7fa7db2601ec5617d # hwmon_init() has no return value, hence we don't need this patch +39c0c8553bfb5a3d108aa47f1256076d507605e3 # reverts 0dcec41acb85 ("scsi: qla2xxx: Make sure that aborted commands are freed") diff --git a/patches.kabi/rtw88-kabi-workaround.patch b/patches.kabi/rtw88-kabi-workaround.patch new file mode 100644 index 0000000..063782a --- /dev/null +++ b/patches.kabi/rtw88-kabi-workaround.patch @@ -0,0 +1,42 @@ +From: Takashi Iwai +Subject: kABI workaround for rtw88 +Patch-mainline: Never, kABI workaround +References: git-fixes + +The recent change rtw88-8822c-add-LC-calibration-for-RTL8822C.patch +breaks kABI. Fix it by moving the new fields into the holes. + +Signed-off-by: Takashi Iwai + +--- + drivers/net/wireless/realtek/rtw88/main.h | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/net/wireless/realtek/rtw88/main.h ++++ b/drivers/net/wireless/realtek/rtw88/main.h +@@ -1141,7 +1141,9 @@ struct rtw_chip_info { + bool en_dis_dpd; + u16 dpd_ratemask; + u8 iqk_threshold; ++#ifndef __GENKSYMS__ + u8 lck_threshold; ++#endif + const struct rtw_pwr_track_tbl *pwr_track_tbl; + + u8 bfer_su_max_num; +@@ -1471,12 +1473,14 @@ struct rtw_dm_info { + u8 tx_rate; + u8 thermal_avg[RTW_RF_PATH_MAX]; + u8 thermal_meter_k; +- u8 thermal_meter_lck; + s8 delta_power_index[RTW_RF_PATH_MAX]; + s8 delta_power_index_last[RTW_RF_PATH_MAX]; + u8 default_ofdm_index; + bool pwr_trk_triggered; + bool pwr_trk_init_trigger; ++#ifndef __GENKSYMS__ ++ u8 thermal_meter_lck; ++#endif + struct ewma_thermal avg_thermal[RTW_RF_PATH_MAX]; + s8 txagc_remnant_cck; + s8 txagc_remnant_ofdm; diff --git a/patches.suse/0001-bcache-inherit-the-optimal-I-O-size.patch b/patches.suse/0001-bcache-inherit-the-optimal-I-O-size.patch new file mode 100644 index 0000000..fe65587 --- /dev/null +++ b/patches.suse/0001-bcache-inherit-the-optimal-I-O-size.patch @@ -0,0 +1,38 @@ +From 5d4ce78b254cde8aaeb829420c3f15d3606ad411 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Thu, 24 Sep 2020 08:51:30 +0200 +Subject: [PATCH] bcache: inherit the optimal I/O size +Git-commit: 5d4ce78b254cde8aaeb829420c3f15d3606ad411 +Patch-mainline: v5.10-rc1 +References: bsc#1187357 + +Inherit the optimal I/O size setting just like the readahead window, +as any reason to do larger I/O does not apply to just readahead. + +Signed-off-by: Christoph Hellwig +Reviewed-by: Jan Kara +Reviewed-by: Martin K. Petersen +Acked-by: Coly Li +Signed-off-by: Jens Axboe +Signed-off-by: Coly Li + +--- + drivers/md/bcache/super.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c +index 1bbdc410ee3c..48113005ed86 100644 +--- a/drivers/md/bcache/super.c ++++ b/drivers/md/bcache/super.c +@@ -1430,6 +1430,8 @@ static int cached_dev_init(struct cached_dev *dc, unsigned int block_size) + dc->disk.disk->queue->backing_dev_info->ra_pages = + max(dc->disk.disk->queue->backing_dev_info->ra_pages, + q->backing_dev_info->ra_pages); ++ blk_queue_io_opt(dc->disk.disk->queue, ++ max(queue_io_opt(dc->disk.disk->queue), queue_io_opt(q))); + + atomic_set(&dc->io_errors, 0); + dc->io_disable = false; +-- +2.26.2 + diff --git a/patches.suse/0002-bcache-Convert-to-DEFINE_SHOW_ATTRIBUTE.patch b/patches.suse/0002-bcache-Convert-to-DEFINE_SHOW_ATTRIBUTE.patch new file mode 100644 index 0000000..4db7481 --- /dev/null +++ b/patches.suse/0002-bcache-Convert-to-DEFINE_SHOW_ATTRIBUTE.patch @@ -0,0 +1,66 @@ +From 84e5d1363cd8128820434cdb983ecab0f5c1b078 Mon Sep 17 00:00:00 2001 +From: Qinglang Miao +Date: Thu, 1 Oct 2020 14:50:44 +0800 +Subject: [PATCH] bcache: Convert to DEFINE_SHOW_ATTRIBUTE +Git-commit: 84e5d1363cd8128820434cdb983ecab0f5c1b078 +Patch-mainline: v5.10-rc1 +References: bsc#1187357 + +Use DEFINE_SHOW_ATTRIBUTE macro to simplify the code. + +As inode->iprivate equals to third parameter of +debugfs_create_file() which is NULL. So it's equivalent +to original code logic. + +Signed-off-by: Qinglang Miao +Signed-off-by: Coly Li +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/closure.c | 16 +++------------- + 1 file changed, 3 insertions(+), 13 deletions(-) + +diff --git a/drivers/md/bcache/closure.c b/drivers/md/bcache/closure.c +index 0164a1fe94a9..d8d9394a6beb 100644 +--- a/drivers/md/bcache/closure.c ++++ b/drivers/md/bcache/closure.c +@@ -159,7 +159,7 @@ void closure_debug_destroy(struct closure *cl) + + static struct dentry *closure_debug; + +-static int debug_seq_show(struct seq_file *f, void *data) ++static int debug_show(struct seq_file *f, void *data) + { + struct closure *cl; + +@@ -188,17 +188,7 @@ static int debug_seq_show(struct seq_file *f, void *data) + return 0; + } + +-static int debug_seq_open(struct inode *inode, struct file *file) +-{ +- return single_open(file, debug_seq_show, NULL); +-} +- +-static const struct file_operations debug_ops = { +- .owner = THIS_MODULE, +- .open = debug_seq_open, +- .read = seq_read, +- .release = single_release +-}; ++DEFINE_SHOW_ATTRIBUTE(debug); + + void __init closure_debug_init(void) + { +@@ -209,7 +199,7 @@ void __init closure_debug_init(void) + * about this. + */ + closure_debug = debugfs_create_file( +- "closures", 0400, bcache_debug, NULL, &debug_ops); ++ "closures", 0400, bcache_debug, NULL, &debug_fops); + } + #endif + +-- +2.26.2 + diff --git a/patches.suse/0003-bcache-don-t-pass-BIOSET_NEED_BVECS-for-the-bio_set-.patch b/patches.suse/0003-bcache-don-t-pass-BIOSET_NEED_BVECS-for-the-bio_set-.patch new file mode 100644 index 0000000..bb5214a --- /dev/null +++ b/patches.suse/0003-bcache-don-t-pass-BIOSET_NEED_BVECS-for-the-bio_set-.patch @@ -0,0 +1,41 @@ +From faa8e2c4fb30f336a289e3cbaa1e9a9dfd92ac8c Mon Sep 17 00:00:00 2001 +From: Ming Lei +Date: Mon, 11 Jan 2021 11:05:57 +0800 +Subject: [PATCH] bcache: don't pass BIOSET_NEED_BVECS for the 'bio_set' + embedded in 'cache_set' +Git-commit: faa8e2c4fb30f336a289e3cbaa1e9a9dfd92ac8c +Patch-mainline: v5.12-rc1 +References: bsc#1187357 + +This bioset is just for allocating bio only from bio_next_split, and it +needn't bvecs, so remove the flag. + +Cc: linux-bcache@vger.kernel.org +Cc: Coly Li +Reviewed-by: Christoph Hellwig +Signed-off-by: Ming Lei +Acked-by: Coly Li +Reviewed-by: Hannes Reinecke +Signed-off-by: Jens Axboe +Signed-off-by: Coly Li + +--- + drivers/md/bcache/super.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c +index 2047a9cccdb5..193fe7652329 100644 +--- a/drivers/md/bcache/super.c ++++ b/drivers/md/bcache/super.c +@@ -1939,7 +1939,7 @@ struct cache_set *bch_cache_set_alloc(struct cache_sb *sb) + goto err; + + if (bioset_init(&c->bio_split, 4, offsetof(struct bbio, bio), +- BIOSET_NEED_BVECS|BIOSET_NEED_RESCUER)) ++ BIOSET_NEED_RESCUER)) + goto err; + + c->uuids = alloc_meta_bucket_pages(GFP_KERNEL, sb); +-- +2.26.2 + diff --git a/patches.suse/0004-bcache-reduce-redundant-code-in-bch_cached_dev_run.patch b/patches.suse/0004-bcache-reduce-redundant-code-in-bch_cached_dev_run.patch new file mode 100644 index 0000000..daf8df5 --- /dev/null +++ b/patches.suse/0004-bcache-reduce-redundant-code-in-bch_cached_dev_run.patch @@ -0,0 +1,93 @@ +From 13e1db65d2b9263c3dfe447077981e7a32c857ae Mon Sep 17 00:00:00 2001 +From: Zhiqiang Liu +Date: Sun, 11 Apr 2021 21:43:10 +0800 +Subject: [PATCH] bcache: reduce redundant code in bch_cached_dev_run() +Git-commit: 13e1db65d2b9263c3dfe447077981e7a32c857ae +Patch-mainline: v5.13-rc1 +References: bsc#1187357 + +In bch_cached_dev_run(), free(env[1])|free(env[2])|free(buf) +show up three times. This patch introduce out tag in +which free(env[1])|free(env[2])|free(buf) are only called +one time. If we need to call free() when errors occur, +we can set error code to ret, and then goto out tag directly. + +Signed-off-by: Zhiqiang Liu +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20210411134316.80274-2-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/super.c | 25 ++++++++++++------------- + 1 file changed, 12 insertions(+), 13 deletions(-) + +diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c +index 03e1fe4de53d..2b6d6e9cd680 100644 +--- a/drivers/md/bcache/super.c ++++ b/drivers/md/bcache/super.c +@@ -1052,6 +1052,7 @@ static int cached_dev_status_update(void *arg) + + int bch_cached_dev_run(struct cached_dev *dc) + { ++ int ret = 0; + struct bcache_device *d = &dc->disk; + char *buf = kmemdup_nul(dc->sb.label, SB_LABEL_SIZE, GFP_KERNEL); + char *env[] = { +@@ -1064,19 +1065,15 @@ int bch_cached_dev_run(struct cached_dev *dc) + if (dc->io_disable) { + pr_err("I/O disabled on cached dev %s\n", + dc->backing_dev_name); +- kfree(env[1]); +- kfree(env[2]); +- kfree(buf); +- return -EIO; ++ ret = -EIO; ++ goto out; + } + + if (atomic_xchg(&dc->running, 1)) { +- kfree(env[1]); +- kfree(env[2]); +- kfree(buf); + pr_info("cached dev %s is running already\n", + dc->backing_dev_name); +- return -EBUSY; ++ ret = -EBUSY; ++ goto out; + } + + if (!d->c && +@@ -1097,15 +1094,13 @@ int bch_cached_dev_run(struct cached_dev *dc) + * only class / kset properties are persistent + */ + kobject_uevent_env(&disk_to_dev(d->disk)->kobj, KOBJ_CHANGE, env); +- kfree(env[1]); +- kfree(env[2]); +- kfree(buf); + + if (sysfs_create_link(&d->kobj, &disk_to_dev(d->disk)->kobj, "dev") || + sysfs_create_link(&disk_to_dev(d->disk)->kobj, + &d->kobj, "bcache")) { + pr_err("Couldn't create bcache dev <-> disk sysfs symlinks\n"); +- return -ENOMEM; ++ ret = -ENOMEM; ++ goto out; + } + + dc->status_update_thread = kthread_run(cached_dev_status_update, +@@ -1114,7 +1109,11 @@ int bch_cached_dev_run(struct cached_dev *dc) + pr_warn("failed to create bcache_status_update kthread, continue to run without monitoring backing device status\n"); + } + +- return 0; ++out: ++ kfree(env[1]); ++ kfree(env[2]); ++ kfree(buf); ++ return ret; + } + + /* +-- +2.26.2 + diff --git a/patches.suse/0005-bcache-remove-PTR_CACHE.patch b/patches.suse/0005-bcache-remove-PTR_CACHE.patch new file mode 100644 index 0000000..38c7de5 --- /dev/null +++ b/patches.suse/0005-bcache-remove-PTR_CACHE.patch @@ -0,0 +1,206 @@ +From 11e9560e6c005b4adca12d17b27dc5ac22b40663 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Sun, 11 Apr 2021 21:43:11 +0800 +Subject: [PATCH] bcache: remove PTR_CACHE +Git-commit: 11e9560e6c005b4adca12d17b27dc5ac22b40663 +Patch-mainline: v5.13-rc1 +References: bsc#1187357 + +Remove the PTR_CACHE inline and replace it with a direct dereference +of c->cache. + +(Coly Li: fix the typo from PTR_BUCKET to PTR_CACHE in commit log) + +Signed-off-by: Christoph Hellwig +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20210411134316.80274-3-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/alloc.c | 5 ++--- + drivers/md/bcache/bcache.h | 11 ++--------- + drivers/md/bcache/btree.c | 4 ++-- + drivers/md/bcache/debug.c | 2 +- + drivers/md/bcache/extents.c | 4 ++-- + drivers/md/bcache/io.c | 4 ++-- + drivers/md/bcache/journal.c | 2 +- + drivers/md/bcache/writeback.c | 5 ++--- + 8 files changed, 14 insertions(+), 23 deletions(-) + +diff --git a/drivers/md/bcache/alloc.c b/drivers/md/bcache/alloc.c +index 8c371d5eef8e..097577ae3c47 100644 +--- a/drivers/md/bcache/alloc.c ++++ b/drivers/md/bcache/alloc.c +@@ -482,8 +482,7 @@ void bch_bucket_free(struct cache_set *c, struct bkey *k) + unsigned int i; + + for (i = 0; i < KEY_PTRS(k); i++) +- __bch_bucket_free(PTR_CACHE(c, k, i), +- PTR_BUCKET(c, k, i)); ++ __bch_bucket_free(c->cache, PTR_BUCKET(c, k, i)); + } + + int __bch_bucket_alloc_set(struct cache_set *c, unsigned int reserve, +@@ -674,7 +673,7 @@ bool bch_alloc_sectors(struct cache_set *c, + SET_PTR_OFFSET(&b->key, i, PTR_OFFSET(&b->key, i) + sectors); + + atomic_long_add(sectors, +- &PTR_CACHE(c, &b->key, i)->sectors_written); ++ &c->cache->sectors_written); + } + + if (b->sectors_free < c->cache->sb.block_size) +diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h +index 848dd4db1659..0a4551e165ab 100644 +--- a/drivers/md/bcache/bcache.h ++++ b/drivers/md/bcache/bcache.h +@@ -804,13 +804,6 @@ static inline sector_t bucket_remainder(struct cache_set *c, sector_t s) + return s & (c->cache->sb.bucket_size - 1); + } + +-static inline struct cache *PTR_CACHE(struct cache_set *c, +- const struct bkey *k, +- unsigned int ptr) +-{ +- return c->cache; +-} +- + static inline size_t PTR_BUCKET_NR(struct cache_set *c, + const struct bkey *k, + unsigned int ptr) +@@ -822,7 +815,7 @@ static inline struct bucket *PTR_BUCKET(struct cache_set *c, + const struct bkey *k, + unsigned int ptr) + { +- return PTR_CACHE(c, k, ptr)->buckets + PTR_BUCKET_NR(c, k, ptr); ++ return c->cache->buckets + PTR_BUCKET_NR(c, k, ptr); + } + + static inline uint8_t gen_after(uint8_t a, uint8_t b) +@@ -841,7 +834,7 @@ static inline uint8_t ptr_stale(struct cache_set *c, const struct bkey *k, + static inline bool ptr_available(struct cache_set *c, const struct bkey *k, + unsigned int i) + { +- return (PTR_DEV(k, i) < MAX_CACHES_PER_SET) && PTR_CACHE(c, k, i); ++ return (PTR_DEV(k, i) < MAX_CACHES_PER_SET) && c->cache; + } + + /* Btree key macros */ +diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c +index fe6dce125aba..183a58c89377 100644 +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -426,7 +426,7 @@ void __bch_btree_node_write(struct btree *b, struct closure *parent) + do_btree_node_write(b); + + atomic_long_add(set_blocks(i, block_bytes(b->c->cache)) * b->c->cache->sb.block_size, +- &PTR_CACHE(b->c, &b->key, 0)->btree_sectors_written); ++ &b->c->cache->btree_sectors_written); + + b->written += set_blocks(i, block_bytes(b->c->cache)); + } +@@ -1161,7 +1161,7 @@ static void make_btree_freeing_key(struct btree *b, struct bkey *k) + + for (i = 0; i < KEY_PTRS(k); i++) + SET_PTR_GEN(k, i, +- bch_inc_gen(PTR_CACHE(b->c, &b->key, i), ++ bch_inc_gen(b->c->cache, + PTR_BUCKET(b->c, &b->key, i))); + + mutex_unlock(&b->c->bucket_lock); +diff --git a/drivers/md/bcache/debug.c b/drivers/md/bcache/debug.c +index 63e809f38e3f..589a052efeb1 100644 +--- a/drivers/md/bcache/debug.c ++++ b/drivers/md/bcache/debug.c +@@ -50,7 +50,7 @@ void bch_btree_verify(struct btree *b) + v->keys.ops = b->keys.ops; + + bio = bch_bbio_alloc(b->c); +- bio_set_dev(bio, PTR_CACHE(b->c, &b->key, 0)->bdev); ++ bio_set_dev(bio, c->cache->bdev); + bio->bi_iter.bi_sector = PTR_OFFSET(&b->key, 0); + bio->bi_iter.bi_size = KEY_SIZE(&v->key) << 9; + bio->bi_opf = REQ_OP_READ | REQ_META; +diff --git a/drivers/md/bcache/extents.c b/drivers/md/bcache/extents.c +index f4658a1f37b8..d626ffcbecb9 100644 +--- a/drivers/md/bcache/extents.c ++++ b/drivers/md/bcache/extents.c +@@ -50,7 +50,7 @@ static bool __ptr_invalid(struct cache_set *c, const struct bkey *k) + + for (i = 0; i < KEY_PTRS(k); i++) + if (ptr_available(c, k, i)) { +- struct cache *ca = PTR_CACHE(c, k, i); ++ struct cache *ca = c->cache; + size_t bucket = PTR_BUCKET_NR(c, k, i); + size_t r = bucket_remainder(c, PTR_OFFSET(k, i)); + +@@ -71,7 +71,7 @@ static const char *bch_ptr_status(struct cache_set *c, const struct bkey *k) + + for (i = 0; i < KEY_PTRS(k); i++) + if (ptr_available(c, k, i)) { +- struct cache *ca = PTR_CACHE(c, k, i); ++ struct cache *ca = c->cache; + size_t bucket = PTR_BUCKET_NR(c, k, i); + size_t r = bucket_remainder(c, PTR_OFFSET(k, i)); + +diff --git a/drivers/md/bcache/io.c b/drivers/md/bcache/io.c +index dad71a6b7889..e4388fe3ab7e 100644 +--- a/drivers/md/bcache/io.c ++++ b/drivers/md/bcache/io.c +@@ -36,7 +36,7 @@ void __bch_submit_bbio(struct bio *bio, struct cache_set *c) + struct bbio *b = container_of(bio, struct bbio, bio); + + bio->bi_iter.bi_sector = PTR_OFFSET(&b->key, 0); +- bio_set_dev(bio, PTR_CACHE(c, &b->key, 0)->bdev); ++ bio_set_dev(bio, c->cache->bdev); + + b->submit_time_us = local_clock_us(); + closure_bio_submit(c, bio, bio->bi_private); +@@ -137,7 +137,7 @@ void bch_bbio_count_io_errors(struct cache_set *c, struct bio *bio, + blk_status_t error, const char *m) + { + struct bbio *b = container_of(bio, struct bbio, bio); +- struct cache *ca = PTR_CACHE(c, &b->key, 0); ++ struct cache *ca = c->cache; + int is_read = (bio_data_dir(bio) == READ ? 1 : 0); + + unsigned int threshold = op_is_write(bio_op(bio)) +diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c +index c6613e817333..de2c0d7699cf 100644 +--- a/drivers/md/bcache/journal.c ++++ b/drivers/md/bcache/journal.c +@@ -768,7 +768,7 @@ static void journal_write_unlocked(struct closure *cl) + w->data->csum = csum_set(w->data); + + for (i = 0; i < KEY_PTRS(k); i++) { +- ca = PTR_CACHE(c, k, i); ++ ca = c->cache; + bio = &ca->journal.bio; + + atomic_long_add(sectors, &ca->meta_sectors_written); +diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c +index 82d4e0880a99..bcd550a2b0da 100644 +--- a/drivers/md/bcache/writeback.c ++++ b/drivers/md/bcache/writeback.c +@@ -416,7 +416,7 @@ static void read_dirty_endio(struct bio *bio) + struct dirty_io *io = w->private; + + /* is_read = 1 */ +- bch_count_io_errors(PTR_CACHE(io->dc->disk.c, &w->key, 0), ++ bch_count_io_errors(io->dc->disk.c->cache, + bio->bi_status, 1, + "reading dirty data from cache"); + +@@ -510,8 +510,7 @@ static void read_dirty(struct cached_dev *dc) + dirty_init(w); + bio_set_op_attrs(&io->bio, REQ_OP_READ, 0); + io->bio.bi_iter.bi_sector = PTR_OFFSET(&w->key, 0); +- bio_set_dev(&io->bio, +- PTR_CACHE(dc->disk.c, &w->key, 0)->bdev); ++ bio_set_dev(&io->bio, dc->disk.c->cache->bdev); + io->bio.bi_end_io = read_dirty_endio; + + if (bch_bio_alloc_pages(&io->bio, GFP_KERNEL)) +-- +2.26.2 + diff --git a/patches.suse/0006-bcache-use-NULL-instead-of-using-plain-integer-as-po.patch b/patches.suse/0006-bcache-use-NULL-instead-of-using-plain-integer-as-po.patch new file mode 100644 index 0000000..39794fa --- /dev/null +++ b/patches.suse/0006-bcache-use-NULL-instead-of-using-plain-integer-as-po.patch @@ -0,0 +1,38 @@ +From f9a018e8a6af2898dc782f6e526bd11f6f352e87 Mon Sep 17 00:00:00 2001 +From: Yang Li +Date: Sun, 11 Apr 2021 21:43:12 +0800 +Subject: [PATCH] bcache: use NULL instead of using plain integer as pointer +Git-commit: f9a018e8a6af2898dc782f6e526bd11f6f352e87 +Patch-mainline: v5.13-rc1 +References: bsc#1187357 + +This fixes the following sparse warnings: +drivers/md/bcache/features.c:22:16: warning: Using plain integer as NULL +pointer + +Reported-by: Abaci Robot +Signed-off-by: Yang Li +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20210411134316.80274-4-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/features.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/features.c b/drivers/md/bcache/features.c +index d636b7b2d070..6d2b7b84a7b7 100644 +--- a/drivers/md/bcache/features.c ++++ b/drivers/md/bcache/features.c +@@ -19,7 +19,7 @@ struct feature { + static struct feature feature_list[] = { + {BCH_FEATURE_INCOMPAT, BCH_FEATURE_INCOMPAT_LOG_LARGE_BUCKET_SIZE, + "large_bucket"}, +- {0, 0, 0 }, ++ {0, 0, NULL }, + }; + + #define compose_feature_string(type) \ +-- +2.26.2 + diff --git a/patches.suse/0007-md-bcache-avoid-Wempty-body-warnings.patch b/patches.suse/0007-md-bcache-avoid-Wempty-body-warnings.patch new file mode 100644 index 0000000..c3ff0c4 --- /dev/null +++ b/patches.suse/0007-md-bcache-avoid-Wempty-body-warnings.patch @@ -0,0 +1,46 @@ +From be3bacececd7c4ab233105171d39082858de1baa Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Sun, 11 Apr 2021 21:43:13 +0800 +Subject: [PATCH] md: bcache: avoid -Wempty-body warnings +Git-commit: be3bacececd7c4ab233105171d39082858de1baa +Patch-mainline: v5.13-rc1 +References: bsc#1187357 + +building with 'make W=1' shows a harmless warning for each user of the +EBUG_ON() macro: + +Drivers/md/bcache/bset.c: In function 'bch_btree_sort_partial': +drivers/md/bcache/util.h:30:55: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body] + 30 | #define EBUG_ON(cond) do { if (cond); } while (0) + | ^ +drivers/md/bcache/bset.c:1312:9: note: in expansion of macro 'EBUG_ON' + 1312 | EBUG_ON(oldsize >= 0 && bch_count_data(b) != oldsize); + | ^~~~~~~ + +Reword the macro slightly to avoid the warning. + +Signed-off-by: Arnd Bergmann +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20210411134316.80274-5-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/util.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/util.h b/drivers/md/bcache/util.h +index c029f7443190..bca4a7c97da7 100644 +--- a/drivers/md/bcache/util.h ++++ b/drivers/md/bcache/util.h +@@ -27,7 +27,7 @@ struct closure; + + #else /* DEBUG */ + +-#define EBUG_ON(cond) do { if (cond); } while (0) ++#define EBUG_ON(cond) do { if (cond) do {} while (0); } while (0) + #define atomic_dec_bug(v) atomic_dec(v) + #define atomic_inc_bug(v, i) atomic_inc(v) + +-- +2.26.2 + diff --git a/patches.suse/0008-md-bcache-Trivial-typo-fixes-in-the-file-journal.c.patch b/patches.suse/0008-md-bcache-Trivial-typo-fixes-in-the-file-journal.c.patch new file mode 100644 index 0000000..0d8f0db --- /dev/null +++ b/patches.suse/0008-md-bcache-Trivial-typo-fixes-in-the-file-journal.c.patch @@ -0,0 +1,45 @@ +From 9c9b81c45619e76d315eb3b9934e9d4bfa7d3bcd Mon Sep 17 00:00:00 2001 +From: Bhaskar Chowdhury +Date: Sun, 11 Apr 2021 21:43:14 +0800 +Subject: [PATCH] md: bcache: Trivial typo fixes in the file journal.c +Git-commit: 9c9b81c45619e76d315eb3b9934e9d4bfa7d3bcd +Patch-mainline: v5.13-rc1 +References: bsc#1187357 + +s/condidate/candidate/ +s/folowing/following/ + +Signed-off-by: Bhaskar Chowdhury +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20210411134316.80274-6-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/journal.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c +index de2c0d7699cf..61bd79babf7a 100644 +--- a/drivers/md/bcache/journal.c ++++ b/drivers/md/bcache/journal.c +@@ -111,7 +111,7 @@ reread: left = ca->sb.bucket_size - offset; + * Check from the oldest jset for last_seq. If + * i->j.seq < j->last_seq, it means the oldest jset + * in list is expired and useless, remove it from +- * this list. Otherwise, j is a condidate jset for ++ * this list. Otherwise, j is a candidate jset for + * further following checks. + */ + while (!list_empty(list)) { +@@ -498,7 +498,7 @@ static void btree_flush_write(struct cache_set *c) + * - If there are matched nodes recorded in btree_nodes[], + * they are clean now (this is why and how the oldest + * journal entry can be reclaimed). These selected nodes +- * will be ignored and skipped in the folowing for-loop. ++ * will be ignored and skipped in the following for-loop. + */ + if (((btree_current_write(b)->journal - fifo_front_p) & + mask) != 0) { +-- +2.26.2 + diff --git a/patches.suse/0009-bcache-Use-64-bit-arithmetic-instead-of-32-bit.patch b/patches.suse/0009-bcache-Use-64-bit-arithmetic-instead-of-32-bit.patch new file mode 100644 index 0000000..553a74d --- /dev/null +++ b/patches.suse/0009-bcache-Use-64-bit-arithmetic-instead-of-32-bit.patch @@ -0,0 +1,51 @@ +From 62594f189e81caffa6a3bfa2fdb08eec2e347c76 Mon Sep 17 00:00:00 2001 +From: "Gustavo A. R. Silva" +Date: Sun, 11 Apr 2021 21:43:15 +0800 +Subject: [PATCH] bcache: Use 64-bit arithmetic instead of 32-bit +Git-commit: 62594f189e81caffa6a3bfa2fdb08eec2e347c76 +Patch-mainline: v5.13-rc1 +References: bsc#1187357 + +Cast multiple variables to (int64_t) in order to give the compiler +complete information about the proper arithmetic to use. Notice that +these variables are being used in contexts that expect expressions of +type int64_t (64 bit, signed). And currently, such expressions are +being evaluated using 32-bit arithmetic. + +Fixes: d0cf9503e908 ("octeontx2-pf: ethtool fec mode support") +Addresses-coverity-id: 1501724 ("Unintentional integer overflow") +Addresses-coverity-id: 1501725 ("Unintentional integer overflow") +Addresses-coverity-id: 1501726 ("Unintentional integer overflow") +Signed-off-by: Gustavo A. R. Silva +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20210411134316.80274-7-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/writeback.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c +index bcd550a2b0da..8120da278161 100644 +--- a/drivers/md/bcache/writeback.c ++++ b/drivers/md/bcache/writeback.c +@@ -110,13 +110,13 @@ static void __update_writeback_rate(struct cached_dev *dc) + int64_t fps; + + if (c->gc_stats.in_use <= BCH_WRITEBACK_FRAGMENT_THRESHOLD_MID) { +- fp_term = dc->writeback_rate_fp_term_low * ++ fp_term = (int64_t)dc->writeback_rate_fp_term_low * + (c->gc_stats.in_use - BCH_WRITEBACK_FRAGMENT_THRESHOLD_LOW); + } else if (c->gc_stats.in_use <= BCH_WRITEBACK_FRAGMENT_THRESHOLD_HIGH) { +- fp_term = dc->writeback_rate_fp_term_mid * ++ fp_term = (int64_t)dc->writeback_rate_fp_term_mid * + (c->gc_stats.in_use - BCH_WRITEBACK_FRAGMENT_THRESHOLD_MID); + } else { +- fp_term = dc->writeback_rate_fp_term_high * ++ fp_term = (int64_t)dc->writeback_rate_fp_term_high * + (c->gc_stats.in_use - BCH_WRITEBACK_FRAGMENT_THRESHOLD_HIGH); + } + fps = div_s64(dirty, dirty_buckets) * fp_term; +-- +2.26.2 + diff --git a/patches.suse/0010-bcache-fix-a-regression-of-code-compiling-failure-in.patch b/patches.suse/0010-bcache-fix-a-regression-of-code-compiling-failure-in.patch new file mode 100644 index 0000000..9d6bfab --- /dev/null +++ b/patches.suse/0010-bcache-fix-a-regression-of-code-compiling-failure-in.patch @@ -0,0 +1,45 @@ +From 33ec5dfe8f42aaf0163a16e2b450ab06f3a7f1f3 Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Sun, 11 Apr 2021 21:43:16 +0800 +Subject: [PATCH] bcache: fix a regression of code compiling failure in debug.c +Git-commit: 33ec5dfe8f42aaf0163a16e2b450ab06f3a7f1f3 +Patch-mainline: v5.13-rc1 +References: bsc#1187357 + +The patch "bcache: remove PTR_CACHE" introduces a compiling failure in +debug.c with following error message, + In file included from drivers/md/bcache/bcache.h:182:0, + from drivers/md/bcache/debug.c:9: + drivers/md/bcache/debug.c: In function 'bch_btree_verify': + drivers/md/bcache/debug.c:53:19: error: 'c' undeclared (first use in + this function) + bio_set_dev(bio, c->cache->bdev); + ^ +This patch fixes the regression by replacing c->cache->bdev by b->c-> +cache->bdev. + +Signed-off-by: Coly Li +Cc: Christoph Hellwig +Link: https://lore.kernel.org/r/20210411134316.80274-8-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/debug.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/debug.c b/drivers/md/bcache/debug.c +index 589a052efeb1..116edda845c3 100644 +--- a/drivers/md/bcache/debug.c ++++ b/drivers/md/bcache/debug.c +@@ -50,7 +50,7 @@ void bch_btree_verify(struct btree *b) + v->keys.ops = b->keys.ops; + + bio = bch_bbio_alloc(b->c); +- bio_set_dev(bio, c->cache->bdev); ++ bio_set_dev(bio, b->c->cache->bdev); + bio->bi_iter.bi_sector = PTR_OFFSET(&b->key, 0); + bio->bi_iter.bi_size = KEY_SIZE(&v->key) << 9; + bio->bi_opf = REQ_OP_READ | REQ_META; +-- +2.26.2 + diff --git a/patches.suse/0011-lib-crc64-fix-kernel-doc-warning.patch b/patches.suse/0011-lib-crc64-fix-kernel-doc-warning.patch new file mode 100644 index 0000000..caed3e4 --- /dev/null +++ b/patches.suse/0011-lib-crc64-fix-kernel-doc-warning.patch @@ -0,0 +1,42 @@ +From 415f0c835ba799e47ce077b01876568431da1ff3 Mon Sep 17 00:00:00 2001 +From: YueHaibing +Date: Fri, 4 Jun 2021 20:01:39 -0700 +Subject: [PATCH] lib: crc64: fix kernel-doc warning +Git-commit: 415f0c835ba799e47ce077b01876568431da1ff3 +Patch-mainline: v5.13-rc5 +References: bsc#1187357 + +Fix W=1 kernel build warning: + + lib/crc64.c:40: warning: + bad line: or the previous crc64 value if computing incrementally. + +Link: https://lkml.kernel.org/r/20210601135851.15444-1-yuehaibing@huawei.com +Signed-off-by: YueHaibing +Reviewed-by: Coly Li +Acked-by: Randy Dunlap +Tested-by: Randy Dunlap +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Coly Li + +--- + lib/crc64.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/crc64.c b/lib/crc64.c +index 47cfa054827f..9f852a89ee2a 100644 +--- a/lib/crc64.c ++++ b/lib/crc64.c +@@ -37,7 +37,7 @@ MODULE_LICENSE("GPL v2"); + /** + * crc64_be - Calculate bitwise big-endian ECMA-182 CRC64 + * @crc: seed value for computation. 0 or (u64)~0 for a new CRC calculation, +- or the previous crc64 value if computing incrementally. ++ * or the previous crc64 value if computing incrementally. + * @p: pointer to buffer over which CRC64 is run + * @len: length of buffer @p + */ +-- +2.26.2 + diff --git a/patches.suse/0012-bcache-remove-bcache-device-self-defined-readahead.patch b/patches.suse/0012-bcache-remove-bcache-device-self-defined-readahead.patch new file mode 100644 index 0000000..19c5b1b --- /dev/null +++ b/patches.suse/0012-bcache-remove-bcache-device-self-defined-readahead.patch @@ -0,0 +1,205 @@ +From 1616a4c2ab1a80893b6890ae93da40a2b1d0c691 Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Mon, 7 Jun 2021 20:50:51 +0800 +Subject: [PATCH] bcache: remove bcache device self-defined readahead +Git-commit: 1616a4c2ab1a80893b6890ae93da40a2b1d0c691 +Patch-mainline: v5.13-rc6 +References: bsc#1187357, bsc#1185570, bsc#1184631 + +For read cache missing, bcache defines a readahead size for the read I/O +request to the backing device for the missing data. This readahead size +is initialized to 0, and almost no one uses it to avoid unnecessary read +amplifying onto backing device and write amplifying onto cache device. +Considering upper layer file system code has readahead logic allready +and works fine with readahead_cache_policy sysfile interface, we don't +have to keep bcache self-defined readahead anymore. + +This patch removes the bcache self-defined readahead for cache missing +request for backing device, and the readahead sysfs file interfaces are +removed as well. + +This is the preparation for next patch to fix potential kernel panic due +to oversized request in a simpler method. + +(Coly Li: rebased for Linux v5.3 based SUSE kernel) + +Reported-by: Alexander Ullrich +Reported-by: Diego Ercolani +Reported-by: Jan Szubiak +Reported-by: Marco Rebhan +Reported-by: Matthias Ferdinand +Reported-by: Victor Westerhuis +Reported-by: Vojtech Pavlik +Reported-and-tested-by: Rolf Fokkens +Reported-and-tested-by: Thorsten Knabe +Signed-off-by: Coly Li +Reviewed-by: Christoph Hellwig +Cc: stable@vger.kernel.org +Cc: Kent Overstreet +Cc: Nix +Cc: Takashi Iwai +Link: https://lore.kernel.org/r/20210607125052.21277-2-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/bcache.h | 1 - + drivers/md/bcache/request.c | 12 +----------- + drivers/md/bcache/stats.c | 14 -------------- + drivers/md/bcache/stats.h | 1 - + drivers/md/bcache/sysfs.c | 4 ---- + 5 files changed, 1 insertion(+), 31 deletions(-) + +--- a/drivers/md/bcache/bcache.h ++++ b/drivers/md/bcache/bcache.h +@@ -364,7 +364,6 @@ struct cached_dev { + + /* The rest of this all shows up in sysfs */ + unsigned int sequential_cutoff; +- unsigned int readahead; + + unsigned int io_disable:1; + unsigned int verify:1; +--- a/drivers/md/bcache/request.c ++++ b/drivers/md/bcache/request.c +@@ -878,7 +878,6 @@ static int cached_dev_cache_miss(struct + struct bio *bio, unsigned int sectors) + { + int ret = MAP_CONTINUE; +- unsigned int reada = 0; + struct cached_dev *dc = container_of(s->d, struct cached_dev, disk); + struct bio *miss, *cache_bio; + +@@ -890,13 +889,7 @@ static int cached_dev_cache_miss(struct + goto out_submit; + } + +- if (!(bio->bi_opf & REQ_RAHEAD) && +- !(bio->bi_opf & (REQ_META|REQ_PRIO)) && +- s->iop.c->gc_stats.in_use < CUTOFF_CACHE_READA) +- reada = min_t(sector_t, dc->readahead >> 9, +- get_capacity(bio->bi_disk) - bio_end_sector(bio)); +- +- s->insert_bio_sectors = min(sectors, bio_sectors(bio) + reada); ++ s->insert_bio_sectors = min(sectors, bio_sectors(bio)); + + s->iop.replace_key = KEY(s->iop.inode, + bio->bi_iter.bi_sector + s->insert_bio_sectors, +@@ -930,9 +923,6 @@ static int cached_dev_cache_miss(struct + if (bch_bio_alloc_pages(cache_bio, __GFP_NOWARN|GFP_NOIO)) + goto out_put; + +- if (reada) +- bch_mark_cache_readahead(s->iop.c, s->d); +- + s->cache_miss = miss; + s->iop.bio = cache_bio; + bio_get(cache_bio); +--- a/drivers/md/bcache/stats.c ++++ b/drivers/md/bcache/stats.c +@@ -46,7 +46,6 @@ read_attribute(cache_misses); + read_attribute(cache_bypass_hits); + read_attribute(cache_bypass_misses); + read_attribute(cache_hit_ratio); +-read_attribute(cache_readaheads); + read_attribute(cache_miss_collisions); + read_attribute(bypassed); + +@@ -64,7 +63,6 @@ SHOW(bch_stats) + DIV_SAFE(var(cache_hits) * 100, + var(cache_hits) + var(cache_misses))); + +- var_print(cache_readaheads); + var_print(cache_miss_collisions); + sysfs_hprint(bypassed, var(sectors_bypassed) << 9); + #undef var +@@ -86,7 +84,6 @@ static struct attribute *bch_stats_files + &sysfs_cache_bypass_hits, + &sysfs_cache_bypass_misses, + &sysfs_cache_hit_ratio, +- &sysfs_cache_readaheads, + &sysfs_cache_miss_collisions, + &sysfs_bypassed, + NULL +@@ -113,7 +110,6 @@ void bch_cache_accounting_clear(struct c + acc->total.cache_misses = 0; + acc->total.cache_bypass_hits = 0; + acc->total.cache_bypass_misses = 0; +- acc->total.cache_readaheads = 0; + acc->total.cache_miss_collisions = 0; + acc->total.sectors_bypassed = 0; + } +@@ -145,7 +141,6 @@ static void scale_stats(struct cache_sta + scale_stat(&stats->cache_misses); + scale_stat(&stats->cache_bypass_hits); + scale_stat(&stats->cache_bypass_misses); +- scale_stat(&stats->cache_readaheads); + scale_stat(&stats->cache_miss_collisions); + scale_stat(&stats->sectors_bypassed); + } +@@ -168,7 +163,6 @@ static void scale_accounting(struct time + move_stat(cache_misses); + move_stat(cache_bypass_hits); + move_stat(cache_bypass_misses); +- move_stat(cache_readaheads); + move_stat(cache_miss_collisions); + move_stat(sectors_bypassed); + +@@ -209,14 +203,6 @@ void bch_mark_cache_accounting(struct ca + mark_cache_stats(&c->accounting.collector, hit, bypass); + } + +-void bch_mark_cache_readahead(struct cache_set *c, struct bcache_device *d) +-{ +- struct cached_dev *dc = container_of(d, struct cached_dev, disk); +- +- atomic_inc(&dc->accounting.collector.cache_readaheads); +- atomic_inc(&c->accounting.collector.cache_readaheads); +-} +- + void bch_mark_cache_miss_collision(struct cache_set *c, struct bcache_device *d) + { + struct cached_dev *dc = container_of(d, struct cached_dev, disk); +--- a/drivers/md/bcache/stats.h ++++ b/drivers/md/bcache/stats.h +@@ -7,7 +7,6 @@ struct cache_stat_collector { + atomic_t cache_misses; + atomic_t cache_bypass_hits; + atomic_t cache_bypass_misses; +- atomic_t cache_readaheads; + atomic_t cache_miss_collisions; + atomic_t sectors_bypassed; + }; +--- a/drivers/md/bcache/sysfs.c ++++ b/drivers/md/bcache/sysfs.c +@@ -137,7 +137,6 @@ rw_attribute(io_disable); + rw_attribute(discard); + rw_attribute(running); + rw_attribute(label); +-rw_attribute(readahead); + rw_attribute(errors); + rw_attribute(io_error_limit); + rw_attribute(io_error_halflife); +@@ -260,7 +259,6 @@ SHOW(__bch_cached_dev) + var_printf(partial_stripes_expensive, "%u"); + + var_hprint(sequential_cutoff); +- var_hprint(readahead); + + sysfs_print(running, atomic_read(&dc->running)); + sysfs_print(state, states[BDEV_STATE(&dc->sb)]); +@@ -365,7 +363,6 @@ STORE(__cached_dev) + sysfs_strtoul_clamp(sequential_cutoff, + dc->sequential_cutoff, + 0, UINT_MAX); +- d_strtoi_h(readahead); + + if (attr == &sysfs_clear_stats) + bch_cache_accounting_clear(&dc->accounting); +@@ -538,7 +535,6 @@ static struct attribute *bch_cached_dev_ + &sysfs_running, + &sysfs_state, + &sysfs_label, +- &sysfs_readahead, + #ifdef CONFIG_BCACHE_DEBUG + &sysfs_verify, + &sysfs_bypass_torture_test, diff --git a/patches.suse/0013-bcache-avoid-oversized-read-request-in-cache-missing.patch b/patches.suse/0013-bcache-avoid-oversized-read-request-in-cache-missing.patch new file mode 100644 index 0000000..e342386 --- /dev/null +++ b/patches.suse/0013-bcache-avoid-oversized-read-request-in-cache-missing.patch @@ -0,0 +1,194 @@ +From 41fe8d088e96472f63164e213de44ec77be69478 Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Mon, 7 Jun 2021 20:50:52 +0800 +Subject: [PATCH] bcache: avoid oversized read request in cache missing code + path +Git-commit: 41fe8d088e96472f63164e213de44ec77be69478 +Patch-mainline: v5.13-rc6 +References: bsc#1187357, bsc#1185570, bsc#1184631 + +In the cache missing code path of cached device, if a proper location +from the internal B+ tree is matched for a cache miss range, function +cached_dev_cache_miss() will be called in cache_lookup_fn() in the +following code block, +[code block 1] + 526 unsigned int sectors = KEY_INODE(k) == s->iop.inode + 527 ? min_t(uint64_t, INT_MAX, + 528 KEY_START(k) - bio->bi_iter.bi_sector) + 529 : INT_MAX; + 530 int ret = s->d->cache_miss(b, s, bio, sectors); + +Here s->d->cache_miss() is the call backfunction pointer initialized as +cached_dev_cache_miss(), the last parameter 'sectors' is an important +hint to calculate the size of read request to backing device of the +missing cache data. + +Current calculation in above code block may generate oversized value of +'sectors', which consequently may trigger 2 different potential kernel +panics by BUG() or BUG_ON() as listed below, + +1) BUG_ON() inside bch_btree_insert_key(), +[code block 2] + 886 BUG_ON(b->ops->is_extents && !KEY_SIZE(k)); +2) BUG() inside biovec_slab(), +[code block 3] + 51 default: + 52 BUG(); + 53 return NULL; + +All the above panics are original from cached_dev_cache_miss() by the +oversized parameter 'sectors'. + +Inside cached_dev_cache_miss(), parameter 'sectors' is used to calculate +the size of data read from backing device for the cache missing. This +size is stored in s->insert_bio_sectors by the following lines of code, +[code block 4] + 909 s->insert_bio_sectors = min(sectors, bio_sectors(bio) + reada); + +Then the actual key inserting to the internal B+ tree is generated and +stored in s->iop.replace_key by the following lines of code, +[code block 5] + 911 s->iop.replace_key = KEY(s->iop.inode, + 912 bio->bi_iter.bi_sector + s->insert_bio_sectors, + 913 s->insert_bio_sectors); +The oversized parameter 'sectors' may trigger panic 1) by BUG_ON() from +the above code block. + +And the bio sending to backing device for the missing data is allocated +with hint from s->insert_bio_sectors by the following lines of code, +[code block 6] + 926 cache_bio = bio_alloc_bioset(GFP_NOWAIT, + 927 DIV_ROUND_UP(s->insert_bio_sectors, PAGE_SECTORS), + 928 &dc->disk.bio_split); +The oversized parameter 'sectors' may trigger panic 2) by BUG() from the +agove code block. + +Now let me explain how the panics happen with the oversized 'sectors'. +In code block 5, replace_key is generated by macro KEY(). From the +definition of macro KEY(), +[code block 7] + 71 #define KEY(inode, offset, size) \ + 72 ((struct bkey) { \ + 73 .high = (1ULL << 63) | ((__u64) (size) << 20) | (inode), \ + 74 .low = (offset) \ + 75 }) + +Here 'size' is 16bits width embedded in 64bits member 'high' of struct +bkey. But in code block 1, if "KEY_START(k) - bio->bi_iter.bi_sector" is +very probably to be larger than (1<<16) - 1, which makes the bkey size +calculation in code block 5 is overflowed. In one bug report the value +of parameter 'sectors' is 131072 (= 1 << 17), the overflowed 'sectors' +results the overflowed s->insert_bio_sectors in code block 4, then makes +size field of s->iop.replace_key to be 0 in code block 5. Then the 0- +sized s->iop.replace_key is inserted into the internal B+ tree as cache +missing check key (a special key to detect and avoid a racing between +normal write request and cache missing read request) as, +[code block 8] + 915 ret = bch_btree_insert_check_key(b, &s->op, &s->iop.replace_key); + +Then the 0-sized s->iop.replace_key as 3rd parameter triggers the bkey +size check BUG_ON() in code block 2, and causes the kernel panic 1). + +Another kernel panic is from code block 6, is by the bvecs number +oversized value s->insert_bio_sectors from code block 4, + min(sectors, bio_sectors(bio) + reada) +There are two possibility for oversized reresult, +- bio_sectors(bio) is valid, but bio_sectors(bio) + reada is oversized. +- sectors < bio_sectors(bio) + reada, but sectors is oversized. + +From a bug report the result of "DIV_ROUND_UP(s->insert_bio_sectors, +PAGE_SECTORS)" from code block 6 can be 344, 282, 946, 342 and many +other values which larther than BIO_MAX_VECS (a.k.a 256). When calling +bio_alloc_bioset() with such larger-than-256 value as the 2nd parameter, +this value will eventually be sent to biovec_slab() as parameter +'nr_vecs' in following code path, + bio_alloc_bioset() ==> bvec_alloc() ==> biovec_slab() +Because parameter 'nr_vecs' is larger-than-256 value, the panic by BUG() +in code block 3 is triggered inside biovec_slab(). + +From the above analysis, we know that the 4th parameter 'sector' sent +into cached_dev_cache_miss() may cause overflow in code block 5 and 6, +and finally cause kernel panic in code block 2 and 3. And if result of +bio_sectors(bio) + reada exceeds valid bvecs number, it may also trigger +kernel panic in code block 3 from code block 6. + +Now the almost-useless readahead size for cache missing request back to +backing device is removed, this patch can fix the oversized issue with +more simpler method. +- add a local variable size_limit, set it by the minimum value from + the max bkey size and max bio bvecs number. +- set s->insert_bio_sectors by the minimum value from size_limit, + sectors, and the sectors size of bio. +- replace sectors by s->insert_bio_sectors to do bio_next_split. + +By the above method with size_limit, s->insert_bio_sectors will never +result oversized replace_key size or bio bvecs number. And split bio +'miss' from bio_next_split() will always match the size of 'cache_bio', +that is the current maximum bio size we can sent to backing device for +fetching the cache missing data. + +Current problmatic code can be partially found since Linux v3.13-rc1, +therefore all maintained stable kernels should try to apply this fix. + +(Coly Li: rebased for Linux v5.3 based SUSE kernel, replace BIO_MAX_VECS + by hard-coded 256) + +Reported-by: Alexander Ullrich +Reported-by: Diego Ercolani +Reported-by: Jan Szubiak +Reported-by: Marco Rebhan +Reported-by: Matthias Ferdinand +Reported-by: Victor Westerhuis +Reported-by: Vojtech Pavlik +Reported-and-tested-by: Rolf Fokkens +Reported-and-tested-by: Thorsten Knabe +Signed-off-by: Coly Li +Cc: stable@vger.kernel.org +Cc: Christoph Hellwig +Cc: Kent Overstreet +Cc: Nix +Cc: Takashi Iwai +Link: https://lore.kernel.org/r/20210607125052.21277-3-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/request.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c +index ab8ff18df32a..6d1de889baeb 100644 +--- a/drivers/md/bcache/request.c ++++ b/drivers/md/bcache/request.c +@@ -882,6 +882,7 @@ static int cached_dev_cache_miss(struct btree *b, struct search *s, + int ret = MAP_CONTINUE; + struct cached_dev *dc = container_of(s->d, struct cached_dev, disk); + struct bio *miss, *cache_bio; ++ unsigned int size_limit; + + s->cache_missed = 1; + +@@ -891,7 +892,10 @@ static int cached_dev_cache_miss(struct btree *b, struct search *s, + goto out_submit; + } + +- s->insert_bio_sectors = min(sectors, bio_sectors(bio)); ++ /* Limitation for valid replace key size and cache_bio bvecs number */ ++ size_limit = min_t(unsigned int, 256 * PAGE_SECTORS, ++ (1 << KEY_SIZE_BITS) - 1); ++ s->insert_bio_sectors = min3(size_limit, sectors, bio_sectors(bio)); + + s->iop.replace_key = KEY(s->iop.inode, + bio->bi_iter.bi_sector + s->insert_bio_sectors, +@@ -903,7 +907,8 @@ static int cached_dev_cache_miss(struct btree *b, struct search *s, + + s->iop.replace = true; + +- miss = bio_next_split(bio, sectors, GFP_NOIO, &s->d->bio_split); ++ miss = bio_next_split(bio, s->insert_bio_sectors, GFP_NOIO, ++ &s->d->bio_split); + + /* btree_search_recurse()'s btree iterator is no good anymore */ + ret = miss == bio ? MAP_DONE : -EINTR; +-- +2.26.2 + diff --git a/patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-and-speaker-f-15d295b.patch b/patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-and-speaker-f-15d295b.patch new file mode 100644 index 0000000..a063e0d --- /dev/null +++ b/patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-and-speaker-f-15d295b.patch @@ -0,0 +1,37 @@ +From 15d295b560e6dd45f839a53ae69e4f63b54eb32f Mon Sep 17 00:00:00 2001 +From: Jeremy Szu +Date: Sat, 5 Jun 2021 16:25:36 +0800 +Subject: [PATCH] ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Elite Dragonfly G2 +Git-commit: 15d295b560e6dd45f839a53ae69e4f63b54eb32f +Patch-mainline: v5.13-rc6 +References: git-fixes + +The HP Elite Dragonfly G2 using ALC285 codec which using 0x04 to control +mute LED and 0x01 to control micmute LED. +In the other hand, there is no output from right channel of speaker. +Therefore, add a quirk to make it works. + +Signed-off-by: Jeremy Szu +Cc: +Link: https://lore.kernel.org/r/20210605082539.41797-1-jeremy.szu@canonical.com +Signed-off-by: Takashi Iwai + +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index 43e37145eb5d..9f65171a902d 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -8310,6 +8310,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x103c, 0x8519, "HP Spectre x360 15-df0xxx", ALC285_FIXUP_HP_SPECTRE_X360), + SND_PCI_QUIRK(0x103c, 0x869d, "HP", ALC236_FIXUP_HP_MUTE_LED), + SND_PCI_QUIRK(0x103c, 0x86c7, "HP Envy AiO 32", ALC274_FIXUP_HP_ENVY_GPIO), ++ SND_PCI_QUIRK(0x103c, 0x8716, "HP Elite Dragonfly G2 Notebook PC", ALC285_FIXUP_HP_GPIO_AMP_INIT), + SND_PCI_QUIRK(0x103c, 0x8724, "HP EliteBook 850 G7", ALC285_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8729, "HP", ALC285_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8730, "HP ProBook 445 G7", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF), +-- +2.26.2 + diff --git a/patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-and-speaker-f-61d3e87.patch b/patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-and-speaker-f-61d3e87.patch new file mode 100644 index 0000000..09ec7b5 --- /dev/null +++ b/patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-and-speaker-f-61d3e87.patch @@ -0,0 +1,37 @@ +From 61d3e87468fad82dc8e8cb6de7db563ada64b532 Mon Sep 17 00:00:00 2001 +From: Jeremy Szu +Date: Sat, 5 Jun 2021 16:25:37 +0800 +Subject: [PATCH] ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP EliteBook x360 1040 G8 +Git-commit: 61d3e87468fad82dc8e8cb6de7db563ada64b532 +Patch-mainline: v5.13-rc6 +References: git-fixes + +The HP EliteBook x360 1040 G8 using ALC285 codec which using 0x04 to control +mute LED and 0x01 to control micmute LED. +In the other hand, there is no output from right channel of speaker. +Therefore, add a quirk to make it works. + +Signed-off-by: Jeremy Szu +Cc: +Link: https://lore.kernel.org/r/20210605082539.41797-2-jeremy.szu@canonical.com +Signed-off-by: Takashi Iwai + +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index 9f65171a902d..11324163ebe1 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -8311,6 +8311,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x103c, 0x869d, "HP", ALC236_FIXUP_HP_MUTE_LED), + SND_PCI_QUIRK(0x103c, 0x86c7, "HP Envy AiO 32", ALC274_FIXUP_HP_ENVY_GPIO), + SND_PCI_QUIRK(0x103c, 0x8716, "HP Elite Dragonfly G2 Notebook PC", ALC285_FIXUP_HP_GPIO_AMP_INIT), ++ SND_PCI_QUIRK(0x103c, 0x8720, "HP EliteBook x360 1040 G8 Notebook PC", ALC285_FIXUP_HP_GPIO_AMP_INIT), + SND_PCI_QUIRK(0x103c, 0x8724, "HP EliteBook 850 G7", ALC285_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8729, "HP", ALC285_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8730, "HP ProBook 445 G7", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF), +-- +2.26.2 + diff --git a/patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-EliteB.patch b/patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-EliteB.patch new file mode 100644 index 0000000..a4760cf --- /dev/null +++ b/patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-EliteB.patch @@ -0,0 +1,37 @@ +From dfb06401b4cdfc71e2fc3e19b877ab845cc9f7f7 Mon Sep 17 00:00:00 2001 +From: Jeremy Szu +Date: Sat, 5 Jun 2021 16:25:38 +0800 +Subject: [PATCH] ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 840 Aero G8 +Git-commit: dfb06401b4cdfc71e2fc3e19b877ab845cc9f7f7 +Patch-mainline: v5.13-rc6 +References: git-fixes + +The HP EliteBook 840 Aero G8 using ALC285 codec which using 0x04 to +control mute LED and 0x01 to control micmute LED. +In the other hand, there is no output from right channel of speaker. +Therefore, add a quirk to make it works. + +Signed-off-by: Jeremy Szu +Cc: +Link: https://lore.kernel.org/r/20210605082539.41797-3-jeremy.szu@canonical.com +Signed-off-by: Takashi Iwai + +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index 11324163ebe1..215beb3ac678 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -8330,6 +8330,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x103c, 0x87f5, "HP", ALC287_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x87f7, "HP Spectre x360 14", ALC245_FIXUP_HP_X360_AMP), + SND_PCI_QUIRK(0x103c, 0x8846, "HP EliteBook 850 G8 Notebook PC", ALC285_FIXUP_HP_GPIO_LED), ++ SND_PCI_QUIRK(0x103c, 0x884b, "HP EliteBook 840 Aero G8 Notebook PC", ALC285_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x884c, "HP EliteBook 840 G8 Notebook PC", ALC285_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x886d, "HP ZBook Fury 17.3 Inch G8 Mobile Workstation PC", ALC285_FIXUP_HP_GPIO_AMP_INIT), + SND_PCI_QUIRK(0x103c, 0x8870, "HP ZBook Fury 15.6 Inch G8 Mobile Workstation PC", ALC285_FIXUP_HP_GPIO_AMP_INIT), +-- +2.26.2 + diff --git a/patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-ZBook-.patch b/patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-ZBook-.patch new file mode 100644 index 0000000..ab06a49 --- /dev/null +++ b/patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-ZBook-.patch @@ -0,0 +1,36 @@ +From 600dd2a7e8b62170d177381cc1303861f48f9780 Mon Sep 17 00:00:00 2001 +From: Jeremy Szu +Date: Tue, 8 Jun 2021 19:47:48 +0800 +Subject: [PATCH] ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power G8 +Git-commit: 600dd2a7e8b62170d177381cc1303861f48f9780 +Patch-mainline: v5.13-rc6 +References: git-fixes + +The HP ZBook Power G8 using ALC236 codec which using 0x02 to +control mute LED and 0x01 to control micmute LED. +Therefore, add a quirk to make it works. + +Signed-off-by: Jeremy Szu +Cc: +Link: https://lore.kernel.org/r/20210608114750.32009-1-jeremy.szu@canonical.com +Signed-off-by: Takashi Iwai + +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index 11ba8e351ad4..ab5113cccffa 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -8346,6 +8346,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x103c, 0x886d, "HP ZBook Fury 17.3 Inch G8 Mobile Workstation PC", ALC285_FIXUP_HP_GPIO_AMP_INIT), + SND_PCI_QUIRK(0x103c, 0x8870, "HP ZBook Fury 15.6 Inch G8 Mobile Workstation PC", ALC285_FIXUP_HP_GPIO_AMP_INIT), + SND_PCI_QUIRK(0x103c, 0x8873, "HP ZBook Studio 15.6 Inch G8 Mobile Workstation PC", ALC285_FIXUP_HP_GPIO_AMP_INIT), ++ SND_PCI_QUIRK(0x103c, 0x888d, "HP ZBook Power 15.6 inch G8 Mobile Workstation PC", ALC236_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8896, "HP EliteBook 855 G8 Notebook PC", ALC285_FIXUP_HP_MUTE_LED), + SND_PCI_QUIRK(0x103c, 0x8898, "HP EliteBook 845 G8 Notebook PC", ALC285_FIXUP_HP_LIMIT_INT_MIC_BOOST), + SND_PCI_QUIRK(0x1043, 0x103e, "ASUS X540SA", ALC256_FIXUP_ASUS_MIC), +-- +2.26.2 + diff --git a/patches.suse/ALSA-hda-realtek-headphone-and-mic-don-t-work-on-an-.patch b/patches.suse/ALSA-hda-realtek-headphone-and-mic-don-t-work-on-an-.patch new file mode 100644 index 0000000..8a79788 --- /dev/null +++ b/patches.suse/ALSA-hda-realtek-headphone-and-mic-don-t-work-on-an-.patch @@ -0,0 +1,76 @@ +From 57c9e21a49b1c196cda28f54de9a5d556ac93f20 Mon Sep 17 00:00:00 2001 +From: Hui Wang +Date: Tue, 8 Jun 2021 10:46:00 +0800 +Subject: [PATCH] ALSA: hda/realtek: headphone and mic don't work on an Acer laptop +Git-commit: 57c9e21a49b1c196cda28f54de9a5d556ac93f20 +Patch-mainline: v5.13-rc6 +References: git-fixes + +There are 2 issues on this machine, the 1st one is mic's plug/unplug +can't be detected, that is because the mic is set to manual detecting +mode, need to apply ALC255_FIXUP_XIAOMI_HEADSET_MIC to set it to auto +detecting mode. The other one is headphone's plug/unplug can't be +detected by pulseaudio, that is because the pulseaudio will use +ucm2/sof-hda-dsp on this machine, and the ucm2 only handle +'Headphone Jack', but on this machine the headphone's pincfg sets the +location to Front, then the alsa mixer name is "Front Headphone Jack" +instead of "Headphone Jack", so override the pincfg to change location +to Left. + +Buglink: http://bugs.launchpad.net/bugs/1930188 +Cc: +Signed-off-by: Hui Wang +Link: https://lore.kernel.org/r/20210608024600.6198-1-hui.wang@canonical.com +Signed-off-by: Takashi Iwai + +--- + sound/pci/hda/patch_realtek.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index 215beb3ac678..11ba8e351ad4 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -6568,6 +6568,7 @@ enum { + ALC285_FIXUP_HP_SPECTRE_X360, + ALC287_FIXUP_IDEAPAD_BASS_SPK_AMP, + ALC623_FIXUP_LENOVO_THINKSTATION_P340, ++ ALC255_FIXUP_ACER_HEADPHONE_AND_MIC, + }; + + static const struct hda_fixup alc269_fixups[] = { +@@ -8146,6 +8147,15 @@ static const struct hda_fixup alc269_fixups[] = { + .chained = true, + .chain_id = ALC283_FIXUP_HEADSET_MIC, + }, ++ [ALC255_FIXUP_ACER_HEADPHONE_AND_MIC] = { ++ .type = HDA_FIXUP_PINS, ++ .v.pins = (const struct hda_pintbl[]) { ++ { 0x21, 0x03211030 }, /* Change the Headphone location to Left */ ++ { } ++ }, ++ .chained = true, ++ .chain_id = ALC255_FIXUP_XIAOMI_HEADSET_MIC ++ }, + }; + + static const struct snd_pci_quirk alc269_fixup_tbl[] = { +@@ -8182,6 +8192,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x1025, 0x132a, "Acer TravelMate B114-21", ALC233_FIXUP_ACER_HEADSET_MIC), + SND_PCI_QUIRK(0x1025, 0x1330, "Acer TravelMate X514-51T", ALC255_FIXUP_ACER_HEADSET_MIC), + SND_PCI_QUIRK(0x1025, 0x1430, "Acer TravelMate B311R-31", ALC256_FIXUP_ACER_MIC_NO_PRESENCE), ++ SND_PCI_QUIRK(0x1025, 0x1466, "Acer Aspire A515-56", ALC255_FIXUP_ACER_HEADPHONE_AND_MIC), + SND_PCI_QUIRK(0x1028, 0x0470, "Dell M101z", ALC269_FIXUP_DELL_M101Z), + SND_PCI_QUIRK(0x1028, 0x054b, "Dell XPS one 2710", ALC275_FIXUP_DELL_XPS), + SND_PCI_QUIRK(0x1028, 0x05bd, "Dell Latitude E6440", ALC292_FIXUP_DELL_E7X), +@@ -8740,6 +8751,7 @@ static const struct hda_model_fixup alc269_fixup_models[] = { + {.id = ALC285_FIXUP_HP_SPECTRE_X360, .name = "alc285-hp-spectre-x360"}, + {.id = ALC287_FIXUP_IDEAPAD_BASS_SPK_AMP, .name = "alc287-ideapad-bass-spk-amp"}, + {.id = ALC623_FIXUP_LENOVO_THINKSTATION_P340, .name = "alc623-lenovo-thinkstation-p340"}, ++ {.id = ALC255_FIXUP_ACER_HEADPHONE_AND_MIC, .name = "alc255-acer-headphone-and-mic"}, + {} + }; + #define ALC225_STANDARD_PINS \ +-- +2.26.2 + diff --git a/patches.suse/ALSA-seq-Fix-race-of-snd_seq_timer_open.patch b/patches.suse/ALSA-seq-Fix-race-of-snd_seq_timer_open.patch new file mode 100644 index 0000000..97814fa --- /dev/null +++ b/patches.suse/ALSA-seq-Fix-race-of-snd_seq_timer_open.patch @@ -0,0 +1,55 @@ +From 83e197a8414c0ba545e7e3916ce05f836f349273 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Thu, 10 Jun 2021 17:20:59 +0200 +Subject: [PATCH] ALSA: seq: Fix race of snd_seq_timer_open() +Git-commit: 83e197a8414c0ba545e7e3916ce05f836f349273 +Patch-mainline: v5.13-rc6 +References: git-fixes + +The timer instance per queue is exclusive, and snd_seq_timer_open() +should have managed the concurrent accesses. It looks as if it's +checking the already existing timer instance at the beginning, but +it's not right, because there is no protection, hence any later +concurrent call of snd_seq_timer_open() may override the timer +instance easily. This may result in UAF, as the leftover timer +instance can keep running while the queue itself gets closed, as +spotted by syzkaller recently. + +For avoiding the race, add a proper check at the assignment of +tmr->timeri again, and return -EBUSY if it's been already registered. + +Reported-by: syzbot+ddc1260a83ed1cbf6fb5@syzkaller.appspotmail.com +Cc: +Link: https://lore.kernel.org/r/000000000000dce34f05c42f110c@google.com +Link: https://lore.kernel.org/r/20210610152059.24633-1-tiwai@suse.de +Signed-off-by: Takashi Iwai + +--- + sound/core/seq/seq_timer.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/sound/core/seq/seq_timer.c b/sound/core/seq/seq_timer.c +index 1645e4142e30..9863be6fd43e 100644 +--- a/sound/core/seq/seq_timer.c ++++ b/sound/core/seq/seq_timer.c +@@ -297,8 +297,16 @@ int snd_seq_timer_open(struct snd_seq_queue *q) + return err; + } + spin_lock_irq(&tmr->lock); +- tmr->timeri = t; ++ if (tmr->timeri) ++ err = -EBUSY; ++ else ++ tmr->timeri = t; + spin_unlock_irq(&tmr->lock); ++ if (err < 0) { ++ snd_timer_close(t); ++ snd_timer_instance_free(t); ++ return err; ++ } + return 0; + } + +-- +2.26.2 + diff --git a/patches.suse/ALSA-timer-Fix-master-timer-notification.patch b/patches.suse/ALSA-timer-Fix-master-timer-notification.patch new file mode 100644 index 0000000..1f7d619 --- /dev/null +++ b/patches.suse/ALSA-timer-Fix-master-timer-notification.patch @@ -0,0 +1,43 @@ +From 9c1fe96bded935369f8340c2ac2e9e189f697d5d Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Wed, 2 Jun 2021 13:38:23 +0200 +Subject: [PATCH] ALSA: timer: Fix master timer notification +Git-commit: 9c1fe96bded935369f8340c2ac2e9e189f697d5d +Patch-mainline: v5.13-rc5 +References: git-fixes + +snd_timer_notify1() calls the notification to each slave for a master +event, but it passes a wrong event number. It should be +10 offset, +corresponding to SNDRV_TIMER_EVENT_MXXX, but it's incorrectly with ++100 offset. Casually this was spotted by UBSAN check via syzkaller. + +Reported-by: syzbot+d102fa5b35335a7e544e@syzkaller.appspotmail.com +Reviewed-by: Jaroslav Kysela +Cc: +Link: https://lore.kernel.org/r/000000000000e5560e05c3bd1d63@google.com +Link: https://lore.kernel.org/r/20210602113823.23777-1-tiwai@suse.de +Signed-off-by: Takashi Iwai + +--- + sound/core/timer.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/sound/core/timer.c b/sound/core/timer.c +index 6898b1ac0d7f..92b7008fcdb8 100644 +--- a/sound/core/timer.c ++++ b/sound/core/timer.c +@@ -520,9 +520,10 @@ static void snd_timer_notify1(struct snd_timer_instance *ti, int event) + return; + if (timer->hw.flags & SNDRV_TIMER_HW_SLAVE) + return; ++ event += 10; /* convert to SNDRV_TIMER_EVENT_MXXX */ + list_for_each_entry(ts, &ti->slave_active_head, active_list) + if (ts->ccallback) +- ts->ccallback(ts, event + 100, &tstamp, resolution); ++ ts->ccallback(ts, event, &tstamp, resolution); + } + + /* start/continue a master timer */ +-- +2.26.2 + diff --git a/patches.suse/ASoC-Intel-soc-acpi-remove-TGL-RVP-mixed-SoundWire-T.patch b/patches.suse/ASoC-Intel-soc-acpi-remove-TGL-RVP-mixed-SoundWire-T.patch new file mode 100644 index 0000000..910b235 --- /dev/null +++ b/patches.suse/ASoC-Intel-soc-acpi-remove-TGL-RVP-mixed-SoundWire-T.patch @@ -0,0 +1,69 @@ +From 5ed26a834b83a368f2c026f22db9becc56fd37f9 Mon Sep 17 00:00:00 2001 +From: Pierre-Louis Bossart +Date: Mon, 1 Mar 2021 17:56:37 -0600 +Subject: [PATCH] ASoC: Intel: soc-acpi: remove TGL RVP mixed SoundWire/TDM config +Git-commit: 5ed26a834b83a368f2c026f22db9becc56fd37f9 +Patch-mainline: v5.13-rc1 +References: git-fixes + +The TGL RVP can be configured in many ways. We initially supported a +mixed configuration with RT711 in SoundWire mode and RT1308 in +TDM mode. + +However Intel teams no longer have any hardware with this +configuration and there are no commercially-available devices using it +either, so let's remove this entry. The corresponding topology will +also be removed from the SOF tree. + +This patch partially reverts Commit d985d208bf8f ("ASoC: Intel: common: add match tables for TGL w/ SoundWire") + +Signed-off-by: Pierre-Louis Bossart +Reviewed-by: Kai Vehmanen +Reviewed-by: Bard Liao +Reviewed-by: Rander Wang +Link: https://lore.kernel.org/r/20210301235637.1177525-3-pierre-louis.bossart@linux.intel.com +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + .../soc/intel/common/soc-acpi-intel-tgl-match.c | 17 ----------------- + 1 file changed, 17 deletions(-) + +diff --git a/sound/soc/intel/common/soc-acpi-intel-tgl-match.c b/sound/soc/intel/common/soc-acpi-intel-tgl-match.c +index e8640ee10012..b5f05b81a584 100644 +--- a/sound/soc/intel/common/soc-acpi-intel-tgl-match.c ++++ b/sound/soc/intel/common/soc-acpi-intel-tgl-match.c +@@ -182,15 +182,6 @@ static const struct snd_soc_acpi_adr_device rt714_3_adr[] = { + } + }; + +-static const struct snd_soc_acpi_link_adr tgl_i2s_rt1308[] = { +- { +- .mask = BIT(0), +- .num_adr = ARRAY_SIZE(rt711_0_adr), +- .adr_d = rt711_0_adr, +- }, +- {} +-}; +- + static const struct snd_soc_acpi_link_adr tgl_rvp[] = { + { + .mask = BIT(0), +@@ -330,14 +321,6 @@ static const struct snd_soc_acpi_codecs tgl_rt1011_amp = { + }; + + struct snd_soc_acpi_mach snd_soc_acpi_intel_tgl_machines[] = { +- { +- .id = "10EC1308", +- .drv_name = "sof_sdw", +- .link_mask = 0x1, /* RT711 on SoundWire link0 */ +- .links = tgl_i2s_rt1308, +- .sof_fw_filename = "sof-tgl.ri", +- .sof_tplg_filename = "sof-tgl-rt711-i2s-rt1308.tplg", +- }, + { + .id = "10EC5682", + .drv_name = "tgl_max98357a_rt5682", +-- +2.26.2 + diff --git a/patches.suse/ASoC-amd-fix-for-pcm_read-error.patch b/patches.suse/ASoC-amd-fix-for-pcm_read-error.patch new file mode 100644 index 0000000..aafb8f8 --- /dev/null +++ b/patches.suse/ASoC-amd-fix-for-pcm_read-error.patch @@ -0,0 +1,117 @@ +From 6879e8e759bf9e05eaee85e32ca1a936e6b46da1 Mon Sep 17 00:00:00 2001 +From: Vijendar Mukunda +Date: Wed, 28 Apr 2021 01:53:31 +0530 +Subject: [PATCH] ASoC: amd: fix for pcm_read() error +Git-commit: 6879e8e759bf9e05eaee85e32ca1a936e6b46da1 +Patch-mainline: v5.13-rc4 +References: git-fixes + +Below phython script throwing pcm_read() error. + +import subprocess + +p = subprocess.Popen(["aplay -t raw -D plughw:1,0 /dev/zero"], shell=True) +subprocess.call(["arecord -Dhw:1,0 --dump-hw-params"], shell=True) +subprocess.call(["arecord -Dhw:1,0 -fdat -d1 /dev/null"], shell=True) +p.kill() + +Handling ACP global external interrupt enable register +causing this issue. +This register got updated wrongly when there is active +stream causing interrupts disabled for active stream. +Refactored code to handle enabling and disabling external interrupts. + +Signed-off-by: Vijendar Mukunda +Link: https://lore.kernel.org/r/1619555017-29858-1-git-send-email-Vijendar.Mukunda@amd.com +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + sound/soc/amd/raven/acp3x-pcm-dma.c | 10 ---------- + sound/soc/amd/raven/acp3x.h | 1 + + sound/soc/amd/raven/pci-acp3x.c | 15 +++++++++++++++ + 3 files changed, 16 insertions(+), 10 deletions(-) + +diff --git a/sound/soc/amd/raven/acp3x-pcm-dma.c b/sound/soc/amd/raven/acp3x-pcm-dma.c +index 417cda24030c..2447a1e6e913 100644 +--- a/sound/soc/amd/raven/acp3x-pcm-dma.c ++++ b/sound/soc/amd/raven/acp3x-pcm-dma.c +@@ -237,10 +237,6 @@ static int acp3x_dma_open(struct snd_soc_component *component, + return ret; + } + +- if (!adata->play_stream && !adata->capture_stream && +- !adata->i2ssp_play_stream && !adata->i2ssp_capture_stream) +- rv_writel(1, adata->acp3x_base + mmACP_EXTERNAL_INTR_ENB); +- + i2s_data->acp3x_base = adata->acp3x_base; + runtime->private_data = i2s_data; + return ret; +@@ -367,12 +363,6 @@ static int acp3x_dma_close(struct snd_soc_component *component, + } + } + +- /* Disable ACP irq, when the current stream is being closed and +- * another stream is also not active. +- */ +- if (!adata->play_stream && !adata->capture_stream && +- !adata->i2ssp_play_stream && !adata->i2ssp_capture_stream) +- rv_writel(0, adata->acp3x_base + mmACP_EXTERNAL_INTR_ENB); + return 0; + } + +diff --git a/sound/soc/amd/raven/acp3x.h b/sound/soc/amd/raven/acp3x.h +index 03fe93913e12..c3f0c8b7545d 100644 +--- a/sound/soc/amd/raven/acp3x.h ++++ b/sound/soc/amd/raven/acp3x.h +@@ -77,6 +77,7 @@ + #define ACP_POWER_OFF_IN_PROGRESS 0x03 + + #define ACP3x_ITER_IRER_SAMP_LEN_MASK 0x38 ++#define ACP_EXT_INTR_STAT_CLEAR_MASK 0xFFFFFFFF + + struct acp3x_platform_info { + u16 play_i2s_instance; +diff --git a/sound/soc/amd/raven/pci-acp3x.c b/sound/soc/amd/raven/pci-acp3x.c +index d3536fd6a124..a013a607b3d4 100644 +--- a/sound/soc/amd/raven/pci-acp3x.c ++++ b/sound/soc/amd/raven/pci-acp3x.c +@@ -76,6 +76,19 @@ static int acp3x_reset(void __iomem *acp3x_base) + return -ETIMEDOUT; + } + ++static void acp3x_enable_interrupts(void __iomem *acp_base) ++{ ++ rv_writel(0x01, acp_base + mmACP_EXTERNAL_INTR_ENB); ++} ++ ++static void acp3x_disable_interrupts(void __iomem *acp_base) ++{ ++ rv_writel(ACP_EXT_INTR_STAT_CLEAR_MASK, acp_base + ++ mmACP_EXTERNAL_INTR_STAT); ++ rv_writel(0x00, acp_base + mmACP_EXTERNAL_INTR_CNTL); ++ rv_writel(0x00, acp_base + mmACP_EXTERNAL_INTR_ENB); ++} ++ + static int acp3x_init(struct acp3x_dev_data *adata) + { + void __iomem *acp3x_base = adata->acp3x_base; +@@ -93,6 +106,7 @@ static int acp3x_init(struct acp3x_dev_data *adata) + pr_err("ACP3x reset failed\n"); + return ret; + } ++ acp3x_enable_interrupts(acp3x_base); + return 0; + } + +@@ -100,6 +114,7 @@ static int acp3x_deinit(void __iomem *acp3x_base) + { + int ret; + ++ acp3x_disable_interrupts(acp3x_base); + /* Reset */ + ret = acp3x_reset(acp3x_base); + if (ret) { +-- +2.26.2 + diff --git a/patches.suse/ASoC-max98088-fix-ni-clock-divider-calculation.patch b/patches.suse/ASoC-max98088-fix-ni-clock-divider-calculation.patch new file mode 100644 index 0000000..6a36e69 --- /dev/null +++ b/patches.suse/ASoC-max98088-fix-ni-clock-divider-calculation.patch @@ -0,0 +1,88 @@ +From 6c9762a78c325107dc37d20ee21002b841679209 Mon Sep 17 00:00:00 2001 +From: Marco Felsch +Date: Fri, 23 Apr 2021 15:54:02 +0200 +Subject: [PATCH] ASoC: max98088: fix ni clock divider calculation +Git-commit: 6c9762a78c325107dc37d20ee21002b841679209 +Patch-mainline: v5.13-rc4 +References: git-fixes + +The ni1/ni2 ratio formula [1] uses the pclk which is the prescaled mclk. +The max98088 datasheet [2] has no such formula but table-12 equals so +we can assume that it is the same for both devices. + +While on it make use of DIV_ROUND_CLOSEST_ULL(). + +[1] https://datasheets.maximintegrated.com/en/ds/MAX98089.pdf; page 86 +[2] https://datasheets.maximintegrated.com/en/ds/MAX98088.pdf; page 82 + +Signed-off-by: Marco Felsch +Link: https://lore.kernel.org/r/20210423135402.32105-1-m.felsch@pengutronix.de +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + sound/soc/codecs/max98088.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/sound/soc/codecs/max98088.c b/sound/soc/codecs/max98088.c +index 4be24e7f51c8..f8e49e45ce33 100644 +--- a/sound/soc/codecs/max98088.c ++++ b/sound/soc/codecs/max98088.c +@@ -41,6 +41,7 @@ struct max98088_priv { + enum max98088_type devtype; + struct max98088_pdata *pdata; + struct clk *mclk; ++ unsigned char mclk_prescaler; + unsigned int sysclk; + struct max98088_cdata dai[2]; + int eq_textcnt; +@@ -998,13 +999,16 @@ static int max98088_dai1_hw_params(struct snd_pcm_substream *substream, + /* Configure NI when operating as master */ + if (snd_soc_component_read(component, M98088_REG_14_DAI1_FORMAT) + & M98088_DAI_MAS) { ++ unsigned long pclk; ++ + if (max98088->sysclk == 0) { + dev_err(component->dev, "Invalid system clock frequency\n"); + return -EINVAL; + } + ni = 65536ULL * (rate < 50000 ? 96ULL : 48ULL) + * (unsigned long long int)rate; +- do_div(ni, (unsigned long long int)max98088->sysclk); ++ pclk = DIV_ROUND_CLOSEST(max98088->sysclk, max98088->mclk_prescaler); ++ ni = DIV_ROUND_CLOSEST_ULL(ni, pclk); + snd_soc_component_write(component, M98088_REG_12_DAI1_CLKCFG_HI, + (ni >> 8) & 0x7F); + snd_soc_component_write(component, M98088_REG_13_DAI1_CLKCFG_LO, +@@ -1065,13 +1069,16 @@ static int max98088_dai2_hw_params(struct snd_pcm_substream *substream, + /* Configure NI when operating as master */ + if (snd_soc_component_read(component, M98088_REG_1C_DAI2_FORMAT) + & M98088_DAI_MAS) { ++ unsigned long pclk; ++ + if (max98088->sysclk == 0) { + dev_err(component->dev, "Invalid system clock frequency\n"); + return -EINVAL; + } + ni = 65536ULL * (rate < 50000 ? 96ULL : 48ULL) + * (unsigned long long int)rate; +- do_div(ni, (unsigned long long int)max98088->sysclk); ++ pclk = DIV_ROUND_CLOSEST(max98088->sysclk, max98088->mclk_prescaler); ++ ni = DIV_ROUND_CLOSEST_ULL(ni, pclk); + snd_soc_component_write(component, M98088_REG_1A_DAI2_CLKCFG_HI, + (ni >> 8) & 0x7F); + snd_soc_component_write(component, M98088_REG_1B_DAI2_CLKCFG_LO, +@@ -1113,8 +1120,10 @@ static int max98088_dai_set_sysclk(struct snd_soc_dai *dai, + */ + if ((freq >= 10000000) && (freq < 20000000)) { + snd_soc_component_write(component, M98088_REG_10_SYS_CLK, 0x10); ++ max98088->mclk_prescaler = 1; + } else if ((freq >= 20000000) && (freq < 30000000)) { + snd_soc_component_write(component, M98088_REG_10_SYS_CLK, 0x20); ++ max98088->mclk_prescaler = 2; + } else { + dev_err(component->dev, "Invalid master clock frequency\n"); + return -EINVAL; +-- +2.26.2 + diff --git a/patches.suse/Bluetooth-Fix-slab-out-of-bounds-read-in-hci_extende.patch b/patches.suse/Bluetooth-Fix-slab-out-of-bounds-read-in-hci_extende.patch index 1af52ef..9b8ee30 100644 --- a/patches.suse/Bluetooth-Fix-slab-out-of-bounds-read-in-hci_extende.patch +++ b/patches.suse/Bluetooth-Fix-slab-out-of-bounds-read-in-hci_extende.patch @@ -4,7 +4,7 @@ Date: Fri, 10 Jul 2020 12:09:15 -0400 Subject: [PATCH] Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() Git-commit: 51c19bf3d5cfaa66571e4b88ba2a6f6295311101 Patch-mainline: v5.9-rc1 -References: git-fixes +References: CVE-2020-36386 bsc#1187038 Check upon `num_rsp` is insufficient. A malformed event packet with a large `num_rsp` number makes hci_extended_inquiry_result_evt() go out diff --git a/patches.suse/Bluetooth-SMP-Fail-if-remote-and-local-public-keys-a.patch b/patches.suse/Bluetooth-SMP-Fail-if-remote-and-local-public-keys-a.patch index e590397..bba2510 100644 --- a/patches.suse/Bluetooth-SMP-Fail-if-remote-and-local-public-keys-a.patch +++ b/patches.suse/Bluetooth-SMP-Fail-if-remote-and-local-public-keys-a.patch @@ -4,7 +4,7 @@ Date: Wed, 10 Mar 2021 14:13:08 -0800 Subject: [PATCH] Bluetooth: SMP: Fail if remote and local public keys are identical Git-commit: 6d19628f539fccf899298ff02ee4c73e4bf6df3f Patch-mainline: v5.13-rc1 -References: git-fixes +References: bsc#1186463 CVE-2021-0129 CVE-2020-26558 This fails the pairing procedure when both remote and local non-debug public keys are identical. diff --git a/patches.suse/Bluetooth-fix-the-erroneous-flush_work-order.patch b/patches.suse/Bluetooth-fix-the-erroneous-flush_work-order.patch new file mode 100644 index 0000000..8f847d8 --- /dev/null +++ b/patches.suse/Bluetooth-fix-the-erroneous-flush_work-order.patch @@ -0,0 +1,59 @@ +From 6a137caec23aeb9e036cdfd8a46dd8a366460e5d Mon Sep 17 00:00:00 2001 +From: Lin Ma +Date: Tue, 25 May 2021 14:39:02 +0200 +Subject: [PATCH] Bluetooth: fix the erroneous flush_work() order +Git-commit: 6a137caec23aeb9e036cdfd8a46dd8a366460e5d +Patch-mainline: v5.13-rc5 +References: git-fixes + +In the cleanup routine for failed initialization of HCI device, +the flush_work(&hdev->rx_work) need to be finished before the +flush_work(&hdev->cmd_work). Otherwise, the hci_rx_work() can +possibly invoke new cmd_work and cause a bug, like double free, +in late processings. + +This was assigned CVE-2021-3564. + +This patch reorder the flush_work() to fix this bug. + +Cc: Marcel Holtmann +Cc: Johan Hedberg +Cc: Luiz Augusto von Dentz +Cc: "David S. Miller" +Cc: Jakub Kicinski +Cc: linux-bluetooth@vger.kernel.org +Cc: netdev@vger.kernel.org +Cc: linux-kernel@vger.kernel.org +Signed-off-by: Lin Ma +Signed-off-by: Hao Xiong +Cc: stable +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Marcel Holtmann +Acked-by: Takashi Iwai + +--- + net/bluetooth/hci_core.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c +index fd12f1652bdf..7d71d104fdfd 100644 +--- a/net/bluetooth/hci_core.c ++++ b/net/bluetooth/hci_core.c +@@ -1610,8 +1610,13 @@ static int hci_dev_do_open(struct hci_dev *hdev) + } else { + /* Init failed, cleanup */ + flush_work(&hdev->tx_work); +- flush_work(&hdev->cmd_work); ++ ++ /* Since hci_rx_work() is possible to awake new cmd_work ++ * it should be flushed first to avoid unexpected call of ++ * hci_cmd_work() ++ */ + flush_work(&hdev->rx_work); ++ flush_work(&hdev->cmd_work); + + skb_queue_purge(&hdev->cmd_q); + skb_queue_purge(&hdev->rx_q); +-- +2.26.2 + diff --git a/patches.suse/HID-multitouch-require-Finger-field-to-mark-Win8-rep.patch b/patches.suse/HID-multitouch-require-Finger-field-to-mark-Win8-rep.patch new file mode 100644 index 0000000..cb7eb23 --- /dev/null +++ b/patches.suse/HID-multitouch-require-Finger-field-to-mark-Win8-rep.patch @@ -0,0 +1,54 @@ +From a2353e3b26012ff43bcdf81d37a3eaddd7ecdbf3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ahelenia=20Ziemia=C5=84ska?= +Date: Mon, 8 Mar 2021 18:42:03 +0100 +Subject: [PATCH] HID: multitouch: require Finger field to mark Win8 reports as MT +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: a2353e3b26012ff43bcdf81d37a3eaddd7ecdbf3 +Patch-mainline: v5.13-rc5 +References: git-fixes + +This effectively changes collection_is_mt from + contact ID in report->field +to + (device is Win8 => collection is finger) && contact ID in report->field + +Some devices erroneously report Pen for fingers, and Win8 stylus-on-touchscreen +devices report contact ID, but mark the accompanying touchscreen device's +collection correctly + +Cc: stable@vger.kernel.org +Signed-off-by: Ahelenia ZiemiaÅ„ska +Acked-by: Benjamin Tissoires +Signed-off-by: Jiri Kosina +Acked-by: Takashi Iwai + +--- + drivers/hid/hid-multitouch.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c +index 9d9f3e1bd5f4..55dcb8536286 100644 +--- a/drivers/hid/hid-multitouch.c ++++ b/drivers/hid/hid-multitouch.c +@@ -604,9 +604,13 @@ static struct mt_report_data *mt_allocate_report_data(struct mt_device *td, + if (!(HID_MAIN_ITEM_VARIABLE & field->flags)) + continue; + +- for (n = 0; n < field->report_count; n++) { +- if (field->usage[n].hid == HID_DG_CONTACTID) +- rdata->is_mt_collection = true; ++ if (field->logical == HID_DG_FINGER || td->hdev->group != HID_GROUP_MULTITOUCH_WIN_8) { ++ for (n = 0; n < field->report_count; n++) { ++ if (field->usage[n].hid == HID_DG_CONTACTID) { ++ rdata->is_mt_collection = true; ++ break; ++ } ++ } + } + } + +-- +2.26.2 + diff --git a/patches.suse/NFC-SUSE-specific-brutal-fix-for-runtime-PM.patch b/patches.suse/NFC-SUSE-specific-brutal-fix-for-runtime-PM.patch new file mode 100644 index 0000000..88eb69c --- /dev/null +++ b/patches.suse/NFC-SUSE-specific-brutal-fix-for-runtime-PM.patch @@ -0,0 +1,109 @@ +From 71f52ec2f033907576dccf71ac1aec94348130e8 Mon Sep 17 00:00:00 2001 +From: Oliver Neukum +Date: Tue, 8 Jun 2021 10:31:29 +0200 +Subject: [PATCH] NFC: SUSE specific brutal fix for runtime PM +Patch-mainline: Never, SUSE specific +References: bsc#1185589 + +We have an interaction between runtime PM on the +i2c level and the NFC layer. Specifically on some i2c +chipsets NFC readers will not work, because i2c's PM +will depower them while they need to be listening for connections. + +The problem is specific to some i2c controllers and +all of NFC. The proper fix would be the add minimal +runtime PM to every NFC driver. That is not feasible +to us in a realistic time frame. + +Hence this implementation does it on the NFC level, +which makes all systems work, at the expense of overriding +better implementations of specific drivers for i2c and USB. +But we support quite a number of drivers and they need to work. +So we are brutal. + +Signed-off-by: Oliver Neukum +--- + net/nfc/core.c | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +diff --git a/net/nfc/core.c b/net/nfc/core.c +index c5f9c3ee8..1d6de505d 100644 +--- a/net/nfc/core.c ++++ b/net/nfc/core.c +@@ -15,6 +15,7 @@ + #include + #include + #include ++#include + + #include + +@@ -37,6 +38,8 @@ int nfc_fw_download(struct nfc_dev *dev, const char *firmware_name) + pr_debug("%s do firmware %s\n", dev_name(&dev->dev), firmware_name); + + device_lock(&dev->dev); ++ /* failures MUST be ignored */ ++ pm_runtime_get_sync(&dev->dev); + + if (!device_is_registered(&dev->dev)) { + rc = -ENODEV; +@@ -58,7 +61,11 @@ int nfc_fw_download(struct nfc_dev *dev, const char *firmware_name) + if (rc) + dev->fw_download_in_progress = false; + ++ device_unlock(&dev->dev); ++ return 0; ++ + error: ++ pm_runtime_put(&dev->dev); + device_unlock(&dev->dev); + return rc; + } +@@ -73,9 +80,12 @@ int nfc_fw_download(struct nfc_dev *dev, const char *firmware_name) + int nfc_fw_download_done(struct nfc_dev *dev, const char *firmware_name, + u32 result) + { ++ int rc; + dev->fw_download_in_progress = false; + +- return nfc_genl_fw_download_done(dev, firmware_name, result); ++ rc = nfc_genl_fw_download_done(dev, firmware_name, result); ++ pm_runtime_put(&dev->dev); ++ return rc; + } + EXPORT_SYMBOL(nfc_fw_download_done); + +@@ -93,6 +103,8 @@ int nfc_dev_up(struct nfc_dev *dev) + pr_debug("dev_name=%s\n", dev_name(&dev->dev)); + + device_lock(&dev->dev); ++ /* errors MUST be ignored, we are using the child count */ ++ pm_runtime_get_sync(&dev->dev); + + if (dev->rfkill && rfkill_blocked(dev->rfkill)) { + rc = -ERFKILL; +@@ -123,8 +135,11 @@ int nfc_dev_up(struct nfc_dev *dev) + /* We have to enable the device before discovering SEs */ + if (dev->ops->discover_se && dev->ops->discover_se(dev)) + pr_err("SE discovery failed\n"); ++ device_unlock(&dev->dev); ++ return rc; + + error: ++ pm_runtime_put(&dev->dev); + device_unlock(&dev->dev); + return rc; + } +@@ -161,6 +176,9 @@ int nfc_dev_down(struct nfc_dev *dev) + dev->ops->dev_down(dev); + + dev->dev_up = false; ++ pm_runtime_put(&dev->dev); ++ device_unlock(&dev->dev); ++ return rc; + + error: + device_unlock(&dev->dev); +-- +2.26.2 + diff --git a/patches.suse/Revert-net-liquidio-fix-a-NULL-pointer-dereference.patch b/patches.suse/Revert-net-liquidio-fix-a-NULL-pointer-dereference.patch new file mode 100644 index 0000000..f2c60b9 --- /dev/null +++ b/patches.suse/Revert-net-liquidio-fix-a-NULL-pointer-dereference.patch @@ -0,0 +1,45 @@ +From: Greg Kroah-Hartman +Date: Mon, 3 May 2021 13:57:31 +0200 +Subject: Revert "net: liquidio: fix a NULL pointer dereference" +Patch-mainline: v5.13-rc3 +Git-commit: 4fd798a5a89114c1892574c50f2aebd49bc5b4f5 +References: git-fixes + +This reverts commit fe543b2f174f34a7a751aa08b334fe6b105c4569. + +Because of recent interactions with developers from @umn.edu, all +commits from them have been recently re-reviewed to ensure if they were +correct or not. + +Upon review, this commit was found to be incorrect for the reasons +below, so it must be reverted. It will be fixed up "correctly" in a +later kernel change. + +While the original commit does keep the immediate "NULL dereference" +from happening, it does not properly propagate the error back to the +callers, AND it does not fix this same identical issue in the +drivers/net/ethernet/cavium/liquidio/lio_vf_main.c for some reason. + +Cc: Kangjie Lu +Cc: David S. Miller +Link: https://lore.kernel.org/r/20210503115736.2104747-65-gregkh@linuxfoundation.org +Signed-off-by: Greg Kroah-Hartman +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/cavium/liquidio/lio_main.c | 5 ----- + 1 file changed, 5 deletions(-) + +--- a/drivers/net/ethernet/cavium/liquidio/lio_main.c ++++ b/drivers/net/ethernet/cavium/liquidio/lio_main.c +@@ -1192,11 +1192,6 @@ static void send_rx_ctrl_cmd(struct lio + sc = (struct octeon_soft_command *) + octeon_alloc_soft_command(oct, OCTNET_CMD_SIZE, + 16, 0); +- if (!sc) { +- netif_info(lio, rx_err, lio->netdev, +- "Failed to allocate octeon_soft_command\n"); +- return; +- } + + ncmd = (union octnet_cmd *)sc->virtdptr; + diff --git a/patches.suse/Revert-qlcnic-Avoid-potential-NULL-pointer-dereferen.patch b/patches.suse/Revert-qlcnic-Avoid-potential-NULL-pointer-dereferen.patch new file mode 100644 index 0000000..d00d308 --- /dev/null +++ b/patches.suse/Revert-qlcnic-Avoid-potential-NULL-pointer-dereferen.patch @@ -0,0 +1,43 @@ +From: Greg Kroah-Hartman +Date: Mon, 3 May 2021 13:56:51 +0200 +Subject: Revert "qlcnic: Avoid potential NULL pointer dereference" +Patch-mainline: v5.13-rc3 +Git-commit: b95b57dfe7a142bf2446548eb7f49340fd73e78b +References: git-fixes + +This reverts commit 5bf7295fe34a5251b1d241b9736af4697b590670. + +Because of recent interactions with developers from @umn.edu, all +commits from them have been recently re-reviewed to ensure if they were +correct or not. + +Upon review, this commit was found to be incorrect for the reasons +below, so it must be reverted. It will be fixed up "correctly" in a +later kernel change. + +This commit does not properly detect if an error happens because the +logic after this loop will not detect that there was a failed +allocation. + +Cc: Aditya Pakki +Cc: David S. Miller +Fixes: 5bf7295fe34a ("qlcnic: Avoid potential NULL pointer dereference") +Cc: stable +Link: https://lore.kernel.org/r/20210503115736.2104747-25-gregkh@linuxfoundation.org +Signed-off-by: Greg Kroah-Hartman +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c ++++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c +@@ -1048,8 +1048,6 @@ int qlcnic_do_lb_test(struct qlcnic_adap + + for (i = 0; i < QLCNIC_NUM_ILB_PKT; i++) { + skb = netdev_alloc_skb(adapter->netdev, QLCNIC_ILB_PKT_SIZE); +- if (!skb) +- break; + qlcnic_create_loopback_buff(skb->data, adapter->mac_addr); + skb_put(skb, QLCNIC_ILB_PKT_SIZE); + adapter->ahw->diag_cnt = 0; diff --git a/patches.suse/USB-f_ncm-ncm_bitrate-speed-is-unsigned.patch b/patches.suse/USB-f_ncm-ncm_bitrate-speed-is-unsigned.patch new file mode 100644 index 0000000..10396cd --- /dev/null +++ b/patches.suse/USB-f_ncm-ncm_bitrate-speed-is-unsigned.patch @@ -0,0 +1,49 @@ +From 3370139745853f7826895293e8ac3aec1430508e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= +Date: Mon, 7 Jun 2021 17:53:44 -0700 +Subject: [PATCH] USB: f_ncm: ncm_bitrate (speed) is unsigned +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 3370139745853f7826895293e8ac3aec1430508e +Patch-mainline: v5.13-rc6 +References: git-fixes + +[ 190.544755] configfs-gadget gadget: notify speed -44967296 + +This is because 4250000000 - 2**32 is -44967296. + +Fixes: 9f6ce4240a2b ("usb: gadget: f_ncm.c added") +Cc: Brooke Basile +Cc: Bryan O'Donoghue +Cc: Felipe Balbi +Cc: Lorenzo Colitti +Cc: Yauheni Kaliuta +Cc: Linux USB Mailing List +Acked-by: Lorenzo Colitti +Signed-off-by: Maciej Å»enczykowski +Cc: stable +Link: https://lore.kernel.org/r/20210608005344.3762668-1-zenczykowski@gmail.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/gadget/function/f_ncm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/usb/gadget/function/f_ncm.c b/drivers/usb/gadget/function/f_ncm.c +index 019bea8e09cc..0d23c6c11a13 100644 +--- a/drivers/usb/gadget/function/f_ncm.c ++++ b/drivers/usb/gadget/function/f_ncm.c +@@ -583,7 +583,7 @@ static void ncm_do_notify(struct f_ncm *ncm) + data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget)); + data[1] = data[0]; + +- DBG(cdev, "notify speed %d\n", ncm_bitrate(cdev->gadget)); ++ DBG(cdev, "notify speed %u\n", ncm_bitrate(cdev->gadget)); + ncm->notify_state = NCM_NOTIFY_CONNECT; + break; + } +-- +2.26.2 + diff --git a/patches.suse/USB-serial-cp210x-fix-alternate-function-for-CP2102N.patch b/patches.suse/USB-serial-cp210x-fix-alternate-function-for-CP2102N.patch new file mode 100644 index 0000000..7f38951 --- /dev/null +++ b/patches.suse/USB-serial-cp210x-fix-alternate-function-for-CP2102N.patch @@ -0,0 +1,68 @@ +From 6f7ec77cc8b64ff5037c1945e4650c65c458037d Mon Sep 17 00:00:00 2001 +From: Stefan Agner +Date: Fri, 28 May 2021 22:39:31 +0200 +Subject: [PATCH] USB: serial: cp210x: fix alternate function for CP2102N QFN20 +Git-commit: 6f7ec77cc8b64ff5037c1945e4650c65c458037d +Patch-mainline: v5.13-rc6 +References: git-fixes + +The QFN20 part has a different GPIO/port function assignment. The +configuration struct bit field ordered as TX/RX/RS485/WAKEUP/CLK +which exactly matches GPIO0-3 for QFN24/28. However, QFN20 has a +different GPIO to primary function assignment. + +Special case QFN20 to follow to properly detect which GPIOs are +available. + +Signed-off-by: Stefan Agner +Link: https://lore.kernel.org/r/51830b2b24118eb0f77c5c9ac64ffb2f519dbb1d.1622218300.git.stefan@agner.ch +Fixes: c8acfe0aadbe ("USB: serial: cp210x: implement GPIO support for CP2102N") +Cc: stable@vger.kernel.org # 4.19 +Signed-off-by: Johan Hovold +Acked-by: Takashi Iwai + +--- + drivers/usb/serial/cp210x.c | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c +index ee595d1bea0a..c9f8ebd34122 100644 +--- a/drivers/usb/serial/cp210x.c ++++ b/drivers/usb/serial/cp210x.c +@@ -537,6 +537,12 @@ struct cp210x_single_port_config { + #define CP210X_2NCONFIG_GPIO_RSTLATCH_IDX 587 + #define CP210X_2NCONFIG_GPIO_CONTROL_IDX 600 + ++/* CP2102N QFN20 port configuration values */ ++#define CP2102N_QFN20_GPIO2_TXLED_MODE BIT(2) ++#define CP2102N_QFN20_GPIO3_RXLED_MODE BIT(3) ++#define CP2102N_QFN20_GPIO1_RS485_MODE BIT(4) ++#define CP2102N_QFN20_GPIO0_CLK_MODE BIT(6) ++ + /* CP210X_VENDOR_SPECIFIC, CP210X_WRITE_LATCH call writes these 0x2 bytes. */ + struct cp210x_gpio_write { + u8 mask; +@@ -1733,7 +1739,19 @@ static int cp2102n_gpioconf_init(struct usb_serial *serial) + priv->gpio_pushpull = (gpio_pushpull >> 3) & 0x0f; + + /* 0 indicates GPIO mode, 1 is alternate function */ +- priv->gpio_altfunc = (gpio_ctrl >> 2) & 0x0f; ++ if (priv->partnum == CP210X_PARTNUM_CP2102N_QFN20) { ++ /* QFN20 is special... */ ++ if (gpio_ctrl & CP2102N_QFN20_GPIO0_CLK_MODE) /* GPIO 0 */ ++ priv->gpio_altfunc |= BIT(0); ++ if (gpio_ctrl & CP2102N_QFN20_GPIO1_RS485_MODE) /* GPIO 1 */ ++ priv->gpio_altfunc |= BIT(1); ++ if (gpio_ctrl & CP2102N_QFN20_GPIO2_TXLED_MODE) /* GPIO 2 */ ++ priv->gpio_altfunc |= BIT(2); ++ if (gpio_ctrl & CP2102N_QFN20_GPIO3_RXLED_MODE) /* GPIO 3 */ ++ priv->gpio_altfunc |= BIT(3); ++ } else { ++ priv->gpio_altfunc = (gpio_ctrl >> 2) & 0x0f; ++ } + + if (priv->partnum == CP210X_PARTNUM_CP2102N_QFN28) { + /* +-- +2.26.2 + diff --git a/patches.suse/USB-serial-quatech2-fix-control-request-directions.patch b/patches.suse/USB-serial-quatech2-fix-control-request-directions.patch new file mode 100644 index 0000000..59120fe --- /dev/null +++ b/patches.suse/USB-serial-quatech2-fix-control-request-directions.patch @@ -0,0 +1,57 @@ +From eb8dbe80326c3d44c1e38ee4f40e0d8d3e06f2d0 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Mon, 24 May 2021 11:17:05 +0200 +Subject: [PATCH] USB: serial: quatech2: fix control-request directions +Git-commit: eb8dbe80326c3d44c1e38ee4f40e0d8d3e06f2d0 +Patch-mainline: v5.13-rc6 +References: git-fixes + +The direction of the pipe argument must match the request-type direction +bit or control requests may fail depending on the host-controller-driver +implementation. + +Fix the three requests which erroneously used usb_rcvctrlpipe(). + +Fixes: f7a33e608d9a ("USB: serial: add quatech2 usb to serial driver") +Cc: stable@vger.kernel.org # 3.5 +Signed-off-by: Johan Hovold +Acked-by: Takashi Iwai + +--- + drivers/usb/serial/quatech2.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/usb/serial/quatech2.c b/drivers/usb/serial/quatech2.c +index 5f2e7f668e68..067690dac24c 100644 +--- a/drivers/usb/serial/quatech2.c ++++ b/drivers/usb/serial/quatech2.c +@@ -416,7 +416,7 @@ static void qt2_close(struct usb_serial_port *port) + + /* flush the port transmit buffer */ + i = usb_control_msg(serial->dev, +- usb_rcvctrlpipe(serial->dev, 0), ++ usb_sndctrlpipe(serial->dev, 0), + QT2_FLUSH_DEVICE, 0x40, 1, + port_priv->device_port, NULL, 0, QT2_USB_TIMEOUT); + +@@ -426,7 +426,7 @@ static void qt2_close(struct usb_serial_port *port) + + /* flush the port receive buffer */ + i = usb_control_msg(serial->dev, +- usb_rcvctrlpipe(serial->dev, 0), ++ usb_sndctrlpipe(serial->dev, 0), + QT2_FLUSH_DEVICE, 0x40, 0, + port_priv->device_port, NULL, 0, QT2_USB_TIMEOUT); + +@@ -639,7 +639,7 @@ static int qt2_attach(struct usb_serial *serial) + int status; + + /* power on unit */ +- status = usb_control_msg(serial->dev, usb_rcvctrlpipe(serial->dev, 0), ++ status = usb_control_msg(serial->dev, usb_sndctrlpipe(serial->dev, 0), + 0xc2, 0x40, 0x8000, 0, NULL, 0, + QT2_USB_TIMEOUT); + if (status < 0) { +-- +2.26.2 + diff --git a/patches.suse/blk-settings-align-max_sectors-on-logical_block_size.patch b/patches.suse/blk-settings-align-max_sectors-on-logical_block_size.patch new file mode 100644 index 0000000..914ff97 --- /dev/null +++ b/patches.suse/blk-settings-align-max_sectors-on-logical_block_size.patch @@ -0,0 +1,67 @@ +From 97f433c3601a24d3513d06f575a389a2ca4e11e4 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Tue, 23 Feb 2021 19:25:30 -0700 +Subject: [PATCH] blk-settings: align max_sectors on "logical_block_size" + boundary +Git-commit: 97f433c3601a24d3513d06f575a389a2ca4e11e4 +Patch-mainline: v5.12-rc1 +References: bsc#1185195 + +We get I/O errors when we run md-raid1 on the top of dm-integrity on the +top of ramdisk. +Device-mapper: integrity: Bio not aligned on 8 sectors: 0xff00, 0xff +Device-mapper: integrity: Bio not aligned on 8 sectors: 0xffff, 0x1 +Device-mapper: integrity: Bio not aligned on 8 sectors: 0x8048, 0xff +Device-mapper: integrity: Bio not aligned on 8 sectors: 0x8147, 0xff +Device-mapper: integrity: Bio not aligned on 8 sectors: 0x8246, 0xff +Device-mapper: integrity: Bio not aligned on 8 sectors: 0x8345, 0xbb + +The ramdisk device has logical_block_size 512 and max_sectors 255. The +dm-integrity device uses logical_block_size 4096 and it doesn't affect the +"max_sectors" value - thus, it inherits 255 from the ramdisk. So, we have +a device with max_sectors not aligned on logical_block_size. + +The md-raid device sees that the underlying leg has max_sectors 255 and it +will split the bios on 255-sector boundary, making the bios unaligned on +logical_block_size. + +In order to fix the bug, we round down max_sectors to logical_block_size. + +Cc: stable@vger.kernel.org +Reviewed-by: Ming Lei +Signed-off-by: Mikulas Patocka +Signed-off-by: Jens Axboe +Acked-by: Jan Kara + +--- + block/blk-settings.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +--- a/block/blk-settings.c ++++ b/block/blk-settings.c +@@ -473,6 +473,14 @@ void blk_queue_stack_limits(struct reque + } + EXPORT_SYMBOL(blk_queue_stack_limits); + ++static unsigned int blk_round_down_sectors(unsigned int sectors, unsigned int lbs) ++{ ++ sectors = round_down(sectors, lbs >> SECTOR_SHIFT); ++ if (sectors < PAGE_SIZE >> SECTOR_SHIFT) ++ sectors = PAGE_SIZE >> SECTOR_SHIFT; ++ return sectors; ++} ++ + /** + * blk_stack_limits - adjust queue_limits for stacked devices + * @t: the stacking driver limits (top device) +@@ -586,6 +594,10 @@ int blk_stack_limits(struct queue_limits + ret = -1; + } + ++ t->max_sectors = blk_round_down_sectors(t->max_sectors, t->logical_block_size); ++ t->max_hw_sectors = blk_round_down_sectors(t->max_hw_sectors, t->logical_block_size); ++ t->max_dev_sectors = blk_round_down_sectors(t->max_dev_sectors, t->logical_block_size); ++ + /* Discard alignment and granularity */ + if (b->discard_granularity) { + alignment = queue_limit_discard_alignment(b, start); diff --git a/patches.suse/block-return-the-correct-bvec-when-checking-for-gaps.patch b/patches.suse/block-return-the-correct-bvec-when-checking-for-gaps.patch new file mode 100644 index 0000000..f3dce5d --- /dev/null +++ b/patches.suse/block-return-the-correct-bvec-when-checking-for-gaps.patch @@ -0,0 +1,80 @@ +From: Long Li +Date: Mon, 7 Jun 2021 12:34:05 -0700 +Subject: block: return the correct bvec when checking for gaps +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.dk/linux-block +Git-commit: c9c9762d4d44dcb1b2ba90cfb4122dc11ceebf31 +References: bsc#1187143 bsc#1187144 + +After commit 07173c3ec276 ("block: enable multipage bvecs"), a bvec can +have multiple pages. But bio_will_gap() still assumes one page bvec while +checking for merging. If the pages in the bvec go across the +seg_boundary_mask, this check for merging can potentially succeed if only +the 1st page is tested, and can fail if all the pages are tested. + +Later, when SCSI builds the SG list the same check for merging is done in +__blk_segment_map_sg_merge() with all the pages in the bvec tested. This +time the check may fail if the pages in bvec go across the +seg_boundary_mask (but tested okay in bio_will_gap() earlier, so those +BIOs were merged). If this check fails, we end up with a broken SG list +for drivers assuming the SG list not having offsets in intermediate pages. +This results in incorrect pages written to the disk. + +Fix this by returning the multi-page bvec when testing gaps for merging. + +Cc: Jens Axboe +Cc: Johannes Thumshirn +Cc: Pavel Begunkov +Cc: Ming Lei +Cc: Tejun Heo +Cc: "Matthew Wilcox (Oracle)" +Cc: Jeffle Xu +Cc: linux-kernel@vger.kernel.org +Cc: stable@vger.kernel.org +Fixes: 07173c3ec276 ("block: enable multipage bvecs") +Signed-off-by: Long Li +Reviewed-by: Ming Lei +Reviewed-by: Christoph Hellwig +Link: https://lore.kernel.org/r/1623094445-22332-1-git-send-email-longli@linuxonhyperv.com +Signed-off-by: Jens Axboe +Acked-by: Jan Kara +Acked-by: Daniel Wagner +--- + include/linux/bio.h | 12 ++++-------- + 1 file changed, 4 insertions(+), 8 deletions(-) + +--- a/include/linux/bio.h ++++ b/include/linux/bio.h +@@ -44,9 +44,6 @@ static inline unsigned int bio_max_segs(unsigned int nr_segs) + #define bio_offset(bio) bio_iter_offset((bio), (bio)->bi_iter) + #define bio_iovec(bio) bio_iter_iovec((bio), (bio)->bi_iter) + +-#define bio_multiple_segments(bio) \ +- ((bio)->bi_iter.bi_size != bio_iovec(bio).bv_len) +- + #define bvec_iter_sectors(iter) ((iter).bi_size >> 9) + #define bvec_iter_end_sector(iter) ((iter).bi_sector + bvec_iter_sectors((iter))) + +@@ -271,7 +268,7 @@ static inline void bio_clear_flag(struct bio *bio, unsigned int bit) + + static inline void bio_get_first_bvec(struct bio *bio, struct bio_vec *bv) + { +- *bv = bio_iovec(bio); ++ *bv = mp_bvec_iter_bvec(bio->bi_io_vec, bio->bi_iter); + } + + static inline void bio_get_last_bvec(struct bio *bio, struct bio_vec *bv) +@@ -279,10 +276,9 @@ static inline void bio_get_last_bvec(struct bio *bio, struct bio_vec *bv) + struct bvec_iter iter = bio->bi_iter; + int idx; + +- if (unlikely(!bio_multiple_segments(bio))) { +- *bv = bio_iovec(bio); +- return; +- } ++ bio_get_first_bvec(bio, bv); ++ if (bv->bv_len == bio->bi_iter.bi_size) ++ return; /* this bio only has a single bvec */ + + bio_advance_iter(bio, &iter, iter.bi_size); + diff --git a/patches.suse/brcmfmac-Add-clm_blob-firmware-files-to-modinfo.patch b/patches.suse/brcmfmac-Add-clm_blob-firmware-files-to-modinfo.patch index 0438e85..c2c67f0 100644 --- a/patches.suse/brcmfmac-Add-clm_blob-firmware-files-to-modinfo.patch +++ b/patches.suse/brcmfmac-Add-clm_blob-firmware-files-to-modinfo.patch @@ -1,7 +1,9 @@ From: Matthias Brugger Date: Fri, 4 Jun 2021 15:59:08 +0200 Subject: brcmfmac: Add clm_blob firmware files to modinfo -Patch-mainline: Submitted, 20210607103433.21022-1-matthias.bgg@kernel.org +Git-commit: 885f256f61f958d494ffdf5084a292808f08daee +Patch-mainline: Queued +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next.git#master References: bsc#1186677 Cypress Wi-Fi chipsets include information regarding regulatory @@ -14,6 +16,9 @@ functionality can be expected with the file present, so add it to the modinfo of the driver. Signed-off-by: Matthias Brugger +Reviewed-by: Hans de Goede +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20210607103433.21022-1-matthias.bgg@kernel.org --- drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h | 7 +++++++ drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 4 ++-- diff --git a/patches.suse/btrfs-open-device-without-device_list_mutex.patch b/patches.suse/btrfs-open-device-without-device_list_mutex.patch new file mode 100644 index 0000000..ccc71d2 --- /dev/null +++ b/patches.suse/btrfs-open-device-without-device_list_mutex.patch @@ -0,0 +1,250 @@ +From 18c850fdc5a801bad4977b0f1723761d42267e45 Mon Sep 17 00:00:00 2001 +From: Josef Bacik +Date: Fri Jul 17 15:12:27 2020 -0400 +Subject: [PATCH] btrfs: open device without device_list_mutex +Git-commit: 18c850fdc5a801bad4977b0f1723761d42267e45 +References: bsc#1176771 +Patch-mainline: v5.9-rc1 + + +There's long existed a lockdep splat because we open our bdev's under +the ->device_list_mutex at mount time, which acquires the bd_mutex. +Usually this goes unnoticed, but if you do loopback devices at all +suddenly the bd_mutex comes with a whole host of other dependencies, +which results in the splat when you mount a btrfs file system. + +====================================================== +WARNING: possible circular locking dependency detected +5.8.0-0.rc3.1.fc33.x86_64+debug #1 Not tainted +------------------------------------------------------ +systemd-journal/509 is trying to acquire lock: +ffff970831f84db0 (&fs_info->reloc_mutex){+.+.}-{3:3}, at: btrfs_record_root_in_trans+0x44/0x70 [btrfs] + +but task is already holding lock: +ffff97083144d598 (sb_pagefaults){.+.+}-{0:0}, at: btrfs_page_mkwrite+0x59/0x560 [btrfs] + +which lock already depends on the new lock. + +the existing dependency chain (in reverse order) is: + + -> #6 (sb_pagefaults){.+.+}-{0:0}: + __sb_start_write+0x13e/0x220 + btrfs_page_mkwrite+0x59/0x560 [btrfs] + do_page_mkwrite+0x4f/0x130 + do_wp_page+0x3b0/0x4f0 + handle_mm_fault+0xf47/0x1850 + do_user_addr_fault+0x1fc/0x4b0 + exc_page_fault+0x88/0x300 + asm_exc_page_fault+0x1e/0x30 + + -> #5 (&mm->mmap_lock#2){++++}-{3:3}: + __might_fault+0x60/0x80 + _copy_from_user+0x20/0xb0 + get_sg_io_hdr+0x9a/0xb0 + scsi_cmd_ioctl+0x1ea/0x2f0 + cdrom_ioctl+0x3c/0x12b4 + sr_block_ioctl+0xa4/0xd0 + block_ioctl+0x3f/0x50 + ksys_ioctl+0x82/0xc0 + __x64_sys_ioctl+0x16/0x20 + do_syscall_64+0x52/0xb0 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + + -> #4 (&cd->lock){+.+.}-{3:3}: + __mutex_lock+0x7b/0x820 + sr_block_open+0xa2/0x180 + __blkdev_get+0xdd/0x550 + blkdev_get+0x38/0x150 + do_dentry_open+0x16b/0x3e0 + path_openat+0x3c9/0xa00 + do_filp_open+0x75/0x100 + do_sys_openat2+0x8a/0x140 + __x64_sys_openat+0x46/0x70 + do_syscall_64+0x52/0xb0 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + + -> #3 (&bdev->bd_mutex){+.+.}-{3:3}: + __mutex_lock+0x7b/0x820 + __blkdev_get+0x6a/0x550 + blkdev_get+0x85/0x150 + blkdev_get_by_path+0x2c/0x70 + btrfs_get_bdev_and_sb+0x1b/0xb0 [btrfs] + open_fs_devices+0x88/0x240 [btrfs] + btrfs_open_devices+0x92/0xa0 [btrfs] + btrfs_mount_root+0x250/0x490 [btrfs] + legacy_get_tree+0x30/0x50 + vfs_get_tree+0x28/0xc0 + vfs_kern_mount.part.0+0x71/0xb0 + btrfs_mount+0x119/0x380 [btrfs] + legacy_get_tree+0x30/0x50 + vfs_get_tree+0x28/0xc0 + do_mount+0x8c6/0xca0 + __x64_sys_mount+0x8e/0xd0 + do_syscall_64+0x52/0xb0 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + + -> #2 (&fs_devs->device_list_mutex){+.+.}-{3:3}: + __mutex_lock+0x7b/0x820 + btrfs_run_dev_stats+0x36/0x420 [btrfs] + commit_cowonly_roots+0x91/0x2d0 [btrfs] + btrfs_commit_transaction+0x4e6/0x9f0 [btrfs] + btrfs_sync_file+0x38a/0x480 [btrfs] + __x64_sys_fdatasync+0x47/0x80 + do_syscall_64+0x52/0xb0 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + + -> #1 (&fs_info->tree_log_mutex){+.+.}-{3:3}: + __mutex_lock+0x7b/0x820 + btrfs_commit_transaction+0x48e/0x9f0 [btrfs] + btrfs_sync_file+0x38a/0x480 [btrfs] + __x64_sys_fdatasync+0x47/0x80 + do_syscall_64+0x52/0xb0 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + + -> #0 (&fs_info->reloc_mutex){+.+.}-{3:3}: + __lock_acquire+0x1241/0x20c0 + lock_acquire+0xb0/0x400 + __mutex_lock+0x7b/0x820 + btrfs_record_root_in_trans+0x44/0x70 [btrfs] + start_transaction+0xd2/0x500 [btrfs] + btrfs_dirty_inode+0x44/0xd0 [btrfs] + file_update_time+0xc6/0x120 + btrfs_page_mkwrite+0xda/0x560 [btrfs] + do_page_mkwrite+0x4f/0x130 + do_wp_page+0x3b0/0x4f0 + handle_mm_fault+0xf47/0x1850 + do_user_addr_fault+0x1fc/0x4b0 + exc_page_fault+0x88/0x300 + asm_exc_page_fault+0x1e/0x30 + +other info that might help us debug this: + +Chain exists of: + &fs_info->reloc_mutex --> &mm->mmap_lock#2 --> sb_pagefaults + +Possible unsafe locking scenario: + + CPU0 CPU1 + ---- ---- + lock(sb_pagefaults); + lock(&mm->mmap_lock#2); + lock(sb_pagefaults); + lock(&fs_info->reloc_mutex); + + *** DEADLOCK *** + +3 locks held by systemd-journal/509: + #0: ffff97083bdec8b8 (&mm->mmap_lock#2){++++}-{3:3}, at: do_user_addr_fault+0x12e/0x4b0 + #1: ffff97083144d598 (sb_pagefaults){.+.+}-{0:0}, at: btrfs_page_mkwrite+0x59/0x560 [btrfs] + #2: ffff97083144d6a8 (sb_internal){.+.+}-{0:0}, at: start_transaction+0x3f8/0x500 [btrfs] + +stack backtrace: +CPU: 0 PID: 509 Comm: systemd-journal Not tainted 5.8.0-0.rc3.1.fc33.x86_64+debug #1 +Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 +Call Trace: + dump_stack+0x92/0xc8 + check_noncircular+0x134/0x150 + __lock_acquire+0x1241/0x20c0 + lock_acquire+0xb0/0x400 + ? btrfs_record_root_in_trans+0x44/0x70 [btrfs] + ? lock_acquire+0xb0/0x400 + ? btrfs_record_root_in_trans+0x44/0x70 [btrfs] + __mutex_lock+0x7b/0x820 + ? btrfs_record_root_in_trans+0x44/0x70 [btrfs] + ? kvm_sched_clock_read+0x14/0x30 + ? sched_clock+0x5/0x10 + ? sched_clock_cpu+0xc/0xb0 + btrfs_record_root_in_trans+0x44/0x70 [btrfs] + start_transaction+0xd2/0x500 [btrfs] + btrfs_dirty_inode+0x44/0xd0 [btrfs] + file_update_time+0xc6/0x120 + btrfs_page_mkwrite+0xda/0x560 [btrfs] + ? sched_clock+0x5/0x10 + do_page_mkwrite+0x4f/0x130 + do_wp_page+0x3b0/0x4f0 + handle_mm_fault+0xf47/0x1850 + do_user_addr_fault+0x1fc/0x4b0 + exc_page_fault+0x88/0x300 + ? asm_exc_page_fault+0x8/0x30 + asm_exc_page_fault+0x1e/0x30 +RIP: 0033:0x7fa3972fdbfe +Code: Bad RIP value. + +Fix this by not holding the ->device_list_mutex at this point. The +device_list_mutex exists to protect us from modifying the device list +while the file system is running. + +However it can also be modified by doing a scan on a device. But this +action is specifically protected by the uuid_mutex, which we are holding +here. We cannot race with opening at this point because we have the +->s_mount lock held during the mount. Not having the +->device_list_mutex here is perfectly safe as we're not going to change +the devices at this point. + +CC: stable@vger.kernel.org # 4.19+ +Signed-off-by: Josef Bacik +Reviewed-by: David Sterba +[ add some comments ] +Signed-off-by: David Sterba + +diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c +index 537ccf6..084b822 100644 +--- a/fs/btrfs/volumes.c ++++ b/fs/btrfs/volumes.c +@@ -245,7 +245,9 @@ static int __btrfs_map_block(struct btrfs_fs_info *fs_info, + * + * global::fs_devs - add, remove, updates to the global list + * +- * does not protect: manipulation of the fs_devices::devices list! ++ * does not protect: manipulation of the fs_devices::devices list in general ++ * but in mount context it could be used to exclude list modifications by eg. ++ * scan ioctl + * + * btrfs_device::name - renames (write side), read is RCU + * +@@ -258,6 +260,9 @@ static int __btrfs_map_block(struct btrfs_fs_info *fs_info, + * may be used to exclude some operations from running concurrently without any + * modifications to the list (see write_all_supers) + * ++ * Is not required at mount and close times, because our device list is ++ * protected by the uuid_mutex at that point. ++ * + * balance_mutex + * ------------- + * protects balance structures (status, state) and context accessed from +@@ -602,6 +607,11 @@ static int btrfs_free_stale_devices(const char *path, + return ret; + } + ++/* ++ * This is only used on mount, and we are protected from competing things ++ * messing with our fs_devices by the uuid_mutex, thus we do not need the ++ * fs_devices->device_list_mutex here. ++ */ + static int btrfs_open_one_device(struct btrfs_fs_devices *fs_devices, + struct btrfs_device *device, fmode_t flags, + void *holder) +@@ -1229,8 +1239,14 @@ int btrfs_open_devices(struct btrfs_fs_devices *fs_devices, + int ret; + + lockdep_assert_held(&uuid_mutex); ++ /* ++ * The device_list_mutex cannot be taken here in case opening the ++ * underlying device takes further locks like bd_mutex. ++ * ++ * We also don't need the lock here as this is called during mount and ++ * exclusion is provided by uuid_mutex ++ */ + +- mutex_lock(&fs_devices->device_list_mutex); + if (fs_devices->opened) { + fs_devices->opened++; + ret = 0; +@@ -1238,7 +1254,6 @@ int btrfs_open_devices(struct btrfs_fs_devices *fs_devices, + list_sort(NULL, &fs_devices->devices, devid_cmp); + ret = open_fs_devices(fs_devices, flags, holder); + } +- mutex_unlock(&fs_devices->device_list_mutex); + + return ret; + } diff --git a/patches.suse/cxgb4-avoid-accessing-registers-when-clearing-filter.patch b/patches.suse/cxgb4-avoid-accessing-registers-when-clearing-filter.patch new file mode 100644 index 0000000..3a1412f --- /dev/null +++ b/patches.suse/cxgb4-avoid-accessing-registers-when-clearing-filter.patch @@ -0,0 +1,32 @@ +From: Raju Rangoju +Date: Wed, 19 May 2021 16:48:31 +0530 +Subject: cxgb4: avoid accessing registers when clearing filters +Patch-mainline: v5.13-rc4 +Git-commit: 88c380df84fbd03f9b137c2b9d0a44b9f2f553b0 +References: git-fixes + +Hardware register having the server TID base can contain +invalid values when adapter is in bad state (for example, +due to AER fatal error). Reading these invalid values in the +register can lead to out-of-bound memory access. So, fix +by using the saved server TID base when clearing filters. + +Fixes: b1a79360ee86 ("cxgb4: Delete all hash and TCAM filters before resource cleanup") +Signed-off-by: Raju Rangoju +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c ++++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c +@@ -914,7 +914,7 @@ void clear_all_filters(struct adapter *a + cxgb4_del_filter(dev, f->tid, &f->fs); + } + +- sb = t4_read_reg(adapter, LE_DB_SRVR_START_INDEX_A); ++ sb = adapter->tids.stid_base; + for (i = 0; i < sb; i++) { + f = (struct filter_entry *)adapter->tids.tid_tab[i]; + diff --git a/patches.suse/cxgb4-avoid-link-re-train-during-TC-MQPRIO-configura.patch b/patches.suse/cxgb4-avoid-link-re-train-during-TC-MQPRIO-configura.patch new file mode 100644 index 0000000..1573d25 --- /dev/null +++ b/patches.suse/cxgb4-avoid-link-re-train-during-TC-MQPRIO-configura.patch @@ -0,0 +1,132 @@ +From: Rahul Lakkireddy +Date: Fri, 4 Jun 2021 16:48:18 +0530 +Subject: cxgb4: avoid link re-train during TC-MQPRIO configuration +Patch-mainline: v5.13-rc5 +Git-commit: 3822d0670c9d4342794d73e0d0e615322b40438e +References: jsc#SLE-8389 + +When configuring TC-MQPRIO offload, only turn off netdev carrier and +don't bring physical link down in hardware. Otherwise, when the +physical link is brought up again after configuration, it gets +re-trained and stalls ongoing traffic. + +Also, when firmware is no longer accessible or crashed, avoid sending +FLOWC and waiting for reply that will never come. + +Fix following hung_task_timeout_secs trace seen in these cases. + +INFO: task tc:20807 blocked for more than 122 seconds. + Tainted: G S 5.13.0-rc3+ #122 +"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. +task:tc state:D stack:14768 pid:20807 ppid: 19366 flags:0x00000000 +Call Trace: + __schedule+0x27b/0x6a0 + schedule+0x37/0xa0 + schedule_preempt_disabled+0x5/0x10 + __mutex_lock.isra.14+0x2a0/0x4a0 + ? netlink_lookup+0x120/0x1a0 + ? rtnl_fill_ifinfo+0x10f0/0x10f0 + __netlink_dump_start+0x70/0x250 + rtnetlink_rcv_msg+0x28b/0x380 + ? rtnl_fill_ifinfo+0x10f0/0x10f0 + ? rtnl_calcit.isra.42+0x120/0x120 + netlink_rcv_skb+0x4b/0xf0 + netlink_unicast+0x1a0/0x280 + netlink_sendmsg+0x216/0x440 + sock_sendmsg+0x56/0x60 + __sys_sendto+0xe9/0x150 + ? handle_mm_fault+0x6d/0x1b0 + ? do_user_addr_fault+0x1c5/0x620 + __x64_sys_sendto+0x1f/0x30 + do_syscall_64+0x3c/0x80 + entry_SYSCALL_64_after_hwframe+0x44/0xae +RIP: 0033:0x7f7f73218321 +RSP: 002b:00007ffd19626208 EFLAGS: 00000246 ORIG_RAX: 000000000000002c +RAX: ffffffffffffffda RBX: 000055b7c0a8b240 RCX: 00007f7f73218321 +RDX: 0000000000000028 RSI: 00007ffd19626210 RDI: 0000000000000003 +RBP: 000055b7c08680ff R08: 0000000000000000 R09: 0000000000000000 +R10: 0000000000000000 R11: 0000000000000246 R12: 000055b7c085f5f6 +R13: 000055b7c085f60a R14: 00007ffd19636470 R15: 00007ffd196262a0 + +Fixes: b1396c2bd675 ("cxgb4: parse and configure TC-MQPRIO offload") +Signed-off-by: Rahul Lakkireddy +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/chelsio/cxgb4/cxgb4.h | 2 -- + drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 4 ++-- + drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_mqprio.c | 9 ++++++--- + drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 ++++++ + 4 files changed, 14 insertions(+), 7 deletions(-) + +--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4.h ++++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4.h +@@ -2178,8 +2178,6 @@ int cxgb4_update_mac_filt(struct port_in + bool persistent, u8 *smt_idx); + int cxgb4_get_msix_idx_from_bmap(struct adapter *adap); + void cxgb4_free_msix_idx_in_bmap(struct adapter *adap, u32 msix_idx); +-int cxgb_open(struct net_device *dev); +-int cxgb_close(struct net_device *dev); + void cxgb4_enable_rx(struct adapter *adap, struct sge_rspq *q); + void cxgb4_quiesce_rx(struct sge_rspq *q); + int cxgb4_port_mirror_alloc(struct net_device *dev); +--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c ++++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c +@@ -2536,7 +2536,7 @@ static void cxgb_down(struct adapter *ad + /* + * net_device operations + */ +-int cxgb_open(struct net_device *dev) ++static int cxgb_open(struct net_device *dev) + { + struct port_info *pi = netdev_priv(dev); + struct adapter *adapter = pi->adapter; +@@ -2563,7 +2563,7 @@ int cxgb_open(struct net_device *dev) + return err; + } + +-int cxgb_close(struct net_device *dev) ++static int cxgb_close(struct net_device *dev) + { + struct port_info *pi = netdev_priv(dev); + struct adapter *adapter = pi->adapter; +--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_mqprio.c ++++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_mqprio.c +@@ -580,7 +580,8 @@ int cxgb4_setup_tc_mqprio(struct net_dev + * down before configuring tc params. + */ + if (netif_running(dev)) { +- cxgb_close(dev); ++ netif_tx_stop_all_queues(dev); ++ netif_carrier_off(dev); + needs_bring_up = true; + } + +@@ -616,8 +616,10 @@ int cxgb4_setup_tc_mqprio(struct net_dev + } + + out: +- if (needs_bring_up) +- cxgb_open(dev); ++ if (needs_bring_up) { ++ netif_tx_start_all_queues(dev); ++ netif_carrier_on(dev); ++ } + + mutex_unlock(&adap->tc_mqprio->mqprio_mutex); + return ret; +--- a/drivers/net/ethernet/chelsio/cxgb4/sge.c ++++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c +@@ -2426,6 +2426,12 @@ int cxgb4_ethofld_send_flowc(struct net_ + if (!eosw_txq) + return -ENOMEM; + ++ if (!(adap->flags & CXGB4_FW_OK)) { ++ /* Don't stall caller when access to FW is lost */ ++ complete(&eosw_txq->completion); ++ return -EIO; ++ } ++ + skb = alloc_skb(len, GFP_KERNEL); + if (!skb) + return -ENOMEM; diff --git a/patches.suse/dmaengine-idxd-add-missing-dsa-driver-unregister.patch b/patches.suse/dmaengine-idxd-add-missing-dsa-driver-unregister.patch new file mode 100644 index 0000000..8768096 --- /dev/null +++ b/patches.suse/dmaengine-idxd-add-missing-dsa-driver-unregister.patch @@ -0,0 +1,36 @@ +From 077cdb355b3d8ee0f258856962e6dac06e744401 Mon Sep 17 00:00:00 2001 +From: Dave Jiang +Date: Mon, 26 Apr 2021 16:32:24 -0700 +Subject: [PATCH] dmaengine: idxd: add missing dsa driver unregister +Git-commit: 077cdb355b3d8ee0f258856962e6dac06e744401 +Patch-mainline: v5.13-rc7 +References: git-fixes + +The idxd_unregister_driver() has never been called for the idxd driver upon +removal. Add fix to call unregister driver on module removal. + +Fixes: c52ca478233c ("dmaengine: idxd: add configuration component of driver") +Signed-off-by: Dave Jiang +Link: https://lore.kernel.org/r/161947994449.1053102.13189942817915448216.stgit@djiang5-desk3.ch.intel.com +Signed-off-by: Vinod Koul +Acked-by: Takashi Iwai + +--- + drivers/dma/idxd/init.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/dma/idxd/init.c b/drivers/dma/idxd/init.c +index ec7305f86bf7..6201f52f13f5 100644 +--- a/drivers/dma/idxd/init.c ++++ b/drivers/dma/idxd/init.c +@@ -788,6 +788,7 @@ module_init(idxd_init_module); + + static void __exit idxd_exit_module(void) + { ++ idxd_unregister_driver(); + pci_unregister_driver(&idxd_pci_driver); + idxd_cdev_remove(); + idxd_unregister_bus_type(); +-- +2.26.2 + diff --git a/patches.suse/drm-amdgpu-make-sure-we-unpin-the-UVD-BO.patch b/patches.suse/drm-amdgpu-make-sure-we-unpin-the-UVD-BO.patch new file mode 100644 index 0000000..d0f7da9 --- /dev/null +++ b/patches.suse/drm-amdgpu-make-sure-we-unpin-the-UVD-BO.patch @@ -0,0 +1,40 @@ +From 07438603a07e52f1c6aa731842bd298d2725b7be Mon Sep 17 00:00:00 2001 +From: Nirmoy Das +Date: Fri, 28 May 2021 16:54:16 +0200 +Subject: [PATCH] drm/amdgpu: make sure we unpin the UVD BO +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 07438603a07e52f1c6aa731842bd298d2725b7be +Patch-mainline: v5.13-rc5 +References: git-fixes + +Releasing pinned BOs is illegal now. UVD 6 was missing from: +commit 2f40801dc553 ("drm/amdgpu: make sure we unpin the UVD BO") + +Fixes: 2f40801dc553 ("drm/amdgpu: make sure we unpin the UVD BO") +Cc: stable@vger.kernel.org +Signed-off-by: Nirmoy Das +Reviewed-by: Christian König +Signed-off-by: Alex Deucher +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c b/drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c +index 2bab9c77952f..cf3803f8f075 100644 +--- a/drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c ++++ b/drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c +@@ -357,6 +357,7 @@ static int uvd_v6_0_enc_ring_test_ib(struct amdgpu_ring *ring, long timeout) + + error: + dma_fence_put(fence); ++ amdgpu_bo_unpin(bo); + amdgpu_bo_unreserve(bo); + amdgpu_bo_unref(&bo); + return r; +-- +2.26.2 + diff --git a/patches.suse/efi-libstub-prevent-read-overflow-in-find_file_optio.patch b/patches.suse/efi-libstub-prevent-read-overflow-in-find_file_optio.patch new file mode 100644 index 0000000..d7b4f25 --- /dev/null +++ b/patches.suse/efi-libstub-prevent-read-overflow-in-find_file_optio.patch @@ -0,0 +1,38 @@ +From c4039b29fe9637e1135912813f830994af4c867f Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Fri, 23 Apr 2021 14:48:31 +0300 +Subject: [PATCH] efi/libstub: prevent read overflow in find_file_option() +Git-commit: c4039b29fe9637e1135912813f830994af4c867f +Patch-mainline: v5.13-rc5 +References: git-fixes + +If the buffer has slashes up to the end then this will read past the end +of the array. I don't anticipate that this is an issue for many people +in real life, but it's the right thing to do and it makes static +checkers happy. + +Fixes: 7a88a6227dc7 ("efi/libstub: Fix path separator regression") +Signed-off-by: Dan Carpenter +Signed-off-by: Ard Biesheuvel +Acked-by: Takashi Iwai + +--- + drivers/firmware/efi/libstub/file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/firmware/efi/libstub/file.c b/drivers/firmware/efi/libstub/file.c +index 4e81c6077188..dd95f330fe6e 100644 +--- a/drivers/firmware/efi/libstub/file.c ++++ b/drivers/firmware/efi/libstub/file.c +@@ -103,7 +103,7 @@ static int find_file_option(const efi_char16_t *cmdline, int cmdline_len, + return 0; + + /* Skip any leading slashes */ +- while (cmdline[i] == L'/' || cmdline[i] == L'\\') ++ while (i < cmdline_len && (cmdline[i] == L'/' || cmdline[i] == L'\\')) + i++; + + while (--result_len > 0 && i < cmdline_len) { +-- +2.26.2 + diff --git a/patches.suse/gve-Add-NULL-pointer-checks-when-freeing-irqs.patch b/patches.suse/gve-Add-NULL-pointer-checks-when-freeing-irqs.patch new file mode 100644 index 0000000..33f4559 --- /dev/null +++ b/patches.suse/gve-Add-NULL-pointer-checks-when-freeing-irqs.patch @@ -0,0 +1,53 @@ +From: David Awogbemila +Date: Mon, 17 May 2021 14:08:13 -0700 +Subject: gve: Add NULL pointer checks when freeing irqs. +Patch-mainline: v5.13-rc4 +Git-commit: 5218e919c8d06279884aa0baf76778a6817d5b93 +References: git-fixes + +When freeing notification blocks, we index priv->msix_vectors. +If we failed to allocate priv->msix_vectors (see abort_with_msix_vectors) +this could lead to a NULL pointer dereference if the driver is unloaded. + +Fixes: 893ce44df565 ("gve: Add basic driver framework for Compute Engine Virtual NIC") +Signed-off-by: David Awogbemila +Acked-by: Willem de Brujin +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/google/gve/gve_main.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +--- a/drivers/net/ethernet/google/gve/gve_main.c ++++ b/drivers/net/ethernet/google/gve/gve_main.c +@@ -242,20 +242,22 @@ static void gve_free_notify_blocks(struc + { + int i; + +- /* Free the irqs */ +- for (i = 0; i < priv->num_ntfy_blks; i++) { +- struct gve_notify_block *block = &priv->ntfy_blocks[i]; +- int msix_idx = i; ++ if (priv->msix_vectors) { ++ /* Free the irqs */ ++ for (i = 0; i < priv->num_ntfy_blks; i++) { ++ struct gve_notify_block *block = &priv->ntfy_blocks[i]; ++ int msix_idx = i; + +- irq_set_affinity_hint(priv->msix_vectors[msix_idx].vector, +- NULL); +- free_irq(priv->msix_vectors[msix_idx].vector, block); ++ irq_set_affinity_hint(priv->msix_vectors[msix_idx].vector, ++ NULL); ++ free_irq(priv->msix_vectors[msix_idx].vector, block); ++ } ++ free_irq(priv->msix_vectors[priv->mgmt_msix_idx].vector, priv); + } + dma_free_coherent(&priv->pdev->dev, + priv->num_ntfy_blks * sizeof(*priv->ntfy_blocks), + priv->ntfy_blocks, priv->ntfy_block_bus); + priv->ntfy_blocks = NULL; +- free_irq(priv->msix_vectors[priv->mgmt_msix_idx].vector, priv); + pci_disable_msix(priv->pdev); + kvfree(priv->msix_vectors); + priv->msix_vectors = NULL; diff --git a/patches.suse/gve-Correct-SKB-queue-index-validation.patch b/patches.suse/gve-Correct-SKB-queue-index-validation.patch new file mode 100644 index 0000000..bec93a2 --- /dev/null +++ b/patches.suse/gve-Correct-SKB-queue-index-validation.patch @@ -0,0 +1,30 @@ +From: David Awogbemila +Date: Mon, 17 May 2021 14:08:15 -0700 +Subject: gve: Correct SKB queue index validation. +Patch-mainline: v5.13-rc4 +Git-commit: fbd4a28b4fa66faaa7f510c0adc531d37e0a7848 +References: git-fixes + +SKBs with skb_get_queue_mapping(skb) == tx_cfg.num_queues should also be +considered invalid. + +Fixes: f5cedc84a30d ("gve: Add transmit and receive support") +Signed-off-by: David Awogbemila +Acked-by: Willem de Brujin +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/google/gve/gve_tx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/ethernet/google/gve/gve_tx.c ++++ b/drivers/net/ethernet/google/gve/gve_tx.c +@@ -478,7 +478,7 @@ netdev_tx_t gve_tx(struct sk_buff *skb, + struct gve_tx_ring *tx; + int nsegs; + +- WARN(skb_get_queue_mapping(skb) > priv->tx_cfg.num_queues, ++ WARN(skb_get_queue_mapping(skb) >= priv->tx_cfg.num_queues, + "skb queue index out of range"); + tx = &priv->tx[skb_get_queue_mapping(skb)]; + if (unlikely(gve_maybe_stop_tx(tx, skb))) { diff --git a/patches.suse/gve-Update-mgmt_msix_idx-if-num_ntfy-changes.patch b/patches.suse/gve-Update-mgmt_msix_idx-if-num_ntfy-changes.patch new file mode 100644 index 0000000..beb0b82 --- /dev/null +++ b/patches.suse/gve-Update-mgmt_msix_idx-if-num_ntfy-changes.patch @@ -0,0 +1,31 @@ +From: David Awogbemila +Date: Mon, 17 May 2021 14:08:12 -0700 +Subject: gve: Update mgmt_msix_idx if num_ntfy changes +Patch-mainline: v5.13-rc4 +Git-commit: e96b491a0ffa35a8a9607c193fa4d894ca9fb32f +References: git-fixes + +If we do not get the expected number of vectors from +pci_enable_msix_range, we update priv->num_ntfy_blks but not +priv->mgmt_msix_idx. This patch fixes this so that priv->mgmt_msix_idx +is updated accordingly. + +Fixes: f5cedc84a30d ("gve: Add transmit and receive support") +Signed-off-by: David Awogbemila +Acked-by: Willem de Bruijn +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/google/gve/gve_main.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/ethernet/google/gve/gve_main.c ++++ b/drivers/net/ethernet/google/gve/gve_main.c +@@ -161,6 +161,7 @@ static int gve_alloc_notify_blocks(struc + int vecs_left = new_num_ntfy_blks % 2; + + priv->num_ntfy_blks = new_num_ntfy_blks; ++ priv->mgmt_msix_idx = priv->num_ntfy_blks; + priv->tx_cfg.max_queues = min_t(int, priv->tx_cfg.max_queues, + vecs_per_type); + priv->rx_cfg.max_queues = min_t(int, priv->rx_cfg.max_queues, diff --git a/patches.suse/gve-Upgrade-memory-barrier-in-poll-routine.patch b/patches.suse/gve-Upgrade-memory-barrier-in-poll-routine.patch new file mode 100644 index 0000000..02dde6a --- /dev/null +++ b/patches.suse/gve-Upgrade-memory-barrier-in-poll-routine.patch @@ -0,0 +1,41 @@ +From: Catherine Sullivan +Date: Mon, 17 May 2021 14:08:14 -0700 +Subject: gve: Upgrade memory barrier in poll routine +Patch-mainline: v5.13-rc4 +Git-commit: f81781835f0adfae8d701545386030d223efcd6f +References: git-fixes + +As currently written, if the driver checks for more work (via +gve_tx_poll or gve_rx_poll) before the device posts work and the +irq doorbell is not unmasked +(via iowrite32be(GVE_IRQ_ACK | GVE_IRQ_EVENT, ...)) before the device +attempts to raise an interrupt, an interrupt is lost and this could +potentially lead to the traffic being completely halted. For +example, if a tx queue has already been stopped, the driver won't get +the chance to complete work and egress will be halted. + +We need a full memory barrier in the poll +routine to ensure that the irq doorbell is unmasked before the driver +checks for more work. + +Fixes: f5cedc84a30d ("gve: Add transmit and receive support") +Signed-off-by: Catherine Sullivan +Signed-off-by: David Awogbemila +Acked-by: Willem de Brujin +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/google/gve/gve_main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/ethernet/google/gve/gve_main.c ++++ b/drivers/net/ethernet/google/gve/gve_main.c +@@ -121,7 +121,7 @@ static int gve_napi_poll(struct napi_str + /* Double check we have no extra work. + * Ensure unmask synchronizes with checking for work. + */ +- dma_rmb(); ++ mb(); + if (block->tx) + reschedule |= gve_tx_poll(block, -1); + if (block->rx) diff --git a/patches.suse/ice-Allow-all-LLDP-packets-from-PF-to-Tx.patch b/patches.suse/ice-Allow-all-LLDP-packets-from-PF-to-Tx.patch new file mode 100644 index 0000000..271977b --- /dev/null +++ b/patches.suse/ice-Allow-all-LLDP-packets-from-PF-to-Tx.patch @@ -0,0 +1,56 @@ +From: Dave Ertman +Date: Wed, 5 May 2021 14:17:59 -0700 +Subject: ice: Allow all LLDP packets from PF to Tx +Patch-mainline: v5.13-rc5 +Git-commit: f9f83202b7263ac371d616d6894a2c9ed79158ef +References: jsc#SLE-7926 + +Currently in the ice driver, the check whether to +allow a LLDP packet to egress the interface from the +PF_VSI is being based on the SKB's priority field. +It checks to see if the packets priority is equal to +TC_PRIO_CONTROL. Injected LLDP packets do not always +meet this condition. + +SCAPY defaults to a sk_buff->protocol value of ETH_P_ALL +(0x0003) and does not set the priority field. There will +be other injection methods (even ones used by end users) +that will not correctly configure the socket so that +SKB fields are correctly populated. + +Then ethernet header has to have to correct value for +the protocol though. + +Add a check to also allow packets whose ethhdr->h_proto +matches ETH_P_LLDP (0x88CC). + +Fixes: 0c3a6101ff2d ("ice: Allow egress control packets from PF_VSI") +Signed-off-by: Dave Ertman +Tested-by: Tony Brelinski +Signed-off-by: Tony Nguyen +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/intel/ice/ice_txrx.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/net/ethernet/intel/ice/ice_txrx.c ++++ b/drivers/net/ethernet/intel/ice/ice_txrx.c +@@ -2157,6 +2157,7 @@ ice_xmit_frame_ring(struct sk_buff *skb, + struct ice_tx_offload_params offload = { 0 }; + struct ice_vsi *vsi = tx_ring->vsi; + struct ice_tx_buf *first; ++ struct ethhdr *eth; + unsigned int count; + int tso, csum; + +@@ -2204,7 +2205,9 @@ ice_xmit_frame_ring(struct sk_buff *skb, + goto out_drop; + + /* allow CONTROL frames egress from main VSI if FW LLDP disabled */ +- if (unlikely(skb->priority == TC_PRIO_CONTROL && ++ eth = (struct ethhdr *)skb_mac_header(skb); ++ if (unlikely((skb->priority == TC_PRIO_CONTROL || ++ eth->h_proto == htons(ETH_P_LLDP)) && + vsi->type == ICE_VSI_PF && + vsi->port_info->is_sw_lldp)) + offload.cd_qw1 |= (u64)(ICE_TX_DESC_DTYPE_CTX | diff --git a/patches.suse/ice-Fix-VFR-issues-for-AVF-drivers-that-expect-ATQLE.patch b/patches.suse/ice-Fix-VFR-issues-for-AVF-drivers-that-expect-ATQLE.patch new file mode 100644 index 0000000..a9f1b06 --- /dev/null +++ b/patches.suse/ice-Fix-VFR-issues-for-AVF-drivers-that-expect-ATQLE.patch @@ -0,0 +1,54 @@ +From: Brett Creeley +Date: Fri, 26 Feb 2021 13:19:21 -0800 +Subject: ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared +Patch-mainline: v5.13-rc5 +Git-commit: 8679f07a9922068b9b6be81b632f52cac45d1b91 +References: git-fixes + +Some AVF drivers expect the VF_MBX_ATQLEN register to be cleared for any +type of VFR/VFLR. Fix this by clearing the VF_MBX_ATQLEN register at the +same time as VF_MBX_ARQLEN. + +Fixes: 82ba01282cf8 ("ice: clear VF ARQLEN register on reset") +Signed-off-by: Brett Creeley +Tested-by: Konrad Jankowski +Signed-off-by: Tony Nguyen +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/intel/ice/ice_hw_autogen.h | 1 + + drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c | 12 +++++++----- + 2 files changed, 8 insertions(+), 5 deletions(-) + +--- a/drivers/net/ethernet/intel/ice/ice_hw_autogen.h ++++ b/drivers/net/ethernet/intel/ice/ice_hw_autogen.h +@@ -34,6 +34,7 @@ + #define PF_FW_ATQLEN_ATQOVFL_M BIT(29) + #define PF_FW_ATQLEN_ATQCRIT_M BIT(30) + #define VF_MBX_ARQLEN(_VF) (0x0022BC00 + ((_VF) * 4)) ++#define VF_MBX_ATQLEN(_VF) (0x0022A800 + ((_VF) * 4)) + #define PF_FW_ATQLEN_ATQENABLE_M BIT(31) + #define PF_FW_ATQT 0x00080400 + #define PF_MBX_ARQBAH 0x0022E400 +--- a/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c ++++ b/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c +@@ -370,13 +370,15 @@ static void ice_trigger_vf_reset(struct + */ + clear_bit(ICE_VF_STATE_INIT, vf->vf_states); + +- /* VF_MBX_ARQLEN is cleared by PFR, so the driver needs to clear it +- * in the case of VFR. If this is done for PFR, it can mess up VF +- * resets because the VF driver may already have started cleanup +- * by the time we get here. ++ /* VF_MBX_ARQLEN and VF_MBX_ATQLEN are cleared by PFR, so the driver ++ * needs to clear them in the case of VFR/VFLR. If this is done for ++ * PFR, it can mess up VF resets because the VF driver may already ++ * have started cleanup by the time we get here. + */ +- if (!is_pfr) ++ if (!is_pfr) { + wr32(hw, VF_MBX_ARQLEN(vf->vf_id), 0); ++ wr32(hw, VF_MBX_ATQLEN(vf->vf_id), 0); ++ } + + /* In the case of a VFLR, the HW has already reset the VF and we + * just need to clean up, so don't hit the VFRTRIG register. diff --git a/patches.suse/iommu-amd-keep-track-of-amd_iommu_irq_remap-state b/patches.suse/iommu-amd-keep-track-of-amd_iommu_irq_remap-state new file mode 100644 index 0000000..f129862 --- /dev/null +++ b/patches.suse/iommu-amd-keep-track-of-amd_iommu_irq_remap-state @@ -0,0 +1,37 @@ +From: Joerg Roedel +Date: Wed, 17 Mar 2021 10:10:37 +0100 +Subject: iommu/amd: Keep track of amd_iommu_irq_remap state +Git-commit: 4b8ef157ca832f812b3302b1800548bd92c207de +Patch-mainline: v5.12-rc4 +References: https://bugzilla.kernel.org/show_bug.cgi?id=212133 +https://bugzilla.suse.com/show_bug.cgi?id=1183132 bsc#1187343 + +The amd_iommu_irq_remap variable is set to true in amd_iommu_prepare(). +But if initialization fails it is not set to false. Fix that and +correctly keep track of whether irq remapping is enabled or not. + +Fixes: b34f10c2dc59 ("iommu/amd: Stop irq_remapping_select() matching when remapping is disabled") +Cc: stable@vger.kernel.org # v5.11 +Signed-off-by: Joerg Roedel +Link: https://lore.kernel.org/r/20210317091037.31374-4-joro@8bytes.org +Acked-by: Huang Rui +--- + drivers/iommu/amd/init.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/iommu/amd/init.c ++++ b/drivers/iommu/amd/init.c +@@ -2869,8 +2869,11 @@ int __init amd_iommu_prepare(void) + amd_iommu_irq_remap = true; + + ret = iommu_go_to_state(IOMMU_ACPI_FINISHED); +- if (ret) ++ if (ret) { ++ amd_iommu_irq_remap = false; + return ret; ++ } ++ + return amd_iommu_irq_remap ? 0 : -ENODEV; + } + + diff --git a/patches.suse/iommu-fix-a-boundary-issue-to-avoid-performance-drop b/patches.suse/iommu-fix-a-boundary-issue-to-avoid-performance-drop new file mode 100644 index 0000000..7c248e0 --- /dev/null +++ b/patches.suse/iommu-fix-a-boundary-issue-to-avoid-performance-drop @@ -0,0 +1,36 @@ +From: Xiang Chen +Date: Thu, 25 Mar 2021 11:38:24 +0800 +Subject: iommu: Fix a boundary issue to avoid performance drop +Git-commit: 3431c3f660a39f6ced954548a59dba6541ce3eb1 +Patch-mainline: v5.13-rc1 +References: bsc#1187344 + +After the change of patch ("iommu: Switch gather->end to the +inclusive end"), the performace drops from 1600+K IOPS to 1200K in our +kunpeng ARM64 platform. +We find that the range [start1, end1) actually is joint from the range +[end1, end2), but it is considered as disjoint after the change, +so it needs more times of TLB sync, and spends more time on it. +So fix the boundary issue to avoid performance drop. + +Fixes: 862c3715de8f ("iommu: Switch gather->end to the inclusive end") +Signed-off-by: Xiang Chen +Acked-by: Will Deacon +Link: https://lore.kernel.org/r/1616643504-120688-1-git-send-email-chenxiang66@hisilicon.com +Signed-off-by: Joerg Roedel +--- + include/linux/iommu.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/linux/iommu.h ++++ b/include/linux/iommu.h +@@ -547,7 +547,7 @@ static inline void iommu_iotlb_gather_ad + * structure can be rewritten. + */ + if (gather->pgsize != size || +- end < gather->start || start > gather->end) { ++ end + 1 < gather->start || start > gather->end + 1) { + if (gather->pgsize) + iommu_tlb_sync(domain, gather); + gather->pgsize = size; + diff --git a/patches.suse/iommu-virtio-add-missing-module_device_table b/patches.suse/iommu-virtio-add-missing-module_device_table new file mode 100644 index 0000000..e08f3c4 --- /dev/null +++ b/patches.suse/iommu-virtio-add-missing-module_device_table @@ -0,0 +1,32 @@ +From: Bixuan Cui +Date: Sat, 8 May 2021 11:14:51 +0800 +Subject: iommu/virtio: Add missing MODULE_DEVICE_TABLE +Git-commit: 382d91fc0f4f1b13f8a0dcbf7145f4f175b71a18 +Patch-mainline: v5.13-rc4 +References: bsc#1187345 + +This patch adds missing MODULE_DEVICE_TABLE definition which generates +correct modalias for automatic loading of this driver when it is built +as an external module. + +Reported-by: Hulk Robot +Signed-off-by: Bixuan Cui +Fixes: fa4afd78ea12 ("iommu/virtio: Build virtio-iommu as module") +Reviewed-by: Jean-Philippe Brucker +Link: https://lore.kernel.org/r/20210508031451.53493-1-cuibixuan@huawei.com +Signed-off-by: Joerg Roedel +--- + drivers/iommu/virtio-iommu.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/iommu/virtio-iommu.c ++++ b/drivers/iommu/virtio-iommu.c +@@ -1138,6 +1138,7 @@ static struct virtio_device_id id_table[ + { VIRTIO_ID_IOMMU, VIRTIO_DEV_ANY_ID }, + { 0 }, + }; ++MODULE_DEVICE_TABLE(virtio, id_table); + + static struct virtio_driver virtio_iommu_drv = { + .driver.name = KBUILD_MODNAME, + diff --git a/patches.suse/iommu-vt-d-remove-wo-permissions-on-second-level-paging-entries b/patches.suse/iommu-vt-d-remove-wo-permissions-on-second-level-paging-entries new file mode 100644 index 0000000..981c080 --- /dev/null +++ b/patches.suse/iommu-vt-d-remove-wo-permissions-on-second-level-paging-entries @@ -0,0 +1,39 @@ +From: Lu Baolu +Date: Sat, 20 Mar 2021 10:54:12 +0800 +Subject: iommu/vt-d: Remove WO permissions on second-level paging entries +Git-commit: eea53c5816889ee8b64544fa2e9311a81184ff9c +Patch-mainline: v5.13-rc1 +References: bsc#1187346 + +When the first level page table is used for IOVA translation, it only +supports Read-Only and Read-Write permissions. The Write-Only permission +is not supported as the PRESENT bit (implying Read permission) should +always set. When using second level, we still give separate permissions +that allows WriteOnly which seems inconsistent and awkward. We want to +have consistent behavior. After moving to 1st level, we don't want things +to work sometimes, and break if we use 2nd level for the same mappings. +Hence remove this configuration. + +Suggested-by: Ashok Raj +Fixes: b802d070a52a1 ("iommu/vt-d: Use iova over first level") +Signed-off-by: Lu Baolu +Link: https://lore.kernel.org/r/20210320025415.641201-3-baolu.lu@linux.intel.com +Signed-off-by: Joerg Roedel +--- + drivers/iommu/intel/iommu.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/iommu/intel/iommu.c ++++ b/drivers/iommu/intel/iommu.c +@@ -2312,8 +2312,9 @@ static int __domain_mapping(struct dmar_ + return -EINVAL; + + attr = prot & (DMA_PTE_READ | DMA_PTE_WRITE | DMA_PTE_SNP); ++ attr |= DMA_FL_PTE_PRESENT; + if (domain_use_first_level(domain)) +- attr |= DMA_FL_PTE_PRESENT | DMA_FL_PTE_XD | DMA_FL_PTE_US; ++ attr |= DMA_FL_PTE_XD | DMA_FL_PTE_US; + + if (!sg) { + sg_res = nr_pages; + diff --git a/patches.suse/iommu-vt-d-report-right-snoop-capability-when-using-fl-for-iova b/patches.suse/iommu-vt-d-report-right-snoop-capability-when-using-fl-for-iova new file mode 100644 index 0000000..e5b0a33 --- /dev/null +++ b/patches.suse/iommu-vt-d-report-right-snoop-capability-when-using-fl-for-iova @@ -0,0 +1,106 @@ +From: Lu Baolu +Date: Tue, 30 Mar 2021 10:11:45 +0800 +Subject: iommu/vt-d: Report right snoop capability when using FL for IOVA +Git-commit: 6c00612d0cba10f7d0917cf1f73c945003ed4cd7 +Patch-mainline: v5.13-rc1 +References: bsc#1187347 + +The Intel VT-d driver checks wrong register to report snoop capablility +when using first level page table for GPA to HPA translation. This might +lead the IOMMU driver to say that it supports snooping control, but in +reality, it does not. Fix this by always setting PASID-table-entry.PGSNP +whenever a pasid entry is setting up for GPA to HPA translation so that +the IOMMU driver could report snoop capability as long as it runs in the +scalable mode. + +Fixes: b802d070a52a1 ("iommu/vt-d: Use iova over first level") +Suggested-by: Rajesh Sankaran +Suggested-by: Kevin Tian +Suggested-by: Ashok Raj +Signed-off-by: Lu Baolu +Link: https://lore.kernel.org/r/20210330021145.13824-1-baolu.lu@linux.intel.com +Signed-off-by: Joerg Roedel +--- + drivers/iommu/intel/intel-pasid.h | 1 + + drivers/iommu/intel/iommu.c | 12 +++++++++++- + drivers/iommu/intel/pasid.c | 16 ++++++++++++++++ + 3 files changed, 28 insertions(+), 1 deletion(-) + +--- a/drivers/iommu/intel/intel-pasid.h ++++ b/drivers/iommu/intel/intel-pasid.h +@@ -48,6 +48,7 @@ + */ + #define PASID_FLAG_SUPERVISOR_MODE BIT(0) + #define PASID_FLAG_NESTED BIT(1) ++#define PASID_FLAG_PAGE_SNOOP BIT(2) + + /* + * The PASID_FLAG_FL5LP flag Indicates using 5-level paging for first- +--- a/drivers/iommu/intel/iommu.c ++++ b/drivers/iommu/intel/iommu.c +@@ -658,7 +658,14 @@ static int domain_update_iommu_snooping( + rcu_read_lock(); + for_each_active_iommu(iommu, drhd) { + if (iommu != skip) { +- if (!ecap_sc_support(iommu->ecap)) { ++ /* ++ * If the hardware is operating in the scalable mode, ++ * the snooping control is always supported since we ++ * always set PASID-table-entry.PGSNP bit if the domain ++ * is managed outside (UNMANAGED). ++ */ ++ if (!sm_supported(iommu) && ++ !ecap_sc_support(iommu->ecap)) { + ret = 0; + break; + } +@@ -2557,6 +2564,9 @@ static int domain_setup_first_level(stru + + flags |= (level == 5) ? PASID_FLAG_FL5LP : 0; + ++ if (domain->domain.type == IOMMU_DOMAIN_UNMANAGED) ++ flags |= PASID_FLAG_PAGE_SNOOP; ++ + return intel_pasid_setup_first_level(iommu, dev, (pgd_t *)pgd, pasid, + domain->iommu_did[iommu->seq_id], + flags); +--- a/drivers/iommu/intel/pasid.c ++++ b/drivers/iommu/intel/pasid.c +@@ -412,6 +412,16 @@ static inline void pasid_set_page_snoop( + } + + /* ++ * Setup the Page Snoop (PGSNP) field (Bit 88) of a scalable mode ++ * PASID entry. ++ */ ++static inline void ++pasid_set_pgsnp(struct pasid_entry *pe) ++{ ++ pasid_set_bits(&pe->val[1], 1ULL << 24, 1ULL << 24); ++} ++ ++/* + * Setup the First Level Page table Pointer field (Bit 140~191) + * of a scalable mode PASID entry. + */ +@@ -579,6 +589,9 @@ int intel_pasid_setup_first_level(struct + } + } + ++ if (flags & PASID_FLAG_PAGE_SNOOP) ++ pasid_set_pgsnp(pte); ++ + pasid_set_domain_id(pte, did); + pasid_set_address_width(pte, iommu->agaw); + pasid_set_page_snoop(pte, !!ecap_smpwc(iommu->ecap)); +@@ -657,6 +670,9 @@ int intel_pasid_setup_second_level(struc + pasid_set_fault_enable(pte); + pasid_set_page_snoop(pte, !!ecap_smpwc(iommu->ecap)); + ++ if (domain->domain.type == IOMMU_DOMAIN_UNMANAGED) ++ pasid_set_pgsnp(pte); ++ + /* + * Since it is a second level only translation setup, we should + * set SRE bit as well (addresses are expected to be GPAs). + diff --git a/patches.suse/iommu-vt-d-use-user-privilege-for-rid2pasid-translation b/patches.suse/iommu-vt-d-use-user-privilege-for-rid2pasid-translation new file mode 100644 index 0000000..ef0a806 --- /dev/null +++ b/patches.suse/iommu-vt-d-use-user-privilege-for-rid2pasid-translation @@ -0,0 +1,63 @@ +From: Lu Baolu +Date: Wed, 19 May 2021 09:50:27 +0800 +Subject: iommu/vt-d: Use user privilege for RID2PASID translation +Git-commit: 54c80d907400189b09548039be8f3b6e297e8ae3 +Patch-mainline: v5.13-rc4 +References: bsc#1187348 + +When first-level page tables are used for IOVA translation, we use user +privilege by setting U/S bit in the page table entry. This is to make it +consistent with the second level translation, where the U/S enforcement +is not available. Clear the SRE (Supervisor Request Enable) field in the +pasid table entry of RID2PASID so that requests requesting the supervisor +privilege are blocked and treated as DMA remapping faults. + +Fixes: b802d070a52a1 ("iommu/vt-d: Use iova over first level") +Suggested-by: Jacob Pan +Signed-off-by: Lu Baolu +Link: https://lore.kernel.org/r/20210512064426.3440915-1-baolu.lu@linux.intel.com +Link: https://lore.kernel.org/r/20210519015027.108468-3-baolu.lu@linux.intel.com +Signed-off-by: Joerg Roedel +--- + drivers/iommu/intel/iommu.c | 7 +++++-- + drivers/iommu/intel/pasid.c | 3 ++- + 2 files changed, 7 insertions(+), 3 deletions(-) + +--- a/drivers/iommu/intel/iommu.c ++++ b/drivers/iommu/intel/iommu.c +@@ -2545,9 +2545,9 @@ static int domain_setup_first_level(stru + struct device *dev, + u32 pasid) + { +- int flags = PASID_FLAG_SUPERVISOR_MODE; + struct dma_pte *pgd = domain->pgd; + int agaw, level; ++ int flags = 0; + + /* + * Skip top levels of page tables for iommu which has +@@ -2563,7 +2563,10 @@ static int domain_setup_first_level(stru + if (level != 4 && level != 5) + return -EINVAL; + +- flags |= (level == 5) ? PASID_FLAG_FL5LP : 0; ++ if (pasid != PASID_RID2PASID) ++ flags |= PASID_FLAG_SUPERVISOR_MODE; ++ if (level == 5) ++ flags |= PASID_FLAG_FL5LP; + + if (domain->domain.type == IOMMU_DOMAIN_UNMANAGED) + flags |= PASID_FLAG_PAGE_SNOOP; +--- a/drivers/iommu/intel/pasid.c ++++ b/drivers/iommu/intel/pasid.c +@@ -677,7 +677,8 @@ int intel_pasid_setup_second_level(struc + * Since it is a second level only translation setup, we should + * set SRE bit as well (addresses are expected to be GPAs). + */ +- pasid_set_sre(pte); ++ if (pasid != PASID_RID2PASID) ++ pasid_set_sre(pte); + pasid_set_present(pte); + pasid_flush_caches(iommu, pte, pasid, did); + + diff --git a/patches.suse/ixgbe-fix-large-MTU-request-from-VF.patch b/patches.suse/ixgbe-fix-large-MTU-request-from-VF.patch new file mode 100644 index 0000000..5e46dd6 --- /dev/null +++ b/patches.suse/ixgbe-fix-large-MTU-request-from-VF.patch @@ -0,0 +1,69 @@ +From: Jesse Brandeburg +Date: Thu, 20 May 2021 11:18:35 -0700 +Subject: ixgbe: fix large MTU request from VF +Patch-mainline: v5.13-rc4 +Git-commit: 63e39d29b3da02e901349f6cd71159818a4737a6 +References: git-fixes + +Check that the MTU value requested by the VF is in the supported +range of MTUs before attempting to set the VF large packet enable, +otherwise reject the request. This also avoids unnecessary +register updates in the case of the 82599 controller. + +Fixes: 872844ddb9e4 ("ixgbe: Enable jumbo frames support w/ SR-IOV") +Co-developed-by: Piotr Skajewski +Signed-off-by: Piotr Skajewski +Signed-off-by: Jesse Brandeburg +Co-developed-by: Mateusz Palczewski +Signed-off-by: Mateusz Palczewski +Tested-by: Konrad Jankowski +Signed-off-by: Tony Nguyen +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +@@ -467,12 +467,16 @@ static int ixgbe_set_vf_vlan(struct ixgb + return err; + } + +-static s32 ixgbe_set_vf_lpe(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf) ++static int ixgbe_set_vf_lpe(struct ixgbe_adapter *adapter, u32 max_frame, u32 vf) + { + struct ixgbe_hw *hw = &adapter->hw; +- int max_frame = msgbuf[1]; + u32 max_frs; + ++ if (max_frame < ETH_MIN_MTU || max_frame > IXGBE_MAX_JUMBO_FRAME_SIZE) { ++ e_err(drv, "VF max_frame %d out of range\n", max_frame); ++ return -EINVAL; ++ } ++ + /* + * For 82599EB we have to keep all PFs and VFs operating with + * the same max_frame value in order to avoid sending an oversize +@@ -533,12 +537,6 @@ static s32 ixgbe_set_vf_lpe(struct ixgbe + } + } + +- /* MTU < 68 is an error and causes problems on some kernels */ +- if (max_frame > IXGBE_MAX_JUMBO_FRAME_SIZE) { +- e_err(drv, "VF max_frame %d out of range\n", max_frame); +- return -EINVAL; +- } +- + /* pull current max frame size from hardware */ + max_frs = IXGBE_READ_REG(hw, IXGBE_MAXFRS); + max_frs &= IXGBE_MHADD_MFS_MASK; +@@ -1249,7 +1247,7 @@ static int ixgbe_rcv_msg_from_vf(struct + retval = ixgbe_set_vf_vlan_msg(adapter, msgbuf, vf); + break; + case IXGBE_VF_SET_LPE: +- retval = ixgbe_set_vf_lpe(adapter, msgbuf, vf); ++ retval = ixgbe_set_vf_lpe(adapter, msgbuf[1], vf); + break; + case IXGBE_VF_SET_MACVLAN: + retval = ixgbe_set_vf_macvlan_msg(adapter, msgbuf, vf); diff --git a/patches.suse/locking-mutex-clear-MUTEX_FLAGS-if-wait_list-is-empt.patch b/patches.suse/locking-mutex-clear-MUTEX_FLAGS-if-wait_list-is-empt.patch new file mode 100644 index 0000000..da7d9ad --- /dev/null +++ b/patches.suse/locking-mutex-clear-MUTEX_FLAGS-if-wait_list-is-empt.patch @@ -0,0 +1,136 @@ +From 3a010c493271f04578b133de977e0e5dd2848cea Mon Sep 17 00:00:00 2001 +From: Zqiang +Date: Mon, 17 May 2021 11:40:05 +0800 +Subject: [PATCH] locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal +Git-commit: 3a010c493271f04578b133de977e0e5dd2848cea +Patch-mainline: v5.13-rc3 +References: git-fixes + +When a interruptible mutex locker is interrupted by a signal +without acquiring this lock and removed from the wait queue. +if the mutex isn't contended enough to have a waiter +put into the wait queue again, the setting of the WAITER +bit will force mutex locker to go into the slowpath to +acquire the lock every time, so if the wait queue is empty, +the WAITER bit need to be clear. + +Fixes: 040a0a371005 ("mutex: Add support for wound/wait style locks") +Suggested-by: Peter Zijlstra +Signed-off-by: Zqiang +Signed-off-by: Peter Zijlstra (Intel) +Link: https://lkml.kernel.org/r/20210517034005.30828-1-qiang.zhang@windriver.com +Signed-off-by: Davidlohr Bueso + +--- + kernel/locking/mutex-debug.c | 4 ++-- + kernel/locking/mutex-debug.h | 2 +- + kernel/locking/mutex.c | 18 +++++++++++++----- + kernel/locking/mutex.h | 4 +--- + 4 files changed, 17 insertions(+), 11 deletions(-) + +diff --git a/kernel/locking/mutex-debug.c b/kernel/locking/mutex-debug.c +index 771d4ca96dda..4fe40910f471 100644 +--- a/kernel/locking/mutex-debug.c ++++ b/kernel/locking/mutex-debug.c +@@ -57,7 +57,7 @@ void debug_mutex_add_waiter(struct mutex *lock, struct mutex_waiter *waiter, + task->blocked_on = waiter; + } + +-void mutex_remove_waiter(struct mutex *lock, struct mutex_waiter *waiter, ++void debug_mutex_remove_waiter(struct mutex *lock, struct mutex_waiter *waiter, + struct task_struct *task) + { + DEBUG_LOCKS_WARN_ON(list_empty(&waiter->list)); +@@ -65,7 +65,7 @@ void mutex_remove_waiter(struct mutex *lock, struct mutex_waiter *waiter, + DEBUG_LOCKS_WARN_ON(task->blocked_on != waiter); + task->blocked_on = NULL; + +- list_del_init(&waiter->list); ++ INIT_LIST_HEAD(&waiter->list); + waiter->task = NULL; + } + +diff --git a/kernel/locking/mutex-debug.h b/kernel/locking/mutex-debug.h +index 1edd3f45a4ec..53e631e1d76d 100644 +--- a/kernel/locking/mutex-debug.h ++++ b/kernel/locking/mutex-debug.h +@@ -22,7 +22,7 @@ extern void debug_mutex_free_waiter(struct mutex_waiter *waiter); + extern void debug_mutex_add_waiter(struct mutex *lock, + struct mutex_waiter *waiter, + struct task_struct *task); +-extern void mutex_remove_waiter(struct mutex *lock, struct mutex_waiter *waiter, ++extern void debug_mutex_remove_waiter(struct mutex *lock, struct mutex_waiter *waiter, + struct task_struct *task); + extern void debug_mutex_unlock(struct mutex *lock); + extern void debug_mutex_init(struct mutex *lock, const char *name, +diff --git a/kernel/locking/mutex.c b/kernel/locking/mutex.c +index 468a9b8422e3..1c46b241cde1 100644 +--- a/kernel/locking/mutex.c ++++ b/kernel/locking/mutex.c +@@ -204,7 +204,7 @@ static inline bool __mutex_waiter_is_first(struct mutex *lock, struct mutex_wait + * Add @waiter to a given location in the lock wait_list and set the + * FLAG_WAITERS flag if it's the first waiter. + */ +-static void __sched ++static void + __mutex_add_waiter(struct mutex *lock, struct mutex_waiter *waiter, + struct list_head *list) + { +@@ -215,6 +215,16 @@ __mutex_add_waiter(struct mutex *lock, struct mutex_waiter *waiter, + __mutex_set_flag(lock, MUTEX_FLAG_WAITERS); + } + ++static void ++__mutex_remove_waiter(struct mutex *lock, struct mutex_waiter *waiter) ++{ ++ list_del(&waiter->list); ++ if (likely(list_empty(&lock->wait_list))) ++ __mutex_clear_flag(lock, MUTEX_FLAGS); ++ ++ debug_mutex_remove_waiter(lock, waiter, current); ++} ++ + /* + * Give up ownership to a specific task, when @task = NULL, this is equivalent + * to a regular unlock. Sets PICKUP on a handoff, clears HANDOF, preserves +@@ -1068,9 +1078,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass, + __ww_mutex_check_waiters(lock, ww_ctx); + } + +- mutex_remove_waiter(lock, &waiter, current); +- if (likely(list_empty(&lock->wait_list))) +- __mutex_clear_flag(lock, MUTEX_FLAGS); ++ __mutex_remove_waiter(lock, &waiter); + + debug_mutex_free_waiter(&waiter); + +@@ -1087,7 +1095,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass, + + err: + __set_current_state(TASK_RUNNING); +- mutex_remove_waiter(lock, &waiter, current); ++ __mutex_remove_waiter(lock, &waiter); + err_early_kill: + spin_unlock(&lock->wait_lock); + debug_mutex_free_waiter(&waiter); +diff --git a/kernel/locking/mutex.h b/kernel/locking/mutex.h +index 1c2287d3fa71..f0c710b1d192 100644 +--- a/kernel/locking/mutex.h ++++ b/kernel/locking/mutex.h +@@ -10,12 +10,10 @@ + * !CONFIG_DEBUG_MUTEXES case. Most of them are NOPs: + */ + +-#define mutex_remove_waiter(lock, waiter, task) \ +- __list_del((waiter)->list.prev, (waiter)->list.next) +- + #define debug_mutex_wake_waiter(lock, waiter) do { } while (0) + #define debug_mutex_free_waiter(waiter) do { } while (0) + #define debug_mutex_add_waiter(lock, waiter, ti) do { } while (0) ++#define debug_mutex_remove_waiter(lock, waiter, ti) do { } while (0) + #define debug_mutex_unlock(lock) do { } while (0) + #define debug_mutex_init(lock, name, key) do { } while (0) + +-- +2.26.2 + diff --git a/patches.suse/mac80211-add-fragment-cache-to-sta_info.patch b/patches.suse/mac80211-add-fragment-cache-to-sta_info.patch index 0fc19ef..98fdc33 100644 --- a/patches.suse/mac80211-add-fragment-cache-to-sta_info.patch +++ b/patches.suse/mac80211-add-fragment-cache-to-sta_info.patch @@ -3,8 +3,7 @@ From: Johannes Berg Date: Tue, 11 May 2021 20:02:47 +0200 Subject: [PATCH] mac80211: add fragment cache to sta_info Git-commit: 3a11ce08c45b50d69c891d71760b7c5b92074709 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git -Patch-mainline: Queued in subsystem maintainer repo +Patch-mainline: v5.13-rc4 References: CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185859 Prior patches protected against fragmentation cache attacks diff --git a/patches.suse/mac80211-assure-all-fragments-are-encrypted.patch b/patches.suse/mac80211-assure-all-fragments-are-encrypted.patch index 7106066..b8d08e0 100644 --- a/patches.suse/mac80211-assure-all-fragments-are-encrypted.patch +++ b/patches.suse/mac80211-assure-all-fragments-are-encrypted.patch @@ -3,8 +3,7 @@ From: Mathy Vanhoef Date: Tue, 11 May 2021 20:02:42 +0200 Subject: [PATCH] mac80211: assure all fragments are encrypted Git-commit: 965a7d72e798eb7af0aa67210e37cf7ecd1c9cad -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git -Patch-mainline: Queued in subsystem maintainer repo +Patch-mainline: v5.13-rc4 References: CVE-2020-26147 bsc#1185863 bsc#1185859 Do not mix plaintext and encrypted fragments in protected Wi-Fi diff --git a/patches.suse/mac80211-check-defrag-PN-against-current-frame.patch b/patches.suse/mac80211-check-defrag-PN-against-current-frame.patch index a088416..1714915 100644 --- a/patches.suse/mac80211-check-defrag-PN-against-current-frame.patch +++ b/patches.suse/mac80211-check-defrag-PN-against-current-frame.patch @@ -3,8 +3,7 @@ From: Johannes Berg Date: Tue, 11 May 2021 20:02:48 +0200 Subject: [PATCH] mac80211: check defrag PN against current frame Git-commit: bf30ca922a0c0176007e074b0acc77ed345e9990 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git -Patch-mainline: Queued in subsystem maintainer repo +Patch-mainline: v5.13-rc4 References: CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859 As pointed out by Mathy Vanhoef, we implement the RX PN check diff --git a/patches.suse/mac80211-do-not-accept-forward-invalid-EAPOL-frames.patch b/patches.suse/mac80211-do-not-accept-forward-invalid-EAPOL-frames.patch index 5c9c79d..0a6fc87 100644 --- a/patches.suse/mac80211-do-not-accept-forward-invalid-EAPOL-frames.patch +++ b/patches.suse/mac80211-do-not-accept-forward-invalid-EAPOL-frames.patch @@ -3,8 +3,7 @@ From: Johannes Berg Date: Tue, 11 May 2021 20:02:50 +0200 Subject: [PATCH] mac80211: do not accept/forward invalid EAPOL frames Git-commit: a8c4d76a8dd4fb9666fc8919a703d85fb8f44ed8 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git -Patch-mainline: Queued in subsystem maintainer repo +Patch-mainline: v5.13-rc4 References: CVE-2020-26139 bsc#1186062 EAPOL frames are used for authentication and key management between the diff --git a/patches.suse/mac80211-drop-A-MSDUs-on-old-ciphers.patch b/patches.suse/mac80211-drop-A-MSDUs-on-old-ciphers.patch index 833a9ec..fcfca56 100644 --- a/patches.suse/mac80211-drop-A-MSDUs-on-old-ciphers.patch +++ b/patches.suse/mac80211-drop-A-MSDUs-on-old-ciphers.patch @@ -3,8 +3,7 @@ From: Johannes Berg Date: Tue, 11 May 2021 20:02:46 +0200 Subject: [PATCH] mac80211: drop A-MSDUs on old ciphers Git-commit: 270032a2a9c4535799736142e1e7c413ca7b836e -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git -Patch-mainline: Queued in subsystem maintainer repo +Patch-mainline: v5.13-rc4 References: CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859 With old ciphers (WEP and TKIP) we shouldn't be using A-MSDUs diff --git a/patches.suse/mac80211-extend-protection-against-mixed-key-and-fra.patch b/patches.suse/mac80211-extend-protection-against-mixed-key-and-fra.patch index 4eea12a..fd7ede5 100644 --- a/patches.suse/mac80211-extend-protection-against-mixed-key-and-fra.patch +++ b/patches.suse/mac80211-extend-protection-against-mixed-key-and-fra.patch @@ -3,8 +3,7 @@ From: Wen Gong Date: Tue, 11 May 2021 20:02:51 +0200 Subject: [PATCH] mac80211: extend protection against mixed key and fragment cache attacks Git-commit: 3edc6b0d6c061a70d8ca3c3c72eb1f58ce29bfb1 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git -Patch-mainline: Queued in subsystem maintainer repo +Patch-mainline: v5.13-rc4 References: CVE-2020-24586 bsc#1185859 For some chips/drivers, e.g., QCA6174 with ath10k, the decryption is diff --git a/patches.suse/mac80211-prevent-attacks-on-TKIP-WEP-as-well.patch b/patches.suse/mac80211-prevent-attacks-on-TKIP-WEP-as-well.patch index 5e6c7e8..4838f68 100644 --- a/patches.suse/mac80211-prevent-attacks-on-TKIP-WEP-as-well.patch +++ b/patches.suse/mac80211-prevent-attacks-on-TKIP-WEP-as-well.patch @@ -3,8 +3,7 @@ From: Johannes Berg Date: Tue, 11 May 2021 20:02:49 +0200 Subject: [PATCH] mac80211: prevent attacks on TKIP/WEP as well Git-commit: 7e44a0b597f04e67eee8cdcbe7ee706c6f5de38b -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git -Patch-mainline: Queued in subsystem maintainer repo +Patch-mainline: v5.13-rc4 References: CVE-2020-24586 bsc#1185859 Similar to the issues fixed in previous patches, TKIP and WEP diff --git a/patches.suse/mac80211-prevent-mixed-key-and-fragment-cache-attack.patch b/patches.suse/mac80211-prevent-mixed-key-and-fragment-cache-attack.patch index 53b3cef..3f6104a 100644 --- a/patches.suse/mac80211-prevent-mixed-key-and-fragment-cache-attack.patch +++ b/patches.suse/mac80211-prevent-mixed-key-and-fragment-cache-attack.patch @@ -3,8 +3,7 @@ From: Mathy Vanhoef Date: Tue, 11 May 2021 20:02:43 +0200 Subject: [PATCH] mac80211: prevent mixed key and fragment cache attacks Git-commit: 94034c40ab4a3fcf581fbc7f8fdf4e29943c4a24 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git -Patch-mainline: Queued in subsystem maintainer repo +Patch-mainline: v5.13-rc4 References: CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859 Simultaneously prevent mixed key attacks (CVE-2020-24587) and fragment diff --git a/patches.suse/mac80211-properly-handle-A-MSDUs-that-start-with-an-.patch b/patches.suse/mac80211-properly-handle-A-MSDUs-that-start-with-an-.patch index e8c0d80..c60ec81 100644 --- a/patches.suse/mac80211-properly-handle-A-MSDUs-that-start-with-an-.patch +++ b/patches.suse/mac80211-properly-handle-A-MSDUs-that-start-with-an-.patch @@ -3,8 +3,7 @@ From: Mathy Vanhoef Date: Tue, 11 May 2021 20:02:44 +0200 Subject: [PATCH] mac80211: properly handle A-MSDUs that start with an RFC 1042 header Git-commit: a1d5ff5651ea592c67054233b14b30bf4452999c -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git -Patch-mainline: Queued in subsystem maintainer repo +Patch-mainline: v5.13-rc4 References: CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859 Properly parse A-MSDUs whose first 6 bytes happen to equal a rfc1042 diff --git a/patches.suse/mmc-sdhci-Clear-unused-bounce-buffer-at-DMA-mmap-err.patch b/patches.suse/mmc-sdhci-Clear-unused-bounce-buffer-at-DMA-mmap-err.patch new file mode 100644 index 0000000..fbc8743 --- /dev/null +++ b/patches.suse/mmc-sdhci-Clear-unused-bounce-buffer-at-DMA-mmap-err.patch @@ -0,0 +1,43 @@ +From: Takashi Iwai +Subject: [PATCH v2] mmc: sdhci: Clear unused bounce buffer at DMA mmap error + path +Date: Fri, 11 Jun 2021 12:19:48 +0200 +Message-Id: <20210611101948.18972-1-tiwai@suse.de> +Patch-mainline: Submitted, linux-mmc ML +References: bsc#1187039 + +When DMA-mapping of the bounce buffer fails, the driver tries to fall +back, but it leaves the allocated host->bounce_buffer although its +size is zero. Later on, the driver checks the use of bounce buffer +with host->bounce_buffer pointer, and it tries to use the buffer +incorrectly, resulting in Oops. + +This patch clears the release the unused buffer and clears the +bounce_buffer pointer for addressing the problem. + +Acked-by: Adrian Hunter +Signed-off-by: Takashi Iwai + +--- +v1->v2: correct the device pointer to mmc_dev(mmc) + + drivers/mmc/host/sdhci.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/mmc/host/sdhci.c ++++ b/drivers/mmc/host/sdhci.c +@@ -3929,9 +3929,13 @@ static void sdhci_allocate_bounce_buffer + bounce_size, + DMA_BIDIRECTIONAL); + ret = dma_mapping_error(mmc->parent, host->bounce_addr); +- if (ret) ++ if (ret) { ++ devm_kfree(mmc->parent, host->bounce_buffer); ++ host->bounce_buffer = NULL; + /* Again fall back to max_segs == 1 */ + return; ++ } ++ + host->bounce_buffer_size = bounce_size; + + /* Lie about this since we're bouncing */ diff --git a/patches.suse/net-bnx2-Fix-error-return-code-in-bnx2_init_board.patch b/patches.suse/net-bnx2-Fix-error-return-code-in-bnx2_init_board.patch new file mode 100644 index 0000000..bd2ccc1 --- /dev/null +++ b/patches.suse/net-bnx2-Fix-error-return-code-in-bnx2_init_board.patch @@ -0,0 +1,33 @@ +From: Zhen Lei +Date: Sat, 15 May 2021 15:16:05 +0800 +Subject: net: bnx2: Fix error return code in bnx2_init_board() +Patch-mainline: v5.13-rc4 +Git-commit: 28c66b6da4087b8cfe81c2ec0a46eb6116dafda9 +References: git-fixes + +Fix to return -EPERM from the error handling case instead of 0, as done +elsewhere in this function. + +Fixes: b6016b767397 ("[BNX2]: New Broadcom gigabit network driver.") +Reported-by: Hulk Robot +Signed-off-by: Zhen Lei +Reviewed-by: Michael Chan +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/broadcom/bnx2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/ethernet/broadcom/bnx2.c ++++ b/drivers/net/ethernet/broadcom/bnx2.c +@@ -8249,9 +8249,9 @@ bnx2_init_board(struct pci_dev *pdev, st + BNX2_WR(bp, PCI_COMMAND, reg); + } else if ((BNX2_CHIP_ID(bp) == BNX2_CHIP_ID_5706_A1) && + !(bp->flags & BNX2_FLAG_PCIX)) { +- + dev_err(&pdev->dev, + "5706 A1 can only be used in a PCIX bus, aborting\n"); ++ rc = -EPERM; + goto err_out_unmap; + } + diff --git a/patches.suse/net-hns3-Limiting-the-scope-of-vector_ring_chain-var.patch b/patches.suse/net-hns3-Limiting-the-scope-of-vector_ring_chain-var.patch new file mode 100644 index 0000000..7a5991b --- /dev/null +++ b/patches.suse/net-hns3-Limiting-the-scope-of-vector_ring_chain-var.patch @@ -0,0 +1,37 @@ +From: Salil Mehta +Date: Mon, 5 Apr 2021 18:28:25 +0100 +Subject: net: hns3: Limiting the scope of vector_ring_chain variable +Patch-mainline: v5.13-rc1 +Git-commit: d392ecd1bc29ae15b0e284d5f732c2d36f244271 +References: git-fixes + +Limiting the scope of the variable vector_ring_chain to the block where it +is used. + +Fixes: 424eb834a9be ("net: hns3: Unified HNS3 {VF|PF} Ethernet Driver for hip08 SoC") +Signed-off-by: Salil Mehta +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c ++++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c +@@ -3503,7 +3503,6 @@ static void hns3_nic_set_cpumask(struct + + static int hns3_nic_init_vector_data(struct hns3_nic_priv *priv) + { +- struct hnae3_ring_chain_node vector_ring_chain; + struct hnae3_handle *h = priv->ae_handle; + struct hns3_enet_tqp_vector *tqp_vector; + int ret = 0; +@@ -3535,6 +3534,8 @@ static int hns3_nic_init_vector_data(str + } + + for (i = 0; i < priv->vector_num; i++) { ++ struct hnae3_ring_chain_node vector_ring_chain; ++ + tqp_vector = &priv->tqp_vector[i]; + + tqp_vector->rx_group.total_bytes = 0; diff --git a/patches.suse/net-hns3-put-off-calling-register_netdev-until-clien.patch b/patches.suse/net-hns3-put-off-calling-register_netdev-until-clien.patch new file mode 100644 index 0000000..e679e47 --- /dev/null +++ b/patches.suse/net-hns3-put-off-calling-register_netdev-until-clien.patch @@ -0,0 +1,132 @@ +From: Jian Shen +Date: Tue, 18 May 2021 19:36:01 +0800 +Subject: net: hns3: put off calling register_netdev() until client initialize + complete +Patch-mainline: v5.13-rc4 +Git-commit: a289a7e5c1d49b7d47df9913c1cc81fb48fab613 +References: bsc#1154353 + +Currently, the netdevice is registered before client initializing +complete. So there is a timewindow between netdevice available +and usable. In this case, if user try to change the channel number +or ring param, it may cause the hns3_set_rx_cpu_rmap() being called +twice, and report bug. + +[47199.416502] hns3 0000:35:00.0 eth1: set channels: tqp_num=1, rxfh=0 +[47199.430340] hns3 0000:35:00.0 eth1: already uninitialized +[47199.438554] hns3 0000:35:00.0: rss changes from 4 to 1 +[47199.511854] hns3 0000:35:00.0: Channels changed, rss_size from 4 to 1, tqps from 4 to 1 +[47200.163524] ------------[ cut here ]------------ +[47200.171674] kernel BUG at lib/cpu_rmap.c:142! +[47200.177847] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP +[47200.185259] Modules linked in: hclge(+) hns3(-) hns3_cae(O) hns_roce_hw_v2 hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O) [last unloaded: hclge] +[47200.205912] CPU: 1 PID: 8260 Comm: ethtool Tainted: G O 5.11.0-rc3+ #1 +[47200.215601] Hardware name: , xxxxxx 02/04/2021 +[47200.223052] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) +[47200.230188] pc : cpu_rmap_add+0x38/0x40 +[47200.237472] lr : irq_cpu_rmap_add+0x84/0x140 +[47200.243291] sp : ffff800010e93a30 +[47200.247295] x29: ffff800010e93a30 x28: ffff082100584880 +[47200.254155] x27: 0000000000000000 x26: 0000000000000000 +[47200.260712] x25: 0000000000000000 x24: 0000000000000004 +[47200.267241] x23: ffff08209ba03000 x22: ffff08209ba038c0 +[47200.273789] x21: 000000000000003f x20: ffff0820e2bc1680 +[47200.280400] x19: ffff0820c970ec80 x18: 00000000000000c0 +[47200.286944] x17: 0000000000000000 x16: ffffb43debe4a0d0 +[47200.293456] x15: fffffc2082990600 x14: dead000000000122 +[47200.300059] x13: ffffffffffffffff x12: 000000000000003e +[47200.306606] x11: ffff0820815b8080 x10: ffff53e411988000 +[47200.313171] x9 : 0000000000000000 x8 : ffff0820e2bc1700 +[47200.319682] x7 : 0000000000000000 x6 : 000000000000003f +[47200.326170] x5 : 0000000000000040 x4 : ffff800010e93a20 +[47200.332656] x3 : 0000000000000004 x2 : ffff0820c970ec80 +[47200.339168] x1 : ffff0820e2bc1680 x0 : 0000000000000004 +[47200.346058] Call trace: +[47200.349324] cpu_rmap_add+0x38/0x40 +[47200.354300] hns3_set_rx_cpu_rmap+0x6c/0xe0 [hns3] +[47200.362294] hns3_reset_notify_init_enet+0x1cc/0x340 [hns3] +[47200.370049] hns3_change_channels+0x40/0xb0 [hns3] +[47200.376770] hns3_set_channels+0x12c/0x2a0 [hns3] +[47200.383353] ethtool_set_channels+0x140/0x250 +[47200.389772] dev_ethtool+0x714/0x23d0 +[47200.394440] dev_ioctl+0x4cc/0x640 +[47200.399277] sock_do_ioctl+0x100/0x2a0 +[47200.404574] sock_ioctl+0x28c/0x470 +[47200.409079] __arm64_sys_ioctl+0xb4/0x100 +[47200.415217] el0_svc_common.constprop.0+0x84/0x210 +[47200.422088] do_el0_svc+0x28/0x34 +[47200.426387] el0_svc+0x28/0x70 +[47200.431308] el0_sync_handler+0x1a4/0x1b0 +[47200.436477] el0_sync+0x174/0x180 +[47200.441562] Code: 11000405 79000c45 f8247861 d65f03c0 (d4210000) +[47200.448869] ---[ end trace a01efe4ce42e5f34 ]--- + +The process is like below: +excuting hns3_client_init +| +register_netdev() +| hns3_set_channels() +| | +hns3_set_rx_cpu_rmap() hns3_reset_notify_uninit_enet() +| | +| quit without calling function +| hns3_free_rx_cpu_rmap for flag +| HNS3_NIC_STATE_INITED is unset. +| | +| hns3_reset_notify_init_enet() +| | +set HNS3_NIC_STATE_INITED call hns3_set_rx_cpu_rmap()-- crash + +Fix it by calling register_netdev() at the end of function +hns3_client_init(). + +Fixes: 08a100689d4b ("net: hns3: re-organize vector handle") +Signed-off-by: Jian Shen +Signed-off-by: Huazhong Tan +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c ++++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c +@@ -4063,12 +4063,6 @@ static int hns3_client_init(struct hnae3 + if (ret) + goto out_init_phy; + +- ret = register_netdev(netdev); +- if (ret) { +- dev_err(priv->dev, "probe register netdev fail!\n"); +- goto out_reg_netdev_fail; +- } +- + /* the device can work without cpu rmap, only aRFS needs it */ + ret = hns3_set_rx_cpu_rmap(netdev); + if (ret) +@@ -4096,17 +4090,23 @@ static int hns3_client_init(struct hnae3 + + set_bit(HNS3_NIC_STATE_INITED, &priv->state); + ++ ret = register_netdev(netdev); ++ if (ret) { ++ dev_err(priv->dev, "probe register netdev fail!\n"); ++ goto out_reg_netdev_fail; ++ } ++ + if (netif_msg_drv(handle)) + hns3_info_show(priv); + + return ret; + ++out_reg_netdev_fail: ++ hns3_dbg_uninit(handle); + out_client_start: + hns3_free_rx_cpu_rmap(netdev); + hns3_nic_uninit_irq(priv); + out_init_irq_fail: +- unregister_netdev(netdev); +-out_reg_netdev_fail: + hns3_uninit_phy(netdev); + out_init_phy: + hns3_uninit_all_ring(priv); diff --git a/patches.suse/net-mlx4-Fix-EEPROM-dump-support.patch b/patches.suse/net-mlx4-Fix-EEPROM-dump-support.patch new file mode 100644 index 0000000..03adf15 --- /dev/null +++ b/patches.suse/net-mlx4-Fix-EEPROM-dump-support.patch @@ -0,0 +1,196 @@ +From: Vladyslav Tarasiuk +Date: Sun, 9 May 2021 09:43:18 +0300 +Subject: net/mlx4: Fix EEPROM dump support +Patch-mainline: v5.13-rc4 +Git-commit: db825feefc6868896fed5e361787ba3bee2fd906 +References: git-fixes + +Fix SFP and QSFP* EEPROM queries by setting i2c_address, offset and page +number correctly. For SFP set the following params: +- I2C address for offsets 0-255 is 0x50. For 256-511 - 0x51. +- Page number is zero. +- Offset is 0-255. + +At the same time, QSFP* parameters are different: +- I2C address is always 0x50. +- Page number is not limited to zero. +- Offset is 0-255 for page zero and 128-255 for others. + +To set parameters accordingly to cable used, implement function to query +module ID and implement respective helper functions to set parameters +correctly. + +Fixes: 135dd9594f12 ("net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query") +Signed-off-by: Vladyslav Tarasiuk +Signed-off-by: Tariq Toukan +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 4 + drivers/net/ethernet/mellanox/mlx4/port.c | 107 +++++++++++++++++++++++- + 2 files changed, 104 insertions(+), 7 deletions(-) + +--- a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c ++++ b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c +@@ -2011,8 +2011,6 @@ static int mlx4_en_set_tunable(struct ne + return ret; + } + +-#define MLX4_EEPROM_PAGE_LEN 256 +- + static int mlx4_en_get_module_info(struct net_device *dev, + struct ethtool_modinfo *modinfo) + { +@@ -2047,7 +2045,7 @@ static int mlx4_en_get_module_info(struc + break; + case MLX4_MODULE_ID_SFP: + modinfo->type = ETH_MODULE_SFF_8472; +- modinfo->eeprom_len = MLX4_EEPROM_PAGE_LEN; ++ modinfo->eeprom_len = ETH_MODULE_SFF_8472_LEN; + break; + default: + return -EINVAL; +--- a/drivers/net/ethernet/mellanox/mlx4/port.c ++++ b/drivers/net/ethernet/mellanox/mlx4/port.c +@@ -1973,6 +1973,7 @@ EXPORT_SYMBOL(mlx4_get_roce_gid_from_sla + #define I2C_ADDR_LOW 0x50 + #define I2C_ADDR_HIGH 0x51 + #define I2C_PAGE_SIZE 256 ++#define I2C_HIGH_PAGE_SIZE 128 + + /* Module Info Data */ + struct mlx4_cable_info { +@@ -2026,6 +2027,88 @@ static inline const char *cable_info_mad + return "Unknown Error"; + } + ++static int mlx4_get_module_id(struct mlx4_dev *dev, u8 port, u8 *module_id) ++{ ++ struct mlx4_cmd_mailbox *inbox, *outbox; ++ struct mlx4_mad_ifc *inmad, *outmad; ++ struct mlx4_cable_info *cable_info; ++ int ret; ++ ++ inbox = mlx4_alloc_cmd_mailbox(dev); ++ if (IS_ERR(inbox)) ++ return PTR_ERR(inbox); ++ ++ outbox = mlx4_alloc_cmd_mailbox(dev); ++ if (IS_ERR(outbox)) { ++ mlx4_free_cmd_mailbox(dev, inbox); ++ return PTR_ERR(outbox); ++ } ++ ++ inmad = (struct mlx4_mad_ifc *)(inbox->buf); ++ outmad = (struct mlx4_mad_ifc *)(outbox->buf); ++ ++ inmad->method = 0x1; /* Get */ ++ inmad->class_version = 0x1; ++ inmad->mgmt_class = 0x1; ++ inmad->base_version = 0x1; ++ inmad->attr_id = cpu_to_be16(0xFF60); /* Module Info */ ++ ++ cable_info = (struct mlx4_cable_info *)inmad->data; ++ cable_info->dev_mem_address = 0; ++ cable_info->page_num = 0; ++ cable_info->i2c_addr = I2C_ADDR_LOW; ++ cable_info->size = cpu_to_be16(1); ++ ++ ret = mlx4_cmd_box(dev, inbox->dma, outbox->dma, port, 3, ++ MLX4_CMD_MAD_IFC, MLX4_CMD_TIME_CLASS_C, ++ MLX4_CMD_NATIVE); ++ if (ret) ++ goto out; ++ ++ if (be16_to_cpu(outmad->status)) { ++ /* Mad returned with bad status */ ++ ret = be16_to_cpu(outmad->status); ++ mlx4_warn(dev, ++ "MLX4_CMD_MAD_IFC Get Module ID attr(%x) port(%d) i2c_addr(%x) offset(%d) size(%d): Response Mad Status(%x) - %s\n", ++ 0xFF60, port, I2C_ADDR_LOW, 0, 1, ret, ++ cable_info_mad_err_str(ret)); ++ ret = -ret; ++ goto out; ++ } ++ cable_info = (struct mlx4_cable_info *)outmad->data; ++ *module_id = cable_info->data[0]; ++out: ++ mlx4_free_cmd_mailbox(dev, inbox); ++ mlx4_free_cmd_mailbox(dev, outbox); ++ return ret; ++} ++ ++static void mlx4_sfp_eeprom_params_set(u8 *i2c_addr, u8 *page_num, u16 *offset) ++{ ++ *i2c_addr = I2C_ADDR_LOW; ++ *page_num = 0; ++ ++ if (*offset < I2C_PAGE_SIZE) ++ return; ++ ++ *i2c_addr = I2C_ADDR_HIGH; ++ *offset -= I2C_PAGE_SIZE; ++} ++ ++static void mlx4_qsfp_eeprom_params_set(u8 *i2c_addr, u8 *page_num, u16 *offset) ++{ ++ /* Offsets 0-255 belong to page 0. ++ * Offsets 256-639 belong to pages 01, 02, 03. ++ * For example, offset 400 is page 02: 1 + (400 - 256) / 128 = 2 ++ */ ++ if (*offset < I2C_PAGE_SIZE) ++ *page_num = 0; ++ else ++ *page_num = 1 + (*offset - I2C_PAGE_SIZE) / I2C_HIGH_PAGE_SIZE; ++ *i2c_addr = I2C_ADDR_LOW; ++ *offset -= *page_num * I2C_HIGH_PAGE_SIZE; ++} ++ + /** + * mlx4_get_module_info - Read cable module eeprom data + * @dev: mlx4_dev. +@@ -2045,12 +2128,30 @@ int mlx4_get_module_info(struct mlx4_dev + struct mlx4_cmd_mailbox *inbox, *outbox; + struct mlx4_mad_ifc *inmad, *outmad; + struct mlx4_cable_info *cable_info; +- u16 i2c_addr; ++ u8 module_id, i2c_addr, page_num; + int ret; + + if (size > MODULE_INFO_MAX_READ) + size = MODULE_INFO_MAX_READ; + ++ ret = mlx4_get_module_id(dev, port, &module_id); ++ if (ret) ++ return ret; ++ ++ switch (module_id) { ++ case MLX4_MODULE_ID_SFP: ++ mlx4_sfp_eeprom_params_set(&i2c_addr, &page_num, &offset); ++ break; ++ case MLX4_MODULE_ID_QSFP: ++ case MLX4_MODULE_ID_QSFP_PLUS: ++ case MLX4_MODULE_ID_QSFP28: ++ mlx4_qsfp_eeprom_params_set(&i2c_addr, &page_num, &offset); ++ break; ++ default: ++ mlx4_err(dev, "Module ID not recognized: %#x\n", module_id); ++ return -EINVAL; ++ } ++ + inbox = mlx4_alloc_cmd_mailbox(dev); + if (IS_ERR(inbox)) + return PTR_ERR(inbox); +@@ -2076,11 +2177,9 @@ int mlx4_get_module_info(struct mlx4_dev + */ + size -= offset + size - I2C_PAGE_SIZE; + +- i2c_addr = I2C_ADDR_LOW; +- + cable_info = (struct mlx4_cable_info *)inmad->data; + cable_info->dev_mem_address = cpu_to_be16(offset); +- cable_info->page_num = 0; ++ cable_info->page_num = page_num; + cable_info->i2c_addr = i2c_addr; + cable_info->size = cpu_to_be16(size); + diff --git a/patches.suse/net-mlx5-DR-Create-multi-destination-flow-table-with.patch b/patches.suse/net-mlx5-DR-Create-multi-destination-flow-table-with.patch new file mode 100644 index 0000000..ed19cb4 --- /dev/null +++ b/patches.suse/net-mlx5-DR-Create-multi-destination-flow-table-with.patch @@ -0,0 +1,49 @@ +From: Yevgeny Kliteynik +Date: Wed, 9 Dec 2020 16:40:38 +0200 +Subject: net/mlx5: DR, Create multi-destination flow table with level less + than 64 +Patch-mainline: v5.13-rc5 +Git-commit: 216214c64a8c1cb9078c2c0aec7bb4a2f8e75397 +References: jsc#SLE-8464 + +Flow table that contains flow pointing to multiple flow tables or multiple +TIRs must have a level lower than 64. In our case it applies to muli- +destination flow table. +Fix the level of the created table to comply with HW Spec definitions, and +still make sure that its level lower than SW-owned tables, so that it +would be possible to point from the multi-destination FW table to SW +tables. + +Fixes: 34583beea4b7 ("net/mlx5: DR, Create multi-destination table for SW-steering use") +Signed-off-by: Yevgeny Kliteynik +Reviewed-by: Alex Vesker +Signed-off-by: Saeed Mahameed +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/mellanox/mlx5/core/steering/dr_fw.c | 3 ++- + include/linux/mlx5/mlx5_ifc.h | 2 ++ + 2 files changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_fw.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_fw.c +@@ -112,7 +112,8 @@ int mlx5dr_fw_create_md_tbl(struct mlx5d + int ret; + + ft_attr.table_type = MLX5_FLOW_TABLE_TYPE_FDB; +- ft_attr.level = dmn->info.caps.max_ft_level - 2; ++ ft_attr.level = min_t(int, dmn->info.caps.max_ft_level - 2, ++ MLX5_FT_MAX_MULTIPATH_LEVEL); + ft_attr.reformat_en = reformat_req; + ft_attr.decap_en = reformat_req; + +--- a/include/linux/mlx5/mlx5_ifc.h ++++ b/include/linux/mlx5/mlx5_ifc.h +@@ -1151,6 +1151,8 @@ enum { + MLX5_FLEX_PARSER_ICMP_V6_ENABLED = 1 << 9, + }; + ++#define MLX5_FT_MAX_MULTIPATH_LEVEL 63 ++ + enum { + MLX5_UCTX_CAP_RAW_TX = 1UL << 0, + MLX5_UCTX_CAP_INTERNAL_DEV_RES = 1UL << 1, diff --git a/patches.suse/net-mlx5e-Fix-multipath-lag-activation.patch b/patches.suse/net-mlx5e-Fix-multipath-lag-activation.patch new file mode 100644 index 0000000..f4391f1 --- /dev/null +++ b/patches.suse/net-mlx5e-Fix-multipath-lag-activation.patch @@ -0,0 +1,49 @@ +From: Dima Chumak +Date: Tue, 13 Apr 2021 22:43:08 +0300 +Subject: net/mlx5e: Fix multipath lag activation +Patch-mainline: v5.13-rc4 +Git-commit: 97817fcc684ed01497bd19d0cd4dea699665b9cf +References: git-fixes + +When handling FIB_EVENT_ENTRY_REPLACE event for a new multipath route, +lag activation can be missed if a stale (struct lag_mp)->mfi pointer +exists, which was associated with an older multipath route that had been +removed. + +Normally, when a route is removed, it triggers mlx5_lag_fib_event(), +which handles FIB_EVENT_ENTRY_DEL and clears mfi pointer. But, if +mlx5_lag_check_prereq() condition isn't met, for example when eswitch is +in legacy mode, the fib event is skipped and mfi pointer becomes stale. + +Fix by resetting mfi pointer to NULL every time mlx5_lag_mp_init() is +called. + +Fixes: 544fe7c2e654 ("net/mlx5e: Activate HW multipath and handle port affinity based on FIB events") +Signed-off-by: Dima Chumak +Reviewed-by: Roi Dayan +Signed-off-by: Saeed Mahameed +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/mellanox/mlx5/core/lag_mp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/net/ethernet/mellanox/mlx5/core/lag_mp.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/lag_mp.c +@@ -307,6 +307,11 @@ int mlx5_lag_mp_init(struct mlx5_lag *ld + struct lag_mp *mp = &ldev->lag_mp; + int err; + ++ /* always clear mfi, as it might become stale when a route delete event ++ * has been missed ++ */ ++ mp->mfi = NULL; ++ + if (mp->fib_nb.notifier_call) + return 0; + +@@ -330,4 +330,5 @@ void mlx5_lag_mp_cleanup(struct mlx5_lag + unregister_fib_notifier(&init_net, &mp->fib_nb); + destroy_workqueue(mp->wq); + mp->fib_nb.notifier_call = NULL; ++ mp->mfi = NULL; + } diff --git a/patches.suse/net-mlx5e-Fix-nullptr-in-add_vlan_push_action.patch b/patches.suse/net-mlx5e-Fix-nullptr-in-add_vlan_push_action.patch new file mode 100644 index 0000000..38e9df9 --- /dev/null +++ b/patches.suse/net-mlx5e-Fix-nullptr-in-add_vlan_push_action.patch @@ -0,0 +1,49 @@ +From: Dima Chumak +Date: Mon, 26 Apr 2021 15:16:26 +0300 +Subject: net/mlx5e: Fix nullptr in add_vlan_push_action() +Patch-mainline: v5.13-rc4 +Git-commit: dca59f4a791960ec73fa15803faa0abe0f92ece2 +References: git-fixes + +The result of dev_get_by_index_rcu() is not checked for NULL and then +gets dereferenced immediately. + +Also, the RCU lock must be held by the caller of dev_get_by_index_rcu(), +which isn't satisfied by the call stack. + +Fix by handling nullptr return value when iflink device is not found. +Add RCU locking around dev_get_by_index_rcu() to avoid possible adverse +effects while iterating over the net_device's hlist. + +It is safe not to increment reference count of the net_device pointer in +case of a successful lookup, because it's already handled by VLAN code +during VLAN device registration (see register_vlan_dev and +netdev_upper_dev_link). + +Fixes: 278748a95aa3 ("net/mlx5e: Offload TC e-switch rules with egress VLAN device") +Addresses-Coverity: ("Dereference null return value") +Signed-off-by: Dima Chumak +Reviewed-by: Vlad Buslov +Signed-off-by: Saeed Mahameed +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c +@@ -3248,8 +3248,12 @@ static int add_vlan_push_action(struct m + if (err) + return err; + +- *out_dev = dev_get_by_index_rcu(dev_net(vlan_dev), +- dev_get_iflink(vlan_dev)); ++ rcu_read_lock(); ++ *out_dev = dev_get_by_index_rcu(dev_net(vlan_dev), dev_get_iflink(vlan_dev)); ++ rcu_read_unlock(); ++ if (!*out_dev) ++ return -ENODEV; ++ + if (is_vlan_dev(*out_dev)) + err = add_vlan_push_action(priv, attr, out_dev, action); + diff --git a/patches.suse/pid-take-a-reference-when-initializing-cad_pid.patch b/patches.suse/pid-take-a-reference-when-initializing-cad_pid.patch new file mode 100644 index 0000000..f34c647 --- /dev/null +++ b/patches.suse/pid-take-a-reference-when-initializing-cad_pid.patch @@ -0,0 +1,139 @@ +From: Mark Rutland +Date: Fri, 4 Jun 2021 20:01:14 -0700 +Subject: pid: take a reference when initializing `cad_pid` +Git-commit: 0711f0d7050b9e07c44bc159bbc64ac0a1022c7f +Patch-mainline: v5.13-rc5 +References: bsc#1152489 + +During boot, kernel_init_freeable() initializes `cad_pid` to the init +task's struct pid. Later on, we may change `cad_pid` via a sysctl, and +when this happens proc_do_cad_pid() will increment the refcount on the +new pid via get_pid(), and will decrement the refcount on the old pid +via put_pid(). As we never called get_pid() when we initialized +`cad_pid`, we decrement a reference we never incremented, can therefore +free the init task's struct pid early. As there can be dangling +references to the struct pid, we can later encounter a use-after-free +(e.g. when delivering signals). + +This was spotted when fuzzing v5.13-rc3 with Syzkaller, but seems to +have been around since the conversion of `cad_pid` to struct pid in +commit 9ec52099e4b8 ("[PATCH] replace cad_pid by a struct pid") from the +pre-KASAN stone age of v2.6.19. + +Fix this by getting a reference to the init task's struct pid when we +assign it to `cad_pid`. + +Full KASAN splat below. + + ================================================================== + BUG: KASAN: use-after-free in ns_of_pid include/linux/pid.h:153 [inline] + BUG: KASAN: use-after-free in task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509 + Read of size 4 at addr ffff23794dda0004 by task syz-executor.0/273 + + CPU: 1 PID: 273 Comm: syz-executor.0 Not tainted 5.12.0-00001-g9aef892b2d15 #1 + Hardware name: linux,dummy-virt (DT) + Call trace: + ns_of_pid include/linux/pid.h:153 [inline] + task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509 + do_notify_parent+0x308/0xe60 kernel/signal.c:1950 + exit_notify kernel/exit.c:682 [inline] + do_exit+0x2334/0x2bd0 kernel/exit.c:845 + do_group_exit+0x108/0x2c8 kernel/exit.c:922 + get_signal+0x4e4/0x2a88 kernel/signal.c:2781 + do_signal arch/arm64/kernel/signal.c:882 [inline] + do_notify_resume+0x300/0x970 arch/arm64/kernel/signal.c:936 + work_pending+0xc/0x2dc + + Allocated by task 0: + slab_post_alloc_hook+0x50/0x5c0 mm/slab.h:516 + slab_alloc_node mm/slub.c:2907 [inline] + slab_alloc mm/slub.c:2915 [inline] + kmem_cache_alloc+0x1f4/0x4c0 mm/slub.c:2920 + alloc_pid+0xdc/0xc00 kernel/pid.c:180 + copy_process+0x2794/0x5e18 kernel/fork.c:2129 + kernel_clone+0x194/0x13c8 kernel/fork.c:2500 + kernel_thread+0xd4/0x110 kernel/fork.c:2552 + rest_init+0x44/0x4a0 init/main.c:687 + arch_call_rest_init+0x1c/0x28 + start_kernel+0x520/0x554 init/main.c:1064 + 0x0 + + Freed by task 270: + slab_free_hook mm/slub.c:1562 [inline] + slab_free_freelist_hook+0x98/0x260 mm/slub.c:1600 + slab_free mm/slub.c:3161 [inline] + kmem_cache_free+0x224/0x8e0 mm/slub.c:3177 + put_pid.part.4+0xe0/0x1a8 kernel/pid.c:114 + put_pid+0x30/0x48 kernel/pid.c:109 + proc_do_cad_pid+0x190/0x1b0 kernel/sysctl.c:1401 + proc_sys_call_handler+0x338/0x4b0 fs/proc/proc_sysctl.c:591 + proc_sys_write+0x34/0x48 fs/proc/proc_sysctl.c:617 + call_write_iter include/linux/fs.h:1977 [inline] + new_sync_write+0x3ac/0x510 fs/read_write.c:518 + vfs_write fs/read_write.c:605 [inline] + vfs_write+0x9c4/0x1018 fs/read_write.c:585 + ksys_write+0x124/0x240 fs/read_write.c:658 + __do_sys_write fs/read_write.c:670 [inline] + __se_sys_write fs/read_write.c:667 [inline] + __arm64_sys_write+0x78/0xb0 fs/read_write.c:667 + __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] + invoke_syscall arch/arm64/kernel/syscall.c:49 [inline] + el0_svc_common.constprop.1+0x16c/0x388 arch/arm64/kernel/syscall.c:129 + do_el0_svc+0xf8/0x150 arch/arm64/kernel/syscall.c:168 + el0_svc+0x28/0x38 arch/arm64/kernel/entry-common.c:416 + el0_sync_handler+0x134/0x180 arch/arm64/kernel/entry-common.c:432 + el0_sync+0x154/0x180 arch/arm64/kernel/entry.S:701 + + The buggy address belongs to the object at ffff23794dda0000 + which belongs to the cache pid of size 224 + The buggy address is located 4 bytes inside of + 224-byte region [ffff23794dda0000, ffff23794dda00e0) + The buggy address belongs to the page: + page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4dda0 + head:(____ptrval____) order:1 compound_mapcount:0 + flags: 0x3fffc0000010200(slab|head) + raw: 03fffc0000010200 dead000000000100 dead000000000122 ffff23794d40d080 + raw: 0000000000000000 0000000000190019 00000001ffffffff 0000000000000000 + page dumped because: kasan: bad access detected + + Memory state around the buggy address: + ffff23794dd9ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc + ffff23794dd9ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc + >ffff23794dda0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb + ^ + ffff23794dda0080: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc + ffff23794dda0100: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 + ================================================================== + +Link: https://lkml.kernel.org/r/20210524172230.38715-1-mark.rutland@arm.com +Fixes: 9ec52099e4b8678a ("[PATCH] replace cad_pid by a struct pid") +Signed-off-by: Mark Rutland +Acked-by: Christian Brauner +Cc: Cedric Le Goater +Cc: Christian Brauner +Cc: Eric W. Biederman +Cc: Kees Cook +Cc: Paul Mackerras +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Acked-by: Borislav Petkov +--- + init/main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/init/main.c b/init/main.c +index eb01e121d2f1..e9c42a183e33 100644 +--- a/init/main.c ++++ b/init/main.c +@@ -1537,7 +1537,7 @@ static noinline void __init kernel_init_freeable(void) + */ + set_mems_allowed(node_states[N_MEMORY]); + +- cad_pid = task_pid(current); ++ cad_pid = get_pid(task_pid(current)); + + smp_prepare_cpus(setup_max_cpus); + + diff --git a/patches.suse/regulator-core-resolve-supply-for-boot-on-always-on-.patch b/patches.suse/regulator-core-resolve-supply-for-boot-on-always-on-.patch new file mode 100644 index 0000000..690b9b1 --- /dev/null +++ b/patches.suse/regulator-core-resolve-supply-for-boot-on-always-on-.patch @@ -0,0 +1,43 @@ +From 98e48cd9283dbac0e1445ee780889f10b3d1db6a Mon Sep 17 00:00:00 2001 +From: Dmitry Baryshkov +Date: Thu, 20 May 2021 01:12:23 +0300 +Subject: [PATCH] regulator: core: resolve supply for boot-on/always-on regulators +Git-commit: 98e48cd9283dbac0e1445ee780889f10b3d1db6a +Patch-mainline: v5.13-rc6 +References: git-fixes + +For the boot-on/always-on regulators the set_machine_constrainst() is +called before resolving rdev->supply. Thus the code would try to enable +rdev before enabling supplying regulator. Enforce resolving supply +regulator before enabling rdev. + +Fixes: aea6cb99703e ("regulator: resolve supply after creating regulator") +Signed-off-by: Dmitry Baryshkov +Link: https://lore.kernel.org/r/20210519221224.2868496-1-dmitry.baryshkov@linaro.org +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + drivers/regulator/core.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c +index f192bf19492e..e20e77e4c159 100644 +--- a/drivers/regulator/core.c ++++ b/drivers/regulator/core.c +@@ -1425,6 +1425,12 @@ static int set_machine_constraints(struct regulator_dev *rdev) + * and we have control then make sure it is enabled. + */ + if (rdev->constraints->always_on || rdev->constraints->boot_on) { ++ /* If we want to enable this regulator, make sure that we know ++ * the supplying regulator. ++ */ ++ if (rdev->supply_name && !rdev->supply) ++ return -EPROBE_DEFER; ++ + if (rdev->supply) { + ret = regulator_enable(rdev->supply); + if (ret < 0) { +-- +2.26.2 + diff --git a/patches.suse/regulator-max77620-Use-device_set_of_node_from_dev.patch b/patches.suse/regulator-max77620-Use-device_set_of_node_from_dev.patch new file mode 100644 index 0000000..b250b76 --- /dev/null +++ b/patches.suse/regulator-max77620-Use-device_set_of_node_from_dev.patch @@ -0,0 +1,45 @@ +From 6f55c5dd1118b3076d11d9cb17f5c5f4bc3a1162 Mon Sep 17 00:00:00 2001 +From: Dmitry Osipenko +Date: Mon, 24 May 2021 01:42:42 +0300 +Subject: [PATCH] regulator: max77620: Use device_set_of_node_from_dev() +Git-commit: 6f55c5dd1118b3076d11d9cb17f5c5f4bc3a1162 +Patch-mainline: v5.13-rc6 +References: git-fixes + +The MAX77620 driver fails to re-probe on deferred probe because driver +core tries to claim resources that are already claimed by the PINCTRL +device. Use device_set_of_node_from_dev() helper which marks OF node as +reused, skipping erroneous execution of pinctrl_bind_pins() for the PMIC +device on the re-probe. + +Fixes: aea6cb99703e ("regulator: resolve supply after creating regulator") +Signed-off-by: Dmitry Osipenko +Link: https://lore.kernel.org/r/20210523224243.13219-2-digetx@gmail.com +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + drivers/regulator/max77620-regulator.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/regulator/max77620-regulator.c b/drivers/regulator/max77620-regulator.c +index 8d9731e4052b..5c439c850d09 100644 +--- a/drivers/regulator/max77620-regulator.c ++++ b/drivers/regulator/max77620-regulator.c +@@ -814,6 +814,13 @@ static int max77620_regulator_probe(struct platform_device *pdev) + config.dev = dev; + config.driver_data = pmic; + ++ /* ++ * Set of_node_reuse flag to prevent driver core from attempting to ++ * claim any pinmux resources already claimed by the parent device. ++ * Otherwise PMIC driver will fail to re-probe. ++ */ ++ device_set_of_node_from_dev(&pdev->dev, pdev->dev.parent); ++ + for (id = 0; id < MAX77620_NUM_REGS; id++) { + struct regulator_dev *rdev; + struct regulator_desc *rdesc; +-- +2.26.2 + diff --git a/patches.suse/rtw88-8822c-add-LC-calibration-for-RTL8822C.patch b/patches.suse/rtw88-8822c-add-LC-calibration-for-RTL8822C.patch new file mode 100644 index 0000000..bfe9945 --- /dev/null +++ b/patches.suse/rtw88-8822c-add-LC-calibration-for-RTL8822C.patch @@ -0,0 +1,154 @@ +From 7ae7784ec2a812c07d2ca91a6538ef2470154fb6 Mon Sep 17 00:00:00 2001 +From: Po-Hao Huang +Date: Fri, 19 Mar 2021 13:42:16 +0800 +Subject: [PATCH] rtw88: 8822c: add LC calibration for RTL8822C +Git-commit: 7ae7784ec2a812c07d2ca91a6538ef2470154fb6 +Patch-mainline: v5.13-rc1 +References: git-fixes + +Fix power tracking issue by replacing unnecessary IQ calibration +with LC calibration. +When thermal difference exceeds limitation, let RF circuit adjsut +its characteristic to fit in current environment. + +Signed-off-by: Po-Hao Huang +Signed-off-by: Ping-Ke Shih +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20210319054218.3319-6-pkshih@realtek.com +Acked-by: Takashi Iwai + +--- + drivers/net/wireless/realtek/rtw88/main.h | 2 + + drivers/net/wireless/realtek/rtw88/phy.c | 14 +++++++++++++ + drivers/net/wireless/realtek/rtw88/phy.h | 1 + drivers/net/wireless/realtek/rtw88/reg.h | 5 ++++ + drivers/net/wireless/realtek/rtw88/rtw8822c.c | 27 ++++++++++++++++++++++++-- + 5 files changed, 47 insertions(+), 2 deletions(-) + +--- a/drivers/net/wireless/realtek/rtw88/main.h ++++ b/drivers/net/wireless/realtek/rtw88/main.h +@@ -1141,6 +1141,7 @@ struct rtw_chip_info { + bool en_dis_dpd; + u16 dpd_ratemask; + u8 iqk_threshold; ++ u8 lck_threshold; + const struct rtw_pwr_track_tbl *pwr_track_tbl; + + u8 bfer_su_max_num; +@@ -1470,6 +1471,7 @@ struct rtw_dm_info { + u8 tx_rate; + u8 thermal_avg[RTW_RF_PATH_MAX]; + u8 thermal_meter_k; ++ u8 thermal_meter_lck; + s8 delta_power_index[RTW_RF_PATH_MAX]; + s8 delta_power_index_last[RTW_RF_PATH_MAX]; + u8 default_ofdm_index; +--- a/drivers/net/wireless/realtek/rtw88/phy.c ++++ b/drivers/net/wireless/realtek/rtw88/phy.c +@@ -2154,6 +2154,20 @@ s8 rtw_phy_pwrtrack_get_pwridx(struct rt + } + EXPORT_SYMBOL(rtw_phy_pwrtrack_get_pwridx); + ++bool rtw_phy_pwrtrack_need_lck(struct rtw_dev *rtwdev) ++{ ++ struct rtw_dm_info *dm_info = &rtwdev->dm_info; ++ u8 delta_lck; ++ ++ delta_lck = abs(dm_info->thermal_avg[0] - dm_info->thermal_meter_lck); ++ if (delta_lck >= rtwdev->chip->lck_threshold) { ++ dm_info->thermal_meter_lck = dm_info->thermal_avg[0]; ++ return true; ++ } ++ return false; ++} ++EXPORT_SYMBOL(rtw_phy_pwrtrack_need_lck); ++ + bool rtw_phy_pwrtrack_need_iqk(struct rtw_dev *rtwdev) + { + struct rtw_dm_info *dm_info = &rtwdev->dm_info; +--- a/drivers/net/wireless/realtek/rtw88/phy.h ++++ b/drivers/net/wireless/realtek/rtw88/phy.h +@@ -55,6 +55,7 @@ u8 rtw_phy_pwrtrack_get_delta(struct rtw + s8 rtw_phy_pwrtrack_get_pwridx(struct rtw_dev *rtwdev, + struct rtw_swing_table *swing_table, + u8 tbl_path, u8 therm_path, u8 delta); ++bool rtw_phy_pwrtrack_need_lck(struct rtw_dev *rtwdev); + bool rtw_phy_pwrtrack_need_iqk(struct rtw_dev *rtwdev); + void rtw_phy_config_swing_table(struct rtw_dev *rtwdev, + struct rtw_swing_table *swing_table); +--- a/drivers/net/wireless/realtek/rtw88/reg.h ++++ b/drivers/net/wireless/realtek/rtw88/reg.h +@@ -634,8 +634,13 @@ + #define RF_TXATANK 0x64 + #define RF_TRXIQ 0x66 + #define RF_RXIQGEN 0x8d ++#define RF_SYN_PFD 0xb0 + #define RF_XTALX2 0xb8 ++#define RF_SYN_CTRL 0xbb + #define RF_MALSEL 0xbe ++#define RF_SYN_AAC 0xc9 ++#define RF_AAC_CTRL 0xca ++#define RF_FAST_LCK 0xcc + #define RF_RCKD 0xde + #define RF_TXADBG 0xde + #define RF_LUTDBG 0xdf +--- a/drivers/net/wireless/realtek/rtw88/rtw8822c.c ++++ b/drivers/net/wireless/realtek/rtw88/rtw8822c.c +@@ -1133,6 +1133,7 @@ static void rtw8822c_pwrtrack_init(struc + + dm_info->pwr_trk_triggered = false; + dm_info->thermal_meter_k = rtwdev->efuse.thermal_meter_k; ++ dm_info->thermal_meter_lck = rtwdev->efuse.thermal_meter_k; + } + + static void rtw8822c_phy_set_param(struct rtw_dev *rtwdev) +@@ -2115,6 +2116,26 @@ static void rtw8822c_false_alarm_statist + rtw_write32_set(rtwdev, REG_RX_BREAK, BIT_COM_RX_GCK_EN); + } + ++static void rtw8822c_do_lck(struct rtw_dev *rtwdev) ++{ ++ u32 val; ++ ++ rtw_write_rf(rtwdev, RF_PATH_A, RF_SYN_CTRL, RFREG_MASK, 0x80010); ++ rtw_write_rf(rtwdev, RF_PATH_A, RF_SYN_PFD, RFREG_MASK, 0x1F0FA); ++ fsleep(1); ++ rtw_write_rf(rtwdev, RF_PATH_A, RF_AAC_CTRL, RFREG_MASK, 0x80000); ++ rtw_write_rf(rtwdev, RF_PATH_A, RF_SYN_AAC, RFREG_MASK, 0x80001); ++ read_poll_timeout(rtw_read_rf, val, val != 0x1, 1000, 100000, ++ true, rtwdev, RF_PATH_A, RF_AAC_CTRL, 0x1000); ++ rtw_write_rf(rtwdev, RF_PATH_A, RF_SYN_PFD, RFREG_MASK, 0x1F0F8); ++ rtw_write_rf(rtwdev, RF_PATH_B, RF_SYN_CTRL, RFREG_MASK, 0x80010); ++ ++ rtw_write_rf(rtwdev, RF_PATH_A, RF_FAST_LCK, RFREG_MASK, 0x0f000); ++ rtw_write_rf(rtwdev, RF_PATH_A, RF_FAST_LCK, RFREG_MASK, 0x4f000); ++ fsleep(1); ++ rtw_write_rf(rtwdev, RF_PATH_A, RF_FAST_LCK, RFREG_MASK, 0x0f000); ++} ++ + static void rtw8822c_do_iqk(struct rtw_dev *rtwdev) + { + struct rtw_iqk_para para = {0}; +@@ -3528,11 +3549,12 @@ static void __rtw8822c_pwr_track(struct + + rtw_phy_config_swing_table(rtwdev, &swing_table); + ++ if (rtw_phy_pwrtrack_need_lck(rtwdev)) ++ rtw8822c_do_lck(rtwdev); ++ + for (i = 0; i < rtwdev->hal.rf_path_num; i++) + rtw8822c_pwr_track_path(rtwdev, &swing_table, i); + +- if (rtw_phy_pwrtrack_need_iqk(rtwdev)) +- rtw8822c_do_iqk(rtwdev); + } + + static void rtw8822c_pwr_track(struct rtw_dev *rtwdev) +@@ -4336,6 +4358,7 @@ struct rtw_chip_info rtw8822c_hw_spec = + .dpd_ratemask = DIS_DPD_RATEALL, + .pwr_track_tbl = &rtw8822c_rtw_pwr_track_tbl, + .iqk_threshold = 8, ++ .lck_threshold = 8, + .bfer_su_max_num = 2, + .bfer_mu_max_num = 1, + .rx_ldpc = true, diff --git a/patches.suse/scsi-acornscsi-Fix-an-error-handling-path-in-acornscsi_probe b/patches.suse/scsi-acornscsi-Fix-an-error-handling-path-in-acornscsi_probe new file mode 100644 index 0000000..e47ef54 --- /dev/null +++ b/patches.suse/scsi-acornscsi-Fix-an-error-handling-path-in-acornscsi_probe @@ -0,0 +1,36 @@ +From: Christophe JAILLET +Date: Sat, 30 May 2020 10:16:22 +0200 +Subject: scsi: acornscsi: Fix an error handling path in acornscsi_probe() +Git-commit: 42c76c9848e13dbe0538d7ae0147a269dfa859cb +Patch-mainline: v5.8-rc1 +References: bsc#1186952 + +'ret' is known to be 0 at this point. Explicitly return -ENOMEM if one of +the 'ecardm_iomap()' calls fail. + +Link: https://lore.kernel.org/r/20200530081622.577888-1-christophe.jaillet@wanadoo.fr +Fixes: e95a1b656a98 ("[ARM] rpc: acornscsi: update to new style ecard driver") +Signed-off-by: Christophe JAILLET +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/arm/acornscsi.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/scsi/arm/acornscsi.c b/drivers/scsi/arm/acornscsi.c +index ddb52e7ba622..9a912fd0f70b 100644 +--- a/drivers/scsi/arm/acornscsi.c ++++ b/drivers/scsi/arm/acornscsi.c +@@ -2911,8 +2911,10 @@ static int acornscsi_probe(struct expansion_card *ec, const struct ecard_id *id) + + ashost->base = ecardm_iomap(ec, ECARD_RES_MEMC, 0, 0); + ashost->fast = ecardm_iomap(ec, ECARD_RES_IOCFAST, 0, 0); +- if (!ashost->base || !ashost->fast) ++ if (!ashost->base || !ashost->fast) { ++ ret = -ENOMEM; + goto out_put; ++ } + + host->irq = ec->irq; + ashost->host = host; + diff --git a/patches.suse/scsi-be2iscsi-Fix-a-theoretical-leak-in-beiscsi_create_eqs b/patches.suse/scsi-be2iscsi-Fix-a-theoretical-leak-in-beiscsi_create_eqs new file mode 100644 index 0000000..fe68b99 --- /dev/null +++ b/patches.suse/scsi-be2iscsi-Fix-a-theoretical-leak-in-beiscsi_create_eqs @@ -0,0 +1,58 @@ +From: Dan Carpenter +Date: Mon, 28 Sep 2020 12:13:00 +0300 +Subject: scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() +Git-commit: 38b2db564d9ab7797192ef15d7aade30633ceeae +Patch-mainline: v5.10-rc1 +References: bsc#1186953 + +The be_fill_queue() function can only fail when "eq_vaddress" is NULL and +since it's non-NULL here that means the function call can't fail. But +imagine if it could, then in that situation we would want to store the +"paddr" so that dma memory can be released. + +Link: https://lore.kernel.org/r/20200928091300.GD377727@mwanda +Fixes: bfead3b2cb46 ("[SCSI] be2iscsi: Adding msix and mcc_rings V3") +Signed-off-by: Dan Carpenter +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/be2iscsi/be_main.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/scsi/be2iscsi/be_main.c b/drivers/scsi/be2iscsi/be_main.c +index 8dc2e0824ad7..0e45f2c14559 100644 +--- a/drivers/scsi/be2iscsi/be_main.c ++++ b/drivers/scsi/be2iscsi/be_main.c +@@ -3020,6 +3020,7 @@ static int beiscsi_create_eqs(struct beiscsi_hba *phba, + goto create_eq_error; + } + ++ mem->dma = paddr; + mem->va = eq_vaddress; + ret = be_fill_queue(eq, phba->params.num_eq_entries, + sizeof(struct be_eq_entry), eq_vaddress); +@@ -3029,7 +3030,6 @@ static int beiscsi_create_eqs(struct beiscsi_hba *phba, + goto create_eq_error; + } + +- mem->dma = paddr; + ret = beiscsi_cmd_eq_create(&phba->ctrl, eq, + BEISCSI_EQ_DELAY_DEF); + if (ret) { +@@ -3086,6 +3086,7 @@ static int beiscsi_create_cqs(struct beiscsi_hba *phba, + goto create_cq_error; + } + ++ mem->dma = paddr; + ret = be_fill_queue(cq, phba->params.num_cq_entries, + sizeof(struct sol_cqe), cq_vaddress); + if (ret) { +@@ -3095,7 +3096,6 @@ static int beiscsi_create_cqs(struct beiscsi_hba *phba, + goto create_cq_error; + } + +- mem->dma = paddr; + ret = beiscsi_cmd_cq_create(&phba->ctrl, cq, eq, false, + false, 0); + if (ret) { + diff --git a/patches.suse/scsi-be2iscsi-Revert-Fix-a-theoretical-leak-in-beiscsi_create_eqs b/patches.suse/scsi-be2iscsi-Revert-Fix-a-theoretical-leak-in-beiscsi_create_eqs new file mode 100644 index 0000000..7a957b7 --- /dev/null +++ b/patches.suse/scsi-be2iscsi-Revert-Fix-a-theoretical-leak-in-beiscsi_create_eqs @@ -0,0 +1,62 @@ +From: Dan Carpenter +Date: Thu, 3 Dec 2020 15:18:26 +0300 +Subject: scsi: be2iscsi: Revert "Fix a theoretical leak in + beiscsi_create_eqs()" +Git-commit: eeaf06af6f87e1dba371fbe42674e6f963220b9c +Patch-mainline: v5.10 +References: bsc#1187067 + +My patch caused kernel Oopses and delays in boot. Revert it. + +The problem was that I moved the "mem->dma = paddr;" before the call to +be_fill_queue(). But the first thing that the be_fill_queue() function +does is memset the whole struct to zero which overwrites the assignment. + +Link: https://lore.kernel.org/r/X8jXkt6eThjyVP1v@mwanda +Fixes: 38b2db564d9a ("scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()") +Cc: stable +Reported-by: Thomas Lamprecht +Signed-off-by: Dan Carpenter +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/be2iscsi/be_main.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/scsi/be2iscsi/be_main.c b/drivers/scsi/be2iscsi/be_main.c +index 202ba925c494..5c3513a4b450 100644 +--- a/drivers/scsi/be2iscsi/be_main.c ++++ b/drivers/scsi/be2iscsi/be_main.c +@@ -3020,7 +3020,6 @@ static int beiscsi_create_eqs(struct beiscsi_hba *phba, + goto create_eq_error; + } + +- mem->dma = paddr; + mem->va = eq_vaddress; + ret = be_fill_queue(eq, phba->params.num_eq_entries, + sizeof(struct be_eq_entry), eq_vaddress); +@@ -3030,6 +3029,7 @@ static int beiscsi_create_eqs(struct beiscsi_hba *phba, + goto create_eq_error; + } + ++ mem->dma = paddr; + ret = beiscsi_cmd_eq_create(&phba->ctrl, eq, + BEISCSI_EQ_DELAY_DEF); + if (ret) { +@@ -3086,7 +3086,6 @@ static int beiscsi_create_cqs(struct beiscsi_hba *phba, + goto create_cq_error; + } + +- mem->dma = paddr; + ret = be_fill_queue(cq, phba->params.num_cq_entries, + sizeof(struct sol_cqe), cq_vaddress); + if (ret) { +@@ -3096,6 +3095,7 @@ static int beiscsi_create_cqs(struct beiscsi_hba *phba, + goto create_cq_error; + } + ++ mem->dma = paddr; + ret = beiscsi_cmd_cq_create(&phba->ctrl, cq, eq, false, + false, 0); + if (ret) { + diff --git a/patches.suse/scsi-bfa-Fix-error-return-in-bfad_pci_init b/patches.suse/scsi-bfa-Fix-error-return-in-bfad_pci_init new file mode 100644 index 0000000..3bf967c --- /dev/null +++ b/patches.suse/scsi-bfa-Fix-error-return-in-bfad_pci_init @@ -0,0 +1,31 @@ +From: Jing Xiangfeng +Date: Fri, 25 Sep 2020 14:24:23 +0800 +Subject: scsi: bfa: Fix error return in bfad_pci_init() +Git-commit: f0f6c3a4fcb80fcbcce4ff6739996dd98c228afd +Patch-mainline: v5.10-rc1 +References: bsc#1186954 + +Fix to return error code -ENODEV from the error handling case instead of 0. + +Link: https://lore.kernel.org/r/20200925062423.161504-1-jingxiangfeng@huawei.com +Fixes: 11ea3824140c ("scsi: bfa: fix calls to dma_set_mask_and_coherent()") +Signed-off-by: Jing Xiangfeng +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/bfa/bfad.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/scsi/bfa/bfad.c b/drivers/scsi/bfa/bfad.c +index bc5d84f87d8f..440ef32be048 100644 +--- a/drivers/scsi/bfa/bfad.c ++++ b/drivers/scsi/bfa/bfad.c +@@ -749,6 +749,7 @@ bfad_pci_init(struct pci_dev *pdev, struct bfad_s *bfad) + + if (bfad->pci_bar0_kva == NULL) { + printk(KERN_ERR "Fail to map bar0\n"); ++ rc = -ENODEV; + goto out_release_region; + } + + diff --git a/patches.suse/scsi-bnx2fc-Fix-Kconfig-warning-CNIC-build-errors b/patches.suse/scsi-bnx2fc-Fix-Kconfig-warning-CNIC-build-errors new file mode 100644 index 0000000..72e4ab1 --- /dev/null +++ b/patches.suse/scsi-bnx2fc-Fix-Kconfig-warning-CNIC-build-errors @@ -0,0 +1,51 @@ +From: Randy Dunlap +Date: Sat, 13 Feb 2021 11:24:28 -0800 +Subject: scsi: bnx2fc: Fix Kconfig warning & CNIC build errors +Git-commit: eefb816acb0162e94a85a857f3a55148f671d5a5 +Patch-mainline: v5.12-rc1 +References: bsc#1186955 + +CNIC depends on MMU, but since 'select' does not follow any dependency +chains, SCSI_BNX2X_FCOE also needs to depend on MMU, so that erroneous +configs are not generated, which cause build errors in cnic. + +WARNING: unmet direct dependencies detected for CNIC + Depends on [n]: NETDEVICES [=y] && ETHERNET [=y] && NET_VENDOR_BROADCOM [=y] && PCI [=y] && (IPV6 [=n] || IPV6 [=n]=n) && MMU [=n] + Selected by [y]: + - SCSI_BNX2X_FCOE [=y] && SCSI_LOWLEVEL [=y] && SCSI [=y] && PCI [=y] && (IPV6 [=n] || IPV6 [=n]=n) && LIBFC [=y] && LIBFCOE [=y] + +riscv64-linux-ld: drivers/net/ethernet/broadcom/cnic.o: in function `.L154': +cnic.c:(.text+0x1094): undefined reference to `uio_event_notify' +riscv64-linux-ld: cnic.c:(.text+0x10bc): undefined reference to `uio_event_notify' +riscv64-linux-ld: drivers/net/ethernet/broadcom/cnic.o: in function `.L1442': +cnic.c:(.text+0x96a8): undefined reference to `__uio_register_device' +riscv64-linux-ld: drivers/net/ethernet/broadcom/cnic.o: in function `.L0 ': +cnic.c:(.text.unlikely+0x68): undefined reference to `uio_unregister_device' + +Link: https://lore.kernel.org/r/20210213192428.22537-1-rdunlap@infradead.org +Fixes: 853e2bd2103a ("[SCSI] bnx2fc: Broadcom FCoE offload driver") +Cc: Saurav Kashyap +Cc: Javed Hasan +Cc: GR-QLogic-Storage-Upstream@marvell.com +Cc: "James E.J. Bottomley" +Cc: "Martin K. Petersen" +Cc: linux-scsi@vger.kernel.org +Reported-by: kernel test robot +Signed-off-by: Randy Dunlap +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/bnx2fc/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/scsi/bnx2fc/Kconfig ++++ b/drivers/scsi/bnx2fc/Kconfig +@@ -5,6 +5,7 @@ config SCSI_BNX2X_FCOE + depends on (IPV6 || IPV6=n) + depends on LIBFC + depends on LIBFCOE ++ depends on MMU + select NETDEVICES + select ETHERNET + select NET_VENDOR_BROADCOM + diff --git a/patches.suse/scsi-bnx2i-Requires-MMU b/patches.suse/scsi-bnx2i-Requires-MMU new file mode 100644 index 0000000..57ae137 --- /dev/null +++ b/patches.suse/scsi-bnx2i-Requires-MMU @@ -0,0 +1,48 @@ +From: Randy Dunlap +Date: Sat, 28 Nov 2020 23:09:16 -0800 +Subject: scsi: bnx2i: Requires MMU +Git-commit: 2d586494c4a001312650f0b919d534e429dd1e09 +Patch-mainline: v5.10 +References: bsc#1186956 + +The SCSI_BNX2_ISCSI kconfig symbol selects CNIC and CNIC selects UIO, which +depends on MMU. + +Since 'select' does not follow dependency chains, add the same MMU +dependency to SCSI_BNX2_ISCSI. + +Quietens this kconfig warning: + +WARNING: unmet direct dependencies detected for CNIC + Depends on [n]: NETDEVICES [=y] && ETHERNET [=y] && NET_VENDOR_BROADCOM [=y] && PCI [=y] && (IPV6 [=m] || IPV6 [=m]=n) && MMU [=n] + Selected by [m]: + - SCSI_BNX2_ISCSI [=m] && SCSI_LOWLEVEL [=y] && SCSI [=y] && NET [=y] && PCI [=y] && (IPV6 [=m] || IPV6 [=m]=n) + +Link: https://lore.kernel.org/r/20201129070916.3919-1-rdunlap@infradead.org +Fixes: cf4e6363859d ("[SCSI] bnx2i: Add bnx2i iSCSI driver.") +Cc: linux-scsi@vger.kernel.org +Cc: Nilesh Javali +Cc: Manish Rangankar +Cc: GR-QLogic-Storage-Upstream@marvell.com +Cc: "James E.J. Bottomley" +Cc: "Martin K. Petersen" +Signed-off-by: Randy Dunlap +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/bnx2i/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/scsi/bnx2i/Kconfig b/drivers/scsi/bnx2i/Kconfig +index 75ace2302fed..0cc06c2ce0b8 100644 +--- a/drivers/scsi/bnx2i/Kconfig ++++ b/drivers/scsi/bnx2i/Kconfig +@@ -4,6 +4,7 @@ config SCSI_BNX2_ISCSI + depends on NET + depends on PCI + depends on (IPV6 || IPV6=n) ++ depends on MMU + select SCSI_ISCSI_ATTRS + select NETDEVICES + select ETHERNET + diff --git a/patches.suse/scsi-csiostor-Fix-wrong-return-value-in-csio_hw_prep_fw b/patches.suse/scsi-csiostor-Fix-wrong-return-value-in-csio_hw_prep_fw new file mode 100644 index 0000000..3b8fcc1 --- /dev/null +++ b/patches.suse/scsi-csiostor-Fix-wrong-return-value-in-csio_hw_prep_fw @@ -0,0 +1,34 @@ +From: Tianjia Zhang +Date: Sun, 2 Aug 2020 19:15:31 +0800 +Subject: scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() +Git-commit: 44f4daf8678ae5f08c93bbe70792f90cd88e4649 +Patch-mainline: v5.10-rc1 +References: bsc#1186957 + +On an error exit path, a negative error code should be returned instead of +a positive return value. + +Link: https://lore.kernel.org/r/20200802111531.5065-1-tianjia.zhang@linux.alibaba.com +Fixes: f40e74ffa3de ("csiostor:firmware upgrade fix") +Cc: Praveen Madhavan +Signed-off-by: Tianjia Zhang +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/csiostor/csio_hw.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/csiostor/csio_hw.c b/drivers/scsi/csiostor/csio_hw.c +index 98d4d39aaa57..b497fe949d4a 100644 +--- a/drivers/scsi/csiostor/csio_hw.c ++++ b/drivers/scsi/csiostor/csio_hw.c +@@ -2384,7 +2384,7 @@ static int csio_hw_prep_fw(struct csio_hw *hw, struct fw_info *fw_info, + FW_HDR_FW_VER_MICRO_G(c), FW_HDR_FW_VER_BUILD_G(c), + FW_HDR_FW_VER_MAJOR_G(k), FW_HDR_FW_VER_MINOR_G(k), + FW_HDR_FW_VER_MICRO_G(k), FW_HDR_FW_VER_BUILD_G(k)); +- ret = EINVAL; ++ ret = -EINVAL; + goto bye; + } + + diff --git a/patches.suse/scsi-cumana_2-Fix-different-dev_id-between-request_irq-and-free_irq b/patches.suse/scsi-cumana_2-Fix-different-dev_id-between-request_irq-and-free_irq new file mode 100644 index 0000000..fdefb32 --- /dev/null +++ b/patches.suse/scsi-cumana_2-Fix-different-dev_id-between-request_irq-and-free_irq @@ -0,0 +1,35 @@ +From: Christophe JAILLET +Date: Thu, 25 Jun 2020 22:47:30 +0200 +Subject: scsi: cumana_2: Fix different dev_id between request_irq() and + free_irq() +Git-commit: 040ab9c4fd0070cd5fa71ba3a7b95b8470db9b4d +Patch-mainline: v5.9-rc1 +References: bsc#1186958 + +The dev_id used in request_irq() and free_irq() should match. Use 'info' +in both cases. + +Link: https://lore.kernel.org/r/20200625204730.943520-1-christophe.jaillet@wanadoo.fr +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Acked-by: Russell King +Signed-off-by: Christophe JAILLET +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/arm/cumana_2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/arm/cumana_2.c b/drivers/scsi/arm/cumana_2.c +index 65691c21f133..29294f0ef8a9 100644 +--- a/drivers/scsi/arm/cumana_2.c ++++ b/drivers/scsi/arm/cumana_2.c +@@ -450,7 +450,7 @@ static int cumanascsi2_probe(struct expansion_card *ec, + + if (info->info.scsi.dma != NO_DMA) + free_dma(info->info.scsi.dma); +- free_irq(ec->irq, host); ++ free_irq(ec->irq, info); + + out_release: + fas216_release(host); + diff --git a/patches.suse/scsi-cxgb3i-Fix-some-leaks-in-init_act_open b/patches.suse/scsi-cxgb3i-Fix-some-leaks-in-init_act_open new file mode 100644 index 0000000..b39d7d7 --- /dev/null +++ b/patches.suse/scsi-cxgb3i-Fix-some-leaks-in-init_act_open @@ -0,0 +1,69 @@ +From: Dan Carpenter +Date: Thu, 21 May 2020 15:12:21 +0300 +Subject: scsi: cxgb3i: Fix some leaks in init_act_open() +Git-commit: b6170a49c59c27a10efed26c5a2969403e69aaba +Patch-mainline: v5.8-rc1 +References: bsc#1186959 + +There wasn't any clean up done if cxgb3_alloc_atid() failed and also the +original code didn't release "csk->l2t". + +Link: https://lore.kernel.org/r/20200521121221.GA247492@mwanda +Fixes: 6f7efaabefeb ("[SCSI] cxgb3i: change cxgb3i to use libcxgbi") +Signed-off-by: Dan Carpenter +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/cxgbi/cxgb3i/cxgb3i.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/drivers/scsi/cxgbi/cxgb3i/cxgb3i.c b/drivers/scsi/cxgbi/cxgb3i/cxgb3i.c +index 524cdbcd29aa..ec7d01f6e2d5 100644 +--- a/drivers/scsi/cxgbi/cxgb3i/cxgb3i.c ++++ b/drivers/scsi/cxgbi/cxgb3i/cxgb3i.c +@@ -959,6 +959,7 @@ static int init_act_open(struct cxgbi_sock *csk) + struct net_device *ndev = cdev->ports[csk->port_id]; + struct cxgbi_hba *chba = cdev->hbas[csk->port_id]; + struct sk_buff *skb = NULL; ++ int ret; + + log_debug(1 << CXGBI_DBG_TOE | 1 << CXGBI_DBG_SOCK, + "csk 0x%p,%u,0x%lx.\n", csk, csk->state, csk->flags); +@@ -979,16 +980,16 @@ static int init_act_open(struct cxgbi_sock *csk) + csk->atid = cxgb3_alloc_atid(t3dev, &t3_client, csk); + if (csk->atid < 0) { + pr_err("NO atid available.\n"); +- return -EINVAL; ++ ret = -EINVAL; ++ goto put_sock; + } + cxgbi_sock_set_flag(csk, CTPF_HAS_ATID); + cxgbi_sock_get(csk); + + skb = alloc_wr(sizeof(struct cpl_act_open_req), 0, GFP_KERNEL); + if (!skb) { +- cxgb3_free_atid(t3dev, csk->atid); +- cxgbi_sock_put(csk); +- return -ENOMEM; ++ ret = -ENOMEM; ++ goto free_atid; + } + skb->sk = (struct sock *)csk; + set_arp_failure_handler(skb, act_open_arp_failure); +@@ -1010,6 +1011,15 @@ static int init_act_open(struct cxgbi_sock *csk) + cxgbi_sock_set_state(csk, CTP_ACTIVE_OPEN); + send_act_open_req(csk, skb, csk->l2t); + return 0; ++ ++free_atid: ++ cxgb3_free_atid(t3dev, csk->atid); ++put_sock: ++ cxgbi_sock_put(csk); ++ l2t_release(t3dev, csk->l2t); ++ csk->l2t = NULL; ++ ++ return ret; + } + + cxgb3_cpl_handler_func cxgb3i_cpl_handlers[NUM_CPL_CMDS] = { + diff --git a/patches.suse/scsi-cxgb4i-Fix-TLS-dependency b/patches.suse/scsi-cxgb4i-Fix-TLS-dependency new file mode 100644 index 0000000..2979255 --- /dev/null +++ b/patches.suse/scsi-cxgb4i-Fix-TLS-dependency @@ -0,0 +1,45 @@ +From: Randy Dunlap +Date: Tue, 8 Dec 2020 14:05:05 -0800 +Subject: scsi: cxgb4i: Fix TLS dependency +Git-commit: cb5253198f10a4cd79b7523c581e6173c7d49ddb +Patch-mainline: v5.11-rc2 +References: bsc#1186960 + +SCSI_CXGB4_ISCSI selects CHELSIO_T4. The latter depends on TLS || TLS=n, so +since 'select' does not check dependencies of the selected symbol, +SCSI_CXGB4_ISCSI should also depend on TLS || TLS=n. + +This prevents the following kconfig warning and restricts SCSI_CXGB4_ISCSI +to 'm' whenever TLS=m. + +WARNING: unmet direct dependencies detected for CHELSIO_T4 + Depends on [m]: NETDEVICES [=y] && ETHERNET [=y] && NET_VENDOR_CHELSIO [=y] && PCI [=y] && (IPV6 [=y] || IPV6 [=y]=n) && (TLS [=m] || TLS [=m]=n) + Selected by [y]: + - SCSI_CXGB4_ISCSI [=y] && SCSI_LOWLEVEL [=y] && SCSI [=y] && PCI [=y] && INET [=y] && (IPV6 [=y] || IPV6 [=y]=n) && ETHERNET [=y] + +Link: https://lore.kernel.org/r/20201208220505.24488-1-rdunlap@infradead.org +Fixes: 7b36b6e03b0d ("[SCSI] cxgb4i v5: iscsi driver") +Cc: Karen Xie +Cc: linux-scsi@vger.kernel.org +Cc: "James E.J. Bottomley" +Cc: "Martin K. Petersen" +Signed-off-by: Randy Dunlap +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/cxgbi/cxgb4i/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/scsi/cxgbi/cxgb4i/Kconfig b/drivers/scsi/cxgbi/cxgb4i/Kconfig +index b206e266b4e7..8b0deece9758 100644 +--- a/drivers/scsi/cxgbi/cxgb4i/Kconfig ++++ b/drivers/scsi/cxgbi/cxgb4i/Kconfig +@@ -4,6 +4,7 @@ config SCSI_CXGB4_ISCSI + depends on PCI && INET && (IPV6 || IPV6=n) + depends on THERMAL || !THERMAL + depends on ETHERNET ++ depends on TLS || TLS=n + select NET_VENDOR_CHELSIO + select CHELSIO_T4 + select CHELSIO_LIB + diff --git a/patches.suse/scsi-eesox-Fix-different-dev_id-between-request_irq-and-free_irq b/patches.suse/scsi-eesox-Fix-different-dev_id-between-request_irq-and-free_irq new file mode 100644 index 0000000..cdc13ed --- /dev/null +++ b/patches.suse/scsi-eesox-Fix-different-dev_id-between-request_irq-and-free_irq @@ -0,0 +1,34 @@ +From: Christophe JAILLET +Date: Fri, 26 Jun 2020 06:05:53 +0200 +Subject: scsi: eesox: Fix different dev_id between request_irq() and + free_irq() +Git-commit: 86f2da1112ccf744ad9068b1d5d9843faf8ddee6 +Patch-mainline: v5.9-rc1 +References: bsc#1186961 + +The dev_id used in request_irq() and free_irq() should match. Use 'info' in +both cases. + +Link: https://lore.kernel.org/r/20200626040553.944352-1-christophe.jaillet@wanadoo.fr +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Christophe JAILLET +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/arm/eesox.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/arm/eesox.c b/drivers/scsi/arm/eesox.c +index 6e204a2e0c8d..591ae2a6dd74 100644 +--- a/drivers/scsi/arm/eesox.c ++++ b/drivers/scsi/arm/eesox.c +@@ -571,7 +571,7 @@ static int eesoxscsi_probe(struct expansion_card *ec, const struct ecard_id *id) + + if (info->info.scsi.dma != NO_DMA) + free_dma(info->info.scsi.dma); +- free_irq(ec->irq, host); ++ free_irq(ec->irq, info); + + out_remove: + fas216_remove(host); + diff --git a/patches.suse/scsi-fnic-Fix-error-return-code-in-fnic_probe b/patches.suse/scsi-fnic-Fix-error-return-code-in-fnic_probe new file mode 100644 index 0000000..d81fed9 --- /dev/null +++ b/patches.suse/scsi-fnic-Fix-error-return-code-in-fnic_probe @@ -0,0 +1,34 @@ +From: Zhang Changzhong +Date: Fri, 4 Dec 2020 15:47:39 +0800 +Subject: scsi: fnic: Fix error return code in fnic_probe() +Git-commit: d4fc94fe65578738ded138e9fce043db6bfc3241 +Patch-mainline: v5.11-rc1 +References: bsc#1186962 + +Return a negative error code from the error handling case instead of 0 as +done elsewhere in this function. + +Link: https://lore.kernel.org/r/1607068060-31203-1-git-send-email-zhangchangzhong@huawei.com +Fixes: 5df6d737dd4b ("[SCSI] fnic: Add new Cisco PCI-Express FCoE HBA") +Reported-by: Hulk Robot +Reviewed-by: Karan Tilak Kumar +Signed-off-by: Zhang Changzhong +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/fnic/fnic_main.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/scsi/fnic/fnic_main.c b/drivers/scsi/fnic/fnic_main.c +index cad29679e90e..186c3ab4456b 100644 +--- a/drivers/scsi/fnic/fnic_main.c ++++ b/drivers/scsi/fnic/fnic_main.c +@@ -742,6 +742,7 @@ static int fnic_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + for (i = 0; i < FNIC_IO_LOCKS; i++) + spin_lock_init(&fnic->io_req_lock[i]); + ++ err = -ENOMEM; + fnic->io_req_pool = mempool_create_slab_pool(2, fnic_io_req_cache); + if (!fnic->io_req_pool) + goto err_out_free_resources; + diff --git a/patches.suse/scsi-hisi_sas-Fix-IRQ-checks b/patches.suse/scsi-hisi_sas-Fix-IRQ-checks new file mode 100644 index 0000000..700de65 --- /dev/null +++ b/patches.suse/scsi-hisi_sas-Fix-IRQ-checks @@ -0,0 +1,54 @@ +From: Sergey Shtylyov +Date: Sat, 3 Apr 2021 23:43:55 +0300 +Subject: scsi: hisi_sas: Fix IRQ checks +Git-commit: 6c11dc060427e07ca144eacaccd696106b361b06 +Patch-mainline: v5.13-rc1 +References: bsc#1186963 + +Commit df2d8213d9e3 ("hisi_sas: use platform_get_irq()") failed to take +into account that irq_of_parse_and_map() and platform_get_irq() have a +different way of indicating an error: the former returns 0 and the latter +returns a negative error code. Fix up the IRQ checks! + +Link: https://lore.kernel.org/r/810f26d3-908b-1d6b-dc5c-40019726baca@omprussia.ru +Fixes: df2d8213d9e3 ("hisi_sas: use platform_get_irq()") +Acked-by: John Garry +Signed-off-by: Sergey Shtylyov +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/hisi_sas/hisi_sas_v1_hw.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/scsi/hisi_sas/hisi_sas_v1_hw.c b/drivers/scsi/hisi_sas/hisi_sas_v1_hw.c +index 7451377c4cb6..3e359ac752fd 100644 +--- a/drivers/scsi/hisi_sas/hisi_sas_v1_hw.c ++++ b/drivers/scsi/hisi_sas/hisi_sas_v1_hw.c +@@ -1646,7 +1646,7 @@ static int interrupt_init_v1_hw(struct hisi_hba *hisi_hba) + idx = i * HISI_SAS_PHY_INT_NR; + for (j = 0; j < HISI_SAS_PHY_INT_NR; j++, idx++) { + irq = platform_get_irq(pdev, idx); +- if (!irq) { ++ if (irq < 0) { + dev_err(dev, "irq init: fail map phy interrupt %d\n", + idx); + return -ENOENT; +@@ -1665,7 +1665,7 @@ static int interrupt_init_v1_hw(struct hisi_hba *hisi_hba) + idx = hisi_hba->n_phy * HISI_SAS_PHY_INT_NR; + for (i = 0; i < hisi_hba->queue_count; i++, idx++) { + irq = platform_get_irq(pdev, idx); +- if (!irq) { ++ if (irq < 0) { + dev_err(dev, "irq init: could not map cq interrupt %d\n", + idx); + return -ENOENT; +@@ -1683,7 +1683,7 @@ static int interrupt_init_v1_hw(struct hisi_hba *hisi_hba) + idx = (hisi_hba->n_phy * HISI_SAS_PHY_INT_NR) + hisi_hba->queue_count; + for (i = 0; i < HISI_SAS_FATAL_INT_NR; i++, idx++) { + irq = platform_get_irq(pdev, idx); +- if (!irq) { ++ if (irq < 0) { + dev_err(dev, "irq init: could not map fatal interrupt %d\n", + idx); + return -ENOENT; + diff --git a/patches.suse/scsi-hisi_sas-Remove-preemptible b/patches.suse/scsi-hisi_sas-Remove-preemptible new file mode 100644 index 0000000..8e7a006 --- /dev/null +++ b/patches.suse/scsi-hisi_sas-Remove-preemptible @@ -0,0 +1,49 @@ +From: "Ahmed S. Darwish" +Date: Thu, 26 Nov 2020 14:29:40 +0100 +Subject: scsi: hisi_sas: Remove preemptible() +Git-commit: 18577cdcaeeb7a1ca5c3adc4d92ed2ba75699625 +Patch-mainline: v5.11-rc1 +References: bsc#1186964 + +hisi_sas_task_exec() uses preemptible() to see if it's safe to block. This +does not work for CONFIG_PREEMPT_COUNT=n kernels in which preemptible() +always returns 0. + +The problem is masked when enabling some of the common Kconfig.debug +options (like CONFIG_DEBUG_ATOMIC_SLEEP), as they implicitly enable the +preemption counter. + +In general, driver leaf functions should not make logic decisions based on +the context they're called from. The caller should be the entity +responsible for explicitly indicating context. + +Since hisi_sas_task_exec() already has a gfp_t flags parameter, use it as +the explicit context marker. + +Link: https://lore.kernel.org/r/20201126132952.2287996-3-bigeasy@linutronix.de +Fixes: 214e702d4b70 ("scsi: hisi_sas: Adjust task reject period during host reset") +Fixes: 550c0d89d52d ("scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec()") +Cc: Xiaofei Tan +Cc: Xiang Chen +Cc: John Garry +Acked-by: John Garry +Signed-off-by: Ahmed S. Darwish +Signed-off-by: Sebastian Andrzej Siewior +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/hisi_sas/hisi_sas_main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/hisi_sas/hisi_sas_main.c ++++ b/drivers/scsi/hisi_sas/hisi_sas_main.c +@@ -602,7 +602,7 @@ static int hisi_sas_task_exec(struct sas + dev = hisi_hba->dev; + + if (unlikely(test_bit(HISI_SAS_REJECT_CMD_BIT, &hisi_hba->flags))) { +- if (in_softirq()) ++ if (!gfpflags_allow_blocking(gfp_flags)) + return -EINVAL; + + down(&hisi_hba->sem); + diff --git a/patches.suse/scsi-jazz_esp-Add-IRQ-check b/patches.suse/scsi-jazz_esp-Add-IRQ-check new file mode 100644 index 0000000..6422f3b --- /dev/null +++ b/patches.suse/scsi-jazz_esp-Add-IRQ-check @@ -0,0 +1,37 @@ +From: Sergey Shtylyov +Date: Tue, 30 Mar 2021 20:43:23 +0300 +Subject: scsi: jazz_esp: Add IRQ check +Git-commit: 38fca15c29db6ed06e894ac194502633e2a7d1fb +Patch-mainline: v5.13-rc1 +References: bsc#1186965 + +The driver neglects to check the result of platform_get_irq()'s call and +blithely passes the negative error codes to request_irq() (which takes +*unsigned* IRQ #), causing it to fail with -EINVAL, overriding the real +error code. Stop calling request_irq() with the invalid IRQ #s. + +Link: https://lore.kernel.org/r/594aa9ae-2215-49f6-f73c-33bd38989912@omprussia.ru +Fixes: 352e921f0dd4 ("[SCSI] jazz_esp: converted to use esp_core") +Signed-off-by: Sergey Shtylyov +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/jazz_esp.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/scsi/jazz_esp.c b/drivers/scsi/jazz_esp.c +index f0ed6863cc70..60a88a95a8e2 100644 +--- a/drivers/scsi/jazz_esp.c ++++ b/drivers/scsi/jazz_esp.c +@@ -143,7 +143,9 @@ static int esp_jazz_probe(struct platform_device *dev) + if (!esp->command_block) + goto fail_unmap_regs; + +- host->irq = platform_get_irq(dev, 0); ++ host->irq = err = platform_get_irq(dev, 0); ++ if (err < 0) ++ goto fail_unmap_command_block; + err = request_irq(host->irq, scsi_esp_intr, IRQF_SHARED, "ESP", esp); + if (err < 0) + goto fail_unmap_command_block; + diff --git a/patches.suse/scsi-libfc-Fix-enum-conversion-warning b/patches.suse/scsi-libfc-Fix-enum-conversion-warning new file mode 100644 index 0000000..8669928 --- /dev/null +++ b/patches.suse/scsi-libfc-Fix-enum-conversion-warning @@ -0,0 +1,38 @@ +From: Arnd Bergmann +Date: Mon, 26 Oct 2020 22:49:07 +0100 +Subject: scsi: libfc: Fix enum-conversion warning +Git-commit: 3fb52041a832a253f708c845dff081a0c4fef35e +Patch-mainline: v5.11-rc1 +References: bsc#1186966 + +gcc -Wextra points out an assignment between two different enum types: + +drivers/scsi/libfc/fc_exch.c: In function 'fc_exch_setup_hdr': +../drivers/scsi/libfc/fc_exch.c:275:26: warning: implicit conversion from 'enum fc_class' to 'enum fc_sof' [-Wenum-conversion] + +This seems to be intentional, as the same numeric values are used here, so +shut up the warning by adding an explicit cast. + +Link: https://lore.kernel.org/r/20201026214911.3892701-1-arnd@kernel.org +Fixes: 42e9a92fe6a9 ("[SCSI] libfc: A modular Fibre Channel library") +Signed-off-by: Arnd Bergmann +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/libfc/fc_exch.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c +index 91e680b53523..d71afae6191c 100644 +--- a/drivers/scsi/libfc/fc_exch.c ++++ b/drivers/scsi/libfc/fc_exch.c +@@ -271,7 +271,7 @@ static void fc_exch_setup_hdr(struct fc_exch *ep, struct fc_frame *fp, + + if (f_ctl & FC_FC_END_SEQ) { + fr_eof(fp) = FC_EOF_T; +- if (fc_sof_needs_ack(ep->class)) ++ if (fc_sof_needs_ack((enum fc_sof)ep->class)) + fr_eof(fp) = FC_EOF_N; + /* + * From F_CTL. + diff --git a/patches.suse/scsi-libsas-Fix-error-path-in-sas_notify_lldd_dev_found b/patches.suse/scsi-libsas-Fix-error-path-in-sas_notify_lldd_dev_found new file mode 100644 index 0000000..8d0d3dc --- /dev/null +++ b/patches.suse/scsi-libsas-Fix-error-path-in-sas_notify_lldd_dev_found @@ -0,0 +1,41 @@ +From: Dan Carpenter +Date: Sat, 5 Sep 2020 15:58:36 +0300 +Subject: scsi: libsas: Fix error path in sas_notify_lldd_dev_found() +Git-commit: 244359c99fd90f1c61c3944f93250f8219435c75 +Patch-mainline: v5.9-rc6 +References: bsc#1186967 + +In sas_notify_lldd_dev_found(), if we can't allocate the necessary +resources, then it seems like the wrong thing to mark the device as found +and to increment the reference count. None of the callers ever drop the +reference in that situation. + +[mkp: tweaked commit desc based on feedback from John] + +Link: https://lore.kernel.org/r/20200905125836.GF183976@mwanda +Fixes: 735f7d2fedf5 ("[SCSI] libsas: fix domain_device leak") +Reviewed-by: Jason Yan +Acked-by: John Garry +Signed-off-by: Dan Carpenter +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/libsas/sas_discover.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/libsas/sas_discover.c ++++ b/drivers/scsi/libsas/sas_discover.c +@@ -182,10 +182,11 @@ int sas_notify_lldd_dev_found(struct dom + pr_warn("driver on host %s cannot handle device %llx, error:%d\n", + dev_name(sas_ha->dev), + SAS_ADDR(dev->sas_addr), res); ++ return res; + } + set_bit(SAS_DEV_FOUND, &dev->state); + kref_get(&dev->kref); +- return res; ++ return 0; + } + + + diff --git a/patches.suse/scsi-libsas-Reset-num_scatter-if-libata-marks-qc-as-NODATA b/patches.suse/scsi-libsas-Reset-num_scatter-if-libata-marks-qc-as-NODATA new file mode 100644 index 0000000..30f4229 --- /dev/null +++ b/patches.suse/scsi-libsas-Reset-num_scatter-if-libata-marks-qc-as-NODATA @@ -0,0 +1,71 @@ +From: Jolly Shah +Date: Thu, 18 Mar 2021 15:56:32 -0700 +Subject: scsi: libsas: Reset num_scatter if libata marks qc as NODATA +Git-commit: 176ddd89171ddcf661862d90c5d257877f7326d6 +Patch-mainline: v5.12-rc8 +References: bsc#1187068 + +When the cache_type for the SCSI device is changed, the SCSI layer issues a +MODE_SELECT command. The caching mode details are communicated via a +request buffer associated with the SCSI command with data direction set as +DMA_TO_DEVICE (scsi_mode_select()). When this command reaches the libata +layer, as a part of generic initial setup, libata layer sets up the +scatterlist for the command using the SCSI command (ata_scsi_qc_new()). +This command is then translated by the libata layer into +ATA_CMD_SET_FEATURES (ata_scsi_mode_select_xlat()). The libata layer treats +this as a non-data command (ata_mselect_caching()), since it only needs an +ATA taskfile to pass the caching on/off information to the device. It does +not need the scatterlist that has been setup, so it does not perform +dma_map_sg() on the scatterlist (ata_qc_issue()). Unfortunately, when this +command reaches the libsas layer (sas_ata_qc_issue()), libsas layer sees it +as a non-data command with a scatterlist. It cannot extract the correct DMA +length since the scatterlist has not been mapped with dma_map_sg() for a +DMA operation. When this partially constructed SAS task reaches pm80xx +LLDD, it results in the following warning: + +"pm80xx_chip_sata_req 6058: The sg list address +start_addr=0x0000000000000000 data_len=0x0end_addr_high=0xffffffff +end_addr_low=0xffffffff has crossed 4G boundary" + +Update libsas to handle ATA non-data commands separately so num_scatter and +total_xfer_len remain 0. + +Link: https://lore.kernel.org/r/20210318225632.2481291-1-jollys@google.com +Fixes: 53de092f47ff ("scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA") +Tested-by: Luo Jiaxing +Reviewed-by: John Garry +Signed-off-by: Jolly Shah +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/libsas/sas_ata.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c +index 024e5a550759..8b9a39077dba 100644 +--- a/drivers/scsi/libsas/sas_ata.c ++++ b/drivers/scsi/libsas/sas_ata.c +@@ -201,18 +201,17 @@ static unsigned int sas_ata_qc_issue(struct ata_queued_cmd *qc) + memcpy(task->ata_task.atapi_packet, qc->cdb, qc->dev->cdb_len); + task->total_xfer_len = qc->nbytes; + task->num_scatter = qc->n_elem; ++ task->data_dir = qc->dma_dir; ++ } else if (qc->tf.protocol == ATA_PROT_NODATA) { ++ task->data_dir = DMA_NONE; + } else { + for_each_sg(qc->sg, sg, qc->n_elem, si) + xfer += sg_dma_len(sg); + + task->total_xfer_len = xfer; + task->num_scatter = si; +- } +- +- if (qc->tf.protocol == ATA_PROT_NODATA) +- task->data_dir = DMA_NONE; +- else + task->data_dir = qc->dma_dir; ++ } + task->scatter = qc->sg; + task->ata_task.retry_count = 1; + task->task_state_flags = SAS_TASK_STATE_PENDING; + diff --git a/patches.suse/scsi-libsas-Set-data_dir-as-DMA_NONE-if-libata-marks-qc-as-NODATA b/patches.suse/scsi-libsas-Set-data_dir-as-DMA_NONE-if-libata-marks-qc-as-NODATA new file mode 100644 index 0000000..0dba63d --- /dev/null +++ b/patches.suse/scsi-libsas-Set-data_dir-as-DMA_NONE-if-libata-marks-qc-as-NODATA @@ -0,0 +1,49 @@ +From: Luo Jiaxing +Date: Wed, 26 Aug 2020 15:24:26 +0800 +Subject: scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA +Git-commit: 53de092f47ff40e8d4d78d590d95819d391bf2e0 +Patch-mainline: v5.9-rc5 +References: bsc#1186968 + +It was discovered that sdparm will fail when attempting to disable write +cache on a SATA disk connected via libsas. + +In the ATA command set the write cache state is controlled through the SET +FEATURES operation. This is roughly corresponds to MODE SELECT in SCSI and +the latter command is what is used in the SCSI-ATA translation layer. A +subtle difference is that a MODE SELECT carries data whereas SET FEATURES +is defined as a non-data command in ATA. + +Set the DMA data direction to DMA_NONE if the requested ATA command is +identified as non-data. + +[mkp: commit desc] + +Fixes: fa1c1e8f1ece ("[SCSI] Add SATA support to libsas") +Link: https://lore.kernel.org/r/1598426666-54544-1-git-send-email-luojiaxing@huawei.com +Reviewed-by: John Garry +Reviewed-by: Jason Yan +Signed-off-by: Luo Jiaxing +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/libsas/sas_ata.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c +index 1b93332daa6b..8b424c8ab834 100644 +--- a/drivers/scsi/libsas/sas_ata.c ++++ b/drivers/scsi/libsas/sas_ata.c +@@ -209,7 +209,10 @@ static unsigned int sas_ata_qc_issue(struct ata_queued_cmd *qc) + task->num_scatter = si; + } + +- task->data_dir = qc->dma_dir; ++ if (qc->tf.protocol == ATA_PROT_NODATA) ++ task->data_dir = DMA_NONE; ++ else ++ task->data_dir = qc->dma_dir; + task->scatter = qc->sg; + task->ata_task.retry_count = 1; + task->task_state_flags = SAS_TASK_STATE_PENDING; + diff --git a/patches.suse/scsi-lpfc-Add-a-option-to-enable-interlocked-ABTS-be.patch b/patches.suse/scsi-lpfc-Add-a-option-to-enable-interlocked-ABTS-be.patch index 6cb548a..845c568 100644 --- a/patches.suse/scsi-lpfc-Add-a-option-to-enable-interlocked-ABTS-be.patch +++ b/patches.suse/scsi-lpfc-Add-a-option-to-enable-interlocked-ABTS-be.patch @@ -3,7 +3,7 @@ Date: Fri, 14 May 2021 12:55:57 -0700 Subject: scsi: lpfc: Add a option to enable interlocked ABTS before job completion Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git Git-commit: 3e49af9393c6e59d579de13333514fc9660a0e92 References: bsc#1186451 diff --git a/patches.suse/scsi-lpfc-Add-ndlp-kref-accounting-for-resume-RPI-pa.patch b/patches.suse/scsi-lpfc-Add-ndlp-kref-accounting-for-resume-RPI-pa.patch index 3b8cb6f..b68c614 100644 --- a/patches.suse/scsi-lpfc-Add-ndlp-kref-accounting-for-resume-RPI-pa.patch +++ b/patches.suse/scsi-lpfc-Add-ndlp-kref-accounting-for-resume-RPI-pa.patch @@ -2,7 +2,7 @@ From: James Smart Date: Fri, 14 May 2021 12:55:52 -0700 Subject: scsi: lpfc: Add ndlp kref accounting for resume RPI path Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git Git-commit: 1037e4b4f81dc4ddf928e0ca2f1b182efdfdcc9d References: bsc#1186451 diff --git a/patches.suse/scsi-lpfc-Fix-Node-recovery-when-driver-is-handling-.patch b/patches.suse/scsi-lpfc-Fix-Node-recovery-when-driver-is-handling-.patch index b3cb0f6..57f5c52 100644 --- a/patches.suse/scsi-lpfc-Fix-Node-recovery-when-driver-is-handling-.patch +++ b/patches.suse/scsi-lpfc-Fix-Node-recovery-when-driver-is-handling-.patch @@ -3,7 +3,7 @@ Date: Fri, 14 May 2021 12:55:53 -0700 Subject: scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git Git-commit: 4012baeab6ca22b7f7beb121b6d0da0a62942fdd References: bsc#1186451 diff --git a/patches.suse/scsi-lpfc-Fix-Unexpected-timeout-error-in-direct-att.patch b/patches.suse/scsi-lpfc-Fix-Unexpected-timeout-error-in-direct-att.patch index c19bb99..f6bdd64 100644 --- a/patches.suse/scsi-lpfc-Fix-Unexpected-timeout-error-in-direct-att.patch +++ b/patches.suse/scsi-lpfc-Fix-Unexpected-timeout-error-in-direct-att.patch @@ -2,7 +2,7 @@ From: James Smart Date: Fri, 14 May 2021 12:55:51 -0700 Subject: scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git Git-commit: e30d55137edef47434c40d7570276a0846fe922c References: bsc#1186451 diff --git a/patches.suse/scsi-lpfc-Fix-ancient-double-free b/patches.suse/scsi-lpfc-Fix-ancient-double-free new file mode 100644 index 0000000..d88a491 --- /dev/null +++ b/patches.suse/scsi-lpfc-Fix-ancient-double-free @@ -0,0 +1,58 @@ +From: Dan Carpenter +Date: Mon, 25 Jan 2021 11:44:34 +0300 +Subject: scsi: lpfc: Fix ancient double free +Git-commit: 0be310979e5e1272d4c5b557642df4da4ce7eba4 +Patch-mainline: v5.12-rc1 +References: bsc#1186969 + +The "pmb" pointer is freed at the start of the function and then freed +again in the error handling code. + +Link: https://lore.kernel.org/r/YA6E8rO51hE56SVw@mwanda +Fixes: 92d7f7b0cde3 ("[SCSI] lpfc: NPIV: add NPIV support on top of SLI-3") +Signed-off-by: Dan Carpenter +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/lpfc/lpfc_hbadisc.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/drivers/scsi/lpfc/lpfc_hbadisc.c b/drivers/scsi/lpfc/lpfc_hbadisc.c +index f890b5b7e6ca..48ca4a612f80 100644 +--- a/drivers/scsi/lpfc/lpfc_hbadisc.c ++++ b/drivers/scsi/lpfc/lpfc_hbadisc.c +@@ -1155,13 +1155,14 @@ lpfc_mbx_cmpl_local_config_link(struct lpfc_hba *phba, LPFC_MBOXQ_t *pmb) + struct lpfc_vport *vport = pmb->vport; + LPFC_MBOXQ_t *sparam_mb; + struct lpfc_dmabuf *sparam_mp; ++ u16 status = pmb->u.mb.mbxStatus; + int rc; + +- if (pmb->u.mb.mbxStatus) +- goto out; +- + mempool_free(pmb, phba->mbox_mem_pool); + ++ if (status) ++ goto out; ++ + /* don't perform discovery for SLI4 loopback diagnostic test */ + if ((phba->sli_rev == LPFC_SLI_REV4) && + !(phba->hba_flag & HBA_FCOE_MODE) && +@@ -1224,12 +1225,10 @@ lpfc_mbx_cmpl_local_config_link(struct lpfc_hba *phba, LPFC_MBOXQ_t *pmb) + + out: + lpfc_printf_vlog(vport, KERN_ERR, LOG_TRACE_EVENT, +- "0306 CONFIG_LINK mbxStatus error x%x " +- "HBA state x%x\n", +- pmb->u.mb.mbxStatus, vport->port_state); +-sparam_out: +- mempool_free(pmb, phba->mbox_mem_pool); ++ "0306 CONFIG_LINK mbxStatus error x%x HBA state x%x\n", ++ status, vport->port_state); + ++sparam_out: + lpfc_linkdown(phba); + + lpfc_printf_vlog(vport, KERN_ERR, LOG_TRACE_EVENT, + diff --git a/patches.suse/scsi-lpfc-Fix-crash-when-lpfc_sli4_hba_setup-fails-t.patch b/patches.suse/scsi-lpfc-Fix-crash-when-lpfc_sli4_hba_setup-fails-t.patch index 107846a..c016e8e 100644 --- a/patches.suse/scsi-lpfc-Fix-crash-when-lpfc_sli4_hba_setup-fails-t.patch +++ b/patches.suse/scsi-lpfc-Fix-crash-when-lpfc_sli4_hba_setup-fails-t.patch @@ -3,7 +3,7 @@ Date: Fri, 14 May 2021 12:55:56 -0700 Subject: scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git Git-commit: 5aa615d195f1e142c662cb2253f057c9baec7531 References: bsc#1186451 diff --git a/patches.suse/scsi-lpfc-Fix-failure-to-transmit-ABTS-on-FC-link.patch b/patches.suse/scsi-lpfc-Fix-failure-to-transmit-ABTS-on-FC-link.patch new file mode 100644 index 0000000..dfb880a --- /dev/null +++ b/patches.suse/scsi-lpfc-Fix-failure-to-transmit-ABTS-on-FC-link.patch @@ -0,0 +1,41 @@ +From: James Smart +Date: Fri, 28 May 2021 14:22:40 -0700 +Subject: scsi: lpfc: Fix failure to transmit ABTS on FC link +Patch-mainline: v5.13-rc5 +Git-commit: 696770e72f2b42b92ea0a4a98087fb2ba376417a +References: git-fixes + +The abort_cmd_ia flag in an abort wqe describes whether an ABTS basic link +service should be transmitted on the FC link or not. Code added in +lpfc_sli4_issue_abort_iotag() set the abort_cmd_ia flag incorrectly, +surpressing ABTS transmission. + +A previous LPFC change to build an abort wqe inverted prior logic that +determined whether an ABTS was to be issued on the FC link. + +Revert this logic to its proper state. + +Link: https://lore.kernel.org/r/20210528212240.11387-1-jsmart2021@gmail.com +Fixes: db7531d2b377 ("scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers") +Cc: # v5.11+ +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_sli.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -20589,10 +20589,8 @@ lpfc_sli4_issue_abort_iotag(struct lpfc_ + abtswqe = &abtsiocb->wqe; + memset(abtswqe, 0, sizeof(*abtswqe)); + +- if (lpfc_is_link_up(phba)) ++ if (!lpfc_is_link_up(phba)) + bf_set(abort_cmd_ia, &abtswqe->abort_cmd, 1); +- else +- bf_set(abort_cmd_ia, &abtswqe->abort_cmd, 0); + bf_set(abort_cmd_criteria, &abtswqe->abort_cmd, T_XRI_TAG); + abtswqe->abort_cmd.rsrvd5 = 0; + abtswqe->abort_cmd.wqe_com.abort_tag = xritag; diff --git a/patches.suse/scsi-lpfc-Fix-node-handling-for-Fabric-Controller-an.patch b/patches.suse/scsi-lpfc-Fix-node-handling-for-Fabric-Controller-an.patch index 44b6758..231cc21 100644 --- a/patches.suse/scsi-lpfc-Fix-node-handling-for-Fabric-Controller-an.patch +++ b/patches.suse/scsi-lpfc-Fix-node-handling-for-Fabric-Controller-an.patch @@ -3,7 +3,7 @@ Date: Fri, 14 May 2021 12:55:54 -0700 Subject: scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git Git-commit: fe83e3b9b422ac8ece2359c7b7290efe7f0335a2 References: bsc#1186451 diff --git a/patches.suse/scsi-lpfc-Fix-non-optimized-ERSP-handling.patch b/patches.suse/scsi-lpfc-Fix-non-optimized-ERSP-handling.patch index 93965c3..14534a1 100644 --- a/patches.suse/scsi-lpfc-Fix-non-optimized-ERSP-handling.patch +++ b/patches.suse/scsi-lpfc-Fix-non-optimized-ERSP-handling.patch @@ -2,7 +2,7 @@ From: James Smart Date: Fri, 14 May 2021 12:55:50 -0700 Subject: scsi: lpfc: Fix non-optimized ERSP handling Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git Git-commit: fa21189db9ab022080e056cc6da219975da48fd6 References: bsc#1186451 diff --git a/patches.suse/scsi-lpfc-Fix-unreleased-RPIs-when-NPIV-ports-are-cr.patch b/patches.suse/scsi-lpfc-Fix-unreleased-RPIs-when-NPIV-ports-are-cr.patch index 60be11d..c924b1f 100644 --- a/patches.suse/scsi-lpfc-Fix-unreleased-RPIs-when-NPIV-ports-are-cr.patch +++ b/patches.suse/scsi-lpfc-Fix-unreleased-RPIs-when-NPIV-ports-are-cr.patch @@ -2,7 +2,7 @@ From: James Smart Date: Fri, 14 May 2021 12:55:49 -0700 Subject: scsi: lpfc: Fix unreleased RPIs when NPIV ports are created Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git Git-commit: 01131e7aae5d30e23e3cdd1eebe51bbc5489ae8f References: bsc#1186451 diff --git a/patches.suse/scsi-lpfc-Ignore-GID-FT-response-that-may-be-receive.patch b/patches.suse/scsi-lpfc-Ignore-GID-FT-response-that-may-be-receive.patch index edf59d5..8d7cce0 100644 --- a/patches.suse/scsi-lpfc-Ignore-GID-FT-response-that-may-be-receive.patch +++ b/patches.suse/scsi-lpfc-Ignore-GID-FT-response-that-may-be-receive.patch @@ -3,7 +3,7 @@ Date: Fri, 14 May 2021 12:55:55 -0700 Subject: scsi: lpfc: Ignore GID-FT response that may be received after a link flip Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git Git-commit: 04c1d9c50ae32d6efd0b71024b3829051821c7a2 References: bsc#1186451 diff --git a/patches.suse/scsi-lpfc-Reregister-FPIN-types-if-ELS_RDF-is-receiv.patch b/patches.suse/scsi-lpfc-Reregister-FPIN-types-if-ELS_RDF-is-receiv.patch index e490ad4..3f1c79e 100644 --- a/patches.suse/scsi-lpfc-Reregister-FPIN-types-if-ELS_RDF-is-receiv.patch +++ b/patches.suse/scsi-lpfc-Reregister-FPIN-types-if-ELS_RDF-is-receiv.patch @@ -3,7 +3,7 @@ Date: Fri, 14 May 2021 12:55:58 -0700 Subject: scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git Git-commit: 8eced807077d198fc264629bd2592795d270c9f1 References: bsc#1186451 diff --git a/patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.10.patch b/patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.10.patch index d9124cd..19793e4 100644 --- a/patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.10.patch +++ b/patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.10.patch @@ -2,7 +2,7 @@ From: James Smart Date: Fri, 14 May 2021 12:55:59 -0700 Subject: scsi: lpfc: Update lpfc version to 12.8.0.10 Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git Git-commit: e5e0280db792953ee7acbdbf01179d53187a6083 References: bsc#1186451 diff --git a/patches.suse/scsi-megaraid_sas-Check-user-provided-offsets b/patches.suse/scsi-megaraid_sas-Check-user-provided-offsets new file mode 100644 index 0000000..5506d4f --- /dev/null +++ b/patches.suse/scsi-megaraid_sas-Check-user-provided-offsets @@ -0,0 +1,71 @@ +From: Arnd Bergmann +Date: Fri, 30 Oct 2020 17:44:20 +0100 +Subject: scsi: megaraid_sas: Check user-provided offsets +Git-commit: 381d34e376e3d9d27730fda8a0e870600e6c8196 +Patch-mainline: v5.11-rc1 +References: bsc#1186970 + +It sounds unwise to let user space pass an unchecked 32-bit offset into a +kernel structure in an ioctl. This is an unsigned variable, so checking the +upper bound for the size of the structure it points into is sufficient to +avoid data corruption, but as the pointer might also be unaligned, it has +to be written carefully as well. + +While I stumbled over this problem by reading the code, I did not continue +checking the function for further problems like it. + +Link: https://lore.kernel.org/r/20201030164450.1253641-2-arnd@kernel.org +Fixes: c4a3e0a529ab ("[SCSI] MegaRAID SAS RAID: new driver") +Cc: # v2.6.15+ +Reviewed-by: Christoph Hellwig +Signed-off-by: Arnd Bergmann +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/megaraid/megaraid_sas_base.c | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c +index 41cd66fc7d81..5e31bd364a5b 100644 +--- a/drivers/scsi/megaraid/megaraid_sas_base.c ++++ b/drivers/scsi/megaraid/megaraid_sas_base.c +@@ -8134,7 +8134,7 @@ megasas_mgmt_fw_ioctl(struct megasas_instance *instance, + int error = 0, i; + void *sense = NULL; + dma_addr_t sense_handle; +- unsigned long *sense_ptr; ++ void *sense_ptr; + u32 opcode = 0; + int ret = DCMD_SUCCESS; + +@@ -8257,6 +8257,13 @@ megasas_mgmt_fw_ioctl(struct megasas_instance *instance, + } + + if (ioc->sense_len) { ++ /* make sure the pointer is part of the frame */ ++ if (ioc->sense_off > ++ (sizeof(union megasas_frame) - sizeof(__le64))) { ++ error = -EINVAL; ++ goto out; ++ } ++ + sense = dma_alloc_coherent(&instance->pdev->dev, ioc->sense_len, + &sense_handle, GFP_KERNEL); + if (!sense) { +@@ -8264,12 +8271,11 @@ megasas_mgmt_fw_ioctl(struct megasas_instance *instance, + goto out; + } + +- sense_ptr = +- (unsigned long *) ((unsigned long)cmd->frame + ioc->sense_off); ++ sense_ptr = (void *)cmd->frame + ioc->sense_off; + if (instance->consistent_mask_64bit) +- *sense_ptr = cpu_to_le64(sense_handle); ++ put_unaligned_le64(sense_handle, sense_ptr); + else +- *sense_ptr = cpu_to_le32(sense_handle); ++ put_unaligned_le32(sense_handle, sense_ptr); + } + + /* + diff --git a/patches.suse/scsi-megaraid_sas-Don-t-call-disable_irq-from-process-IRQ-poll b/patches.suse/scsi-megaraid_sas-Don-t-call-disable_irq-from-process-IRQ-poll new file mode 100644 index 0000000..2233d7d --- /dev/null +++ b/patches.suse/scsi-megaraid_sas-Don-t-call-disable_irq-from-process-IRQ-poll @@ -0,0 +1,34 @@ +From: Tomas Henzl +Date: Thu, 27 Aug 2020 18:53:32 +0200 +Subject: scsi: megaraid_sas: Don't call disable_irq from process IRQ poll +Git-commit: d2af39141eea34ef651961e885f49d96781a1016 +Patch-mainline: v5.9-rc5 +References: bsc#1186972 + +disable_irq() might sleep. Replace it with disable_irq_nosync() which is +sufficient as irq_poll_scheduled protects against concurrently running +complete_cmd_fusion() from megasas_irqpoll() and megasas_isr_fusion(). + +Link: https://lore.kernel.org/r/20200827165332.8432-1-thenzl@redhat.com +Fixes: a6ffd5bf681 scsi: megaraid_sas: Call disable_irq from process IRQ poll +Signed-off-by: Tomas Henzl +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/megaraid/megaraid_sas_fusion.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.c b/drivers/scsi/megaraid/megaraid_sas_fusion.c +index 0824410f78f8..0e143020a9fb 100644 +--- a/drivers/scsi/megaraid/megaraid_sas_fusion.c ++++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c +@@ -3689,7 +3689,7 @@ int megasas_irqpoll(struct irq_poll *irqpoll, int budget) + instance = irq_ctx->instance; + + if (irq_ctx->irq_line_enable) { +- disable_irq(irq_ctx->os_irq); ++ disable_irq_nosync(irq_ctx->os_irq); + irq_ctx->irq_line_enable = false; + } + + diff --git a/patches.suse/scsi-megaraid_sas-Fix-MEGASAS_IOC_FIRMWARE-regression b/patches.suse/scsi-megaraid_sas-Fix-MEGASAS_IOC_FIRMWARE-regression new file mode 100644 index 0000000..37f7437 --- /dev/null +++ b/patches.suse/scsi-megaraid_sas-Fix-MEGASAS_IOC_FIRMWARE-regression @@ -0,0 +1,76 @@ +From: Arnd Bergmann +Date: Tue, 5 Jan 2021 00:41:04 +0100 +Subject: scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression +Git-commit: b112036535eda34460677ea883eaecc3a45a435d +Patch-mainline: v5.11-rc5 +References: bsc#1186973 + +Phil Oester reported that a fix for a possible buffer overrun that I sent +caused a regression that manifests in this output: + + Event Message: A PCI parity error was detected on a component at bus 0 device 5 function 0. + Severity: Critical + Message ID: PCI1308 + +The original code tried to handle the sense data pointer differently when +using 32-bit 64-bit DMA addressing, which would lead to a 32-bit dma_addr_t +value of 0x11223344 to get stored + +32-bit kernel: 44 33 22 11 ?? ?? ?? ?? +64-bit LE kernel: 44 33 22 11 00 00 00 00 +64-bit BE kernel: 00 00 00 00 44 33 22 11 + +or a 64-bit dma_addr_t value of 0x1122334455667788 to get stored as + +32-bit kernel: 88 77 66 55 ?? ?? ?? ?? +64-bit kernel: 88 77 66 55 44 33 22 11 + +In my patch, I tried to ensure that the same value is used on both 32-bit +and 64-bit kernels, and picked what seemed to be the most sensible +combination, storing 32-bit addresses in the first four bytes (as 32-bit +kernels already did), and 64-bit addresses in eight consecutive bytes (as +64-bit kernels already did), but evidently this was incorrect. + +Always storing the dma_addr_t pointer as 64-bit little-endian, +i.e. initializing the second four bytes to zero in case of 32-bit +addressing, apparently solved the problem for Phil, and is consistent with +what all 64-bit little-endian machines did before. + +I also checked in the history that in previous versions of the code, the +pointer was always in the first four bytes without padding, and that +previous attempts to fix 64-bit user space, big-endian architectures and +64-bit DMA were clearly flawed and seem to have introduced made this worse. + +Link: https://lore.kernel.org/r/20210104234137.438275-1-arnd@kernel.org +Fixes: 381d34e376e3 ("scsi: megaraid_sas: Check user-provided offsets") +Fixes: 107a60dd71b5 ("scsi: megaraid_sas: Add support for 64bit consistent DMA") +Fixes: 94cd65ddf4d7 ("[SCSI] megaraid_sas: addded support for big endian architecture") +Fixes: 7b2519afa1ab ("[SCSI] megaraid_sas: fix 64 bit sense pointer truncation") +Reported-by: Phil Oester +Tested-by: Phil Oester +Signed-off-by: Arnd Bergmann +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/megaraid/megaraid_sas_base.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c +index af192096a82b..63a4f48bdc75 100644 +--- a/drivers/scsi/megaraid/megaraid_sas_base.c ++++ b/drivers/scsi/megaraid/megaraid_sas_base.c +@@ -8244,11 +8244,9 @@ megasas_mgmt_fw_ioctl(struct megasas_instance *instance, + goto out; + } + ++ /* always store 64 bits regardless of addressing */ + sense_ptr = (void *)cmd->frame + ioc->sense_off; +- if (instance->consistent_mask_64bit) +- put_unaligned_le64(sense_handle, sense_ptr); +- else +- put_unaligned_le32(sense_handle, sense_ptr); ++ put_unaligned_le64(sense_handle, sense_ptr); + } + + /* + diff --git a/patches.suse/scsi-mesh-Fix-panic-after-host-or-bus-reset b/patches.suse/scsi-mesh-Fix-panic-after-host-or-bus-reset new file mode 100644 index 0000000..3f5651e --- /dev/null +++ b/patches.suse/scsi-mesh-Fix-panic-after-host-or-bus-reset @@ -0,0 +1,105 @@ +From: Finn Thain +Date: Thu, 23 Jul 2020 09:25:51 +1000 +Subject: scsi: mesh: Fix panic after host or bus reset +Git-commit: edd7dd2292ab9c3628b65c4d04514c3068ad54f6 +Patch-mainline: v5.9-rc1 +References: bsc#1186976 + +Booting Linux with a Conner CP3200 drive attached to the MESH SCSI bus +results in EH measures and a panic: + +[ 25.499838] mesh: configured for synchronous 5 MB/s +[ 25.787154] mesh: performing initial bus reset... +[ 29.867115] scsi host0: MESH +[ 29.929527] mesh: target 0 synchronous at 3.6 MB/s +[ 29.998763] scsi 0:0:0:0: Direct-Access CONNER CP3200-200mb-3.5 4040 PQ: 0 ANSI: 1 CCS +[ 31.989975] sd 0:0:0:0: [sda] 415872 512-byte logical blocks: (213 MB/203 MiB) +[ 32.070975] sd 0:0:0:0: [sda] Write Protect is off +[ 32.137197] sd 0:0:0:0: [sda] Mode Sense: 5b 00 00 08 +[ 32.209661] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA +[ 32.332708] sda: [mac] sda1 sda2 sda3 +[ 32.417733] sd 0:0:0:0: [sda] Attached SCSI disk +... snip ... +[ 76.687067] mesh_abort((ptrval)) +[ 76.743606] mesh: state at (ptrval), regs at (ptrval), dma at (ptrval) +[ 76.810798] ct=6000 seq=86 bs=4017 fc= 0 exc= 0 err= 0 im= 7 int= 0 sp=85 +[ 76.880720] dma stat=84e0 cmdptr=1f73d000 +[ 76.941387] phase=4 msgphase=0 conn_tgt=0 data_ptr=24576 +[ 77.005567] dma_st=1 dma_ct=0 n_msgout=0 +[ 77.065456] target 0: req=(ptrval) goes_out=0 saved_ptr=0 +[ 77.130512] mesh_abort((ptrval)) +[ 77.187670] mesh: state at (ptrval), regs at (ptrval), dma at (ptrval) +[ 77.255594] ct=6000 seq=86 bs=4017 fc= 0 exc= 0 err= 0 im= 7 int= 0 sp=85 +[ 77.325778] dma stat=84e0 cmdptr=1f73d000 +[ 77.387239] phase=4 msgphase=0 conn_tgt=0 data_ptr=24576 +[ 77.453665] dma_st=1 dma_ct=0 n_msgout=0 +[ 77.515900] target 0: req=(ptrval) goes_out=0 saved_ptr=0 +[ 77.582902] mesh_host_reset +[ 88.187083] Kernel panic - not syncing: mesh: double DMA start ! +[ 88.254510] CPU: 0 PID: 358 Comm: scsi_eh_0 Not tainted 5.6.13-pmac #1 +[ 88.323302] Call Trace: +[ 88.378854] [e16ddc58] [c0027080] panic+0x13c/0x308 (unreliable) +[ 88.446221] [e16ddcb8] [c02b2478] mesh_start.part.12+0x130/0x414 +[ 88.513298] [e16ddcf8] [c02b2fc8] mesh_queue+0x54/0x70 +[ 88.577097] [e16ddd18] [c02a1848] scsi_send_eh_cmnd+0x374/0x384 +[ 88.643476] [e16dddc8] [c02a1938] scsi_eh_tur+0x5c/0xb8 +[ 88.707878] [e16dddf8] [c02a1ab8] scsi_eh_test_devices+0x124/0x178 +[ 88.775663] [e16dde28] [c02a2094] scsi_eh_ready_devs+0x588/0x8a8 +[ 88.843124] [e16dde98] [c02a31d8] scsi_error_handler+0x344/0x520 +[ 88.910697] [e16ddf08] [c00409c8] kthread+0xe4/0xe8 +[ 88.975166] [e16ddf38] [c000f234] ret_from_kernel_thread+0x14/0x1c +[ 89.044112] Rebooting in 180 seconds.. + +In theory, a panic can happen after a bus or host reset with dma_started +flag set. Fix this by halting the DMA before reinitializing the host. +Don't assume that ms->current_req is set when halt_dma() is invoked as it +may not hold for bus or host reset. + +BTW, this particular Conner drive can be made to work by inhibiting +disconnect/reselect with 'mesh.resel_targets=0'. + +Link: https://lore.kernel.org/r/3952bc691e150a7128b29120999b6092071b039a.1595460351.git.fthain@telegraphics.com.au +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Cc: Paul Mackerras +Reported-and-tested-by: Stan Johnson +Signed-off-by: Finn Thain +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/mesh.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/drivers/scsi/mesh.c b/drivers/scsi/mesh.c +index f9f8f4921654..fd1d03064079 100644 +--- a/drivers/scsi/mesh.c ++++ b/drivers/scsi/mesh.c +@@ -1045,6 +1045,8 @@ static void handle_error(struct mesh_state *ms) + while ((in_8(&mr->bus_status1) & BS1_RST) != 0) + udelay(1); + printk("done\n"); ++ if (ms->dma_started) ++ halt_dma(ms); + handle_reset(ms); + /* request_q is empty, no point in mesh_start() */ + return; +@@ -1357,7 +1359,8 @@ static void halt_dma(struct mesh_state *ms) + ms->conn_tgt, ms->data_ptr, scsi_bufflen(cmd), + ms->tgts[ms->conn_tgt].data_goes_out); + } +- scsi_dma_unmap(cmd); ++ if (cmd) ++ scsi_dma_unmap(cmd); + ms->dma_started = 0; + } + +@@ -1712,6 +1715,9 @@ static int mesh_host_reset(struct scsi_cmnd *cmd) + + spin_lock_irqsave(ms->host->host_lock, flags); + ++ if (ms->dma_started) ++ halt_dma(ms); ++ + /* Reset the controller & dbdma channel */ + out_le32(&md->control, (RUN|PAUSE|FLUSH|WAKE) << 16); /* stop dma */ + out_8(&mr->exception, 0xff); /* clear all exception bits */ + diff --git a/patches.suse/scsi-mpt3sas-Do-not-use-GFP_KERNEL-in-atomic-context b/patches.suse/scsi-mpt3sas-Do-not-use-GFP_KERNEL-in-atomic-context new file mode 100644 index 0000000..7368db0 --- /dev/null +++ b/patches.suse/scsi-mpt3sas-Do-not-use-GFP_KERNEL-in-atomic-context @@ -0,0 +1,40 @@ +From: Christophe JAILLET +Date: Sat, 20 Feb 2021 10:39:51 +0100 +Subject: scsi: mpt3sas: Do not use GFP_KERNEL in atomic context +Git-commit: a50bd64616907ed126ffbdbaa06c5ce708c4a404 +Patch-mainline: v5.12-rc4 +References: bsc#1186977 + +mpt3sas_get_port_by_id() can be called when a spinlock is held. Use +GFP_ATOMIC instead of GFP_KERNEL when allocating memory. + +Issue spotted by call_kern.cocci: +./drivers/scsi/mpt3sas/mpt3sas_scsih.c:416:42-52: ERROR: function mpt3sas_get_port_by_id called on line 7125 inside lock on line 7123 but uses GFP_KERNEL +./drivers/scsi/mpt3sas/mpt3sas_scsih.c:416:42-52: ERROR: function mpt3sas_get_port_by_id called on line 6842 inside lock on line 6839 but uses GFP_KERNEL +./drivers/scsi/mpt3sas/mpt3sas_scsih.c:416:42-52: ERROR: function mpt3sas_get_port_by_id called on line 6854 inside lock on line 6851 but uses GFP_KERNEL +./drivers/scsi/mpt3sas/mpt3sas_scsih.c:416:42-52: ERROR: function mpt3sas_get_port_by_id called on line 7706 inside lock on line 7702 but uses GFP_KERNEL +./drivers/scsi/mpt3sas/mpt3sas_scsih.c:416:42-52: ERROR: function mpt3sas_get_port_by_id called on line 10260 inside lock on line 10256 but uses GFP_KERNEL + +Link: https://lore.kernel.org/r/20210220093951.905362-1-christophe.jaillet@wanadoo.fr +Fixes: 324c122fc0a4 ("scsi: mpt3sas: Add module parameter multipath_on_hba") +Signed-off-by: Christophe JAILLET +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c +index ffca03064797..6aa6de729187 100644 +--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c ++++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c +@@ -413,7 +413,7 @@ mpt3sas_get_port_by_id(struct MPT3SAS_ADAPTER *ioc, + * And add this object to port_table_list. + */ + if (!ioc->multipath_on_hba) { +- port = kzalloc(sizeof(struct hba_port), GFP_KERNEL); ++ port = kzalloc(sizeof(struct hba_port), GFP_ATOMIC); + if (!port) + return NULL; + + diff --git a/patches.suse/scsi-mpt3sas-Fix-error-return-code-of-mpt3sas_base_attach b/patches.suse/scsi-mpt3sas-Fix-error-return-code-of-mpt3sas_base_attach new file mode 100644 index 0000000..f85ea6f --- /dev/null +++ b/patches.suse/scsi-mpt3sas-Fix-error-return-code-of-mpt3sas_base_attach @@ -0,0 +1,46 @@ +From: Jia-Ju Bai +Date: Sun, 7 Mar 2021 19:52:41 -0800 +Subject: scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() +Git-commit: 3401ecf7fc1b9458a19d42c0e26a228f18ac7dda +Patch-mainline: v5.12-rc5 +References: bsc#1186978 + +When kzalloc() returns NULL, no error return code of mpt3sas_base_attach() +is assigned. To fix this bug, r is assigned with -ENOMEM in this case. + +Link: https://lore.kernel.org/r/20210308035241.3288-1-baijiaju1990@gmail.com +Fixes: c696f7b83ede ("scsi: mpt3sas: Implement device_remove_in_progress check in IOCTL path") +Reported-by: TOTE Robot +Signed-off-by: Jia-Ju Bai +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/mpt3sas/mpt3sas_base.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c +index ac066f86bb14..ac0eef975f17 100644 +--- a/drivers/scsi/mpt3sas/mpt3sas_base.c ++++ b/drivers/scsi/mpt3sas/mpt3sas_base.c +@@ -7806,14 +7806,18 @@ mpt3sas_base_attach(struct MPT3SAS_ADAPTER *ioc) + ioc->pend_os_device_add_sz++; + ioc->pend_os_device_add = kzalloc(ioc->pend_os_device_add_sz, + GFP_KERNEL); +- if (!ioc->pend_os_device_add) ++ if (!ioc->pend_os_device_add) { ++ r = -ENOMEM; + goto out_free_resources; ++ } + + ioc->device_remove_in_progress_sz = ioc->pend_os_device_add_sz; + ioc->device_remove_in_progress = + kzalloc(ioc->device_remove_in_progress_sz, GFP_KERNEL); +- if (!ioc->device_remove_in_progress) ++ if (!ioc->device_remove_in_progress) { ++ r = -ENOMEM; + goto out_free_resources; ++ } + + ioc->fwfault_debug = mpt3sas_fwfault_debug; + + diff --git a/patches.suse/scsi-mpt3sas-Fix-ioctl-timeout b/patches.suse/scsi-mpt3sas-Fix-ioctl-timeout new file mode 100644 index 0000000..7d1262a --- /dev/null +++ b/patches.suse/scsi-mpt3sas-Fix-ioctl-timeout @@ -0,0 +1,42 @@ +From: Suganath Prabu S +Date: Wed, 25 Nov 2020 15:18:38 +0530 +Subject: scsi: mpt3sas: Fix ioctl timeout +Git-commit: 42f687038bcc34aa919e0e4c29b04e4cda3f6a79 +Patch-mainline: v5.10-rc7 +References: bsc#1186979 + +Commit c1a6c5ac4278 ("scsi: mpt3sas: For NVME device, issue a protocol +level reset") modified the ioctl path 'timeout' variable type to u8 from +unsigned long, limiting the maximum timeout value that the driver can +support to 255 seconds. + +If the management application is requesting a higher value the resulting +timeout will be zero. The operation times out immediately and the ioctl +request fails. + +Change datatype back to unsigned long. + +Link: https://lore.kernel.org/r/20201125094838.4340-1-suganath-prabu.subramani@broadcom.com +Fixes: c1a6c5ac4278 ("scsi: mpt3sas: For NVME device, issue a protocol level reset") +Cc: #v4.18+ +Signed-off-by: Suganath Prabu S +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/mpt3sas/mpt3sas_ctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/mpt3sas/mpt3sas_ctl.c +index 0f2b681449e6..edd26a2570fa 100644 +--- a/drivers/scsi/mpt3sas/mpt3sas_ctl.c ++++ b/drivers/scsi/mpt3sas/mpt3sas_ctl.c +@@ -664,7 +664,7 @@ _ctl_do_mpt_command(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command karg, + Mpi26NVMeEncapsulatedRequest_t *nvme_encap_request = NULL; + struct _pcie_device *pcie_device = NULL; + u16 smid; +- u8 timeout; ++ unsigned long timeout; + u8 issue_reset; + u32 sz, sz_arg; + void *psge; + diff --git a/patches.suse/scsi-myrs-Fix-a-double-free-in-myrs_cleanup b/patches.suse/scsi-myrs-Fix-a-double-free-in-myrs_cleanup new file mode 100644 index 0000000..0743c98 --- /dev/null +++ b/patches.suse/scsi-myrs-Fix-a-double-free-in-myrs_cleanup @@ -0,0 +1,38 @@ +From: Lv Yunlong +Date: Wed, 10 Mar 2021 22:30:05 -0800 +Subject: scsi: myrs: Fix a double free in myrs_cleanup() +Git-commit: 2bb817712e2f77486d6ee17e7efaf91997a685f8 +Patch-mainline: v5.12-rc4 +References: bsc#1186980 + +In myrs_cleanup(), cs->mmio_base will be freed twice by iounmap(). + +Link: https://lore.kernel.org/r/20210311063005.9963-1-lyl2019@mail.ustc.edu.cn +Fixes: 77266186397c ("scsi: myrs: Add Mylex RAID controller (SCSI interface)") +Reviewed-by: Hannes Reinecke +Signed-off-by: Lv Yunlong +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/myrs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/myrs.c b/drivers/scsi/myrs.c +index 4adf9ded296a..329fd025c718 100644 +--- a/drivers/scsi/myrs.c ++++ b/drivers/scsi/myrs.c +@@ -2273,12 +2273,12 @@ static void myrs_cleanup(struct myrs_hba *cs) + if (cs->mmio_base) { + cs->disable_intr(cs); + iounmap(cs->mmio_base); ++ cs->mmio_base = NULL; + } + if (cs->irq) + free_irq(cs->irq, cs); + if (cs->io_addr) + release_region(cs->io_addr, 0x80); +- iounmap(cs->mmio_base); + pci_set_drvdata(pdev, NULL); + pci_disable_device(pdev); + scsi_host_put(cs->host); + diff --git a/patches.suse/scsi-pm80xx-Fix-error-return-in-pm8001_pci_probe b/patches.suse/scsi-pm80xx-Fix-error-return-in-pm8001_pci_probe new file mode 100644 index 0000000..23406bc --- /dev/null +++ b/patches.suse/scsi-pm80xx-Fix-error-return-in-pm8001_pci_probe @@ -0,0 +1,37 @@ +From: Zhang Qilong +Date: Sat, 5 Dec 2020 19:55:51 +0800 +Subject: scsi: pm80xx: Fix error return in pm8001_pci_probe() +Git-commit: 97031ccffa4f62728602bfea8439dd045cd3aeb2 +Patch-mainline: v5.11-rc1 +References: bsc#1186981 + +The driver did not return an error in the case where +pm8001_configure_phy_settings() failed. + +Use rc to store the return value of pm8001_configure_phy_settings(). + +Link: https://lore.kernel.org/r/20201205115551.2079471-1-zhangqilong3@huawei.com +Fixes: 279094079a44 ("[SCSI] pm80xx: Phy settings support for motherboard controller.") +Acked-by: Jack Wang +Signed-off-by: Zhang Qilong +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/pm8001/pm8001_init.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/scsi/pm8001/pm8001_init.c b/drivers/scsi/pm8001/pm8001_init.c +index 9a5d284f076a..ee2de177d0d0 100644 +--- a/drivers/scsi/pm8001/pm8001_init.c ++++ b/drivers/scsi/pm8001/pm8001_init.c +@@ -1127,7 +1127,8 @@ static int pm8001_pci_probe(struct pci_dev *pdev, + + pm8001_init_sas_add(pm8001_ha); + /* phy setting support for motherboard controller */ +- if (pm8001_configure_phy_settings(pm8001_ha)) ++ rc = pm8001_configure_phy_settings(pm8001_ha); ++ if (rc) + goto err_out_shost; + + pm8001_post_sas_ha_init(shost, chip); + diff --git a/patches.suse/scsi-powertec-Fix-different-dev_id-between-request_irq-and-free_irq b/patches.suse/scsi-powertec-Fix-different-dev_id-between-request_irq-and-free_irq new file mode 100644 index 0000000..940154e --- /dev/null +++ b/patches.suse/scsi-powertec-Fix-different-dev_id-between-request_irq-and-free_irq @@ -0,0 +1,34 @@ +From: Christophe JAILLET +Date: Fri, 26 Jun 2020 05:59:48 +0200 +Subject: scsi: powertec: Fix different dev_id between request_irq() and + free_irq() +Git-commit: d179f7c763241c1dc5077fca88ddc3c47d21b763 +Patch-mainline: v5.9-rc1 +References: bsc#1186982 + +The dev_id used in request_irq() and free_irq() should match. Use 'info' in +both cases. + +Link: https://lore.kernel.org/r/20200626035948.944148-1-christophe.jaillet@wanadoo.fr +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Christophe JAILLET +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/arm/powertec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/arm/powertec.c b/drivers/scsi/arm/powertec.c +index 772a13e5fd91..d99ef014528e 100644 +--- a/drivers/scsi/arm/powertec.c ++++ b/drivers/scsi/arm/powertec.c +@@ -378,7 +378,7 @@ static int powertecscsi_probe(struct expansion_card *ec, + + if (info->info.scsi.dma != NO_DMA) + free_dma(info->info.scsi.dma); +- free_irq(ec->irq, host); ++ free_irq(ec->irq, info); + + out_release: + fas216_release(host); + diff --git a/patches.suse/scsi-qedi-Fix-error-return-code-of-qedi_alloc_global_queues b/patches.suse/scsi-qedi-Fix-error-return-code-of-qedi_alloc_global_queues new file mode 100644 index 0000000..3b889e9 --- /dev/null +++ b/patches.suse/scsi-qedi-Fix-error-return-code-of-qedi_alloc_global_queues @@ -0,0 +1,35 @@ +From: Jia-Ju Bai +Date: Sun, 7 Mar 2021 19:30:24 -0800 +Subject: scsi: qedi: Fix error return code of qedi_alloc_global_queues() +Git-commit: f69953837ca5d98aa983a138dc0b90a411e9c763 +Patch-mainline: v5.12-rc5 +References: bsc#1186984 + +When kzalloc() returns NULL to qedi->global_queues[i], no error return code +of qedi_alloc_global_queues() is assigned. To fix this bug, status is +assigned with -ENOMEM in this case. + +Link: https://lore.kernel.org/r/20210308033024.27147-1-baijiaju1990@gmail.com +Fixes: ace7f46ba5fd ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.") +Reported-by: TOTE Robot +Acked-by: Manish Rangankar +Signed-off-by: Jia-Ju Bai +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/qedi/qedi_main.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c +index 47ad64b06623..69c5b5ee2169 100644 +--- a/drivers/scsi/qedi/qedi_main.c ++++ b/drivers/scsi/qedi/qedi_main.c +@@ -1675,6 +1675,7 @@ static int qedi_alloc_global_queues(struct qedi_ctx *qedi) + if (!qedi->global_queues[i]) { + QEDI_ERR(&qedi->dbg_ctx, + "Unable to allocation global queue %d.\n", i); ++ status = -ENOMEM; + goto mem_alloc_failure; + } + + diff --git a/patches.suse/scsi-qedi-Fix-missing-destroy_workqueue-on-error-in-__qedi_probe b/patches.suse/scsi-qedi-Fix-missing-destroy_workqueue-on-error-in-__qedi_probe new file mode 100644 index 0000000..9e5a52c --- /dev/null +++ b/patches.suse/scsi-qedi-Fix-missing-destroy_workqueue-on-error-in-__qedi_probe @@ -0,0 +1,41 @@ +From: Qinglang Miao +Date: Mon, 9 Nov 2020 17:15:18 +0800 +Subject: scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe +Git-commit: 62eebd5247c4e4ce08826ad5995cf4dd7ce919dd +Patch-mainline: v5.11-rc1 +References: bsc#1186985 + +Add the missing destroy_workqueue() before return from __qedi_probe in the +error handling case when fails to create workqueue qedi->offload_thread. + +Link: https://lore.kernel.org/r/20201109091518.55941-1-miaoqinglang@huawei.com +Fixes: ace7f46ba5fd ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.") +Reviewed-by: Mike Christie +Signed-off-by: Qinglang Miao +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/qedi/qedi_main.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/qedi/qedi_main.c ++++ b/drivers/scsi/qedi/qedi_main.c +@@ -2654,7 +2654,7 @@ static int __qedi_probe(struct pci_dev * + QEDI_ERR(&qedi->dbg_ctx, + "Unable to start offload thread!\n"); + rc = -ENODEV; +- goto free_cid_que; ++ goto free_tmf_thread; + } + + INIT_DELAYED_WORK(&qedi->recovery_work, qedi_recovery_handler); +@@ -2650,6 +2650,8 @@ static int __qedi_probe(struct pci_dev * + + return 0; + ++free_tmf_thread: ++ destroy_workqueue(qedi->tmf_thread); + free_cid_que: + qedi_release_cid_que(qedi); + free_uio: + diff --git a/patches.suse/scsi-qla2xxx-Prevent-PRLI-in-target-mode.patch b/patches.suse/scsi-qla2xxx-Prevent-PRLI-in-target-mode.patch new file mode 100644 index 0000000..140cc67 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Prevent-PRLI-in-target-mode.patch @@ -0,0 +1,41 @@ +From: Anastasia Kovaleva +Date: Thu, 22 Apr 2021 18:34:14 +0300 +Subject: scsi: qla2xxx: Prevent PRLI in target mode +Patch-mainline: v5.13-rc1 +Git-commit: fcb16d9a8ecf1e9bfced0fc654ea4e2caa7517f4 +References: git-fixes + +In a case when the initiator in P2P mode by some circumstances does not +send PRLI, the target, in a case when the target port's WWPN is less than +initiator's, changes the discovery state in DSC_GNL. When gnl completes it +sends PRLI to the initiator. + +Usually the initiator in P2P mode always sends PRLI. We caught this issue +on Linux stable v5.4.6 https://www.spinics.net/lists/stable/msg458515.html. + +Fix this particular corner case in the behaviour of the P2P mod target +login state machine. + +Link: https://lore.kernel.org/r/20210422153414.4022-1-a.kovaleva@yadro.com +Fixes: a9ed06d4e640 ("scsi: qla2xxx: Allow PLOGI in target mode") +Reviewed-by: Roman Bolshakov +Reviewed-by: Himanshu Madhani +Signed-off-by: Anastasia Kovaleva +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_init.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -1196,6 +1196,9 @@ static int qla24xx_post_prli_work(struct + { + struct qla_work_evt *e; + ++ if (vha->host->active_mode == MODE_TARGET) ++ return QLA_FUNCTION_FAILED; ++ + e = qla2x00_alloc_work(vha, QLA_EVT_PRLI); + if (!e) + return QLA_FUNCTION_FAILED; diff --git a/patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch b/patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch index db75fd4..028a4ec 100644 --- a/patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch +++ b/patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch @@ -3,7 +3,7 @@ Date: Mon, 12 Apr 2021 19:57:40 +0300 Subject: scsi: qla2xxx: Reserve extra IRQ vectors Patch-mainline: v5.13-rc1 Git-commit: f02d4086a8f36a0e1aaebf559b54cf24a177a486 -References: bsc#1184436 +References: bsc#1184436 bsc#1186286 Commit a6dcfe08487e ("scsi: qla2xxx: Limit interrupt vectors to number of CPUs") lowers the number of allocated MSI-X vectors to the number of CPUs. diff --git a/patches.suse/scsi-qla4xxx-Fix-an-error-handling-path-in-qla4xxx_get_host_stats b/patches.suse/scsi-qla4xxx-Fix-an-error-handling-path-in-qla4xxx_get_host_stats new file mode 100644 index 0000000..d92c7b5 --- /dev/null +++ b/patches.suse/scsi-qla4xxx-Fix-an-error-handling-path-in-qla4xxx_get_host_stats @@ -0,0 +1,34 @@ +From: Christophe JAILLET +Date: Sun, 2 Aug 2020 12:15:27 +0200 +Subject: scsi: qla4xxx: Fix an error handling path in + 'qla4xxx_get_host_stats()' +Git-commit: 574918e69720fe62ab3eb42ec3750230c8d16b06 +Patch-mainline: v5.10-rc1 +References: bsc#1186986 + +Update the size used in 'dma_free_coherent()' in order to match the one +used in the corresponding 'dma_alloc_coherent()'. + +Link: https://lore.kernel.org/r/20200802101527.676054-1-christophe.jaillet@wanadoo.fr +Fixes: 4161cee52df8 ("[SCSI] qla4xxx: Add host statistics support") +Signed-off-by: Christophe JAILLET +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/qla4xxx/ql4_os.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c +index bab87e47b238..3c44f1d2802a 100644 +--- a/drivers/scsi/qla4xxx/ql4_os.c ++++ b/drivers/scsi/qla4xxx/ql4_os.c +@@ -1254,7 +1254,7 @@ static int qla4xxx_get_host_stats(struct Scsi_Host *shost, char *buf, int len) + le64_to_cpu(ql_iscsi_stats->iscsi_sequence_error); + exit_host_stats: + if (ql_iscsi_stats) +- dma_free_coherent(&ha->pdev->dev, host_stats_size, ++ dma_free_coherent(&ha->pdev->dev, stats_size, + ql_iscsi_stats, iscsi_stats_dma); + + ql4_printk(KERN_INFO, ha, "%s: Get host stats done\n", + diff --git a/patches.suse/scsi-qla4xxx-Remove-in_interrupt b/patches.suse/scsi-qla4xxx-Remove-in_interrupt new file mode 100644 index 0000000..adc48cb --- /dev/null +++ b/patches.suse/scsi-qla4xxx-Remove-in_interrupt @@ -0,0 +1,135 @@ +From: "Ahmed S. Darwish" +Date: Thu, 26 Nov 2020 14:29:41 +0100 +Subject: scsi: qla4xxx: Remove in_interrupt() +Git-commit: a93c3835319849f0226b9a7101284aeb60a5ed8e +Patch-mainline: v5.11-rc1 +References: bsc#1186987 + +qla4_82xx_crb_win_lock() spins on a certain hardware state until it's +updated. At the end of each spin, if in_interrupt() is true, it does 20 +loops of cpu_relax(). Otherwise, it yields the CPU. + +The in_interrupt() macro is ill-defined as it does not provide what the +name suggests, and it does not catch the intended use-case here. + +qla4_82xx_crb_win_lock() is always invoked with scsi_qla_host::hw_lock +acquired, with disabled interrupts. If the caller is in process context, as +in qla4_82xx_need_reset_handler(), then in_interrupt() will return false +even though it is not allowed to call schedule(). + +Remove the in_interrupt() check. + +Change qla4_82xx_crb_win_lock() specification to a purely atomic +function. Mark it as static, remove its forward declaration, and move it +above its callers. To avoid hammering the PCI bus while spinning, use a 10 +micro-second delay instead of cpu_relax(). + +Link: https://lore.kernel.org/r/20201126132952.2287996-4-bigeasy@linutronix.de +Fixes: f4f5df23bf72 ("[SCSI] qla4xxx: Added support for ISP82XX") +Cc: Nilesh Javali +Cc: Manish Rangankar +Cc: +Reviewed-by: Daniel Wagner +Signed-off-by: Ahmed S. Darwish +Signed-off-by: Sebastian Andrzej Siewior +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/qla4xxx/ql4_glbl.h | 1 - + drivers/scsi/qla4xxx/ql4_nx.c | 63 +++++++++++++++++++---------------------- + 2 files changed, 29 insertions(+), 35 deletions(-) + +diff --git a/drivers/scsi/qla4xxx/ql4_glbl.h b/drivers/scsi/qla4xxx/ql4_glbl.h +index b8f02210aeb0..ea60057b2e20 100644 +--- a/drivers/scsi/qla4xxx/ql4_glbl.h ++++ b/drivers/scsi/qla4xxx/ql4_glbl.h +@@ -114,7 +114,6 @@ irqreturn_t qla4_82xx_intr_handler(int irq, void *dev_id); + void qla4_82xx_queue_iocb(struct scsi_qla_host *ha); + void qla4_82xx_complete_iocb(struct scsi_qla_host *ha); + +-int qla4_82xx_crb_win_lock(struct scsi_qla_host *); + void qla4_82xx_crb_win_unlock(struct scsi_qla_host *); + int qla4_82xx_pci_get_crb_addr_2M(struct scsi_qla_host *, ulong *); + void qla4_82xx_wr_32(struct scsi_qla_host *, ulong, u32); +diff --git a/drivers/scsi/qla4xxx/ql4_nx.c b/drivers/scsi/qla4xxx/ql4_nx.c +index f1767b21076f..da903a545b2c 100644 +--- a/drivers/scsi/qla4xxx/ql4_nx.c ++++ b/drivers/scsi/qla4xxx/ql4_nx.c +@@ -375,6 +375,35 @@ qla4_82xx_pci_set_crbwindow_2M(struct scsi_qla_host *ha, ulong *off) + *off = (*off & MASK(16)) + CRB_INDIRECT_2M + ha->nx_pcibase; + } + ++#define CRB_WIN_LOCK_TIMEOUT 100000000 ++ ++/* ++ * Context: atomic ++ */ ++static int qla4_82xx_crb_win_lock(struct scsi_qla_host *ha) ++{ ++ int done = 0, timeout = 0; ++ ++ while (!done) { ++ /* acquire semaphore3 from PCI HW block */ ++ done = qla4_82xx_rd_32(ha, QLA82XX_PCIE_REG(PCIE_SEM7_LOCK)); ++ if (done == 1) ++ break; ++ if (timeout >= CRB_WIN_LOCK_TIMEOUT) ++ return -1; ++ ++ timeout++; ++ udelay(10); ++ } ++ qla4_82xx_wr_32(ha, QLA82XX_CRB_WIN_LOCK_ID, ha->func_num); ++ return 0; ++} ++ ++void qla4_82xx_crb_win_unlock(struct scsi_qla_host *ha) ++{ ++ qla4_82xx_rd_32(ha, QLA82XX_PCIE_REG(PCIE_SEM7_UNLOCK)); ++} ++ + void + qla4_82xx_wr_32(struct scsi_qla_host *ha, ulong off, u32 data) + { +@@ -475,40 +504,6 @@ int qla4_82xx_md_wr_32(struct scsi_qla_host *ha, uint32_t off, uint32_t data) + return rval; + } + +-#define CRB_WIN_LOCK_TIMEOUT 100000000 +- +-int qla4_82xx_crb_win_lock(struct scsi_qla_host *ha) +-{ +- int i; +- int done = 0, timeout = 0; +- +- while (!done) { +- /* acquire semaphore3 from PCI HW block */ +- done = qla4_82xx_rd_32(ha, QLA82XX_PCIE_REG(PCIE_SEM7_LOCK)); +- if (done == 1) +- break; +- if (timeout >= CRB_WIN_LOCK_TIMEOUT) +- return -1; +- +- timeout++; +- +- /* Yield CPU */ +- if (!in_interrupt()) +- schedule(); +- else { +- for (i = 0; i < 20; i++) +- cpu_relax(); /*This a nop instr on i386*/ +- } +- } +- qla4_82xx_wr_32(ha, QLA82XX_CRB_WIN_LOCK_ID, ha->func_num); +- return 0; +-} +- +-void qla4_82xx_crb_win_unlock(struct scsi_qla_host *ha) +-{ +- qla4_82xx_rd_32(ha, QLA82XX_PCIE_REG(PCIE_SEM7_UNLOCK)); +-} +- + #define IDC_LOCK_TIMEOUT 100000000 + + /** + diff --git a/patches.suse/scsi-scsi_debug-Add-check-for-sdebug_max_queue-during-module-init b/patches.suse/scsi-scsi_debug-Add-check-for-sdebug_max_queue-during-module-init new file mode 100644 index 0000000..b6ec5d5 --- /dev/null +++ b/patches.suse/scsi-scsi_debug-Add-check-for-sdebug_max_queue-during-module-init @@ -0,0 +1,88 @@ +From: John Garry +Date: Thu, 9 Jul 2020 20:23:19 +0800 +Subject: scsi: scsi_debug: Add check for sdebug_max_queue during module init +Git-commit: c87bf24cfb60bce27b4d2c7e56ebfd86fb9d16bb +Patch-mainline: v5.9-rc1 +References: bsc#1186988 + +sdebug_max_queue should not exceed SDEBUG_CANQUEUE, otherwise crashes like +this can be triggered by passing an out-of-range value: + +Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI RC0 - V1.16.01 03/15/2019 + pstate: 20400009 (nzCv daif +PAN -UAO BTYPE=--) + pc : schedule_resp+0x2a4/0xa70 [scsi_debug] + lr : schedule_resp+0x52c/0xa70 [scsi_debug] + sp : ffff800022ab36f0 + x29: ffff800022ab36f0 x28: ffff0023a935a610 + x27: ffff800008e0a648 x26: 0000000000000003 + x25: ffff0023e84f3200 x24: 00000000003d0900 + x23: 0000000000000000 x22: 0000000000000000 + x21: ffff0023be60a320 x20: ffff0023be60b538 + x19: ffff800008e13000 x18: 0000000000000000 + x17: 0000000000000000 x16: 0000000000000000 + x15: 0000000000000000 x14: 0000000000000000 + x13: 0000000000000000 x12: 0000000000000000 + x11: 0000000000000000 x10: 0000000000000000 + x9 : 0000000000000001 x8 : 0000000000000000 + x7 : 0000000000000000 x6 : 00000000000000c1 + x5 : 0000020000200000 x4 : dead0000000000ff + x3 : 0000000000000200 x2 : 0000000000000200 + x1 : ffff800008e13d88 x0 : 0000000000000000 + Call trace: +schedule_resp+0x2a4/0xa70 [scsi_debug] +scsi_debug_queuecommand+0x2c4/0x9e0 [scsi_debug] +scsi_queue_rq+0x698/0x840 +__blk_mq_try_issue_directly+0x108/0x228 +blk_mq_request_issue_directly+0x58/0x98 +blk_mq_try_issue_list_directly+0x5c/0xf0 +blk_mq_sched_insert_requests+0x18c/0x200 +blk_mq_flush_plug_list+0x11c/0x190 +blk_flush_plug_list+0xdc/0x110 +blk_finish_plug+0x38/0x210 +blkdev_direct_IO+0x450/0x4d8 +generic_file_read_iter+0x84/0x180 +blkdev_read_iter+0x3c/0x50 +aio_read+0xc0/0x170 +io_submit_one+0x5c8/0xc98 +__arm64_sys_io_submit+0x1b0/0x258 +el0_svc_common.constprop.3+0x68/0x170 +do_el0_svc+0x24/0x90 +el0_sync_handler+0x13c/0x1a8 +el0_sync+0x158/0x180 + Code: 528847e0 72a001e0 6b00003f 540018cd (3941c340) + +In addition, it should not be less than 1. + +So add checks for these, and fail the module init for those cases. + +[mkp: changed if condition to match error message] + +Link: https://lore.kernel.org/r/1594297400-24756-2-git-send-email-john.garry@huawei.com +Fixes: c483739430f1 ("scsi_debug: add multiple queue support") +Reviewed-by: Ming Lei +Acked-by: Douglas Gilbert +Signed-off-by: John Garry +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/scsi_debug.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c +index 4692f5b6ad13..dc8fd6400e40 100644 +--- a/drivers/scsi/scsi_debug.c ++++ b/drivers/scsi/scsi_debug.c +@@ -6613,6 +6613,12 @@ static int __init scsi_debug_init(void) + pr_err("submit_queues must be 1 or more\n"); + return -EINVAL; + } ++ ++ if ((sdebug_max_queue > SDEBUG_CANQUEUE) || (sdebug_max_queue < 1)) { ++ pr_err("max_queue must be in range [1, %d]\n", SDEBUG_CANQUEUE); ++ return -EINVAL; ++ } ++ + sdebug_q_arr = kcalloc(submit_queues, sizeof(struct sdebug_queue), + GFP_KERNEL); + if (sdebug_q_arr == NULL) + diff --git a/patches.suse/scsi-scsi_debug-Support-hostwide-tags.patch b/patches.suse/scsi-scsi_debug-Support-hostwide-tags.patch index cad7132..454b865 100644 --- a/patches.suse/scsi-scsi_debug-Support-hostwide-tags.patch +++ b/patches.suse/scsi-scsi_debug-Support-hostwide-tags.patch @@ -176,11 +176,10 @@ diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c &driver_attr_no_lun_0.attr, &driver_attr_num_tgts.attr, &driver_attr_dev_size_mb.attr, -@@ -5294,6 +5329,21 @@ static int __init scsi_debug_init(void) - pr_err("submit_queues must be 1 or more\n"); +@@ -5300,6 +5300,20 @@ static int __init scsi_debug_init(void) return -EINVAL; } -+ + + if ((sdebug_host_max_queue > SDEBUG_CANQUEUE) || + (sdebug_host_max_queue < 0)) { + pr_err("host_max_queue must be in range [0 %d]\n", @@ -189,7 +188,7 @@ diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c + } + + if (sdebug_host_max_queue && -+ (sdebug_max_queue != sdebug_host_max_queue)) { ++ (sdebug_max_queue != sdebug_host_max_queue)) { + sdebug_max_queue = sdebug_host_max_queue; + pr_warn("fixing max submit queue depth to host max queue depth, %d\n", + sdebug_max_queue); diff --git a/patches.suse/scsi-scsi_dh_alua-Retry-RTPG-on-a-different-path-aft.patch b/patches.suse/scsi-scsi_dh_alua-Retry-RTPG-on-a-different-path-aft.patch new file mode 100644 index 0000000..5ca5f50 --- /dev/null +++ b/patches.suse/scsi-scsi_dh_alua-Retry-RTPG-on-a-different-path-aft.patch @@ -0,0 +1,164 @@ +From: Martin Wilck +Date: Fri, 14 May 2021 17:32:14 +0200 +Subject: scsi: scsi_dh_alua: Retry RTPG on a different path after failure +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Git-commit: ee8868c5c78f16fb726775741aeab8a233373332 +References: bsc#1174978 bsc#1185701 + +If an RTPG fails, we can't infer anything wrt. the state of the ports in +the port group except that we were unable to reach the one port on which +the RTPG had failed. "offline" is just a secondary port state, which means +that we can't infer the state of any port in the PG from the failure (in +fact, even the failed port might still be in "active/optimized" primary +port access state). + +Therefore, when we encounter an RTPG failure, we should retry the RTPG on a +different port. This avoids falsely setting port states to offline for +unreachable ports. To do this, ports on which an RTPG has failed are +temporarily set to "disabled" to avoid repeating the failed I/O on the same +target port. Once the RTPG has either succeeded on one port or failed on +all ports of the PG, the ports are enabled again. + +Link: https://lore.kernel.org/r/20210514153214.5626-1-mwilck@suse.com +Signed-off-by: Martin Wilck +Signed-off-by: Hannes Reinecke +Signed-off-by: Martin K. Petersen +--- + drivers/scsi/device_handler/scsi_dh_alua.c | 70 +++++++++++++++++++++- + 1 file changed, 67 insertions(+), 3 deletions(-) + +diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c +index efa8c0381476..03b7f255644f 100644 +--- a/drivers/scsi/device_handler/scsi_dh_alua.c ++++ b/drivers/scsi/device_handler/scsi_dh_alua.c +@@ -88,6 +88,7 @@ struct alua_dh_data { + struct scsi_device *sdev; + int init_error; + struct mutex init_mutex; ++ bool disabled; + }; + + struct alua_queue_data { +@@ -569,6 +570,8 @@ static int alua_rtpg(struct scsi_device *sdev, struct alua_port_group *pg) + kfree(buff); + if (driver_byte(retval) == DRIVER_ERROR) + return SCSI_DH_DEV_TEMP_BUSY; ++ if (host_byte(retval) == DID_NO_CONNECT) ++ return SCSI_DH_RES_TEMP_UNAVAIL; + return SCSI_DH_IO; + } + +@@ -807,6 +810,51 @@ static unsigned alua_stpg(struct scsi_device *sdev, struct alua_port_group *pg) + return SCSI_DH_RETRY; + } + ++static bool alua_rtpg_select_sdev(struct alua_port_group *pg) ++{ ++ struct alua_dh_data *h; ++ struct scsi_device *sdev = NULL; ++ ++ lockdep_assert_held(&pg->lock); ++ if (WARN_ON(!pg->rtpg_sdev)) ++ return false; ++ ++ /* ++ * RCU protection isn't necessary for dh_list here ++ * as we hold pg->lock, but for access to h->pg. ++ */ ++ rcu_read_lock(); ++ list_for_each_entry_rcu(h, &pg->dh_list, node) { ++ if (!h->sdev) ++ continue; ++ if (h->sdev == pg->rtpg_sdev) { ++ h->disabled = true; ++ continue; ++ } ++ if (rcu_dereference(h->pg) == pg && ++ !h->disabled && ++ !scsi_device_get(h->sdev)) { ++ sdev = h->sdev; ++ break; ++ } ++ } ++ rcu_read_unlock(); ++ ++ if (!sdev) { ++ pr_warn("%s: no device found for rtpg\n", ++ (pg->device_id_len ? ++ (char *)pg->device_id_str : "(nameless PG)")); ++ return false; ++ } ++ ++ sdev_printk(KERN_INFO, sdev, "rtpg retry on different device\n"); ++ ++ scsi_device_put(pg->rtpg_sdev); ++ pg->rtpg_sdev = sdev; ++ ++ return true; ++} ++ + static void alua_rtpg_work(struct work_struct *work) + { + struct alua_port_group *pg = +@@ -815,6 +863,7 @@ static void alua_rtpg_work(struct work_struct *work) + LIST_HEAD(qdata_list); + int err = SCSI_DH_OK; + struct alua_queue_data *qdata, *tmp; ++ struct alua_dh_data *h; + unsigned long flags; + + spin_lock_irqsave(&pg->lock, flags); +@@ -848,9 +897,18 @@ static void alua_rtpg_work(struct work_struct *work) + } + err = alua_rtpg(sdev, pg); + spin_lock_irqsave(&pg->lock, flags); +- if (err == SCSI_DH_RETRY || pg->flags & ALUA_PG_RUN_RTPG) { ++ ++ /* If RTPG failed on the current device, try using another */ ++ if (err == SCSI_DH_RES_TEMP_UNAVAIL && ++ alua_rtpg_select_sdev(pg)) ++ err = SCSI_DH_IMM_RETRY; ++ ++ if (err == SCSI_DH_RETRY || err == SCSI_DH_IMM_RETRY || ++ pg->flags & ALUA_PG_RUN_RTPG) { + pg->flags &= ~ALUA_PG_RUNNING; +- if (!pg->interval && !(pg->flags & ALUA_PG_RUN_RTPG)) ++ if (err == SCSI_DH_IMM_RETRY) ++ pg->interval = 0; ++ else if (!pg->interval && !(pg->flags & ALUA_PG_RUN_RTPG)) + pg->interval = ALUA_RTPG_RETRY_DELAY; + pg->flags |= ALUA_PG_RUN_RTPG; + spin_unlock_irqrestore(&pg->lock, flags); +@@ -878,6 +936,12 @@ static void alua_rtpg_work(struct work_struct *work) + } + + list_splice_init(&pg->rtpg_list, &qdata_list); ++ /* ++ * We went through an RTPG, for good or bad. ++ * Re-enable all devices for the next attempt. ++ */ ++ list_for_each_entry(h, &pg->dh_list, node) ++ h->disabled = false; + pg->rtpg_sdev = NULL; + spin_unlock_irqrestore(&pg->lock, flags); + +@@ -962,6 +1026,7 @@ static int alua_initialize(struct scsi_device *sdev, struct alua_dh_data *h) + int err = SCSI_DH_DEV_UNSUPP, tpgs; + + mutex_lock(&h->init_mutex); ++ h->disabled = false; + tpgs = alua_check_tpgs(sdev); + if (tpgs != TPGS_MODE_NONE) + err = alua_check_vpd(sdev, h, tpgs); +@@ -1080,7 +1145,6 @@ static void alua_check(struct scsi_device *sdev, bool force) + return; + } + rcu_read_unlock(); +- + alua_rtpg_queue(pg, sdev, NULL, force); + kref_put(&pg->kref, release_port_group); + } +-- +2.31.1 + diff --git a/patches.suse/scsi-sd-Fix-Opal-support b/patches.suse/scsi-sd-Fix-Opal-support new file mode 100644 index 0000000..b41cac1 --- /dev/null +++ b/patches.suse/scsi-sd-Fix-Opal-support @@ -0,0 +1,50 @@ +From: Bart Van Assche +Date: Sun, 21 Feb 2021 18:10:42 -0800 +Subject: scsi: sd: Fix Opal support +Git-commit: aaf15f8c6de932861f1fce6aeec6a89ac0e354b6 +Patch-mainline: v5.12-rc1 +References: bsc#1186989 + +The SCSI core has been modified recently such that it only processes PM +requests if rpm_status != RPM_ACTIVE. Since some Opal requests are +submitted while rpm_status != RPM_ACTIVE, set flag RQF_PM for Opal +requests. + +See also https://bugzilla.kernel.org/show_bug.cgi?id=211227. + +[mkp: updated sha for PM patch] +[lduncan: updated to use SD_MAX_RETRIES, since we have no sdkp] + +Link: https://lore.kernel.org/r/20210222021042.3534-1-bvanassche@acm.org +Fixes: d80210f25ff0 ("sd: add support for TCG OPAL self encrypting disks") +Fixes: e6044f714b25 ("scsi: core: Only process PM requests if rpm_status != RPM_ACTIVE") +Cc: chriscjsus@yahoo.com +Cc: Jens Axboe +Cc: Alan Stern +Cc: stable@vger.kernel.org +Reported-by: chriscjsus@yahoo.com +Tested-by: chriscjsus@yahoo.com +Reviewed-by: Christoph Hellwig +Signed-off-by: Bart Van Assche +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/sd.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/scsi/sd.c ++++ b/drivers/scsi/sd.c +@@ -660,9 +660,9 @@ static int sd_sec_submit(void *data, u16 + put_unaligned_be16(spsp, &cdb[2]); + put_unaligned_be32(len, &cdb[6]); + +- ret = scsi_execute_req(sdev, cdb, +- send ? DMA_TO_DEVICE : DMA_FROM_DEVICE, +- buffer, len, NULL, SD_TIMEOUT, SD_MAX_RETRIES, NULL); ++ ret = scsi_execute(sdev, cdb, send ? DMA_TO_DEVICE : DMA_FROM_DEVICE, ++ buffer, len, NULL, NULL, SD_TIMEOUT, SD_MAX_RETRIES, 0, ++ RQF_PM, NULL); + return ret <= 0 ? ret : -EIO; + } + #endif /* CONFIG_BLK_SED_OPAL */ + diff --git a/patches.suse/scsi-sni_53c710-Add-IRQ-check b/patches.suse/scsi-sni_53c710-Add-IRQ-check new file mode 100644 index 0000000..3c84874 --- /dev/null +++ b/patches.suse/scsi-sni_53c710-Add-IRQ-check @@ -0,0 +1,45 @@ +From: Sergey Shtylyov +Date: Tue, 30 Mar 2021 20:45:12 +0300 +Subject: scsi: sni_53c710: Add IRQ check +Git-commit: 1160d61bc51e87e509cfaf9da50a0060f67b6de4 +Patch-mainline: v5.13-rc1 +References: bsc#1186990 + +The driver neglects to check the result of platform_get_irq()'s call and +blithely passes the negative error codes to request_irq() (which takes +*unsigned* IRQ #s), causing it to fail with -EINVAL (overridden by -ENODEV +further below). Stop calling request_irq() with the invalid IRQ #s. + +Link: https://lore.kernel.org/r/8f4b8fa5-8251-b977-70a1-9099bcb4bb17@omprussia.ru +Fixes: c27d85f3f3c5 ("[SCSI] SNI RM 53c710 driver") +Signed-off-by: Sergey Shtylyov +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/sni_53c710.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/scsi/sni_53c710.c b/drivers/scsi/sni_53c710.c +index 9e2e196bc202..97c6f81b1d2a 100644 +--- a/drivers/scsi/sni_53c710.c ++++ b/drivers/scsi/sni_53c710.c +@@ -58,6 +58,7 @@ static int snirm710_probe(struct platform_device *dev) + struct NCR_700_Host_Parameters *hostdata; + struct Scsi_Host *host; + struct resource *res; ++ int rc; + + res = platform_get_resource(dev, IORESOURCE_MEM, 0); + if (!res) +@@ -83,7 +84,9 @@ static int snirm710_probe(struct platform_device *dev) + goto out_kfree; + host->this_id = 7; + host->base = base; +- host->irq = platform_get_irq(dev, 0); ++ host->irq = rc = platform_get_irq(dev, 0); ++ if (rc < 0) ++ goto out_put_host; + if(request_irq(host->irq, NCR_700_intr, IRQF_SHARED, "snirm710", host)) { + printk(KERN_ERR "snirm710: request_irq failed!\n"); + goto out_put_host; + diff --git a/patches.suse/scsi-sun3x_esp-Add-IRQ-check b/patches.suse/scsi-sun3x_esp-Add-IRQ-check new file mode 100644 index 0000000..7cb430f --- /dev/null +++ b/patches.suse/scsi-sun3x_esp-Add-IRQ-check @@ -0,0 +1,37 @@ +From: Sergey Shtylyov +Date: Tue, 30 Mar 2021 20:44:08 +0300 +Subject: scsi: sun3x_esp: Add IRQ check +Git-commit: 14b321380eb333c82853d7d612d0995f05f88fdc +Patch-mainline: v5.13-rc1 +References: bsc#1186991 + +The driver neglects to check the result of platform_get_irq()'s call and +blithely passes the negative error codes to request_irq() (which takes +*unsigned* IRQ #), causing it to fail with -EINVAL, overriding the real +error code. Stop calling request_irq() with the invalid IRQ #s. + +Link: https://lore.kernel.org/r/363eb4c8-a3bf-4dc9-2a9e-90f349030a15@omprussia.ru +Fixes: 0bb67f181834 ("[SCSI] sun3x_esp: convert to esp_scsi") +Signed-off-by: Sergey Shtylyov +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/sun3x_esp.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/scsi/sun3x_esp.c b/drivers/scsi/sun3x_esp.c +index 7de82f2c9757..d3489ac7ab28 100644 +--- a/drivers/scsi/sun3x_esp.c ++++ b/drivers/scsi/sun3x_esp.c +@@ -206,7 +206,9 @@ static int esp_sun3x_probe(struct platform_device *dev) + if (!esp->command_block) + goto fail_unmap_regs_dma; + +- host->irq = platform_get_irq(dev, 0); ++ host->irq = err = platform_get_irq(dev, 0); ++ if (err < 0) ++ goto fail_unmap_command_block; + err = request_irq(host->irq, scsi_esp_intr, IRQF_SHARED, + "SUN3X ESP", esp); + if (err < 0) + diff --git a/patches.suse/scsi-ufs-Add-quirk-to-disallow-reset-of-interrupt-aggregation b/patches.suse/scsi-ufs-Add-quirk-to-disallow-reset-of-interrupt-aggregation new file mode 100644 index 0000000..5e4943c --- /dev/null +++ b/patches.suse/scsi-ufs-Add-quirk-to-disallow-reset-of-interrupt-aggregation @@ -0,0 +1,36 @@ +From: Alim Akhtar +Date: Thu, 28 May 2020 06:46:50 +0530 +Subject: scsi: ufs: Add quirk to disallow reset of interrupt aggregation +Git-commit: b638b5eb624bd5d0766683b6181d578f414585e9 +Patch-mainline: v5.9-rc1 +References: bsc#1186992 + +Some host controllers support interrupt aggregation but don't allow +resetting counter and timer in software. + +Link: https://lore.kernel.org/r/20200528011658.71590-3-alim.akhtar@samsung.com +Reviewed-by: Avri Altman +Signed-off-by: Seungwon Jeon +Signed-off-by: Alim Akhtar +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/ufs/ufshcd.h | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/scsi/ufs/ufshcd.h ++++ b/drivers/scsi/ufs/ufshcd.h +@@ -517,6 +517,12 @@ enum ufshcd_quirks { + * Clear handling for transfer/task request list is just opposite. + */ + UFSHCI_QUIRK_BROKEN_REQ_LIST_CLR = 1 << 6, ++ ++ /* ++ * This quirk needs to be enabled if host controller doesn't allow ++ * that the interrupt aggregation timer and counter are reset by s/w. ++ */ ++ UFSHCI_QUIRK_SKIP_RESET_INTR_AGGR = 1 << 7, + }; + + /** + diff --git a/patches.suse/scsi-ufs-Add-quirk-to-enable-host-controller-without-hce b/patches.suse/scsi-ufs-Add-quirk-to-enable-host-controller-without-hce new file mode 100644 index 0000000..eb47afe --- /dev/null +++ b/patches.suse/scsi-ufs-Add-quirk-to-enable-host-controller-without-hce @@ -0,0 +1,54 @@ +From: Alim Akhtar +Date: Thu, 28 May 2020 06:46:51 +0530 +Subject: scsi: ufs: Add quirk to enable host controller without hce +Git-commit: 39bf2d83b54e900675cd7b52737ded695bb60bf1 +Patch-mainline: v5.9-rc1 +References: bsc#1186993 + +Some host controllers don't support host controller enable via HCE. + +Link: https://lore.kernel.org/r/20200528011658.71590-4-alim.akhtar@samsung.com +Reviewed-by: Can Guo +Reviewed-by: Avri Altman +Signed-off-by: Seungwon Jeon +Signed-off-by: Alim Akhtar +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/ufs/ufshcd.c | 3 ++- + drivers/scsi/ufs/ufshcd.h | 6 ++++++ + 2 files changed, 8 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/ufs/ufshcd.c ++++ b/drivers/scsi/ufs/ufshcd.c +@@ -3561,12 +3561,13 @@ static int ufshcd_dme_link_startup(struc + "dme-link-startup: error code %d\n", ret); + return ret; + } ++ + /** + * ufshcd_dme_reset - UIC command for DME_RESET + * @hba: per adapter instance + * + * DME_RESET command is issued in order to reset UniPro stack. +- * This function now deal with cold reset. ++ * This function now deals with cold reset. + * + * Returns 0 on success, non-zero value on failure + */ +--- a/drivers/scsi/ufs/ufshcd.h ++++ b/drivers/scsi/ufs/ufshcd.h +@@ -523,6 +523,12 @@ enum ufshcd_quirks { + * that the interrupt aggregation timer and counter are reset by s/w. + */ + UFSHCI_QUIRK_SKIP_RESET_INTR_AGGR = 1 << 7, ++ ++ /* ++ * This quirks needs to be enabled if host controller cannot be ++ * enabled via HCE register. ++ */ ++ UFSHCI_QUIRK_BROKEN_HCE = 1 << 8, + }; + + /** + diff --git a/patches.suse/scsi-ufs-Add-quirk-to-fix-abnormal-ocs-fatal-error b/patches.suse/scsi-ufs-Add-quirk-to-fix-abnormal-ocs-fatal-error new file mode 100644 index 0000000..7f4c6e9 --- /dev/null +++ b/patches.suse/scsi-ufs-Add-quirk-to-fix-abnormal-ocs-fatal-error @@ -0,0 +1,54 @@ +From: Kiwoong Kim +Date: Thu, 28 May 2020 06:46:53 +0530 +Subject: scsi: ufs: Add quirk to fix abnormal ocs fatal error +Git-commit: d779a6e90e189f4883ce6f900da02995fb000df5 +Patch-mainline: v5.9-rc1 +References: bsc#1186994 + +Some controller like Exynos determines if FATAL ERROR (0x7) in OCS field in +UTRD occurs for values other than GOOD (0x0) in STATUS field in response +upiu as well as errors that a host controller can't cover. This patch is +to prevent from reporting command results in those cases. + +Link: https://lore.kernel.org/r/20200528011658.71590-6-alim.akhtar@samsung.com +Reviewed-by: Avri Altman +Signed-off-by: Kiwoong Kim +Signed-off-by: Alim Akhtar +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/ufs/ufshcd.c | 6 ++++++ + drivers/scsi/ufs/ufshcd.h | 6 ++++++ + 2 files changed, 12 insertions(+) + +--- a/drivers/scsi/ufs/ufshcd.c ++++ b/drivers/scsi/ufs/ufshcd.c +@@ -4737,6 +4737,12 @@ ufshcd_transfer_rsp_status(struct ufs_hb + /* overall command status of utrd */ + ocs = ufshcd_get_tr_ocs(lrbp); + ++ if (hba->quirks & UFSHCD_QUIRK_BROKEN_OCS_FATAL_ERROR) { ++ if (be32_to_cpu(lrbp->ucd_rsp_ptr->header.dword_1) & ++ MASK_RSP_UPIU_RESULT) ++ ocs = OCS_SUCCESS; ++ } ++ + switch (ocs) { + case OCS_SUCCESS: + result = ufshcd_get_req_rsp(lrbp->ucd_rsp_ptr); +--- a/drivers/scsi/ufs/ufshcd.h ++++ b/drivers/scsi/ufs/ufshcd.h +@@ -535,6 +535,12 @@ enum ufshcd_quirks { + * resolution of the values of PRDTO and PRDTL in UTRD as byte. + */ + UFSHCD_QUIRK_PRDT_BYTE_GRAN = 1 << 9, ++ ++ /* ++ * This quirk needs to be enabled if the host controller reports ++ * OCS FATAL ERROR with device error through sense data ++ */ ++ UFSHCD_QUIRK_BROKEN_OCS_FATAL_ERROR = 1 << 10, + }; + + /** + diff --git a/patches.suse/scsi-ufs-Add-quirk-to-fix-mishandling-utrlclr-utmrlclr b/patches.suse/scsi-ufs-Add-quirk-to-fix-mishandling-utrlclr-utmrlclr new file mode 100644 index 0000000..663923d --- /dev/null +++ b/patches.suse/scsi-ufs-Add-quirk-to-fix-mishandling-utrlclr-utmrlclr @@ -0,0 +1,37 @@ +From: Alim Akhtar +Date: Thu, 28 May 2020 06:46:49 +0530 +Subject: scsi: ufs: Add quirk to fix mishandling utrlclr/utmrlclr +Git-commit: 871838412adf533ffda0b4a0ede0c2984e3511e7 +Patch-mainline: v5.9-rc1 +References: bsc#1186995 + +With the correct behavior, setting the bit to '0' indicates clear and '1' +indicates no change. If host controller handles this the other way around, +UFSHCI_QUIRK_BROKEN_REQ_LIST_CLR can be used. + +Link: https://lore.kernel.org/r/20200528011658.71590-2-alim.akhtar@samsung.com +Reviewed-by: Can Guo +Reviewed-by: Avri Altman +Signed-off-by: Seungwon Jeon +Signed-off-by: Alim Akhtar +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/ufs/ufshcd.h | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/scsi/ufs/ufshcd.h ++++ b/drivers/scsi/ufs/ufshcd.h +@@ -512,6 +512,11 @@ enum ufshcd_quirks { + * ops (get_ufs_hci_version) to get the correct version. + */ + UFSHCD_QUIRK_BROKEN_UFS_HCI_VERSION = 1 << 5, ++ ++ /* ++ * Clear handling for transfer/task request list is just opposite. ++ */ ++ UFSHCI_QUIRK_BROKEN_REQ_LIST_CLR = 1 << 6, + }; + + /** + diff --git a/patches.suse/scsi-ufs-Don-t-update-urgent-bkops-level-when-toggling-auto-bkops b/patches.suse/scsi-ufs-Don-t-update-urgent-bkops-level-when-toggling-auto-bkops new file mode 100644 index 0000000..5561c19 --- /dev/null +++ b/patches.suse/scsi-ufs-Don-t-update-urgent-bkops-level-when-toggling-auto-bkops @@ -0,0 +1,37 @@ +From: Can Guo +Date: Wed, 27 May 2020 19:24:42 -0700 +Subject: scsi: ufs: Don't update urgent bkops level when toggling auto bkops +Git-commit: be32acff43800c87dc5c707f5d47cc607b76b653 +Patch-mainline: v5.8-rc1 +References: bsc#1186997 + +Urgent bkops level is used to compare against actual bkops status read from +UFS device. Urgent bkops level is set during initialization and might be +updated in exception event handler during runtime. But it should not be +updated to the actual bkops status every time when auto bkops is toggled. +Otherwise, if urgent bkops level is updated to 0, auto bkops shall always +be kept enabled. + +Link: https://lore.kernel.org/r/1590632686-17866-1-git-send-email-cang@codeaurora.org +Fixes: 24366c2afbb0 ("scsi: ufs: Recheck bkops level if bkops is disabled") +Reviewed-by: Stanley Chu +Signed-off-by: Can Guo +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/ufs/ufshcd.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c +index 5db18f444ea9..2bdee9edec0d 100644 +--- a/drivers/scsi/ufs/ufshcd.c ++++ b/drivers/scsi/ufs/ufshcd.c +@@ -5123,7 +5123,6 @@ static int ufshcd_bkops_ctrl(struct ufs_hba *hba, + err = ufshcd_enable_auto_bkops(hba); + else + err = ufshcd_disable_auto_bkops(hba); +- hba->urgent_bkops_lvl = curr_status; + out: + return err; + } + diff --git a/patches.suse/scsi-ufs-Fix-race-between-shutdown-and-runtime-resume-flow b/patches.suse/scsi-ufs-Fix-race-between-shutdown-and-runtime-resume-flow new file mode 100644 index 0000000..3bfa12b --- /dev/null +++ b/patches.suse/scsi-ufs-Fix-race-between-shutdown-and-runtime-resume-flow @@ -0,0 +1,46 @@ +From: Stanley Chu +Date: Thu, 19 Nov 2020 14:29:16 +0800 +Subject: scsi: ufs: Fix race between shutdown and runtime resume flow +Git-commit: e92643db514803c2c87d72caf5950b4c0a8faf4a +Patch-mainline: v5.10-rc6 +References: bsc#1186998 + +If UFS host device is in runtime-suspended state while UFS shutdown +callback is invoked, UFS device shall be resumed for register +accesses. Currently only UFS local runtime resume function will be invoked +to wake up the host. This is not enough because if someone triggers +runtime resume from block layer, then race may happen between shutdown and +runtime resume flow, and finally lead to unlocked register access. + +To fix this, in ufshcd_shutdown(), use pm_runtime_get_sync() instead of +resuming UFS device by ufshcd_runtime_resume() "internally" to let runtime +PM framework manage the whole resume flow. + +Link: https://lore.kernel.org/r/20201119062916.12931-1-stanley.chu@mediatek.com +Fixes: 57d104c153d3 ("ufs: add UFS power management support") +Reviewed-by: Can Guo +Signed-off-by: Stanley Chu +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/ufs/ufshcd.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c +index 20b16de4c5e2..0c148fcd24de 100644 +--- a/drivers/scsi/ufs/ufshcd.c ++++ b/drivers/scsi/ufs/ufshcd.c +@@ -8913,11 +8913,7 @@ int ufshcd_shutdown(struct ufs_hba *hba) + if (ufshcd_is_ufs_dev_poweroff(hba) && ufshcd_is_link_off(hba)) + goto out; + +- if (pm_runtime_suspended(hba->dev)) { +- ret = ufshcd_runtime_resume(hba); +- if (ret) +- goto out; +- } ++ pm_runtime_get_sync(hba->dev); + + ret = ufshcd_suspend(hba, UFS_SHUTDOWN_PM); + out: + diff --git a/patches.suse/scsi-ufs-Introduce-UFSHCD_QUIRK_PRDT_BYTE_GRAN-quirk b/patches.suse/scsi-ufs-Introduce-UFSHCD_QUIRK_PRDT_BYTE_GRAN-quirk new file mode 100644 index 0000000..a213538 --- /dev/null +++ b/patches.suse/scsi-ufs-Introduce-UFSHCD_QUIRK_PRDT_BYTE_GRAN-quirk @@ -0,0 +1,36 @@ +From: Alim Akhtar +Date: Thu, 28 May 2020 06:46:52 +0530 +Subject: scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk +Git-commit: 26f968d7de823ba4974a8f25c8bd8ee2df6ab74b +Patch-mainline: v5.9-rc1 +References: bsc#1187000 + +Some UFS host controllers like Exynos uses granularities of PRDT length and +offset as bytes, whereas others use actual segment count. + +Link: https://lore.kernel.org/r/20200528011658.71590-5-alim.akhtar@samsung.com +Reviewed-by: Avri Altman +Signed-off-by: Kiwoong Kim +Signed-off-by: Alim Akhtar +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/ufs/ufshcd.h | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/scsi/ufs/ufshcd.h ++++ b/drivers/scsi/ufs/ufshcd.h +@@ -529,6 +529,12 @@ enum ufshcd_quirks { + * enabled via HCE register. + */ + UFSHCI_QUIRK_BROKEN_HCE = 1 << 8, ++ ++ /* ++ * This quirk needs to be enabled if the host controller regards ++ * resolution of the values of PRDTO and PRDTL in UTRD as byte. ++ */ ++ UFSHCD_QUIRK_PRDT_BYTE_GRAN = 1 << 9, + }; + + /** + diff --git a/patches.suse/scsi-ufs-Make-ufshcd_print_trs-consider-UFSHCD_QUIRK_PRDT_BYTE_GRAN b/patches.suse/scsi-ufs-Make-ufshcd_print_trs-consider-UFSHCD_QUIRK_PRDT_BYTE_GRAN new file mode 100644 index 0000000..f77e9c2 --- /dev/null +++ b/patches.suse/scsi-ufs-Make-ufshcd_print_trs-consider-UFSHCD_QUIRK_PRDT_BYTE_GRAN @@ -0,0 +1,41 @@ +From: Eric Biggers +Date: Tue, 25 Aug 2020 19:10:40 -0700 +Subject: scsi: ufs: Make ufshcd_print_trs() consider + UFSHCD_QUIRK_PRDT_BYTE_GRAN +Git-commit: cc770ce34aeeff21991f162f0db1a758ea672727 +Patch-mainline: v5.10-rc1 +References: bsc#1187069 + +Fix ufshcd_print_trs() to consider UFSHCD_QUIRK_PRDT_BYTE_GRAN when using +utp_transfer_req_desc::prd_table_length, so that it doesn't treat the +number of bytes as the number of entries. + +Originally from Kiwoong Kim +(https://lkml.kernel.org/r/20200218233115.8185-1-kwmad.kim@samsung.com). + +Link: https://lore.kernel.org/r/20200826021040.152148-1-ebiggers@kernel.org +Fixes: 26f968d7de82 ("scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk") +Cc: Alim Akhtar +Cc: Kiwoong Kim +Signed-off-by: Eric Biggers +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/ufs/ufshcd.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c +index 3d91def07878..0beb35d8d754 100644 +--- a/drivers/scsi/ufs/ufshcd.c ++++ b/drivers/scsi/ufs/ufshcd.c +@@ -473,6 +473,9 @@ void ufshcd_print_trs(struct ufs_hba *hba, unsigned long bitmap, bool pr_prdt) + + prdt_length = le16_to_cpu( + lrbp->utr_descriptor_ptr->prd_table_length); ++ if (hba->quirks & UFSHCD_QUIRK_PRDT_BYTE_GRAN) ++ prdt_length /= sizeof(struct ufshcd_sg_entry); ++ + dev_err(hba->dev, + "UPIU[%d] - PRDT - %d entries phys@0x%llx\n", + tag, prdt_length, + diff --git a/patches.suse/scsi-ufs-Properly-release-resources-if-a-task-is-aborted-successfully b/patches.suse/scsi-ufs-Properly-release-resources-if-a-task-is-aborted-successfully new file mode 100644 index 0000000..ff67922 --- /dev/null +++ b/patches.suse/scsi-ufs-Properly-release-resources-if-a-task-is-aborted-successfully @@ -0,0 +1,44 @@ +From: Can Guo +Date: Sun, 9 Aug 2020 05:15:55 -0700 +Subject: scsi: ufs: Properly release resources if a task is aborted + successfully +Git-commit: 8bb2dde069d860e7ea379862a7d0e8ee01cec5e9 +Patch-mainline: v5.10-rc1 +References: bsc#1187001 + +In current UFS task abort hook, namely ufshcd_abort(), if one task is +aborted successfully, clk_gating.active_reqs held by this task is not +decreased, which makes clk_gating.active_reqs stay above zero forever, thus +clock gating would never happen. Instead of releasing resources of one task +"manually", use the existing func __ufshcd_transfer_req_compl(). This +change also eliminates a possible race of scsi_dma_unmap() from the real +completion in IRQ handler path. + +Link: https://lore.kernel.org/r/1596975355-39813-10-git-send-email-cang@codeaurora.org +Fixes: 1ab27c9cf8b6 ("ufs: Add support for clock gating") +CC: Stanley Chu +Reviewed-by: Stanley Chu +Reviewed-by: Asutosh Das +Signed-off-by: Can Guo +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/ufs/ufshcd.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +--- a/drivers/scsi/ufs/ufshcd.c ++++ b/drivers/scsi/ufs/ufshcd.c +@@ -6191,11 +6191,8 @@ static int ufshcd_abort(struct scsi_cmnd + goto out; + } + +- scsi_dma_unmap(cmd); +- + spin_lock_irqsave(host->host_lock, flags); +- ufshcd_outstanding_req_clear(hba, tag); +- hba->lrb[tag].cmd = NULL; ++ __ufshcd_transfer_req_compl(hba, (1UL << tag)); + spin_unlock_irqrestore(host->host_lock, flags); + + clear_bit_unlock(tag, &hba->lrb_in_use); + diff --git a/patches.suse/scsi-ufs-core-Narrow-down-fast-path-in-system-suspend-path b/patches.suse/scsi-ufs-core-Narrow-down-fast-path-in-system-suspend-path new file mode 100644 index 0000000..3ad29ae --- /dev/null +++ b/patches.suse/scsi-ufs-core-Narrow-down-fast-path-in-system-suspend-path @@ -0,0 +1,44 @@ +From: Can Guo +Date: Sun, 25 Apr 2021 20:48:40 -0700 +Subject: scsi: ufs: core: Narrow down fast path in system suspend path +Git-commit: ce4f62f9dd8cf43ac044045ed598a0b80ef33890 +Patch-mainline: v5.13-rc1 +References: bsc#1186996 + +If spm_lvl is set to 0 or 1, when system suspend kicks start and HBA is +runtime active, system suspend may just bail without doing anything (the +fast path), leaving other contexts still running, e.g., clock gating and +clock scaling. When system resume kicks start, concurrency can happen +between ufshcd_resume() and these contexts, leading to various stability +issues. + +Add a check against HBA's runtime state and allowing fast path only if HBA +is runtime suspended, otherwise let system suspend go ahead call +ufshcd_suspend(). This will guarantee that these contexts are stopped by +either runtime suspend or system suspend. + +[lduncan: refreshed since context didn't match.] + +Link: https://lore.kernel.org/r/1619408921-30426-4-git-send-email-cang@codeaurora.org +Fixes: 0b257734344a ("scsi: ufs: optimize system suspend handling") +Reviewed-by: Daejun Park +Signed-off-by: Can Guo +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/ufs/ufshcd.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/ufs/ufshcd.c ++++ b/drivers/scsi/ufs/ufshcd.c +@@ -8033,7 +8033,8 @@ int ufshcd_system_suspend(struct ufs_hba + if ((ufs_get_pm_lvl_to_dev_pwr_mode(hba->spm_lvl) == + hba->curr_dev_pwr_mode) && + (ufs_get_pm_lvl_to_link_pwr_state(hba->spm_lvl) == +- hba->uic_link_state)) ++ hba->uic_link_state) && ++ pm_runtime_suspended(hba->dev)) + goto out; + + if (pm_runtime_suspended(hba->dev)) { + diff --git a/patches.suse/scsi-ufs-qcom-Fix-scheduling-while-atomic-issue b/patches.suse/scsi-ufs-qcom-Fix-scheduling-while-atomic-issue new file mode 100644 index 0000000..947d53d --- /dev/null +++ b/patches.suse/scsi-ufs-qcom-Fix-scheduling-while-atomic-issue @@ -0,0 +1,50 @@ +From: Jeffrey Hugo +Date: Mon, 25 May 2020 13:41:25 -0700 +Subject: scsi: ufs-qcom: Fix scheduling while atomic issue +Git-commit: 3be60b564de49875e47974c37fabced893cd0931 +Patch-mainline: v5.8-rc1 +References: bsc#1187002 + +ufs_qcom_dump_dbg_regs() uses usleep_range, a sleeping function, but can be +called from atomic context in the following flow: + +ufshcd_intr -> ufshcd_sl_intr -> ufshcd_check_errors -> +ufshcd_print_host_regs -> ufshcd_vops_dbg_register_dump -> +ufs_qcom_dump_dbg_regs + +This causes a boot crash on the Lenovo Miix 630 when the interrupt is +handled on the idle thread. + +Fix the issue by switching to udelay(). + +Link: https://lore.kernel.org/r/20200525204125.46171-1-jeffrey.l.hugo@gmail.com +Fixes: 9c46b8676271 ("scsi: ufs-qcom: dump additional testbus registers") +Reviewed-by: Bean Huo +Reviewed-by: Avri Altman +Signed-off-by: Jeffrey Hugo +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/ufs/ufs-qcom.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/scsi/ufs/ufs-qcom.c b/drivers/scsi/ufs/ufs-qcom.c +index 00ce8d6cbb36..2e6ddb5cdfc2 100644 +--- a/drivers/scsi/ufs/ufs-qcom.c ++++ b/drivers/scsi/ufs/ufs-qcom.c +@@ -1658,11 +1658,11 @@ static void ufs_qcom_dump_dbg_regs(struct ufs_hba *hba) + + /* sleep a bit intermittently as we are dumping too much data */ + ufs_qcom_print_hw_debug_reg_all(hba, NULL, ufs_qcom_dump_regs_wrapper); +- usleep_range(1000, 1100); ++ udelay(1000); + ufs_qcom_testbus_read(hba); +- usleep_range(1000, 1100); ++ udelay(1000); + ufs_qcom_print_unipro_testbus(hba); +- usleep_range(1000, 1100); ++ udelay(1000); + } + + /** + diff --git a/patches.suse/scsi-ufs-ufshcd-pltfrm-Fix-deferred-probing b/patches.suse/scsi-ufs-ufshcd-pltfrm-Fix-deferred-probing new file mode 100644 index 0000000..2b3def7 --- /dev/null +++ b/patches.suse/scsi-ufs-ufshcd-pltfrm-Fix-deferred-probing @@ -0,0 +1,35 @@ +From: Sergey Shtylyov +Date: Mon, 29 Mar 2021 23:50:58 +0300 +Subject: scsi: ufs: ufshcd-pltfrm: Fix deferred probing +Git-commit: 339c9b63cc7ce779ce45c675bf709cb58b807fc3 +Patch-mainline: v5.13-rc1 +References: bsc#1187003 + +The driver overrides the error codes returned by platform_get_irq() to +-ENODEV, so if it returns -EPROBE_DEFER, the driver would fail the probe +permanently instead of the deferred probing. Propagate the error code +upstream as it should have been done from the start... + +[lduncan: updated patch since we still have dev_err() calls in our code.] + +Link: https://lore.kernel.org/r/420364ca-614a-45e3-4e35-0e0653c7bc53@omprussia.ru +Fixes: 2953f850c3b8 ("[SCSI] ufs: use devres functions for ufshcd") +Signed-off-by: Sergey Shtylyov +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/ufs/ufshcd-pltfrm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/ufs/ufshcd-pltfrm.c ++++ b/drivers/scsi/ufs/ufshcd-pltfrm.c +@@ -403,7 +403,7 @@ int ufshcd_pltfrm_init(struct platform_d + irq = platform_get_irq(pdev, 0); + if (irq < 0) { + dev_err(dev, "IRQ resource not available\n"); +- err = -ENODEV; ++ err = irq; + goto out; + } + + diff --git a/patches.suse/scsi-ufshcd-use-an-enum-for-quirks b/patches.suse/scsi-ufshcd-use-an-enum-for-quirks new file mode 100644 index 0000000..33d47ea --- /dev/null +++ b/patches.suse/scsi-ufshcd-use-an-enum-for-quirks @@ -0,0 +1,142 @@ +From: Christoph Hellwig +Date: Fri, 21 Feb 2020 06:08:12 -0800 +Subject: scsi: ufshcd: use an enum for quirks +Git-commit: c3f7d1fcb4a26a0f2a45e0e3bd8a1acc19481b8c +Patch-mainline: v5.7-rc1 +References: bsc#1186999 + +Use an enum to specify the various quirks instead of #defines inside the +structure definition. + +[mkp: fix typo] + +Link: https://lore.kernel.org/r/20200221140812.476338-3-hch@lst.de +Reviewed-by: Bart Van Assche +Signed-off-by: Christoph Hellwig +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/scsi/ufs/ufshcd.h | 104 ++++++++++++++++++---------------------------- + 1 file changed, 42 insertions(+), 62 deletions(-) + +--- a/drivers/scsi/ufs/ufshcd.h ++++ b/drivers/scsi/ufs/ufshcd.h +@@ -472,6 +472,48 @@ struct ufs_stats { + struct ufs_err_reg_hist task_abort; + }; + ++enum ufshcd_quirks { ++ /* Interrupt aggregation support is broken */ ++ UFSHCD_QUIRK_BROKEN_INTR_AGGR = 1 << 0, ++ ++ /* ++ * delay before each dme command is required as the unipro ++ * layer has shown instabilities ++ */ ++ UFSHCD_QUIRK_DELAY_BEFORE_DME_CMDS = 1 << 1, ++ ++ /* ++ * If UFS host controller is having issue in processing LCC (Line ++ * Control Command) coming from device then enable this quirk. ++ * When this quirk is enabled, host controller driver should disable ++ * the LCC transmission on UFS device (by clearing TX_LCC_ENABLE ++ * attribute of device to 0). ++ */ ++ UFSHCD_QUIRK_BROKEN_LCC = 1 << 2, ++ ++ /* ++ * The attribute PA_RXHSUNTERMCAP specifies whether or not the ++ * inbound Link supports unterminated line in HS mode. Setting this ++ * attribute to 1 fixes moving to HS gear. ++ */ ++ UFSHCD_QUIRK_BROKEN_PA_RXHSUNTERMCAP = 1 << 3, ++ ++ /* ++ * This quirk needs to be enabled if the host controller only allows ++ * accessing the peer dme attributes in AUTO mode (FAST AUTO or ++ * SLOW AUTO). ++ */ ++ UFSHCD_QUIRK_DME_PEER_ACCESS_AUTO_MODE = 1 << 4, ++ ++ /* ++ * This quirk needs to be enabled if the host controller doesn't ++ * advertise the correct version in UFS_VER register. If this quirk ++ * is enabled, standard UFS host driver will call the vendor specific ++ * ops (get_ufs_hci_version) to get the correct version. ++ */ ++ UFSHCD_QUIRK_BROKEN_UFS_HCI_VERSION = 1 << 5, ++}; ++ + /** + * struct ufs_hba - per adapter private structure + * @mmio_base: UFSHCI base register address +@@ -577,68 +619,6 @@ struct ufs_hba { + bool is_irq_enabled; + enum ufs_ref_clk_freq dev_ref_clk_freq; + +- /* Interrupt aggregation support is broken */ +- #define UFSHCD_QUIRK_BROKEN_INTR_AGGR 0x1 +- +- /* +- * delay before each dme command is required as the unipro +- * layer has shown instabilities +- */ +- #define UFSHCD_QUIRK_DELAY_BEFORE_DME_CMDS 0x2 +- +- /* +- * If UFS host controller is having issue in processing LCC (Line +- * Control Command) coming from device then enable this quirk. +- * When this quirk is enabled, host controller driver should disable +- * the LCC transmission on UFS device (by clearing TX_LCC_ENABLE +- * attribute of device to 0). +- */ +- #define UFSHCD_QUIRK_BROKEN_LCC 0x4 +- +- /* +- * The attribute PA_RXHSUNTERMCAP specifies whether or not the +- * inbound Link supports unterminated line in HS mode. Setting this +- * attribute to 1 fixes moving to HS gear. +- */ +- #define UFSHCD_QUIRK_BROKEN_PA_RXHSUNTERMCAP 0x8 +- +- /* +- * This quirk needs to be enabled if the host contoller only allows +- * accessing the peer dme attributes in AUTO mode (FAST AUTO or +- * SLOW AUTO). +- */ +- #define UFSHCD_QUIRK_DME_PEER_ACCESS_AUTO_MODE 0x10 +- +- /* +- * This quirk needs to be enabled if the host contoller doesn't +- * advertise the correct version in UFS_VER register. If this quirk +- * is enabled, standard UFS host driver will call the vendor specific +- * ops (get_ufs_hci_version) to get the correct version. +- */ +- #define UFSHCD_QUIRK_BROKEN_UFS_HCI_VERSION 0x20 +- +- /* +- * This quirk needs to be enabled if the host contoller regards +- * resolution of the values of PRDTO and PRDTL in UTRD as byte. +- */ +- #define UFSHCD_QUIRK_PRDT_BYTE_GRAN 0x80 +- +- /* +- * Clear handling for transfer/task request list is just opposite. +- */ +- #define UFSHCI_QUIRK_BROKEN_REQ_LIST_CLR 0x100 +- +- /* +- * This quirk needs to be enabled if host controller doesn't allow +- * that the interrupt aggregation timer and counter are reset by s/w. +- */ +- #define UFSHCI_QUIRK_SKIP_RESET_INTR_AGGR 0x200 +- +- /* +- * This quirks needs to be enabled if host controller cannot be +- * enabled via HCE register. +- */ +- #define UFSHCI_QUIRK_BROKEN_HCE 0x400 + unsigned int quirks; /* Deviations from standard UFSHCI spec. */ + + /* Device deviations from standard UFS device spec. */ + diff --git a/patches.suse/staging-rtl8723bs-Fix-uninitialized-variables.patch b/patches.suse/staging-rtl8723bs-Fix-uninitialized-variables.patch new file mode 100644 index 0000000..ee9baa7 --- /dev/null +++ b/patches.suse/staging-rtl8723bs-Fix-uninitialized-variables.patch @@ -0,0 +1,70 @@ +From 43c85d770db80cb135f576f8fde6ff1a08e707a4 Mon Sep 17 00:00:00 2001 +From: Wenli Looi +Date: Mon, 7 Jun 2021 23:46:20 -0700 +Subject: [PATCH] staging: rtl8723bs: Fix uninitialized variables +Git-commit: 43c85d770db80cb135f576f8fde6ff1a08e707a4 +Patch-mainline: v5.13-rc6 +References: git-fixes + +The sinfo.pertid and sinfo.generation variables are not initialized and +it causes a crash when we use this as a wireless access point. + +[ 456.873025] ------------[ cut here ]------------ +[ 456.878198] kernel BUG at mm/slub.c:3968! +[ 456.882680] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM + + [ snip ] + +[ 457.271004] Backtrace: +[ 457.273733] [] (kfree) from [] (nl80211_send_station+0x954/0xfc4) +[ 457.282481] r9:eccca0c0 r8:e8edfec0 r7:00000000 r6:00000011 r5:e80a9480 r4:e8edfe00 +[ 457.291132] [] (nl80211_send_station) from [] (cfg80211_new_sta+0x90/0x1cc) +[ 457.300850] r10:e80a9480 r9:e8edfe00 r8:ea678cca r7:00000a20 r6:00000000 r5:ec46d000 +[ 457.309586] r4:ec46d9e0 +[ 457.312433] [] (cfg80211_new_sta) from [] (rtw_cfg80211_indicate_sta_assoc+0x80/0x9c [r8723bs]) +[ 457.324095] r10:00009930 r9:e85b9d80 r8:bf091050 r7:00000000 r6:00000000 r5:0000001c +[ 457.332831] r4:c1606788 +[ 457.335692] [] (rtw_cfg80211_indicate_sta_assoc [r8723bs]) from [] (rtw_stassoc_event_callback+0x1c8/0x1d4 [r8723bs]) +[ 457.349489] r7:ea678cc0 r6:000000a1 r5:f1225f84 r4:f086b000 +[ 457.355845] [] (rtw_stassoc_event_callback [r8723bs]) from [] (mlme_evt_hdl+0x8c/0xb4 [r8723bs]) +[ 457.367601] r7:c1604900 r6:f086c4b8 r5:00000000 r4:f086c000 +[ 457.373959] [] (mlme_evt_hdl [r8723bs]) from [] (rtw_cmd_thread+0x198/0x3d8 [r8723bs]) +[ 457.384744] r5:f086e000 r4:f086c000 +[ 457.388754] [] (rtw_cmd_thread [r8723bs]) from [] (kthread+0x170/0x174) +[ 457.398083] r10:ed7a57e8 r9:bf0367a4 r8:f086b000 r7:e8ede000 r6:00000000 r5:e9975200 +[ 457.406828] r4:e8369900 +[ 457.409653] [] (kthread) from [] (ret_from_fork+0x14/0x2c) +[ 457.417718] Exception stack(0xe8edffb0 to 0xe8edfff8) +[ 457.423356] ffa0: 00000000 00000000 00000000 00000000 +[ 457.432492] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 +[ 457.441618] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 +[ 457.449006] r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c014a0a4 +[ 457.457750] r4:e9975200 +[ 457.460574] Code: 1a000003 e5953004 e3130001 1a000000 (e7f001f2) +[ 457.467381] ---[ end trace 4acbc8c15e9e6aa7 ]--- + +Link: https://forum.armbian.com/topic/14727-wifi-ap-kernel-bug-in-kernel-5444/ +Fixes: 8689c051a201 ("cfg80211: dynamically allocate per-tid stats for station info") +Fixes: f5ea9120be2e ("nl80211: add generation number to all dumps") +Signed-off-by: Wenli Looi +Reviewed-by: Dan Carpenter +Cc: stable +Link: https://lore.kernel.org/r/20210608064620.74059-1-wlooi@ucalgary.ca +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c ++++ b/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c +@@ -2416,7 +2416,7 @@ void rtw_cfg80211_indicate_sta_assoc(str + DBG_871X(FUNC_ADPT_FMT"\n", FUNC_ADPT_ARG(padapter)); + + { +- struct station_info sinfo; ++ struct station_info sinfo = {}; + u8 ie_offset; + if (GetFrameSubType(pmgmt_frame) == WIFI_ASSOCREQ) + ie_offset = _ASOCREQ_IE_OFFSET_; diff --git a/patches.suse/thunderbolt-usb4-Fix-NVM-read-buffer-bounds-and-offs.patch b/patches.suse/thunderbolt-usb4-Fix-NVM-read-buffer-bounds-and-offs.patch new file mode 100644 index 0000000..ca814bf --- /dev/null +++ b/patches.suse/thunderbolt-usb4-Fix-NVM-read-buffer-bounds-and-offs.patch @@ -0,0 +1,67 @@ +From 22c7a18ed5f007faccb7527bc890463763214081 Mon Sep 17 00:00:00 2001 +From: Mathias Nyman +Date: Thu, 25 Mar 2021 10:32:50 +0200 +Subject: [PATCH] thunderbolt: usb4: Fix NVM read buffer bounds and offset issue +Git-commit: 22c7a18ed5f007faccb7527bc890463763214081 +Patch-mainline: v5.13-rc4 +References: git-fixes + +Up to 64 bytes of data can be read from NVM in one go. +Read address must be dword aligned. Data is read into a local buffer. + +If caller asks to read data starting at an unaligned address then full +dword is anyway read from NVM into a local buffer. Data is then copied +from the local buffer starting at the unaligned offset to the caller +buffer. + +In cases where asked data length + unaligned offset is over 64 bytes +we need to make sure we don't read past the 64 bytes in the local +buffer when copying to caller buffer, and make sure that we don't +skip copying unaligned offset bytes from local buffer anymore after +the first round of 64 byte NVM data read. + +Fixes: b04079837b20 ("thunderbolt: Add initial support for USB4") +Cc: stable@vger.kernel.org +Signed-off-by: Mathias Nyman +Signed-off-by: Mika Westerberg +Acked-by: Takashi Iwai + +--- + drivers/thunderbolt/usb4.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/drivers/thunderbolt/usb4.c b/drivers/thunderbolt/usb4.c +index 680bc738dd66..671d72af8ba1 100644 +--- a/drivers/thunderbolt/usb4.c ++++ b/drivers/thunderbolt/usb4.c +@@ -68,15 +68,15 @@ static int usb4_do_read_data(u16 address, void *buf, size_t size, + unsigned int retries = USB4_DATA_RETRIES; + unsigned int offset; + +- offset = address & 3; +- address = address & ~3; +- + do { +- size_t nbytes = min_t(size_t, size, USB4_DATA_DWORDS * 4); + unsigned int dwaddress, dwords; + u8 data[USB4_DATA_DWORDS * 4]; ++ size_t nbytes; + int ret; + ++ offset = address & 3; ++ nbytes = min_t(size_t, size + offset, USB4_DATA_DWORDS * 4); ++ + dwaddress = address / 4; + dwords = ALIGN(nbytes, 4) / 4; + +@@ -87,6 +87,7 @@ static int usb4_do_read_data(u16 address, void *buf, size_t size, + return ret; + } + ++ nbytes -= offset; + memcpy(buf, data + offset, nbytes); + + size -= nbytes; +-- +2.26.2 + diff --git a/patches.suse/usb-fix-various-gadgets-null-ptr-deref-on-10gbps-cab.patch b/patches.suse/usb-fix-various-gadgets-null-ptr-deref-on-10gbps-cab.patch new file mode 100644 index 0000000..a84a0a6 --- /dev/null +++ b/patches.suse/usb-fix-various-gadgets-null-ptr-deref-on-10gbps-cab.patch @@ -0,0 +1,186 @@ +From 90c4d05780d47e14a50e11a7f17373104cd47d25 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= +Date: Mon, 7 Jun 2021 21:41:41 -0700 +Subject: [PATCH] usb: fix various gadgets null ptr deref on 10gbps cabling. +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 90c4d05780d47e14a50e11a7f17373104cd47d25 +Patch-mainline: v5.13-rc6 +References: git-fixes + +This avoids a null pointer dereference in +f_{ecm,eem,hid,loopback,printer,rndis,serial,sourcesink,subset,tcm} +by simply reusing the 5gbps config for 10gbps. + +Fixes: eaef50c76057 ("usb: gadget: Update usb_assign_descriptors for SuperSpeedPlus") +Cc: Christophe JAILLET +Cc: Felipe Balbi +Cc: Gustavo A. R. Silva +Cc: Lorenzo Colitti +Cc: Martin K. Petersen +Cc: Michael R Sweet +Cc: Mike Christie +Cc: Pawel Laszczak +Cc: Peter Chen +Cc: Sudhakar Panneerselvam +Cc: Wei Ming Chen +Cc: Will McVicker +Cc: Zqiang +Reviewed-by: Lorenzo Colitti +Cc: stable +Signed-off-by: Maciej Å»enczykowski +Link: https://lore.kernel.org/r/20210608044141.3898496-1-zenczykowski@gmail.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/gadget/function/f_ecm.c | 2 +- + drivers/usb/gadget/function/f_eem.c | 2 +- + drivers/usb/gadget/function/f_hid.c | 3 ++- + drivers/usb/gadget/function/f_loopback.c | 2 +- + drivers/usb/gadget/function/f_printer.c | 3 ++- + drivers/usb/gadget/function/f_rndis.c | 2 +- + drivers/usb/gadget/function/f_serial.c | 2 +- + drivers/usb/gadget/function/f_sourcesink.c | 3 ++- + drivers/usb/gadget/function/f_subset.c | 2 +- + drivers/usb/gadget/function/f_tcm.c | 3 ++- + 10 files changed, 14 insertions(+), 10 deletions(-) + +diff --git a/drivers/usb/gadget/function/f_ecm.c b/drivers/usb/gadget/function/f_ecm.c +index 7f5cf488b2b1..ffe2486fce71 100644 +--- a/drivers/usb/gadget/function/f_ecm.c ++++ b/drivers/usb/gadget/function/f_ecm.c +@@ -791,7 +791,7 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) + fs_ecm_notify_desc.bEndpointAddress; + + status = usb_assign_descriptors(f, ecm_fs_function, ecm_hs_function, +- ecm_ss_function, NULL); ++ ecm_ss_function, ecm_ss_function); + if (status) + goto fail; + +diff --git a/drivers/usb/gadget/function/f_eem.c b/drivers/usb/gadget/function/f_eem.c +index cfcc4e81fb77..e6cb38439c41 100644 +--- a/drivers/usb/gadget/function/f_eem.c ++++ b/drivers/usb/gadget/function/f_eem.c +@@ -302,7 +302,7 @@ static int eem_bind(struct usb_configuration *c, struct usb_function *f) + eem_ss_out_desc.bEndpointAddress = eem_fs_out_desc.bEndpointAddress; + + status = usb_assign_descriptors(f, eem_fs_function, eem_hs_function, +- eem_ss_function, NULL); ++ eem_ss_function, eem_ss_function); + if (status) + goto fail; + +diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c +index 1125f4715830..e55699308117 100644 +--- a/drivers/usb/gadget/function/f_hid.c ++++ b/drivers/usb/gadget/function/f_hid.c +@@ -802,7 +802,8 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f) + hidg_fs_out_ep_desc.bEndpointAddress; + + status = usb_assign_descriptors(f, hidg_fs_descriptors, +- hidg_hs_descriptors, hidg_ss_descriptors, NULL); ++ hidg_hs_descriptors, hidg_ss_descriptors, ++ hidg_ss_descriptors); + if (status) + goto fail; + +diff --git a/drivers/usb/gadget/function/f_loopback.c b/drivers/usb/gadget/function/f_loopback.c +index b56ad7c3838b..ae41f556eb75 100644 +--- a/drivers/usb/gadget/function/f_loopback.c ++++ b/drivers/usb/gadget/function/f_loopback.c +@@ -207,7 +207,7 @@ static int loopback_bind(struct usb_configuration *c, struct usb_function *f) + ss_loop_sink_desc.bEndpointAddress = fs_loop_sink_desc.bEndpointAddress; + + ret = usb_assign_descriptors(f, fs_loopback_descs, hs_loopback_descs, +- ss_loopback_descs, NULL); ++ ss_loopback_descs, ss_loopback_descs); + if (ret) + return ret; + +diff --git a/drivers/usb/gadget/function/f_printer.c b/drivers/usb/gadget/function/f_printer.c +index f47fdc1fa7f1..59d382fe1bbf 100644 +--- a/drivers/usb/gadget/function/f_printer.c ++++ b/drivers/usb/gadget/function/f_printer.c +@@ -1101,7 +1101,8 @@ static int printer_func_bind(struct usb_configuration *c, + ss_ep_out_desc.bEndpointAddress = fs_ep_out_desc.bEndpointAddress; + + ret = usb_assign_descriptors(f, fs_printer_function, +- hs_printer_function, ss_printer_function, NULL); ++ hs_printer_function, ss_printer_function, ++ ss_printer_function); + if (ret) + return ret; + +diff --git a/drivers/usb/gadget/function/f_rndis.c b/drivers/usb/gadget/function/f_rndis.c +index 0739b05a0ef7..ee95e8f5f9d4 100644 +--- a/drivers/usb/gadget/function/f_rndis.c ++++ b/drivers/usb/gadget/function/f_rndis.c +@@ -789,7 +789,7 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) + ss_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress; + + status = usb_assign_descriptors(f, eth_fs_function, eth_hs_function, +- eth_ss_function, NULL); ++ eth_ss_function, eth_ss_function); + if (status) + goto fail; + +diff --git a/drivers/usb/gadget/function/f_serial.c b/drivers/usb/gadget/function/f_serial.c +index e62713846350..1ed8ff0ac2d3 100644 +--- a/drivers/usb/gadget/function/f_serial.c ++++ b/drivers/usb/gadget/function/f_serial.c +@@ -233,7 +233,7 @@ static int gser_bind(struct usb_configuration *c, struct usb_function *f) + gser_ss_out_desc.bEndpointAddress = gser_fs_out_desc.bEndpointAddress; + + status = usb_assign_descriptors(f, gser_fs_function, gser_hs_function, +- gser_ss_function, NULL); ++ gser_ss_function, gser_ss_function); + if (status) + goto fail; + dev_dbg(&cdev->gadget->dev, "generic ttyGS%d: %s speed IN/%s OUT/%s\n", +diff --git a/drivers/usb/gadget/function/f_sourcesink.c b/drivers/usb/gadget/function/f_sourcesink.c +index 5a201ba7b155..1abf08e5164a 100644 +--- a/drivers/usb/gadget/function/f_sourcesink.c ++++ b/drivers/usb/gadget/function/f_sourcesink.c +@@ -431,7 +431,8 @@ sourcesink_bind(struct usb_configuration *c, struct usb_function *f) + ss_iso_sink_desc.bEndpointAddress = fs_iso_sink_desc.bEndpointAddress; + + ret = usb_assign_descriptors(f, fs_source_sink_descs, +- hs_source_sink_descs, ss_source_sink_descs, NULL); ++ hs_source_sink_descs, ss_source_sink_descs, ++ ss_source_sink_descs); + if (ret) + return ret; + +diff --git a/drivers/usb/gadget/function/f_subset.c b/drivers/usb/gadget/function/f_subset.c +index 4d945254905d..51c1cae162d9 100644 +--- a/drivers/usb/gadget/function/f_subset.c ++++ b/drivers/usb/gadget/function/f_subset.c +@@ -358,7 +358,7 @@ geth_bind(struct usb_configuration *c, struct usb_function *f) + fs_subset_out_desc.bEndpointAddress; + + status = usb_assign_descriptors(f, fs_eth_function, hs_eth_function, +- ss_eth_function, NULL); ++ ss_eth_function, ss_eth_function); + if (status) + goto fail; + +diff --git a/drivers/usb/gadget/function/f_tcm.c b/drivers/usb/gadget/function/f_tcm.c +index 7acb507946e6..de161ee0b1f9 100644 +--- a/drivers/usb/gadget/function/f_tcm.c ++++ b/drivers/usb/gadget/function/f_tcm.c +@@ -2057,7 +2057,8 @@ static int tcm_bind(struct usb_configuration *c, struct usb_function *f) + uasp_fs_cmd_desc.bEndpointAddress = uasp_ss_cmd_desc.bEndpointAddress; + + ret = usb_assign_descriptors(f, uasp_fs_function_desc, +- uasp_hs_function_desc, uasp_ss_function_desc, NULL); ++ uasp_hs_function_desc, uasp_ss_function_desc, ++ uasp_ss_function_desc); + if (ret) + goto ep_fail; + +-- +2.26.2 + diff --git a/patches.suse/usb-musb-fix-MUSB_QUIRK_B_DISCONNECT_99-handling.patch b/patches.suse/usb-musb-fix-MUSB_QUIRK_B_DISCONNECT_99-handling.patch new file mode 100644 index 0000000..3b5e8a3 --- /dev/null +++ b/patches.suse/usb-musb-fix-MUSB_QUIRK_B_DISCONNECT_99-handling.patch @@ -0,0 +1,65 @@ +From b65ba0c362be665192381cc59e3ac3ef6f0dd1e1 Mon Sep 17 00:00:00 2001 +From: Thomas Petazzoni +Date: Fri, 28 May 2021 16:04:46 +0200 +Subject: [PATCH] usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling +Git-commit: b65ba0c362be665192381cc59e3ac3ef6f0dd1e1 +Patch-mainline: v5.13-rc6 +References: git-fixes + +In commit 92af4fc6ec33 ("usb: musb: Fix suspend with devices +connected for a64"), the logic to support the +MUSB_QUIRK_B_DISCONNECT_99 quirk was modified to only conditionally +schedule the musb->irq_work delayed work. + +This commit badly breaks ECM Gadget on AM335X. Indeed, with this +commit, one can observe massive packet loss: + +$ ping 192.168.0.100 +... +15 packets transmitted, 3 received, 80% packet loss, time 14316ms + +Reverting this commit brings back a properly functioning ECM +Gadget. An analysis of the commit seems to indicate that a mistake was +Made: the previous code was not falling through into the +MUSB_QUIRK_B_INVALID_VBUS_91, but now it is, unless the condition is +taken. + +Changing the logic to be as it was before the problematic commit *and* +only conditionally scheduling musb->irq_work resolves the regression: + +$ ping 192.168.0.100 +... +64 packets transmitted, 64 received, 0% packet loss, time 64475ms + +Fixes: 92af4fc6ec33 ("usb: musb: Fix suspend with devices connected for a64") +Cc: stable@vger.kernel.org +Tested-by: Alexandre Belloni +Tested-by: Drew Fustini +Acked-by: Tony Lindgren +Signed-off-by: Thomas Petazzoni +Link: https://lore.kernel.org/r/20210528140446.278076-1-thomas.petazzoni@bootlin.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/musb/musb_core.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c +index 8f09a387b773..4c8f0112481f 100644 +--- a/drivers/usb/musb/musb_core.c ++++ b/drivers/usb/musb/musb_core.c +@@ -2009,9 +2009,8 @@ static void musb_pm_runtime_check_session(struct musb *musb) + schedule_delayed_work(&musb->irq_work, + msecs_to_jiffies(1000)); + musb->quirk_retries--; +- break; + } +- fallthrough; ++ break; + case MUSB_QUIRK_B_INVALID_VBUS_91: + if (musb->quirk_retries && !musb->flush_irq_work) { + musb_dbg(musb, +-- +2.26.2 + diff --git a/patches.suse/usb-pd-Set-PD_T_SINK_WAIT_CAP-to-310ms.patch b/patches.suse/usb-pd-Set-PD_T_SINK_WAIT_CAP-to-310ms.patch new file mode 100644 index 0000000..ec6d34a --- /dev/null +++ b/patches.suse/usb-pd-Set-PD_T_SINK_WAIT_CAP-to-310ms.patch @@ -0,0 +1,36 @@ +From 6490fa565534fa83593278267785a694fd378a2b Mon Sep 17 00:00:00 2001 +From: Kyle Tso +Date: Fri, 28 May 2021 16:16:13 +0800 +Subject: [PATCH] usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms +Git-commit: 6490fa565534fa83593278267785a694fd378a2b +Patch-mainline: v5.13-rc6 +References: git-fixes + +Current timer PD_T_SINK_WAIT_CAP is set to 240ms which will violate the +SinkWaitCapTimer (tTypeCSinkWaitCap 310 - 620 ms) defined in the PD +Spec if the port is faster enough when running the state machine. Set it +to the lower bound 310ms to ensure the timeout is in Spec. + +Fixes: f0690a25a140 ("staging: typec: USB Type-C Port Manager (tcpm)") +Cc: stable +Reviewed-by: Guenter Roeck +Signed-off-by: Kyle Tso +Link: https://lore.kernel.org/r/20210528081613.730661-1-kyletso@google.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + include/linux/usb/pd.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/linux/usb/pd.h ++++ b/include/linux/usb/pd.h +@@ -425,7 +425,7 @@ static inline unsigned int rdo_max_power + #define PD_T_SENDER_RESPONSE 60 /* 24 - 30 ms, relaxed */ + #define PD_T_SOURCE_ACTIVITY 45 + #define PD_T_SINK_ACTIVITY 135 +-#define PD_T_SINK_WAIT_CAP 240 ++#define PD_T_SINK_WAIT_CAP 310 /* 310 - 620 ms */ + #define PD_T_PS_TRANSITION 500 + #define PD_T_SRC_TRANSITION 35 + #define PD_T_DRP_SNK 40 diff --git a/patches.suse/usb-typec-intel_pmc_mux-Put-fwnode-in-error-case-dur.patch b/patches.suse/usb-typec-intel_pmc_mux-Put-fwnode-in-error-case-dur.patch new file mode 100644 index 0000000..6e0c26d --- /dev/null +++ b/patches.suse/usb-typec-intel_pmc_mux-Put-fwnode-in-error-case-dur.patch @@ -0,0 +1,43 @@ +From 1a85b350a7741776a406005b943e3dec02c424ed Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Mon, 7 Jun 2021 23:50:05 +0300 +Subject: [PATCH] usb: typec: intel_pmc_mux: Put fwnode in error case during ->probe() +Git-commit: 1a85b350a7741776a406005b943e3dec02c424ed +Patch-mainline: v5.13-rc6 +References: git-fixes + +device_get_next_child_node() bumps a reference counting of a returned variable. +We have to balance it whenever we return to the caller. + +Fixes: 6701adfa9693 ("usb: typec: driver for Intel PMC mux control") +Cc: Heikki Krogerus +Reviewed-by: Heikki Krogerus +Signed-off-by: Andy Shevchenko +Cc: stable +Link: https://lore.kernel.org/r/20210607205007.71458-1-andy.shevchenko@gmail.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/typec/mux/intel_pmc_mux.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/usb/typec/mux/intel_pmc_mux.c b/drivers/usb/typec/mux/intel_pmc_mux.c +index 46a25b8db72e..96d8c5a04680 100644 +--- a/drivers/usb/typec/mux/intel_pmc_mux.c ++++ b/drivers/usb/typec/mux/intel_pmc_mux.c +@@ -636,8 +636,10 @@ static int pmc_usb_probe(struct platform_device *pdev) + break; + + ret = pmc_usb_register_port(pmc, i, fwnode); +- if (ret) ++ if (ret) { ++ fwnode_handle_put(fwnode); + goto err_remove_ports; ++ } + } + + platform_set_drvdata(pdev, pmc); +-- +2.26.2 + diff --git a/patches.suse/usb-typec-mux-Fix-copy-paste-mistake-in-typec_mux_ma.patch b/patches.suse/usb-typec-mux-Fix-copy-paste-mistake-in-typec_mux_ma.patch new file mode 100644 index 0000000..e71d249 --- /dev/null +++ b/patches.suse/usb-typec-mux-Fix-copy-paste-mistake-in-typec_mux_ma.patch @@ -0,0 +1,37 @@ +From 142d0b24c1b17139f1aaaacae7542a38aa85640f Mon Sep 17 00:00:00 2001 +From: Bjorn Andersson +Date: Wed, 9 Jun 2021 17:21:32 -0700 +Subject: [PATCH] usb: typec: mux: Fix copy-paste mistake in typec_mux_match +Git-commit: 142d0b24c1b17139f1aaaacae7542a38aa85640f +Patch-mainline: v5.13-rc6 +References: git-fixes + +Fix the copy-paste mistake in the return path of typec_mux_match(), +where dev is considered a member of struct typec_switch rather than +struct typec_mux. + +The two structs are identical in regards to having the struct device as +the first entry, so this provides no functional change. + +Fixes: 3370db35193b ("usb: typec: Registering real device entries for the muxes") +Reviewed-by: Heikki Krogerus +Signed-off-by: Bjorn Andersson +Link: https://lore.kernel.org/r/20210610002132.3088083-1-bjorn.andersson@linaro.org +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/typec/mux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/usb/typec/mux.c ++++ b/drivers/usb/typec/mux.c +@@ -244,7 +244,7 @@ find_mux: + dev = class_find_device(&typec_mux_class, NULL, con->fwnode, + mux_fwnode_match); + +- return dev ? to_typec_switch(dev) : ERR_PTR(-EPROBE_DEFER); ++ return dev ? to_typec_mux(dev) : ERR_PTR(-EPROBE_DEFER); + } + + /** diff --git a/patches.suse/usb-typec-ucsi-Clear-PPM-capability-data-in-ucsi_ini.patch b/patches.suse/usb-typec-ucsi-Clear-PPM-capability-data-in-ucsi_ini.patch new file mode 100644 index 0000000..20cddf5 --- /dev/null +++ b/patches.suse/usb-typec-ucsi-Clear-PPM-capability-data-in-ucsi_ini.patch @@ -0,0 +1,49 @@ +From f247f0a82a4f8c3bfed178d8fd9e069d1424ee4e Mon Sep 17 00:00:00 2001 +From: Mayank Rana +Date: Wed, 9 Jun 2021 00:35:35 -0700 +Subject: [PATCH] usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path +Git-commit: f247f0a82a4f8c3bfed178d8fd9e069d1424ee4e +Patch-mainline: v5.13-rc6 +References: git-fixes + +If ucsi_init() fails for some reason (e.g. ucsi_register_port() +fails or general communication failure to the PPM), particularly at +any point after the GET_CAPABILITY command had been issued, this +results in unwinding the initialization and returning an error. +However the ucsi structure's ucsi_capability member retains its +current value, including likely a non-zero num_connectors. +And because ucsi_init() itself is done in a workqueue a UCSI +interface driver will be unaware that it failed and may think the +ucsi_register() call was completely successful. Later, if +ucsi_unregister() is called, due to this stale ucsi->cap value it +would try to access the items in the ucsi->connector array which +might not be in a proper state or not even allocated at all and +results in NULL or invalid pointer dereference. + +Fix this by clearing the ucsi->cap value to 0 during the error +path of ucsi_init() in order to prevent a later ucsi_unregister() +from entering the connector cleanup loop. + +Fixes: c1b0bc2dabfa ("usb: typec: Add support for UCSI interface") +Cc: stable@vger.kernel.org +Acked-by: Heikki Krogerus +Signed-off-by: Mayank Rana +Signed-off-by: Jack Pham +Link: https://lore.kernel.org/r/20210609073535.5094-1-jackp@codeaurora.org +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/typec/ucsi/ucsi.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/usb/typec/ucsi/ucsi.c ++++ b/drivers/usb/typec/ucsi/ucsi.c +@@ -1118,6 +1118,7 @@ err_unregister: + } + + err_reset: ++ memset(&ucsi->cap, 0, sizeof(ucsi->cap)); + ucsi_reset_ppm(ucsi); + err: + return ret; diff --git a/patches.suse/usb-typec-wcove-Use-LE-to-CPU-conversion-when-access.patch b/patches.suse/usb-typec-wcove-Use-LE-to-CPU-conversion-when-access.patch new file mode 100644 index 0000000..b96c200 --- /dev/null +++ b/patches.suse/usb-typec-wcove-Use-LE-to-CPU-conversion-when-access.patch @@ -0,0 +1,46 @@ +From d5ab95da2a41567440097c277c5771ad13928dad Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Wed, 9 Jun 2021 20:22:02 +0300 +Subject: [PATCH] usb: typec: wcove: Use LE to CPU conversion when accessing msg->header +Git-commit: d5ab95da2a41567440097c277c5771ad13928dad +Patch-mainline: v5.13-rc6 +References: git-fixes + +As LKP noticed the Sparse is not happy about strict type handling: + .../typec/tcpm/wcove.c:380:50: sparse: expected unsigned short [usertype] header + .../typec/tcpm/wcove.c:380:50: sparse: got restricted __le16 const [usertype] header + +Fix this by switching to use pd_header_cnt_le() instead of pd_header_cnt() +in the affected code. + +Fixes: ae8a2ca8a221 ("usb: typec: Group all TCPCI/TCPM code together") +Fixes: 3c4fb9f16921 ("usb: typec: wcove: start using tcpm for USB PD support") +Reported-by: kernel test robot +Reviewed-by: Heikki Krogerus +Reviewed-by: Guenter Roeck +Signed-off-by: Andy Shevchenko +Link: https://lore.kernel.org/r/20210609172202.83377-1-andriy.shevchenko@linux.intel.com +Cc: stable +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/typec/tcpm/wcove.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/usb/typec/tcpm/wcove.c b/drivers/usb/typec/tcpm/wcove.c +index 79ae63950050..5d125339687a 100644 +--- a/drivers/usb/typec/tcpm/wcove.c ++++ b/drivers/usb/typec/tcpm/wcove.c +@@ -378,7 +378,7 @@ static int wcove_pd_transmit(struct tcpc_dev *tcpc, + const u8 *data = (void *)msg; + int i; + +- for (i = 0; i < pd_header_cnt(msg->header) * 4 + 2; i++) { ++ for (i = 0; i < pd_header_cnt_le(msg->header) * 4 + 2; i++) { + ret = regmap_write(wcove->regmap, USBC_TX_DATA + i, + data[i]); + if (ret) +-- +2.26.2 + diff --git a/patches.suse/vfio-pci-Fix-error-return-code-in-vfio_ecap_init.patch b/patches.suse/vfio-pci-Fix-error-return-code-in-vfio_ecap_init.patch new file mode 100644 index 0000000..57cd8d9 --- /dev/null +++ b/patches.suse/vfio-pci-Fix-error-return-code-in-vfio_ecap_init.patch @@ -0,0 +1,39 @@ +From d1ce2c79156d3baf0830990ab06d296477b93c26 Mon Sep 17 00:00:00 2001 +From: Zhen Lei +Date: Sat, 15 May 2021 10:04:58 +0800 +Subject: [PATCH] vfio/pci: Fix error return code in vfio_ecap_init() +Git-commit: d1ce2c79156d3baf0830990ab06d296477b93c26 +Patch-mainline: v5.13-rc5 +References: git-fixes + +The error code returned from vfio_ext_cap_len() is stored in 'len', not +in 'ret'. + +Fixes: 89e1f7d4c66d ("vfio: Add PCI device driver") +Reported-by: Hulk Robot +Signed-off-by: Zhen Lei +Reviewed-by: Max Gurtovoy +Message-id: <20210515020458.6771-1-thunder.leizhen@huawei.com> +Signed-off-by: Alex Williamson +Acked-by: Takashi Iwai + +--- + drivers/vfio/pci/vfio_pci_config.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/vfio/pci/vfio_pci_config.c b/drivers/vfio/pci/vfio_pci_config.c +index d57f037f65b8..70e28efbc51f 100644 +--- a/drivers/vfio/pci/vfio_pci_config.c ++++ b/drivers/vfio/pci/vfio_pci_config.c +@@ -1581,7 +1581,7 @@ static int vfio_ecap_init(struct vfio_pci_device *vdev) + if (len == 0xFF) { + len = vfio_ext_cap_len(vdev, ecap, epos); + if (len < 0) +- return ret; ++ return len; + } + } + +-- +2.26.2 + diff --git a/patches.suse/vfio-pci-zap_vma_ptes-needs-MMU.patch b/patches.suse/vfio-pci-zap_vma_ptes-needs-MMU.patch new file mode 100644 index 0000000..0d001ec --- /dev/null +++ b/patches.suse/vfio-pci-zap_vma_ptes-needs-MMU.patch @@ -0,0 +1,48 @@ +From 2a55ca37350171d9b43d561528f23d4130097255 Mon Sep 17 00:00:00 2001 +From: Randy Dunlap +Date: Sat, 15 May 2021 12:08:56 -0700 +Subject: [PATCH] vfio/pci: zap_vma_ptes() needs MMU +Git-commit: 2a55ca37350171d9b43d561528f23d4130097255 +Patch-mainline: v5.13-rc5 +References: git-fixes + +zap_vma_ptes() is only available when CONFIG_MMU is set/enabled. +Without CONFIG_MMU, vfio_pci.o has build errors, so make +VFIO_PCI depend on MMU. + +Riscv64-linux-ld: drivers/vfio/pci/vfio_pci.o: in function `vfio_pci_mmap_open': +vfio_pci.c:(.text+0x1ec): undefined reference to `zap_vma_ptes' +Riscv64-linux-ld: drivers/vfio/pci/vfio_pci.o: in function `.L0 ': +vfio_pci.c:(.text+0x165c): undefined reference to `zap_vma_ptes' + +Fixes: 11c4cd07ba11 ("vfio-pci: Fault mmaps to enable vma tracking") +Signed-off-by: Randy Dunlap +Reported-by: kernel test robot +Cc: Alex Williamson +Cc: Cornelia Huck +Cc: kvm@vger.kernel.org +Cc: Jason Gunthorpe +Cc: Eric Auger +Message-id: <20210515190856.2130-1-rdunlap@infradead.org> +Signed-off-by: Alex Williamson +Acked-by: Takashi Iwai + +--- + drivers/vfio/pci/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/vfio/pci/Kconfig b/drivers/vfio/pci/Kconfig +index 53ce78d7d07b..5e2e1b9a9fd3 100644 +--- a/drivers/vfio/pci/Kconfig ++++ b/drivers/vfio/pci/Kconfig +@@ -2,6 +2,7 @@ + config VFIO_PCI + tristate "VFIO support for PCI devices" + depends on VFIO && PCI && EVENTFD ++ depends on MMU + select VFIO_VIRQFD + select IRQ_BYPASS_MANAGER + help +-- +2.26.2 + diff --git a/patches.suse/vfio-platform-fix-module_put-call-in-error-flow.patch b/patches.suse/vfio-platform-fix-module_put-call-in-error-flow.patch new file mode 100644 index 0000000..ccf1572 --- /dev/null +++ b/patches.suse/vfio-platform-fix-module_put-call-in-error-flow.patch @@ -0,0 +1,37 @@ +From dc51ff91cf2d1e9a2d941da483602f71d4a51472 Mon Sep 17 00:00:00 2001 +From: Max Gurtovoy +Date: Tue, 18 May 2021 22:21:31 +0300 +Subject: [PATCH] vfio/platform: fix module_put call in error flow +Git-commit: dc51ff91cf2d1e9a2d941da483602f71d4a51472 +Patch-mainline: v5.13-rc5 +References: git-fixes + +The ->parent_module is the one that use in try_module_get. It should +also be the one the we use in module_put during vfio_platform_open(). + +Fixes: 32a2d71c4e80 ("vfio: platform: introduce vfio-platform-base module") +Signed-off-by: Max Gurtovoy +Message-id: <20210518192133.59195-1-mgurtovoy@nvidia.com> +Signed-off-by: Alex Williamson +Acked-by: Takashi Iwai + +--- + drivers/vfio/platform/vfio_platform_common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/vfio/platform/vfio_platform_common.c b/drivers/vfio/platform/vfio_platform_common.c +index 361e5b57e369..470fcf7dac56 100644 +--- a/drivers/vfio/platform/vfio_platform_common.c ++++ b/drivers/vfio/platform/vfio_platform_common.c +@@ -291,7 +291,7 @@ static int vfio_platform_open(struct vfio_device *core_vdev) + vfio_platform_regions_cleanup(vdev); + err_reg: + mutex_unlock(&driver_lock); +- module_put(THIS_MODULE); ++ module_put(vdev->parent_module); + return ret; + } + +-- +2.26.2 + diff --git a/patches.suse/vmlinux.lds.h-Avoid-orphan-section-with-SMP.patch b/patches.suse/vmlinux.lds.h-Avoid-orphan-section-with-SMP.patch new file mode 100644 index 0000000..d131129 --- /dev/null +++ b/patches.suse/vmlinux.lds.h-Avoid-orphan-section-with-SMP.patch @@ -0,0 +1,58 @@ +From d4c6399900364facd84c9e35ce1540b6046c345f Mon Sep 17 00:00:00 2001 +From: Nathan Chancellor +Date: Wed, 5 May 2021 17:14:11 -0700 +Subject: [PATCH] vmlinux.lds.h: Avoid orphan section with !SMP +Git-commit: d4c6399900364facd84c9e35ce1540b6046c345f +References: git-fixes +Patch-mainline: v5.13-rc6 + +With x86_64_defconfig and the following configs, there is an orphan +section warning: + +CONFIG_SMP=n +CONFIG_AMD_MEM_ENCRYPT=y +CONFIG_HYPERVISOR_GUEST=y +CONFIG_KVM=y +CONFIG_PARAVIRT=y + +ld: warning: orphan section `.data..decrypted' from `arch/x86/kernel/cpu/vmware.o' being placed in section `.data..decrypted' +ld: warning: orphan section `.data..decrypted' from `arch/x86/kernel/kvm.o' being placed in section `.data..decrypted' + +These sections are created with DEFINE_PER_CPU_DECRYPTED, which +ultimately turns into __PCPU_ATTRS, which in turn has a section +attribute with a value of PER_CPU_BASE_SECTION + the section name. When +CONFIG_SMP is not set, the base section is .data and that is not +currently handled in any linker script. + +Add .data..decrypted to PERCPU_DECRYPTED_SECTION, which is included in +PERCPU_INPUT -> PERCPU_SECTION, which is include in the x86 linker +script when either CONFIG_X86_64 or CONFIG_SMP is unset, taking care of +the warning. + +Fixes: ac26963a1175 ("percpu: Introduce DEFINE_PER_CPU_DECRYPTED") +Link: https://github.com/ClangBuiltLinux/linux/issues/1360 +Reported-by: kernel test robot +Signed-off-by: Nathan Chancellor +Tested-by: Nick Desaulniers # build +Signed-off-by: Kees Cook +Link: https://lore.kernel.org/r/20210506001410.1026691-1-nathan@kernel.org +Signed-off-by: Oliver Neukum +--- + include/asm-generic/vmlinux.lds.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h +index 40a9c101565e..17325416e2de 100644 +--- a/include/asm-generic/vmlinux.lds.h ++++ b/include/asm-generic/vmlinux.lds.h +@@ -960,6 +960,7 @@ + #ifdef CONFIG_AMD_MEM_ENCRYPT + #define PERCPU_DECRYPTED_SECTION \ + . = ALIGN(PAGE_SIZE); \ ++ *(.data..decrypted) \ + *(.data..percpu..decrypted) \ + . = ALIGN(PAGE_SIZE); + #else +-- +2.26.2 + diff --git a/patches.suse/wireguard-allowedips-initialize-list-head-in-selftes.patch b/patches.suse/wireguard-allowedips-initialize-list-head-in-selftes.patch new file mode 100644 index 0000000..51f9992 --- /dev/null +++ b/patches.suse/wireguard-allowedips-initialize-list-head-in-selftes.patch @@ -0,0 +1,43 @@ +From: "Jason A. Donenfeld" +Date: Fri, 4 Jun 2021 17:17:35 +0200 +Subject: wireguard: allowedips: initialize list head in selftest +Patch-mainline: v5.13-rc5 +Git-commit: 46cfe8eee285cde465b420637507884551f5d7ca +References: git-fixes + +The randomized trie tests weren't initializing the dummy peer list head, +resulting in a NULL pointer dereference when used. Fix this by +initializing it in the randomized trie test, just like we do for the +static unit test. + +While we're at it, all of the other strings like this have the word +"self-test", so add it to the missing place here. + +Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") +Cc: stable@vger.kernel.org +Signed-off-by: Jason A. Donenfeld +Signed-off-by: David S. Miller +Acked-by: Daniel Wagner +--- + drivers/net/wireguard/selftest/allowedips.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/net/wireguard/selftest/allowedips.c ++++ b/drivers/net/wireguard/selftest/allowedips.c +@@ -296,6 +296,7 @@ static __init bool randomized_test(void) + goto free; + } + kref_init(&peers[i]->refcount); ++ INIT_LIST_HEAD(&peers[i]->allowedips_list); + } + + mutex_lock(&mutex); +@@ -333,7 +334,7 @@ static __init bool randomized_test(void) + if (wg_allowedips_insert_v4(&t, + (struct in_addr *)mutated, + cidr, peer, &mutex) < 0) { +- pr_err("allowedips random malloc: FAIL\n"); ++ pr_err("allowedips random self-test malloc: FAIL\n"); + goto free_locked; + } + if (horrible_allowedips_insert_v4(&h, diff --git a/patches.suse/wireguard-do-not-use-O3.patch b/patches.suse/wireguard-do-not-use-O3.patch new file mode 100644 index 0000000..aa22b33 --- /dev/null +++ b/patches.suse/wireguard-do-not-use-O3.patch @@ -0,0 +1,33 @@ +From: "Jason A. Donenfeld" +Date: Fri, 4 Jun 2021 17:17:32 +0200 +Subject: wireguard: do not use -O3 +Patch-mainline: v5.13-rc5 +Git-commit: cc5060ca0285efe2728bced399a1955a7ce808b2 +References: git-fixes + +Apparently, various versions of gcc have O3-related miscompiles. Looking +at the difference between -O2 and -O3 for gcc 11 doesn't indicate +miscompiles, but the difference also doesn't seem so significant for +performance that it's worth risking. + +Link: https://lore.kernel.org/lkml/CAHk-=wjuoGyxDhAF8SsrTkN0-YfCx7E6jUN3ikC_tn2AKWTTsA@mail.gmail.com/ +Link: https://lore.kernel.org/lkml/CAHmME9otB5Wwxp7H8bR_i2uH2esEMvoBMC8uEXBMH9p0q1s6Bw@mail.gmail.com/ +Reported-by: Linus Torvalds +Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") +Cc: stable@vger.kernel.org +Signed-off-by: Jason A. Donenfeld +Signed-off-by: David S. Miller +Acked-by: Daniel Wagner +--- + drivers/net/wireguard/Makefile | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/net/wireguard/Makefile ++++ b/drivers/net/wireguard/Makefile +@@ -1,5 +1,4 @@ +-ccflags-y := -O3 +-ccflags-y += -D'pr_fmt(fmt)=KBUILD_MODNAME ": " fmt' ++ccflags-y := -D'pr_fmt(fmt)=KBUILD_MODNAME ": " fmt' + ccflags-$(CONFIG_WIREGUARD_DEBUG) += -DDEBUG + wireguard-y := main.o + wireguard-y += noise.o diff --git a/patches.suse/wireguard-peer-allocate-in-kmem_cache.patch b/patches.suse/wireguard-peer-allocate-in-kmem_cache.patch new file mode 100644 index 0000000..6069385 --- /dev/null +++ b/patches.suse/wireguard-peer-allocate-in-kmem_cache.patch @@ -0,0 +1,126 @@ +From: "Jason A. Donenfeld" +Date: Fri, 4 Jun 2021 17:17:34 +0200 +Subject: wireguard: peer: allocate in kmem_cache +Patch-mainline: v5.13-rc5 +Git-commit: a4e9f8e3287c9eb6bf70df982870980dd3341863 +References: git-fixes + +With deployments having upwards of 600k peers now, this somewhat heavy +structure could benefit from more fine-grained allocations. +Specifically, instead of using a 2048-byte slab for a 1544-byte object, +we can now use 1544-byte objects directly, thus saving almost 25% +per-peer, or with 600k peers, that's a savings of 303 MiB. This also +makes wireguard's memory usage more transparent in tools like slabtop +and /proc/slabinfo. + +Fixes: 8b5553ace83c ("wireguard: queueing: get rid of per-peer ring buffers") +Suggested-by: Arnd Bergmann +Suggested-by: Matthew Wilcox +Cc: stable@vger.kernel.org +Signed-off-by: Jason A. Donenfeld +Signed-off-by: David S. Miller +[dwagner: updated context for kzfree() was replaced by kfree_sensitive()] +Acked-by: Daniel Wagner +--- + drivers/net/wireguard/main.c | 7 +++++++ + drivers/net/wireguard/peer.c | 21 +++++++++++++++++---- + drivers/net/wireguard/peer.h | 3 +++ + 3 files changed, 27 insertions(+), 4 deletions(-) + +--- a/drivers/net/wireguard/main.c ++++ b/drivers/net/wireguard/main.c +@@ -28,6 +28,10 @@ static int __init mod_init(void) + #endif + wg_noise_init(); + ++ ret = wg_peer_init(); ++ if (ret < 0) ++ goto err_peer; ++ + ret = wg_device_init(); + if (ret < 0) + goto err_device; +@@ -44,6 +48,8 @@ static int __init mod_init(void) + err_netlink: + wg_device_uninit(); + err_device: ++ wg_peer_uninit(); ++err_peer: + return ret; + } + +@@ -51,6 +57,7 @@ static void __exit mod_exit(void) + { + wg_genetlink_uninit(); + wg_device_uninit(); ++ wg_peer_uninit(); + } + + module_init(mod_init); +--- a/drivers/net/wireguard/peer.c ++++ b/drivers/net/wireguard/peer.c +@@ -15,6 +15,7 @@ + #include + #include + ++static struct kmem_cache *peer_cache; + static atomic64_t peer_counter = ATOMIC64_INIT(0); + + struct wg_peer *wg_peer_create(struct wg_device *wg, +@@ -29,10 +30,10 @@ struct wg_peer *wg_peer_create(struct wg + if (wg->num_peers >= MAX_PEERS_PER_DEVICE) + return ERR_PTR(ret); + +- peer = kzalloc(sizeof(*peer), GFP_KERNEL); ++ peer = kmem_cache_zalloc(peer_cache, GFP_KERNEL); + if (unlikely(!peer)) + return ERR_PTR(ret); +- if (dst_cache_init(&peer->endpoint_cache, GFP_KERNEL)) ++ if (unlikely(dst_cache_init(&peer->endpoint_cache, GFP_KERNEL))) + goto err; + + peer->device = wg; +@@ -64,7 +65,7 @@ struct wg_peer *wg_peer_create(struct wg + return peer; + + err: +- kfree(peer); ++ kmem_cache_free(peer_cache, peer); + return ERR_PTR(ret); + } + +@@ -193,7 +194,8 @@ static void rcu_release(struct rcu_head + /* The final zeroing takes care of clearing any remaining handshake key + * material and other potentially sensitive information. + */ +- kzfree(peer); ++ memzero_explicit(peer, sizeof(*peer)); ++ kmem_cache_free(peer_cache, peer); + } + + static void kref_release(struct kref *refcount) +@@ -225,3 +227,14 @@ void wg_peer_put(struct wg_peer *peer) + return; + kref_put(&peer->refcount, kref_release); + } ++ ++int __init wg_peer_init(void) ++{ ++ peer_cache = KMEM_CACHE(wg_peer, 0); ++ return peer_cache ? 0 : -ENOMEM; ++} ++ ++void wg_peer_uninit(void) ++{ ++ kmem_cache_destroy(peer_cache); ++} +--- a/drivers/net/wireguard/peer.h ++++ b/drivers/net/wireguard/peer.h +@@ -80,4 +80,7 @@ void wg_peer_put(struct wg_peer *peer); + void wg_peer_remove(struct wg_peer *peer); + void wg_peer_remove_all(struct wg_device *wg); + ++int wg_peer_init(void); ++void wg_peer_uninit(void); ++ + #endif /* _WG_PEER_H */ diff --git a/patches.suse/wireguard-peer-put-frequently-used-members-above-cac.patch b/patches.suse/wireguard-peer-put-frequently-used-members-above-cac.patch new file mode 100644 index 0000000..c854b4c --- /dev/null +++ b/patches.suse/wireguard-peer-put-frequently-used-members-above-cac.patch @@ -0,0 +1,41 @@ +From: "Jason A. Donenfeld" +Date: Mon, 22 Feb 2021 17:25:46 +0100 +Subject: wireguard: peer: put frequently used members above cache lines +Patch-mainline: v5.12-rc1 +Git-commit: 5a0598695634a6bb4126818902dd9140cd9df8b6 +References: git-fixes + +The is_dead boolean is checked for every single packet, while the +internal_id member is used basically only for pr_debug messages. So it +makes sense to hoist up is_dead into some space formerly unused by a +struct hole, while demoting internal_api to below the lowest struct +cache line. + +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Jakub Kicinski +Acked-by: Daniel Wagner +--- + drivers/net/wireguard/peer.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/net/wireguard/peer.h ++++ b/drivers/net/wireguard/peer.h +@@ -39,6 +39,7 @@ struct wg_peer { + struct crypt_queue tx_queue, rx_queue; + struct sk_buff_head staged_packet_queue; + int serial_work_cpu; ++ bool is_dead; + struct noise_keypairs keypairs; + struct endpoint endpoint; + struct dst_cache endpoint_cache; +@@ -61,9 +62,8 @@ struct wg_peer { + struct rcu_head rcu; + struct list_head peer_list; + struct list_head allowedips_list; +- u64 internal_id; + struct napi_struct napi; +- bool is_dead; ++ u64 internal_id; + }; + + struct wg_peer *wg_peer_create(struct wg_device *wg, diff --git a/patches.suse/wireguard-queueing-get-rid-of-per-peer-ring-buffers.patch b/patches.suse/wireguard-queueing-get-rid-of-per-peer-ring-buffers.patch new file mode 100644 index 0000000..8187794 --- /dev/null +++ b/patches.suse/wireguard-queueing-get-rid-of-per-peer-ring-buffers.patch @@ -0,0 +1,560 @@ +From: "Jason A. Donenfeld" +Date: Mon, 22 Feb 2021 17:25:48 +0100 +Subject: wireguard: queueing: get rid of per-peer ring buffers +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Patch-mainline: v5.12-rc1 +Git-commit: 8b5553ace83cced775eefd0f3f18b5c6214ccf7a +References: git-fixes + +Having two ring buffers per-peer means that every peer results in two +massive ring allocations. On an 8-core x86_64 machine, this commit +reduces the per-peer allocation from 18,688 bytes to 1,856 bytes, which +is an 90% reduction. Ninety percent! With some single-machine +deployments approaching 500,000 peers, we're talking about a reduction +from 7 gigs of memory down to 700 megs of memory. + +In order to get rid of these per-peer allocations, this commit switches +to using a list-based queueing approach. Currently GSO fragments are +chained together using the skb->next pointer (the skb_list_* singly +linked list approach), so we form the per-peer queue around the unused +skb->prev pointer (which sort of makes sense because the links are +pointing backwards). Use of skb_queue_* is not possible here, because +that is based on doubly linked lists and spinlocks. Multiple cores can +write into the queue at any given time, because its writes occur in the +start_xmit path or in the udp_recv path. But reads happen in a single +workqueue item per-peer, amounting to a multi-producer, single-consumer +paradigm. + +The MPSC queue is implemented locklessly and never blocks. However, it +is not linearizable (though it is serializable), with a very tight and +unlikely race on writes, which, when hit (some tiny fraction of the +0.15% of partial adds on a fully loaded 16-core x86_64 system), causes +the queue reader to terminate early. However, because every packet sent +queues up the same workqueue item after it is fully added, the worker +resumes again, and stopping early isn't actually a problem, since at +that point the packet wouldn't have yet been added to the encryption +queue. These properties allow us to avoid disabling interrupts or +spinning. The design is based on Dmitry Vyukov's algorithm [1]. + +Performance-wise, ordinarily list-based queues aren't preferable to +ringbuffers, because of cache misses when following pointers around. +However, we *already* have to follow the adjacent pointers when working +through fragments, so there shouldn't actually be any change there. A +potential downside is that dequeueing is a bit more complicated, but the +ptr_ring structure used prior had a spinlock when dequeueing, so all and +all the difference appears to be a wash. + +Actually, from profiling, the biggest performance hit, by far, of this +commit winds up being atomic_add_unless(count, 1, max) and atomic_ +dec(count), which account for the majority of CPU time, according to +perf. In that sense, the previous ring buffer was superior in that it +could check if it was full by head==tail, which the list-based approach +cannot do. + +But all and all, this enables us to get massive memory savings, allowing +WireGuard to scale for real world deployments, without taking much of a +performance hit. + +[1] http://www.1024cores.net/home/lock-free-algorithms/queues/intrusive-mpsc-node-based-queue + +Reviewed-by: Dmitry Vyukov +Reviewed-by: Toke Høiland-Jørgensen +Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Jakub Kicinski +Acked-by: Daniel Wagner +--- + drivers/net/wireguard/device.c | 12 ++--- + drivers/net/wireguard/device.h | 15 +++--- + drivers/net/wireguard/peer.c | 28 ++++-------- + drivers/net/wireguard/peer.h | 4 - + drivers/net/wireguard/queueing.c | 86 +++++++++++++++++++++++++++++++-------- + drivers/net/wireguard/queueing.h | 45 ++++++++++++++------ + drivers/net/wireguard/receive.c | 16 ++----- + drivers/net/wireguard/send.c | 31 ++++---------- + 8 files changed, 144 insertions(+), 93 deletions(-) + +--- a/drivers/net/wireguard/device.c ++++ b/drivers/net/wireguard/device.c +@@ -235,8 +235,8 @@ static void wg_destruct(struct net_devic + destroy_workqueue(wg->handshake_receive_wq); + destroy_workqueue(wg->handshake_send_wq); + destroy_workqueue(wg->packet_crypt_wq); +- wg_packet_queue_free(&wg->decrypt_queue, true); +- wg_packet_queue_free(&wg->encrypt_queue, true); ++ wg_packet_queue_free(&wg->decrypt_queue); ++ wg_packet_queue_free(&wg->encrypt_queue); + rcu_barrier(); /* Wait for all the peers to be actually freed. */ + wg_ratelimiter_uninit(); + memzero_explicit(&wg->static_identity, sizeof(wg->static_identity)); +@@ -337,12 +337,12 @@ static int wg_newlink(struct net *src_ne + goto err_destroy_handshake_send; + + ret = wg_packet_queue_init(&wg->encrypt_queue, wg_packet_encrypt_worker, +- true, MAX_QUEUED_PACKETS); ++ MAX_QUEUED_PACKETS); + if (ret < 0) + goto err_destroy_packet_crypt; + + ret = wg_packet_queue_init(&wg->decrypt_queue, wg_packet_decrypt_worker, +- true, MAX_QUEUED_PACKETS); ++ MAX_QUEUED_PACKETS); + if (ret < 0) + goto err_free_encrypt_queue; + +@@ -367,9 +367,9 @@ static int wg_newlink(struct net *src_ne + err_uninit_ratelimiter: + wg_ratelimiter_uninit(); + err_free_decrypt_queue: +- wg_packet_queue_free(&wg->decrypt_queue, true); ++ wg_packet_queue_free(&wg->decrypt_queue); + err_free_encrypt_queue: +- wg_packet_queue_free(&wg->encrypt_queue, true); ++ wg_packet_queue_free(&wg->encrypt_queue); + err_destroy_packet_crypt: + destroy_workqueue(wg->packet_crypt_wq); + err_destroy_handshake_send: +--- a/drivers/net/wireguard/device.h ++++ b/drivers/net/wireguard/device.h +@@ -27,13 +27,14 @@ struct multicore_worker { + + struct crypt_queue { + struct ptr_ring ring; +- union { +- struct { +- struct multicore_worker __percpu *worker; +- int last_cpu; +- }; +- struct work_struct work; +- }; ++ struct multicore_worker __percpu *worker; ++ int last_cpu; ++}; ++ ++struct prev_queue { ++ struct sk_buff *head, *tail, *peeked; ++ struct { struct sk_buff *next, *prev; } empty; // Match first 2 members of struct sk_buff. ++ atomic_t count; + }; + + struct wg_device { +--- a/drivers/net/wireguard/peer.c ++++ b/drivers/net/wireguard/peer.c +@@ -32,27 +32,22 @@ struct wg_peer *wg_peer_create(struct wg + peer = kzalloc(sizeof(*peer), GFP_KERNEL); + if (unlikely(!peer)) + return ERR_PTR(ret); +- peer->device = wg; ++ if (dst_cache_init(&peer->endpoint_cache, GFP_KERNEL)) ++ goto err; + ++ peer->device = wg; + wg_noise_handshake_init(&peer->handshake, &wg->static_identity, + public_key, preshared_key, peer); +- if (dst_cache_init(&peer->endpoint_cache, GFP_KERNEL)) +- goto err_1; +- if (wg_packet_queue_init(&peer->tx_queue, wg_packet_tx_worker, false, +- MAX_QUEUED_PACKETS)) +- goto err_2; +- if (wg_packet_queue_init(&peer->rx_queue, NULL, false, +- MAX_QUEUED_PACKETS)) +- goto err_3; +- + peer->internal_id = atomic64_inc_return(&peer_counter); + peer->serial_work_cpu = nr_cpumask_bits; + wg_cookie_init(&peer->latest_cookie); + wg_timers_init(peer); + wg_cookie_checker_precompute_peer_keys(peer); + spin_lock_init(&peer->keypairs.keypair_update_lock); +- INIT_WORK(&peer->transmit_handshake_work, +- wg_packet_handshake_send_worker); ++ INIT_WORK(&peer->transmit_handshake_work, wg_packet_handshake_send_worker); ++ INIT_WORK(&peer->transmit_packet_work, wg_packet_tx_worker); ++ wg_prev_queue_init(&peer->tx_queue); ++ wg_prev_queue_init(&peer->rx_queue); + rwlock_init(&peer->endpoint_lock); + kref_init(&peer->refcount); + skb_queue_head_init(&peer->staged_packet_queue); +@@ -68,11 +63,7 @@ struct wg_peer *wg_peer_create(struct wg + pr_debug("%s: Peer %llu created\n", wg->dev->name, peer->internal_id); + return peer; + +-err_3: +- wg_packet_queue_free(&peer->tx_queue, false); +-err_2: +- dst_cache_destroy(&peer->endpoint_cache); +-err_1: ++err: + kfree(peer); + return ERR_PTR(ret); + } +@@ -197,8 +188,7 @@ static void rcu_release(struct rcu_head + struct wg_peer *peer = container_of(rcu, struct wg_peer, rcu); + + dst_cache_destroy(&peer->endpoint_cache); +- wg_packet_queue_free(&peer->rx_queue, false); +- wg_packet_queue_free(&peer->tx_queue, false); ++ WARN_ON(wg_prev_queue_peek(&peer->tx_queue) || wg_prev_queue_peek(&peer->rx_queue)); + + /* The final zeroing takes care of clearing any remaining handshake key + * material and other potentially sensitive information. +--- a/drivers/net/wireguard/peer.h ++++ b/drivers/net/wireguard/peer.h +@@ -36,7 +36,7 @@ struct endpoint { + + struct wg_peer { + struct wg_device *device; +- struct crypt_queue tx_queue, rx_queue; ++ struct prev_queue tx_queue, rx_queue; + struct sk_buff_head staged_packet_queue; + int serial_work_cpu; + bool is_dead; +@@ -46,7 +46,7 @@ struct wg_peer { + rwlock_t endpoint_lock; + struct noise_handshake handshake; + atomic64_t last_sent_handshake; +- struct work_struct transmit_handshake_work, clear_peer_work; ++ struct work_struct transmit_handshake_work, clear_peer_work, transmit_packet_work; + struct cookie latest_cookie; + struct hlist_node pubkey_hash; + u64 rx_bytes, tx_bytes; +--- a/drivers/net/wireguard/queueing.c ++++ b/drivers/net/wireguard/queueing.c +@@ -9,8 +9,7 @@ struct multicore_worker __percpu * + wg_packet_percpu_multicore_worker_alloc(work_func_t function, void *ptr) + { + int cpu; +- struct multicore_worker __percpu *worker = +- alloc_percpu(struct multicore_worker); ++ struct multicore_worker __percpu *worker = alloc_percpu(struct multicore_worker); + + if (!worker) + return NULL; +@@ -23,7 +22,7 @@ wg_packet_percpu_multicore_worker_alloc( + } + + int wg_packet_queue_init(struct crypt_queue *queue, work_func_t function, +- bool multicore, unsigned int len) ++ unsigned int len) + { + int ret; + +@@ -31,25 +30,78 @@ int wg_packet_queue_init(struct crypt_qu + ret = ptr_ring_init(&queue->ring, len, GFP_KERNEL); + if (ret) + return ret; +- if (function) { +- if (multicore) { +- queue->worker = wg_packet_percpu_multicore_worker_alloc( +- function, queue); +- if (!queue->worker) { +- ptr_ring_cleanup(&queue->ring, NULL); +- return -ENOMEM; +- } +- } else { +- INIT_WORK(&queue->work, function); +- } ++ queue->worker = wg_packet_percpu_multicore_worker_alloc(function, queue); ++ if (!queue->worker) { ++ ptr_ring_cleanup(&queue->ring, NULL); ++ return -ENOMEM; + } + return 0; + } + +-void wg_packet_queue_free(struct crypt_queue *queue, bool multicore) ++void wg_packet_queue_free(struct crypt_queue *queue) + { +- if (multicore) +- free_percpu(queue->worker); ++ free_percpu(queue->worker); + WARN_ON(!__ptr_ring_empty(&queue->ring)); + ptr_ring_cleanup(&queue->ring, NULL); + } ++ ++#define NEXT(skb) ((skb)->prev) ++#define STUB(queue) ((struct sk_buff *)&queue->empty) ++ ++void wg_prev_queue_init(struct prev_queue *queue) ++{ ++ NEXT(STUB(queue)) = NULL; ++ queue->head = queue->tail = STUB(queue); ++ queue->peeked = NULL; ++ atomic_set(&queue->count, 0); ++ BUILD_BUG_ON( ++ offsetof(struct sk_buff, next) != offsetof(struct prev_queue, empty.next) - ++ offsetof(struct prev_queue, empty) || ++ offsetof(struct sk_buff, prev) != offsetof(struct prev_queue, empty.prev) - ++ offsetof(struct prev_queue, empty)); ++} ++ ++static void __wg_prev_queue_enqueue(struct prev_queue *queue, struct sk_buff *skb) ++{ ++ WRITE_ONCE(NEXT(skb), NULL); ++ WRITE_ONCE(NEXT(xchg_release(&queue->head, skb)), skb); ++} ++ ++bool wg_prev_queue_enqueue(struct prev_queue *queue, struct sk_buff *skb) ++{ ++ if (!atomic_add_unless(&queue->count, 1, MAX_QUEUED_PACKETS)) ++ return false; ++ __wg_prev_queue_enqueue(queue, skb); ++ return true; ++} ++ ++struct sk_buff *wg_prev_queue_dequeue(struct prev_queue *queue) ++{ ++ struct sk_buff *tail = queue->tail, *next = smp_load_acquire(&NEXT(tail)); ++ ++ if (tail == STUB(queue)) { ++ if (!next) ++ return NULL; ++ queue->tail = next; ++ tail = next; ++ next = smp_load_acquire(&NEXT(next)); ++ } ++ if (next) { ++ queue->tail = next; ++ atomic_dec(&queue->count); ++ return tail; ++ } ++ if (tail != READ_ONCE(queue->head)) ++ return NULL; ++ __wg_prev_queue_enqueue(queue, STUB(queue)); ++ next = smp_load_acquire(&NEXT(tail)); ++ if (next) { ++ queue->tail = next; ++ atomic_dec(&queue->count); ++ return tail; ++ } ++ return NULL; ++} ++ ++#undef NEXT ++#undef STUB +--- a/drivers/net/wireguard/queueing.h ++++ b/drivers/net/wireguard/queueing.h +@@ -16,12 +16,13 @@ struct wg_device; + struct wg_peer; + struct multicore_worker; + struct crypt_queue; ++struct prev_queue; + struct sk_buff; + + /* queueing.c APIs: */ + int wg_packet_queue_init(struct crypt_queue *queue, work_func_t function, +- bool multicore, unsigned int len); +-void wg_packet_queue_free(struct crypt_queue *queue, bool multicore); ++ unsigned int len); ++void wg_packet_queue_free(struct crypt_queue *queue); + struct multicore_worker __percpu * + wg_packet_percpu_multicore_worker_alloc(work_func_t function, void *ptr); + +@@ -150,8 +151,31 @@ static inline int wg_cpumask_next_online + return cpu; + } + ++void wg_prev_queue_init(struct prev_queue *queue); ++ ++/* Multi producer */ ++bool wg_prev_queue_enqueue(struct prev_queue *queue, struct sk_buff *skb); ++ ++/* Single consumer */ ++struct sk_buff *wg_prev_queue_dequeue(struct prev_queue *queue); ++ ++/* Single consumer */ ++static inline struct sk_buff *wg_prev_queue_peek(struct prev_queue *queue) ++{ ++ if (queue->peeked) ++ return queue->peeked; ++ queue->peeked = wg_prev_queue_dequeue(queue); ++ return queue->peeked; ++} ++ ++/* Single consumer */ ++static inline void wg_prev_queue_drop_peeked(struct prev_queue *queue) ++{ ++ queue->peeked = NULL; ++} ++ + static inline int wg_queue_enqueue_per_device_and_peer( +- struct crypt_queue *device_queue, struct crypt_queue *peer_queue, ++ struct crypt_queue *device_queue, struct prev_queue *peer_queue, + struct sk_buff *skb, struct workqueue_struct *wq, int *next_cpu) + { + int cpu; +@@ -160,8 +184,9 @@ static inline int wg_queue_enqueue_per_d + /* We first queue this up for the peer ingestion, but the consumer + * will wait for the state to change to CRYPTED or DEAD before. + */ +- if (unlikely(ptr_ring_produce_bh(&peer_queue->ring, skb))) ++ if (unlikely(!wg_prev_queue_enqueue(peer_queue, skb))) + return -ENOSPC; ++ + /* Then we queue it up in the device queue, which consumes the + * packet as soon as it can. + */ +@@ -172,9 +197,7 @@ static inline int wg_queue_enqueue_per_d + return 0; + } + +-static inline void wg_queue_enqueue_per_peer(struct crypt_queue *queue, +- struct sk_buff *skb, +- enum packet_state state) ++static inline void wg_queue_enqueue_per_peer_tx(struct sk_buff *skb, enum packet_state state) + { + /* We take a reference, because as soon as we call atomic_set, the + * peer can be freed from below us. +@@ -182,14 +205,12 @@ static inline void wg_queue_enqueue_per_ + struct wg_peer *peer = wg_peer_get(PACKET_PEER(skb)); + + atomic_set_release(&PACKET_CB(skb)->state, state); +- queue_work_on(wg_cpumask_choose_online(&peer->serial_work_cpu, +- peer->internal_id), +- peer->device->packet_crypt_wq, &queue->work); ++ queue_work_on(wg_cpumask_choose_online(&peer->serial_work_cpu, peer->internal_id), ++ peer->device->packet_crypt_wq, &peer->transmit_packet_work); + wg_peer_put(peer); + } + +-static inline void wg_queue_enqueue_per_peer_napi(struct sk_buff *skb, +- enum packet_state state) ++static inline void wg_queue_enqueue_per_peer_rx(struct sk_buff *skb, enum packet_state state) + { + /* We take a reference, because as soon as we call atomic_set, the + * peer can be freed from below us. +--- a/drivers/net/wireguard/receive.c ++++ b/drivers/net/wireguard/receive.c +@@ -444,7 +444,6 @@ static void wg_packet_consume_data_done( + int wg_packet_rx_poll(struct napi_struct *napi, int budget) + { + struct wg_peer *peer = container_of(napi, struct wg_peer, napi); +- struct crypt_queue *queue = &peer->rx_queue; + struct noise_keypair *keypair; + struct endpoint endpoint; + enum packet_state state; +@@ -455,11 +454,10 @@ int wg_packet_rx_poll(struct napi_struct + if (unlikely(budget <= 0)) + return 0; + +- while ((skb = __ptr_ring_peek(&queue->ring)) != NULL && ++ while ((skb = wg_prev_queue_peek(&peer->rx_queue)) != NULL && + (state = atomic_read_acquire(&PACKET_CB(skb)->state)) != + PACKET_STATE_UNCRYPTED) { +- __ptr_ring_discard_one(&queue->ring); +- peer = PACKET_PEER(skb); ++ wg_prev_queue_drop_peeked(&peer->rx_queue); + keypair = PACKET_CB(skb)->keypair; + free = true; + +@@ -508,7 +506,7 @@ void wg_packet_decrypt_worker(struct wor + enum packet_state state = + likely(decrypt_packet(skb, PACKET_CB(skb)->keypair)) ? + PACKET_STATE_CRYPTED : PACKET_STATE_DEAD; +- wg_queue_enqueue_per_peer_napi(skb, state); ++ wg_queue_enqueue_per_peer_rx(skb, state); + if (need_resched()) + cond_resched(); + } +@@ -531,12 +529,10 @@ static void wg_packet_consume_data(struc + if (unlikely(READ_ONCE(peer->is_dead))) + goto err; + +- ret = wg_queue_enqueue_per_device_and_peer(&wg->decrypt_queue, +- &peer->rx_queue, skb, +- wg->packet_crypt_wq, +- &wg->decrypt_queue.last_cpu); ++ ret = wg_queue_enqueue_per_device_and_peer(&wg->decrypt_queue, &peer->rx_queue, skb, ++ wg->packet_crypt_wq, &wg->decrypt_queue.last_cpu); + if (unlikely(ret == -EPIPE)) +- wg_queue_enqueue_per_peer_napi(skb, PACKET_STATE_DEAD); ++ wg_queue_enqueue_per_peer_rx(skb, PACKET_STATE_DEAD); + if (likely(!ret || ret == -EPIPE)) { + rcu_read_unlock_bh(); + return; +--- a/drivers/net/wireguard/send.c ++++ b/drivers/net/wireguard/send.c +@@ -239,8 +239,7 @@ void wg_packet_send_keepalive(struct wg_ + wg_packet_send_staged_packets(peer); + } + +-static void wg_packet_create_data_done(struct sk_buff *first, +- struct wg_peer *peer) ++static void wg_packet_create_data_done(struct wg_peer *peer, struct sk_buff *first) + { + struct sk_buff *skb, *next; + bool is_keepalive, data_sent = false; +@@ -262,22 +261,19 @@ static void wg_packet_create_data_done(s + + void wg_packet_tx_worker(struct work_struct *work) + { +- struct crypt_queue *queue = container_of(work, struct crypt_queue, +- work); ++ struct wg_peer *peer = container_of(work, struct wg_peer, transmit_packet_work); + struct noise_keypair *keypair; + enum packet_state state; + struct sk_buff *first; +- struct wg_peer *peer; + +- while ((first = __ptr_ring_peek(&queue->ring)) != NULL && ++ while ((first = wg_prev_queue_peek(&peer->tx_queue)) != NULL && + (state = atomic_read_acquire(&PACKET_CB(first)->state)) != + PACKET_STATE_UNCRYPTED) { +- __ptr_ring_discard_one(&queue->ring); +- peer = PACKET_PEER(first); ++ wg_prev_queue_drop_peeked(&peer->tx_queue); + keypair = PACKET_CB(first)->keypair; + + if (likely(state == PACKET_STATE_CRYPTED)) +- wg_packet_create_data_done(first, peer); ++ wg_packet_create_data_done(peer, first); + else + kfree_skb_list(first); + +@@ -306,16 +302,14 @@ void wg_packet_encrypt_worker(struct wor + break; + } + } +- wg_queue_enqueue_per_peer(&PACKET_PEER(first)->tx_queue, first, +- state); ++ wg_queue_enqueue_per_peer_tx(first, state); + if (need_resched()) + cond_resched(); + } + } + +-static void wg_packet_create_data(struct sk_buff *first) ++static void wg_packet_create_data(struct wg_peer *peer, struct sk_buff *first) + { +- struct wg_peer *peer = PACKET_PEER(first); + struct wg_device *wg = peer->device; + int ret = -EINVAL; + +@@ -323,13 +317,10 @@ static void wg_packet_create_data(struct + if (unlikely(READ_ONCE(peer->is_dead))) + goto err; + +- ret = wg_queue_enqueue_per_device_and_peer(&wg->encrypt_queue, +- &peer->tx_queue, first, +- wg->packet_crypt_wq, +- &wg->encrypt_queue.last_cpu); ++ ret = wg_queue_enqueue_per_device_and_peer(&wg->encrypt_queue, &peer->tx_queue, first, ++ wg->packet_crypt_wq, &wg->encrypt_queue.last_cpu); + if (unlikely(ret == -EPIPE)) +- wg_queue_enqueue_per_peer(&peer->tx_queue, first, +- PACKET_STATE_DEAD); ++ wg_queue_enqueue_per_peer_tx(first, PACKET_STATE_DEAD); + err: + rcu_read_unlock_bh(); + if (likely(!ret || ret == -EPIPE)) +@@ -393,7 +384,7 @@ void wg_packet_send_staged_packets(struc + packets.prev->next = NULL; + wg_peer_get(keypair->entry.peer); + PACKET_CB(packets.next)->keypair = keypair; +- wg_packet_create_data(packets.next); ++ wg_packet_create_data(peer, packets.next); + return; + + out_invalid: diff --git a/patches.suse/wireguard-selftests-make-sure-rp_filter-is-disabled-.patch b/patches.suse/wireguard-selftests-make-sure-rp_filter-is-disabled-.patch new file mode 100644 index 0000000..adeee3d --- /dev/null +++ b/patches.suse/wireguard-selftests-make-sure-rp_filter-is-disabled-.patch @@ -0,0 +1,30 @@ +From: "Jason A. Donenfeld" +Date: Fri, 4 Jun 2021 17:17:31 +0200 +Subject: wireguard: selftests: make sure rp_filter is disabled on vethc +Patch-mainline: v5.13-rc5 +Git-commit: f8873d11d4121aad35024f9379e431e0c83abead +References: git-fixes + +Some distros may enable strict rp_filter by default, which will prevent +vethc from receiving the packets with an unrouteable reverse path address. + +Reported-by: Hangbin Liu +Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") +Cc: stable@vger.kernel.org +Signed-off-by: Jason A. Donenfeld +Signed-off-by: David S. Miller +Acked-by: Daniel Wagner +--- + tools/testing/selftests/wireguard/netns.sh | 1 + + 1 file changed, 1 insertion(+) + +--- a/tools/testing/selftests/wireguard/netns.sh ++++ b/tools/testing/selftests/wireguard/netns.sh +@@ -355,6 +355,7 @@ ip1 -6 rule add table main suppress_pref + ip1 -4 route add default dev wg0 table 51820 + ip1 -4 rule add not fwmark 51820 table 51820 + ip1 -4 rule add table main suppress_prefixlength 0 ++n1 bash -c 'printf 0 > /proc/sys/net/ipv4/conf/vethc/rp_filter' + # Flood the pings instead of sending just one, to trigger routing table reference counting bugs. + n1 ping -W 1 -c 100 -f 192.168.99.7 + n1 ping -W 1 -c 100 -f abab::1111 diff --git a/patches.suse/wireguard-selftests-remove-old-conntrack-kconfig-val.patch b/patches.suse/wireguard-selftests-remove-old-conntrack-kconfig-val.patch new file mode 100644 index 0000000..6f02601 --- /dev/null +++ b/patches.suse/wireguard-selftests-remove-old-conntrack-kconfig-val.patch @@ -0,0 +1,29 @@ +From: "Jason A. Donenfeld" +Date: Fri, 4 Jun 2021 17:17:30 +0200 +Subject: wireguard: selftests: remove old conntrack kconfig value +Patch-mainline: v5.13-rc5 +Git-commit: acf2492b51c9a3c4dfb947f4d3477a86d315150f +References: git-fixes + +On recent kernels, this config symbol is no longer used. + +Reported-by: Rui Salvaterra +Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") +Cc: stable@vger.kernel.org +Signed-off-by: Jason A. Donenfeld +Signed-off-by: David S. Miller +Acked-by: Daniel Wagner +--- + tools/testing/selftests/wireguard/qemu/kernel.config | 1 - + 1 file changed, 1 deletion(-) + +--- a/tools/testing/selftests/wireguard/qemu/kernel.config ++++ b/tools/testing/selftests/wireguard/qemu/kernel.config +@@ -18,7 +18,6 @@ CONFIG_NF_NAT=y + CONFIG_NETFILTER_XTABLES=y + CONFIG_NETFILTER_XT_NAT=y + CONFIG_NETFILTER_XT_MATCH_LENGTH=y +-CONFIG_NF_CONNTRACK_IPV4=y + CONFIG_NF_NAT_IPV4=y + CONFIG_IP_NF_IPTABLES=y + CONFIG_IP_NF_FILTER=y diff --git a/patches.suse/wireguard-use-synchronize_net-rather-than-synchroniz.patch b/patches.suse/wireguard-use-synchronize_net-rather-than-synchroniz.patch new file mode 100644 index 0000000..4885858 --- /dev/null +++ b/patches.suse/wireguard-use-synchronize_net-rather-than-synchroniz.patch @@ -0,0 +1,66 @@ +From: "Jason A. Donenfeld" +Date: Fri, 4 Jun 2021 17:17:33 +0200 +Subject: wireguard: use synchronize_net rather than synchronize_rcu +Patch-mainline: v5.13-rc5 +Git-commit: 24b70eeeb4f46c09487f8155239ebfb1f875774a +References: git-fixes + +Many of the synchronization points are sometimes called under the rtnl +lock, which means we should use synchronize_net rather than +synchronize_rcu. Under the hood, this expands to using the expedited +flavor of function in the event that rtnl is held, in order to not stall +other concurrent changes. + +This fixes some very, very long delays when removing multiple peers at +once, which would cause some operations to take several minutes. + +Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") +Cc: stable@vger.kernel.org +Signed-off-by: Jason A. Donenfeld +Signed-off-by: David S. Miller +Acked-by: Daniel Wagner +--- + drivers/net/wireguard/peer.c | 6 +++--- + drivers/net/wireguard/socket.c | 2 +- + 2 files changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/net/wireguard/peer.c ++++ b/drivers/net/wireguard/peer.c +@@ -88,7 +88,7 @@ static void peer_make_dead(struct wg_pee + /* Mark as dead, so that we don't allow jumping contexts after. */ + WRITE_ONCE(peer->is_dead, true); + +- /* The caller must now synchronize_rcu() for this to take effect. */ ++ /* The caller must now synchronize_net() for this to take effect. */ + } + + static void peer_remove_after_dead(struct wg_peer *peer) +@@ -160,7 +160,7 @@ void wg_peer_remove(struct wg_peer *peer + lockdep_assert_held(&peer->device->device_update_lock); + + peer_make_dead(peer); +- synchronize_rcu(); ++ synchronize_net(); + peer_remove_after_dead(peer); + } + +@@ -178,7 +178,7 @@ void wg_peer_remove_all(struct wg_device + peer_make_dead(peer); + list_add_tail(&peer->peer_list, &dead_peers); + } +- synchronize_rcu(); ++ synchronize_net(); + list_for_each_entry_safe(peer, temp, &dead_peers, peer_list) + peer_remove_after_dead(peer); + } +--- a/drivers/net/wireguard/socket.c ++++ b/drivers/net/wireguard/socket.c +@@ -430,7 +430,7 @@ void wg_socket_reinit(struct wg_device * + if (new4) + wg->incoming_port = ntohs(inet_sk(new4)->inet_sport); + mutex_unlock(&wg->socket_update_lock); +- synchronize_rcu(); ++ synchronize_net(); + sock_free(old4); + sock_free(old6); + } diff --git a/patches.suse/x86-apic-mark-all_-legacy-interrupts-when-io-apic-is-missing.patch b/patches.suse/x86-apic-mark-all_-legacy-interrupts-when-io-apic-is-missing.patch new file mode 100644 index 0000000..0608219 --- /dev/null +++ b/patches.suse/x86-apic-mark-all_-legacy-interrupts-when-io-apic-is-missing.patch @@ -0,0 +1,99 @@ +From: Thomas Gleixner +Date: Tue, 25 May 2021 13:08:41 +0200 +Subject: x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing +Git-commit: 7d65f9e80646c595e8c853640a9d0768a33e204c +Patch-mainline: v5.13-rc5 +References: bsc#1152489 + +PIC interrupts do not support affinity setting and they can end up on +any online CPU. Therefore, it's required to mark the associated vectors +as system-wide reserved. Otherwise, the corresponding irq descriptors +are copied to the secondary CPUs but the vectors are not marked as +assigned or reserved. This works correctly for the IO/APIC case. + +When the IO/APIC is disabled via config, kernel command line or lack of +enumeration then all legacy interrupts are routed through the PIC, but +nothing marks them as system-wide reserved vectors. + +As a consequence, a subsequent allocation on a secondary CPU can result in +allocating one of these vectors, which triggers the BUG() in +apic_update_vector() because the interrupt descriptor slot is not empty. + +Imran tried to work around that by marking those interrupts as allocated +when a CPU comes online. But that's wrong in case that the IO/APIC is +available and one of the legacy interrupts, e.g. IRQ0, has been switched to +PIC mode because then marking them as allocated will fail as they are +already marked as system vectors. + +Stay consistent and update the legacy vectors after attempting IO/APIC +initialization and mark them as system vectors in case that no IO/APIC is +available. + +Fixes: 69cde0004a4b ("x86/vector: Use matrix allocator for vector assignment") +Reported-by: Imran Khan +Signed-off-by: Thomas Gleixner +Signed-off-by: Borislav Petkov +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20210519233928.2157496-1-imran.f.khan@oracle.com +--- + arch/x86/include/asm/apic.h | 1 + + arch/x86/kernel/apic/apic.c | 1 + + arch/x86/kernel/apic/vector.c | 20 ++++++++++++++++++++ + 3 files changed, 22 insertions(+) + +diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h +index 412b51e059c8..48067af94678 100644 +--- a/arch/x86/include/asm/apic.h ++++ b/arch/x86/include/asm/apic.h +@@ -174,6 +174,7 @@ static inline int apic_is_clustered_box(void) + extern int setup_APIC_eilvt(u8 lvt_off, u8 vector, u8 msg_type, u8 mask); + extern void lapic_assign_system_vectors(void); + extern void lapic_assign_legacy_vector(unsigned int isairq, bool replace); ++extern void lapic_update_legacy_vectors(void); + extern void lapic_online(void); + extern void lapic_offline(void); + extern bool apic_needs_pit(void); +diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c +index 4a39fb429f15..d262811ce14b 100644 +--- a/arch/x86/kernel/apic/apic.c ++++ b/arch/x86/kernel/apic/apic.c +@@ -2604,6 +2604,7 @@ static void __init apic_bsp_setup(bool upmode) + end_local_APIC_setup(); + irq_remap_enable_fault_handling(); + setup_IO_APIC(); ++ lapic_update_legacy_vectors(); + } + + #ifdef CONFIG_UP_LATE_INIT +diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c +index 6dbdc7c22bb7..fb67ed5e7e6a 100644 +--- a/arch/x86/kernel/apic/vector.c ++++ b/arch/x86/kernel/apic/vector.c +@@ -738,6 +738,26 @@ void lapic_assign_legacy_vector(unsigned int irq, bool replace) + irq_matrix_assign_system(vector_matrix, ISA_IRQ_VECTOR(irq), replace); + } + ++void __init lapic_update_legacy_vectors(void) ++{ ++ unsigned int i; ++ ++ if (IS_ENABLED(CONFIG_X86_IO_APIC) && nr_ioapics > 0) ++ return; ++ ++ /* ++ * If the IO/APIC is disabled via config, kernel command line or ++ * lack of enumeration then all legacy interrupts are routed ++ * through the PIC. Make sure that they are marked as legacy ++ * vectors. PIC_CASCADE_IRQ has already been marked in ++ * lapic_assign_system_vectors(). ++ */ ++ for (i = 0; i < nr_legacy_irqs(); i++) { ++ if (i != PIC_CASCADE_IR) ++ lapic_assign_legacy_vector(i, true); ++ } ++} ++ + void __init lapic_assign_system_vectors(void) + { + unsigned int i, vector = 0; + diff --git a/patches.suse/x86-boot-64-explicitly-map-boot_params-and-command-line b/patches.suse/x86-boot-64-explicitly-map-boot_params-and-command-line new file mode 100644 index 0000000..c1c3bcc --- /dev/null +++ b/patches.suse/x86-boot-64-explicitly-map-boot_params-and-command-line @@ -0,0 +1,106 @@ +From: Arvind Sankar +Date: Fri, 16 Oct 2020 16:04:01 -0400 +Subject: x86/boot/64: Explicitly map boot_params and command line +Git-commit: b17a45b6e53f6613118b2e5cfc4a992cc50deb2c +Patch-mainline: v5.10-rc1 +References: jsc#SLE-14337 + +Commits + + ca0e22d4f011 ("x86/boot/compressed/64: Always switch to own page table") + 8570978ea030 ("x86/boot/compressed/64: Don't pre-map memory in KASLR code") + +set up a new page table in the decompressor stub, but without explicit +mappings for boot_params and the kernel command line, relying on the #PF +handler instead. + +This is fragile, as boot_params and the command line mappings are +required for the main kernel. If EARLY_PRINTK and RANDOMIZE_BASE are +disabled, a QEMU/OVMF boot never accesses the command line in the +decompressor stub, and so it never gets mapped. The main kernel accesses +it from the identity mapping if AMD_MEM_ENCRYPT is enabled, and will +crash. + +Fix this by adding back the explicit mapping of boot_params and the +command line. + +Note: the changes also removed the explicit mapping of the main kernel, +with the result that .bss and .brk may not be in the identity mapping, +but those don't get accessed by the main kernel before it switches to +its own page tables. + + [ bp: Pass boot_params with a MOV %rsp... instead of PUSH/POP. Use + block formatting for the comment. ] + +Signed-off-by: Arvind Sankar +Signed-off-by: Borislav Petkov +Reviewed-by: Joerg Roedel +Link: https://lkml.kernel.org/r/20201016200404.1615994-1-nivedita@alum.mit.edu + +Acked-by: Joerg Roedel +--- + arch/x86/boot/compressed/head_64.S | 3 +++ + arch/x86/boot/compressed/ident_map_64.c | 23 ++++++++++++++++++++--- + 2 files changed, 23 insertions(+), 3 deletions(-) + +--- a/arch/x86/boot/compressed/head_64.S ++++ b/arch/x86/boot/compressed/head_64.S +@@ -555,6 +555,9 @@ relocated: + pushq %rsi + call set_sev_encryption_mask + call load_stage2_idt ++ ++ /* Pass boot_params to initialize_identity_maps() */ ++ movq (%rsp), %rdi + call initialize_identity_maps + popq %rsi + +--- a/arch/x86/boot/compressed/ident_map_64.c ++++ b/arch/x86/boot/compressed/ident_map_64.c +@@ -33,6 +33,12 @@ + #define __PAGE_OFFSET __PAGE_OFFSET_BASE + #include "../../mm/ident_map.c" + ++#define _SETUP ++#include /* For COMMAND_LINE_SIZE */ ++#undef _SETUP ++ ++extern unsigned long get_cmd_line_ptr(void); ++ + /* Used by PAGE_KERN* macros: */ + pteval_t __default_kernel_pte_mask __read_mostly = ~0; + +@@ -104,8 +110,10 @@ static void add_identity_map(unsigned lo + } + + /* Locates and clears a region for a new top level page table. */ +-void initialize_identity_maps(void) ++void initialize_identity_maps(void *rmode) + { ++ unsigned long cmdline; ++ + /* Exclude the encryption mask from __PHYSICAL_MASK */ + physical_mask &= ~sme_me_mask; + +@@ -146,10 +154,19 @@ void initialize_identity_maps(void) + } + + /* +- * New page-table is set up - map the kernel image and load it +- * into cr3. ++ * New page-table is set up - map the kernel image, boot_params and the ++ * command line. The uncompressed kernel requires boot_params and the ++ * command line to be mapped in the identity mapping. Map them ++ * explicitly here in case the compressed kernel does not touch them, ++ * or does not touch all the pages covering them. + */ + add_identity_map((unsigned long)_head, (unsigned long)_end); ++ boot_params = rmode; ++ add_identity_map((unsigned long)boot_params, (unsigned long)(boot_params + 1)); ++ cmdline = get_cmd_line_ptr(); ++ add_identity_map(cmdline, cmdline + COMMAND_LINE_SIZE); ++ ++ /* Load the new page-table. */ + write_cr3(top_level_pgt); + } + diff --git a/patches.suse/x86-boot-compressed-64-add-32-bit-boot-vc-handler b/patches.suse/x86-boot-compressed-64-add-32-bit-boot-vc-handler new file mode 100644 index 0000000..b508162 --- /dev/null +++ b/patches.suse/x86-boot-compressed-64-add-32-bit-boot-vc-handler @@ -0,0 +1,149 @@ +From: Joerg Roedel +Date: Wed, 10 Mar 2021 09:43:22 +0100 +Subject: x86/boot/compressed/64: Add 32-bit boot #VC handler +Git-commit: 1ccdbf748d862bc2ea106fa9f2300983c77860fe +Patch-mainline: v5.13-rc1 +References: jsc#SLE-14337 + +Add a #VC exception handler which is used when the kernel still executes +in protected mode. This boot-path already uses CPUID, which will cause #VC +exceptions in an SEV-ES guest. + +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Link: https://lkml.kernel.org/r/20210312123824.306-6-joro@8bytes.org +--- + arch/x86/boot/compressed/head_64.S | 6 ++ + arch/x86/boot/compressed/mem_encrypt.S | 96 ++++++++++++++++++++++++++++++++- + 2 files changed, 101 insertions(+), 1 deletion(-) + +--- a/arch/x86/boot/compressed/head_64.S ++++ b/arch/x86/boot/compressed/head_64.S +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + #include "pgtable.h" + + /* +@@ -887,6 +888,11 @@ ENDPROC(startup32_set_idt_entry) + + ENTRY(startup32_load_idt) + #ifdef CONFIG_AMD_MEM_ENCRYPT ++ /* #VC handler */ ++ leal startup32_vc_handler(%ebp), %eax ++ movl $X86_TRAP_VC, %edx ++ call startup32_set_idt_entry ++ + /* Load IDT */ + leal boot32_idt(%ebp), %eax + movl %eax, (boot32_idt_desc+2)(%ebp) +--- a/arch/x86/boot/compressed/mem_encrypt.S ++++ b/arch/x86/boot/compressed/mem_encrypt.S +@@ -61,10 +61,104 @@ ENTRY(get_sev_encryption_bit) + ret + ENDPROC(get_sev_encryption_bit) + ++/** ++ * sev_es_req_cpuid - Request a CPUID value from the Hypervisor using ++ * the GHCB MSR protocol ++ * ++ * @%eax: Register to request (0=EAX, 1=EBX, 2=ECX, 3=EDX) ++ * @%edx: CPUID Function ++ * ++ * Returns 0 in %eax on success, non-zero on failure ++ * %edx returns CPUID value on success ++ */ ++ENTRY(sev_es_req_cpuid) ++ shll $30, %eax ++ orl $0x00000004, %eax ++ movl $MSR_AMD64_SEV_ES_GHCB, %ecx ++ wrmsr ++ rep; vmmcall # VMGEXIT ++ rdmsr ++ ++ /* Check response */ ++ movl %eax, %ecx ++ andl $0x3ffff000, %ecx # Bits [12-29] MBZ ++ jnz 2f ++ ++ /* Check return code */ ++ andl $0xfff, %eax ++ cmpl $5, %eax ++ jne 2f ++ ++ /* All good - return success */ ++ xorl %eax, %eax ++1: ++ ret ++2: ++ movl $-1, %eax ++ jmp 1b ++ENDPROC(sev_es_req_cpuid) ++ ++ENTRY(startup32_vc_handler) ++ pushl %eax ++ pushl %ebx ++ pushl %ecx ++ pushl %edx ++ ++ /* Keep CPUID function in %ebx */ ++ movl %eax, %ebx ++ ++ /* Check if error-code == SVM_EXIT_CPUID */ ++ cmpl $0x72, 16(%esp) ++ jne .Lfail ++ ++ movl $0, %eax # Request CPUID[fn].EAX ++ movl %ebx, %edx # CPUID fn ++ call sev_es_req_cpuid # Call helper ++ testl %eax, %eax # Check return code ++ jnz .Lfail ++ movl %edx, 12(%esp) # Store result ++ ++ movl $1, %eax # Request CPUID[fn].EBX ++ movl %ebx, %edx # CPUID fn ++ call sev_es_req_cpuid # Call helper ++ testl %eax, %eax # Check return code ++ jnz .Lfail ++ movl %edx, 8(%esp) # Store result ++ ++ movl $2, %eax # Request CPUID[fn].ECX ++ movl %ebx, %edx # CPUID fn ++ call sev_es_req_cpuid # Call helper ++ testl %eax, %eax # Check return code ++ jnz .Lfail ++ movl %edx, 4(%esp) # Store result ++ ++ movl $3, %eax # Request CPUID[fn].EDX ++ movl %ebx, %edx # CPUID fn ++ call sev_es_req_cpuid # Call helper ++ testl %eax, %eax # Check return code ++ jnz .Lfail ++ movl %edx, 0(%esp) # Store result ++ ++ popl %edx ++ popl %ecx ++ popl %ebx ++ popl %eax ++ ++ /* Remove error code */ ++ addl $4, %esp ++ ++ /* Jump over CPUID instruction */ ++ addl $2, (%esp) ++ ++ iret ++.Lfail: ++ hlt ++ jmp .Lfail ++ENDPROC(startup32_vc_handler) ++ + .code64 + + #include "../../kernel/sev_verify_cbit.S" +- + ENTRY(set_sev_encryption_mask) + #ifdef CONFIG_AMD_MEM_ENCRYPT + push %rbp diff --git a/patches.suse/x86-boot-compressed-64-add-cpuid-sanity-check-to-32-bit-boot-path b/patches.suse/x86-boot-compressed-64-add-cpuid-sanity-check-to-32-bit-boot-path new file mode 100644 index 0000000..fdacbc2 --- /dev/null +++ b/patches.suse/x86-boot-compressed-64-add-cpuid-sanity-check-to-32-bit-boot-path @@ -0,0 +1,70 @@ +From: Joerg Roedel +Date: Fri, 12 Mar 2021 13:38:22 +0100 +Subject: x86/boot/compressed/64: Add CPUID sanity check to 32-bit boot-path +Git-commit: e927e62d8e370ebfc0d702fec22bc752249ebcef +Patch-mainline: v5.13-rc1 +References: jsc#SLE-14337 + +The 32-bit #VC handler has no GHCB and can only handle CPUID exit codes. +It is needed by the early boot code to handle #VC exceptions raised in +verify_cpu() and to get the position of the C-bit. + +But the CPUID information comes from the hypervisor which is untrusted +and might return results which trick the guest into the no-SEV boot path +with no C-bit set in the page-tables. All data written to memory would +then be unencrypted and could leak sensitive data to the hypervisor. + +Add sanity checks to the 32-bit boot #VC handler to make sure the +hypervisor does not pretend that SEV is not enabled. + +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Link: https://lkml.kernel.org/r/20210312123824.306-7-joro@8bytes.org +--- + arch/x86/boot/compressed/mem_encrypt.S | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + +--- a/arch/x86/boot/compressed/mem_encrypt.S ++++ b/arch/x86/boot/compressed/mem_encrypt.S +@@ -139,6 +139,26 @@ ENTRY(startup32_vc_handler) + jnz .Lfail + movl %edx, 0(%esp) # Store result + ++ /* ++ * Sanity check CPUID results from the Hypervisor. See comment in ++ * do_vc_no_ghcb() for more details on why this is necessary. ++ */ ++ ++ /* Fail if SEV leaf not available in CPUID[0x80000000].EAX */ ++ cmpl $0x80000000, %ebx ++ jne .Lcheck_sev ++ cmpl $0x8000001f, 12(%esp) ++ jb .Lfail ++ jmp .Ldone ++ ++.Lcheck_sev: ++ /* Fail if SEV bit not set in CPUID[0x8000001f].EAX[1] */ ++ cmpl $0x8000001f, %ebx ++ jne .Ldone ++ btl $1, 12(%esp) ++ jnc .Lfail ++ ++.Ldone: + popl %edx + popl %ecx + popl %ebx +@@ -152,6 +172,14 @@ ENTRY(startup32_vc_handler) + + iret + .Lfail: ++ /* Send terminate request to Hypervisor */ ++ movl $0x100, %eax ++ xorl %edx, %edx ++ movl $MSR_AMD64_SEV_ES_GHCB, %ecx ++ wrmsr ++ rep; vmmcall ++ ++ /* If request fails, go to hlt loop */ + hlt + jmp .Lfail + ENDPROC(startup32_vc_handler) diff --git a/patches.suse/x86-boot-compressed-64-check-sev-encryption-in-64-bit-boot-path b/patches.suse/x86-boot-compressed-64-check-sev-encryption-in-64-bit-boot-path new file mode 100644 index 0000000..873affe --- /dev/null +++ b/patches.suse/x86-boot-compressed-64-check-sev-encryption-in-64-bit-boot-path @@ -0,0 +1,159 @@ +From: Joerg Roedel +Date: Wed, 28 Oct 2020 17:46:57 +0100 +Subject: x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path +Git-commit: 86ce43f7dde81562f58b24b426cef068bd9f7595 +Patch-mainline: v5.10-rc3 +References: jsc#SLE-14337 + +Check whether the hypervisor reported the correct C-bit when running as +an SEV guest. Using a wrong C-bit position could be used to leak +sensitive data from the guest to the hypervisor. + +The check function is in a separate file: + + arch/x86/kernel/sev_verify_cbit.S + +so that it can be re-used in the running kernel image. + + [ bp: Massage. ] + +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Reviewed-by: Tom Lendacky +Link: https://lkml.kernel.org/r/20201028164659.27002-4-joro@8bytes.org +--- + arch/x86/boot/compressed/ident_map_64.c | 1 + arch/x86/boot/compressed/mem_encrypt.S | 4 + + arch/x86/boot/compressed/misc.h | 2 + arch/x86/kernel/sev_verify_cbit.S | 89 ++++++++++++++++++++++++++++++++ + 4 files changed, 96 insertions(+) + +--- a/arch/x86/boot/compressed/ident_map_64.c ++++ b/arch/x86/boot/compressed/ident_map_64.c +@@ -167,6 +167,7 @@ void initialize_identity_maps(void *rmod + add_identity_map(cmdline, cmdline + COMMAND_LINE_SIZE); + + /* Load the new page-table. */ ++ sev_verify_cbit(top_level_pgt); + write_cr3(top_level_pgt); + } + +--- a/arch/x86/boot/compressed/mem_encrypt.S ++++ b/arch/x86/boot/compressed/mem_encrypt.S +@@ -68,6 +68,9 @@ ENTRY(get_sev_encryption_bit) + ENDPROC(get_sev_encryption_bit) + + .code64 ++ ++#include "../../kernel/sev_verify_cbit.S" ++ + ENTRY(set_sev_encryption_mask) + #ifdef CONFIG_AMD_MEM_ENCRYPT + push %rbp +@@ -111,4 +114,5 @@ ENDPROC(set_sev_encryption_mask) + .balign 8 + SYM_DATA(sme_me_mask, .quad 0) + SYM_DATA(sev_status, .quad 0) ++SYM_DATA(sev_check_data, .quad 0) + #endif +--- a/arch/x86/boot/compressed/misc.h ++++ b/arch/x86/boot/compressed/misc.h +@@ -159,4 +159,6 @@ void boot_page_fault(void); + void boot_stage1_vc(void); + void boot_stage2_vc(void); + ++unsigned long sev_verify_cbit(unsigned long cr3); ++ + #endif /* BOOT_COMPRESSED_MISC_H */ +--- /dev/null ++++ b/arch/x86/kernel/sev_verify_cbit.S +@@ -0,0 +1,89 @@ ++/* SPDX-License-Identifier: GPL-2.0-only */ ++/* ++ * sev_verify_cbit.S - Code for verification of the C-bit position reported ++ * by the Hypervisor when running with SEV enabled. ++ * ++ * Copyright (c) 2020 Joerg Roedel (jroedel@suse.de) ++ * ++ * sev_verify_cbit() is called before switching to a new long-mode page-table ++ * at boot. ++ * ++ * Verify that the C-bit position is correct by writing a random value to ++ * an encrypted memory location while on the current page-table. Then it ++ * switches to the new page-table to verify the memory content is still the ++ * same. After that it switches back to the current page-table and when the ++ * check succeeded it returns. If the check failed the code invalidates the ++ * stack pointer and goes into a hlt loop. The stack-pointer is invalidated to ++ * make sure no interrupt or exception can get the CPU out of the hlt loop. ++ * ++ * New page-table pointer is expected in %rdi (first parameter) ++ * ++ */ ++ENTRY(sev_verify_cbit) ++#ifdef CONFIG_AMD_MEM_ENCRYPT ++ /* First check if a C-bit was detected */ ++ movq sme_me_mask(%rip), %rsi ++ testq %rsi, %rsi ++ jz 3f ++ ++ /* sme_me_mask != 0 could mean SME or SEV - Check also for SEV */ ++ movq sev_status(%rip), %rsi ++ testq %rsi, %rsi ++ jz 3f ++ ++ /* Save CR4 in %rsi */ ++ movq %cr4, %rsi ++ ++ /* Disable Global Pages */ ++ movq %rsi, %rdx ++ andq $(~X86_CR4_PGE), %rdx ++ movq %rdx, %cr4 ++ ++ /* ++ * Verified that running under SEV - now get a random value using ++ * RDRAND. This instruction is mandatory when running as an SEV guest. ++ * ++ * Don't bail out of the loop if RDRAND returns errors. It is better to ++ * prevent forward progress than to work with a non-random value here. ++ */ ++1: rdrand %rdx ++ jnc 1b ++ ++ /* Store value to memory and keep it in %rdx */ ++ movq %rdx, sev_check_data(%rip) ++ ++ /* Backup current %cr3 value to restore it later */ ++ movq %cr3, %rcx ++ ++ /* Switch to new %cr3 - This might unmap the stack */ ++ movq %rdi, %cr3 ++ ++ /* ++ * Compare value in %rdx with memory location. If C-bit is incorrect ++ * this would read the encrypted data and make the check fail. ++ */ ++ cmpq %rdx, sev_check_data(%rip) ++ ++ /* Restore old %cr3 */ ++ movq %rcx, %cr3 ++ ++ /* Restore previous CR4 */ ++ movq %rsi, %cr4 ++ ++ /* Check CMPQ result */ ++ je 3f ++ ++ /* ++ * The check failed, prevent any forward progress to prevent ROP ++ * attacks, invalidate the stack and go into a hlt loop. ++ */ ++ xorq %rsp, %rsp ++ subq $0x1000, %rsp ++2: hlt ++ jmp 2b ++3: ++#endif ++ /* Return page-table pointer */ ++ movq %rdi, %rax ++ ret ++ENDPROC(sev_verify_cbit) diff --git a/patches.suse/x86-boot-compressed-64-check-sev-encryption-in-the-32-bit-boot-path b/patches.suse/x86-boot-compressed-64-check-sev-encryption-in-the-32-bit-boot-path new file mode 100644 index 0000000..ee8c052 --- /dev/null +++ b/patches.suse/x86-boot-compressed-64-check-sev-encryption-in-the-32-bit-boot-path @@ -0,0 +1,129 @@ +From: Joerg Roedel +Date: Fri, 12 Mar 2021 13:38:23 +0100 +Subject: x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path +Git-commit: fef81c86262879d4b1176ef51a834c15b805ebb9 +Patch-mainline: v5.13-rc1 +References: jsc#SLE-14337 + +Check whether the hypervisor reported the correct C-bit when running +as an SEV guest. Using a wrong C-bit position could be used to leak +sensitive data from the guest to the hypervisor. + +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Link: https://lkml.kernel.org/r/20210312123824.306-8-joro@8bytes.org +--- + arch/x86/boot/compressed/head_64.S | 83 +++++++++++++++++++++++++++++++++++++ + 1 file changed, 83 insertions(+) + +--- a/arch/x86/boot/compressed/head_64.S ++++ b/arch/x86/boot/compressed/head_64.S +@@ -165,11 +165,21 @@ SYM_FUNC_START(startup_32) + */ + call get_sev_encryption_bit + xorl %edx, %edx ++#ifdef CONFIG_AMD_MEM_ENCRYPT + testl %eax, %eax + jz 1f + subl $32, %eax /* Encryption bit is always above bit 31 */ + bts %eax, %edx /* Set encryption mask for page tables */ ++ /* ++ * Mark SEV as active in sev_status so that startup32_check_sev_cbit() ++ * will do a check. The sev_status memory will be fully initialized ++ * with the contents of MSR_AMD_SEV_STATUS later in ++ * set_sev_encryption_mask(). For now it is sufficient to know that SEV ++ * is active. ++ */ ++ movl $1, sev_status(%ebp) + 1: ++#endif + + /* Initialize Page tables to 0 */ + leal pgtable(%ebx), %edi +@@ -254,6 +264,9 @@ SYM_FUNC_START(startup_32) + movl %esi, %edx + 1: + #endif ++ /* Check if the C-bit position is correct when SEV is active */ ++ call startup32_check_sev_cbit ++ + pushl $__KERNEL_CS + pushl %eax + +@@ -902,6 +915,76 @@ ENTRY(startup32_load_idt) + ENDPROC(startup32_load_idt) + + /* ++ * Check for the correct C-bit position when the startup_32 boot-path is used. ++ * ++ * The check makes use of the fact that all memory is encrypted when paging is ++ * disabled. The function creates 64 bits of random data using the RDRAND ++ * instruction. RDRAND is mandatory for SEV guests, so always available. If the ++ * hypervisor violates that the kernel will crash right here. ++ * ++ * The 64 bits of random data are stored to a memory location and at the same ++ * time kept in the %eax and %ebx registers. Since encryption is always active ++ * when paging is off the random data will be stored encrypted in main memory. ++ * ++ * Then paging is enabled. When the C-bit position is correct all memory is ++ * still mapped encrypted and comparing the register values with memory will ++ * succeed. An incorrect C-bit position will map all memory unencrypted, so that ++ * the compare will use the encrypted random data and fail. ++ */ ++SYM_FUNC_START(startup32_check_sev_cbit) ++#ifdef CONFIG_AMD_MEM_ENCRYPT ++ pushl %eax ++ pushl %ebx ++ pushl %ecx ++ pushl %edx ++ ++ /* Check for non-zero sev_status */ ++ movl sev_status(%ebp), %eax ++ testl %eax, %eax ++ jz 4f ++ ++ /* ++ * Get two 32-bit random values - Don't bail out if RDRAND fails ++ * because it is better to prevent forward progress if no random value ++ * can be gathered. ++ */ ++1: rdrand %eax ++ jnc 1b ++2: rdrand %ebx ++ jnc 2b ++ ++ /* Store to memory and keep it in the registers */ ++ movl %eax, sev_check_data(%ebp) ++ movl %ebx, sev_check_data+4(%ebp) ++ ++ /* Enable paging to see if encryption is active */ ++ movl %cr0, %edx /* Backup %cr0 in %edx */ ++ movl $(X86_CR0_PG | X86_CR0_PE), %ecx /* Enable Paging and Protected mode */ ++ movl %ecx, %cr0 ++ ++ cmpl %eax, sev_check_data(%ebp) ++ jne 3f ++ cmpl %ebx, sev_check_data+4(%ebp) ++ jne 3f ++ ++ movl %edx, %cr0 /* Restore previous %cr0 */ ++ ++ jmp 4f ++ ++3: /* Check failed - hlt the machine */ ++ hlt ++ jmp 3b ++ ++4: ++ popl %edx ++ popl %ecx ++ popl %ebx ++ popl %eax ++#endif ++ ret ++SYM_FUNC_END(startup32_check_sev_cbit) ++ ++/* + * Stack and heap for uncompression + */ + .bss diff --git a/patches.suse/x86-boot-compressed-64-cleanup-exception-handling-before-booting-kernel b/patches.suse/x86-boot-compressed-64-cleanup-exception-handling-before-booting-kernel new file mode 100644 index 0000000..9fa83f7 --- /dev/null +++ b/patches.suse/x86-boot-compressed-64-cleanup-exception-handling-before-booting-kernel @@ -0,0 +1,72 @@ +From: Joerg Roedel +Date: Wed, 10 Mar 2021 09:43:19 +0100 +Subject: x86/boot/compressed/64: Cleanup exception handling before booting + kernel +Git-commit: b099155e2df7dadf8b1ad9828158b89f5639f654 +Patch-mainline: v5.13-rc1 +References: jsc#SLE-14337 + +Disable the exception handling before booting the kernel to make sure +any exceptions that happen during early kernel boot are not directed to +the pre-decompression code. + +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Link: https://lkml.kernel.org/r/20210312123824.306-2-joro@8bytes.org +--- + arch/x86/boot/compressed/idt_64.c | 14 ++++++++++++++ + arch/x86/boot/compressed/misc.c | 7 ++----- + arch/x86/boot/compressed/misc.h | 6 ++++++ + 3 files changed, 22 insertions(+), 5 deletions(-) + +--- a/arch/x86/boot/compressed/idt_64.c ++++ b/arch/x86/boot/compressed/idt_64.c +@@ -52,3 +52,17 @@ void load_stage2_idt(void) + + load_boot_idt(&boot_idt_desc); + } ++ ++void cleanup_exception_handling(void) ++{ ++ /* ++ * Flush GHCB from cache and map it encrypted again when running as ++ * SEV-ES guest. ++ */ ++ sev_es_shutdown_ghcb(); ++ ++ /* Set a null-idt, disabling #PF and #VC handling */ ++ boot_idt_desc.size = 0; ++ boot_idt_desc.address = 0; ++ load_boot_idt(&boot_idt_desc); ++} +--- a/arch/x86/boot/compressed/misc.c ++++ b/arch/x86/boot/compressed/misc.c +@@ -442,11 +442,8 @@ asmlinkage __visible void *extract_kerne + handle_relocations(output, output_len, virt_addr); + debug_putstr("done.\nBooting the kernel.\n"); + +- /* +- * Flush GHCB from cache and map it encrypted again when running as +- * SEV-ES guest. +- */ +- sev_es_shutdown_ghcb(); ++ /* Disable exception handling before booting the kernel */ ++ cleanup_exception_handling(); + + return output; + } +--- a/arch/x86/boot/compressed/misc.h ++++ b/arch/x86/boot/compressed/misc.h +@@ -154,6 +154,12 @@ extern pteval_t __default_kernel_pte_mas + extern gate_desc boot_idt[BOOT_IDT_ENTRIES]; + extern struct desc_ptr boot_idt_desc; + ++#ifdef CONFIG_X86_64 ++void cleanup_exception_handling(void); ++#else ++static inline void cleanup_exception_handling(void) { } ++#endif ++ + /* IDT Entry Points */ + void boot_page_fault(void); + void boot_stage1_vc(void); diff --git a/patches.suse/x86-boot-compressed-64-introduce-sev_status b/patches.suse/x86-boot-compressed-64-introduce-sev_status new file mode 100644 index 0000000..15a0eef --- /dev/null +++ b/patches.suse/x86-boot-compressed-64-introduce-sev_status @@ -0,0 +1,48 @@ +From: Joerg Roedel +Date: Wed, 28 Oct 2020 17:46:55 +0100 +Subject: x86/boot/compressed/64: Introduce sev_status +Git-commit: 3ad84246a4097010f3ae3d6944120c0be00e9e7a +Patch-mainline: v5.10-rc3 +References: jsc#SLE-14337 + +Introduce sev_status and initialize it together with sme_me_mask to have +an indicator which SEV features are enabled. + +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Reviewed-by: Tom Lendacky +Link: https://lkml.kernel.org/r/20201028164659.27002-2-joro@8bytes.org +--- + arch/x86/boot/compressed/mem_encrypt.S | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +--- a/arch/x86/boot/compressed/mem_encrypt.S ++++ b/arch/x86/boot/compressed/mem_encrypt.S +@@ -81,6 +81,19 @@ ENTRY(set_sev_encryption_mask) + + bts %rax, sme_me_mask(%rip) /* Create the encryption mask */ + ++ /* ++ * Read MSR_AMD64_SEV again and store it to sev_status. Can't do this in ++ * get_sev_encryption_bit() because this function is 32-bit code and ++ * shared between 64-bit and 32-bit boot path. ++ */ ++ movl $MSR_AMD64_SEV, %ecx /* Read the SEV MSR */ ++ rdmsr ++ ++ /* Store MSR value in sev_status */ ++ shlq $32, %rdx ++ orq %rdx, %rax ++ movq %rax, sev_status(%rip) ++ + .Lno_sev_mask: + movq %rbp, %rsp /* Restore original stack pointer */ + +@@ -96,5 +109,6 @@ ENDPROC(set_sev_encryption_mask) + + #ifdef CONFIG_AMD_MEM_ENCRYPT + .balign 8 +-SYM_DATA(sme_me_mask, .quad 0) ++SYM_DATA(sme_me_mask, .quad 0) ++SYM_DATA(sev_status, .quad 0) + #endif diff --git a/patches.suse/x86-boot-compressed-64-reload-cs-in-startup_32 b/patches.suse/x86-boot-compressed-64-reload-cs-in-startup_32 new file mode 100644 index 0000000..d1d60fb --- /dev/null +++ b/patches.suse/x86-boot-compressed-64-reload-cs-in-startup_32 @@ -0,0 +1,37 @@ +From: Joerg Roedel +Date: Wed, 10 Mar 2021 09:43:20 +0100 +Subject: x86/boot/compressed/64: Reload CS in startup_32 +Git-commit: 0c289ff81c24033777fab23019039f11e1449ba4 +Patch-mainline: v5.13-rc1 +References: jsc#SLE-14337 + +Exception handling in the startup_32 boot path requires the CS +selector to be correctly set up. Reload it from the current GDT. + +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Link: https://lkml.kernel.org/r/20210312123824.306-4-joro@8bytes.org +--- + arch/x86/boot/compressed/head_64.S | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/arch/x86/boot/compressed/head_64.S ++++ b/arch/x86/boot/compressed/head_64.S +@@ -89,9 +89,16 @@ SYM_FUNC_START(startup_32) + movl %eax, %gs + movl %eax, %ss + +-/* setup a stack and make sure cpu supports long mode. */ ++ /* Setup a stack and load CS from current GDT */ + leal boot_stack_end(%ebp), %esp + ++ pushl $__KERNEL32_CS ++ leal 1f(%ebp), %eax ++ pushl %eax ++ lretl ++1: ++ ++ /* Make sure cpu supports long mode. */ + call verify_cpu + testl %eax, %eax + jnz no_longmode diff --git a/patches.suse/x86-boot-compressed-64-sanity-check-cpuid-results-in-the-early-vc-handler b/patches.suse/x86-boot-compressed-64-sanity-check-cpuid-results-in-the-early-vc-handler new file mode 100644 index 0000000..1cfc490 --- /dev/null +++ b/patches.suse/x86-boot-compressed-64-sanity-check-cpuid-results-in-the-early-vc-handler @@ -0,0 +1,65 @@ +From: Joerg Roedel +Date: Wed, 28 Oct 2020 17:46:56 +0100 +Subject: x86/boot/compressed/64: Sanity-check CPUID results in the early #VC + handler +Git-commit: ed7b895f3efb5df184722f5a30f8164fcaffceb1 +Patch-mainline: v5.10-rc3 +References: jsc#SLE-14337 + +The early #VC handler which doesn't have a GHCB can only handle CPUID +exit codes. It is needed by the early boot code to handle #VC exceptions +raised in verify_cpu() and to get the position of the C-bit. + +But the CPUID information comes from the hypervisor which is untrusted +and might return results which trick the guest into the no-SEV boot path +with no C-bit set in the page-tables. All data written to memory would +then be unencrypted and could leak sensitive data to the hypervisor. + +Add sanity checks to the early #VC handler to make sure the hypervisor +can not pretend that SEV is disabled. + + [ bp: Massage a bit. ] + +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Reviewed-by: Tom Lendacky +Link: https://lkml.kernel.org/r/20201028164659.27002-3-joro@8bytes.org +--- + arch/x86/kernel/sev-es-shared.c | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + +--- a/arch/x86/kernel/sev-es-shared.c ++++ b/arch/x86/kernel/sev-es-shared.c +@@ -178,6 +178,32 @@ void __init do_vc_no_ghcb(struct pt_regs + goto fail; + regs->dx = val >> 32; + ++ /* ++ * This is a VC handler and the #VC is only raised when SEV-ES is ++ * active, which means SEV must be active too. Do sanity checks on the ++ * CPUID results to make sure the hypervisor does not trick the kernel ++ * into the no-sev path. This could map sensitive data unencrypted and ++ * make it accessible to the hypervisor. ++ * ++ * In particular, check for: ++ * - Hypervisor CPUID bit ++ * - Availability of CPUID leaf 0x8000001f ++ * - SEV CPUID bit. ++ * ++ * The hypervisor might still report the wrong C-bit position, but this ++ * can't be checked here. ++ */ ++ ++ if ((fn == 1 && !(regs->cx & BIT(31)))) ++ /* Hypervisor bit */ ++ goto fail; ++ else if (fn == 0x80000000 && (regs->ax < 0x8000001f)) ++ /* SEV leaf check */ ++ goto fail; ++ else if ((fn == 0x8000001f && !(regs->ax & BIT(1)))) ++ /* SEV bit */ ++ goto fail; ++ + /* Skip over the CPUID two-byte opcode */ + regs->ip += 2; + diff --git a/patches.suse/x86-boot-compressed-64-setup-idt-in-startup_32-boot-path b/patches.suse/x86-boot-compressed-64-setup-idt-in-startup_32-boot-path new file mode 100644 index 0000000..388b657 --- /dev/null +++ b/patches.suse/x86-boot-compressed-64-setup-idt-in-startup_32-boot-path @@ -0,0 +1,113 @@ +From: Joerg Roedel +Date: Wed, 10 Mar 2021 09:43:21 +0100 +Subject: x86/boot/compressed/64: Setup IDT in startup_32 boot path +Git-commit: 79419e13e8082cc15d174df979a363528e31f2e7 +Patch-mainline: v5.13-rc1 +References: jsc#SLE-14337 + +This boot path needs exception handling when it is used with SEV-ES. +Setup an IDT and provide a helper function to write IDT entries for +use in 32-bit protected mode. + +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Link: https://lkml.kernel.org/r/20210312123824.306-5-joro@8bytes.org +--- + arch/x86/boot/compressed/head_64.S | 72 +++++++++++++++++++++++++++++++++++++ + 1 file changed, 72 insertions(+) + +--- a/arch/x86/boot/compressed/head_64.S ++++ b/arch/x86/boot/compressed/head_64.S +@@ -98,6 +98,9 @@ SYM_FUNC_START(startup_32) + lretl + 1: + ++ /* Setup Exception handling for SEV-ES */ ++ call startup32_load_idt ++ + /* Make sure cpu supports long mode. */ + call verify_cpu + testl %eax, %eax +@@ -717,6 +720,19 @@ SYM_DATA_START_LOCAL(gdt) + .quad 0x0000000000000000 /* TS continued */ + SYM_DATA_END_LABEL(gdt, SYM_L_LOCAL, gdt_end) + ++#ifdef CONFIG_AMD_MEM_ENCRYPT ++SYM_DATA_START(boot32_idt_desc) ++ .word boot32_idt_end - boot32_idt - 1 ++ .long 0 ++SYM_DATA_END(boot32_idt_desc) ++ .balign 8 ++SYM_DATA_START(boot32_idt) ++ .rept 32 ++ .quad 0 ++ .endr ++SYM_DATA_END_LABEL(boot32_idt, SYM_L_GLOBAL, boot32_idt_end) ++#endif ++ + #ifdef CONFIG_EFI_STUB + SYM_DATA(image_offset, .long 0) + #endif +@@ -823,6 +839,62 @@ SYM_DATA_START_LOCAL(loaded_image_proto) + SYM_DATA_END(loaded_image_proto) + #endif + ++#ifdef CONFIG_AMD_MEM_ENCRYPT ++ __HEAD ++ .code32 ++/* ++ * Write an IDT entry into boot32_idt ++ * ++ * Parameters: ++ * ++ * %eax: Handler address ++ * %edx: Vector number ++ * ++ * Physical offset is expected in %ebp ++ */ ++ENTRY(startup32_set_idt_entry) ++ push %ebx ++ push %ecx ++ ++ /* IDT entry address to %ebx */ ++ leal boot32_idt(%ebp), %ebx ++ shl $3, %edx ++ addl %edx, %ebx ++ ++ /* Build IDT entry, lower 4 bytes */ ++ movl %eax, %edx ++ andl $0x0000ffff, %edx # Target code segment offset [15:0] ++ movl $__KERNEL32_CS, %ecx # Target code segment selector ++ shl $16, %ecx ++ orl %ecx, %edx ++ ++ /* Store lower 4 bytes to IDT */ ++ movl %edx, (%ebx) ++ ++ /* Build IDT entry, upper 4 bytes */ ++ movl %eax, %edx ++ andl $0xffff0000, %edx # Target code segment offset [31:16] ++ orl $0x00008e00, %edx # Present, Type 32-bit Interrupt Gate ++ ++ /* Store upper 4 bytes to IDT */ ++ movl %edx, 4(%ebx) ++ ++ pop %ecx ++ pop %ebx ++ ret ++ENDPROC(startup32_set_idt_entry) ++#endif ++ ++ENTRY(startup32_load_idt) ++#ifdef CONFIG_AMD_MEM_ENCRYPT ++ /* Load IDT */ ++ leal boot32_idt(%ebp), %eax ++ movl %eax, (boot32_idt_desc+2)(%ebp) ++ lidt boot32_idt_desc(%ebp) ++#endif ++ ret ++ENDPROC(startup32_load_idt) ++ + /* + * Stack and heap for uncompression + */ diff --git a/patches.suse/x86-cpufeatures-force-disable-x86_feature_enqcmd-and-remove-update_pasid.patch b/patches.suse/x86-cpufeatures-force-disable-x86_feature_enqcmd-and-remove-update_pasid.patch new file mode 100644 index 0000000..4f277bd --- /dev/null +++ b/patches.suse/x86-cpufeatures-force-disable-x86_feature_enqcmd-and-remove-update_pasid.patch @@ -0,0 +1,176 @@ +From: Thomas Gleixner +Date: Sat, 29 May 2021 11:17:30 +0200 +Subject: x86/cpufeatures: Force disable X86_FEATURE_ENQCMD and remove + update_pasid() +Git-commit: 9bfecd05833918526cc7357d55e393393440c5fa +Patch-mainline: v5.13-rc5 +References: bsc#1178134 + +While digesting the XSAVE-related horrors which got introduced with +the supervisor/user split, the recent addition of ENQCMD-related +functionality got on the radar and turned out to be similarly broken. + +update_pasid(), which is only required when X86_FEATURE_ENQCMD is +available, is invoked from two places: + + 1) From switch_to() for the incoming task + + 2) Via a SMP function call from the IOMMU/SMV code + +#1 is half-ways correct as it hacks around the brokenness of get_xsave_addr() + by enforcing the state to be 'present', but all the conditionals in that + code are completely pointless for that. + + Also the invocation is just useless overhead because at that point + it's guaranteed that TIF_NEED_FPU_LOAD is set on the incoming task + and all of this can be handled at return to user space. + +#2 is broken beyond repair. The comment in the code claims that it is safe + to invoke this in an IPI, but that's just wishful thinking. + + FPU state of a running task is protected by fregs_lock() which is + nothing else than a local_bh_disable(). As BH-disabled regions run + usually with interrupts enabled the IPI can hit a code section which + modifies FPU state and there is absolutely no guarantee that any of the + assumptions which are made for the IPI case is true. + + Also the IPI is sent to all CPUs in mm_cpumask(mm), but the IPI is + invoked with a NULL pointer argument, so it can hit a completely + unrelated task and unconditionally force an update for nothing. + Worse, it can hit a kernel thread which operates on a user space + address space and set a random PASID for it. + +The offending commit does not cleanly revert, but it's sufficient to +force disable X86_FEATURE_ENQCMD and to remove the broken update_pasid() +code to make this dysfunctional all over the place. Anything more +complex would require more surgery and none of the related functions +outside of the x86 core code are blatantly wrong, so removing those +would be overkill. + +As nothing enables the PASID bit in the IA32_XSS MSR yet, which is +required to make this actually work, this cannot result in a regression +except for related out of tree train-wrecks, but they are broken already +today. + +Fixes: 20f0afd1fb3d ("x86/mmu: Allocate/free a PASID") +Signed-off-by: Thomas Gleixner +Signed-off-by: Borislav Petkov +Acked-by: Andy Lutomirski +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/87mtsd6gr9.ffs@nanos.tec.linutronix.de +--- + arch/x86/include/asm/disabled-features.h | 7 +-- + arch/x86/include/asm/fpu/api.h | 6 --- + arch/x86/include/asm/fpu/internal.h | 7 --- + arch/x86/kernel/fpu/xstate.c | 57 ------------------------------- + 4 files changed, 3 insertions(+), 74 deletions(-) + +--- a/arch/x86/include/asm/disabled-features.h ++++ b/arch/x86/include/asm/disabled-features.h +@@ -62,11 +62,8 @@ + # define DISABLE_PTI (1 << (X86_FEATURE_PTI & 31)) + #endif + +-#ifdef CONFIG_IOMMU_SUPPORT +-# define DISABLE_ENQCMD 0 +-#else +-# define DISABLE_ENQCMD (1 << (X86_FEATURE_ENQCMD & 31)) +-#endif ++/* Force disable because it's broken beyond repair */ ++#define DISABLE_ENQCMD (1 << (X86_FEATURE_ENQCMD & 31)) + + /* + * Make sure to add features to the correct mask +--- a/arch/x86/include/asm/fpu/api.h ++++ b/arch/x86/include/asm/fpu/api.h +@@ -68,10 +68,6 @@ extern int cpu_has_xfeatures(u64 xfeatur + */ + #define PASID_DISABLED 0 + +-#ifdef CONFIG_IOMMU_SUPPORT +-/* Update current's PASID MSR/state by mm's PASID. */ +-void update_pasid(void); +-#else + static inline void update_pasid(void) { } +-#endif ++ + #endif /* _ASM_X86_FPU_API_H */ +--- a/arch/x86/include/asm/fpu/internal.h ++++ b/arch/x86/include/asm/fpu/internal.h +@@ -618,13 +618,6 @@ static inline void switch_fpu_finish(str + pkru_val = pk->pkru; + } + __write_pkru(pkru_val); +- +- /* +- * Expensive PASID MSR write will be avoided in update_pasid() because +- * TIF_NEED_FPU_LOAD was set. And the PASID state won't be updated +- * unless it's different from mm->pasid to reduce overhead. +- */ +- update_pasid(); + } + + #endif /* _ASM_X86_FPU_INTERNAL_H */ +--- a/arch/x86/kernel/fpu/xstate.c ++++ b/arch/x86/kernel/fpu/xstate.c +@@ -1379,60 +1379,3 @@ int proc_pid_arch_status(struct seq_file + return 0; + } + #endif /* CONFIG_PROC_PID_ARCH_STATUS */ +- +-#ifdef CONFIG_IOMMU_SUPPORT +-void update_pasid(void) +-{ +- u64 pasid_state; +- u32 pasid; +- +- if (!cpu_feature_enabled(X86_FEATURE_ENQCMD)) +- return; +- +- if (!current->mm) +- return; +- +- pasid = READ_ONCE(current->mm->pasid); +- /* Set the valid bit in the PASID MSR/state only for valid pasid. */ +- pasid_state = pasid == PASID_DISABLED ? +- pasid : pasid | MSR_IA32_PASID_VALID; +- +- /* +- * No need to hold fregs_lock() since the task's fpstate won't +- * be changed by others (e.g. ptrace) while the task is being +- * switched to or is in IPI. +- */ +- if (!test_thread_flag(TIF_NEED_FPU_LOAD)) { +- /* The MSR is active and can be directly updated. */ +- wrmsrl(MSR_IA32_PASID, pasid_state); +- } else { +- struct fpu *fpu = ¤t->thread.fpu; +- struct ia32_pasid_state *ppasid_state; +- struct xregs_state *xsave; +- +- /* +- * The CPU's xstate registers are not currently active. Just +- * update the PASID state in the memory buffer here. The +- * PASID MSR will be loaded when returning to user mode. +- */ +- xsave = &fpu->state.xsave; +- xsave->header.xfeatures |= XFEATURE_MASK_PASID; +- ppasid_state = get_xsave_addr(xsave, XFEATURE_PASID); +- /* +- * Since XFEATURE_MASK_PASID is set in xfeatures, ppasid_state +- * won't be NULL and no need to check its value. +- * +- * Only update the task's PASID state when it's different +- * from the mm's pasid. +- */ +- if (ppasid_state->pasid != pasid_state) { +- /* +- * Invalid fpregs so that state restoring will pick up +- * the PASID state. +- */ +- __fpu_invalidate_fpregs_state(fpu); +- ppasid_state->pasid = pasid_state; +- } +- } +-} +-#endif /* CONFIG_IOMMU_SUPPORT */ diff --git a/patches.suse/x86-fault-don-t-send-sigsegv-twice-on-segv_pkuerr.patch b/patches.suse/x86-fault-don-t-send-sigsegv-twice-on-segv_pkuerr.patch new file mode 100644 index 0000000..ec122bc --- /dev/null +++ b/patches.suse/x86-fault-don-t-send-sigsegv-twice-on-segv_pkuerr.patch @@ -0,0 +1,41 @@ +From: Jiashuo Liang +Date: Tue, 1 Jun 2021 16:52:03 +0800 +Subject: x86/fault: Don't send SIGSEGV twice on SEGV_PKUERR +Git-commit: 5405b42c2f08efe67b531799ba2fdb35bac93e70 +Patch-mainline: v5.13-rc5 +References: bsc#1152489 + +__bad_area_nosemaphore() calls both force_sig_pkuerr() and +force_sig_fault() when handling SEGV_PKUERR. This does not cause +problems because the second signal is filtered by the legacy_queue() +check in __send_signal() because in both cases, the signal is SIGSEGV, +the second one seeing that the first one is already pending. + +This causes the kernel to do unnecessary work so send the signal only +once for SEGV_PKUERR. + + [ bp: Massage commit message. ] + +Fixes: 9db812dbb29d ("signal/x86: Call force_sig_pkuerr from __bad_area_nosemaphore") +Suggested-by: "Eric W. Biederman" +Signed-off-by: Jiashuo Liang +Signed-off-by: Borislav Petkov +Acked-by: "Eric W. Biederman" +Link: https://lkml.kernel.org/r/20210601085203.40214-1-liangjs@pku.edu.cn +--- + arch/x86/mm/fault.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/x86/mm/fault.c ++++ b/arch/x86/mm/fault.c +@@ -922,8 +922,8 @@ __bad_area_nosemaphore(struct pt_regs *r + + if (si_code == SEGV_PKUERR) + force_sig_pkuerr((void __user *)address, pkey); +- +- force_sig_fault(SIGSEGV, si_code, (void __user *)address); ++ else ++ force_sig_fault(SIGSEGV, si_code, (void __user *)address); + + return; + } diff --git a/patches.suse/x86-head-64-check-sev-encryption-before-switching-to-kernel-page-table b/patches.suse/x86-head-64-check-sev-encryption-before-switching-to-kernel-page-table new file mode 100644 index 0000000..31d0a0c --- /dev/null +++ b/patches.suse/x86-head-64-check-sev-encryption-before-switching-to-kernel-page-table @@ -0,0 +1,68 @@ +From: Joerg Roedel +Date: Wed, 28 Oct 2020 17:46:58 +0100 +Subject: x86/head/64: Check SEV encryption before switching to kernel + page-table +Git-commit: c9f09539e16e281f92a27760fdfae71e8af036f6 +Patch-mainline: v5.10-rc3 +References: jsc#SLE-14337 + +When SEV is enabled, the kernel requests the C-bit position again from +the hypervisor to build its own page-table. Since the hypervisor is an +untrusted source, the C-bit position needs to be verified before the +kernel page-table is used. + +Call sev_verify_cbit() before writing the CR3. + + [ bp: Massage. ] + +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Reviewed-by: Tom Lendacky +Link: https://lkml.kernel.org/r/20201028164659.27002-5-joro@8bytes.org +--- + arch/x86/kernel/head_64.S | 16 ++++++++++++++++ + arch/x86/mm/mem_encrypt.c | 1 + + 2 files changed, 17 insertions(+) + +--- a/arch/x86/kernel/head_64.S ++++ b/arch/x86/kernel/head_64.S +@@ -158,6 +158,21 @@ ENTRY(secondary_startup_64_no_verify) + + /* Setup early boot stage 4-/5-level pagetables. */ + addq phys_base(%rip), %rax ++ ++ /* ++ * For SEV guests: Verify that the C-bit is correct. A malicious ++ * hypervisor could lie about the C-bit position to perform a ROP ++ * attack on the guest by writing to the unencrypted stack and wait for ++ * the next RET instruction. ++ * %rsi carries pointer to realmode data and is callee-clobbered. Save ++ * and restore it. ++ */ ++ pushq %rsi ++ movq %rax, %rdi ++ call sev_verify_cbit ++ popq %rsi ++ ++ /* Switch to new page-table */ + movq %rax, %cr3 + + /* Ensure I am executing from virtual addresses */ +@@ -276,6 +291,7 @@ ENTRY(secondary_startup_64_no_verify) + END(secondary_startup_64) + + #include "verify_cpu.S" ++#include "sev_verify_cbit.S" + + #ifdef CONFIG_HOTPLUG_CPU + /* +--- a/arch/x86/mm/mem_encrypt.c ++++ b/arch/x86/mm/mem_encrypt.c +@@ -39,6 +39,7 @@ + */ + u64 sme_me_mask __section(.data) = 0; + u64 sev_status __section(.data) = 0; ++u64 sev_check_data __section(".data") = 0; + EXPORT_SYMBOL(sme_me_mask); + DEFINE_STATIC_KEY_FALSE(sev_enable_key); + EXPORT_SYMBOL_GPL(sev_enable_key); diff --git a/patches.suse/x86-head-64-disable-stack-protection-for-head-bits-o b/patches.suse/x86-head-64-disable-stack-protection-for-head-bits-o new file mode 100644 index 0000000..8e45f61 --- /dev/null +++ b/patches.suse/x86-head-64-disable-stack-protection-for-head-bits-o @@ -0,0 +1,47 @@ +From: Arvind Sankar +Date: Thu, 8 Oct 2020 15:16:23 -0400 +Subject: x86/head/64: Disable stack protection for head$(BITS).o +Git-commit: 103a4908ad4da9decdf9bc7216ec5a4861edf703 +Patch-mainline: v5.10-rc1 +References: jsc#SLE-14337 + +On 64-bit, the startup_64_setup_env() function added in + + 866b556efa12 ("x86/head/64: Install startup GDT") + +has stack protection enabled because of set_bringup_idt_handler(). +This happens when CONFIG_STACKPROTECTOR_STRONG is enabled. It +also currently needs CONFIG_AMD_MEM_ENCRYPT enabled because then +set_bringup_idt_handler() is not an empty stub but that might change in +the future, when the other vendor adds their similar technology. + +At this point, %gs is not yet initialized, and this doesn't cause a +crash only because the #PF handler from the decompressor stub is still +installed and handles the page fault. + +Disable stack protection for the whole file, and do it on 32-bit as +well to avoid surprises. + + [ bp: Extend commit message with the exact explanation how it happens. ] + +Signed-off-by: Arvind Sankar +Signed-off-by: Borislav Petkov +Reviewed-by: Joerg Roedel +Link: https://lkml.kernel.org/r/20201008191623.2881677-6-nivedita@alum.mit.edu + +Acked-by: Joerg Roedel +--- + arch/x86/kernel/Makefile | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/x86/kernel/Makefile ++++ b/arch/x86/kernel/Makefile +@@ -44,6 +44,8 @@ endif + # non-deterministic coverage. + KCOV_INSTRUMENT := n + ++CFLAGS_head$(BITS).o += -fno-stack-protector ++ + CFLAGS_irq.o := -I $(srctree)/$(src)/../include/asm/trace + + obj-y := process_$(BITS).o signal.o diff --git a/patches.suse/x86-sev-check-sme-sev-support-in-cpuid-first b/patches.suse/x86-sev-check-sme-sev-support-in-cpuid-first new file mode 100644 index 0000000..08bea32 --- /dev/null +++ b/patches.suse/x86-sev-check-sme-sev-support-in-cpuid-first @@ -0,0 +1,68 @@ +From: Pu Wen +Date: Wed, 2 Jun 2021 15:02:07 +0800 +Subject: x86/sev: Check SME/SEV support in CPUID first +Git-commit: 009767dbf42ac0dbe3cf48c1ee224f6b778aa85a +Patch-mainline: v5.13-rc5 +References: jsc#SLE-14337 + +The first two bits of the CPUID leaf 0x8000001F EAX indicate whether SEV +or SME is supported, respectively. It's better to check whether SEV or +SME is actually supported before accessing the MSR_AMD64_SEV to check +whether SEV or SME is enabled. + +This is both a bare-metal issue and a guest/VM issue. Since the first +generation Hygon Dhyana CPU doesn't support the MSR_AMD64_SEV, reading that +MSR results in a #GP - either directly from hardware in the bare-metal +case or via the hypervisor (because the RDMSR is actually intercepted) +in the guest/VM case, resulting in a failed boot. And since this is very +early in the boot phase, rdmsrl_safe()/native_read_msr_safe() can't be +used. + +So check the CPUID bits first, before accessing the MSR. + + [ tlendacky: Expand and improve commit message. ] + [ bp: Massage commit message. ] + +Fixes: eab696d8e8b9 ("x86/sev: Do not require Hypervisor CPUID bit for SEV guests") +Signed-off-by: Pu Wen +Signed-off-by: Borislav Petkov +Acked-by: Tom Lendacky +Cc: # v5.10+ +Link: https://lkml.kernel.org/r/20210602070207.2480-1-puwen@hygon.cn + +Acked-by: Joerg Roedel +--- + arch/x86/mm/mem_encrypt_identity.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +--- a/arch/x86/mm/mem_encrypt_identity.c ++++ b/arch/x86/mm/mem_encrypt_identity.c +@@ -504,10 +504,6 @@ void __init sme_enable(struct boot_param + #define AMD_SME_BIT BIT(0) + #define AMD_SEV_BIT BIT(1) + +- /* Check the SEV MSR whether SEV or SME is enabled */ +- sev_status = __rdmsr(MSR_AMD64_SEV); +- feature_mask = (sev_status & MSR_AMD64_SEV_ENABLED) ? AMD_SEV_BIT : AMD_SME_BIT; +- + /* + * Check for the SME/SEV feature: + * CPUID Fn8000_001F[EAX] +@@ -519,11 +515,16 @@ void __init sme_enable(struct boot_param + eax = 0x8000001f; + ecx = 0; + native_cpuid(&eax, &ebx, &ecx, &edx); +- if (!(eax & feature_mask)) ++ /* Check whether SEV or SME is supported */ ++ if (!(eax & (AMD_SEV_BIT | AMD_SME_BIT))) + return; + + me_mask = 1UL << (ebx & 0x3f); + ++ /* Check the SEV MSR whether SEV or SME is enabled */ ++ sev_status = __rdmsr(MSR_AMD64_SEV); ++ feature_mask = (sev_status & MSR_AMD64_SEV_ENABLED) ? AMD_SEV_BIT : AMD_SME_BIT; ++ + /* Check if memory encryption is enabled */ + if (feature_mask == AMD_SME_BIT) { + /* diff --git a/patches.suse/x86-sev-do-not-require-hypervisor-cpuid-bit-for-sev-guests b/patches.suse/x86-sev-do-not-require-hypervisor-cpuid-bit-for-sev-guests new file mode 100644 index 0000000..f82f24b --- /dev/null +++ b/patches.suse/x86-sev-do-not-require-hypervisor-cpuid-bit-for-sev-guests @@ -0,0 +1,142 @@ +From: Joerg Roedel +Date: Fri, 12 Mar 2021 13:38:18 +0100 +Subject: x86/sev: Do not require Hypervisor CPUID bit for SEV guests +Git-commit: eab696d8e8b9c9d600be6fad8dd8dfdfaca6ca7c +Patch-mainline: v5.13-rc1 +References: jsc#SLE-14337 + +A malicious hypervisor could disable the CPUID intercept for an SEV or +SEV-ES guest and trick it into the no-SEV boot path, where it could +potentially reveal secrets. This is not an issue for SEV-SNP guests, +as the CPUID intercept can't be disabled for those. + +Remove the Hypervisor CPUID bit check from the SEV detection code to +protect against this kind of attack and add a Hypervisor bit equals zero +check to the SME detection path to prevent non-encrypted guests from +trying to enable SME. + +This handles the following cases: + + 1) SEV(-ES) guest where CPUID intercept is disabled. The guest + will still see leaf 0x8000001f and the SEV bit. It can + retrieve the C-bit and boot normally. + + 2) Non-encrypted guests with intercepted CPUID will check + the SEV_STATUS MSR and find it 0 and will try to enable SME. + This will fail when the guest finds MSR_K8_SYSCFG to be zero, + as it is emulated by KVM. But we can't rely on that, as there + might be other hypervisors which return this MSR with bit + 23 set. The Hypervisor bit check will prevent that the guest + tries to enable SME in this case. + + 3) Non-encrypted guests on SEV capable hosts with CPUID intercept + disabled (by a malicious hypervisor) will try to boot into + the SME path. This will fail, but it is also not considered + a problem because non-encrypted guests have no protection + against the hypervisor anyway. + + [ bp: s/non-SEV/non-encrypted/g ] + +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Acked-by: Tom Lendacky +Link: https://lkml.kernel.org/r/20210312123824.306-3-joro@8bytes.org +--- + arch/x86/boot/compressed/mem_encrypt.S | 6 ----- + arch/x86/kernel/sev-es-shared.c | 6 ----- + arch/x86/mm/mem_encrypt_identity.c | 35 +++++++++++++++++---------------- + 3 files changed, 20 insertions(+), 27 deletions(-) + +--- a/arch/x86/boot/compressed/mem_encrypt.S ++++ b/arch/x86/boot/compressed/mem_encrypt.S +@@ -23,12 +23,6 @@ ENTRY(get_sev_encryption_bit) + push %ecx + push %edx + +- /* Check if running under a hypervisor */ +- movl $1, %eax +- cpuid +- bt $31, %ecx /* Check the hypervisor bit */ +- jnc .Lno_sev +- + movl $0x80000000, %eax /* CPUID to check the highest leaf */ + cpuid + cmpl $0x8000001f, %eax /* See if 0x8000001f is available */ +--- a/arch/x86/kernel/sev-es-shared.c ++++ b/arch/x86/kernel/sev-es-shared.c +@@ -186,7 +186,6 @@ void __init do_vc_no_ghcb(struct pt_regs + * make it accessible to the hypervisor. + * + * In particular, check for: +- * - Hypervisor CPUID bit + * - Availability of CPUID leaf 0x8000001f + * - SEV CPUID bit. + * +@@ -194,10 +193,7 @@ void __init do_vc_no_ghcb(struct pt_regs + * can't be checked here. + */ + +- if ((fn == 1 && !(regs->cx & BIT(31)))) +- /* Hypervisor bit */ +- goto fail; +- else if (fn == 0x80000000 && (regs->ax < 0x8000001f)) ++ if (fn == 0x80000000 && (regs->ax < 0x8000001f)) + /* SEV leaf check */ + goto fail; + else if ((fn == 0x8000001f && !(regs->ax & BIT(1)))) +--- a/arch/x86/mm/mem_encrypt_identity.c ++++ b/arch/x86/mm/mem_encrypt_identity.c +@@ -503,14 +503,10 @@ void __init sme_enable(struct boot_param + + #define AMD_SME_BIT BIT(0) + #define AMD_SEV_BIT BIT(1) +- /* +- * Set the feature mask (SME or SEV) based on whether we are +- * running under a hypervisor. +- */ +- eax = 1; +- ecx = 0; +- native_cpuid(&eax, &ebx, &ecx, &edx); +- feature_mask = (ecx & BIT(31)) ? AMD_SEV_BIT : AMD_SME_BIT; ++ ++ /* Check the SEV MSR whether SEV or SME is enabled */ ++ sev_status = __rdmsr(MSR_AMD64_SEV); ++ feature_mask = (sev_status & MSR_AMD64_SEV_ENABLED) ? AMD_SEV_BIT : AMD_SME_BIT; + + /* + * Check for the SME/SEV feature: +@@ -530,19 +526,26 @@ void __init sme_enable(struct boot_param + + /* Check if memory encryption is enabled */ + if (feature_mask == AMD_SME_BIT) { ++ /* ++ * No SME if Hypervisor bit is set. This check is here to ++ * prevent a guest from trying to enable SME. For running as a ++ * KVM guest the MSR_K8_SYSCFG will be sufficient, but there ++ * might be other hypervisors which emulate that MSR as non-zero ++ * or even pass it through to the guest. ++ * A malicious hypervisor can still trick a guest into this ++ * path, but there is no way to protect against that. ++ */ ++ eax = 1; ++ ecx = 0; ++ native_cpuid(&eax, &ebx, &ecx, &edx); ++ if (ecx & BIT(31)) ++ return; ++ + /* For SME, check the SYSCFG MSR */ + msr = __rdmsr(MSR_K8_SYSCFG); + if (!(msr & MSR_K8_SYSCFG_MEM_ENCRYPT)) + return; + } else { +- /* For SEV, check the SEV MSR */ +- msr = __rdmsr(MSR_AMD64_SEV); +- if (!(msr & MSR_AMD64_SEV_ENABLED)) +- return; +- +- /* Save SEV_STATUS to avoid reading MSR again */ +- sev_status = msr; +- + /* SEV state cannot be controlled by a command line option */ + sme_me_mask = me_mask; + sev_enabled = true; diff --git a/patches.suse/x86-sev-es-do-not-support-mmio-to-from-encrypted-memory b/patches.suse/x86-sev-es-do-not-support-mmio-to-from-encrypted-memory new file mode 100644 index 0000000..769013e --- /dev/null +++ b/patches.suse/x86-sev-es-do-not-support-mmio-to-from-encrypted-memory @@ -0,0 +1,83 @@ +From: Joerg Roedel +Date: Wed, 28 Oct 2020 17:46:59 +0100 +Subject: x86/sev-es: Do not support MMIO to/from encrypted memory +Git-commit: 2411cd82112397bfb9d8f0f19cd46c3d71e0ce67 +Patch-mainline: v5.10-rc3 +References: jsc#SLE-14337 + +MMIO memory is usually not mapped encrypted, so there is no reason to +support emulated MMIO when it is mapped encrypted. + +Prevent a possible hypervisor attack where a RAM page is mapped as +an MMIO page in the nested page-table, so that any guest access to it +will trigger a #VC exception and leak the data on that page to the +hypervisor via the GHCB (like with valid MMIO). On the read side this +attack would allow the HV to inject data into the guest. + +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Reviewed-by: Tom Lendacky +Link: https://lkml.kernel.org/r/20201028164659.27002-6-joro@8bytes.org +--- + arch/x86/kernel/sev-es.c | 20 +++++++++++++------- + 1 file changed, 13 insertions(+), 7 deletions(-) + +--- a/arch/x86/kernel/sev-es.c ++++ b/arch/x86/kernel/sev-es.c +@@ -376,8 +376,8 @@ fault: + return ES_EXCEPTION; + } + +-static bool vc_slow_virt_to_phys(struct ghcb *ghcb, struct es_em_ctxt *ctxt, +- unsigned long vaddr, phys_addr_t *paddr) ++static enum es_result vc_slow_virt_to_phys(struct ghcb *ghcb, struct es_em_ctxt *ctxt, ++ unsigned long vaddr, phys_addr_t *paddr) + { + unsigned long va = (unsigned long)vaddr; + unsigned int level; +@@ -396,15 +396,19 @@ static bool vc_slow_virt_to_phys(struct + if (user_mode(ctxt->regs)) + ctxt->fi.error_code |= X86_PF_USER; + +- return false; ++ return ES_EXCEPTION; + } + ++ if (WARN_ON_ONCE(pte_val(*pte) & _PAGE_ENC)) ++ /* Emulated MMIO to/from encrypted memory not supported */ ++ return ES_UNSUPPORTED; ++ + pa = (phys_addr_t)pte_pfn(*pte) << PAGE_SHIFT; + pa |= va & ~page_level_mask(level); + + *paddr = pa; + +- return true; ++ return ES_OK; + } + + /* Include code shared with pre-decompression boot stage */ +@@ -733,6 +737,7 @@ static enum es_result vc_do_mmio(struct + { + u64 exit_code, exit_info_1, exit_info_2; + unsigned long ghcb_pa = __pa(ghcb); ++ enum es_result res; + phys_addr_t paddr; + void __user *ref; + +@@ -742,11 +747,12 @@ static enum es_result vc_do_mmio(struct + + exit_code = read ? SVM_VMGEXIT_MMIO_READ : SVM_VMGEXIT_MMIO_WRITE; + +- if (!vc_slow_virt_to_phys(ghcb, ctxt, (unsigned long)ref, &paddr)) { +- if (!read) ++ res = vc_slow_virt_to_phys(ghcb, ctxt, (unsigned long)ref, &paddr); ++ if (res != ES_OK) { ++ if (res == ES_EXCEPTION && !read) + ctxt->fi.error_code |= X86_PF_WRITE; + +- return ES_EXCEPTION; ++ return res; + } + + exit_info_1 = paddr; diff --git a/patches.suse/x86-sev-es-don-t-return-null-from-sev_es_get_ghcb b/patches.suse/x86-sev-es-don-t-return-null-from-sev_es_get_ghcb new file mode 100644 index 0000000..b02a727 --- /dev/null +++ b/patches.suse/x86-sev-es-don-t-return-null-from-sev_es_get_ghcb @@ -0,0 +1,72 @@ +From: Joerg Roedel +Date: Wed, 19 May 2021 15:52:44 +0200 +Subject: x86/sev-es: Don't return NULL from sev_es_get_ghcb() +Git-commit: b250f2f7792d15bcde98e0456781e2835556d5fa +Patch-mainline: v5.13-rc3 +References: bsc#1187349 + +sev_es_get_ghcb() is called from several places but only one of them +checks the return value. The reaction to returning NULL is always the +same: calling panic() and kill the machine. + +Instead of adding checks to all call sites, move the panic() into the +function itself so that it will no longer return NULL. + +Fixes: 0786138c78e7 ("x86/sev-es: Add a Runtime #VC Exception Handler") +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Cc: stable@vger.kernel.org # v5.10+ +Link: https://lkml.kernel.org/r/20210519135251.30093-2-joro@8bytes.org +--- + arch/x86/kernel/sev-es.c | 25 ++++++++++++------------- + 1 file changed, 12 insertions(+), 13 deletions(-) + +--- a/arch/x86/kernel/sev-es.c ++++ b/arch/x86/kernel/sev-es.c +@@ -193,8 +193,18 @@ static __always_inline struct ghcb *sev_ + if (unlikely(data->ghcb_active)) { + /* GHCB is already in use - save its contents */ + +- if (unlikely(data->backup_ghcb_active)) +- return NULL; ++ if (unlikely(data->backup_ghcb_active)) { ++ /* ++ * Backup-GHCB is also already in use. There is no way ++ * to continue here so just kill the machine. To make ++ * panic() work, mark GHCBs inactive so that messages ++ * can be printed out. ++ */ ++ data->ghcb_active = false; ++ data->backup_ghcb_active = false; ++ ++ panic("Unable to handle #VC exception! GHCB and Backup GHCB are already in use"); ++ } + + /* Mark backup_ghcb active before writing to it */ + data->backup_ghcb_active = true; +@@ -1255,7 +1265,6 @@ static __always_inline bool on_vc_fallba + */ + void safe_stack_vmm_communication(struct pt_regs *regs, unsigned long error_code) + { +- struct sev_es_runtime_data *data = this_cpu_read(runtime_data); + struct ghcb_state state; + struct es_em_ctxt ctxt; + enum es_result result; +@@ -1276,16 +1285,6 @@ void safe_stack_vmm_communication(struct + */ + + ghcb = sev_es_get_ghcb(&state); +- if (!ghcb) { +- /* +- * Mark GHCBs inactive so that panic() is able to print the +- * message. +- */ +- data->ghcb_active = false; +- data->backup_ghcb_active = false; +- +- panic("Unable to handle #VC exception! GHCB and Backup GHCB are already in use"); +- } + + vc_ghcb_invalidate(ghcb); + result = vc_init_em_ctxt(&ctxt, regs, error_code); + diff --git a/patches.suse/x86-sev-es-forward-page-faults-which-happen-during-emulation b/patches.suse/x86-sev-es-forward-page-faults-which-happen-during-emulation new file mode 100644 index 0000000..de2957e --- /dev/null +++ b/patches.suse/x86-sev-es-forward-page-faults-which-happen-during-emulation @@ -0,0 +1,35 @@ +From: Joerg Roedel +Date: Wed, 19 May 2021 15:52:45 +0200 +Subject: x86/sev-es: Forward page-faults which happen during emulation +Git-commit: c25bbdb564060adaad5c3a8a10765c13487ba6a3 +Patch-mainline: v5.13-rc3 +References: bsc#1187350 + +When emulating guest instructions for MMIO or IOIO accesses, the #VC +handler might get a page-fault and will not be able to complete. Forward +the page-fault in this case to the correct handler instead of killing +the machine. + +Fixes: 0786138c78e7 ("x86/sev-es: Add a Runtime #VC Exception Handler") +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Cc: stable@vger.kernel.org # v5.10+ +Link: https://lkml.kernel.org/r/20210519135251.30093-3-joro@8bytes.org +--- + arch/x86/kernel/sev-es.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/x86/kernel/sev-es.c ++++ b/arch/x86/kernel/sev-es.c +@@ -1236,6 +1236,10 @@ static __always_inline void vc_forward_e + case X86_TRAP_UD: + do_invalid_op(ctxt->regs, error_code); + break; ++ case X86_TRAP_PF: ++ write_cr2(ctxt->fi.cr2); ++ do_page_fault(ctxt->regs, error_code, ctxt->fi.cr2); ++ break; + case X86_TRAP_AC: + do_alignment_check(ctxt->regs, error_code); + break; + diff --git a/patches.suse/x86-sev-es-replace-open-coded-hlt-loops-with-sev_es_terminate b/patches.suse/x86-sev-es-replace-open-coded-hlt-loops-with-sev_es_terminate new file mode 100644 index 0000000..8c1e5f8 --- /dev/null +++ b/patches.suse/x86-sev-es-replace-open-coded-hlt-loops-with-sev_es_terminate @@ -0,0 +1,65 @@ +From: Joerg Roedel +Date: Fri, 12 Mar 2021 13:38:24 +0100 +Subject: x86/sev-es: Replace open-coded hlt-loops with sev_es_terminate() +Git-commit: f15a0a732aefb46f999c2a8aa8f9f16e71cec5b2 +Patch-mainline: v5.13-rc1 +References: jsc#SLE-14337 + +There are a few places left in the SEV-ES C code where hlt loops and/or +terminate requests are implemented. Replace them all with calls to +sev_es_terminate(). + +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Link: https://lkml.kernel.org/r/20210312123824.306-9-joro@8bytes.org +--- + arch/x86/boot/compressed/sev-es.c | 12 +++--------- + arch/x86/kernel/sev-es-shared.c | 10 +++------- + 2 files changed, 6 insertions(+), 16 deletions(-) + +--- a/arch/x86/boot/compressed/sev-es.c ++++ b/arch/x86/boot/compressed/sev-es.c +@@ -200,14 +200,8 @@ void do_boot_stage2_vc(struct pt_regs *r + } + + finish: +- if (result == ES_OK) { ++ if (result == ES_OK) + vc_finish_insn(&ctxt); +- } else if (result != ES_RETRY) { +- /* +- * For now, just halt the machine. That makes debugging easier, +- * later we just call sev_es_terminate() here. +- */ +- while (true) +- asm volatile("hlt\n"); +- } ++ else if (result != ES_RETRY) ++ sev_es_terminate(GHCB_SEV_ES_REASON_GENERAL_REQUEST); + } +--- a/arch/x86/kernel/sev-es-shared.c ++++ b/arch/x86/kernel/sev-es-shared.c +@@ -24,7 +24,7 @@ static bool __init sev_es_check_cpu_feat + return true; + } + +-static void sev_es_terminate(unsigned int reason) ++static void __noreturn sev_es_terminate(unsigned int reason) + { + u64 val = GHCB_SEV_TERMINATE; + +@@ -206,12 +206,8 @@ void __init do_vc_no_ghcb(struct pt_regs + return; + + fail: +- sev_es_wr_ghcb_msr(GHCB_SEV_TERMINATE); +- VMGEXIT(); +- +- /* Shouldn't get here - if we do halt the machine */ +- while (true) +- asm volatile("hlt\n"); ++ /* Terminate the guest */ ++ sev_es_terminate(GHCB_SEV_ES_REASON_GENERAL_REQUEST); + } + + static enum es_result vc_insn_string_read(struct es_em_ctxt *ctxt, diff --git a/patches.suse/x86-sev-es-use-_put_user-_get_user-for-data-accesses b/patches.suse/x86-sev-es-use-_put_user-_get_user-for-data-accesses new file mode 100644 index 0000000..05d8c76 --- /dev/null +++ b/patches.suse/x86-sev-es-use-_put_user-_get_user-for-data-accesses @@ -0,0 +1,157 @@ +From: Joerg Roedel +Date: Wed, 19 May 2021 15:52:46 +0200 +Subject: x86/sev-es: Use __put_user()/__get_user() for data accesses +Git-commit: 4954f5b8ef0baf70fe978d1a99a5f70e4dd5c877 +Patch-mainline: v5.13-rc3 +References: bsc#1187351 + +The put_user() and get_user() functions do checks on the address which is +passed to them. They check whether the address is actually a user-space +address and whether its fine to access it. They also call might_fault() +to indicate that they could fault and possibly sleep. + +All of these checks are neither wanted nor needed in the #VC exception +handler, which can be invoked from almost any context and also for MMIO +instructions from kernel space on kernel memory. All the #VC handler +wants to know is whether a fault happened when the access was tried. + +This is provided by __put_user()/__get_user(), which just do the access +no matter what. Also add comments explaining why __get_user() and +__put_user() are the best choice here and why it is safe to use them +in this context. Also explain why copy_to/from_user can't be used. + +In addition, also revert commit + + 7024f60d6552 ("x86/sev-es: Handle string port IO to kernel memory properly") + +because using __get_user()/__put_user() fixes the same problem while +the above commit introduced several problems: + + 1) It uses access_ok() which is only allowed in task context. + + 2) It uses memcpy() which has no fault handling at all and is + thus unsafe to use here. + + [ bp: Fix up commit ID of the reverted commit above. ] + +Fixes: f980f9c31a92 ("x86/sev-es: Compile early handler code into kernel image") +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Cc: stable@vger.kernel.org # v5.10+ +Link: https://lkml.kernel.org/r/20210519135251.30093-4-joro@8bytes.org +--- + arch/x86/kernel/sev-es.c | 66 ++++++++++++++++++++++++++++++++--------------- + 1 file changed, 46 insertions(+), 20 deletions(-) + +--- a/arch/x86/kernel/sev-es.c ++++ b/arch/x86/kernel/sev-es.c +@@ -290,31 +290,44 @@ static enum es_result vc_write_mem(struc + u16 d2; + u8 d1; + +- /* If instruction ran in kernel mode and the I/O buffer is in kernel space */ +- if (!user_mode(ctxt->regs) && !access_ok(target, size)) { +- memcpy(dst, buf, size); +- return ES_OK; +- } +- ++ /* ++ * This function uses __put_user() independent of whether kernel or user ++ * memory is accessed. This works fine because __put_user() does no ++ * sanity checks of the pointer being accessed. All that it does is ++ * to report when the access failed. ++ * ++ * Also, this function runs in atomic context, so __put_user() is not ++ * allowed to sleep. The page-fault handler detects that it is running ++ * in atomic context and will not try to take mmap_sem and handle the ++ * fault, so additional pagefault_enable()/disable() calls are not ++ * needed. ++ * ++ * The access can't be done via copy_to_user() here because ++ * vc_write_mem() must not use string instructions to access unsafe ++ * memory. The reason is that MOVS is emulated by the #VC handler by ++ * splitting the move up into a read and a write and taking a nested #VC ++ * exception on whatever of them is the MMIO access. Using string ++ * instructions here would cause infinite nesting. ++ */ + switch (size) { + case 1: + memcpy(&d1, buf, 1); +- if (put_user(d1, target)) ++ if (__put_user(d1, target)) + goto fault; + break; + case 2: + memcpy(&d2, buf, 2); +- if (put_user(d2, target)) ++ if (__put_user(d2, target)) + goto fault; + break; + case 4: + memcpy(&d4, buf, 4); +- if (put_user(d4, target)) ++ if (__put_user(d4, target)) + goto fault; + break; + case 8: + memcpy(&d8, buf, 8); +- if (put_user(d8, target)) ++ if (__put_user(d8, target)) + goto fault; + break; + default: +@@ -345,30 +358,43 @@ static enum es_result vc_read_mem(struct + u16 d2; + u8 d1; + +- /* If instruction ran in kernel mode and the I/O buffer is in kernel space */ +- if (!user_mode(ctxt->regs) && !access_ok(s, size)) { +- memcpy(buf, src, size); +- return ES_OK; +- } +- ++ /* ++ * This function uses __get_user() independent of whether kernel or user ++ * memory is accessed. This works fine because __get_user() does no ++ * sanity checks of the pointer being accessed. All that it does is ++ * to report when the access failed. ++ * ++ * Also, this function runs in atomic context, so __get_user() is not ++ * allowed to sleep. The page-fault handler detects that it is running ++ * in atomic context and will not try to take mmap_sem and handle the ++ * fault, so additional pagefault_enable()/disable() calls are not ++ * needed. ++ * ++ * The access can't be done via copy_from_user() here because ++ * vc_read_mem() must not use string instructions to access unsafe ++ * memory. The reason is that MOVS is emulated by the #VC handler by ++ * splitting the move up into a read and a write and taking a nested #VC ++ * exception on whatever of them is the MMIO access. Using string ++ * instructions here would cause infinite nesting. ++ */ + switch (size) { + case 1: +- if (get_user(d1, s)) ++ if (__get_user(d1, s)) + goto fault; + memcpy(buf, &d1, 1); + break; + case 2: +- if (get_user(d2, s)) ++ if (__get_user(d2, s)) + goto fault; + memcpy(buf, &d2, 2); + break; + case 4: +- if (get_user(d4, s)) ++ if (__get_user(d4, s)) + goto fault; + memcpy(buf, &d4, 4); + break; + case 8: +- if (get_user(d8, s)) ++ if (__get_user(d8, s)) + goto fault; + memcpy(buf, &d8, 8); + break; + diff --git a/patches.suse/xfrm-policy-Read-seqcount-outside-of-rcu-read-side-i.patch b/patches.suse/xfrm-policy-Read-seqcount-outside-of-rcu-read-side-i.patch new file mode 100644 index 0000000..112a14a --- /dev/null +++ b/patches.suse/xfrm-policy-Read-seqcount-outside-of-rcu-read-side-i.patch @@ -0,0 +1,107 @@ +From d7b0408934c749f546b01f2b33d07421a49b6f3e Mon Sep 17 00:00:00 2001 +From: Varad Gautam +Date: Fri, 28 May 2021 18:04:06 +0200 +Subject: xfrm: policy: Read seqcount outside of rcu-read side in + xfrm_policy_lookup_bytype +References: bsc#1185675 +Patch-mainline: Not yet, queued on next-20210609 + +xfrm_policy_lookup_bytype loops on seqcount mutex xfrm_policy_hash_generation +within an RCU read side critical section. Although ill advised, this is fine if +the loop is bounded. + +xfrm_policy_hash_generation wraps mutex hash_resize_mutex, which is used to +serialize writers (xfrm_hash_resize, xfrm_hash_rebuild). This is fine too. + +On PREEMPT_RT=y, the read_seqcount_begin call within xfrm_policy_lookup_bytype +emits a mutex lock/unlock for hash_resize_mutex. Mutex locking is fine, since +RCU read side critical sections are allowed to sleep with PREEMPT_RT. + +xfrm_hash_resize can, however, block on synchronize_rcu while holding +hash_resize_mutex. + +This leads to the following situation on PREEMPT_RT, where the writer is +blocked on RCU grace period expiry, while the reader is blocked on a lock held +by the writer: + +Thead 1 (xfrm_hash_resize) Thread 2 (xfrm_policy_lookup_bytype) + + rcu_read_lock(); +mutex_lock(&hash_resize_mutex); + read_seqcount_begin(&xfrm_policy_hash_generation); + mutex_lock(&hash_resize_mutex); // block +xfrm_bydst_resize(); +synchronize_rcu(); // block + + +Move the read_seqcount_begin call outside of the RCU read side critical section, +and do an rcu_read_unlock/retry if we got stale data within the critical section. + +On non-PREEMPT_RT, this shortens the time spent within RCU read side critical +section in case the seqcount needs a retry, and avoids unbounded looping. + +Fixes: 77cc278f7b20 ("xfrm: policy: Use sequence counters with associated lock") +Signed-off-by: Varad Gautam +Cc: linux-rt-users +Cc: netdev@vger.kernel.org +Cc: stable@vger.kernel.org # v4.9 +Cc: Steffen Klassert +Cc: Herbert Xu +Cc: "David S. Miller" +Cc: Jakub Kicinski +Cc: Florian Westphal +Cc: "Ahmed S. Darwish" +Signed-off-by: Steffen Klassert +Acked-by: Ahmed S. Darwish +Link: https://lore.kernel.org/linux-rt-users/20210528160407.32127-1-varad.gautam@suse.com/ + +--- + net/xfrm/xfrm_policy.c | 21 ++++++++++++++------- + 1 file changed, 14 insertions(+), 7 deletions(-) + +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index b74f28cabe24f..8c56e3e59c3cc 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -2092,12 +2092,15 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type, + if (unlikely(!daddr || !saddr)) + return NULL; + +- rcu_read_lock(); + retry: +- do { +- sequence = read_seqcount_begin(&xfrm_policy_hash_generation); +- chain = policy_hash_direct(net, daddr, saddr, family, dir); +- } while (read_seqcount_retry(&xfrm_policy_hash_generation, sequence)); ++ sequence = read_seqcount_begin(&xfrm_policy_hash_generation); ++ rcu_read_lock(); ++ ++ chain = policy_hash_direct(net, daddr, saddr, family, dir); ++ if (read_seqcount_retry(&xfrm_policy_hash_generation, sequence)) { ++ rcu_read_unlock(); ++ goto retry; ++ } + + ret = NULL; + hlist_for_each_entry_rcu(pol, chain, bydst) { +@@ -2128,11 +2131,15 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type, + } + + skip_inexact: +- if (read_seqcount_retry(&xfrm_policy_hash_generation, sequence)) ++ if (read_seqcount_retry(&xfrm_policy_hash_generation, sequence)) { ++ rcu_read_unlock(); + goto retry; ++ } + +- if (ret && !xfrm_pol_hold_rcu(ret)) ++ if (ret && !xfrm_pol_hold_rcu(ret)) { ++ rcu_read_unlock(); + goto retry; ++ } + fail: + rcu_read_unlock(); + +-- +cgit 1.2.3-1.el7 + diff --git a/rpm/kernel-binary.spec.in b/rpm/kernel-binary.spec.in index b51d011..437fbed 100644 --- a/rpm/kernel-binary.spec.in +++ b/rpm/kernel-binary.spec.in @@ -288,6 +288,11 @@ fi mkdir -p %kernel_build_dir # Generate a list of modules with their support status marking +# The first marker is supposed to be either "+external", "-" or "-!optional", +# where "+external" is for an externally supported module, "-" is for an +# unsuppored module, "-!optional" is for Leap-only unsupported module. +# There can be an optional arch-specific second marker with "+arch" (e.g. +# +arm64), which enforces the module to be supported on the specific arch. %_sourcedir/guards --list --with-guards <%_sourcedir/supported.conf | \ awk '{ t = ""; @@ -321,7 +326,7 @@ awk '{ t = ""; for (i = 1; i < NF; i++) { if ($i == "+'%cpu_arch'") { - next; + t = ""; } else if ($i ~ "^-") { t = $i } @@ -752,7 +757,7 @@ if [ %CONFIG_MODULES = y ]; then echo %obj_install_dir/%cpu_arch/%build_flavor/Symbols.list > %my_builddir/livepatch-files.no_dir %if "%CONFIG_LIVEPATCH_IPA_CLONES" == "y" - find %kernel_build_dir -name "*.ipa-clones" ! -size 0 | sed -e 's|^%kernel_build_dir/||' > ipa-clones.list + find %kernel_build_dir -name "*.ipa-clones" ! -size 0 | sed -e 's|^%kernel_build_dir/||' | sort > ipa-clones.list cp ipa-clones.list %rpm_install_dir/%cpu_arch/%build_flavor echo %obj_install_dir/%cpu_arch/%build_flavor/ipa-clones.list >> %my_builddir/livepatch-files.no_dir tar -C %kernel_build_dir --verbatim-files-from -T ipa-clones.list -cf- | tar -C %rpm_install_dir/%cpu_arch/%build_flavor -xvf- diff --git a/rpm/klp-symbols b/rpm/klp-symbols index 07580f8..93f6ac4 100755 --- a/rpm/klp-symbols +++ b/rpm/klp-symbols @@ -48,7 +48,7 @@ echo "klp-convert-symbol-data.$KLP_DATA_VERSION" > "$KLP_SYMBOLS" echo "*vmlinux" >> "$KLP_SYMBOLS" get_symbols "$VMLINUX" >> "$KLP_SYMBOLS" -find "$MODVER_DIR" -iname '*.mod' | while read KMOD ; do +find "$MODVER_DIR" -iname '*.mod' | sort | while read KMOD ; do if [ "$MODVER_DIR" = "$KERNEL_BUILD_DIR" ]; then # kernel >= 5.3, just replace the suffix KO_FILE="${KMOD%.mod}.ko" diff --git a/scripts/lib/SUSE/MyBS.pm b/scripts/lib/SUSE/MyBS.pm index afb9840..91cdef7 100644 --- a/scripts/lib/SUSE/MyBS.pm +++ b/scripts/lib/SUSE/MyBS.pm @@ -568,8 +568,10 @@ sub upload_package { } # delete stale kernel-obs-build my $kob = "kernel-obs-build"; - $self->post("/build/$project?cmd=wipe&package=$kob"); - &$progresscb('WIPE', "$project $kob"); + if ($specfiles{$kob}) { + $self->post("/build/$project?cmd=wipe&package=$kob"); + &$progresscb('WIPE', "$project $kob"); + } return $revision; } diff --git a/series.conf b/series.conf index 954412f..b170beb 100644 --- a/series.conf +++ b/series.conf @@ -27766,6 +27766,7 @@ patches.suse/scsi-qla2xxx-Handle-NVME-status-iocb-correctly.patch patches.suse/scsi-qla2xxx-Set-Nport-ID-for-N2N.patch patches.suse/scsi-qla2xxx-Update-driver-version-to-10.01.00.25-k.patch + patches.suse/scsi-ufshcd-use-an-enum-for-quirks patches.suse/scsi-core-add-scsi_host_complete_all_commands-helper patches.suse/scsi-dpt_i2o-use-scsi_host_complete_all_commands-to-abort-outstanding-commands patches.suse/scsi-aacraid-do-not-wait-for-outstanding-write-commands-on-synchronize_cache @@ -34463,6 +34464,8 @@ patches.suse/scsi-target-tcmu-fix-a-use-after-free-in-tcmu_check_expired_queue_cmd patches.suse/scsi-lpfc-Fix-lpfc_nodelist-leak-when-processing-uns.patch patches.suse/scsi-mpt3sas-fix-reply-queue-count-in-non-rdpq-mode + patches.suse/scsi-ufs-qcom-Fix-scheduling-while-atomic-issue + patches.suse/scsi-cxgb3i-Fix-some-leaks-in-init_act_open patches.suse/dm-crypt-support-using-encrypted-keys.patch patches.suse/dm-mpath-switch-paths-in-dm_blk_ioctl-code-path.patch patches.suse/dm-add-emulated-block-size-target.patch @@ -35379,6 +35382,7 @@ patches.suse/scsi-target-tcmu-fix-size-in-calls-to-tcmu_flush_dcache_range patches.suse/scsi-mpt3sas-fix-memset-in-non-rdpq-mode patches.suse/scsi-qedf-remove-redundant-initialization-of-variable-rc + patches.suse/scsi-ufs-Don-t-update-urgent-bkops-level-when-toggling-auto-bkops patches.suse/scsi-hpsa-Lift-BIG_-IOCTL_Command_struct-copy-in-out.patch patches.suse/scsi-hpsa-Don-t-bother-with-vmalloc-for-BIG_IOCTL_Co.patch patches.suse/scsi-hpsa-Get-rid-of-compat_alloc_user_space.patch @@ -35389,6 +35393,7 @@ patches.suse/scsi-target-rename-target_setup_cmd_from_cdb-to-target_cmd_parse_cdb patches.suse/scsi-ibmvscsi-Don-t-send-host-info-in-adapter-info-M.patch patches.suse/msft-hv-2103-scsi-storvsc-Remove-memset-before-memory-freeing-in-.patch + patches.suse/scsi-acornscsi-Fix-an-error-handling-path-in-acornscsi_probe patches.suse/cfg80211-fix-management-registrations-deadlock.patch patches.suse/mac80211-initialize-return-flags-in-HE-6-GHz-operati.patch patches.suse/net-fix-wiki-website-url-mac80211-and-wireless-files.patch @@ -36602,6 +36607,7 @@ patches.suse/0003-btrfs-qgroup-remove-ASYNC_COMMIT-mechanism-in-favor-.patch patches.suse/btrfs-add-missing-check-for-nocow-and-compression-inode-flags.patch patches.suse/btrfs-reduce-contention-on-log-trees-when-logging-ch.patch + patches.suse/btrfs-open-device-without-device_list_mutex.patch patches.suse/btrfs-fix-race-between-page-release-and-a-fast-fsync.patch patches.suse/btrfs-release-old-extent-maps-during-page-release.patch patches.suse/btrfs-do-not-set-the-full-sync-flag-on-the-inode-dur.patch @@ -40980,10 +40986,16 @@ patches.suse/RDMA-umem-Add-a-schedule-point-in-ib_umem_get.patch patches.suse/RDMA-rxe-Remove-pkey-table.patch patches.suse/RDMA-mlx5-Fix-flow-destination-setting-for-RDMA-TX-f.patch + patches.suse/scsi-ufs-Add-quirk-to-fix-mishandling-utrlclr-utmrlclr + patches.suse/scsi-ufs-Add-quirk-to-disallow-reset-of-interrupt-aggregation + patches.suse/scsi-ufs-Add-quirk-to-enable-host-controller-without-hce + patches.suse/scsi-ufs-Introduce-UFSHCD_QUIRK_PRDT_BYTE_GRAN-quirk + patches.suse/scsi-ufs-Add-quirk-to-fix-abnormal-ocs-fatal-error patches.suse/scsi-Fix-trivial-spelling.patch patches.suse/scsi-target-tcmu-remove-unnecessary-bit-tcmu_cmd_bit_inflight patches.suse/scsi-target-tcmu-optimize-use-of-flush_dcache_page patches.suse/scsi-target-tcmu-fix-crash-in-tcmu_flush_dcache_range-on-arm + patches.suse/scsi-cumana_2-Fix-different-dev_id-between-request_irq-and-free_irq patches.suse/scsi-bnx2fc-removal-of-unused-variables patches.suse/msft-hv-2114-scsi-storvsc-Fix-spelling-mistake.patch patches.suse/scsi-target-tcmu-fix-crash-on-arm-during-cmd-completion @@ -41011,6 +41023,8 @@ patches.suse/scsi-lpfc-Add-blk_io_poll-support-for-latency-improv.patch patches.suse/scsi-lpfc-Add-an-internal-trace-log-buffer.patch patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.2.patch + patches.suse/scsi-powertec-Fix-different-dev_id-between-request_irq-and-free_irq + patches.suse/scsi-eesox-Fix-different-dev_id-between-request_irq-and-free_irq patches.suse/scsi-target-check-enforce_pr_isids-during-registration patches.suse/scsi-target-fix-xcopy-sess-release-leak patches.suse/scsi-target-fix-crash-during-spec_i_pt-handling @@ -41036,6 +41050,7 @@ patches.suse/scsi-target-remove-unused-variable-tpg patches.suse/scsi-cxgb4i-fix-dereference-of-pointer-tdata-before-it-is-null-checked patches.suse/scsi-cxgb4i-clean-up-a-debug-printk + patches.suse/scsi-scsi_debug-Add-check-for-sdebug_max_queue-during-module-init patches.suse/scsi-scsi_debug-Support-hostwide-tags.patch patches.suse/scsi-bnx2fc-repair-a-range-of-kerneldoc-issues patches.suse/scsi-qedf-demote-obvious-misuse-of-kerneldoc-to-standard-comment-blocks-a9d4aece @@ -41060,6 +41075,7 @@ patches.suse/scsi-hpsa-Bump-version.patch patches.suse/scsi-megaraid_sas-Clear-affinity-hint.patch patches.suse/scsi-lpfc-Add-dependency-on-CPU_FREQ.patch + patches.suse/scsi-mesh-Fix-panic-after-host-or-bus-reset patches.suse/scsi-libcxgbi-remove-unnecessary-null-checks-for-tdata-pointer patches.suse/scsi-core-Only-return-started-requests-from-scsi_hos.patch patches.suse/scsi-core-add-missing-scsi_device_put-in-scsi_host_block @@ -42396,7 +42412,9 @@ patches.suse/scsi-lpfc-Extend-the-RDF-FPIN-Registration-descripto.patch patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.4.patch patches.suse/scsi-target-iscsi-fix-data-digest-calculation + patches.suse/scsi-libsas-Set-data_dir-as-DMA_NONE-if-libata-marks-qc-as-NODATA patches.suse/scsi-target-iscsi-fix-hang-in-iscsit_access_np-when-getting-tpg-np_login_sem + patches.suse/scsi-megaraid_sas-Don-t-call-disable_irq-from-process-IRQ-poll patches.suse/scsi-mpt3sas-don-t-call-disable_irq-from-irq-poll-handler patches.suse/selftests-timers-Turn-off-timeout-setting.patch patches.suse/RDMA-rtrs-srv-Replace-device_register-with-device_in.patch @@ -42506,6 +42524,7 @@ patches.suse/1868-vgacon-remove-software-scrollback-support.patch patches.suse/msft-hv-2135-Drivers-hv-vmbus-hibernation-do-not-hang-forever-in-.patch patches.suse/msft-hv-2136-Drivers-hv-vmbus-Add-timeout-to-vmbus_wait_for_unloa.patch + patches.suse/scsi-libsas-Fix-error-path-in-sas_notify_lldd_dev_found patches.suse/clk-davinci-Use-the-correct-size-when-allocating-mem.patch patches.suse/clk-rockchip-Fix-initialization-of-mux_pll_src_4plls.patch patches.suse/clk-bcm-dvp-select-the-reset-framework.patch @@ -43213,6 +43232,7 @@ patches.suse/blk-mq-Use-pointers-for-blk_mq_tags-bitmap-tags.patch patches.suse/blk-mq-Facilitate-a-shared-sbitmap-per-tagset.patch patches.suse/fs-Don-t-invalidate-page-buffers-in-block_write_full.patch + patches.suse/0001-bcache-inherit-the-optimal-I-O-size.patch patches.suse/blk-mq-move-cancel-of-hctx-run_work-to-the-front-of-.patch patches.suse/ahci-Add-Intel-Rocket-Lake-PCH-H-RAID-PCI-IDs.patch patches.suse/ahci-qoriq-enable-acpi-support-in-qoriq-ahci-driver.patch @@ -43220,6 +43240,7 @@ patches.suse/nvmet-fc-fix-missing-check-for-no-hostport-struct.patch patches.suse/nvme-fix-error-handling-in-nvme_ns_report_zones.patch patches.suse/0002-bcache-check-c-root-with-IS_ERR_OR_NULL-in-mca_reser.patch + patches.suse/0002-bcache-Convert-to-DEFINE_SHOW_ATTRIBUTE.patch patches.suse/0003-bcache-remove-int-n-from-parameter-list-of-bch_bucke.patch patches.suse/0004-bcache-explicitly-make-cache_set-only-have-single-ca.patch patches.suse/0005-bcache-remove-for_each_cache.patch @@ -43459,6 +43480,7 @@ patches.suse/ipmi_si-Fix-wrong-return-value-in-try_smi_init.patch patches.suse/0002-dm-crypt-don-t-use-drivers-that-have-CRYPTO_ALG_ALLO.patch patches.suse/0016-dm-fix-missing-imposition-of-queue_limits-from-dm_wq.patch + patches.suse/scsi-ufs-Properly-release-resources-if-a-task-is-aborted-successfully patches.suse/scsi-mpt3sas-memset-config_cmds-reply-buffer-with-zeros patches.suse/scsi-mpt3sas-dump-system-registers-for-debugging patches.suse/scsi-mpt3sas-cancel-the-running-work-during-host-reset @@ -43478,12 +43500,15 @@ patches.suse/scsi-aacraid-remove-pci-dma-compat-wrapper-api patches.suse/scsi-mpt3sas-remove-pci-dma-compat-wrapper-api patches.suse/scsi-qla2xxx-Remove-pci-dma-compat-wrapper-API.patch + patches.suse/scsi-qla4xxx-Fix-an-error-handling-path-in-qla4xxx_get_host_stats patches.suse/scsi-qla2xxx-Fix-the-size-used-in-a-dma_free_coheren.patch patches.suse/scsi-lpfc-Fix-spelling-mistake-Cant-Can-t.patch patches.suse/scsi-qla2xxx-Remove-redundant-variable-initializatio.patch patches.suse/scsi-qla2xxx-Fix-wrong-return-value-in-qlt_chk_unres.patch patches.suse/scsi-qla2xxx-Fix-wrong-return-value-in-qla_nvme_regi.patch + patches.suse/scsi-csiostor-Fix-wrong-return-value-in-csio_hw_prep_fw patches.suse/scsi-aacraid-remove-erroneous-fallthrough-annotation + patches.suse/scsi-ufs-Make-ufshcd_print_trs-consider-UFSHCD_QUIRK_PRDT_BYTE_GRAN patches.suse/scsi-qla2xxx-Fix-the-return-value.patch patches.suse/scsi-ibmvfc-Use-compiler-attribute-defines-instead-o.patch patches.suse/scsi-ibmvfc-Interface-updates-for-future-FPIN-and-MQ.patch @@ -43528,6 +43553,7 @@ patches.suse/scsi-fnic-do-not-call-scsi_done-for-unhandled-commands.patch patches.suse/scsi-target-tcmu-fix-warning-page-may-be-used-uninitialized patches.suse/scsi-aacraid-add-a-missing-iounmap-call + patches.suse/scsi-be2iscsi-Fix-a-theoretical-leak-in-beiscsi_create_eqs patches.suse/scsi-lpfc-Drop-nodelist-reference-on-error-in-lpfc_g.patch patches.suse/scsi-lpfc-Remove-unneeded-variable-status-in-lpfc_fc.patch patches.suse/leds-mt6323-move-period-calculation.patch @@ -45025,6 +45051,7 @@ patches.suse/scsi-qla2xxx-Do-not-consume-srb-greedily.patch patches.suse/scsi-qla2xxx-Initialize-variable-in-qla8044_poll_reg.patch patches.suse/scsi-qla2xxx-Convert-to-DEFINE_SHOW_ATTRIBUTE.patch + patches.suse/scsi-bfa-Fix-error-return-in-bfad_pci_init patches.suse/scsi-pm80xx-increase-number-of-supported-queues patches.suse/scsi-pm80xx-remove-dma-memory-allocation-for-ccb-and-device-structures patches.suse/scsi-pm80xx-increase-the-number-of-outstanding-i-o-supported-to-1024 @@ -45061,6 +45088,8 @@ patches.suse/powerpc-64s-Remove-TM-from-Power10-features.patch patches.suse/powerpc-pseries-Avoid-using-addr_to_pfn-in-real-mode.patch patches.suse/x86-boot-64-initialize-5-level-paging-variables-earlier + patches.suse/x86-head-64-disable-stack-protection-for-head-bits-o + patches.suse/x86-boot-64-explicitly-map-boot_params-and-command-line patches.suse/ata-sata_rcar-Fix-DMA-boundary-mask.patch patches.suse/nvme-rdma-fix-crash-when-connect-rejected.patch patches.suse/nvme-rdma-fix-crash-due-to-incorrect-cqe.patch @@ -45174,6 +45203,11 @@ patches.suse/mm-truncate.c-make-__invalidate_mapping_pages-static.patch patches.suse/kthread_worker-prevent-queuing-delayed-work-from-tim.patch patches.suse/tty-make-FONTX-ioctl-use-the-tty-pointer-they-were-a.patch + patches.suse/x86-boot-compressed-64-introduce-sev_status + patches.suse/x86-boot-compressed-64-sanity-check-cpuid-results-in-the-early-vc-handler + patches.suse/x86-boot-compressed-64-check-sev-encryption-in-64-bit-boot-path + patches.suse/x86-head-64-check-sev-encryption-before-switching-to-kernel-page-table + patches.suse/x86-sev-es-do-not-support-mmio-to-from-encrypted-memory patches.suse/ice-docs-fix-a-devlink-info-that-broke-a-table.patch patches.suse/IB-srpt-docs-add-a-description-for-cq_size-member.patch patches.suse/PCI-dwc-Restore-ATU-memory-resource-setup-to-use-las.patch @@ -45610,6 +45644,7 @@ patches.suse/RDMA-hns-Bugfix-for-memory-window-mtpt-configuration.patch patches.suse/btrfs-fix-missing-delalloc-new-bit-for-new-delalloc-.patch patches.suse/btrfs-qgroup-don-t-commit-transaction-when-we-alread.patch + patches.suse/scsi-ufs-Fix-race-between-shutdown-and-runtime-resume-flow patches.suse/bnxt_en-fix-error-return-code-in-bnxt_init_one.patch patches.suse/bnxt_en-fix-error-return-code-in-bnxt_init_board.patch patches.suse/bnxt_en-Release-PCI-regions-when-DMA-mask-setup-fail.patch @@ -45733,6 +45768,7 @@ patches.suse/0017-dm-fix-double-RCU-unlock-in-dm_dax_zero_page_range-e.patch patches.suse/0011-dm-remove-invalid-sparse-__acquires-and-__releases-a.patch patches.suse/msft-hv-2173-scsi-storvsc-Fix-error-return-in-storvsc_probe.patch + patches.suse/scsi-mpt3sas-Fix-ioctl-timeout patches.suse/powerpc-64s-Fix-hash-ISA-v3.0-TLBIEL-instruction-gen.patch patches.suse/powerpc-64s-pseries-Fix-hash-tlbiel_all_isa300-for-g.patch patches.suse/kernel-cpu-add-arch-override-for-clear_tasks_mm_cpum.patch @@ -45827,6 +45863,8 @@ patches.suse/Input-i8042-add-Acer-laptops-to-the-i8042-reset-list.patch patches.suse/Input-cm109-do-not-stomp-on-control-URB.patch patches.suse/Input-goodix-add-upside-down-quirk-for-Teclast-X98-P.patch + patches.suse/scsi-bnx2i-Requires-MMU + patches.suse/scsi-be2iscsi-Revert-Fix-a-theoretical-leak-in-beiscsi_create_eqs patches.suse/x86-mm-mem_encrypt-fix-definition-of-pmd_flags_dec_wp.patch patches.suse/x86-resctrl-fix-incorrect-local-bandwidth-when-mba_sc-is-enabled.patch patches.suse/x86-apic-vector-Fix-ordering-in-vector-assignment.patch @@ -46566,6 +46604,7 @@ patches.suse/scsi-lpfc-Add-FDMI-Vendor-MIB-support.patch patches.suse/scsi-lpfc-Reject-CT-request-for-MIB-commands.patch patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.5.patch + patches.suse/scsi-libfc-Fix-enum-conversion-warning patches.suse/scsi-mpt3sas-define-hba_port-structure patches.suse/scsi-mpt3sas-allocate-memory-for-hba_port-objects patches.suse/scsi-mpt3sas-rearrange-scsih_mark_responding_sas_device @@ -46581,6 +46620,7 @@ patches.suse/scsi-mpt3sas-add-module-parameter-multipath_on_hba patches.suse/scsi-mpt3sas-bump-driver-version-to-35-101-00-00 patches.suse/scsi-aacraid-improve-compat_ioctl-handlers + patches.suse/scsi-megaraid_sas-Check-user-provided-offsets patches.suse/scsi-qla2xxx-Drop-TARGET_SCF_LOOKUP_LUN_FROM_TAG.patch patches.suse/scsi-qla2xxx-Move-sess-cmd-list-lock-to-driver.patch patches.suse/scsi-lpfc-lpfc_scsi-Fix-a-whole-host-of-kernel-doc-i.patch @@ -46640,11 +46680,16 @@ patches.suse/scsi-fnic-validate-io_req-before-others patches.suse/scsi-lpfc-Use-generic-power-management.patch patches.suse/scsi-pm80xx-do-not-sleep-in-atomic-context + patches.suse/scsi-hisi_sas-Remove-preemptible + patches.suse/scsi-qla4xxx-Remove-in_interrupt patches.suse/scsi-qla2xxx-Remove-in_interrupt-from-qla82xx-specif.patch patches.suse/scsi-target-tcm_qla2xxx-Remove-BUG_ON-in_interrupt.patch patches.suse/scsi-qla2xxx-Remove-in_interrupt-from-qla83xx-specif.patch patches.suse/scsi-lpfc-Correct-null-ndlp-reference-on-routine-exi.patch patches.suse/scsi-lpfc-Fix-fall-through-warnings-for-Clang.patch + patches.suse/scsi-qedi-Fix-missing-destroy_workqueue-on-error-in-__qedi_probe + patches.suse/scsi-pm80xx-Fix-error-return-in-pm8001_pci_probe + patches.suse/scsi-fnic-Fix-error-return-code-in-fnic_probe patches.suse/scsi-qla2xxx-Change-post-del-message-from-debug-leve.patch patches.suse/scsi-qla2xxx-Limit-interrupt-vectors-to-number-of-CP.patch patches.suse/scsi-qla2xxx-Tear-down-session-if-FW-say-it-is-down.patch @@ -46941,6 +46986,7 @@ patches.suse/lib-zlib-fix-inflating-zlib-streams-on-s390 patches.suse/zlib-move-export_symbol-and-module_license-out-of-dfltcc_syms-c patches.suse/0013-scsi-block-Fix-a-race-in-the-runtime-power-managemen.patch + patches.suse/scsi-cxgb4i-Fix-TLS-dependency patches.suse/i40e-Fix-Error-I40E_AQ_RC_EINVAL-when-removing-VFs.patch patches.suse/iavf-fix-double-release-of-rtnl_lock.patch patches.suse/net-mvpp2-disable-force-link-UP-during-port-init-pro.patch @@ -47217,6 +47263,7 @@ patches.suse/mmc-core-don-t-initialize-block-size-from-ext_csd-if.patch patches.suse/0007-dm-crypt-fix-copy-and-paste-bug-in-crypt_alloc_req_a.patch patches.suse/dm-avoid-filesystem-lookup-in-dm_get_dev_t.patch + patches.suse/scsi-megaraid_sas-Fix-MEGASAS_IOC_FIRMWARE-regression patches.suse/scsi-ibmvfc-Fix-missing-cast-of-ibmvfc_event-pointer.patch patches.suse/scsi-scsi_transport_srp-Don-t-block-target-in-failfa.patch patches.suse/scsi-libfc-Avoid-invoking-response-handler-twice-if-.patch @@ -47593,6 +47640,7 @@ patches.suse/xfs-reduce-quota-reservation-when-doing-a-dax-unwrit.patch patches.suse/ata-ahci_brcm-Add-back-regulators-management.patch patches.suse/block-bfq-set-next_rq-to-waker_bfqq-next_rq-in-waker.patch + patches.suse/0003-bcache-don-t-pass-BIOSET_NEED_BVECS-for-the-bio_set-.patch patches.suse/0018-bsg-free-the-request-before-return-error-code.patch patches.suse/bfq-Avoid-false-bfq-queue-merging.patch patches.suse/bfq-Use-ttime-local-variable.patch @@ -47879,6 +47927,7 @@ patches.suse/scsi-qla2xxx-Remove-unnecessary-NULL-check.patch patches.suse/scsi-qla2xxx-Remove-redundant-NULL-check.patch patches.suse/scsi-qla2xxx-Fix-some-memory-corruption.patch + patches.suse/scsi-lpfc-Fix-ancient-double-free patches.suse/scsi-qla2xxx-Simplify-the-calculation-of-variables.patch patches.suse/RDMA-rtrs-Extend-ibtrs_cq_qp_create.patch patches.suse/RDMA-rtrs-srv-Release-lock-before-call-into-close_se.patch @@ -48012,7 +48061,9 @@ patches.suse/i40e-Fix-endianness-conversions.patch patches.suse/vxlan-move-debug-check-after-netdev-unregister.patch patches.suse/wireguard-selftests-test-multiple-parallel-streams.patch + patches.suse/wireguard-peer-put-frequently-used-members-above-cac.patch patches.suse/wireguard-device-do-not-generate-ICMP-for-non-IP-pac.patch + patches.suse/wireguard-queueing-get-rid-of-per-peer-ring-buffers.patch patches.suse/wireguard-kconfig-use-arm-chacha-even-with-no-neon.patch patches.suse/ice-report-correct-max-number-of-TCs.patch patches.suse/ice-Set-trusted-VF-as-default-VSI-when-setting-allmu.patch @@ -48043,7 +48094,10 @@ patches.suse/cifs-introduce-helper-for-finding-referral-server.patch patches.suse/i2c-brcmstb-Fix-brcmstd_send_i2c_cmd-condition.patch patches.suse/i2c-exynos5-Preserve-high-speed-master-code.patch + patches.suse/blk-settings-align-max_sectors-on-logical_block_size.patch patches.suse/scsi-qla2xxx-Simplify-if-statement.patch + patches.suse/scsi-bnx2fc-Fix-Kconfig-warning-CNIC-build-errors + patches.suse/scsi-sd-Fix-Opal-support patches.suse/btrfs-fix-race-between-writes-to-swap-files-and-scru.patch patches.suse/btrfs-fix-race-between-swap-file-activation-and-snap.patch patches.suse/btrfs-fix-stale-data-exposure-after-cloning-a-hole-w.patch @@ -48286,6 +48340,7 @@ patches.suse/ASoC-simple-card-utils-Do-not-handle-device-clock.patch patches.suse/ASoC-rt5659-Update-MCLK-rate-in-set_sysclk.patch patches.suse/ALSA-usb-audio-Fix-unintentional-sign-extension-issu.patch + patches.suse/iommu-amd-keep-track-of-amd_iommu_irq_remap-state patches.suse/Revert-PM-runtime-Update-device-status-before-lettin.patch patches.suse/s390-vtime-fix-increased-steal-time-accounting.patch patches.suse/s390-pci-fix-leak-of-pci-device-structure @@ -48295,8 +48350,10 @@ patches.suse/nvme-tcp-fix-misuse-of-__smp_processor_id-with-preem.patch patches.suse/0001-nvme-tcp-fix-possible-hang-when-failing-to-set-io-qu.patch patches.suse/scsi-ibmvfc-Free-channel_setup_buf-during-device-tea.patch + patches.suse/scsi-myrs-Fix-a-double-free-in-myrs_cleanup patches.suse/scsi-qla2xxx-Fix-broken-endif-placement.patch patches.suse/scsi-lpfc-Fix-some-error-codes-in-debugfs.patch + patches.suse/scsi-mpt3sas-Do-not-use-GFP_KERNEL-in-atomic-context patches.suse/PCI-rpadlpar-Fix-potential-drc_name-corruption-in-st.patch patches.suse/x86-introduce-ts_compat_restart-to-fix-get_nr_restart_syscall.patch patches.suse/x86-ioapic-ignore-irq2-again.patch @@ -48397,6 +48454,8 @@ patches.suse/ACPI-video-Add-missing-callback-back-for-Sony-VPCEH3.patch patches.suse/scsi-ibmvfc-Fix-potential-race-in-ibmvfc_wait_for_op.patch patches.suse/scsi-ibmvfc-Make-ibmvfc_wait_for_ops-MQ-aware.patch + patches.suse/scsi-qedi-Fix-error-return-code-of-qedi_alloc_global_queues + patches.suse/scsi-mpt3sas-Fix-error-return-code-of-mpt3sas_base_attach patches.suse/scsi-target-pscsi-Avoid-OOM-in-pscsi_map_sg.patch patches.suse/scsi-target-pscsi-Clean-up-after-failure-in-pscsi_ma.patch patches.suse/block-recalculate-segment-count-for-multi-segment-di.patch @@ -48572,6 +48631,7 @@ patches.suse/bpf-Refactor-and-streamline-bounds-check-into-helper.patch patches.suse/bpf-Move-sanitize_val_alu-out-of-op-switch.patch patches.suse/bpf-Tighten-speculative-pointer-arithmetic-mask.patch + patches.suse/scsi-libsas-Reset-num_scatter-if-libata-marks-qc-as-NODATA patches.suse/KEYS-trusted-Fix-TPM-reservation-for-seal-unseal.patch patches.suse/gpio-omap-Save-and-restore-sysconfig.patch patches.suse/pinctrl-lewisburg-Update-number-of-pins-in-community.patch @@ -48592,6 +48652,14 @@ patches.suse/crypto-stm32-cryp-Fix-PM-reference-leak-on-stm32-cry.patch patches.suse/crypto-arm-curve25519-Move-.fpu-after-.arch.patch patches.suse/x86-microcode-check-for-offline-cpus-before-requesting-new-microcode.patch + patches.suse/x86-boot-compressed-64-cleanup-exception-handling-before-booting-kernel + patches.suse/x86-sev-do-not-require-hypervisor-cpuid-bit-for-sev-guests + patches.suse/x86-boot-compressed-64-reload-cs-in-startup_32 + patches.suse/x86-boot-compressed-64-setup-idt-in-startup_32-boot-path + patches.suse/x86-boot-compressed-64-add-32-bit-boot-vc-handler + patches.suse/x86-boot-compressed-64-add-cpuid-sanity-check-to-32-bit-boot-path + patches.suse/x86-boot-compressed-64-check-sev-encryption-in-the-32-bit-boot-path + patches.suse/x86-sev-es-replace-open-coded-hlt-loops-with-sev_es_terminate patches.suse/x86-platform-uv-set-section-block-size-for-hubless-architectures.patch patches.suse/genirq-Reduce-irqdebug-cacheline-bouncing.patch patches.suse/posix-timers-Preserve-return-value-in-clock_adjtime3.patch @@ -48815,6 +48883,13 @@ patches.suse/0002-md-md_open-returns-EBUSY-when-entering-racing-area.patch patches.suse/0003-md-factor-out-a-mddev_find_locked-helper-from-mddev_.patch patches.suse/0004-md-split-mddev_find.patch + patches.suse/0004-bcache-reduce-redundant-code-in-bch_cached_dev_run.patch + patches.suse/0005-bcache-remove-PTR_CACHE.patch + patches.suse/0006-bcache-use-NULL-instead-of-using-plain-integer-as-po.patch + patches.suse/0007-md-bcache-avoid-Wempty-body-warnings.patch + patches.suse/0008-md-bcache-Trivial-typo-fixes-in-the-file-journal.c.patch + patches.suse/0009-bcache-Use-64-bit-arithmetic-instead-of-32-bit.patch + patches.suse/0010-bcache-fix-a-regression-of-code-compiling-failure-in.patch patches.suse/nvme-sanitize-KATO-setting.patch patches.suse/nvme-add-kato-sysfs-attribute.patch patches.suse/0005-md-cluster-fix-use-after-free-issue-when-removing-rd.patch @@ -48944,6 +49019,11 @@ patches.suse/scsi-mpt3sas-only-one-vses-is-present-even-when-ioc-has-multi-vses patches.suse/scsi-pm80xx-increase-timeout-for-pm80xx-mpi_uninit_check-fix patches.suse/scsi-pm80xx-fix-potential-infinite-loop + patches.suse/scsi-ufs-ufshcd-pltfrm-Fix-deferred-probing + patches.suse/scsi-hisi_sas-Fix-IRQ-checks + patches.suse/scsi-jazz_esp-Add-IRQ-check + patches.suse/scsi-sun3x_esp-Add-IRQ-check + patches.suse/scsi-sni_53c710-Add-IRQ-check patches.suse/scsi-qla2xxx-Remove-unneeded-if-null-free-check.patch patches.suse/scsi-qla2xxx-Reuse-existing-error-handling-path.patch patches.suse/scsi-lpfc-Fix-rmmod-crash-due-to-bad-ring-pointers-t.patch @@ -48973,6 +49053,7 @@ patches.suse/selftests-bpf-Re-generate-vmlinux.h-and-BPF-skeleton.patch patches.suse/libbpf-Add-explicit-padding-to-btf_dump_emit_type_de.patch patches.suse/nfc-pn533-prevent-potential-memory-corruption.patch + patches.suse/net-hns3-Limiting-the-scope-of-vector_ring_chain-var.patch patches.suse/liquidio-Fix-unintented-sign-extension-of-a-left-shi.patch patches.suse/Bluetooth-SMP-Fail-if-remote-and-local-public-keys-a.patch patches.suse/Bluetooth-avoid-deadlock-between-hci_dev-lock-and-so.patch @@ -48988,6 +49069,7 @@ patches.suse/ibmvnic-clean-up-the-remaining-debugfs-data-structur.patch patches.suse/ibmvnic-print-reset-reason-as-a-string.patch patches.suse/ibmvnic-print-adapter-state-as-a-string.patch + patches.suse/rtw88-8822c-add-LC-calibration-for-RTL8822C.patch patches.suse/rtw88-Fix-an-error-code-in-rtw_debugfs_set_rsvd_page.patch patches.suse/mt7601u-fix-always-true-expression.patch patches.suse/ibmvnic-improve-failover-sysfs-entry.patch @@ -49096,6 +49178,7 @@ patches.suse/ASoC-rt286-Make-RT286_SET_GPIO_-readable-and-writabl.patch patches.suse/ASoC-Intel-boards-sof-wm8804-add-check-for-PLL-setti.patch patches.suse/ASoC-samsung-snow-remove-useless-test.patch + patches.suse/ASoC-Intel-soc-acpi-remove-TGL-RVP-mixed-SoundWire-T.patch patches.suse/ASoC-Intel-bytcr_rt5640-Enable-jack-detect-support-o.patch patches.suse/ASoC-samsung-tm2_wm5110-check-of-of_parse-return-val.patch patches.suse/ASoC-rsnd-core-Check-convert-rate-in-rsnd_hw_params.patch @@ -49157,6 +49240,9 @@ patches.suse/RDMA-srpt-Fix-error-return-code-in-srpt_cm_req_recv.patch patches.suse/RDMA-rtrs-clt-destroy-sysfs-after-removing-session-f.patch patches.suse/IB-hfi1-Rework-AIP-and-VNIC-dummy-netdev-usage.patch + patches.suse/iommu-fix-a-boundary-issue-to-avoid-performance-drop + patches.suse/iommu-vt-d-report-right-snoop-capability-when-using-fl-for-iova + patches.suse/iommu-vt-d-remove-wo-permissions-on-second-level-paging-entries patches.suse/KVM-s390-fix-guarded-storage-control-register-handli.patch patches.suse/0001-dm-rq-fix-double-free-of-blk_mq_tag_set-in-dev-remov.patch patches.suse/tracing-map-all-pids-to-command-lines.patch @@ -49234,6 +49320,8 @@ patches.suse/scsi-lpfc-Fix-illegal-memory-access-on-Abort-IOCBs.patch patches.suse/scsi-lpfc-Fix-DMA-virtual-address-ptr-assignment-in-.patch patches.suse/scsi-lpfc-Fix-bad-memory-access-during-VPD-DUMP-mail.patch + patches.suse/scsi-qla2xxx-Prevent-PRLI-in-target-mode.patch + patches.suse/scsi-ufs-core-Narrow-down-fast-path-in-system-suspend-path patches.suse/scsi-fnic-Kill-exclude_id-argument-to-fnic_cleanup_i.patch patches.suse/scsi-fnic-Use-scsi_host_busy_iter-to-traverse-commands.patch patches.suse/drm-i915-display-fix-compiler-warning-about-array-ov.patch @@ -49289,6 +49377,7 @@ patches.suse/leds-lp5523-check-return-value-of-lp5xx_read-and-jum.patch patches.suse/Revert-serial-max310x-pass-return-value-of-spi_regis.patch patches.suse/serial-max310x-unregister-uart-driver-in-case-of-fai.patch + patches.suse/Revert-qlcnic-Avoid-potential-NULL-pointer-dereferen.patch patches.suse/Revert-gdrom-fix-a-memory-leak-bug.patch patches.suse/cdrom-gdrom-deallocate-struct-gdrom_unit-fields-in-r.patch patches.suse/Revert-char-hpet-fix-a-missing-check-of-ioremap.patch @@ -49311,6 +49400,7 @@ patches.suse/media-gspca-mt9m111-Check-write_bridge-for-timeout.patch patches.suse/Revert-media-gspca-Check-the-return-value-of-write_b.patch patches.suse/media-gspca-properly-check-for-errors-in-po1030_prob.patch + patches.suse/Revert-net-liquidio-fix-a-NULL-pointer-dereference.patch patches.suse/Revert-brcmfmac-add-a-check-for-the-status-of-usb_re.patch patches.suse/brcmfmac-properly-check-for-bus-register-errors.patch patches.suse/cdrom-gdrom-initialize-global-variable-at-init-time.patch @@ -49354,8 +49444,22 @@ patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch patches.suse/x86-sev-es-move-sev_es_put_ghcb-in-prep-for-follow-on-patch.patch patches.suse/x86-sev-es-invalidate-the-ghcb-after-completing-vmgexit.patch + patches.suse/x86-sev-es-don-t-return-null-from-sev_es_get_ghcb + patches.suse/x86-sev-es-forward-page-faults-which-happen-during-emulation + patches.suse/x86-sev-es-use-_put_user-_get_user-for-data-accesses + patches.suse/locking-mutex-clear-MUTEX_FLAGS-if-wait_list-is-empt.patch patches.suse/spi-spi-fsl-dspi-Fix-a-resource-leak-in-an-error-han.patch + patches.suse/net-mlx4-Fix-EEPROM-dump-support.patch + patches.suse/mac80211-assure-all-fragments-are-encrypted.patch + patches.suse/mac80211-prevent-mixed-key-and-fragment-cache-attack.patch + patches.suse/mac80211-properly-handle-A-MSDUs-that-start-with-an-.patch patches.suse/cfg80211-mitigate-A-MSDU-aggregation-attacks.patch + patches.suse/mac80211-drop-A-MSDUs-on-old-ciphers.patch + patches.suse/mac80211-add-fragment-cache-to-sta_info.patch + patches.suse/mac80211-check-defrag-PN-against-current-frame.patch + patches.suse/mac80211-prevent-attacks-on-TKIP-WEP-as-well.patch + patches.suse/mac80211-do-not-accept-forward-invalid-EAPOL-frames.patch + patches.suse/mac80211-extend-protection-against-mixed-key-and-fra.patch patches.suse/bpf-Fix-alu32-const-subreg-bound-tracking-on-bitwise.patch patches.suse/bpf-ringbuf-Deny-reserve-of-buffers-larger-than-ring.patch patches.suse/bpf-Prevent-writable-memory-mapping-of-read-only-rin.patch @@ -49363,12 +49467,22 @@ patches.suse/cxgb4-ch_ktls-Clear-resources-when-pf4-device-is-rem.patch patches.suse/netfilter-nft_set_pipapo_avx2-Add-irq_fpu_usable-che.patch patches.suse/NFC-nci-fix-memory-leak-in-nci_allocate_device.patch + patches.suse/net-bnx2-Fix-error-return-code-in-bnx2_init_board.patch + patches.suse/gve-Update-mgmt_msix_idx-if-num_ntfy-changes.patch + patches.suse/gve-Add-NULL-pointer-checks-when-freeing-irqs.patch + patches.suse/gve-Upgrade-memory-barrier-in-poll-routine.patch + patches.suse/gve-Correct-SKB-queue-index-validation.patch patches.suse/net-hns3-fix-incorrect-resp_msg-issue.patch + patches.suse/net-hns3-put-off-calling-register_netdev-until-clien.patch + patches.suse/net-mlx5e-Fix-nullptr-in-add_vlan_push_action.patch patches.suse/net-mlx5-Set-reformat-action-when-needed-for-termina.patch patches.suse/net-mlx5e-Fix-null-deref-accessing-lag-dev.patch patches.suse/net-mlx5e-reset-XPS-on-error-flow-if-netdev-isn-t-re.patch + patches.suse/net-mlx5e-Fix-multipath-lag-activation.patch patches.suse/net-mlx5e-Fix-error-path-of-updating-netdev-queues.patch patches.suse/net-mlx5-Set-term-table-as-an-unmanaged-flow-table.patch + patches.suse/cxgb4-avoid-accessing-registers-when-clearing-filter.patch + patches.suse/ixgbe-fix-large-MTU-request-from-VF.patch patches.suse/net-sched-fq_pie-re-factor-fix-for-fq_pie-endless-lo.patch patches.suse/net-sched-fq_pie-fix-OOB-access-in-the-traffic-path.patch patches.suse/net-usb-fix-memory-leak-in-smsc75xx_bind.patch @@ -49376,12 +49490,16 @@ patches.suse/bpf-Wrap-aux-data-inside-bpf_sanitize_info-container.patch patches.suse/bpf-Fix-mask-direction-swap-upon-off-reg-sign-change.patch patches.suse/bpf-No-need-to-simulate-speculative-domain-for-immed.patch + patches.suse/iommu-virtio-add-missing-module_device_table + patches.suse/iommu-vt-d-use-user-privilege-for-rid2pasid-translation patches.suse/ALSA-usb-audio-fix-control-request-direction.patch patches.suse/ALSA-usb-audio-scarlett2-Fix-device-hang-with-ehci-p.patch patches.suse/ALSA-usb-audio-scarlett2-Improve-driver-startup-mess.patch patches.suse/ALSA-hda-realtek-Headphone-volume-is-controlled-by-F.patch patches.suse/ALSA-hda-realtek-the-bass-speaker-can-t-output-sound.patch patches.suse/ALSA-usb-audio-scarlett2-snd_scarlett_gen2_controls_.patch + patches.suse/ASoC-max98088-fix-ni-clock-divider-calculation.patch + patches.suse/ASoC-amd-fix-for-pcm_read-error.patch patches.suse/ASoC-cs42l42-Regmap-must-use_single_read-write.patch patches.suse/ASoC-cs35l33-fix-an-error-code-in-probe.patch patches.suse/ALSA-hda-realtek-Chain-in-pop-reduction-fixup-for-Th.patch @@ -49419,6 +49537,7 @@ patches.suse/USB-trancevibrator-fix-control-request-direction.patch patches.suse/usb-gadget-udc-renesas_usb3-Fix-a-race-in-usb3_start.patch patches.suse/thunderbolt-dma_port-Fix-NVM-read-buffer-bounds-and-.patch + patches.suse/thunderbolt-usb4-Fix-NVM-read-buffer-bounds-and-offs.patch patches.suse/serial-tegra-Fix-a-mask-operation-that-is-always-tru.patch patches.suse/serial-core-fix-suspicious-security_locked_down-call.patch patches.suse/serial-sh-sci-Fix-off-by-one-error-in-FIFO-threshold.patch @@ -49436,6 +49555,7 @@ patches.suse/i2c-sh_mobile-Use-new-clock-calculation-formulas-for.patch patches.suse/i2c-i801-Don-t-generate-an-interrupt-on-bus-reset.patch patches.suse/i2c-s3c2410-fix-possible-NULL-pointer-deref-on-read-.patch + patches.suse/HID-multitouch-require-Finger-field-to-mark-Win8-rep.patch patches.suse/HID-i2c-hid-Skip-ELAN-power-on-command-after-reset.patch patches.suse/HID-pidff-fix-error-return-code-in-hid_pidff_init.patch patches.suse/HID-i2c-hid-fix-format-string-mismatch.patch @@ -49443,29 +49563,76 @@ patches.suse/hwmon-dell-smm-hwmon-Fix-index-values.patch patches.suse/ACPICA-Clean-up-context-mutex-during-object-deletion.patch patches.suse/efi-Allow-EFI_MEMORY_XP-and-EFI_MEMORY_RO-both-to-be.patch + patches.suse/efi-libstub-prevent-read-overflow-in-find_file_optio.patch patches.suse/efi-cper-fix-snprintf-use-in-cper_dimm_err_location.patch + patches.suse/vfio-pci-Fix-error-return-code-in-vfio_ecap_init.patch + patches.suse/vfio-pci-zap_vma_ptes-needs-MMU.patch + patches.suse/vfio-platform-fix-module_put-call-in-error-flow.patch patches.suse/drm-i915-selftests-Fix-return-value-check-in-live_br.patch patches.suse/drm-amdgpu-Don-t-query-CE-and-UE-errors.patch + patches.suse/drm-amdgpu-make-sure-we-unpin-the-UVD-BO.patch patches.suse/ALSA-hda-cirrus-Set-Initial-DMIC-volume-to-26-dB.patch patches.suse/ALSA-hda-Fix-for-mute-key-LED-for-HP-Pavilion-15-CK0.patch + patches.suse/ALSA-timer-Fix-master-timer-notification.patch patches.suse/ALSA-hda-update-the-power_state-during-the-direct-co.patch patches.suse/devlink-Correct-VIRTUAL-port-to-not-have-phys_port-a.patch patches.suse/net-sched-act_ct-Offload-connections-with-commit-act.patch patches.suse/netfilter-nf_tables-missing-error-reporting-for-not-.patch patches.suse/nfc-fix-NULL-ptr-dereference-in-llcp_sock_getname-af.patch patches.suse/net-mlx5e-Fix-incompatible-casting.patch + patches.suse/net-mlx5-DR-Create-multi-destination-flow-table-with.patch patches.suse/cxgb4-fix-regression-with-HASH-tc-prio-value-update.patch + patches.suse/Bluetooth-fix-the-erroneous-flush_work-order.patch + patches.suse/wireguard-selftests-remove-old-conntrack-kconfig-val.patch + patches.suse/wireguard-selftests-make-sure-rp_filter-is-disabled-.patch + patches.suse/wireguard-do-not-use-O3.patch + patches.suse/wireguard-use-synchronize_net-rather-than-synchroniz.patch + patches.suse/wireguard-peer-allocate-in-kmem_cache.patch + patches.suse/wireguard-allowedips-initialize-list-head-in-selftes.patch patches.suse/ice-Fix-allowing-VF-to-request-more-less-queues-via-.patch + patches.suse/ice-Fix-VFR-issues-for-AVF-drivers-that-expect-ATQLE.patch patches.suse/ice-handle-the-VF-VSI-rebuild-failure.patch + patches.suse/ice-Allow-all-LLDP-packets-from-PF-to-Tx.patch + patches.suse/cxgb4-avoid-link-re-train-during-TC-MQPRIO-configura.patch + patches.suse/pid-take-a-reference-when-initializing-cad_pid.patch + patches.suse/0011-lib-crc64-fix-kernel-doc-warning.patch patches.suse/i2c-qcom-geni-Suspend-and-resume-the-bus-during-SYST.patch + patches.suse/x86-apic-mark-all_-legacy-interrupts-when-io-apic-is-missing.patch patches.suse/dmaengine-idxd-Use-cpu_feature_enabled.patch + patches.suse/x86-cpufeatures-force-disable-x86_feature_enqcmd-and-remove-update_pasid.patch + patches.suse/x86-fault-don-t-send-sigsegv-twice-on-segv_pkuerr.patch + patches.suse/x86-sev-check-sme-sev-support-in-cpuid-first patches.suse/powerpc-kprobes-Fix-validation-of-prefixed-instructi.patch patches.suse/bus-ti-sysc-Fix-flakey-idling-of-uarts-and-stop-usin.patch + patches.suse/scsi-lpfc-Fix-failure-to-transmit-ABTS-on-FC-link.patch + patches.suse/regulator-core-resolve-supply-for-boot-on-always-on-.patch + patches.suse/regulator-max77620-Use-device_set_of_node_from_dev.patch + patches.suse/vmlinux.lds.h-Avoid-orphan-section-with-SMP.patch + patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-and-speaker-f-15d295b.patch + patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-and-speaker-f-61d3e87.patch + patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-EliteB.patch + patches.suse/ALSA-hda-realtek-headphone-and-mic-don-t-work-on-an-.patch + patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-ZBook-.patch + patches.suse/ALSA-seq-Fix-race-of-snd_seq_timer_open.patch patches.suse/Revert-ACPI-sleep-Put-the-FACS-table-after-using-it.patch patches.suse/drm-msm-a6xx-update-fix-CP_PROTECT-initialization.patch patches.suse/drm-msm-a6xx-fix-incorrectly-set-uavflagprd_inv-fiel.patch patches.suse/drm-mcde-Fix-off-by-10-3-in-calculation.patch patches.suse/gpio-wcd934x-Fix-shift-out-of-bounds-error.patch + patches.suse/0012-bcache-remove-bcache-device-self-defined-readahead.patch + patches.suse/0013-bcache-avoid-oversized-read-request-in-cache-missing.patch + patches.suse/staging-rtl8723bs-Fix-uninitialized-variables.patch + patches.suse/usb-musb-fix-MUSB_QUIRK_B_DISCONNECT_99-handling.patch + patches.suse/usb-pd-Set-PD_T_SINK_WAIT_CAP-to-310ms.patch + patches.suse/USB-serial-quatech2-fix-control-request-directions.patch + patches.suse/USB-f_ncm-ncm_bitrate-speed-is-unsigned.patch + patches.suse/usb-fix-various-gadgets-null-ptr-deref-on-10gbps-cab.patch + patches.suse/usb-typec-intel_pmc_mux-Put-fwnode-in-error-case-dur.patch + patches.suse/usb-typec-wcove-Use-LE-to-CPU-conversion-when-access.patch + patches.suse/usb-typec-ucsi-Clear-PPM-capability-data-in-ucsi_ini.patch + patches.suse/usb-typec-mux-Fix-copy-paste-mistake-in-typec_mux_ma.patch + patches.suse/USB-serial-cp210x-fix-alternate-function-for-CP2102N.patch + patches.suse/dmaengine-idxd-add-missing-dsa-driver-unregister.patch # netdev/net-next patches.suse/ibmvnic-remove-default-label-from-to_string-switch.patch @@ -49474,8 +49641,6 @@ patches.suse/scsi-ibmvfc-Handle-move-login-failure.patch patches.suse/scsi-ibmvfc-Avoid-move-login-if-fast-fail-is-enabled.patch patches.suse/scsi-ibmvfc-Reinit-target-retries.patch - - # mkp/scsi queue patches.suse/scsi-lpfc-Fix-unreleased-RPIs-when-NPIV-ports-are-cr.patch patches.suse/scsi-lpfc-Fix-non-optimized-ERSP-handling.patch patches.suse/scsi-lpfc-Fix-Unexpected-timeout-error-in-direct-att.patch @@ -49488,6 +49653,12 @@ patches.suse/scsi-lpfc-Reregister-FPIN-types-if-ELS_RDF-is-receiv.patch patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.10.patch + # mkp/scsi queue + patches.suse/scsi-scsi_dh_alua-Retry-RTPG-on-a-different-path-aft.patch + + # git://git.kernel.dk/linux-block.git for-next + patches.suse/block-return-the-correct-bvec-when-checking-for-gaps.patch + # git://github.com/cminyard/linux-ipmi.git for-next patches.suse/0001-ipmi-watchdog-Stop-watchdog-timer-when-the-current-a.patch @@ -49556,6 +49727,7 @@ patches.suse/0001-netfilter-conntrack-add-new-sysctl-to-disable-RST-ch.patch patches.suse/block-genhd-use-atomic_t-for-disk_event-block.patch patches.suse/nxp-nci-add-NXP1002-id.patch + patches.suse/xfrm-policy-Read-seqcount-outside-of-rcu-read-side-i.patch ######################################################## # kbuild/module infrastructure fixes @@ -49742,16 +49914,7 @@ patches.suse/Revert-netfilter-conntrack-remove-helper-hook-again.patch patches.suse/net-sctp-filter-remap-copy_from_user-failure-error.patch patches.suse/net-sched-disable-nolock-pfifo-fast.patch - - patches.suse/mac80211-assure-all-fragments-are-encrypted.patch - patches.suse/mac80211-prevent-mixed-key-and-fragment-cache-attack.patch - patches.suse/mac80211-properly-handle-A-MSDUs-that-start-with-an-.patch - patches.suse/mac80211-drop-A-MSDUs-on-old-ciphers.patch - patches.suse/mac80211-add-fragment-cache-to-sta_info.patch - patches.suse/mac80211-check-defrag-PN-against-current-frame.patch - patches.suse/mac80211-prevent-attacks-on-TKIP-WEP-as-well.patch - patches.suse/mac80211-do-not-accept-forward-invalid-EAPOL-frames.patch - patches.suse/mac80211-extend-protection-against-mixed-key-and-fra.patch + patches.suse/NFC-SUSE-specific-brutal-fix-for-runtime-PM.patch ######################################################## # Security @@ -49968,6 +50131,8 @@ patches.suse/drm-v3d-add-support-for-bcm2711.patch patches.suse/soc-bcm-bcm2835-pm-add-support-for-bcm2711.patch + patches.suse/mmc-sdhci-Clear-unused-bounce-buffer-at-DMA-mmap-err.patch + ######################################################## # Debugging ######################################################## @@ -50051,6 +50216,7 @@ patches.kabi/nxp-i2c-restore-includes-for-kABI.patch patches.kabi/UCSI-fixup-of-array-of-PDOs.patch patches.kabi/lis3lv02d-kabi-workaround.patch + patches.kabi/rtw88-kabi-workaround.patch ######################################################## # You'd better have a good reason for adding a patch