From e33600536945cf6015ab20a58b8c578fe836b3f3 Mon Sep 17 00:00:00 2001 From: Kernel Build Daemon Date: Dec 13 2022 06:06:02 +0000 Subject: Merge branch 'SLE12-SP5' into SLE12-SP5-AZURE --- diff --git a/blacklist.conf b/blacklist.conf index 8c0dbd6..cbf72c6 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -2332,3 +2332,16 @@ bce5963bcb4f9934faa52be323994511d59fd13c # fixes patch of 4.13 e8240addd0a3919e0fd7436416afe9aa6429c484 # reverts a patch not applied 5c13a4a0291b30191eff9ead8d010e1ca43a4d0c # patch is based on a major rework 72791ac854fea36034fa7976b748fde585008e78 # would break kABI without major gain +16cfacc8085782dab8e365979356ce1ca87fd6cc # breaks KVM shadow paging +4a6f278d4827b59ba26ceae0ff4529ee826aa258 # old bug, and would also require 44361e8cf9dd ("fuse: lock inode unconditionally in fuse_fallocate()") +c596687a008b579c503afb7a64fcacc7270fae9e # stable noise, no threaded cgroups in 4.12 +e9d81a1bc2c48ea9782e3e8b53875f419766ef47 # stable noise, no threaded cgroups in 4.12 +cee0c33c546a93957a52ae9ab6bebadbee765ec5 # stable noise, no threaded cgroups in 4.12 +479adb89a97b0a33e5a9d702119872cc82ca21aa # stable noise, no threaded cgroups in 4.12 +9c974c77246460fa6a92c18554c3311c8c83c160 # stable noise, no threaded cgroups in 4.12 +4dcabece4c3a9f9522127be12cc12cc120399b2f # stable noise, no dying_descendants tracking in 4.12 +45e1ba40837ac2f6f4d4716bddb8d44bd7e4a251 # issue depends on 476b30a0949a v5.13-rc1 +51bee5abeab2058ea5813c5615d6197a23dbf041 # overrun looks temporary, can't reproduce with l3vm VM +2e5383d7904e60529136727e49629a82058a5607 # we don't CONFIG_STATIC_USERMODEHELPER +6f390916c4fb359507d9ac4bf1b28a4f8abee5c0 # needed only by 44551b2f693d1ddcab4ca9895074f8f61c3a72af +b7493e91c11a757cf0f8ab26989642ee4bb2c642 # reverted by 4664610537d398d55be19432f9cd9c29c831e159 diff --git a/patches.suse/0001-ipv6-ping-fix-wrong-checksum-for-large-frames.patch b/patches.suse/0001-ipv6-ping-fix-wrong-checksum-for-large-frames.patch new file mode 100644 index 0000000..5f64405 --- /dev/null +++ b/patches.suse/0001-ipv6-ping-fix-wrong-checksum-for-large-frames.patch @@ -0,0 +1,47 @@ +From 59c3fa2f2f0f6e485d69e6f0115e44ba848079ba Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Tue, 11 Oct 2022 14:27:28 -0700 +Subject: [PATCH 1/1] ipv6: ping: fix wrong checksum for large frames +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Git-commit: 87445f369cca2965620e79f87145d3d7fa35befd +Patch-mainline: v6.1-rc1 +References: bsc#1203183 + +For a given ping datagram, ping_getfrag() is called once +per skb fragment. + +A large datagram requiring more than one page fragment +is currently getting the checksum of the last fragment, +instead of the cumulative one. + +After this patch, "ping -s 35000 ::1" is working correctly. + +Fixes: 6d0bfe226116 ("net: ipv6: Add IPv6 support to the ping socket.") +Signed-off-by: Eric Dumazet +Cc: Lorenzo Colitti +Cc: Maciej Żenczykowski +Signed-off-by: David S. Miller +Signed-off-by: Firo Yang +--- + net/ipv4/ping.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c +index 1b6874cacdbe..a9ca98214f1e 100644 +--- a/net/ipv4/ping.c ++++ b/net/ipv4/ping.c +@@ -628,7 +628,7 @@ int ping_getfrag(void *from, char *to, + * wcheck, it will be finalized in ping_v4_push_pending_frames. + */ + if (pfh->family == AF_INET6) { +- skb->csum = pfh->wcheck; ++ skb->csum = csum_block_add(skb->csum, pfh->wcheck, odd); + skb->ip_summed = CHECKSUM_NONE; + pfh->wcheck = 0; + } +-- +2.26.2 + diff --git a/patches.suse/KVM-x86-Manually-calculate-reserved-bits-when-loadin.patch b/patches.suse/KVM-x86-Manually-calculate-reserved-bits-when-loadin.patch deleted file mode 100644 index 877af57..0000000 --- a/patches.suse/KVM-x86-Manually-calculate-reserved-bits-when-loadin.patch +++ /dev/null @@ -1,78 +0,0 @@ -Patch-mainline: v5.4-rc1 -Git-commit: 16cfacc8085782dab8e365979356ce1ca87fd6cc -References: git-fixes -From: Sean Christopherson -Date: Tue, 3 Sep 2019 16:36:45 -0700 -Subject: [PATCH] KVM: x86: Manually calculate reserved bits when loading - PDPTRS - -Manually generate the PDPTR reserved bit mask when explicitly loading -PDPTRs. The reserved bits that are being tracked by the MMU reflect the -current paging mode, which is unlikely to be PAE paging in the vast -majority of flows that use load_pdptrs(), e.g. CR0 and CR4 emulation, -__set_sregs(), etc... This can cause KVM to incorrectly signal a bad -PDPTR, or more likely, miss a reserved bit check and subsequently fail -a VM-Enter due to a bad VMCS.GUEST_PDPTR. - -Add a one off helper to generate the reserved bits instead of sharing -code across the MMU's calculations and the PDPTR emulation. The PDPTR -reserved bits are basically set in stone, and pushing a helper into -the MMU's calculation adds unnecessary complexity without improving -readability. - -Oppurtunistically fix/update the comment for load_pdptrs(). - -Note, the buggy commit also introduced a deliberate functional change, -"Also remove bit 5-6 from rsvd_bits_mask per latest SDM.", which was -effectively (and correctly) reverted by commit cd9ae5fe47df ("KVM: x86: -Fix page-tables reserved bits"). A bit of SDM archaeology shows that -the SDM from late 2008 had a bug (likely a copy+paste error) where it -listed bits 6:5 as AVL and A for PDPTEs used for 4k entries but reserved -for 2mb entries. I.e. the SDM contradicted itself, and bits 6:5 are and -always have been reserved. - -Fixes: 20c466b56168d ("KVM: Use rsvd_bits_mask in load_pdptrs()") -Cc: stable@vger.kernel.org -Cc: Nadav Amit -Reported-by: Doug Reiland -Signed-off-by: Sean Christopherson -Reviewed-by: Peter Xu -Signed-off-by: Paolo Bonzini -Signed-off-by: Juergen Gross ---- - arch/x86/kvm/x86.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index b4cfd786d0b6..605f9902f164 100644 ---- a/arch/x86/kvm/x86.c -+++ b/arch/x86/kvm/x86.c -@@ -674,8 +674,14 @@ static int kvm_read_nested_guest_page(struct kvm_vcpu *vcpu, gfn_t gfn, - data, offset, len, access); - } - -+static inline u64 pdptr_rsvd_bits(struct kvm_vcpu *vcpu) -+{ -+ return rsvd_bits(cpuid_maxphyaddr(vcpu), 63) | rsvd_bits(5, 8) | -+ rsvd_bits(1, 2); -+} -+ - /* -- * Load the pae pdptrs. Return true is they are all valid. -+ * Load the pae pdptrs. Return 1 if they are all valid, 0 otherwise. - */ - int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3) - { -@@ -694,8 +700,7 @@ int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3) - } - for (i = 0; i < ARRAY_SIZE(pdpte); ++i) { - if ((pdpte[i] & PT_PRESENT_MASK) && -- (pdpte[i] & -- vcpu->arch.mmu.guest_rsvd_check.rsvd_bits_mask[0][2])) { -+ (pdpte[i] & pdptr_rsvd_bits(vcpu))) { - ret = 0; - goto out; - } --- -2.35.3 - diff --git a/patches.suse/ath5k-fix-OOB-in-ath5k_eeprom_read_pcal_info_5111.patch b/patches.suse/ath5k-fix-OOB-in-ath5k_eeprom_read_pcal_info_5111.patch new file mode 100644 index 0000000..49dca26 --- /dev/null +++ b/patches.suse/ath5k-fix-OOB-in-ath5k_eeprom_read_pcal_info_5111.patch @@ -0,0 +1,80 @@ +From: Zekun Shen +Date: Sun, 26 Dec 2021 22:12:13 -0500 +Subject: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 +Git-commit: 564d4eceb97eaf381dd6ef6470b06377bb50c95a +Patch-mainline: 5.18-rc1 +References: git-fixes + +The bug was found during fuzzing. Stacktrace locates it in +ath5k_eeprom_convert_pcal_info_5111. +When none of the curve is selected in the loop, idx can go +up to AR5K_EEPROM_N_PD_CURVES. The line makes pd out of bound. +pd = &chinfo[pier].pd_curves[idx]; + +There are many OOB writes using pd later in the code. So I +added a sanity check for idx. Checks for other loops involving +AR5K_EEPROM_N_PD_CURVES are not needed as the loop index is not +used outside the loops. + +The patch is NOT tested with real device. + +The following is the fuzzing report + +BUG: KASAN: slab-out-of-bounds in ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] +Write of size 1 at addr ffff8880174a4d60 by task modprobe/214 + +CPU: 0 PID: 214 Comm: modprobe Not tainted 5.6.0 #1 +Call Trace: + dump_stack+0x76/0xa0 + print_address_description.constprop.0+0x16/0x200 + ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] + ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] + __kasan_report.cold+0x37/0x7c + ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] + kasan_report+0xe/0x20 + ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] + ? apic_timer_interrupt+0xa/0x20 + ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k] + ? ath5k_pci_eeprom_read+0x228/0x3c0 [ath5k] + ath5k_eeprom_init+0x2513/0x6290 [ath5k] + ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k] + ? usleep_range+0xb8/0x100 + ? apic_timer_interrupt+0xa/0x20 + ? ath5k_eeprom_read_pcal_info_2413+0x2f20/0x2f20 [ath5k] + ath5k_hw_init+0xb60/0x1970 [ath5k] + ath5k_init_ah+0x6fe/0x2530 [ath5k] + ? kasprintf+0xa6/0xe0 + ? ath5k_stop+0x140/0x140 [ath5k] + ? _dev_notice+0xf6/0xf6 + ? apic_timer_interrupt+0xa/0x20 + ath5k_pci_probe.cold+0x29a/0x3d6 [ath5k] + ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k] + ? mutex_lock+0x89/0xd0 + ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k] + local_pci_probe+0xd3/0x160 + pci_device_probe+0x23f/0x3e0 + ? pci_device_remove+0x280/0x280 + ? pci_device_remove+0x280/0x280 + really_probe+0x209/0x5d0 + +Reported-by: Brendan Dolan-Gavitt +Signed-off-by: Zekun Shen +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/YckvDdj3mtCkDRIt@a-10-27-26-18.dynapool.vpn.nyu.edu +Signed-off-by: Jiri Slaby +--- + drivers/net/wireless/ath/ath5k/eeprom.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/net/wireless/ath/ath5k/eeprom.c ++++ b/drivers/net/wireless/ath/ath5k/eeprom.c +@@ -746,6 +746,9 @@ ath5k_eeprom_convert_pcal_info_5111(stru + } + } + ++ if (idx == AR5K_EEPROM_N_PD_CURVES) ++ goto err_out; ++ + ee->ee_pd_gains[mode] = 1; + + pd = &chinfo[pier].pd_curves[idx]; diff --git a/patches.suse/cuse-prevent-clone.patch b/patches.suse/cuse-prevent-clone.patch new file mode 100644 index 0000000..86e6675 --- /dev/null +++ b/patches.suse/cuse-prevent-clone.patch @@ -0,0 +1,34 @@ +From: Miklos Szeredi +Date: Wed, 14 Apr 2021 10:40:58 +0200 +Subject: cuse: prevent clone +Git-commit: 8217673d07256b22881127bf50dce874d0e51653 +Patch-mainline: v5.13-rc1 +References: bsc#1206120 + +For cloned connections cuse_channel_release() will be called more than +once, resulting in use after free. + +Prevent device cloning for CUSE, which does not make sense at this point, +and highly unlikely to be used in real life. + +Signed-off-by: Miklos Szeredi +Acked-by: Luis Henriques + +--- + fs/fuse/cuse.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/fs/fuse/cuse.c b/fs/fuse/cuse.c +index 45082269e698..a37528b51798 100644 +--- a/fs/fuse/cuse.c ++++ b/fs/fuse/cuse.c +@@ -627,6 +627,8 @@ static int __init cuse_init(void) + cuse_channel_fops.owner = THIS_MODULE; + cuse_channel_fops.open = cuse_channel_open; + cuse_channel_fops.release = cuse_channel_release; ++ /* CUSE is not prepared for FUSE_DEV_IOC_CLONE */ ++ cuse_channel_fops.unlocked_ioctl = NULL; + + cuse_class = class_create(THIS_MODULE, "cuse"); + if (IS_ERR(cuse_class)) + diff --git a/patches.suse/fuse-don-t-check-refcount-after-stealing-page.patch b/patches.suse/fuse-don-t-check-refcount-after-stealing-page.patch new file mode 100644 index 0000000..30c1363 --- /dev/null +++ b/patches.suse/fuse-don-t-check-refcount-after-stealing-page.patch @@ -0,0 +1,32 @@ +From: Miklos Szeredi +Date: Tue, 19 May 2020 14:50:37 +0200 +Subject: fuse: don't check refcount after stealing page +Git-commit: 32f98877c57bee6bc27f443a96f49678a2cd6a50 +Patch-mainline: v5.8-rc1 +References: bsc#1206119 + +page_count() is unstable. Unless there has been an RCU grace period +between when the page was removed from the page cache and now, a +speculative reference may exist from the page cache. + +Reported-by: Matthew Wilcox +Signed-off-by: Miklos Szeredi +Acked-by: Luis Henriques + +--- + fs/fuse/dev.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c +index b8962581c699..ec97cabe51ce 100644 +--- a/fs/fuse/dev.c ++++ b/fs/fuse/dev.c +@@ -764,7 +764,6 @@ static int fuse_check_page(struct page *page) + { + if (page_mapcount(page) || + page->mapping != NULL || +- page_count(page) != 1 || + (page->flags & PAGE_FLAGS_CHECK_AT_PREP & + ~(1 << PG_locked | + 1 << PG_referenced | + diff --git a/patches.suse/fuse-retrieve-cap-requested-size-to-negotiated-max_write.patch b/patches.suse/fuse-retrieve-cap-requested-size-to-negotiated-max_write.patch new file mode 100644 index 0000000..d1a35f0 --- /dev/null +++ b/patches.suse/fuse-retrieve-cap-requested-size-to-negotiated-max_write.patch @@ -0,0 +1,65 @@ +From: Kirill Smelkov +Date: Wed, 27 Mar 2019 10:15:19 +0000 +Subject: fuse: retrieve: cap requested size to negotiated max_write +Git-commit: 7640682e67b33cab8628729afec8ca92b851394f +Patch-mainline: v5.2-rc1 +References: bsc#1206118 + +FUSE filesystem server and kernel client negotiate during initialization +phase, what should be the maximum write size the client will ever issue. +Correspondingly the filesystem server then queues sys_read calls to read +requests with buffer capacity large enough to carry request header + that +max_write bytes. A filesystem server is free to set its max_write in +anywhere in the range between [1*page, fc->max_pages*page]. In particular +go-fuse[2] sets max_write by default as 64K, wheres default fc->max_pages +corresponds to 128K. Libfuse also allows users to configure max_write, but +by default presets it to possible maximum. + +If max_write is < fc->max_pages*page, and in NOTIFY_RETRIEVE handler we +allow to retrieve more than max_write bytes, corresponding prepared +NOTIFY_REPLY will be thrown away by fuse_dev_do_read, because the +filesystem server, in full correspondence with server/client contract, will +be only queuing sys_read with ~max_write buffer capacity, and +fuse_dev_do_read throws away requests that cannot fit into server request +buffer. In turn the filesystem server could get stuck waiting indefinitely +for NOTIFY_REPLY since NOTIFY_RETRIEVE handler returned OK which is +understood by clients as that NOTIFY_REPLY was queued and will be sent +back. + +Cap requested size to negotiate max_write to avoid the problem. This +aligns with the way NOTIFY_RETRIEVE handler works, which already +unconditionally caps requested retrieve size to fuse_conn->max_pages. This +way it should not hurt NOTIFY_RETRIEVE semantic if we return less data than +was originally requested. + +Please see [1] for context where the problem of stuck filesystem was hit +for real, how the situation was traced and for more involving patch that +did not make it into the tree. + +[1] https://marc.info/?l=linux-fsdevel&m=155057023600853&w=2 +[2] https://github.com/hanwen/go-fuse + +Signed-off-by: Kirill Smelkov +Cc: Han-Wen Nienhuys +Cc: Jakob Unterwurzacher +Signed-off-by: Miklos Szeredi +Acked-by: Luis Henriques + +--- + fs/fuse/dev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c +index 2d65a00740ad..ea8237513dfa 100644 +--- a/fs/fuse/dev.c ++++ b/fs/fuse/dev.c +@@ -1749,7 +1749,7 @@ static int fuse_retrieve(struct fuse_conn *fc, struct inode *inode, + offset = outarg->offset & ~PAGE_MASK; + file_size = i_size_read(inode); + +- num = outarg->size; ++ num = min(outarg->size, fc->max_write); + if (outarg->offset > file_size) + num = 0; + else if (outarg->offset + num > file_size) + diff --git a/patches.suse/fuse-use-READ_ONCE-on-congestion_threshold-and-max_background.patch b/patches.suse/fuse-use-READ_ONCE-on-congestion_threshold-and-max_background.patch new file mode 100644 index 0000000..fba9a6b --- /dev/null +++ b/patches.suse/fuse-use-READ_ONCE-on-congestion_threshold-and-max_background.patch @@ -0,0 +1,42 @@ +From: Kirill Tkhai +Date: Mon, 27 Aug 2018 18:29:29 +0300 +Subject: fuse: use READ_ONCE on congestion_threshold and max_background +Git-commit: 2a23f2b8adbe4bd584f936f7ac17a99750eed9d7 +Patch-mainline: v4.20-rc1 +References: bsc#1206117 + +Since they are of unsigned int type, it's allowed to read them +unlocked during reporting to userspace. Let's underline this fact +with READ_ONCE() macroses. + +Signed-off-by: Kirill Tkhai +Signed-off-by: Miklos Szeredi +Acked-by: Luis Henriques + +--- + fs/fuse/control.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/fuse/control.c b/fs/fuse/control.c +index 0b694655d988..acc35819aae6 100644 +--- a/fs/fuse/control.c ++++ b/fs/fuse/control.c +@@ -107,7 +107,7 @@ static ssize_t fuse_conn_max_background_read(struct file *file, + if (!fc) + return 0; + +- val = fc->max_background; ++ val = READ_ONCE(fc->max_background); + fuse_conn_put(fc); + + return fuse_conn_limit_read(file, buf, len, ppos, val); +@@ -144,7 +144,7 @@ static ssize_t fuse_conn_congestion_threshold_read(struct file *file, + if (!fc) + return 0; + +- val = fc->congestion_threshold; ++ val = READ_ONCE(fc->congestion_threshold); + fuse_conn_put(fc); + + return fuse_conn_limit_read(file, buf, len, ppos, val); + diff --git a/patches.suse/s390-Remove-arch_has_random-arch_has_random_seed b/patches.suse/s390-Remove-arch_has_random-arch_has_random_seed new file mode 100644 index 0000000..c1549d2 --- /dev/null +++ b/patches.suse/s390-Remove-arch_has_random-arch_has_random_seed @@ -0,0 +1,40 @@ +From: Richard Henderson +Date: Fri, 10 Jan 2020 14:54:15 +0000 +Subject: s390: Remove arch_has_random, arch_has_random_seed +Git-commit: 5e054c820f59bbb9714d5767f5f476581c309ca8 +Patch-mainline: v5.6-rc1 +References: git-fixes + +These symbols are currently part of the generic archrandom.h +interface, but are currently unused and can be removed. + +Signed-off-by: Richard Henderson +Signed-off-by: Mark Brown +Link: https://lore.kernel.org/r/20200110145422.49141-4-broonie@kernel.org +Signed-off-by: Theodore Ts'o +Acked-by: Petr Tesarik +--- + arch/s390/include/asm/archrandom.h | 12 ------------ + 1 file changed, 12 deletions(-) + +--- a/arch/s390/include/asm/archrandom.h ++++ b/arch/s390/include/asm/archrandom.h +@@ -20,18 +20,6 @@ extern atomic64_t s390_arch_random_count + + bool s390_arch_random_generate(u8 *buf, unsigned int nbytes); + +-static inline bool arch_has_random(void) +-{ +- return false; +-} +- +-static inline bool arch_has_random_seed(void) +-{ +- if (static_branch_likely(&s390_arch_random_available)) +- return true; +- return false; +-} +- + static inline bool arch_get_random_long(unsigned long *v) + { + return false; diff --git a/patches.suse/s390-appldata-depends-on-PROC_SYSCTL b/patches.suse/s390-appldata-depends-on-PROC_SYSCTL new file mode 100644 index 0000000..285b3ad --- /dev/null +++ b/patches.suse/s390-appldata-depends-on-PROC_SYSCTL @@ -0,0 +1,39 @@ +From: Randy Dunlap +Date: Thu, 27 May 2021 17:24:20 -0700 +Subject: s390: appldata depends on PROC_SYSCTL +Git-commit: 5d3516b3647621d5a1180672ea9e0817fb718ada +Patch-mainline: v5.14-rc1 +References: git-fixes + +APPLDATA_BASE should depend on PROC_SYSCTL instead of PROC_FS. +Building with PROC_FS but not PROC_SYSCTL causes a build error, +since appldata_base.c uses data and APIs from fs/proc/proc_sysctl.c. + +arch/s390/appldata/appldata_base.o: in function `appldata_generic_handler': +appldata_base.c:(.text+0x192): undefined reference to `sysctl_vals' + +Fixes: c185b783b099 ("[S390] Remove config options.") +Signed-off-by: Randy Dunlap +Cc: Heiko Carstens +Cc: Vasily Gorbik +Cc: Christian Borntraeger +Cc: linux-s390@vger.kernel.org +Signed-off-by: Vasily Gorbik +Link: https://lore.kernel.org/r/20210528002420.17634-1-rdunlap@infradead.org +Signed-off-by: Vasily Gorbik +Acked-by: Petr Tesarik +--- + arch/s390/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/s390/Kconfig ++++ b/arch/s390/Kconfig +@@ -946,7 +946,7 @@ config CMM_IUCV + config APPLDATA_BASE + def_bool n + prompt "Linux - VM Monitor Stream, base infrastructure" +- depends on PROC_FS ++ depends on PROC_SYSCTL + help + This provides a kernel interface for creating and updating z/VM APPLDATA + monitor records. The monitor records are updated at certain time diff --git a/patches.suse/s390-cio-add-tpi.h-header-file b/patches.suse/s390-cio-add-tpi.h-header-file new file mode 100644 index 0000000..361a0b0 --- /dev/null +++ b/patches.suse/s390-cio-add-tpi.h-header-file @@ -0,0 +1,92 @@ +From: Sven Schnelle +Date: Mon, 10 May 2021 21:10:15 +0200 +Subject: s390/cio: Fix the "type" field in s390_cio_tpi tracepoint +Git-commit: c63c473f18a7b72ba5cdc37b9a564dc2a4b625d5 +Patch-mainline: v5.14-rc1 +References: git-fixes + +For future work we need the struct tpi_info declaration in asm/ptrace.h. +Due to circular dependencies it cannot stay in asm/lowcore.h or asm/cio.h, +which would be the preferred location. Therefore add it in its own header +file. + +Also fix a typo in the length of a reserved field that did not have a +functional effect beyond an incorrect field value in the s390_cio_tpi +tracepoint. + +Fixes: 2ab59de7c5ce ("s390/cio: Consolidate inline assemblies and related data definitions") +Signed-off-by: Sven Schnelle +Acked-by: Peter Oberparleiter +Signed-off-by: Heiko Carstens +Signed-off-by: Vasily Gorbik +[ ptesarik: The original subject was "add tpi.h header file", but that + is not why this commit is backported to SLE12-SP5. ] +Acked-by: Petr Tesarik +--- + arch/s390/include/asm/cio.h | 1 + + arch/s390/include/asm/tpi.h | 20 ++++++++++++++++++++ + drivers/s390/cio/cio.h | 13 +------------ + 3 files changed, 22 insertions(+), 12 deletions(-) + +--- a/arch/s390/include/asm/cio.h ++++ b/arch/s390/include/asm/cio.h +@@ -8,6 +8,7 @@ + #include + #include + #include ++#include + + #define LPM_ANYPATH 0xff + #define __MAX_CSSID 0 +--- /dev/null ++++ b/arch/s390/include/asm/tpi.h +@@ -0,0 +1,20 @@ ++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ ++#ifndef _ASM_S390_TPI_H ++#define _ASM_S390_TPI_H ++ ++#include ++#include ++ ++/* I/O-Interruption Code as stored by TEST PENDING INTERRUPTION (TPI). */ ++struct tpi_info { ++ struct subchannel_id schid; ++ u32 intparm; ++ u32 adapter_IO:1; ++ u32 directed_irq:1; ++ u32 isc:3; ++ u32 :12; ++ u32 type:3; ++ u32 :12; ++} __packed __aligned(4); ++ ++#endif /* _ASM_S390_TPI_H */ +--- a/drivers/s390/cio/cio.h ++++ b/drivers/s390/cio/cio.h +@@ -8,6 +8,7 @@ + #include + #include + #include ++#include + #include "chsc.h" + + /* +@@ -45,18 +46,6 @@ struct pmcw { + /* ... in an operand exception. */ + } __attribute__ ((packed)); + +-/* I/O-Interruption Code as stored by TEST PENDING INTERRUPTION (TPI). */ +-struct tpi_info { +- struct subchannel_id schid; +- u32 intparm; +- u32 adapter_IO:1; +- u32 directed_irq:1; +- u32 isc:3; +- u32 :27; +- u32 type:3; +- u32 :12; +-} __packed __aligned(4); +- + /* Target SCHIB configuration. */ + struct schib_config { + u64 mba; diff --git a/patches.suse/s390-cio-dont-call-css_wait_for_slow_path-inside-a-lock b/patches.suse/s390-cio-dont-call-css_wait_for_slow_path-inside-a-lock new file mode 100644 index 0000000..cef348d --- /dev/null +++ b/patches.suse/s390-cio-dont-call-css_wait_for_slow_path-inside-a-lock @@ -0,0 +1,64 @@ +From: Vineeth Vijayan +Date: Wed, 9 Jun 2021 09:21:08 +0200 +Subject: s390/cio: dont call css_wait_for_slow_path() inside a lock +Git-commit: c749d8c018daf5fba6dfac7b6c5c78b27efd7d65 +Patch-mainline: v5.14-rc1 +References: git-fixes + +Currently css_wait_for_slow_path() gets called inside the chp->lock. +The path-verification-loop of slowpath inside this lock could lead to +deadlock as reported by the lockdep validator. + +The ccw_device_get_chp_desc() during the instance of a device-set-online +would try to acquire the same 'chp->lock' to read the chp->desc. +The instance of this function can get called from multiple scenario, +like probing or setting-device online manually. This could, in some +corner-cases lead to the deadlock. + +lockdep validator reported this as, + + CPU0 CPU1 + ---- ---- + lock(&chp->lock); + lock(kn->active#43); + lock(&chp->lock); + lock((wq_completion)cio); + +The chp->lock was introduced to serialize the access of struct +channel_path. This lock is not needed for the css_wait_for_slow_path() +function, so invoke the slow-path function outside this lock. + +Fixes: b730f3a93395 ("[S390] cio: add lock to struct channel_path") +Cc: +Reviewed-by: Peter Oberparleiter +Signed-off-by: Vineeth Vijayan +Signed-off-by: Vasily Gorbik +Acked-by: Petr Tesarik +--- + drivers/s390/cio/chp.c | 3 +++ + drivers/s390/cio/chsc.c | 2 -- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/s390/cio/chp.c ++++ b/drivers/s390/cio/chp.c +@@ -254,6 +254,9 @@ static ssize_t chp_status_write(struct d + if (!num_args) + return count; + ++ /* Wait until previous actions have settled. */ ++ css_wait_for_slow_path(); ++ + if (!strncasecmp(cmd, "on", 2) || !strcmp(cmd, "1")) { + mutex_lock(&cp->lock); + error = s390_vary_chpid(cp->chpid, 1); +--- a/drivers/s390/cio/chsc.c ++++ b/drivers/s390/cio/chsc.c +@@ -769,8 +769,6 @@ int chsc_chp_vary(struct chp_id chpid, i + { + struct channel_path *chp = chpid_to_chp(chpid); + +- /* Wait until previous actions have settled. */ +- css_wait_for_slow_path(); + /* + * Redo PathVerification on the devices the chpid connects to + */ diff --git a/patches.suse/s390-cpcmd-fix-inline-assembly-register-clobbering b/patches.suse/s390-cpcmd-fix-inline-assembly-register-clobbering new file mode 100644 index 0000000..132e716 --- /dev/null +++ b/patches.suse/s390-cpcmd-fix-inline-assembly-register-clobbering @@ -0,0 +1,39 @@ +From: Alexander Gordeev +Date: Mon, 29 Mar 2021 18:35:07 +0200 +Subject: s390/cpcmd: fix inline assembly register clobbering +Git-commit: 7a2f91441b2c1d81b77c1cd816a4659f4abc9cbe +Patch-mainline: v5.12-rc7 +References: git-fixes + +Register variables initialized using arithmetic. That leads to +kasan instrumentaton code corrupting the registers contents. +Follow GCC guidlines and use temporary variables for assigning +init values to register variables. + +Fixes: 94c12cc7d196 ("[S390] Inline assembly cleanup.") +Signed-off-by: Alexander Gordeev +Acked-by: Ilya Leoshkevich +Link: https://gcc.gnu.org/onlinedocs/gcc-10.2.0/gcc/Local-Register-Variables.html +Signed-off-by: Heiko Carstens +Acked-by: Petr Tesarik +--- + arch/s390/kernel/cpcmd.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/arch/s390/kernel/cpcmd.c ++++ b/arch/s390/kernel/cpcmd.c +@@ -36,10 +36,12 @@ static int diag8_noresponse(int cmdlen) + + static int diag8_response(int cmdlen, char *response, int *rlen) + { ++ unsigned long _cmdlen = cmdlen | 0x40000000L; ++ unsigned long _rlen = *rlen; + register unsigned long reg2 asm ("2") = (addr_t) cpcmd_buf; + register unsigned long reg3 asm ("3") = (addr_t) response; +- register unsigned long reg4 asm ("4") = cmdlen | 0x40000000L; +- register unsigned long reg5 asm ("5") = *rlen; ++ register unsigned long reg4 asm ("4") = _cmdlen; ++ register unsigned long reg5 asm ("5") = _rlen; + + asm volatile( + " diag %2,%0,0x8\n" diff --git a/patches.suse/s390-crypto-fix-scatterwalk_unmap-callers-in-AES-GCM b/patches.suse/s390-crypto-fix-scatterwalk_unmap-callers-in-AES-GCM new file mode 100644 index 0000000..4740abe --- /dev/null +++ b/patches.suse/s390-crypto-fix-scatterwalk_unmap-callers-in-AES-GCM @@ -0,0 +1,45 @@ +From: Jann Horn +Date: Tue, 17 May 2022 16:30:47 +0200 +Subject: s390/crypto: fix scatterwalk_unmap() callers in AES-GCM +Git-commit: bd52cd5e23f134019b23f0c389db0f9a436e4576 +Patch-mainline: v5.19-rc1 +References: git-fixes + +The argument of scatterwalk_unmap() is supposed to be the void* that was +returned by the previous scatterwalk_map() call. +The s390 AES-GCM implementation was instead passing the pointer to the +struct scatter_walk. + +This doesn't actually break anything because scatterwalk_unmap() only uses +its argument under CONFIG_HIGHMEM and ARCH_HAS_FLUSH_ON_KUNMAP. + +Fixes: bf7fa038707c ("s390/crypto: add s390 platform specific aes gcm support.") +Signed-off-by: Jann Horn +Acked-by: Harald Freudenberger +Link: https://lore.kernel.org/r/20220517143047.3054498-1-jannh@google.com +Signed-off-by: Heiko Carstens +Acked-by: Petr Tesarik +--- + arch/s390/crypto/aes_s390.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/s390/crypto/aes_s390.c ++++ b/arch/s390/crypto/aes_s390.c +@@ -860,7 +860,7 @@ static inline void _gcm_sg_unmap_and_adv + unsigned int nbytes) + { + gw->walk_bytes_remain -= nbytes; +- scatterwalk_unmap(&gw->walk); ++ scatterwalk_unmap(gw->walk_ptr); + scatterwalk_advance(&gw->walk, nbytes); + scatterwalk_done(&gw->walk, 0, gw->walk_bytes_remain); + gw->walk_ptr = NULL; +@@ -935,7 +935,7 @@ static int gcm_out_walk_go(struct gcm_sg + goto out; + } + +- scatterwalk_unmap(&gw->walk); ++ scatterwalk_unmap(gw->walk_ptr); + gw->walk_ptr = NULL; + + gw->ptr = gw->buf; diff --git a/patches.suse/s390-ctcm-fix-potential-memory-leak b/patches.suse/s390-ctcm-fix-potential-memory-leak new file mode 100644 index 0000000..9831ce4 --- /dev/null +++ b/patches.suse/s390-ctcm-fix-potential-memory-leak @@ -0,0 +1,60 @@ +From: Alexandra Winter +Date: Tue, 10 May 2022 09:05:07 +0200 +Subject: s390/ctcm: fix potential memory leak +Git-commit: 0c0b20587b9f25a2ad14db7f80ebe49bdf29920a +Patch-mainline: v5.18-rc7 +References: git-fixes + +smatch complains about +drivers/s390/net/ctcm_mpc.c:1210 ctcmpc_unpack_skb() warn: possible memory leak of 'mpcginfo' + +mpc_action_discontact() did not free mpcginfo. Consolidate the freeing in +ctcmpc_unpack_skb(). + +Fixes: 293d984f0e36 ("ctcm: infrastructure for replaced ctc driver") +Signed-off-by: Alexandra Winter +Signed-off-by: David S. Miller +Acked-by: Petr Tesarik +--- + drivers/s390/net/ctcm_mpc.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +--- a/drivers/s390/net/ctcm_mpc.c ++++ b/drivers/s390/net/ctcm_mpc.c +@@ -624,8 +624,6 @@ static void mpc_rcvd_sweep_resp(struct m + ctcm_clear_busy_do(dev); + } + +- kfree(mpcginfo); +- + return; + + } +@@ -1204,10 +1202,10 @@ static void ctcmpc_unpack_skb(struct cha + CTCM_FUNTAIL, dev->name); + priv->stats.rx_dropped++; + /* mpcginfo only used for non-data transfers */ +- kfree(mpcginfo); + if (do_debug_data) + ctcmpc_dump_skb(pskb, -8); + } ++ kfree(mpcginfo); + } + done: + +@@ -1990,7 +1988,6 @@ static void mpc_action_rcvd_xid0(fsm_ins + } + break; + } +- kfree(mpcginfo); + + CTCM_PR_DEBUG("ctcmpc:%s() %s xid2:%i xid7:%i xidt_p2:%i \n", + __func__, ch->id, grp->outstanding_xid2, +@@ -2051,7 +2048,6 @@ static void mpc_action_rcvd_xid7(fsm_ins + mpc_validate_xid(mpcginfo); + break; + } +- kfree(mpcginfo); + return; + } + diff --git a/patches.suse/s390-ctcm-fix-variable-dereferenced-before-check b/patches.suse/s390-ctcm-fix-variable-dereferenced-before-check new file mode 100644 index 0000000..b9e319e --- /dev/null +++ b/patches.suse/s390-ctcm-fix-variable-dereferenced-before-check @@ -0,0 +1,37 @@ +From: Alexandra Winter +Date: Tue, 10 May 2022 09:05:06 +0200 +Subject: s390/ctcm: fix variable dereferenced before check +Git-commit: 2c50c6867c85afee6f2b3bcbc50fc9d0083d1343 +Patch-mainline: v5.18-rc7 +References: git-fixes + +Found by cppcheck and smatch. +smatch complains about +drivers/s390/net/ctcm_sysfs.c:43 ctcm_buffer_write() warn: variable dereferenced before check 'priv' (see line 42) + +Fixes: 3c09e2647b5e ("ctcm: rename READ/WRITE defines to avoid redefinitions") +Reported-by: Colin Ian King +Signed-off-by: Alexandra Winter +Signed-off-by: David S. Miller +Acked-by: Petr Tesarik +--- + drivers/s390/net/ctcm_sysfs.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/s390/net/ctcm_sysfs.c ++++ b/drivers/s390/net/ctcm_sysfs.c +@@ -38,11 +38,12 @@ static ssize_t ctcm_buffer_write(struct + struct ctcm_priv *priv = dev_get_drvdata(dev); + int rc; + +- ndev = priv->channel[CTCM_READ]->netdev; +- if (!(priv && priv->channel[CTCM_READ] && ndev)) { ++ if (!(priv && priv->channel[CTCM_READ] && ++ priv->channel[CTCM_READ]->netdev)) { + CTCM_DBF_TEXT(SETUP, CTC_DBF_ERROR, "bfnondev"); + return -ENODEV; + } ++ ndev = priv->channel[CTCM_READ]->netdev; + + rc = kstrtouint(buf, 0, &bs1); + if (rc) diff --git a/patches.suse/s390-dasd-fix-Oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup b/patches.suse/s390-dasd-fix-Oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup new file mode 100644 index 0000000..4ec9dc2 --- /dev/null +++ b/patches.suse/s390-dasd-fix-Oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup @@ -0,0 +1,58 @@ +From: Stefan Haberland +Date: Mon, 19 Sep 2022 17:49:31 +0200 +Subject: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing + pavgroup +Git-commit: db7ba07108a48c0f95b74fabbfd5d63e924f992d +Patch-mainline: v6.0-rc7 +References: git-fixes + +Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup +pointer being NULL. + +The pavgroup pointer is checked on the entrance of the function but +without the lcu->lock being held. Therefore there is a race window +between dasd_alias_get_start_dev() and _lcu_update() which sets +pavgroup to NULL with the lcu->lock held. + +Fix by checking the pavgroup pointer with lcu->lock held. + +Cc: # 2.6.25+ +Fixes: 8e09f21574ea ("[S390] dasd: add hyper PAV support to DASD device driver, part 1") +Signed-off-by: Stefan Haberland +Reviewed-by: Jan Hoeppner +Link: https://lore.kernel.org/r/20220919154931.4123002-2-sth@linux.ibm.com +Signed-off-by: Jens Axboe +Acked-by: Petr Tesarik +--- + drivers/s390/block/dasd_alias.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/drivers/s390/block/dasd_alias.c ++++ b/drivers/s390/block/dasd_alias.c +@@ -674,12 +674,12 @@ int dasd_alias_remove_device(struct dasd + struct dasd_device *dasd_alias_get_start_dev(struct dasd_device *base_device) + { + struct dasd_eckd_private *alias_priv, *private = base_device->private; +- struct alias_pav_group *group = private->pavgroup; + struct alias_lcu *lcu = private->lcu; + struct dasd_device *alias_device; ++ struct alias_pav_group *group; + unsigned long flags; + +- if (!group || !lcu) ++ if (!lcu) + return NULL; + if (lcu->pav == NO_PAV || + lcu->flags & (NEED_UAC_UPDATE | UPDATE_PENDING)) +@@ -696,6 +696,11 @@ struct dasd_device *dasd_alias_get_start + } + + spin_lock_irqsave(&lcu->lock, flags); ++ group = private->pavgroup; ++ if (!group) { ++ spin_unlock_irqrestore(&lcu->lock, flags); ++ return NULL; ++ } + alias_device = group->next; + if (!alias_device) { + if (list_empty(&group->aliaslist)) { diff --git a/patches.suse/s390-lcs-fix-variable-dereferenced-before-check b/patches.suse/s390-lcs-fix-variable-dereferenced-before-check new file mode 100644 index 0000000..47aae8a --- /dev/null +++ b/patches.suse/s390-lcs-fix-variable-dereferenced-before-check @@ -0,0 +1,35 @@ +From: Alexandra Winter +Date: Tue, 10 May 2022 09:05:08 +0200 +Subject: s390/lcs: fix variable dereferenced before check +Git-commit: 671bb35c8e746439f0ed70815968f9a4f20a8deb +Patch-mainline: v5.18-rc7 +References: git-fixes + +smatch complains about +drivers/s390/net/lcs.c:1741 lcs_get_control() warn: variable dereferenced before check 'card->dev' (see line 1739) + +Fixes: 27eb5ac8f015 ("[PATCH] s390: lcs driver bug fixes and improvements [1/2]") +Signed-off-by: Alexandra Winter +Signed-off-by: David S. Miller +Acked-by: Petr Tesarik +--- + drivers/s390/net/lcs.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/drivers/s390/net/lcs.c ++++ b/drivers/s390/net/lcs.c +@@ -1757,10 +1757,11 @@ lcs_get_control(struct lcs_card *card, s + lcs_schedule_recovery(card); + break; + case LCS_CMD_STOPLAN: +- pr_warn("Stoplan for %s initiated by LGW\n", +- card->dev->name); +- if (card->dev) ++ if (card->dev) { ++ pr_warn("Stoplan for %s initiated by LGW\n", ++ card->dev->name); + netif_carrier_off(card->dev); ++ } + break; + default: + LCS_DBF_TEXT(5, trace, "noLGWcmd"); diff --git a/patches.suse/s390-module-fix-loading-modules-with-a-lot-of-relocations b/patches.suse/s390-module-fix-loading-modules-with-a-lot-of-relocations new file mode 100644 index 0000000..e7372bb --- /dev/null +++ b/patches.suse/s390-module-fix-loading-modules-with-a-lot-of-relocations @@ -0,0 +1,81 @@ +From: Ilya Leoshkevich +Date: Wed, 19 Jan 2022 19:26:37 +0100 +Subject: s390/module: fix loading modules with a lot of relocations +Git-commit: f3b7e73b2c6619884351a3a0a7468642f852b8a2 +Patch-mainline: v5.17-rc2 +References: git-fixes + +If the size of the PLT entries generated by apply_rela() exceeds +64KiB, the first ones can no longer reach __jump_r1 with brc. Fix by +using brcl. An alternative solution is to add a __jump_r1 copy after +every 64KiB, however, the space savings are quite small and do not +justify the additional complexity. + +Fixes: f19fbd5ed642 ("s390: introduce execute-trampolines for branches") +Cc: stable@vger.kernel.org +Reported-by: Andrea Righi +Signed-off-by: Ilya Leoshkevich +Reviewed-by: Heiko Carstens +Cc: Vasily Gorbik +Cc: Christian Borntraeger +Signed-off-by: Heiko Carstens +[ ptesarik: Write directly to PLT, because SLE12-SP5 does not contain + upstream commit be2422612a580e33b927d0cde7a5a3c7935b2849. ] +Signed-off-by: Petr Tesarik +--- + arch/s390/kernel/module.c | 34 +++++++++++++++++----------------- + 1 file changed, 17 insertions(+), 17 deletions(-) + +--- a/arch/s390/kernel/module.c ++++ b/arch/s390/kernel/module.c +@@ -41,7 +41,7 @@ + #define DEBUGP(fmt , ...) + #endif + +-#define PLT_ENTRY_SIZE 20 ++#define PLT_ENTRY_SIZE 22 + + void *module_alloc(unsigned long size) + { +@@ -326,25 +326,25 @@ static int apply_rela(Elf_Rela *rela, El + case R_390_PLTOFF32: /* 32 bit offset from GOT to PLT. */ + case R_390_PLTOFF64: /* 16 bit offset from GOT to PLT. */ + if (info->plt_initialized == 0) { +- unsigned int *ip; +- ip = me->core_layout.base + me->arch.plt_offset + +- info->plt_offset; +- ip[0] = 0x0d10e310; /* basr 1,0 */ +- ip[1] = 0x100a0004; /* lg 1,10(1) */ ++ char *plt_base; ++ char *ip; ++ ++ plt_base = me->core_layout.base + me->arch.plt_offset; ++ ip = plt_base + info->plt_offset; ++ *(int *)ip = 0x0d10e310; /* basr 1,0 */ ++ *(int *)&ip[4] = 0x100c0004; /* lg 1,12(1) */ + if (IS_ENABLED(CONFIG_EXPOLINE) && !nospec_disable) { +- unsigned int *ij; +- ij = me->core_layout.base + +- me->arch.plt_offset + +- me->arch.plt_size - PLT_ENTRY_SIZE; +- ip[2] = 0xa7f40000 + /* j __jump_r1 */ +- (unsigned int)(u16) +- (((unsigned long) ij - 8 - +- (unsigned long) ip) / 2); ++ char *jump_r1; ++ ++ jump_r1 = plt_base + me->arch.plt_size - ++ PLT_ENTRY_SIZE; ++ /* brcl 0xf,__jump_r1 */ ++ *(short *)&ip[8] = 0xc0f4; ++ *(int *)&ip[10] = (jump_r1 - (ip + 8)) / 2; + } else { +- ip[2] = 0x07f10000; /* br %r1 */ ++ *(int *)&ip[8] = 0x07f10000; /* br %r1 */ + } +- ip[3] = (unsigned int) (val >> 32); +- ip[4] = (unsigned int) val; ++ *(long *)&ip[14] = val; + info->plt_initialized = 1; + } + if (r_type == R_390_PLTOFF16 || diff --git a/patches.suse/s390-pkey-fix-paes-selftest-failure-with-paes-and-pkey-static-build b/patches.suse/s390-pkey-fix-paes-selftest-failure-with-paes-and-pkey-static-build new file mode 100644 index 0000000..bde89f2 --- /dev/null +++ b/patches.suse/s390-pkey-fix-paes-selftest-failure-with-paes-and-pkey-static-build @@ -0,0 +1,101 @@ +From: Harald Freudenberger +Date: Tue, 15 Sep 2020 11:00:17 +0200 +Subject: s390/pkey: fix paes selftest failure with paes and pkey static build +Git-commit: 5b35047eb467c8cdd38a31beb9ac109221777843 +Patch-mainline: v5.10-rc3 +References: git-fixes + +When both the paes and the pkey kernel module are statically build +into the kernel, the paes cipher selftests run before the pkey +kernel module is initialized. So a static variable set in the pkey +init function and used in the pkey_clr2protkey function is not +initialized when the paes cipher's selftests request to call pckmo for +transforming a clear key value into a protected key. + +This patch moves the initial setup of the static variable into +the function pck_clr2protkey. So it's possible, to use the function +for transforming a clear to a protected key even before the pkey +init function has been called and the paes selftests may run +successful. + +Reported-by: Alexander Egorenkov +Cc: # 4.20 +Fixes: f822ad2c2c03 ("s390/pkey: move pckmo subfunction available checks away from module init") +Signed-off-by: Harald Freudenberger +Signed-off-by: Heiko Carstens +Acked-by: Petr Tesarik +--- + drivers/s390/crypto/pkey_api.c | 30 ++++++++++++++++-------------- + 1 file changed, 16 insertions(+), 14 deletions(-) + +--- a/drivers/s390/crypto/pkey_api.c ++++ b/drivers/s390/crypto/pkey_api.c +@@ -39,9 +39,6 @@ MODULE_DESCRIPTION("s390 protected key i + /* Size of vardata block used for some of the cca requests/replies */ + #define VARDATASIZE 4096 + +-/* mask of available pckmo subfunctions, fetched once at module init */ +-static cpacf_mask_t pckmo_functions; +- + /* + * debug feature data and functions + */ +@@ -664,6 +661,9 @@ int pkey_clr2protkey(u32 keytype, + const struct pkey_clrkey *clrkey, + struct pkey_protkey *protkey) + { ++ /* mask of available pckmo subfunctions */ ++ static cpacf_mask_t pckmo_functions; ++ + long fc; + int keysize; + u8 paramblock[64]; +@@ -687,11 +687,13 @@ int pkey_clr2protkey(u32 keytype, + return -EINVAL; + } + +- /* +- * Check if the needed pckmo subfunction is available. +- * These subfunctions can be enabled/disabled by customers +- * in the LPAR profile or may even change on the fly. +- */ ++ /* Did we already check for PCKMO ? */ ++ if (!pckmo_functions.bytes[0]) { ++ /* no, so check now */ ++ if (!cpacf_query(CPACF_PCKMO, &pckmo_functions)) ++ return -ENODEV; ++ } ++ /* check for the pckmo subfunction we need now */ + if (!cpacf_test_func(&pckmo_functions, fc)) { + DEBUG_ERR("%s pckmo functions not available\n", __func__); + return -EOPNOTSUPP; +@@ -1690,7 +1692,7 @@ static struct miscdevice pkey_dev = { + */ + int __init pkey_init(void) + { +- cpacf_mask_t kmc_functions; ++ cpacf_mask_t func_mask; + + /* + * The pckmo instruction should be available - even if we don't +@@ -1698,15 +1700,15 @@ int __init pkey_init(void) + * is also the minimum level for the kmc instructions which + * are able to work with protected keys. + */ +- if (!cpacf_query(CPACF_PCKMO, &pckmo_functions)) ++ if (!cpacf_query(CPACF_PCKMO, &func_mask)) + return -EOPNOTSUPP; + + /* check for kmc instructions available */ +- if (!cpacf_query(CPACF_KMC, &kmc_functions)) ++ if (!cpacf_query(CPACF_KMC, &func_mask)) + return -EOPNOTSUPP; +- if (!cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_128) || +- !cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_192) || +- !cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_256)) ++ if (!cpacf_test_func(&func_mask, CPACF_KMC_PAES_128) || ++ !cpacf_test_func(&func_mask, CPACF_KMC_PAES_192) || ++ !cpacf_test_func(&func_mask, CPACF_KMC_PAES_256)) + return -EOPNOTSUPP; + + pkey_debug_init(); diff --git a/patches.suse/s390-pv-fix-the-forcing-of-the-swiotlb b/patches.suse/s390-pv-fix-the-forcing-of-the-swiotlb new file mode 100644 index 0000000..d811891 --- /dev/null +++ b/patches.suse/s390-pv-fix-the-forcing-of-the-swiotlb @@ -0,0 +1,48 @@ +From: Halil Pasic +Date: Sat, 24 Jul 2021 01:17:46 +0200 +Subject: s390/pv: fix the forcing of the swiotlb +Git-commit: 93ebb6828723b8aef114415c4dc3518342f7dcad +Patch-mainline: v5.15-rc1 +References: git-fixes + +Since commit 903cd0f315fe ("swiotlb: Use is_swiotlb_force_bounce for +swiotlb data bouncing") if code sets swiotlb_force it needs to do so +before the swiotlb is initialised. Otherwise +io_tlb_default_mem->force_bounce will not get set to true, and devices +that use (the default) swiotlb will not bounce despite switolb_force +having the value of SWIOTLB_FORCE. + +Let us restore swiotlb functionality for PV by fulfilling this new +requirement. + +This change addresses what turned out to be a fragility in +commit 64e1f0c531d1 ("s390/mm: force swiotlb for protected +virtualization"), which ain't exactly broken in its original context, +but could give us some more headache if people backport the broken +change and forget this fix. + +Signed-off-by: Halil Pasic +Tested-by: Christian Borntraeger +Reviewed-by: Christian Borntraeger +Fixes: 903cd0f315fe ("swiotlb: Use is_swiotlb_force_bounce for swiotlb data bouncing") +Fixes: 64e1f0c531d1 ("s390/mm: force swiotlb for protected virtualization") +Cc: stable@vger.kernel.org #5.3+ +Signed-off-by: Konrad Rzeszutek Wilk +Acked-by: Petr Tesarik +--- + arch/s390/mm/init.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/s390/mm/init.c ++++ b/arch/s390/mm/init.c +@@ -208,9 +208,9 @@ static void pv_init(void) + return; + + /* make sure bounce buffers are shared */ ++ swiotlb_force = SWIOTLB_FORCE; + swiotlb_init(1); + swiotlb_update_mem_attributes(); +- swiotlb_force = SWIOTLB_FORCE; + /* use swiotlb_dma_ops */ + s390_dma_ops = &s390_pv_dma_ops; + } diff --git a/patches.suse/s390-qeth-Fix-deadlock-in-remove_discipline b/patches.suse/s390-qeth-Fix-deadlock-in-remove_discipline new file mode 100644 index 0000000..1563ef5 --- /dev/null +++ b/patches.suse/s390-qeth-Fix-deadlock-in-remove_discipline @@ -0,0 +1,114 @@ +From: Alexandra Winter +Date: Tue, 21 Sep 2021 16:52:16 +0200 +Subject: s390/qeth: Fix deadlock in remove_discipline +Git-commit: ee909d0b1dac8632eeb78cbf17661d6c7674bbd0 +Patch-mainline: v5.15-rc3 +References: bsc#1206213 LTC#200742 + +Problem: qeth_close_dev_handler is a worker that tries to acquire +card->discipline_mutex via drv->set_offline() in ccwgroup_set_offline(). +Since commit b41b554c1ee7 +("s390/qeth: fix locking for discipline setup / removal") +qeth_remove_discipline() is called under card->discipline_mutex and +cancels the work and waits for it to finish. + +STOPLAN reception with reason code IPA_RC_VEPA_TO_VEB_TRANSITION is the +only situation that schedules close_dev_work. In that situation scheduling +qeth recovery will also result in an offline interface, when resetting the +isolation mode fails, if the external switch is still set to VEB. +And since commit 0b9902c1fcc5 ("s390/qeth: fix deadlock during recovery") +qeth recovery does not aquire card->discipline_mutex anymore. + +So we accept the longer pathlength of qeth_schedule_recovery in this +error situation and re-use the existing function. + +As a side-benefit this changes the hwtrap to behave like during recovery +instead of like during a user-triggered set_offline. + +Fixes: b41b554c1ee7 ("s390/qeth: fix locking for discipline setup / removal") +Signed-off-by: Alexandra Winter +Acked-by: Julian Wiedmann +Signed-off-by: Julian Wiedmann +Signed-off-by: Jakub Kicinski +Acked-by: Petr Tesarik +--- + drivers/s390/net/qeth_core.h | 1 - + drivers/s390/net/qeth_core_main.c | 19 ++++--------------- + drivers/s390/net/qeth_l2_main.c | 1 - + drivers/s390/net/qeth_l3_main.c | 1 - + 4 files changed, 4 insertions(+), 18 deletions(-) + +--- a/drivers/s390/net/qeth_core.h ++++ b/drivers/s390/net/qeth_core.h +@@ -823,7 +823,6 @@ struct qeth_card { + struct napi_struct napi; + struct qeth_rx rx; + struct delayed_work buffer_reclaim_work; +- struct work_struct close_dev_work; + }; + + struct qeth_card_list_struct { +--- a/drivers/s390/net/qeth_core_main.c ++++ b/drivers/s390/net/qeth_core_main.c +@@ -83,18 +83,6 @@ int qeth_card_hw_is_reachable(struct qet + } + EXPORT_SYMBOL_GPL(qeth_card_hw_is_reachable); + +-static void qeth_close_dev_handler(struct work_struct *work) +-{ +- struct qeth_card *card; +- +- card = container_of(work, struct qeth_card, close_dev_work); +- QETH_CARD_TEXT(card, 2, "cldevhdl"); +- rtnl_lock(); +- dev_close(card->dev); +- rtnl_unlock(); +- ccwgroup_set_offline(card->gdev); +-} +- + static const char *qeth_get_cardname(struct qeth_card *card) + { + if (card->info.guestlan) { +@@ -672,10 +660,12 @@ static struct qeth_ipa_cmd *qeth_check_i + case IPA_CMD_STOPLAN: + if (cmd->hdr.return_code == IPA_RC_VEPA_TO_VEB_TRANSITION) { + dev_err(&card->gdev->dev, +- "Interface %s is down because the adjacent port is no longer in reflective relay mode\n", ++ "Adjacent port of interface %s is no longer in reflective relay mode, trigger recovery\n", + QETH_CARD_IFNAME(card)); +- schedule_work(&card->close_dev_work); ++ /* Set offline, then probably fail to set online: */ ++ qeth_schedule_recovery(card); + } else { ++ /* stay online for subsequent STARTLAN */ + dev_warn(&card->gdev->dev, + "The link for interface %s on CHPID 0x%X failed\n", + QETH_CARD_IFNAME(card), card->info.chpid); +@@ -1476,7 +1466,6 @@ static void qeth_setup_card(struct qeth_ + INIT_LIST_HEAD(&card->ipato.entries); + qeth_init_qdio_info(card); + INIT_DELAYED_WORK(&card->buffer_reclaim_work, qeth_buffer_reclaim_work); +- INIT_WORK(&card->close_dev_work, qeth_close_dev_handler); + } + + static void qeth_core_sl_print(struct seq_file *m, struct service_level *slr) +--- a/drivers/s390/net/qeth_l2_main.c ++++ b/drivers/s390/net/qeth_l2_main.c +@@ -828,7 +828,6 @@ static void qeth_l2_remove_device(struct + if (cgdev->state == CCWGROUP_ONLINE) + qeth_l2_set_offline(cgdev); + +- cancel_work_sync(&card->close_dev_work); + if (qeth_netdev_is_registered(card->dev)) + unregister_netdev(card->dev); + } +--- a/drivers/s390/net/qeth_l3_main.c ++++ b/drivers/s390/net/qeth_l3_main.c +@@ -2478,7 +2478,6 @@ static void qeth_l3_remove_device(struct + if (cgdev->state == CCWGROUP_ONLINE) + qeth_l3_set_offline(cgdev); + +- cancel_work_sync(&card->close_dev_work); + if (qeth_netdev_is_registered(card->dev)) + unregister_netdev(card->dev); + qeth_l3_clear_ip_htable(card, 0); diff --git a/patches.suse/s390-qeth-don-t-defer-close_dev-work-during-recovery b/patches.suse/s390-qeth-don-t-defer-close_dev-work-during-recovery new file mode 100644 index 0000000..adaad3b --- /dev/null +++ b/patches.suse/s390-qeth-don-t-defer-close_dev-work-during-recovery @@ -0,0 +1,68 @@ +From: Julian Wiedmann +Date: Thu, 28 Feb 2019 18:59:41 +0100 +Subject: s390/qeth: don't defer close_dev work during recovery +Git-commit: bf42d40b1254afe26015ebdb09d137fb15250fa4 +Patch-mainline: v5.1-rc1 +References: bsc#1206213 LTC#200742 + +The recovery code already runs in a kthread, we don't have to defer the +offlining further. + +Signed-off-by: Julian Wiedmann +Signed-off-by: David S. Miller +Acked-by: Petr Tesarik +--- + drivers/s390/net/qeth_core.h | 1 - + drivers/s390/net/qeth_core_main.c | 3 +-- + drivers/s390/net/qeth_l2_main.c | 2 +- + drivers/s390/net/qeth_l3_main.c | 2 +- + 4 files changed, 3 insertions(+), 5 deletions(-) + +--- a/drivers/s390/net/qeth_core.h ++++ b/drivers/s390/net/qeth_core.h +@@ -1045,7 +1045,6 @@ int qeth_set_access_ctrl_online(struct q + int qeth_configure_cq(struct qeth_card *, enum qeth_cq); + int qeth_hw_trap(struct qeth_card *, enum qeth_diags_trap_action); + void qeth_trace_features(struct qeth_card *); +-void qeth_close_dev(struct qeth_card *); + int qeth_send_setassparms(struct qeth_card *, struct qeth_cmd_buffer *, __u16, + long, + int (*reply_cb)(struct qeth_card *, +--- a/drivers/s390/net/qeth_core_main.c ++++ b/drivers/s390/net/qeth_core_main.c +@@ -96,12 +96,11 @@ static void qeth_close_dev_handler(struc + ccwgroup_set_offline(card->gdev); + } + +-void qeth_close_dev(struct qeth_card *card) ++static void qeth_close_dev(struct qeth_card *card) + { + QETH_CARD_TEXT(card, 2, "cldevsubm"); + queue_work(qeth_wq, &card->close_dev_work); + } +-EXPORT_SYMBOL_GPL(qeth_close_dev); + + static const char *qeth_get_cardname(struct qeth_card *card) + { +--- a/drivers/s390/net/qeth_l2_main.c ++++ b/drivers/s390/net/qeth_l2_main.c +@@ -1123,7 +1123,7 @@ static int qeth_l2_recover(void *ptr) + dev_info(&card->gdev->dev, + "Device successfully recovered!\n"); + else { +- qeth_close_dev(card); ++ ccwgroup_set_offline(card->gdev); + dev_warn(&card->gdev->dev, "The qeth device driver " + "failed to recover an error on the device\n"); + } +--- a/drivers/s390/net/qeth_l3_main.c ++++ b/drivers/s390/net/qeth_l3_main.c +@@ -2652,7 +2652,7 @@ static int qeth_l3_recover(void *ptr) + dev_info(&card->gdev->dev, + "Device successfully recovered!\n"); + else { +- qeth_close_dev(card); ++ ccwgroup_set_offline(card->gdev); + dev_warn(&card->gdev->dev, "The qeth device driver " + "failed to recover an error on the device\n"); + } diff --git a/patches.suse/s390-qeth-fix-deadlock-during-failing-recovery b/patches.suse/s390-qeth-fix-deadlock-during-failing-recovery new file mode 100644 index 0000000..7d2095e --- /dev/null +++ b/patches.suse/s390-qeth-fix-deadlock-during-failing-recovery @@ -0,0 +1,111 @@ +From: Alexandra Winter +Date: Tue, 21 Sep 2021 16:52:17 +0200 +Subject: s390/qeth: fix deadlock during failing recovery +Git-commit: d2b59bd4b06d84a4eadb520b0f71c62fe8ec0a62 +Patch-mainline: v5.15-rc3 +References: bsc#1206213 LTC#200742 + +Commit 0b9902c1fcc5 ("s390/qeth: fix deadlock during recovery") removed +taking discipline_mutex inside qeth_do_reset(), fixing potential +deadlocks. An error path was missed though, that still takes +discipline_mutex and thus has the original deadlock potential. + +Intermittent deadlocks were seen when a qeth channel path is configured +offline, causing a race between qeth_do_reset and ccwgroup_remove. +Call qeth_set_offline() directly in the qeth_do_reset() error case and +then a new variant of ccwgroup_set_offline(), without taking +discipline_mutex. + +Fixes: b41b554c1ee7 ("s390/qeth: fix locking for discipline setup / removal") +Signed-off-by: Alexandra Winter +Reviewed-by: Julian Wiedmann +Signed-off-by: Julian Wiedmann +Signed-off-by: Jakub Kicinski +[ ptesarik: recover discipline ops are not merged in SLE12-SP5, so there are + separate hunks for qeth_l2_recover() and qeth_l3_recover(). ] +Signed-off-by: Petr Tesarik +--- + arch/s390/include/asm/ccwgroup.h | 2 +- + drivers/s390/cio/ccwgroup.c | 10 ++++++++-- + drivers/s390/net/qeth_l2_main.c | 3 ++- + drivers/s390/net/qeth_l3_main.c | 3 ++- + 4 files changed, 13 insertions(+), 5 deletions(-) + +--- a/arch/s390/include/asm/ccwgroup.h ++++ b/arch/s390/include/asm/ccwgroup.h +@@ -65,7 +65,7 @@ int ccwgroup_create_dev(struct device *r + int num_devices, const char *buf); + + extern int ccwgroup_set_online(struct ccwgroup_device *gdev); +-extern int ccwgroup_set_offline(struct ccwgroup_device *gdev); ++int ccwgroup_set_offline(struct ccwgroup_device *gdev, bool call_gdrv); + + extern int ccwgroup_probe_ccwdev(struct ccw_device *cdev); + extern void ccwgroup_remove_ccwdev(struct ccw_device *cdev); +--- a/drivers/s390/cio/ccwgroup.c ++++ b/drivers/s390/cio/ccwgroup.c +@@ -97,12 +97,13 @@ EXPORT_SYMBOL(ccwgroup_set_online); + /** + * ccwgroup_set_offline() - disable a ccwgroup device + * @gdev: target ccwgroup device ++ * @call_gdrv: Call the registered gdrv set_offline function + * + * This function attempts to put the ccwgroup device into the offline state. + * Returns: + * %0 on success and a negative error value on failure. + */ +-int ccwgroup_set_offline(struct ccwgroup_device *gdev) ++int ccwgroup_set_offline(struct ccwgroup_device *gdev, bool call_gdrv) + { + struct ccwgroup_driver *gdrv = to_ccwgroupdrv(gdev->dev.driver); + int ret = -EINVAL; +@@ -111,11 +112,16 @@ int ccwgroup_set_offline(struct ccwgroup + return -EAGAIN; + if (gdev->state == CCWGROUP_OFFLINE) + goto out; ++ if (!call_gdrv) { ++ ret = 0; ++ goto offline; ++ } + if (gdrv->set_offline) + ret = gdrv->set_offline(gdev); + if (ret) + goto out; + ++offline: + gdev->state = CCWGROUP_OFFLINE; + out: + atomic_set(&gdev->onoff, 0); +@@ -144,7 +150,7 @@ static ssize_t ccwgroup_online_store(str + if (value == 1) + ret = ccwgroup_set_online(gdev); + else if (value == 0) +- ret = ccwgroup_set_offline(gdev); ++ ret = ccwgroup_set_offline(gdev, true); + else + ret = -EINVAL; + out: +--- a/drivers/s390/net/qeth_l2_main.c ++++ b/drivers/s390/net/qeth_l2_main.c +@@ -1123,7 +1123,8 @@ static int qeth_l2_recover(void *ptr) + dev_info(&card->gdev->dev, + "Device successfully recovered!\n"); + else { +- ccwgroup_set_offline(card->gdev); ++ __qeth_l2_set_offline(card->gdev, true); ++ ccwgroup_set_offline(card->gdev, false); + dev_warn(&card->gdev->dev, "The qeth device driver " + "failed to recover an error on the device\n"); + } +--- a/drivers/s390/net/qeth_l3_main.c ++++ b/drivers/s390/net/qeth_l3_main.c +@@ -2649,7 +2649,8 @@ static int qeth_l3_recover(void *ptr) + dev_info(&card->gdev->dev, + "Device successfully recovered!\n"); + else { +- ccwgroup_set_offline(card->gdev); ++ __qeth_l3_set_offline(card->gdev, 1); ++ ccwgroup_set_offline(card->gdev, false); + dev_warn(&card->gdev->dev, "The qeth device driver " + "failed to recover an error on the device\n"); + } diff --git a/patches.suse/s390-qeth-remove-driver-wide-workqueue b/patches.suse/s390-qeth-remove-driver-wide-workqueue new file mode 100644 index 0000000..dd20cbc --- /dev/null +++ b/patches.suse/s390-qeth-remove-driver-wide-workqueue @@ -0,0 +1,80 @@ +From: Julian Wiedmann +Date: Thu, 28 Feb 2019 18:59:42 +0100 +Subject: s390/qeth: remove driver-wide workqueue +Git-commit: dcef5cad639e0c24dd562e777b31533f5c97baa1 +Patch-mainline: v5.1-rc1 +References: bsc#1206213 LTC#200742 + +The qeth-wide workqueue is now only used by a single caller to schedule +close_dev work. Just put it on a system queue instead. + +Signed-off-by: Julian Wiedmann +Signed-off-by: David S. Miller +Acked-by: Petr Tesarik +--- + drivers/s390/net/qeth_core_main.c | 19 +------------------ + 1 file changed, 1 insertion(+), 18 deletions(-) + +--- a/drivers/s390/net/qeth_core_main.c ++++ b/drivers/s390/net/qeth_core_main.c +@@ -75,8 +75,6 @@ static void qeth_notify_skbs(struct qeth + static void qeth_release_skbs(struct qeth_qdio_out_buffer *buf); + static int qeth_init_qdio_out_buf(struct qeth_qdio_out_q *, int); + +-static struct workqueue_struct *qeth_wq; +- + int qeth_card_hw_is_reachable(struct qeth_card *card) + { + return (card->state == CARD_STATE_SOFTSETUP) || +@@ -96,12 +94,6 @@ static void qeth_close_dev_handler(struc + ccwgroup_set_offline(card->gdev); + } + +-static void qeth_close_dev(struct qeth_card *card) +-{ +- QETH_CARD_TEXT(card, 2, "cldevsubm"); +- queue_work(qeth_wq, &card->close_dev_work); +-} +- + static const char *qeth_get_cardname(struct qeth_card *card) + { + if (card->info.guestlan) { +@@ -664,7 +656,7 @@ static struct qeth_ipa_cmd *qeth_check_i + dev_err(&card->gdev->dev, + "Interface %s is down because the adjacent port is no longer in reflective relay mode\n", + QETH_CARD_IFNAME(card)); +- qeth_close_dev(card); ++ schedule_work(&card->close_dev_work); + } else { + dev_warn(&card->gdev->dev, + "The link for interface %s on CHPID 0x%X failed\n", +@@ -6717,12 +6709,6 @@ static int __init qeth_core_init(void) + INIT_LIST_HEAD(&qeth_core_card_list.list); + rwlock_init(&qeth_core_card_list.rwlock); + +- qeth_wq = create_singlethread_workqueue("qeth_wq"); +- if (!qeth_wq) { +- rc = -ENOMEM; +- goto out_err; +- } +- + rc = qeth_register_dbf_views(); + if (rc) + goto dbf_err; +@@ -6764,8 +6750,6 @@ slab_err: + register_err: + qeth_unregister_dbf_views(); + dbf_err: +- destroy_workqueue(qeth_wq); +-out_err: + pr_err("Initializing the qeth device driver failed\n"); + return rc; + } +@@ -6773,7 +6757,6 @@ out_err: + static void __exit qeth_core_exit(void) + { + qeth_clear_dbf_list(); +- destroy_workqueue(qeth_wq); + ccwgroup_driver_unregister(&qeth_core_ccwgroup_driver); + ccw_driver_unregister(&qeth_ccw_driver); + kmem_cache_destroy(qeth_qdio_outbuf_cache); diff --git a/patches.suse/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch b/patches.suse/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch deleted file mode 100644 index 0f214eb..0000000 --- a/patches.suse/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Julian Wiedmann -Date: Thu, 19 Apr 2018 12:52:11 +0200 -Subject: s390/qeth: use Read device to query hypervisor for MAC -Patch-mainline: v4.17-rc3 -Git-commit: b7493e91c11a757cf0f8ab26989642ee4bb2c642 -References: bsc#1061024 FATE#323301 - -For z/VM NICs, qeth needs to consider which of the three CCW devices in -an MPC group it uses for requesting a managed MAC address. - -On the Base device, the hypervisor returns a default MAC which is -pre-assigned when creating the NIC (this MAC is also returned by the -READ MAC primitive). Querying any other device results in the allocation -of an additional MAC address. - -For consistency with READ MAC and to avoid using up more addresses than -necessary, it is preferable to use the NIC's default MAC. So switch the -the diag26c over to using a NIC's Read device, which should always be -identical to the Base device. - -Fixes: ec61bd2fd2a2 ("s390/qeth: use diag26c to get MAC address on L2") -Signed-off-by: Julian Wiedmann -Signed-off-by: David S. Miller -Acked-by: Thomas Bogendoerfer ---- - drivers/s390/net/qeth_core_main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/drivers/s390/net/qeth_core_main.c -+++ b/drivers/s390/net/qeth_core_main.c -@@ -4824,7 +4824,7 @@ int qeth_vm_request_mac(struct qeth_card - goto out; - } - -- ccw_device_get_id(CARD_DDEV(card), &id); -+ ccw_device_get_id(CARD_RDEV(card), &id); - request->resp_buf_len = sizeof(*response); - request->resp_version = DIAG26C_VERSION2; - request->op_code = DIAG26C_GET_MAC; diff --git a/patches.suse/s390-zcore-fix-race-when-reading-from-hardware-system-area b/patches.suse/s390-zcore-fix-race-when-reading-from-hardware-system-area new file mode 100644 index 0000000..e0aaaf6 --- /dev/null +++ b/patches.suse/s390-zcore-fix-race-when-reading-from-hardware-system-area @@ -0,0 +1,77 @@ +From: Alexander Gordeev +Date: Tue, 19 Jul 2022 07:16:33 +0200 +Subject: s390/zcore: fix race when reading from hardware system area +Git-commit: 9ffed254d938c9e99eb7761c7f739294c84e0367 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Memory buffer used for reading out data from hardware system +area is not protected against concurrent access. + +Reported-by: Matthew Wilcox +Fixes: 411ed3225733 ("[S390] zfcpdump support.") +Acked-by: Heiko Carstens +Tested-by: Alexander Egorenkov +Link: https://lore.kernel.org/r/e68137f0f9a0d2558f37becc20af18e2939934f6.1658206891.git.agordeev@linux.ibm.com +Signed-off-by: Alexander Gordeev +Acked-by: Petr Tesarik +--- + drivers/s390/char/zcore.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/drivers/s390/char/zcore.c ++++ b/drivers/s390/char/zcore.c +@@ -53,6 +53,7 @@ static struct dentry *zcore_reipl_file; + static struct dentry *zcore_hsa_file; + static struct ipl_parameter_block *ipl_block; + ++static DEFINE_MUTEX(hsa_buf_mutex); + static char hsa_buf[PAGE_SIZE] __aligned(PAGE_SIZE); + + /* +@@ -69,19 +70,24 @@ int memcpy_hsa_user(void __user *dest, u + if (!hsa_available) + return -ENODATA; + ++ mutex_lock(&hsa_buf_mutex); + while (count) { + if (sclp_sdias_copy(hsa_buf, src / PAGE_SIZE + 2, 1)) { + TRACE("sclp_sdias_copy() failed\n"); ++ mutex_unlock(&hsa_buf_mutex); + return -EIO; + } + offset = src % PAGE_SIZE; + bytes = min(PAGE_SIZE - offset, count); +- if (copy_to_user(dest, hsa_buf + offset, bytes)) ++ if (copy_to_user(dest, hsa_buf + offset, bytes)) { ++ mutex_unlock(&hsa_buf_mutex); + return -EFAULT; ++ } + src += bytes; + dest += bytes; + count -= bytes; + } ++ mutex_unlock(&hsa_buf_mutex); + return 0; + } + +@@ -99,9 +105,11 @@ int memcpy_hsa_kernel(void *dest, unsign + if (!hsa_available) + return -ENODATA; + ++ mutex_lock(&hsa_buf_mutex); + while (count) { + if (sclp_sdias_copy(hsa_buf, src / PAGE_SIZE + 2, 1)) { + TRACE("sclp_sdias_copy() failed\n"); ++ mutex_unlock(&hsa_buf_mutex); + return -EIO; + } + offset = src % PAGE_SIZE; +@@ -111,6 +119,7 @@ int memcpy_hsa_kernel(void *dest, unsign + dest += bytes; + count -= bytes; + } ++ mutex_unlock(&hsa_buf_mutex); + return 0; + } + diff --git a/patches.suse/scsi-zfcp-Fix-double-free-of-FSF-request-when-qdio-send-fails b/patches.suse/scsi-zfcp-Fix-double-free-of-FSF-request-when-qdio-send-fails new file mode 100644 index 0000000..ad13257 --- /dev/null +++ b/patches.suse/scsi-zfcp-Fix-double-free-of-FSF-request-when-qdio-send-fails @@ -0,0 +1,198 @@ +From: Benjamin Block +Date: Wed, 16 Nov 2022 11:50:37 +0100 +Subject: scsi: zfcp: Fix double free of FSF request when qdio send fails +Git-commit: 0954256e970ecf371b03a6c9af2cf91b9c4085ff +Patch-mainline: v6.1-rc6 +References: git-fixes + +We used to use the wrong type of integer in 'zfcp_fsf_req_send()' to cache +the FSF request ID when sending a new FSF request. This is used in case the +sending fails and we need to remove the request from our internal hash +table again (so we don't keep an invalid reference and use it when we free +the request again). + +In 'zfcp_fsf_req_send()' we used to cache the ID as 'int' (signed and 32 +bit wide), but the rest of the zfcp code (and the firmware specification) +handles the ID as 'unsigned long'/'u64' (unsigned and 64 bit wide [s390x +ELF ABI]). For one this has the obvious problem that when the ID grows +past 32 bit (this can happen reasonably fast) it is truncated to 32 bit +when storing it in the cache variable and so doesn't match the original ID +anymore. The second less obvious problem is that even when the original ID +has not yet grown past 32 bit, as soon as the 32nd bit is set in the +original ID (0x80000000 = 2'147'483'648) we will have a mismatch when we +cast it back to 'unsigned long'. As the cached variable is of a signed +type, the compiler will choose a sign-extending instruction to load the 32 +bit variable into a 64 bit register (e.g.: 'lgf %r11,188(%r15)'). So once +we pass the cached variable into 'zfcp_reqlist_find_rm()' to remove the +request again all the leading zeros will be flipped to ones to extend the +sign and won't match the original ID anymore (this has been observed in +practice). + +If we can't successfully remove the request from the hash table again after +'zfcp_qdio_send()' fails (this happens regularly when zfcp cannot notify +the adapter about new work because the adapter is already gone during +e.g. a ChpID toggle) we will end up with a double free. We unconditionally +free the request in the calling function when 'zfcp_fsf_req_send()' fails, +but because the request is still in the hash table we end up with a stale +memory reference, and once the zfcp adapter is either reset during recovery +or shutdown we end up freeing the same memory twice. + +The resulting stack traces vary depending on the kernel and have no direct +correlation to the place where the bug occurs. Here are three examples that +have been seen in practice: + + list_del corruption. next->prev should be 00000001b9d13800, but was 00000000dead4ead. (next=00000001bd131a00) + ------------[ cut here ]------------ + kernel BUG at lib/list_debug.c:62! + monitor event: 0040 ilc:2 [#1] PREEMPT SMP + Modules linked in: ... + CPU: 9 PID: 1617 Comm: zfcperp0.0.1740 Kdump: loaded + Hardware name: ... + Krnl PSW : 0704d00180000000 00000003cbeea1f8 (__list_del_entry_valid+0x98/0x140) + R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3 + Krnl GPRS: 00000000916d12f1 0000000080000000 000000000000006d 00000003cb665cd6 + 0000000000000001 0000000000000000 0000000000000000 00000000d28d21e8 + 00000000d3844000 00000380099efd28 00000001bd131a00 00000001b9d13800 + 00000000d3290100 0000000000000000 00000003cbeea1f4 00000380099efc70 + Krnl Code: 00000003cbeea1e8: c020004f68a7 larl %r2,00000003cc8d7336 + 00000003cbeea1ee: c0e50027fd65 brasl %r14,00000003cc3e9cb8 + #00000003cbeea1f4: af000000 mc 0,0 + >00000003cbeea1f8: c02000920440 larl %r2,00000003cd12aa78 + 00000003cbeea1fe: c0e500289c25 brasl %r14,00000003cc3fda48 + 00000003cbeea204: b9040043 lgr %r4,%r3 + 00000003cbeea208: b9040051 lgr %r5,%r1 + 00000003cbeea20c: b9040032 lgr %r3,%r2 + Call Trace: + [<00000003cbeea1f8>] __list_del_entry_valid+0x98/0x140 + ([<00000003cbeea1f4>] __list_del_entry_valid+0x94/0x140) + [<000003ff7ff502fe>] zfcp_fsf_req_dismiss_all+0xde/0x150 [zfcp] + [<000003ff7ff49cd0>] zfcp_erp_strategy_do_action+0x160/0x280 [zfcp] + [<000003ff7ff4a22e>] zfcp_erp_strategy+0x21e/0xca0 [zfcp] + [<000003ff7ff4ad34>] zfcp_erp_thread+0x84/0x1a0 [zfcp] + [<00000003cb5eece8>] kthread+0x138/0x150 + [<00000003cb557f3c>] __ret_from_fork+0x3c/0x60 + [<00000003cc4172ea>] ret_from_fork+0xa/0x40 + INFO: lockdep is turned off. + Last Breaking-Event-Address: + [<00000003cc3e9d04>] _printk+0x4c/0x58 + Kernel panic - not syncing: Fatal exception: panic_on_oops + +or: + + Unable to handle kernel pointer dereference in virtual kernel address space + Failing address: 6b6b6b6b6b6b6000 TEID: 6b6b6b6b6b6b6803 + Fault in home space mode while using kernel ASCE. + AS:0000000063b10007 R3:0000000000000024 + Oops: 0038 ilc:3 [#1] SMP + Modules linked in: ... + CPU: 10 PID: 0 Comm: swapper/10 Kdump: loaded + Hardware name: ... + Krnl PSW : 0404d00180000000 000003ff7febaf8e (zfcp_fsf_reqid_check+0x86/0x158 [zfcp]) + R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3 + Krnl GPRS: 5a6f1cfa89c49ac3 00000000aff2c4c8 6b6b6b6b6b6b6b6b 00000000000002a8 + 0000000000000000 0000000000000055 0000000000000000 00000000a8515800 + 0700000000000000 00000000a6e14500 00000000aff2c000 000000008003c44c + 000000008093c700 0000000000000010 00000380009ebba8 00000380009ebb48 + Krnl Code: 000003ff7febaf7e: a7f4003d brc 15,000003ff7febaff8 + 000003ff7febaf82: e32020000004 lg %r2,0(%r2) + #000003ff7febaf88: ec2100388064 cgrj %r2,%r1,8,000003ff7febaff8 + >000003ff7febaf8e: e3b020100020 cg %r11,16(%r2) + 000003ff7febaf94: a774fff7 brc 7,000003ff7febaf82 + 000003ff7febaf98: ec280030007c cgij %r2,0,8,000003ff7febaff8 + 000003ff7febaf9e: e31020080004 lg %r1,8(%r2) + 000003ff7febafa4: e33020000004 lg %r3,0(%r2) + Call Trace: + [<000003ff7febaf8e>] zfcp_fsf_reqid_check+0x86/0x158 [zfcp] + [<000003ff7febbdbc>] zfcp_qdio_int_resp+0x6c/0x170 [zfcp] + [<000003ff7febbf90>] zfcp_qdio_irq_tasklet+0xd0/0x108 [zfcp] + [<0000000061d90a04>] tasklet_action_common.constprop.0+0xdc/0x128 + [<000000006292f300>] __do_softirq+0x130/0x3c0 + [<0000000061d906c6>] irq_exit_rcu+0xfe/0x118 + [<000000006291e818>] do_io_irq+0xc8/0x168 + [<000000006292d516>] io_int_handler+0xd6/0x110 + [<000000006292d596>] psw_idle_exit+0x0/0xa + ([<0000000061d3be50>] arch_cpu_idle+0x40/0xd0) + [<000000006292ceea>] default_idle_call+0x52/0xf8 + [<0000000061de4fa4>] do_idle+0xd4/0x168 + [<0000000061de51fe>] cpu_startup_entry+0x36/0x40 + [<0000000061d4faac>] smp_start_secondary+0x12c/0x138 + [<000000006292d88e>] restart_int_handler+0x6e/0x90 + Last Breaking-Event-Address: + [<000003ff7febaf94>] zfcp_fsf_reqid_check+0x8c/0x158 [zfcp] + Kernel panic - not syncing: Fatal exception in interrupt + +or: + + Unable to handle kernel pointer dereference in virtual kernel address space + Failing address: 523b05d3ae76a000 TEID: 523b05d3ae76a803 + Fault in home space mode while using kernel ASCE. + AS:0000000077c40007 R3:0000000000000024 + Oops: 0038 ilc:3 [#1] SMP + Modules linked in: ... + CPU: 3 PID: 453 Comm: kworker/3:1H Kdump: loaded + Hardware name: ... + Workqueue: kblockd blk_mq_run_work_fn + Krnl PSW : 0404d00180000000 0000000076fc0312 (__kmalloc+0xd2/0x398) + R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3 + Krnl GPRS: ffffffffffffffff 523b05d3ae76abf6 0000000000000000 0000000000092a20 + 0000000000000002 00000007e49b5cc0 00000007eda8f000 0000000000092a20 + 00000007eda8f000 00000003b02856b9 00000000000000a8 523b05d3ae76abf6 + 00000007dd662000 00000007eda8f000 0000000076fc02b2 000003e0037637a0 + Krnl Code: 0000000076fc0302: c004000000d4 brcl 0,76fc04aa + 0000000076fc0308: b904001b lgr %r1,%r11 + #0000000076fc030c: e3106020001a algf %r1,32(%r6) + >0000000076fc0312: e31010000082 xg %r1,0(%r1) + 0000000076fc0318: b9040001 lgr %r0,%r1 + 0000000076fc031c: e30061700082 xg %r0,368(%r6) + 0000000076fc0322: ec59000100d9 aghik %r5,%r9,1 + 0000000076fc0328: e34003b80004 lg %r4,952 + Call Trace: + [<0000000076fc0312>] __kmalloc+0xd2/0x398 + [<0000000076f318f2>] mempool_alloc+0x72/0x1f8 + [<000003ff8027c5f8>] zfcp_fsf_req_create.isra.7+0x40/0x268 [zfcp] + [<000003ff8027f1bc>] zfcp_fsf_fcp_cmnd+0xac/0x3f0 [zfcp] + [<000003ff80280f1a>] zfcp_scsi_queuecommand+0x122/0x1d0 [zfcp] + [<000003ff800b4218>] scsi_queue_rq+0x778/0xa10 [scsi_mod] + [<00000000771782a0>] __blk_mq_try_issue_directly+0x130/0x208 + [<000000007717a124>] blk_mq_request_issue_directly+0x4c/0xa8 + [<000003ff801302e2>] dm_mq_queue_rq+0x2ea/0x468 [dm_mod] + [<0000000077178c12>] blk_mq_dispatch_rq_list+0x33a/0x818 + [<000000007717f064>] __blk_mq_do_dispatch_sched+0x284/0x2f0 + [<000000007717f44c>] __blk_mq_sched_dispatch_requests+0x1c4/0x218 + [<000000007717fa7a>] blk_mq_sched_dispatch_requests+0x52/0x90 + [<0000000077176d74>] __blk_mq_run_hw_queue+0x9c/0xc0 + [<0000000076da6d74>] process_one_work+0x274/0x4d0 + [<0000000076da7018>] worker_thread+0x48/0x560 + [<0000000076daef18>] kthread+0x140/0x160 + [<000000007751d144>] ret_from_fork+0x28/0x30 + Last Breaking-Event-Address: + [<0000000076fc0474>] __kmalloc+0x234/0x398 + Kernel panic - not syncing: Fatal exception: panic_on_oops + +To fix this, simply change the type of the cache variable to 'unsigned +long', like the rest of zfcp and also the argument for +'zfcp_reqlist_find_rm()'. This prevents truncation and wrong sign extension +and so can successfully remove the request from the hash table. + +Fixes: e60a6d69f1f8 ("[SCSI] zfcp: Remove function zfcp_reqlist_find_safe") +Cc: #v2.6.34+ +Signed-off-by: Benjamin Block +Link: https://lore.kernel.org/r/979f6e6019d15f91ba56182f1aaf68d61bf37fc6.1668595505.git.bblock@linux.ibm.com +Reviewed-by: Steffen Maier +Signed-off-by: Martin K. Petersen +Acked-by: Petr Tesarik +--- + drivers/s390/scsi/zfcp_fsf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/s390/scsi/zfcp_fsf.c ++++ b/drivers/s390/scsi/zfcp_fsf.c +@@ -751,7 +751,7 @@ static int zfcp_fsf_req_send(struct zfcp + struct zfcp_adapter *adapter = req->adapter; + struct zfcp_qdio *qdio = adapter->qdio; + int with_qtcb = (req->qtcb != NULL); +- int req_id = req->req_id; ++ unsigned long req_id = req->req_id; + + zfcp_reqlist_add(adapter->req_list, req); + diff --git a/patches.suse/scsi-zfcp-Fix-missing-auto-port-scan-and-thus-missing-target-ports b/patches.suse/scsi-zfcp-Fix-missing-auto-port-scan-and-thus-missing-target-ports new file mode 100644 index 0000000..6c606ec --- /dev/null +++ b/patches.suse/scsi-zfcp-Fix-missing-auto-port-scan-and-thus-missing-target-ports @@ -0,0 +1,230 @@ +From: Steffen Maier +Date: Fri, 29 Jul 2022 18:25:29 +0200 +Subject: scsi: zfcp: Fix missing auto port scan and thus missing target ports +Git-commit: 4da8c5f76825269f28d6a89fa752934a4bcb6dfa +Patch-mainline: v6.0-rc1 +References: git-fixes + +Case (1): + The only waiter on wka_port->completion_wq is zfcp_fc_wka_port_get() + trying to open a WKA port. As such it should only be woken up by WKA port + *open* responses, not by WKA port close responses. + +Case (2): + A close WKA port response coming in just after having sent a new open WKA + port request and before blocking for the open response with wait_event() + in zfcp_fc_wka_port_get() erroneously renders the wait_event a NOP + because the close handler overwrites wka_port->status. Hence the + wait_event condition is erroneously true and it does not enter blocking + state. + +With non-negligible probability, the following time space sequence happens +depending on timing without this fix: + +user process ERP thread zfcp work queue tasklet system work queue +============ ========== =============== ======= ================= +$ echo 1 > online +zfcp_ccw_set_online +zfcp_ccw_activate +zfcp_erp_adapter_reopen +msleep scan backoff zfcp_erp_strategy +| ... +| zfcp_erp_action_cleanup +| ... +| queue delayed scan_work +| queue ns_up_work +| ns_up_work: +| zfcp_fc_wka_port_get +| open wka request +| open response +| GSPN FC-GS +| RSPN FC-GS [NPIV-only] +| zfcp_fc_wka_port_put +| (--wka->refcount==0) +| sched delayed wka->work +| +~~~Case (1)~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +zfcp_erp_wait +flush scan_work +| wka->work: +| wka->status=CLOSING +| close wka request +| scan_work: +| zfcp_fc_wka_port_get +| (wka->status==CLOSING) +| wka->status=OPENING +| open wka request +| wait_event +| | close response +| | wka->status=OFFLINE +| | wake_up /*WRONG*/ +~~~Case (2)~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +| wka->work: +| wka->status=CLOSING +| close wka request +zfcp_erp_wait +flush scan_work +| scan_work: +| zfcp_fc_wka_port_get +| (wka->status==CLOSING) +| wka->status=OPENING +| open wka request +| close response +| wka->status=OFFLINE +| wake_up /*WRONG&NOP*/ +| wait_event /*NOP*/ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +| (wka->status!=ONLINE) +| return -EIO +| return early + open response + wka->status=ONLINE + wake_up /*NOP*/ + +So we erroneously end up with no automatic port scan. This is a big problem +when it happens during boot. The timing is influenced by v3.19 commit +18f87a67e6d6 ("zfcp: auto port scan resiliency"). + +Fix it by fully mutually excluding zfcp_fc_wka_port_get() and +zfcp_fc_wka_port_offline(). For that to work, we make the latter block +until we got the response for a close WKA port. In order not to penalize +the system workqueue, we move wka_port->work to our own adapter workqueue. +Note that before v2.6.30 commit 828bc1212a68 ("[SCSI] zfcp: Set WKA-port to +offline on adapter deactivation"), zfcp did block in +zfcp_fc_wka_port_offline() as well, but with a different condition. + +While at it, make non-functional cleanups to improve code reading in +zfcp_fc_wka_port_get(). If we cannot send the WKA port open request, don't +rely on the subsequent wait_event condition to immediately let this case +pass without blocking. Also don't want to rely on the additional condition +handling the refcount to be skipped just to finally return with -EIO. + +Link: https://lore.kernel.org/r/20220729162529.1620730-1-maier@linux.ibm.com +Fixes: 5ab944f97e09 ("[SCSI] zfcp: attach and release SAN nameserver port on demand") +Cc: #v2.6.28+ +Reviewed-by: Benjamin Block +Signed-off-by: Steffen Maier +Signed-off-by: Martin K. Petersen +Acked-by: Petr Tesarik +--- + drivers/s390/scsi/zfcp_fc.c | 29 ++++++++++++++++++++--------- + drivers/s390/scsi/zfcp_fc.h | 6 ++++-- + drivers/s390/scsi/zfcp_fsf.c | 4 ++-- + 3 files changed, 26 insertions(+), 13 deletions(-) + +--- a/drivers/s390/scsi/zfcp_fc.c ++++ b/drivers/s390/scsi/zfcp_fc.c +@@ -145,27 +145,33 @@ void zfcp_fc_enqueue_event(struct zfcp_a + + static int zfcp_fc_wka_port_get(struct zfcp_fc_wka_port *wka_port) + { ++ int ret = -EIO; ++ + if (mutex_lock_interruptible(&wka_port->mutex)) + return -ERESTARTSYS; + + if (wka_port->status == ZFCP_FC_WKA_PORT_OFFLINE || + wka_port->status == ZFCP_FC_WKA_PORT_CLOSING) { + wka_port->status = ZFCP_FC_WKA_PORT_OPENING; +- if (zfcp_fsf_open_wka_port(wka_port)) ++ if (zfcp_fsf_open_wka_port(wka_port)) { ++ /* could not even send request, nothing to wait for */ + wka_port->status = ZFCP_FC_WKA_PORT_OFFLINE; ++ goto out; ++ } + } + +- mutex_unlock(&wka_port->mutex); +- +- wait_event(wka_port->completion_wq, ++ wait_event(wka_port->opened, + wka_port->status == ZFCP_FC_WKA_PORT_ONLINE || + wka_port->status == ZFCP_FC_WKA_PORT_OFFLINE); + + if (wka_port->status == ZFCP_FC_WKA_PORT_ONLINE) { + atomic_inc(&wka_port->refcount); +- return 0; ++ ret = 0; ++ goto out; + } +- return -EIO; ++out: ++ mutex_unlock(&wka_port->mutex); ++ return ret; + } + + static void zfcp_fc_wka_port_offline(struct work_struct *work) +@@ -181,9 +187,12 @@ static void zfcp_fc_wka_port_offline(str + + wka_port->status = ZFCP_FC_WKA_PORT_CLOSING; + if (zfcp_fsf_close_wka_port(wka_port)) { ++ /* could not even send request, nothing to wait for */ + wka_port->status = ZFCP_FC_WKA_PORT_OFFLINE; +- wake_up(&wka_port->completion_wq); ++ goto out; + } ++ wait_event(wka_port->closed, ++ wka_port->status == ZFCP_FC_WKA_PORT_OFFLINE); + out: + mutex_unlock(&wka_port->mutex); + } +@@ -193,13 +202,15 @@ static void zfcp_fc_wka_port_put(struct + if (atomic_dec_return(&wka_port->refcount) != 0) + return; + /* wait 10 milliseconds, other reqs might pop in */ +- schedule_delayed_work(&wka_port->work, HZ / 100); ++ queue_delayed_work(wka_port->adapter->work_queue, &wka_port->work, ++ msecs_to_jiffies(10)); + } + + static void zfcp_fc_wka_port_init(struct zfcp_fc_wka_port *wka_port, u32 d_id, + struct zfcp_adapter *adapter) + { +- init_waitqueue_head(&wka_port->completion_wq); ++ init_waitqueue_head(&wka_port->opened); ++ init_waitqueue_head(&wka_port->closed); + + wka_port->adapter = adapter; + wka_port->d_id = d_id; +--- a/drivers/s390/scsi/zfcp_fc.h ++++ b/drivers/s390/scsi/zfcp_fc.h +@@ -169,7 +169,8 @@ enum zfcp_fc_wka_status { + /** + * struct zfcp_fc_wka_port - representation of well-known-address (WKA) FC port + * @adapter: Pointer to adapter structure this WKA port belongs to +- * @completion_wq: Wait for completion of open/close command ++ * @opened: Wait for completion of open command ++ * @closed: Wait for completion of close command + * @status: Current status of WKA port + * @refcount: Reference count to keep port open as long as it is in use + * @d_id: FC destination id or well-known-address +@@ -179,7 +180,8 @@ enum zfcp_fc_wka_status { + */ + struct zfcp_fc_wka_port { + struct zfcp_adapter *adapter; +- wait_queue_head_t completion_wq; ++ wait_queue_head_t opened; ++ wait_queue_head_t closed; + enum zfcp_fc_wka_status status; + atomic_t refcount; + u32 d_id; +--- a/drivers/s390/scsi/zfcp_fsf.c ++++ b/drivers/s390/scsi/zfcp_fsf.c +@@ -1591,7 +1591,7 @@ static void zfcp_fsf_open_wka_port_handl + wka_port->status = ZFCP_FC_WKA_PORT_ONLINE; + } + out: +- wake_up(&wka_port->completion_wq); ++ wake_up(&wka_port->opened); + } + + /** +@@ -1649,7 +1649,7 @@ static void zfcp_fsf_close_wka_port_hand + } + + wka_port->status = ZFCP_FC_WKA_PORT_OFFLINE; +- wake_up(&wka_port->completion_wq); ++ wake_up(&wka_port->closed); + } + + /** diff --git a/patches.suse/x86-bugs-Make-sure-MSR_SPEC_CTRL-is-updated-properly.patch b/patches.suse/x86-bugs-Make-sure-MSR_SPEC_CTRL-is-updated-properly.patch new file mode 100644 index 0000000..77e3f3d --- /dev/null +++ b/patches.suse/x86-bugs-Make-sure-MSR_SPEC_CTRL-is-updated-properly.patch @@ -0,0 +1,139 @@ +From: Pawan Gupta +Date: Wed, 30 Nov 2022 07:25:51 -0800 +Subject: x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume + from S3 +Git-commit: 66065157420c5b9b3f078f43d313c153e1ff7f83 +Patch-mainline: 6.1-rc8 +References: bsc#1206037 + +The "force" argument to write_spec_ctrl_current() is currently ambiguous +as it does not guarantee the MSR write. This is due to the optimization +that writes to the MSR happen only when the new value differs from the +cached value. + +This is fine in most cases, but breaks for S3 resume when the cached MSR +value gets out of sync with the hardware MSR value due to S3 resetting +it. + +When x86_spec_ctrl_current is same as x86_spec_ctrl_base, the MSR write +is skipped. Which results in SPEC_CTRL mitigations not getting restored. + +Move the MSR write from write_spec_ctrl_current() to a new function that +unconditionally writes to the MSR. Update the callers accordingly and +rename functions. + + [ bp: Rework a bit. ] + +Fixes: caa0ff24d5d0 ("x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value") +Suggested-by: Borislav Petkov +Signed-off-by: Pawan Gupta +Signed-off-by: Borislav Petkov (AMD) +Reviewed-by: Thomas Gleixner +Cc: +Link: https://lore.kernel.org/r/806d39b0bfec2fe8f50dc5446dff20f5bb24a959.1669821572.git.pawan.kumar.gupta@linux.intel.com +Signed-off-by: Linus Torvalds +Signed-off-by: Jiri Slaby +--- + arch/x86/include/asm/nospec-branch.h | 2 +- + arch/x86/kernel/cpu/bugs.c | 21 ++++++++++++++------- + arch/x86/kernel/process.c | 2 +- + 3 files changed, 16 insertions(+), 9 deletions(-) + +--- a/arch/x86/include/asm/nospec-branch.h ++++ b/arch/x86/include/asm/nospec-branch.h +@@ -344,7 +344,7 @@ static inline void indirect_branch_predi + + /* The Intel SPEC CTRL MSR base value cache */ + extern u64 x86_spec_ctrl_base; +-extern void write_spec_ctrl_current(u64 val, bool force); ++extern void update_spec_ctrl_cond(u64 val); + extern u64 spec_ctrl_current(void); + + /* +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -57,11 +57,18 @@ EXPORT_SYMBOL_GPL(x86_spec_ctrl_current) + + static DEFINE_MUTEX(spec_ctrl_mutex); + ++/* Update SPEC_CTRL MSR and its cached copy unconditionally */ ++static void update_spec_ctrl(u64 val) ++{ ++ this_cpu_write(x86_spec_ctrl_current, val); ++ wrmsrl(MSR_IA32_SPEC_CTRL, val); ++} ++ + /* + * Keep track of the SPEC_CTRL MSR value for the current task, which may differ + * from x86_spec_ctrl_base due to STIBP/SSB in __speculation_ctrl_update(). + */ +-void write_spec_ctrl_current(u64 val, bool force) ++void update_spec_ctrl_cond(u64 val) + { + if (this_cpu_read(x86_spec_ctrl_current) == val) + return; +@@ -72,7 +79,7 @@ void write_spec_ctrl_current(u64 val, bo + * When KERNEL_IBRS this MSR is written on return-to-user, unless + * forced the update can be delayed until that time. + */ +- if (force || !cpu_feature_enabled(X86_FEATURE_KERNEL_IBRS)) ++ if (!cpu_feature_enabled(X86_FEATURE_KERNEL_IBRS)) + wrmsrl(MSR_IA32_SPEC_CTRL, val); + } + +@@ -1417,7 +1424,7 @@ static void __init spec_ctrl_disable_ker + + if (ia32_cap & ARCH_CAP_RRSBA) { + x86_spec_ctrl_base |= SPEC_CTRL_RRSBA_DIS_S; +- write_spec_ctrl_current(x86_spec_ctrl_base, true); ++ update_spec_ctrl(x86_spec_ctrl_base); + } + } + +@@ -1491,7 +1498,7 @@ static void __init spectre_v2_select_mit + + if (spectre_v2_in_ibrs_mode(mode)) { + x86_spec_ctrl_base |= SPEC_CTRL_IBRS; +- write_spec_ctrl_current(x86_spec_ctrl_base, true); ++ update_spec_ctrl(x86_spec_ctrl_base); + } + + switch (mode) { +@@ -1616,7 +1623,7 @@ static void __init spectre_v2_select_mit + static void update_stibp_msr(void * __unused) + { + u64 val = spec_ctrl_current() | (x86_spec_ctrl_base & SPEC_CTRL_STIBP); +- write_spec_ctrl_current(val, true); ++ update_spec_ctrl(val); + } + + /* Update x86_spec_ctrl_base in case SMT state changed. */ +@@ -1837,7 +1844,7 @@ static enum ssb_mitigation __init __ssb_ + x86_amd_ssb_disable(); + } else { + x86_spec_ctrl_base |= SPEC_CTRL_SSBD; +- write_spec_ctrl_current(x86_spec_ctrl_base, true); ++ update_spec_ctrl(x86_spec_ctrl_base); + } + } + +@@ -2045,7 +2052,7 @@ int arch_prctl_spec_ctrl_get(struct task + void x86_spec_ctrl_setup_ap(void) + { + if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) +- write_spec_ctrl_current(x86_spec_ctrl_base, true); ++ update_spec_ctrl(x86_spec_ctrl_base); + + if (ssb_mode == SPEC_STORE_BYPASS_DISABLE) + x86_amd_ssb_disable(); +--- a/arch/x86/kernel/process.c ++++ b/arch/x86/kernel/process.c +@@ -436,7 +436,7 @@ static __always_inline void __speculatio + } + + if (updmsr) +- write_spec_ctrl_current(msr, false); ++ update_spec_ctrl_cond(msr); + } + + static unsigned long speculation_ctrl_update_tif(struct task_struct *tsk) diff --git a/patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch b/patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch index dbd7ef8..72b579a 100644 --- a/patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch +++ b/patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch @@ -129,9 +129,9 @@ Signed-off-by: Borislav Petkov #endif /* _ASM_X86_CPUFEATURES_H */ --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h -@@ -129,6 +129,10 @@ - * bit available to control VERW - * behavior. +@@ -138,6 +138,10 @@ + * are restricted to targets in + * kernel. */ +#define ARCH_CAP_PBRSB_NO BIT(24) /* + * Not susceptible to Post-Barrier @@ -260,7 +260,7 @@ Signed-off-by: Borislav Petkov /* Disable in-kernel use of non-RSB RET predictors */ static void __init spec_ctrl_disable_kernel_rrsba(void) { -@@ -1537,6 +1584,8 @@ static void __init spectre_v2_select_mit +@@ -1560,6 +1607,8 @@ static void __init spectre_v2_select_mit pr_info("Enabling Restricted Speculation for firmware calls\n"); } @@ -269,7 +269,7 @@ Signed-off-by: Borislav Petkov /* Set up IBPB and STIBP depending on the general spectre V2 command */ spectre_v2_cmd = cmd; } -@@ -2110,6 +2159,19 @@ static ssize_t srbds_show_state(char *bu +@@ -2133,6 +2182,19 @@ static ssize_t srbds_show_state(char *bu return sprintf(buf, "%s\n", srbds_strings[srbds_mitigation]); } @@ -289,7 +289,7 @@ Signed-off-by: Borislav Petkov static ssize_t spectre_v2_show_state(char *buf) { if (spectre_v2_enabled == SPECTRE_V2_LFENCE) -@@ -2122,12 +2184,13 @@ static ssize_t spectre_v2_show_state(cha +@@ -2145,12 +2207,13 @@ static ssize_t spectre_v2_show_state(cha spectre_v2_enabled == SPECTRE_V2_EIBRS_LFENCE) return sprintf(buf, "Vulnerable: eIBRS+LFENCE with unprivileged eBPF and SMT\n"); diff --git a/patches.suse/x86-speculation-Disable-RRSBA-behavior.patch b/patches.suse/x86-speculation-Disable-RRSBA-behavior.patch index 801922c..7be8ecd 100644 --- a/patches.suse/x86-speculation-Disable-RRSBA-behavior.patch +++ b/patches.suse/x86-speculation-Disable-RRSBA-behavior.patch @@ -24,20 +24,15 @@ For spectre v2 mitigation, when a user selects a mitigation that protects indirect CALLs and JMPs against BHI and intramode-BTI, set RRSBA_DIS_S also to protect RETs for RSB-underflow case. -[js] - * eIBRS not supported -- drop - * SPECTRE_V2_RETPOLINE has a different name -- rename - * write_spec_ctrl_current() not present yet -- replace by wrmsrl() - Signed-off-by: Pawan Gupta Signed-off-by: Borislav Petkov Signed-off-by: Jiri Slaby --- - arch/x86/include/asm/cpufeatures.h | 1 + + arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/msr-index.h | 9 +++++++++ - arch/x86/kernel/cpu/bugs.c | 24 ++++++++++++++++++++++++ + arch/x86/kernel/cpu/bugs.c | 26 ++++++++++++++++++++++++++ arch/x86/kernel/cpu/scattered.c | 1 + - 4 files changed, 35 insertions(+) + 4 files changed, 37 insertions(+), 1 deletion(-) --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -46,7 +41,7 @@ Signed-off-by: Jiri Slaby #define X86_FEATURE_FENCE_SWAPGS_KERNEL (11*32+ 5) /* "" LFENCE in kernel entry SWAPGS path */ #define X86_FEATURE_ENTRY_IBPB (11*32+10) /* "" Issue an IBPB on kernel entry */ -/* FREE! (11*32+11) */ -+#define X86_FEATURE_RRSBA_CTRL (11*32+11) /* "" RET prediction control */ ++#define X86_FEATURE_RRSBA_CTRL (11*32+11) /* "" RET prediction control */ #define X86_FEATURE_RETPOLINE (11*32+12) /* "" Generic Retpoline mitigation for Spectre variant 2 */ #define X86_FEATURE_RETPOLINE_LFENCE (11*32+13) /* "" Use LFENCE for Spectre variant 2 */ #define X86_FEATURE_RETHUNK (11*32+14) /* "" Use REturn THUNK */ @@ -61,9 +56,9 @@ Signed-off-by: Jiri Slaby #define MSR_IA32_PRED_CMD 0x00000049 /* Prediction Command */ #define PRED_CMD_IBPB BIT(0) /* Indirect Branch Prediction Barrier */ -@@ -101,6 +103,13 @@ - * Writeback and invalidate the - * L1 data cache. +@@ -129,6 +131,13 @@ + * bit available to control VERW + * behavior. */ +#define ARCH_CAP_RRSBA BIT(19) /* + * Indicates RET may use predictors @@ -73,8 +68,8 @@ Signed-off-by: Jiri Slaby + * kernel. + */ - #define MSR_IA32_BBL_CR_CTL 0x00000119 - #define MSR_IA32_BBL_CR_CTL3 0x0000011e + #define MSR_IA32_FLUSH_CMD 0x0000010b + #define L1D_FLUSH BIT(0) /* --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1358,6 +1358,22 @@ static enum spectre_v2_mitigation __init @@ -84,23 +79,23 @@ Signed-off-by: Jiri Slaby +/* Disable in-kernel use of non-RSB RET predictors */ +static void __init spec_ctrl_disable_kernel_rrsba(void) +{ -+ u64 ia32_cap; ++ u64 ia32_cap; + -+ if (!boot_cpu_has(X86_FEATURE_RRSBA_CTRL)) -+ return; ++ if (!boot_cpu_has(X86_FEATURE_RRSBA_CTRL)) ++ return; + -+ ia32_cap = x86_read_arch_cap_msr(); ++ ia32_cap = x86_read_arch_cap_msr(); + -+ if (ia32_cap & ARCH_CAP_RRSBA) { -+ x86_spec_ctrl_base |= SPEC_CTRL_RRSBA_DIS_S; -+ wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); -+ } ++ if (ia32_cap & ARCH_CAP_RRSBA) { ++ x86_spec_ctrl_base |= SPEC_CTRL_RRSBA_DIS_S; ++ write_spec_ctrl_current(x86_spec_ctrl_base, true); ++ } +} + static void __init spectre_v2_select_mitigation(void) { enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); -@@ -1451,6 +1467,14 @@ static void __init spectre_v2_select_mit +@@ -1451,6 +1467,16 @@ static void __init spectre_v2_select_mit break; } @@ -109,7 +104,9 @@ Signed-off-by: Jiri Slaby + * JMPs gets protection against BHI and Intramode-BTI, but RET + * prediction from a non-RSB predictor is still a risk. + */ -+ if (mode == SPECTRE_V2_RETPOLINE) ++ if (mode == SPECTRE_V2_EIBRS_LFENCE || ++ mode == SPECTRE_V2_EIBRS_RETPOLINE || ++ mode == SPECTRE_V2_RETPOLINE) + spec_ctrl_disable_kernel_rrsba(); + spectre_v2_enabled = mode; diff --git a/series.conf b/series.conf index 69fbeb4..1c108f1 100644 --- a/series.conf +++ b/series.conf @@ -43864,6 +43864,7 @@ patches.suse/fuse-Fix-use-after-free-in-fuse_dev_do_write.patch patches.suse/fuse-set-FR_SENT-while-locked.patch patches.suse/fuse-fix-blocked_waitq-wakeup.patch + patches.suse/fuse-use-READ_ONCE-on-congestion_threshold-and-max_background.patch patches.suse/bitops-protect-variables-in-set_mask_bits-macro.patch patches.suse/bitops-protect-variables-in-bit_clear_unless-macro.patch patches.suse/platform-x86-acerhdf-Add-BIOS-entry-for-Gateway-LT31.patch @@ -47253,6 +47254,8 @@ patches.suse/cxgb4-Enable-outer-UDP-checksum-offload-for-T6.patch patches.suse/cxgb4vf-Enter-debugging-mode-if-FW-is-inaccessible.patch patches.suse/net-smc-allow-pnetid-less-configuration + patches.suse/s390-qeth-don-t-defer-close_dev-work-during-recovery + patches.suse/s390-qeth-remove-driver-wide-workqueue patches.suse/0001-net-aquantia-fixed-instack-structure-overflow.patch patches.suse/cxgb4vf-Prefix-adapter-flags-with-CXGB4VF.patch patches.suse/cxgb4-Add-VF-Link-state-support.patch @@ -49950,6 +49953,7 @@ patches.suse/0001-x86-speculation-mds-Fix-documentation-typo.patch patches.suse/fuse-fix-writepages-on-32bit.patch patches.suse/fuse-honor-RLIMIT_FSIZE-in-fuse_file_fallocate.patch + patches.suse/fuse-retrieve-cap-requested-size-to-negotiated-max_write.patch patches.suse/mm-huge_memory-fix-vmf_insert_pfn_-pmd-pud-crash-han.patch patches.suse/kernel-sys.c-prctl-fix-false-positive-in-validate_pr.patch patches.suse/ocfs2-fix-ocfs2-read-inode-data-panic-in-ocfs2_iget.patch @@ -52212,7 +52216,6 @@ patches.suse/0001-KVM-x86-use-Intel-speculation-bugs-and-features-as-d.patch patches.suse/KVM-x86-Fix-x86_decode_insn-return-when-fetching-ins.patch patches.suse/KVM-x86-Unconditionally-call-x86-ops-that-are-always.patch - patches.suse/KVM-x86-Manually-calculate-reserved-bits-when-loadin.patch patches.suse/KVM-PPC-Book3S-HV-XIVE-Free-escalation-interrupts-be.patch patches.suse/KVM-PPC-Book3S-HV-Fix-race-in-re-enabling-XIVE-escal.patch patches.suse/KVM-PPC-Book3S-HV-Don-t-push-XIVE-context-when-not-u.patch @@ -54769,6 +54772,7 @@ patches.suse/PCI-Don-t-disable-bridge-BARs-when-assigning-bus-res.patch patches.suse/PCI-switchtec-Fix-vep_vector_number-ioread-width.patch patches.suse/PCI-IOV-Fix-memory-leak-in-pci_iov_add_virtfn.patch + patches.suse/s390-Remove-arch_has_random-arch_has_random_seed patches.suse/linux-random.h-Remove-arch_has_random-arch_has_random_seed.patch patches.suse/linux-random.h-Use-false-with-bool.patch patches.suse/linux-random.h-Mark-CONFIG_ARCH_RANDOM-functions-__must_check.patch @@ -56527,6 +56531,7 @@ patches.suse/ovl-verify-permissions-in-ovl_path_open.patch patches.suse/ovl-initialize-error-in-ovl_copy_xattr.patch patches.suse/fuse-fix-weird-page-warning.patch + patches.suse/fuse-don-t-check-refcount-after-stealing-page.patch patches.suse/power-supply-bq24257_charger-Replace-depends-on-REGM.patch patches.suse/power-supply-lp8788-Fix-an-error-handling-path-in-lp.patch patches.suse/power-supply-smb347-charger-IRQSTAT_D-is-volatile.patch @@ -58320,6 +58325,7 @@ patches.suse/can-peak_usb-add-range-checking-in-decode-operations.patch patches.suse/can-peak_usb-peak_usb_get_ts_time-fix-timestamp-wrap.patch patches.suse/can-peak_canfd-pucan_handle_can_rx-fix-echo-manageme.patch + patches.suse/s390-pkey-fix-paes-selftest-failure-with-paes-and-pkey-static-build patches.suse/drm-imx-tve-remove-extraneous-type-qualifier.patch patches.suse/Fonts-Replace-discarded-const-qualifier.patch patches.suse/ALSA-usb-audio-Add-implicit-feedback-quirk-for-Zoom-.patch @@ -59575,6 +59581,7 @@ patches.suse/ASoC-wm8960-Fix-wrong-bclk-and-lrclk-with-pll-enable.patch patches.suse/ASoC-intel-atom-Stop-advertising-non-working-S24LE-s.patch patches.suse/ASoC-fsl_esai-Fix-TDM-slot-setup-for-I2S-mode.patch + patches.suse/s390-cpcmd-fix-inline-assembly-register-clobbering patches.suse/RDMA-cxgb4-check-for-ipv6-address-properly-while-des.patch patches.suse/RDMA-addr-Be-strict-with-gid-size.patch patches.suse/cifs-On-cifs_reconnect-resolve-the-hostname-again-.patch @@ -59978,6 +59985,7 @@ patches.suse/pinctrl-samsung-use-int-for-register-masks-in-Exynos.patch patches.suse/pinctrl-core-Fix-kernel-doc-string-for-pin_get_name.patch patches.suse/mm-memory-failure-unnecessary-amount-of-unmapping.patch + patches.suse/cuse-prevent-clone.patch patches.suse/ext4-fix-check-to-prevent-false-positive-report-of-i.patch patches.suse/ext4-fix-error-code-in-ext4_commit_super.patch patches.suse/IB-hfi1-Use-kzalloc-for-mmu_rb_handler-allocation.patch @@ -60521,6 +60529,9 @@ patches.suse/tracepoint-Add-tracepoint_probe_register_may_exist-for-BPF-tracing.patch patches.suse/0001-xarray-iov_iter_fault_in_readable-should-do-nothing-in-xarray-case.patch patches.suse/leds-ktd2692-Fix-an-error-handling-path.patch + patches.suse/s390-appldata-depends-on-PROC_SYSCTL + patches.suse/s390-cio-add-tpi.h-header-file + patches.suse/s390-cio-dont-call-css_wait_for_slow_path-inside-a-lock patches.suse/Input-usbtouchscreen-fix-control-request-directions.patch patches.suse/Input-hil_kbd-fix-error-return-code-in-hil_dev_conne.patch patches.suse/Input-joydev-prevent-use-of-not-validated-data-in-JS.patch @@ -60974,6 +60985,7 @@ patches.suse/fs-mm-fix-race-in-unlinking-swapfile.patch patches.suse/memcg-enable-accounting-of-ipc-resources.patch patches.suse/mm-vmscan-guarantee-drop_slab_node-termination.patch + patches.suse/s390-pv-fix-the-forcing-of-the-swiotlb patches.suse/pseries-drmem-update-LMBs-after-LPM.patch patches.suse/powerpc-pseries-Prevent-free-CPU-ids-being-reused-on.patch patches.suse/powerpc-pseries-Fix-build-error-when-NUMA-n.patch @@ -61026,6 +61038,8 @@ patches.suse/net-hns3-fix-change-RSS-hfunc-ineffective-issue.patch patches.suse/net-hns3-check-vlan-id-before-using-it.patch patches.suse/s390-qeth-fix-NULL-deref-in-qeth_clear_working_pool_list + patches.suse/s390-qeth-Fix-deadlock-in-remove_discipline + patches.suse/s390-qeth-fix-deadlock-during-failing-recovery patches.suse/qed-rdma-don-t-wait-for-resources-under-hw-error-rec.patch patches.suse/Re-enable-UAS-for-LaCie-Rugged-USB3-FW-with-fk-quirk.patch patches.suse/usb-storage-Add-quirk-for-ScanLogic-SL11R-IDE-older-.patch @@ -61550,6 +61564,7 @@ patches.suse/udf-Restore-i_lenAlloc-when-inode-expansion-fails.patch patches.suse/s390-nmi-handle-guarded-storage-validity-failures-for-KVM-guests patches.suse/s390-nmi-handle-vector-validity-failures-for-KVM-guests + patches.suse/s390-module-fix-loading-modules-with-a-lot-of-relocations patches.suse/s390-hypfs-include-z-VM-guests-with-access-control-group-set patches.suse/0005-video-hyperv_fb-Fix-validation-of-screen-resolution.patch patches.suse/scsi-zfcp-Fix-failed-recovery-on-gone-remote-port-with-non-NPIV-FCP-devices @@ -61698,6 +61713,7 @@ patches.suse/msft-hv-2523-net-mana-Add-handling-of-CQE_RX_TRUNCATED.patch patches.suse/msft-hv-2524-net-mana-Remove-unnecessary-check-of-cqe_type-in-man.patch patches.suse/net-asix-add-proper-error-handling-of-usb-read-error.patch + patches.suse/ath5k-fix-OOB-in-ath5k_eeprom_read_pcal_info_5111.patch patches.suse/net-ibmvnic-Cleanup-workaround-doing-an-EOI-after-pa.patch patches.suse/ipv6-annotate-some-data-races-around-sk-sk_prot.patch patches.suse/qed-display-VF-trust-config.patch @@ -61880,6 +61896,9 @@ patches.suse/floppy-use-a-statically-allocated-error-counter.patch patches.suse/writeback-Avoid-skipping-inode-writeback-846a3351ddfe.patch patches.suse/cgroup-cpuset-Remove-cpus_allowed-mems_allowed-setup-in-cpuset_init_smp.patch + patches.suse/s390-ctcm-fix-variable-dereferenced-before-check + patches.suse/s390-ctcm-fix-potential-memory-leak + patches.suse/s390-lcs-fix-variable-dereferenced-before-check patches.suse/Revert-SUNRPC-Ensure-gss-proxy-connects-on-setup.patch patches.suse/SUNRPC-Ensure-that-the-gssproxy-client-can-start-in-.patch patches.suse/scsi-qla2xxx-Fix-missed-DMA-unmap-for-aborted-comman.patch @@ -61980,6 +61999,7 @@ patches.suse/usb-musb-Fix-missing-of_node_put-in-omap2430_probe.patch patches.suse/USB-serial-option-add-Quectel-BG95-modem.patch patches.suse/USB-new-quirk-for-Dell-Gen-2-devices.patch + patches.suse/s390-crypto-fix-scatterwalk_unmap-callers-in-AES-GCM patches.suse/s390-mm-use-non-quiescing-sske-for-KVM-switch-to-keyed-guest patches.suse/s390-mcck-isolate-SIE-instruction-when-setting-CIF_MCCK_GUEST-flag patches.suse/cifs-remove-repeated-debug-message-on-cifs_put_smb_ses-.patch @@ -62168,6 +62188,7 @@ patches.suse/powerpc-powernv-rename-remaining-rng-powernv_-functi.patch patches.suse/powerpc-xive-Fix-refcount-leak-in-xive_get_max_prio.patch patches.suse/s390-crash-fix-incorrect-number-of-bytes-to-copy-to-user-space + patches.suse/s390-zcore-fix-race-when-reading-from-hardware-system-area patches.suse/0005-video-fbdev-amba-clcd-Fix-refcount-leak-bugs.patch patches.suse/0006-video-fbdev-sis-fix-typos-in-SiS_GetModeID.patch patches.suse/0007-video-fbdev-arkfb-Fix-a-divide-by-zero-bug-in-ark_se.patch @@ -62199,6 +62220,7 @@ patches.suse/net_sched-cls_route-remove-from-list-when-handle-is-.patch patches.suse/nfp-fix-use-after-free-in-area_cache_get.patch patches.suse/scsi-lpfc-Check-the-return-value-of-alloc_workqueue.patch + patches.suse/scsi-zfcp-Fix-missing-auto-port-scan-and-thus-missing-target-ports patches.suse/cifs-fix-lock-length-calculation.patch patches.suse/cifs-Do-not-use-tcon-cfid-directly-use-the-cfid-we-get-from-open_.patch patches.suse/xen-xenbus-fix-return-type-in-xenbus_file_read.patch @@ -62246,6 +62268,7 @@ patches.suse/USB-core-Fix-RST-error-in-hub.c.patch patches.suse/USB-serial-option-add-Quectel-BG95-0x0203-compositio.patch patches.suse/USB-serial-option-add-Quectel-RM520N.patch + patches.suse/s390-dasd-fix-Oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup patches.suse/ACPI-processor-idle-Practically-limit-Dummy-wait-workaround-to-old-Intel-systems.patch patches.suse/Input-melfas_mip4-fix-return-value-check-in-mip4_pro.patch patches.suse/usbnet-Fix-memory-leak-in-usbnet_disconnect.patch @@ -62303,6 +62326,7 @@ patches.suse/xen-gntdev-Prevent-leaking-grants.patch patches.suse/ftrace-Fix-char-print-issue-in-print_ip_ins.patch patches.suse/msft-hv-2671-hv_netvsc-Fix-race-between-VF-offering-and-VF-associ.patch + patches.suse/0001-ipv6-ping-fix-wrong-checksum-for-large-frames.patch patches.suse/tcp-udp-Fix-memory-leak-in-ipv6_renew_options.patch patches.suse/ipv6-Fix-data-races-around-sk-sk_prot.patch patches.suse/kcm-avoid-potential-race-in-kcm_tx_work.patch @@ -62322,12 +62346,14 @@ patches.suse/scsi-ibmvfc-Avoid-path-failures-during-live-migratio.patch patches.suse/x86-cpu-Restore-AMD-s-DE_CFG-MSR-after-resume.patch patches.suse/xen-pcpu-fix-possible-memory-leak-in-register_pcpu.patch + patches.suse/scsi-zfcp-Fix-double-free-of-FSF-request-when-qdio-send-fails patches.suse/ftrace-Fix-the-possible-incorrect-kernel-message.patch patches.suse/ftrace-Optimize-the-allocation-for-mcount-entries.patch patches.suse/ring_buffer-Do-not-deactivate-non-existant-pages.patch patches.suse/msft-hv-2681-PCI-hv-Only-reuse-existing-IRTE-allocation-for-Multi.patch patches.suse/msft-hv-2682-Drivers-hv-vmbus-fix-double-free-in-the-error-path-o.patch patches.suse/msft-hv-2683-Drivers-hv-vmbus-fix-possible-memory-leak-in-vmbus_d.patch + patches.suse/x86-bugs-Make-sure-MSR_SPEC_CTRL-is-updated-properly.patch patches.suse/proc-avoid-integer-type-confusion-in-get_proc_long.patch patches.suse/proc-proc_skip_spaces-shouldn-t-think-it-is-working-.patch patches.suse/xen-netback-Ensure-protocol-headers-don-t-fall-in-th.patch @@ -63475,7 +63501,6 @@ # getting pushed upstream very soon. Waiting for that point. +agraf patches.suse/arm64-bsc1045298-KVM-arm-arm64-Handle-hva-aging-while-destroying-the-.patch ### -+bsc1094575 patches.suse/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch patches.suse/v2-0004-xen-netback-fix-spurious-event-detection-for-comm.patch patches.suse/ACPICA-Enable-sleep-button-on-ACPI-legacy-wake.patch