diff --git a/blacklist.conf b/blacklist.conf index e6f12a8..6d0941d 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -854,3 +854,8 @@ c7ac8231ace9b07306d0299969e42073b189c70a # prereq of f7ec1cd5cc7ef3ad964b677ba82 daa694e4137571b4ebec330f9a9b4d54aa8b8089 # prereq of f7ec1cd5cc7ef3ad964b677ba82b8b77f1c93009 f7ec1cd5cc7ef3ad964b677ba82b8b77f1c93009 # performance optimization, see bsc#1222436 b377c66ae3509ccea596512d6afb4777711c4870 # we don't have annotate_noendbr +a307e2abfc22880a3026bc2f2a997402b7c2d833 # typo fix +a909d629ae77b97b6288bc3cfe68560454bf79c6 # cleanup designed to break kABI +0522b9a1653048440da5f21747f21e498b9220d1 # relevant only on specific systems and wrecks kABI +74622f0a81d0c2bcfc39f9192b788124e8c7f0af # relevant only on specific systems and wrecks kABI +2996e9fc00c378987c18ecbafe5624581b18c0d6 # cleanup designed to break kABI diff --git a/patches.kabi/kABI-Adjust-trace_iterator.wait_index.patch b/patches.kabi/kABI-Adjust-trace_iterator.wait_index.patch new file mode 100644 index 0000000..5dea65a --- /dev/null +++ b/patches.kabi/kABI-Adjust-trace_iterator.wait_index.patch @@ -0,0 +1,47 @@ +From: Petr Pavlu +Date: Tue Apr 9 13:52:50 2024 +0200 +Subject: kABI: Adjust trace_iterator.wait_index +Patch-mainline: Never, kABI fix +References: git-fixes + +Commit 2aa043a55b9a ("tracing/ring-buffer: Fix wait_on_pipe() race") +changed the type of trace_iterator.wait_index from long to atomic_t and +added a new bool member trace_iterator.closed. + +The variable trace_iterator.wait_index is internal to the tracing +subsystem. Reuse its original 8-byte space for both new wait_index and +closed members. + +Signed-off-by: Petr Pavlu +--- + include/linux/trace_events.h | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +--- a/include/linux/trace_events.h ++++ b/include/linux/trace_events.h +@@ -92,16 +92,21 @@ struct trace_iterator { + unsigned int temp_size; + char *fmt; /* modified format holder */ + unsigned int fmt_size; +- atomic_t wait_index; ++ ++#if !defined(__GENKSYMS__) || !defined(CONFIG_64BIT) ++ atomic_t wait_index __aligned(__alignof__(long)); ++ ++ /* Set when the file is closed to prevent new waiters */ ++ bool closed; ++#else ++ long wait_index; ++#endif + + /* trace_seq for __print_flags() and __print_symbolic() etc. */ + struct trace_seq tmp_seq; + + cpumask_var_t started; + +- /* Set when the file is closed to prevent new waiters */ +- bool closed; +- + /* it's true when current open file is snapshot */ + bool snapshot; + diff --git a/patches.suse/0017-bcache-avoid-unnecessary-soft-lockup-in-kworker-upda.patch b/patches.suse/0017-bcache-avoid-unnecessary-soft-lockup-in-kworker-upda.patch index 85c0ed0..dd789da 100644 --- a/patches.suse/0017-bcache-avoid-unnecessary-soft-lockup-in-kworker-upda.patch +++ b/patches.suse/0017-bcache-avoid-unnecessary-soft-lockup-in-kworker-upda.patch @@ -62,10 +62,10 @@ Signed-off-by: Jens Axboe --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h -@@ -397,6 +397,13 @@ struct cached_dev { +@@ -395,6 +395,13 @@ struct cached_dev { + atomic_t io_errors; + unsigned int error_limit; unsigned int offline_seconds; - - char backing_dev_name[BDEVNAME_SIZE]; + + /* + * Retry to update writeback_rate if contention happens for @@ -116,7 +116,7 @@ Signed-off-by: Jens Axboe } -@@ -1003,6 +1011,9 @@ void bch_cached_dev_writeback_init(struc +@@ -1006,6 +1014,9 @@ void bch_cached_dev_writeback_init(struc dc->writeback_rate_fp_term_high = 1000; dc->writeback_rate_i_term_inverse = 10000; diff --git a/patches.suse/ARM-ep93xx-Add-terminator-to-gpiod_lookup_table.patch b/patches.suse/ARM-ep93xx-Add-terminator-to-gpiod_lookup_table.patch new file mode 100644 index 0000000..d526684 --- /dev/null +++ b/patches.suse/ARM-ep93xx-Add-terminator-to-gpiod_lookup_table.patch @@ -0,0 +1,35 @@ +From: Nikita Shubin +Date: Mon, 5 Feb 2024 11:23:34 +0100 +Subject: ARM: ep93xx: Add terminator to gpiod_lookup_table +Git-commit: fdf87a0dc26d0550c60edc911cda42f9afec3557 +Patch-mainline: v6.8-rc6 +References: CVE-2024-26751 bsc#1222724 + +Without the terminator, if a con_id is passed to gpio_find() that +does not exist in the lookup table the function will not stop looping +correctly, and eventually cause an oops. + +Cc: stable@vger.kernel.org +Fixes: b2e63555592f ("i2c: gpio: Convert to use descriptors") +Reported-by: Andy Shevchenko +Signed-off-by: Nikita Shubin +Reviewed-by: Linus Walleij +Acked-by: Alexander Sverdlin +Signed-off-by: Alexander Sverdlin +Link: https://lore.kernel.org/r/20240205102337.439002-1-alexander.sverdlin@gmail.com +Signed-off-by: Arnd Bergmann +Acked-by: Ivan T. Ivanov +--- + arch/arm/mach-ep93xx/core.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/arm/mach-ep93xx/core.c ++++ b/arch/arm/mach-ep93xx/core.c +@@ -337,6 +337,7 @@ static struct gpiod_lookup_table ep93xx_ + GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN), + GPIO_LOOKUP_IDX("G", 0, NULL, 1, + GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN), ++ { } + }, + }; + diff --git a/patches.suse/ASoC-rt5645-Fix-deadlock-in-rt5645_jack_detect_work.patch b/patches.suse/ASoC-rt5645-Fix-deadlock-in-rt5645_jack_detect_work.patch index 2b4d386..509a5ec 100644 --- a/patches.suse/ASoC-rt5645-Fix-deadlock-in-rt5645_jack_detect_work.patch +++ b/patches.suse/ASoC-rt5645-Fix-deadlock-in-rt5645_jack_detect_work.patch @@ -4,7 +4,7 @@ Date: Sun, 11 Feb 2024 12:58:34 +0300 Subject: [PATCH] ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Git-commit: 6ef5d5b92f7117b324efaac72b3db27ae8bb3082 Patch-mainline: v6.8-rc5 -References: git-fixes +References: git-fixes CVE-2024-26722 bsc#1222520 There is a path in rt5645_jack_detect_work(), where rt5645->jd_mutex is left locked forever. That may lead to deadlock diff --git a/patches.suse/Avoid-deadlock-for-recursive-I-O-on-dm-thin-when-used-as-swap-4905.patch b/patches.suse/Avoid-deadlock-for-recursive-I-O-on-dm-thin-when-used-as-swap-4905.patch deleted file mode 100644 index a96abe1..0000000 --- a/patches.suse/Avoid-deadlock-for-recursive-I-O-on-dm-thin-when-used-as-swap-4905.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 49058b21fac119193c553dfce58cdfe62e8871d8 Mon Sep 17 00:00:00 2001 -From: Coly Li -Date: Mon, 27 Feb 2023 21:26:14 +0800 -Subject: [PATCH] Avoid deadlock for recursive I/O on dm-thin when used as swap -Patch-mainline: Not yet, posted to upstream but not accepted yet. -References: bsc#1177529 - -This is an alrady known issue that dm-thin volume cannot be used as -swap, otherwise a deadlock may happen when dm-thin internal memory -demond triggers swap I/O on the dm-thin volume itself. - -Thanks to Mikulas Patocka for commit a666e5c05e7c ("dm: fix deadlock -when swapping to encrypted device"), this method can also be used for -dm-thin to avoid the recursive I/O when it is used as swap. - -This patch just simply sets ti->limit_swap_bios by tree in pool_ctr() -and thin_ctr(), other important stuffs are already done by Patocka in -the above mentioned commit. - -In my test, I create a dm-thin volume /dev/vg/swap and use it as swap -device. Then I run fio on another dm-thin volume /dev/vg/main and use -large --blocksize to trigger swap I/O onto /dev/vg/swap. - -The following fio command line is used in my test, - fio --name recursive-swap-io --lockmem 1 --iodepth 128 \ - --ioengine libaio --filename /dev/vg/main --rw randrw \ - --blocksize 1M --numjobs 32 --time_based --runtime=12h - -Without the patch, the whole system can be locked up within 15 seconds. - -With this patch, there is no any deadlock or hang task observed after -2 hours fio running. - -Further more, I change --blocksize from 1M to 128M, around 30 seconds -after fio running, no I/O rate displayed by fio, and the out-of-memory -killer message shows up in kernel message. After around 20 minutes all -fio processes are killed and the whole system backs to be alive. - -This is exactly what is expected when recursive I/O happens on dm-thin -volume when it is used as swap. - -Note: this change depends on commit a666e5c05e7c ("dm: fix deadlock when -swapping to encrypted device") - -(Coly Li: refreshed for Linux v5.14 based SUSE kernel) - -Signed-off-by: Coly Li -Cc: Mikulas Patocka -Cc: Mike Snitzer -Cc: stable@vger.kernel.org - ---- - drivers/md/dm-thin.c | 2 ++ - 1 file changed, 2 insertions(+) - ---- a/drivers/md/dm-thin.c -+++ b/drivers/md/dm-thin.c -@@ -3355,6 +3355,7 @@ static int pool_ctr(struct dm_target *ti - pt->low_water_blocks = low_water_blocks; - pt->adjusted_pf = pt->requested_pf = pf; - ti->num_flush_bios = 1; -+ ti->limit_swap_bios = true; - - /* - * Only need to enable discards if the pool should pass -@@ -4233,6 +4234,7 @@ static int thin_ctr(struct dm_target *ti - goto bad; - - ti->num_flush_bios = 1; -+ ti->limit_swap_bios = true; - ti->flush_supported = true; - ti->accounts_remapped_io = true; - ti->per_io_data_size = sizeof(struct dm_thin_endio_hook); diff --git a/patches.suse/PCI-AER-Block-runtime-suspend-when-handling-errors.patch b/patches.suse/PCI-AER-Block-runtime-suspend-when-handling-errors.patch new file mode 100644 index 0000000..d92f50c --- /dev/null +++ b/patches.suse/PCI-AER-Block-runtime-suspend-when-handling-errors.patch @@ -0,0 +1,92 @@ +From: Stanislaw Gruszka +Date: Mon, 12 Feb 2024 13:01:35 +0100 +Subject: PCI/AER: Block runtime suspend when handling errors +Git-commit: 002bf2fbc00e5c4b95fb167287e2ae7d1973281e +Patch-mainline: 6.9-rc1 +References: git-fixes + +PM runtime can be done simultaneously with AER error handling. Avoid that +by using pm_runtime_get_sync() before and pm_runtime_put() after reset in +pcie_do_recovery() for all recovering devices. + +pm_runtime_get_sync() will increase dev->power.usage_count counter to +prevent any possible future request to runtime suspend a device. It will +also resume a device, if it was previously in D3hot state. + +I tested with igc device by doing simultaneous aer_inject and rpm +suspend/resume via /sys/bus/pci/devices/PCI_ID/power/control and can +reproduce: + + igc 0000:02:00.0: not ready 65535ms after bus reset; giving up + pcieport 0000:00:1c.2: AER: Root Port link has been reset (-25) + pcieport 0000:00:1c.2: AER: subordinate device reset failed + pcieport 0000:00:1c.2: AER: device recovery failed + igc 0000:02:00.0: Unable to change power state from D3hot to D0, device inaccessible + +The problem disappears when this patch is applied. + +Link: https://lore.kernel.org/r/20240212120135.146068-1-stanislaw.gruszka@linux.intel.com +Signed-off-by: Stanislaw Gruszka +Signed-off-by: Bjorn Helgaas +Reviewed-by: Kuppuswamy Sathyanarayanan +Acked-by: Rafael J. Wysocki +Cc: +Signed-off-by: Jiri Slaby +--- + drivers/pci/pcie/err.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +--- a/drivers/pci/pcie/err.c ++++ b/drivers/pci/pcie/err.c +@@ -13,6 +13,7 @@ + #define dev_fmt(fmt) "AER: " fmt + + #include ++#include + #include + #include + #include +@@ -79,6 +80,18 @@ static int report_error_detected(struct + return 0; + } + ++static int pci_pm_runtime_get_sync(struct pci_dev *pdev, void *data) ++{ ++ pm_runtime_get_sync(&pdev->dev); ++ return 0; ++} ++ ++static int pci_pm_runtime_put(struct pci_dev *pdev, void *data) ++{ ++ pm_runtime_put(&pdev->dev); ++ return 0; ++} ++ + static int report_frozen_detected(struct pci_dev *dev, void *data) + { + return report_error_detected(dev, pci_channel_io_frozen, data); +@@ -195,6 +208,8 @@ pci_ers_result_t pcie_do_recovery(struct + else + bridge = pci_upstream_bridge(dev); + ++ pci_walk_bridge(bridge, pci_pm_runtime_get_sync, NULL); ++ + pci_dbg(bridge, "broadcast error_detected message\n"); + if (state == pci_channel_io_frozen) { + pci_walk_bridge(bridge, report_frozen_detected, &status); +@@ -239,10 +254,15 @@ pci_ers_result_t pcie_do_recovery(struct + pcie_clear_device_status(dev); + pci_aer_clear_nonfatal_status(dev); + } ++ ++ pci_walk_bridge(bridge, pci_pm_runtime_put, NULL); ++ + pci_info(bridge, "device recovery successful\n"); + return status; + + failed: ++ pci_walk_bridge(bridge, pci_pm_runtime_put, NULL); ++ + pci_uevent_ers(bridge, PCI_ERS_RESULT_DISCONNECT); + + /* TODO: Should kernel panic here? */ diff --git a/patches.suse/PCI-DPC-Quirk-PIO-log-size-for-Intel-Ice-Lake-Root-P.patch b/patches.suse/PCI-DPC-Quirk-PIO-log-size-for-Intel-Ice-Lake-Root-P.patch new file mode 100644 index 0000000..ecfffb7 --- /dev/null +++ b/patches.suse/PCI-DPC-Quirk-PIO-log-size-for-Intel-Ice-Lake-Root-P.patch @@ -0,0 +1,55 @@ +From: Mika Westerberg +Date: Thu, 11 May 2023 15:19:05 +0300 +Subject: PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports +Git-commit: 3b8803494a0612acdeee714cb72aa142b1e05ce5 +Patch-mainline: 6.4-rc4 +References: git-fixes + +Commit 5459c0b70467 ("PCI/DPC: Quirk PIO log size for certain Intel Root +Ports") added quirks for Tiger and Alder Lake Root Ports but missed that +the same issue exists also in the previous generation, Ice Lake. + +Apply the quirk for Ice Lake Root Ports as well. This prevents kernel +complaints like: + + DPC: RP PIO log size 0 is invalid + +and also enables the DPC driver to dump the RP PIO Log registers when DPC +is triggered. + +[bhelgaas: add dmesg warning and RP PIO Log dump info] +Closes: https://bugzilla.kernel.org/show_bug.cgi?id=209943 +Link: https://lore.kernel.org/r/20230511121905.73949-1-mika.westerberg@linux.intel.com +Reported-by: Mark Blakeney +Signed-off-by: Mika Westerberg +Signed-off-by: Bjorn Helgaas +Signed-off-by: Jiri Slaby +--- + drivers/pci/quirks.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/drivers/pci/quirks.c ++++ b/drivers/pci/quirks.c +@@ -5980,8 +5980,9 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_I + + #ifdef CONFIG_PCIE_DPC + /* +- * Intel Tiger Lake and Alder Lake BIOS has a bug that clears the DPC +- * RP PIO Log Size of the integrated Thunderbolt PCIe Root Ports. ++ * Intel Ice Lake, Tiger Lake and Alder Lake BIOS has a bug that clears ++ * the DPC RP PIO Log Size of the integrated Thunderbolt PCIe Root ++ * Ports. + */ + static void dpc_log_size(struct pci_dev *dev) + { +@@ -6004,6 +6005,10 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_I + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x462f, dpc_log_size); + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x463f, dpc_log_size); + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x466e, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x8a1d, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x8a1f, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x8a21, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x8a23, dpc_log_size); + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a23, dpc_log_size); + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a25, dpc_log_size); + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a27, dpc_log_size); diff --git a/patches.suse/PCI-DPC-Quirk-PIO-log-size-for-Intel-Raptor-Lake-Roo.patch b/patches.suse/PCI-DPC-Quirk-PIO-log-size-for-Intel-Raptor-Lake-Roo.patch new file mode 100644 index 0000000..2ae1379 --- /dev/null +++ b/patches.suse/PCI-DPC-Quirk-PIO-log-size-for-Intel-Raptor-Lake-Roo.patch @@ -0,0 +1,48 @@ +From: Paul Menzel +Date: Tue, 5 Mar 2024 12:30:56 +0100 +Subject: PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports +Git-commit: 627c6db20703b5d18d928464f411d0d4ec327508 +Patch-mainline: 6.9-rc1 +References: git-fixes + +Commit 5459c0b70467 ("PCI/DPC: Quirk PIO log size for certain Intel Root +Ports") and commit 3b8803494a06 ("PCI/DPC: Quirk PIO log size for Intel Ice +Lake Root Ports") add quirks for Ice, Tiger and Alder Lake Root Ports. +System firmware for Raptor Lake still has the bug, so Linux logs the +warning below on several Raptor Lake systems like Dell Precision 3581 with +Intel Raptor Lake processor (0W18NX) system firmware/BIOS version 1.10.1. + + pci 0000:00:07.0: [8086:a76e] type 01 class 0x060400 + pci 0000:00:07.0: DPC: RP PIO log size 0 is invalid + pci 0000:00:07.1: [8086:a73f] type 01 class 0x060400 + pci 0000:00:07.1: DPC: RP PIO log size 0 is invalid + +Apply the quirk for Raptor Lake Root Ports as well. + +This also enables the DPC driver to dump the RP PIO Log registers when DPC +is triggered. + +Link: https://lore.kernel.org/r/20240305113057.56468-1-pmenzel@molgen.mpg.de +Reported-by: Niels van Aert +Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218560 +Signed-off-by: Paul Menzel +Signed-off-by: Bjorn Helgaas +Cc: +Cc: Mika Westerberg +Cc: Niels van Aert +Signed-off-by: Jiri Slaby +--- + drivers/pci/quirks.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/pci/quirks.c ++++ b/drivers/pci/quirks.c +@@ -6062,6 +6062,8 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_I + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a2d, dpc_log_size); + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a2f, dpc_log_size); + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a31, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0xa73f, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0xa76e, dpc_log_size); + #endif + + /* diff --git a/patches.suse/PCI-DPC-Quirk-PIO-log-size-for-certain-Intel-Root-Po.patch b/patches.suse/PCI-DPC-Quirk-PIO-log-size-for-certain-Intel-Root-Po.patch new file mode 100644 index 0000000..972561c --- /dev/null +++ b/patches.suse/PCI-DPC-Quirk-PIO-log-size-for-certain-Intel-Root-Po.patch @@ -0,0 +1,97 @@ +From: Mika Westerberg +Date: Tue, 16 Aug 2022 13:20:42 +0300 +Subject: PCI/DPC: Quirk PIO log size for certain Intel Root Ports +Git-commit: 5459c0b7046752e519a646e1c2404852bb628459 +Patch-mainline: 6.1-rc1 +References: git-fixes + +Some Root Ports on Intel Tiger Lake and Alder Lake systems support the RP +Extensions for DPC and the RP PIO Log registers but incorrectly advertise +an RP PIO Log Size of zero. This means the kernel complains that: + + DPC: RP PIO log size 0 is invalid + +and if DPC is triggered, the DPC driver will not dump the RP PIO Log +registers when it should. + +This is caused by a BIOS bug and should be fixed the BIOS for future CPUs. + +Add a quirk to set the correct RP PIO Log size for the affected Root Ports. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=209943 +Link: https://lore.kernel.org/r/20220816102042.69125-1-mika.westerberg@linux.intel.com +Signed-off-by: Mika Westerberg +Signed-off-by: Bjorn Helgaas +Reviewed-by: Kuppuswamy Sathyanarayanan +Signed-off-by: Jiri Slaby +--- + drivers/pci/pcie/dpc.c | 15 ++++++++++----- + drivers/pci/quirks.c | 36 ++++++++++++++++++++++++++++++++++++ + 2 files changed, 46 insertions(+), 5 deletions(-) + +--- a/drivers/pci/pcie/dpc.c ++++ b/drivers/pci/pcie/dpc.c +@@ -335,11 +335,16 @@ void pci_dpc_init(struct pci_dev *pdev) + return; + + pdev->dpc_rp_extensions = true; +- pdev->dpc_rp_log_size = (cap & PCI_EXP_DPC_RP_PIO_LOG_SIZE) >> 8; +- if (pdev->dpc_rp_log_size < 4 || pdev->dpc_rp_log_size > 9) { +- pci_err(pdev, "RP PIO log size %u is invalid\n", +- pdev->dpc_rp_log_size); +- pdev->dpc_rp_log_size = 0; ++ ++ /* Quirks may set dpc_rp_log_size if device or firmware is buggy */ ++ if (!pdev->dpc_rp_log_size) { ++ pdev->dpc_rp_log_size = ++ (cap & PCI_EXP_DPC_RP_PIO_LOG_SIZE) >> 8; ++ if (pdev->dpc_rp_log_size < 4 || pdev->dpc_rp_log_size > 9) { ++ pci_err(pdev, "RP PIO log size %u is invalid\n", ++ pdev->dpc_rp_log_size); ++ pdev->dpc_rp_log_size = 0; ++ } + } + } + +--- a/drivers/pci/quirks.c ++++ b/drivers/pci/quirks.c +@@ -5954,3 +5954,39 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_I + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x56c0, aspm_l1_acceptable_latency); + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x56c1, aspm_l1_acceptable_latency); + #endif ++ ++#ifdef CONFIG_PCIE_DPC ++/* ++ * Intel Tiger Lake and Alder Lake BIOS has a bug that clears the DPC ++ * RP PIO Log Size of the integrated Thunderbolt PCIe Root Ports. ++ */ ++static void dpc_log_size(struct pci_dev *dev) ++{ ++ u16 dpc, val; ++ ++ dpc = pci_find_ext_capability(dev, PCI_EXT_CAP_ID_DPC); ++ if (!dpc) ++ return; ++ ++ pci_read_config_word(dev, dpc + PCI_EXP_DPC_CAP, &val); ++ if (!(val & PCI_EXP_DPC_CAP_RP_EXT)) ++ return; ++ ++ if (!((val & PCI_EXP_DPC_RP_PIO_LOG_SIZE) >> 8)) { ++ pci_info(dev, "Overriding RP PIO Log Size to 4\n"); ++ dev->dpc_rp_log_size = 4; ++ } ++} ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x461f, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x462f, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x463f, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x466e, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a23, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a25, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a27, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a29, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a2b, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a2d, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a2f, dpc_log_size); ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a31, dpc_log_size); ++#endif diff --git a/patches.suse/PCI-Drop-pci_device_remove-test-of-pci_dev-driver.patch b/patches.suse/PCI-Drop-pci_device_remove-test-of-pci_dev-driver.patch new file mode 100644 index 0000000..77e107b --- /dev/null +++ b/patches.suse/PCI-Drop-pci_device_remove-test-of-pci_dev-driver.patch @@ -0,0 +1,50 @@ +From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= +Date: Mon, 4 Oct 2021 14:59:25 +0200 +Subject: PCI: Drop pci_device_remove() test of pci_dev->driver +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 097d9d414433315122f759ee6c2d8a7417a8ff0f +Patch-mainline: 5.16-rc1 +References: git-fixes + +When the driver core calls pci_device_remove(), there is a driver bound +to the device, so pci_dev->driver is never NULL. + +Remove the unnecessary test of pci_dev->driver. + +Link: https://lore.kernel.org/r/20211004125935.2300113-2-u.kleine-koenig@pengutronix.de +Signed-off-by: Uwe Kleine-König +Signed-off-by: Bjorn Helgaas +Reviewed-by: Christoph Hellwig +Signed-off-by: Jiri Slaby +--- + drivers/pci/pci-driver.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +--- a/drivers/pci/pci-driver.c ++++ b/drivers/pci/pci-driver.c +@@ -459,16 +459,14 @@ static void pci_device_remove(struct dev + struct pci_dev *pci_dev = to_pci_dev(dev); + struct pci_driver *drv = pci_dev->driver; + +- if (drv) { +- if (drv->remove) { +- pm_runtime_get_sync(dev); +- drv->remove(pci_dev); +- pm_runtime_put_noidle(dev); +- } +- pcibios_free_irq(pci_dev); +- pci_dev->driver = NULL; +- pci_iov_remove(pci_dev); ++ if (drv->remove) { ++ pm_runtime_get_sync(dev); ++ drv->remove(pci_dev); ++ pm_runtime_put_noidle(dev); + } ++ pcibios_free_irq(pci_dev); ++ pci_dev->driver = NULL; ++ pci_iov_remove(pci_dev); + + /* Undo the runtime PM settings in local_pci_probe() */ + pm_runtime_put_sync(dev); diff --git a/patches.suse/PCI-Lengthen-reset-delay-for-VideoPropulsion-Torrent.patch b/patches.suse/PCI-Lengthen-reset-delay-for-VideoPropulsion-Torrent.patch index 631bc41..c8de784 100644 --- a/patches.suse/PCI-Lengthen-reset-delay-for-VideoPropulsion-Torrent.patch +++ b/patches.suse/PCI-Lengthen-reset-delay-for-VideoPropulsion-Torrent.patch @@ -45,9 +45,9 @@ Signed-off-by: Jiri Slaby --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c -@@ -6000,3 +6000,15 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_I - DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x56c0, aspm_l1_acceptable_latency); - DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x56c1, aspm_l1_acceptable_latency); +@@ -6041,3 +6041,15 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_I + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a2f, dpc_log_size); + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a31, dpc_log_size); #endif + +/* diff --git a/patches.suse/PCI-PM-Drain-runtime-idle-callbacks-before-driver-re.patch b/patches.suse/PCI-PM-Drain-runtime-idle-callbacks-before-driver-re.patch new file mode 100644 index 0000000..2d57905 --- /dev/null +++ b/patches.suse/PCI-PM-Drain-runtime-idle-callbacks-before-driver-re.patch @@ -0,0 +1,69 @@ +From: "Rafael J. Wysocki" +Date: Tue, 5 Mar 2024 11:45:38 +0100 +Subject: PCI/PM: Drain runtime-idle callbacks before driver removal +Git-commit: 9d5286d4e7f68beab450deddbb6a32edd5ecf4bf +Patch-mainline: 6.9-rc1 +References: git-fixes + +A race condition between the .runtime_idle() callback and the .remove() +callback in the rtsx_pcr PCI driver leads to a kernel crash due to an +unhandled page fault [1]. + +The problem is that rtsx_pci_runtime_idle() is not expected to be running +after pm_runtime_get_sync() has been called, but the latter doesn't really +guarantee that. It only guarantees that the suspend and resume callbacks +will not be running when it returns. + +However, if a .runtime_idle() callback is already running when +pm_runtime_get_sync() is called, the latter will notice that the runtime PM +status of the device is RPM_ACTIVE and it will return right away without +waiting for the former to complete. In fact, it cannot wait for +.runtime_idle() to complete because it may be called from that callback (it +arguably does not make much sense to do that, but it is not strictly +prohibited). + +Thus in general, whoever is providing a .runtime_idle() callback needs +to protect it from running in parallel with whatever code runs after +pm_runtime_get_sync(). [Note that .runtime_idle() will not start after +pm_runtime_get_sync() has returned, but it may continue running then if it +has started earlier.] + +One way to address that race condition is to call pm_runtime_barrier() +after pm_runtime_get_sync() (not before it, because a nonzero value of the +runtime PM usage counter is necessary to prevent runtime PM callbacks from +being invoked) to wait for the .runtime_idle() callback to complete should +it be running at that point. A suitable place for doing that is in +pci_device_remove() which calls pm_runtime_get_sync() before removing the +driver, so it may as well call pm_runtime_barrier() subsequently, which +will prevent the race in question from occurring, not just in the rtsx_pcr +driver, but in any PCI drivers providing .runtime_idle() callbacks. + +Link: https://lore.kernel.org/lkml/20240229062201.49500-1-kai.heng.feng@canonical.com/ # [1] +Link: https://lore.kernel.org/r/5761426.DvuYhMxLoT@kreacher +Reported-by: Kai-Heng Feng +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Bjorn Helgaas +Tested-by: Ricky Wu +Acked-by: Kai-Heng Feng +Cc: +Signed-off-by: Jiri Slaby +--- + drivers/pci/pci-driver.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/pci/pci-driver.c ++++ b/drivers/pci/pci-driver.c +@@ -462,6 +462,13 @@ static void pci_device_remove(struct dev + + if (drv->remove) { + pm_runtime_get_sync(dev); ++ /* ++ * If the driver provides a .runtime_idle() callback and it has ++ * started to run already, it may continue to run in parallel ++ * with the code below, so wait until all of the runtime PM ++ * activity has completed. ++ */ ++ pm_runtime_barrier(dev); + drv->remove(pci_dev); + pm_runtime_put_noidle(dev); + } diff --git a/patches.suse/RAS-AMD-FMPM-Avoid-NULL-ptr-deref-in-get_saved_records.patch b/patches.suse/RAS-AMD-FMPM-Avoid-NULL-ptr-deref-in-get_saved_records.patch index 81b3c70..05146ec 100644 --- a/patches.suse/RAS-AMD-FMPM-Avoid-NULL-ptr-deref-in-get_saved_records.patch +++ b/patches.suse/RAS-AMD-FMPM-Avoid-NULL-ptr-deref-in-get_saved_records.patch @@ -1,9 +1,8 @@ From: Yazen Ghannam Date: Tue, 19 Mar 2024 06:33:21 -0500 Subject: RAS/AMD/FMPM: Avoid NULL ptr deref in get_saved_records() -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras.git Git-commit: 4b0e527c9970a15ac9ec8fc44af957725b854c29 -Patch-mainline: Queued in subsystem maintainer repo +Patch-mainline: v6.9-rc2 References: jsc#PED-7619 An old, invalid record should be cleared and skipped. diff --git a/patches.suse/RAS-AMD-FMPM-Fix-build-when-debugfs-is-not-enabled.patch b/patches.suse/RAS-AMD-FMPM-Fix-build-when-debugfs-is-not-enabled.patch deleted file mode 100644 index 2e9c7e7..0000000 --- a/patches.suse/RAS-AMD-FMPM-Fix-build-when-debugfs-is-not-enabled.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: "Borislav Petkov (AMD)" -Date: Mon, 25 Mar 2024 19:37:55 +0100 -Subject: RAS/AMD/FMPM: Fix build when debugfs is not enabled -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras.git -Git-commit: bff78224e453507496ff4ccdddb462805e2b3f39 -Patch-mainline: Queued in subsystem maintainer repo -References: jsc#PED-7619 - -Have the driver depend on DEBUG_FS as it is useless without it. - -Fixes: 6f15e617cc99 ("RAS: Introduce a FRU memory poison manager") -Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218640 -Reported-by: anthony s.k. -Signed-off-by: Borislav Petkov (AMD) -Link: https://lore.kernel.org/r/20240325183755.776-1-bp@alien8.de - -Acked-by: Nikolay Borisov ---- - drivers/ras/Kconfig | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/ras/Kconfig b/drivers/ras/Kconfig -index fc4f4bb94a4c..41697e326fa6 100644 ---- a/drivers/ras/Kconfig -+++ b/drivers/ras/Kconfig -@@ -37,7 +37,7 @@ source "drivers/ras/amd/atl/Kconfig" - config RAS_FMPM - tristate "FRU Memory Poison Manager" - default m -- depends on AMD_ATL && ACPI_APEI -+ depends on AMD_ATL && ACPI_APEI && DEBUG_FS - help - Support saving and restoring memory error information across reboot - using ACPI ERST as persistent storage. Error information is saved with - diff --git a/patches.suse/RAS-AMD-FMPM-Safely-handle-saved-records-of-various-sizes.patch b/patches.suse/RAS-AMD-FMPM-Safely-handle-saved-records-of-various-sizes.patch index fa22e26..4b6517d 100644 --- a/patches.suse/RAS-AMD-FMPM-Safely-handle-saved-records-of-various-sizes.patch +++ b/patches.suse/RAS-AMD-FMPM-Safely-handle-saved-records-of-various-sizes.patch @@ -1,9 +1,8 @@ From: Yazen Ghannam Date: Tue, 19 Mar 2024 06:33:22 -0500 Subject: RAS/AMD/FMPM: Safely handle saved records of various sizes -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras.git Git-commit: 9b195439e0c54b9b9b55b2d68706b48739911519 -Patch-mainline: Queued in subsystem maintainer repo +Patch-mainline: v6.9-rc2 References: jsc#PED-7619 Currently, the size of the locally cached FRU record structures is diff --git a/patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch b/patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch index 44af98d..7d7b23c 100644 --- a/patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch +++ b/patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch @@ -4,7 +4,7 @@ Date: Mon, 19 Feb 2024 14:39:03 +0000 Subject: [PATCH] afs: Increase buffer size in afs_update_volume_status() Git-commit: 6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d Patch-mainline: v6.8-rc6 -References: git-fixes +References: git-fixes CVE-2024-26736 bsc#1222586 The max length of volume->vid value is 20 characters. So increase idbuf[] size up to 24 to avoid overflow. diff --git a/patches.suse/arm64-dts-qcom-sdm845-db845c-Mark-cont-splash-memory-region-as-reserved.patch b/patches.suse/arm64-dts-qcom-sdm845-db845c-Mark-cont-splash-memory-region-as-reserved.patch new file mode 100644 index 0000000..c51dd9b --- /dev/null +++ b/patches.suse/arm64-dts-qcom-sdm845-db845c-Mark-cont-splash-memory-region-as-reserved.patch @@ -0,0 +1,51 @@ +From: Amit Pundir +Date: Wed, 26 Jul 2023 18:57:19 +0530 +Subject: arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as + reserved +Git-commit: 110e70fccce4f22b53986ae797d665ffb1950aa6 +Patch-mainline: v6.6-rc1 +References: CVE-2023-52561 bsc#1220935 + +Adding a reserved memory region for the framebuffer memory +(the splash memory region set up by the bootloader). + +It fixes a kernel panic (arm-smmu: Unhandled context fault +at this particular memory region) reported on DB845c running +v5.10.y. + +Cc: stable@vger.kernel.org # v5.10+ +Reviewed-by: Caleb Connolly +Signed-off-by: Amit Pundir +Acked-by: Krzysztof Kozlowski +Link: https://lore.kernel.org/r/20230726132719.2117369-2-amit.pundir@linaro.org +Signed-off-by: Bjorn Andersson +Acked-by: Ivan T. Ivanov +--- + arch/arm64/boot/dts/qcom/sdm845-db845c.dts | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/arch/arm64/boot/dts/qcom/sdm845-db845c.dts ++++ b/arch/arm64/boot/dts/qcom/sdm845-db845c.dts +@@ -85,6 +85,14 @@ + }; + }; + ++ reserved-memory { ++ /* Cont splash region set up by the bootloader */ ++ cont_splash_mem: framebuffer@9d400000 { ++ reg = <0x0 0x9d400000 0x0 0x2400000>; ++ no-map; ++ }; ++ }; ++ + lt9611_1v8: lt9611-vdd18-regulator { + compatible = "regulator-fixed"; + regulator-name = "LT9611_1V8"; +@@ -482,6 +490,7 @@ + }; + + &mdss { ++ memory-region = <&cont_splash_mem>; + status = "okay"; + }; + diff --git a/patches.suse/bcache-Fix-__bch_btree_node_alloc-to-make-the-failur-80fc.patch b/patches.suse/bcache-Fix-__bch_btree_node_alloc-to-make-the-failur-80fc.patch new file mode 100644 index 0000000..8b5dc1e --- /dev/null +++ b/patches.suse/bcache-Fix-__bch_btree_node_alloc-to-make-the-failur-80fc.patch @@ -0,0 +1,48 @@ +From 80fca8a10b604afad6c14213fdfd816c4eda3ee4 Mon Sep 17 00:00:00 2001 +From: Zheng Wang +Date: Thu, 15 Jun 2023 20:12:22 +0800 +Subject: [PATCH] bcache: Fix __bch_btree_node_alloc to make the failure + behavior consistent +Git-commit: 80fca8a10b604afad6c14213fdfd816c4eda3ee4 +Patch-mainline: v6.5-rc1 +References: git-fixes + +In some specific situations, the return value of __bch_btree_node_alloc +may be NULL. This may lead to a potential NULL pointer dereference in +caller function like a calling chain : +btree_split->bch_btree_node_alloc->__bch_btree_node_alloc. + +Fix it by initializing the return value in __bch_btree_node_alloc. + +Fixes: cafe56359144 ("bcache: A block layer cache") +Cc: stable@vger.kernel.org +Signed-off-by: Zheng Wang +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20230615121223.22502-6-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/btree.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c +index 7c21e54468bf..0ddf91204782 100644 +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -1090,10 +1090,12 @@ struct btree *__bch_btree_node_alloc(struct cache_set *c, struct btree_op *op, + struct btree *parent) + { + BKEY_PADDED(key) k; +- struct btree *b = ERR_PTR(-EAGAIN); ++ struct btree *b; + + mutex_lock(&c->bucket_lock); + retry: ++ /* return ERR_PTR(-EAGAIN) when it fails */ ++ b = ERR_PTR(-EAGAIN); + if (__bch_bucket_alloc_set(c, RESERVE_BTREE, &k.key, wait)) + goto err; + +-- +2.35.3 + diff --git a/patches.suse/bcache-Remove-dead-references-to-cache_readaheads-ccb8.patch b/patches.suse/bcache-Remove-dead-references-to-cache_readaheads-ccb8.patch new file mode 100644 index 0000000..4231bbc --- /dev/null +++ b/patches.suse/bcache-Remove-dead-references-to-cache_readaheads-ccb8.patch @@ -0,0 +1,50 @@ +From ccb8c3bd6d93e7986b702d1f66d5d56d08abc59f Mon Sep 17 00:00:00 2001 +From: Andrea Tomassetti +Date: Thu, 15 Jun 2023 20:12:20 +0800 +Subject: [PATCH] bcache: Remove dead references to cache_readaheads +Git-commit: ccb8c3bd6d93e7986b702d1f66d5d56d08abc59f +Patch-mainline: v6.5-rc1 +References: git-fixes + +The cache_readaheads stat counter is not used anymore and should be +removed. + +Signed-off-by: Andrea Tomassetti +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20230615121223.22502-4-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + Documentation/admin-guide/bcache.rst | 3 --- + drivers/md/bcache/stats.h | 1 - + 2 files changed, 4 deletions(-) + +diff --git a/Documentation/admin-guide/bcache.rst b/Documentation/admin-guide/bcache.rst +index bb5032a99234..6fdb495ac466 100644 +--- a/Documentation/admin-guide/bcache.rst ++++ b/Documentation/admin-guide/bcache.rst +@@ -508,9 +508,6 @@ cache_miss_collisions + cache miss, but raced with a write and data was already present (usually 0 + since the synchronization for cache misses was rewritten) + +-cache_readaheads +- Count of times readahead occurred. +- + Sysfs - cache set + ~~~~~~~~~~~~~~~~~ + +diff --git a/drivers/md/bcache/stats.h b/drivers/md/bcache/stats.h +index bd3afc856d53..21b445f8af15 100644 +--- a/drivers/md/bcache/stats.h ++++ b/drivers/md/bcache/stats.h +@@ -18,7 +18,6 @@ struct cache_stats { + unsigned long cache_misses; + unsigned long cache_bypass_hits; + unsigned long cache_bypass_misses; +- unsigned long cache_readaheads; + unsigned long cache_miss_collisions; + unsigned long sectors_bypassed; + +-- +2.35.3 + diff --git a/patches.suse/bcache-Remove-unnecessary-NULL-point-check-in-node-a-028d.patch b/patches.suse/bcache-Remove-unnecessary-NULL-point-check-in-node-a-028d.patch new file mode 100644 index 0000000..13af5d2 --- /dev/null +++ b/patches.suse/bcache-Remove-unnecessary-NULL-point-check-in-node-a-028d.patch @@ -0,0 +1,99 @@ +From 028ddcac477b691dd9205c92f991cc15259d033e Mon Sep 17 00:00:00 2001 +From: Zheng Wang +Date: Thu, 15 Jun 2023 20:12:21 +0800 +Subject: [PATCH] bcache: Remove unnecessary NULL point check in node + allocations +Git-commit: 028ddcac477b691dd9205c92f991cc15259d033e +Patch-mainline: v6.5-rc1 +References: git-fixes + +Due to the previous fix of __bch_btree_node_alloc, the return value will +never be a NULL pointer. So IS_ERR is enough to handle the failure +situation. Fix it by replacing IS_ERR_OR_NULL check by an IS_ERR check. + +Fixes: cafe56359144 ("bcache: A block layer cache") +Cc: stable@vger.kernel.org +Signed-off-by: Zheng Wang +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20230615121223.22502-5-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/btree.c | 10 +++++----- + drivers/md/bcache/super.c | 4 ++-- + 2 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c +index 147c493a989a..7c21e54468bf 100644 +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -1138,7 +1138,7 @@ static struct btree *btree_node_alloc_replacement(struct btree *b, + { + struct btree *n = bch_btree_node_alloc(b->c, op, b->level, b->parent); + +- if (!IS_ERR_OR_NULL(n)) { ++ if (!IS_ERR(n)) { + mutex_lock(&n->write_lock); + bch_btree_sort_into(&b->keys, &n->keys, &b->c->sort); + bkey_copy_key(&n->key, &b->key); +@@ -1340,7 +1340,7 @@ static int btree_gc_coalesce(struct btree *b, struct btree_op *op, + memset(new_nodes, 0, sizeof(new_nodes)); + closure_init_stack(&cl); + +- while (nodes < GC_MERGE_NODES && !IS_ERR_OR_NULL(r[nodes].b)) ++ while (nodes < GC_MERGE_NODES && !IS_ERR(r[nodes].b)) + keys += r[nodes++].keys; + + blocks = btree_default_blocks(b->c) * 2 / 3; +@@ -1352,7 +1352,7 @@ static int btree_gc_coalesce(struct btree *b, struct btree_op *op, + + for (i = 0; i < nodes; i++) { + new_nodes[i] = btree_node_alloc_replacement(r[i].b, NULL); +- if (IS_ERR_OR_NULL(new_nodes[i])) ++ if (IS_ERR(new_nodes[i])) + goto out_nocoalesce; + } + +@@ -1487,7 +1487,7 @@ static int btree_gc_coalesce(struct btree *b, struct btree_op *op, + bch_keylist_free(&keylist); + + for (i = 0; i < nodes; i++) +- if (!IS_ERR_OR_NULL(new_nodes[i])) { ++ if (!IS_ERR(new_nodes[i])) { + btree_node_free(new_nodes[i]); + rw_unlock(true, new_nodes[i]); + } +@@ -1669,7 +1669,7 @@ static int bch_btree_gc_root(struct btree *b, struct btree_op *op, + if (should_rewrite) { + n = btree_node_alloc_replacement(b, NULL); + +- if (!IS_ERR_OR_NULL(n)) { ++ if (!IS_ERR(n)) { + bch_btree_node_write_sync(n); + + bch_btree_set_root(n); +diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c +index 1f829e74db0a..e2a803683105 100644 +--- a/drivers/md/bcache/super.c ++++ b/drivers/md/bcache/super.c +@@ -1723,7 +1723,7 @@ static void cache_set_flush(struct closure *cl) + if (!IS_ERR_OR_NULL(c->gc_thread)) + kthread_stop(c->gc_thread); + +- if (!IS_ERR_OR_NULL(c->root)) ++ if (!IS_ERR(c->root)) + list_add(&c->root->list, &c->btree_cache); + + /* +@@ -2087,7 +2087,7 @@ static int run_cache_set(struct cache_set *c) + + err = "cannot allocate new btree root"; + c->root = __bch_btree_node_alloc(c, NULL, 0, true, NULL); +- if (IS_ERR_OR_NULL(c->root)) ++ if (IS_ERR(c->root)) + goto err; + + mutex_lock(&c->root->write_lock); +-- +2.35.3 + diff --git a/patches.suse/bcache-add-code-comments-for-bch_btree_node_get-and--31f5.patch b/patches.suse/bcache-add-code-comments-for-bch_btree_node_get-and--31f5.patch new file mode 100644 index 0000000..5bfd443 --- /dev/null +++ b/patches.suse/bcache-add-code-comments-for-bch_btree_node_get-and--31f5.patch @@ -0,0 +1,49 @@ +From 31f5b956a197d4ec25c8a07cb3a2ab69d0c0b82f Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Mon, 20 Nov 2023 13:25:02 +0800 +Subject: [PATCH] bcache: add code comments for bch_btree_node_get() and + __bch_btree_node_alloc() +Git-commit: 31f5b956a197d4ec25c8a07cb3a2ab69d0c0b82f +Patch-mainline: v6.7-rc3 +References: git-fixes + +This patch adds code comments to bch_btree_node_get() and +__bch_btree_node_alloc() that NULL pointer will not be returned and it +is unnecessary to check NULL pointer by the callers of these routines. + +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20231120052503.6122-10-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/btree.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c +index 79f1fa4a0d55..de3019972b35 100644 +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -1000,6 +1000,9 @@ static struct btree *mca_alloc(struct cache_set *c, struct btree_op *op, + * + * The btree node will have either a read or a write lock held, depending on + * level and op->lock. ++ * ++ * Note: Only error code or btree pointer will be returned, it is unncessary ++ * for callers to check NULL pointer. + */ + struct btree *bch_btree_node_get(struct cache_set *c, struct btree_op *op, + struct bkey *k, int level, bool write, +@@ -1111,6 +1114,10 @@ static void btree_node_free(struct btree *b) + mutex_unlock(&b->c->bucket_lock); + } + ++/* ++ * Only error code or btree pointer will be returned, it is unncessary for ++ * callers to check NULL pointer. ++ */ + struct btree *__bch_btree_node_alloc(struct cache_set *c, struct btree_op *op, + int level, bool wait, + struct btree *parent) +-- +2.35.3 + diff --git a/patches.suse/bcache-avoid-NULL-checking-to-c-root-in-run_cache_se-3eba.patch b/patches.suse/bcache-avoid-NULL-checking-to-c-root-in-run_cache_se-3eba.patch new file mode 100644 index 0000000..8e8eaef --- /dev/null +++ b/patches.suse/bcache-avoid-NULL-checking-to-c-root-in-run_cache_se-3eba.patch @@ -0,0 +1,38 @@ +From 3eba5e0b2422aec3c9e79822029599961fdcab97 Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Mon, 20 Nov 2023 13:25:03 +0800 +Subject: [PATCH] bcache: avoid NULL checking to c->root in run_cache_set() +Git-commit: 3eba5e0b2422aec3c9e79822029599961fdcab97 +Patch-mainline: v6.7-rc3 +References: git-fixes + +In run_cache_set() after c->root returned from bch_btree_node_get(), it +is checked by IS_ERR_OR_NULL(). Indeed it is unncessary to check NULL +because bch_btree_node_get() will not return NULL pointer to caller. + +This patch replaces IS_ERR_OR_NULL() by IS_ERR() for the above reason. + +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20231120052503.6122-11-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/super.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c +index c7ecc7058d77..bfe1685dbae5 100644 +--- a/drivers/md/bcache/super.c ++++ b/drivers/md/bcache/super.c +@@ -2018,7 +2018,7 @@ static int run_cache_set(struct cache_set *c) + c->root = bch_btree_node_get(c, NULL, k, + j->btree_level, + true, NULL); +- if (IS_ERR_OR_NULL(c->root)) ++ if (IS_ERR(c->root)) + goto err; + + list_del_init(&c->root->list); +-- +2.35.3 + diff --git a/patches.suse/bcache-avoid-oversize-memory-allocation-by-small-str-baf8.patch b/patches.suse/bcache-avoid-oversize-memory-allocation-by-small-str-baf8.patch new file mode 100644 index 0000000..9fc183b --- /dev/null +++ b/patches.suse/bcache-avoid-oversize-memory-allocation-by-small-str-baf8.patch @@ -0,0 +1,89 @@ +From baf8fb7e0e5ec54ea0839f0c534f2cdcd79bea9c Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Mon, 20 Nov 2023 13:24:54 +0800 +Subject: [PATCH] bcache: avoid oversize memory allocation by small stripe_size +Git-commit: baf8fb7e0e5ec54ea0839f0c534f2cdcd79bea9c +Patch-mainline: v6.7-rc3 +References: git-fixes + +Arraies bcache->stripe_sectors_dirty and bcache->full_dirty_stripes are +used for dirty data writeback, their sizes are decided by backing device +capacity and stripe size. Larger backing device capacity or smaller +stripe size make these two arraies occupies more dynamic memory space. + +Currently bcache->stripe_size is directly inherited from +queue->limits.io_opt of underlying storage device. For normal hard +drives, its limits.io_opt is 0, and bcache sets the corresponding +stripe_size to 1TB (1<<31 sectors), it works fine 10+ years. But for +devices do declare value for queue->limits.io_opt, small stripe_size +(comparing to 1TB) becomes an issue for oversize memory allocations of +bcache->stripe_sectors_dirty and bcache->full_dirty_stripes, while the +capacity of hard drives gets much larger in recent decade. + +For example a raid5 array assembled by three 20TB hardrives, the raid +device capacity is 40TB with typical 512KB limits.io_opt. After the math +calculation in bcache code, these two arraies will occupy 400MB dynamic +memory. Even worse Andrea Tomassetti reports that a 4KB limits.io_opt is +declared on a new 2TB hard drive, then these two arraies request 2GB and +512MB dynamic memory from kzalloc(). The result is that bcache device +always fails to initialize on his system. + +To avoid the oversize memory allocation, bcache->stripe_size should not +directly inherited by queue->limits.io_opt from the underlying device. +This patch defines BCH_MIN_STRIPE_SZ (4MB) as minimal bcache stripe size +and set bcache device's stripe size against the declared limits.io_opt +value from the underlying storage device, +- If the declared limits.io_opt > BCH_MIN_STRIPE_SZ, bcache device will + set its stripe size directly by this limits.io_opt value. +- If the declared limits.io_opt < BCH_MIN_STRIPE_SZ, bcache device will + set its stripe size by a value multiplying limits.io_opt and euqal or + large than BCH_MIN_STRIPE_SZ. + +Then the minimal stripe size of a bcache device will always be >= 4MB. +For a 40TB raid5 device with 512KB limits.io_opt, memory occupied by +bcache->stripe_sectors_dirty and bcache->full_dirty_stripes will be 50MB +in total. For a 2TB hard drive with 4KB limits.io_opt, memory occupied +by these two arraies will be 2.5MB in total. + +Such mount of memory allocated for bcache->stripe_sectors_dirty and +bcache->full_dirty_stripes is reasonable for most of storage devices. + +Reported-by: Andrea Tomassetti +Signed-off-by: Coly Li +Reviewed-by: Eric Wheeler +Link: https://lore.kernel.org/r/20231120052503.6122-2-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/bcache.h | 1 + + drivers/md/bcache/super.c | 2 ++ + 2 files changed, 3 insertions(+) + +diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h +index 05be59ae21b2..6ae2329052c9 100644 +--- a/drivers/md/bcache/bcache.h ++++ b/drivers/md/bcache/bcache.h +@@ -265,6 +265,7 @@ struct bcache_device { + #define BCACHE_DEV_WB_RUNNING 3 + #define BCACHE_DEV_RATE_DW_RUNNING 4 + int nr_stripes; ++#define BCH_MIN_STRIPE_SZ ((4 << 20) >> SECTOR_SHIFT) + unsigned int stripe_size; + atomic_t *stripe_sectors_dirty; + unsigned long *full_dirty_stripes; +diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c +index 8bd899766372..c7ecc7058d77 100644 +--- a/drivers/md/bcache/super.c ++++ b/drivers/md/bcache/super.c +@@ -905,6 +905,8 @@ static int bcache_device_init(struct bcache_device *d, unsigned int block_size, + + if (!d->stripe_size) + d->stripe_size = 1 << 31; ++ else if (d->stripe_size < BCH_MIN_STRIPE_SZ) ++ d->stripe_size = roundup(BCH_MIN_STRIPE_SZ, d->stripe_size); + + n = DIV_ROUND_UP_ULL(sectors, d->stripe_size); + if (!n || n > max_stripes) { +-- +2.35.3 + diff --git a/patches.suse/bcache-bset-Fix-comment-typos-11e5.patch b/patches.suse/bcache-bset-Fix-comment-typos-11e5.patch new file mode 100644 index 0000000..0a27877 --- /dev/null +++ b/patches.suse/bcache-bset-Fix-comment-typos-11e5.patch @@ -0,0 +1,37 @@ +From 11e529ccea33f24af6b54fe10bb3be9c1c48eddb Mon Sep 17 00:00:00 2001 +From: Jules Maselbas +Date: Tue, 20 Sep 2022 00:16:45 +0800 +Subject: [PATCH] bcache: bset: Fix comment typos +Git-commit: 11e529ccea33f24af6b54fe10bb3be9c1c48eddb +Patch-mainline: v6.1-rc1 +References: git-fixes + +Remove the redundant word `by`, correct the typo `creaated`. + +Cc: Kent Overstreet +Cc: linux-bcache@vger.kernel.org +Signed-off-by: Jules Maselbas +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20220919161647.81238-4-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/bset.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/bset.c b/drivers/md/bcache/bset.c +index 94d38e8a59b3..2bba4d6aaaa2 100644 +--- a/drivers/md/bcache/bset.c ++++ b/drivers/md/bcache/bset.c +@@ -1264,7 +1264,7 @@ static void __btree_sort(struct btree_keys *b, struct btree_iter *iter, + * + * Don't worry event 'out' is allocated from mempool, it can + * still be swapped here. Because state->pool is a page mempool +- * creaated by by mempool_init_page_pool(), which allocates ++ * created by mempool_init_page_pool(), which allocates + * pages by alloc_pages() indeed. + */ + +-- +2.35.3 + diff --git a/patches.suse/bcache-check-return-value-from-btree_node_alloc_repl-7779.patch b/patches.suse/bcache-check-return-value-from-btree_node_alloc_repl-7779.patch new file mode 100644 index 0000000..18dd171 --- /dev/null +++ b/patches.suse/bcache-check-return-value-from-btree_node_alloc_repl-7779.patch @@ -0,0 +1,41 @@ +From 777967e7e9f6f5f3e153abffb562bffaf4430d26 Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Mon, 20 Nov 2023 13:24:55 +0800 +Subject: [PATCH] bcache: check return value from + btree_node_alloc_replacement() +Git-commit: 777967e7e9f6f5f3e153abffb562bffaf4430d26 +Patch-mainline: v6.7-rc3 +References: git-fixes + +In btree_gc_rewrite_node(), pointer 'n' is not checked after it returns +from btree_gc_rewrite_node(). There is potential possibility that 'n' is +a non NULL ERR_PTR(), referencing such error code is not permitted in +following code. Therefore a return value checking is necessary after 'n' +is back from btree_node_alloc_replacement(). + +Signed-off-by: Coly Li +Reported-by: Dan Carpenter +Cc: +Link: https://lore.kernel.org/r/20231120052503.6122-3-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/btree.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c +index ae5cbb55861f..de8d552201dc 100644 +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -1532,6 +1532,8 @@ static int btree_gc_rewrite_node(struct btree *b, struct btree_op *op, + return 0; + + n = btree_node_alloc_replacement(replace, NULL); ++ if (IS_ERR(n)) ++ return 0; + + /* recheck reserve after allocating replacement node */ + if (btree_check_reserve(b, NULL)) { +-- +2.35.3 + diff --git a/patches.suse/bcache-fix-NULL-pointer-reference-in-cached_dev_deta-aa97.patch b/patches.suse/bcache-fix-NULL-pointer-reference-in-cached_dev_deta-aa97.patch new file mode 100644 index 0000000..809f8f3 --- /dev/null +++ b/patches.suse/bcache-fix-NULL-pointer-reference-in-cached_dev_deta-aa97.patch @@ -0,0 +1,64 @@ +From aa97f6cdb7e92909e17c8ca63e622fcb81d57a57 Mon Sep 17 00:00:00 2001 +From: Lin Feng +Date: Fri, 12 Nov 2021 13:36:29 +0800 +Subject: [PATCH] bcache: fix NULL pointer reference in + cached_dev_detach_finish +Git-commit: aa97f6cdb7e92909e17c8ca63e622fcb81d57a57 +Patch-mainline: v5.16-rc6 +References: git-fixes + +Commit 0259d4498ba4 ("bcache: move calc_cached_dev_sectors to proper +place on backing device detach") tries to fix calc_cached_dev_sectors +when bcache device detaches, but now we have: + +cached_dev_detach_finish + ... + bcache_device_detach(&dc->disk); + ... + closure_put(&d->c->caching); + d->c = NULL; [*explicitly set dc->disk.c to NULL*] + list_move(&dc->list, &uncached_devices); + calc_cached_dev_sectors(dc->disk.c); [*passing a NULL pointer*] + ... + +Upper codeflows shows how bug happens, this patch fix the problem by +caching dc->disk.c beforehand, and cache_set won't be freed under us +because c->caching closure at least holds a reference count and closure +callback __cache_set_unregister only being called by bch_cache_set_stop +which using closure_queue(&c->caching), that means c->caching closure +callback for destroying cache_set won't be trigger by previous +closure_put(&d->c->caching). +So at this stage(while cached_dev_detach_finish is calling) it's safe to +access cache_set dc->disk.c. + +(Coly Li: rebased for Linux 5.14 based SUSE kernel) + +Fixes: 0259d4498ba4 ("bcache: move calc_cached_dev_sectors to proper place on backing device detach") +Signed-off-by: Lin Feng +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20211112053629.3437-2-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/super.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/md/bcache/super.c ++++ b/drivers/md/bcache/super.c +@@ -1139,6 +1139,7 @@ static void cancel_writeback_rate_update + static void cached_dev_detach_finish(struct work_struct *w) + { + struct cached_dev *dc = container_of(w, struct cached_dev, detach); ++ struct cache_set *c = dc->disk.c; + + BUG_ON(!test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags)); + BUG_ON(refcount_read(&dc->count)); +@@ -1156,7 +1157,7 @@ static void cached_dev_detach_finish(str + + bcache_device_detach(&dc->disk); + list_move(&dc->list, &uncached_devices); +- calc_cached_dev_sectors(dc->disk.c); ++ calc_cached_dev_sectors(c); + + clear_bit(BCACHE_DEV_DETACHING, &dc->disk.flags); + clear_bit(BCACHE_DEV_UNLINK_DONE, &dc->disk.flags); diff --git a/patches.suse/bcache-fix-error-info-in-register_bcache-d55f.patch b/patches.suse/bcache-fix-error-info-in-register_bcache-d55f.patch new file mode 100644 index 0000000..e404a4c --- /dev/null +++ b/patches.suse/bcache-fix-error-info-in-register_bcache-d55f.patch @@ -0,0 +1,63 @@ +From d55f7cb2e5c053010d2b527494da9bbb722a78ba Mon Sep 17 00:00:00 2001 +From: Chao Yu +Date: Wed, 20 Oct 2021 22:38:07 +0800 +Subject: [PATCH] bcache: fix error info in register_bcache() +Git-commit: d55f7cb2e5c053010d2b527494da9bbb722a78ba +Patch-mainline: v5.16-rc1 +References: git-fixes + +In register_bcache(), there are several cases we didn't set +correct error info (return value and/or error message): +- if kzalloc() fails, it needs to return ENOMEM and print +"cannot allocate memory"; +- if register_cache() fails, it's better to propagate its +return value rather than using default EINVAL. + +Signed-off-by: Chao Yu +Reviewed-by: Hannes Reinecke +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20211020143812.6403-4-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/super.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c +index 330d6c167265..62b0140b0a73 100644 +--- a/drivers/md/bcache/super.c ++++ b/drivers/md/bcache/super.c +@@ -2617,8 +2617,11 @@ static ssize_t register_bcache(struct kobject *k, struct kobj_attribute *attr, + if (SB_IS_BDEV(sb)) { + struct cached_dev *dc = kzalloc(sizeof(*dc), GFP_KERNEL); + +- if (!dc) ++ if (!dc) { ++ ret = -ENOMEM; ++ err = "cannot allocate memory"; + goto out_put_sb_page; ++ } + + mutex_lock(&bch_register_lock); + ret = register_bdev(sb, sb_disk, bdev, dc); +@@ -2629,11 +2632,15 @@ static ssize_t register_bcache(struct kobject *k, struct kobj_attribute *attr, + } else { + struct cache *ca = kzalloc(sizeof(*ca), GFP_KERNEL); + +- if (!ca) ++ if (!ca) { ++ ret = -ENOMEM; ++ err = "cannot allocate memory"; + goto out_put_sb_page; ++ } + + /* blkdev_put() will be called in bch_cache_release() */ +- if (register_cache(sb, sb_disk, bdev, ca) != 0) ++ ret = register_cache(sb, sb_disk, bdev, ca); ++ if (ret) + goto out_free_sb; + } + +-- +2.35.3 + diff --git a/patches.suse/bcache-fix-repeated-words-in-comments-6dd3.patch b/patches.suse/bcache-fix-repeated-words-in-comments-6dd3.patch new file mode 100644 index 0000000..bb34b69 --- /dev/null +++ b/patches.suse/bcache-fix-repeated-words-in-comments-6dd3.patch @@ -0,0 +1,35 @@ +From 6dd3be6923eec2c49860e7292e4e2783c74a9dff Mon Sep 17 00:00:00 2001 +From: Jilin Yuan +Date: Tue, 20 Sep 2022 00:16:46 +0800 +Subject: [PATCH] bcache:: fix repeated words in comments +Git-commit: 6dd3be6923eec2c49860e7292e4e2783c74a9dff +Patch-mainline: v6.1-rc1 +References: git-fixes + +Delete the redundant word 'we'. + +Signed-off-by: Jilin Yuan +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20220919161647.81238-5-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/bcache.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h +index 2acda9cea0f9..aebb7ef10e63 100644 +--- a/drivers/md/bcache/bcache.h ++++ b/drivers/md/bcache/bcache.h +@@ -107,7 +107,7 @@ + * + * BTREE NODES: + * +- * Our unit of allocation is a bucket, and we we can't arbitrarily allocate and ++ * Our unit of allocation is a bucket, and we can't arbitrarily allocate and + * free smaller than a bucket - so, that's how big our btree nodes are. + * + * (If buckets are really big we'll only use part of the bucket for a btree node +-- +2.35.3 + diff --git a/patches.suse/bcache-fixup-bcache_dev_sectors_dirty_add-multithrea-7b10.patch b/patches.suse/bcache-fixup-bcache_dev_sectors_dirty_add-multithrea-7b10.patch new file mode 100644 index 0000000..b08e0ff --- /dev/null +++ b/patches.suse/bcache-fixup-bcache_dev_sectors_dirty_add-multithrea-7b10.patch @@ -0,0 +1,67 @@ +From 7b1002f7cfe581930f63787a0b3de0144e61ed55 Mon Sep 17 00:00:00 2001 +From: Mingzhe Zou +Date: Fri, 7 Jan 2022 16:21:13 +0800 +Subject: [PATCH] bcache: fixup bcache_dev_sectors_dirty_add() multithreaded + CPU false sharing +Git-commit: 7b1002f7cfe581930f63787a0b3de0144e61ed55 +Patch-mainline: v5.18-rc1 +References: git-fixes + +When attaching a cached device (a.k.a backing device) to a cache +device, bch_sectors_dirty_init() is called to count dirty sectors +and stripes (see what bcache_dev_sectors_dirty_add() does) on the +cache device. + +When bcache_dev_sectors_dirty_add() is called, set_bit(stripe, +d->full_dirty_stripes) or clear_bit(stripe, d->full_dirty_stripes) +operation will always be performed. In full_dirty_stripes, each 1bit +represents stripe_size (8192) sectors (512B), so 1bit=4MB (8192*512), +and each CPU cache line=64B=512bit=2048MB. When 20 threads process +a cached disk with 100G dirty data, a single thread processes about +23M at a time, and 20 threads total 460M. These full_dirty_stripes +bits corresponding to the 460M data is likely to fall in the same CPU +cache line. When one of these threads performs a set_bit or clear_bit +operation, the same CPU cache line of other threads will become invalid +and must read the full_dirty_stripes from the main memory again. Compared +with single thread, the time of a bcache_dev_sectors_dirty_add() +call is increased by about 50 times in our test (100G dirty data, +20 threads, bcache_dev_sectors_dirty_add() is called more than +20 million times). + +This patch tries to test_bit before set_bit or clear_bit operation. +Therefore, a lot of force set and clear operations will be avoided, +and most of bcache_dev_sectors_dirty_add() calls will only read CPU +cache line. + +Signed-off-by: Mingzhe Zou +Signed-off-by: Coly Li + +--- + drivers/md/bcache/writeback.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c +index d42301e6309d..176461f89f46 100644 +--- a/drivers/md/bcache/writeback.c ++++ b/drivers/md/bcache/writeback.c +@@ -585,10 +585,13 @@ void bcache_dev_sectors_dirty_add(struct cache_set *c, unsigned int inode, + + sectors_dirty = atomic_add_return(s, + d->stripe_sectors_dirty + stripe); +- if (sectors_dirty == d->stripe_size) +- set_bit(stripe, d->full_dirty_stripes); +- else +- clear_bit(stripe, d->full_dirty_stripes); ++ if (sectors_dirty == d->stripe_size) { ++ if (!test_bit(stripe, d->full_dirty_stripes)) ++ set_bit(stripe, d->full_dirty_stripes); ++ } else { ++ if (test_bit(stripe, d->full_dirty_stripes)) ++ clear_bit(stripe, d->full_dirty_stripes); ++ } + + nr_sectors -= s; + stripe_offset = 0; +-- +2.35.3 + diff --git a/patches.suse/bcache-fixup-btree_cache_wait-list-damage-f085.patch b/patches.suse/bcache-fixup-btree_cache_wait-list-damage-f085.patch new file mode 100644 index 0000000..bb46137 --- /dev/null +++ b/patches.suse/bcache-fixup-btree_cache_wait-list-damage-f085.patch @@ -0,0 +1,119 @@ +From f0854489fc07d2456f7cc71a63f4faf9c716ffbe Mon Sep 17 00:00:00 2001 +From: Mingzhe Zou +Date: Thu, 15 Jun 2023 20:12:23 +0800 +Subject: [PATCH] bcache: fixup btree_cache_wait list damage +Git-commit: f0854489fc07d2456f7cc71a63f4faf9c716ffbe +Patch-mainline: v6.5-rc1 +References: git-fixes + +We get a kernel crash about "list_add corruption. next->prev should be +prev (ffff9c801bc01210), but was ffff9c77b688237c. +(next=ffffae586d8afe68)." + +crash> struct list_head 0xffff9c801bc01210 +struct list_head { + next = 0xffffae586d8afe68, + prev = 0xffffae586d8afe68 +} +crash> struct list_head 0xffff9c77b688237c +struct list_head { + next = 0x0, + prev = 0x0 +} +crash> struct list_head 0xffffae586d8afe68 +struct list_head struct: invalid kernel virtual address: ffffae586d8afe68 type: "gdb_readmem_callback" +Cannot access memory at address 0xffffae586d8afe68 + +[230469.019492] Call Trace: +[230469.032041] prepare_to_wait+0x8a/0xb0 +[230469.044363] ? bch_btree_keys_free+0x6c/0xc0 [escache] +[230469.056533] mca_cannibalize_lock+0x72/0x90 [escache] +[230469.068788] mca_alloc+0x2ae/0x450 [escache] +[230469.080790] bch_btree_node_get+0x136/0x2d0 [escache] +[230469.092681] bch_btree_check_thread+0x1e1/0x260 [escache] +[230469.104382] ? finish_wait+0x80/0x80 +[230469.115884] ? bch_btree_check_recurse+0x1a0/0x1a0 [escache] +[230469.127259] kthread+0x112/0x130 +[230469.138448] ? kthread_flush_work_fn+0x10/0x10 +[230469.149477] ret_from_fork+0x35/0x40 + +bch_btree_check_thread() and bch_dirty_init_thread() may call +mca_cannibalize() to cannibalize other cached btree nodes. Only one thread +can do it at a time, so the op of other threads will be added to the +btree_cache_wait list. + +We must call finish_wait() to remove op from btree_cache_wait before free +it's memory address. Otherwise, the list will be damaged. Also should call +bch_cannibalize_unlock() to release the btree_cache_alloc_lock and wake_up +other waiters. + +Fixes: 8e7102273f59 ("bcache: make bch_btree_check() to be multithreaded") +Fixes: b144e45fc576 ("bcache: make bch_sectors_dirty_init() to be multithreaded") +Cc: stable@vger.kernel.org +Signed-off-by: Mingzhe Zou +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20230615121223.22502-7-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/btree.c | 11 ++++++++++- + drivers/md/bcache/btree.h | 1 + + drivers/md/bcache/writeback.c | 10 ++++++++++ + 3 files changed, 21 insertions(+), 1 deletion(-) + +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -885,7 +885,7 @@ static struct btree *mca_cannibalize(str + * cannibalize_bucket() will take. This means every time we unlock the root of + * the btree, we need to release this lock if we have it held. + */ +-static void bch_cannibalize_unlock(struct cache_set *c) ++void bch_cannibalize_unlock(struct cache_set *c) + { + spin_lock(&c->btree_cannibalize_lock); + if (c->btree_cache_alloc_lock == current) { +@@ -1970,6 +1970,15 @@ static int bch_btree_check_thread(void * + c->gc_stats.nodes++; + bch_btree_op_init(&op, 0); + ret = bcache_btree(check_recurse, p, c->root, &op); ++ /* ++ * The op may be added to cache_set's btree_cache_wait ++ * in mca_cannibalize(), must ensure it is removed from ++ * the list and release btree_cache_alloc_lock before ++ * free op memory. ++ * Otherwise, the btree_cache_wait will be damaged. ++ */ ++ bch_cannibalize_unlock(c); ++ finish_wait(&c->btree_cache_wait, &(&op)->wait); + if (ret) + goto out; + } +--- a/drivers/md/bcache/btree.h ++++ b/drivers/md/bcache/btree.h +@@ -282,6 +282,7 @@ void bch_initial_gc_finish(struct cache_ + void bch_moving_gc(struct cache_set *c); + int bch_btree_check(struct cache_set *c); + void bch_initial_mark_key(struct cache_set *c, int level, struct bkey *k); ++void bch_cannibalize_unlock(struct cache_set *c); + + static inline void wake_up_gc(struct cache_set *c) + { +--- a/drivers/md/bcache/writeback.c ++++ b/drivers/md/bcache/writeback.c +@@ -890,6 +890,16 @@ static int bch_root_node_dirty_init(stru + if (ret < 0) + pr_warn("sectors dirty init failed, ret=%d!\n", ret); + ++ /* ++ * The op may be added to cache_set's btree_cache_wait ++ * in mca_cannibalize(), must ensure it is removed from ++ * the list and release btree_cache_alloc_lock before ++ * free op memory. ++ * Otherwise, the btree_cache_wait will be damaged. ++ */ ++ bch_cannibalize_unlock(c); ++ finish_wait(&c->btree_cache_wait, &(&op.op)->wait); ++ + return ret; + } + diff --git a/patches.suse/bcache-fixup-init-dirty-data-errors-7cc4.patch b/patches.suse/bcache-fixup-init-dirty-data-errors-7cc4.patch new file mode 100644 index 0000000..9c71079 --- /dev/null +++ b/patches.suse/bcache-fixup-init-dirty-data-errors-7cc4.patch @@ -0,0 +1,45 @@ +From 7cc47e64d3d69786a2711a4767e26b26ba63d7ed Mon Sep 17 00:00:00 2001 +From: Mingzhe Zou +Date: Mon, 20 Nov 2023 13:24:58 +0800 +Subject: [PATCH] bcache: fixup init dirty data errors +Git-commit: 7cc47e64d3d69786a2711a4767e26b26ba63d7ed +Patch-mainline: v6.7-rc3 +References: git-fixes + +We found that after long run, the dirty_data of the bcache device +will have errors. This error cannot be eliminated unless re-register. + +We also found that reattach after detach, this error can accumulate. + +In bch_sectors_dirty_init(), all inode <= d->id keys will be recounted +again. This is wrong, we only need to count the keys of the current +device. + +(Coly Li: rebased for Linux 5.14 based SUSE kernel) + +Fixes: b144e45fc576 ("bcache: make bch_sectors_dirty_init() to be multithreaded") +Signed-off-by: Mingzhe Zou +Cc: +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20231120052503.6122-6-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/writeback.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/md/bcache/writeback.c ++++ b/drivers/md/bcache/writeback.c +@@ -991,8 +991,11 @@ void bch_sectors_dirty_init(struct bcach + op.count = 0; + + for_each_key_filter(&c->root->keys, +- k, &iter, bch_ptr_invalid) ++ k, &iter, bch_ptr_invalid) { ++ if (KEY_INODE(k) != op.inode) ++ continue; + sectors_dirty_init_fn(&op.op, c->root, k); ++ } + + rw_unlock(0, c->root); + return; diff --git a/patches.suse/bcache-fixup-lock-c-root-error-e348.patch b/patches.suse/bcache-fixup-lock-c-root-error-e348.patch new file mode 100644 index 0000000..544e831 --- /dev/null +++ b/patches.suse/bcache-fixup-lock-c-root-error-e348.patch @@ -0,0 +1,180 @@ +From e34820f984512b433ee1fc291417e60c47d56727 Mon Sep 17 00:00:00 2001 +From: Mingzhe Zou +Date: Mon, 20 Nov 2023 13:24:59 +0800 +Subject: [PATCH] bcache: fixup lock c->root error +Git-commit: e34820f984512b433ee1fc291417e60c47d56727 +Patch-mainline: v6.7-rc3 +References: git-fixes + +We had a problem with io hung because it was waiting for c->root to +release the lock. + +crash> cache_set.root -l cache_set.list ffffa03fde4c0050 + root = 0xffff802ef454c800 +crash> btree -o 0xffff802ef454c800 | grep rw_semaphore + [ffff802ef454c858] struct rw_semaphore lock; +crash> struct rw_semaphore ffff802ef454c858 +struct rw_semaphore { + count = { + counter = -4294967297 + }, + wait_list = { + next = 0xffff00006786fc28, + prev = 0xffff00005d0efac8 + }, + wait_lock = { + raw_lock = { + { + val = { + counter = 0 + }, + { + locked = 0 '\000', + pending = 0 '\000' + }, + { + locked_pending = 0, + tail = 0 + } + } + } + }, + osq = { + tail = { + counter = 0 + } + }, + owner = 0xffffa03fdc586603 +} + +The "counter = -4294967297" means that lock count is -1 and a write lock +is being attempted. Then, we found that there is a btree with a counter +of 1 in btree_cache_freeable. + +crash> cache_set -l cache_set.list ffffa03fde4c0050 -o|grep btree_cache + [ffffa03fde4c1140] struct list_head btree_cache; + [ffffa03fde4c1150] struct list_head btree_cache_freeable; + [ffffa03fde4c1160] struct list_head btree_cache_freed; + [ffffa03fde4c1170] unsigned int btree_cache_used; + [ffffa03fde4c1178] wait_queue_head_t btree_cache_wait; + [ffffa03fde4c1190] struct task_struct *btree_cache_alloc_lock; +crash> list -H ffffa03fde4c1140|wc -l +973 +crash> list -H ffffa03fde4c1150|wc -l +1123 +crash> cache_set.btree_cache_used -l cache_set.list ffffa03fde4c0050 + btree_cache_used = 2097 +crash> list -s btree -l btree.list -H ffffa03fde4c1140|grep -E -A2 "^ lock = {" > btree_cache.txt +crash> list -s btree -l btree.list -H ffffa03fde4c1150|grep -E -A2 "^ lock = {" > btree_cache_freeable.txt +[root@node-3 127.0.0.1-2023-08-04-16:40:28]# pwd +/var/crash/127.0.0.1-2023-08-04-16:40:28 +[root@node-3 127.0.0.1-2023-08-04-16:40:28]# cat btree_cache.txt|grep counter|grep -v "counter = 0" +[root@node-3 127.0.0.1-2023-08-04-16:40:28]# cat btree_cache_freeable.txt|grep counter|grep -v "counter = 0" + counter = 1 + +We found that this is a bug in bch_sectors_dirty_init() when locking c->root: + (1). Thread X has locked c->root(A) write. + (2). Thread Y failed to lock c->root(A), waiting for the lock(c->root A). + (3). Thread X bch_btree_set_root() changes c->root from A to B. + (4). Thread X releases the lock(c->root A). + (5). Thread Y successfully locks c->root(A). + (6). Thread Y releases the lock(c->root B). + + down_write locked ---(1)----------------------┐ + | | + | down_read waiting ---(2)----┐ | + | | ┌-------------┐ ┌-------------┐ + bch_btree_set_root ===(3)========>> | c->root A | | c->root B | + | | └-------------┘ └-------------┘ + up_write ---(4)---------------------┘ | | + | | | + down_read locked ---(5)-----------┘ | + | | + up_read ---(6)-----------------------------┘ + +Since c->root may change, the correct steps to lock c->root should be +the same as bch_root_usage(), compare after locking. + +static unsigned int bch_root_usage(struct cache_set *c) +{ + unsigned int bytes = 0; + struct bkey *k; + struct btree *b; + struct btree_iter iter; + + goto lock_root; + + do { + rw_unlock(false, b); +Lock_root: b = c->root; + rw_lock(false, b, b->level); + } while (b != c->root); + + for_each_key_filter(&b->keys, k, &iter, bch_ptr_bad) + bytes += bkey_bytes(k); + + rw_unlock(false, b); + + return (bytes * 100) / btree_bytes(c); +} + +Fixes: b144e45fc576 ("bcache: make bch_sectors_dirty_init() to be multithreaded") +Signed-off-by: Mingzhe Zou +Cc: +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20231120052503.6122-7-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/writeback.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c +index 77fb72ac6b81..a1d760916246 100644 +--- a/drivers/md/bcache/writeback.c ++++ b/drivers/md/bcache/writeback.c +@@ -977,14 +977,22 @@ static int bch_btre_dirty_init_thread_nr(void) + void bch_sectors_dirty_init(struct bcache_device *d) + { + int i; ++ struct btree *b = NULL; + struct bkey *k = NULL; + struct btree_iter iter; + struct sectors_dirty_init op; + struct cache_set *c = d->c; + struct bch_dirty_init_state state; + ++retry_lock: ++ b = c->root; ++ rw_lock(0, b, b->level); ++ if (b != c->root) { ++ rw_unlock(0, b); ++ goto retry_lock; ++ } ++ + /* Just count root keys if no leaf node */ +- rw_lock(0, c->root, c->root->level); + if (c->root->level == 0) { + bch_btree_op_init(&op.op, -1); + op.inode = d->id; +@@ -997,7 +1005,7 @@ void bch_sectors_dirty_init(struct bcache_device *d) + sectors_dirty_init_fn(&op.op, c->root, k); + } + +- rw_unlock(0, c->root); ++ rw_unlock(0, b); + return; + } + +@@ -1033,7 +1041,7 @@ void bch_sectors_dirty_init(struct bcache_device *d) + out: + /* Must wait for all threads to stop. */ + wait_event(state.wait, atomic_read(&state.started) == 0); +- rw_unlock(0, c->root); ++ rw_unlock(0, b); + } + + void bch_cached_dev_writeback_init(struct cached_dev *dc) +-- +2.35.3 + diff --git a/patches.suse/bcache-fixup-multi-threaded-bch_sectors_dirty_init-w-2faa.patch b/patches.suse/bcache-fixup-multi-threaded-bch_sectors_dirty_init-w-2faa.patch new file mode 100644 index 0000000..3d9ac27 --- /dev/null +++ b/patches.suse/bcache-fixup-multi-threaded-bch_sectors_dirty_init-w-2faa.patch @@ -0,0 +1,129 @@ +From 2faac25d7958c4761bb8cec54adb79f806783ad6 Mon Sep 17 00:00:00 2001 +From: Mingzhe Zou +Date: Mon, 20 Nov 2023 13:25:00 +0800 +Subject: [PATCH] bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up + race +Git-commit: 2faac25d7958c4761bb8cec54adb79f806783ad6 +Patch-mainline: v6.7-rc3 +References: git-fixes + +We get a kernel crash about "unable to handle kernel paging request": + +```dmesg +[368033.032005] BUG: unable to handle kernel paging request at ffffffffad9ae4b5 +[368033.032007] PGD fc3a0d067 P4D fc3a0d067 PUD fc3a0e063 PMD 8000000fc38000e1 +[368033.032012] Oops: 0003 [#1] SMP PTI +[368033.032015] CPU: 23 PID: 55090 Comm: bch_dirtcnt[0] Kdump: loaded Tainted: G OE --------- - - 4.18.0-147.5.1.es8_24.x86_64 #1 +[368033.032017] Hardware name: Tsinghua Tongfang THTF Chaoqiang Server/072T6D, BIOS 2.4.3 01/17/2017 +[368033.032027] RIP: 0010:native_queued_spin_lock_slowpath+0x183/0x1d0 +[368033.032029] Code: 8b 02 48 85 c0 74 f6 48 89 c1 eb d0 c1 e9 12 83 e0 +03 83 e9 01 48 c1 e0 05 48 63 c9 48 05 c0 3d 02 00 48 03 04 cd 60 68 93 +ad <48> 89 10 8b 42 08 85 c0 75 09 f3 90 8b 42 08 85 c0 74 f7 48 8b 02 +[368033.032031] RSP: 0018:ffffbb48852abe00 EFLAGS: 00010082 +[368033.032032] RAX: ffffffffad9ae4b5 RBX: 0000000000000246 RCX: 0000000000003bf3 +[368033.032033] RDX: ffff97b0ff8e3dc0 RSI: 0000000000600000 RDI: ffffbb4884743c68 +[368033.032034] RBP: 0000000000000001 R08: 0000000000000000 R09: 000007ffffffffff +[368033.032035] R10: ffffbb486bb01000 R11: 0000000000000001 R12: ffffffffc068da70 +[368033.032036] R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000 +[368033.032038] FS: 0000000000000000(0000) GS:ffff97b0ff8c0000(0000) knlGS:0000000000000000 +[368033.032039] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[368033.032040] CR2: ffffffffad9ae4b5 CR3: 0000000fc3a0a002 CR4: 00000000003626e0 +[368033.032042] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[368033.032043] bcache: bch_cached_dev_attach() Caching rbd479 as bcache462 on set 8cff3c36-4a76-4242-afaa-7630206bc70b +[368033.032045] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[368033.032046] Call Trace: +[368033.032054] _raw_spin_lock_irqsave+0x32/0x40 +[368033.032061] __wake_up_common_lock+0x63/0xc0 +[368033.032073] ? bch_ptr_invalid+0x10/0x10 [bcache] +[368033.033502] bch_dirty_init_thread+0x14c/0x160 [bcache] +[368033.033511] ? read_dirty_submit+0x60/0x60 [bcache] +[368033.033516] kthread+0x112/0x130 +[368033.033520] ? kthread_flush_work_fn+0x10/0x10 +[368033.034505] ret_from_fork+0x35/0x40 +``` + +The crash occurred when call wake_up(&state->wait), and then we want +to look at the value in the state. However, bch_sectors_dirty_init() +is not found in the stack of any task. Since state is allocated on +the stack, we guess that bch_sectors_dirty_init() has exited, causing +bch_dirty_init_thread() to be unable to handle kernel paging request. + +In order to verify this idea, we added some printing information during +wake_up(&state->wait). We find that "wake up" is printed twice, however +we only expect the last thread to wake up once. + +```dmesg +[ 994.641004] alcache: bch_dirty_init_thread() wake up +[ 994.641018] alcache: bch_dirty_init_thread() wake up +[ 994.641523] alcache: bch_sectors_dirty_init() init exit +``` + +There is a race. If bch_sectors_dirty_init() exits after the first wake +up, the second wake up will trigger this bug("unable to handle kernel +paging request"). + +Proceed as follows: + +bch_sectors_dirty_init + kthread_run ==============> bch_dirty_init_thread(bch_dirtcnt[0]) + ... ... + atomic_inc(&state.started) ... + ... ... + atomic_read(&state.enough) ... + ... atomic_set(&state->enough, 1) + kthread_run ======================================================> bch_dirty_init_thread(bch_dirtcnt[1]) + ... atomic_dec_and_test(&state->started) ... + atomic_inc(&state.started) ... ... + ... wake_up(&state->wait) ... + atomic_read(&state.enough) atomic_dec_and_test(&state->started) + ... ... + wait_event(state.wait, atomic_read(&state.started) == 0) ... + return ... + wake_up(&state->wait) + +We believe it is very common to wake up twice if there is no dirty, but +crash is an extremely low probability event. It's hard for us to reproduce +this issue. We attached and detached continuously for a week, with a total +of more than one million attaches and only one crash. + +Putting atomic_inc(&state.started) before kthread_run() can avoid waking +up twice. + +Fixes: b144e45fc576 ("bcache: make bch_sectors_dirty_init() to be multithreaded") +Signed-off-by: Mingzhe Zou +Cc: +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20231120052503.6122-8-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/writeback.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c +index a1d760916246..3accfdaee6b1 100644 +--- a/drivers/md/bcache/writeback.c ++++ b/drivers/md/bcache/writeback.c +@@ -1025,17 +1025,18 @@ void bch_sectors_dirty_init(struct bcache_device *d) + if (atomic_read(&state.enough)) + break; + ++ atomic_inc(&state.started); + state.infos[i].state = &state; + state.infos[i].thread = + kthread_run(bch_dirty_init_thread, &state.infos[i], + "bch_dirtcnt[%d]", i); + if (IS_ERR(state.infos[i].thread)) { + pr_err("fails to run thread bch_dirty_init[%d]\n", i); ++ atomic_dec(&state.started); + for (--i; i >= 0; i--) + kthread_stop(state.infos[i].thread); + goto out; + } +- atomic_inc(&state.started); + } + + out: +-- +2.35.3 + diff --git a/patches.suse/bcache-move-calc_cached_dev_sectors-to-proper-place--0259.patch b/patches.suse/bcache-move-calc_cached_dev_sectors-to-proper-place--0259.patch new file mode 100644 index 0000000..752e8d6 --- /dev/null +++ b/patches.suse/bcache-move-calc_cached_dev_sectors-to-proper-place--0259.patch @@ -0,0 +1,54 @@ +From 0259d4498ba48454749ecfb9c81e892cdb8d1a32 Mon Sep 17 00:00:00 2001 +From: Lin Feng +Date: Wed, 20 Oct 2021 22:38:08 +0800 +Subject: [PATCH] bcache: move calc_cached_dev_sectors to proper place on + backing device detach +Git-commit: 0259d4498ba48454749ecfb9c81e892cdb8d1a32 +Patch-mainline: v5.16-rc1 +References: git-fixes + +Calculation of cache_set's cached sectors is done by travelling +cached_devs list as shown below: + +static void calc_cached_dev_sectors(struct cache_set *c) +{ +... + list_for_each_entry(dc, &c->cached_devs, list) + sectors += bdev_sectors(dc->bdev); + + c->cached_dev_sectors = sectors; +} + +But cached_dev won't be unlinked from c->cached_devs list until we call +following list_move(&dc->list, &uncached_devices), +so previous fix in 'commit 46010141da6677b81cc77f9b47f8ac62bd1cbfd3 +("bcache: recal cached_dev_sectors on detach")' is wrong, now we move +it to its right place. + +Signed-off-by: Lin Feng +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20211020143812.6403-5-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/super.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c +index 62b0140b0a73..dced2ea17431 100644 +--- a/drivers/md/bcache/super.c ++++ b/drivers/md/bcache/super.c +@@ -1154,9 +1154,9 @@ static void cached_dev_detach_finish(struct work_struct *w) + + mutex_lock(&bch_register_lock); + +- calc_cached_dev_sectors(dc->disk.c); + bcache_device_detach(&dc->disk); + list_move(&dc->list, &uncached_devices); ++ calc_cached_dev_sectors(dc->disk.c); + + clear_bit(BCACHE_DEV_DETACHING, &dc->disk.flags); + clear_bit(BCACHE_DEV_UNLINK_DONE, &dc->disk.flags); +-- +2.35.3 + diff --git a/patches.suse/bcache-move-uapi-header-bcache.h-to-bcache-code-dire-cf21.patch b/patches.suse/bcache-move-uapi-header-bcache.h-to-bcache-code-dire-cf21.patch new file mode 100644 index 0000000..72f0a1b --- /dev/null +++ b/patches.suse/bcache-move-uapi-header-bcache.h-to-bcache-code-dire-cf21.patch @@ -0,0 +1,988 @@ +From cf2197ca4b8c199d188593ca6800ea1827c42171 Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Fri, 29 Oct 2021 14:09:29 +0800 +Subject: [PATCH] bcache: move uapi header bcache.h to bcache code directory +Git-commit: cf2197ca4b8c199d188593ca6800ea1827c42171 +Patch-mainline: v5.16-rc1 +References: git-fixes + +The header file include/uapi/linux/bcache.h is not really a user space +API heaer. This file defines the ondisk format of bcache internal meta +data but no one includes it from user space, bcache-tools has its own +copy of this header with minor modification. + +Therefore, this patch moves include/uapi/linux/bcache.h to bcache code +directory as drivers/md/bcache/bcache_ondisk.h. + +Suggested-by: Arnd Bergmann +Suggested-by: Christoph Hellwig +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20211029060930.119923-2-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/bcache.h | 2 +- + .../uapi/linux/bcache.h => drivers/md/bcache/bcache_ondisk.h | 0 + drivers/md/bcache/bcache.h | 2 + drivers/md/bcache/bcache_ondisk.h | 445 ++++++++++++++++++++++++++++++++++++++ + drivers/md/bcache/bset.h | 2 + drivers/md/bcache/features.c | 2 + drivers/md/bcache/features.h | 3 + include/uapi/linux/bcache.h | 445 -------------------------------------- + 6 files changed, 450 insertions(+), 449 deletions(-) + rename include/uapi/linux/bcache.h => drivers/md/bcache/bcache_ondisk.h (100%) + +--- a/drivers/md/bcache/bcache.h ++++ b/drivers/md/bcache/bcache.h +@@ -178,7 +178,6 @@ + + #define pr_fmt(fmt) "bcache: %s() " fmt, __func__ + +-#include + #include + #include + #include +@@ -190,6 +189,7 @@ + #include + #include + ++#include "bcache_ondisk.h" + #include "bset.h" + #include "util.h" + #include "closure.h" +--- /dev/null ++++ b/drivers/md/bcache/bcache_ondisk.h +@@ -0,0 +1,445 @@ ++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ ++#ifndef _LINUX_BCACHE_H ++#define _LINUX_BCACHE_H ++ ++/* ++ * Bcache on disk data structures ++ */ ++ ++#include ++ ++#define BITMASK(name, type, field, offset, size) \ ++static inline __u64 name(const type *k) \ ++{ return (k->field >> offset) & ~(~0ULL << size); } \ ++ \ ++static inline void SET_##name(type *k, __u64 v) \ ++{ \ ++ k->field &= ~(~(~0ULL << size) << offset); \ ++ k->field |= (v & ~(~0ULL << size)) << offset; \ ++} ++ ++/* Btree keys - all units are in sectors */ ++ ++struct bkey { ++ __u64 high; ++ __u64 low; ++ __u64 ptr[]; ++}; ++ ++#define KEY_FIELD(name, field, offset, size) \ ++ BITMASK(name, struct bkey, field, offset, size) ++ ++#define PTR_FIELD(name, offset, size) \ ++static inline __u64 name(const struct bkey *k, unsigned int i) \ ++{ return (k->ptr[i] >> offset) & ~(~0ULL << size); } \ ++ \ ++static inline void SET_##name(struct bkey *k, unsigned int i, __u64 v) \ ++{ \ ++ k->ptr[i] &= ~(~(~0ULL << size) << offset); \ ++ k->ptr[i] |= (v & ~(~0ULL << size)) << offset; \ ++} ++ ++#define KEY_SIZE_BITS 16 ++#define KEY_MAX_U64S 8 ++ ++KEY_FIELD(KEY_PTRS, high, 60, 3) ++KEY_FIELD(HEADER_SIZE, high, 58, 2) ++KEY_FIELD(KEY_CSUM, high, 56, 2) ++KEY_FIELD(KEY_PINNED, high, 55, 1) ++KEY_FIELD(KEY_DIRTY, high, 36, 1) ++ ++KEY_FIELD(KEY_SIZE, high, 20, KEY_SIZE_BITS) ++KEY_FIELD(KEY_INODE, high, 0, 20) ++ ++/* Next time I change the on disk format, KEY_OFFSET() won't be 64 bits */ ++ ++static inline __u64 KEY_OFFSET(const struct bkey *k) ++{ ++ return k->low; ++} ++ ++static inline void SET_KEY_OFFSET(struct bkey *k, __u64 v) ++{ ++ k->low = v; ++} ++ ++/* ++ * The high bit being set is a relic from when we used it to do binary ++ * searches - it told you where a key started. It's not used anymore, ++ * and can probably be safely dropped. ++ */ ++#define KEY(inode, offset, size) \ ++((struct bkey) { \ ++ .high = (1ULL << 63) | ((__u64) (size) << 20) | (inode), \ ++ .low = (offset) \ ++}) ++ ++#define ZERO_KEY KEY(0, 0, 0) ++ ++#define MAX_KEY_INODE (~(~0 << 20)) ++#define MAX_KEY_OFFSET (~0ULL >> 1) ++#define MAX_KEY KEY(MAX_KEY_INODE, MAX_KEY_OFFSET, 0) ++ ++#define KEY_START(k) (KEY_OFFSET(k) - KEY_SIZE(k)) ++#define START_KEY(k) KEY(KEY_INODE(k), KEY_START(k), 0) ++ ++#define PTR_DEV_BITS 12 ++ ++PTR_FIELD(PTR_DEV, 51, PTR_DEV_BITS) ++PTR_FIELD(PTR_OFFSET, 8, 43) ++PTR_FIELD(PTR_GEN, 0, 8) ++ ++#define PTR_CHECK_DEV ((1 << PTR_DEV_BITS) - 1) ++ ++#define MAKE_PTR(gen, offset, dev) \ ++ ((((__u64) dev) << 51) | ((__u64) offset) << 8 | gen) ++ ++/* Bkey utility code */ ++ ++static inline unsigned long bkey_u64s(const struct bkey *k) ++{ ++ return (sizeof(struct bkey) / sizeof(__u64)) + KEY_PTRS(k); ++} ++ ++static inline unsigned long bkey_bytes(const struct bkey *k) ++{ ++ return bkey_u64s(k) * sizeof(__u64); ++} ++ ++#define bkey_copy(_dest, _src) memcpy(_dest, _src, bkey_bytes(_src)) ++ ++static inline void bkey_copy_key(struct bkey *dest, const struct bkey *src) ++{ ++ SET_KEY_INODE(dest, KEY_INODE(src)); ++ SET_KEY_OFFSET(dest, KEY_OFFSET(src)); ++} ++ ++static inline struct bkey *bkey_next(const struct bkey *k) ++{ ++ __u64 *d = (void *) k; ++ ++ return (struct bkey *) (d + bkey_u64s(k)); ++} ++ ++static inline struct bkey *bkey_idx(const struct bkey *k, unsigned int nr_keys) ++{ ++ __u64 *d = (void *) k; ++ ++ return (struct bkey *) (d + nr_keys); ++} ++/* Enough for a key with 6 pointers */ ++#define BKEY_PAD 8 ++ ++#define BKEY_PADDED(key) \ ++ union { struct bkey key; __u64 key ## _pad[BKEY_PAD]; } ++ ++/* Superblock */ ++ ++/* Version 0: Cache device ++ * Version 1: Backing device ++ * Version 2: Seed pointer into btree node checksum ++ * Version 3: Cache device with new UUID format ++ * Version 4: Backing device with data offset ++ */ ++#define BCACHE_SB_VERSION_CDEV 0 ++#define BCACHE_SB_VERSION_BDEV 1 ++#define BCACHE_SB_VERSION_CDEV_WITH_UUID 3 ++#define BCACHE_SB_VERSION_BDEV_WITH_OFFSET 4 ++#define BCACHE_SB_VERSION_CDEV_WITH_FEATURES 5 ++#define BCACHE_SB_VERSION_BDEV_WITH_FEATURES 6 ++#define BCACHE_SB_MAX_VERSION 6 ++ ++#define SB_SECTOR 8 ++#define SB_OFFSET (SB_SECTOR << SECTOR_SHIFT) ++#define SB_SIZE 4096 ++#define SB_LABEL_SIZE 32 ++#define SB_JOURNAL_BUCKETS 256U ++/* SB_JOURNAL_BUCKETS must be divisible by BITS_PER_LONG */ ++#define MAX_CACHES_PER_SET 8 ++ ++#define BDEV_DATA_START_DEFAULT 16 /* sectors */ ++ ++struct cache_sb_disk { ++ __le64 csum; ++ __le64 offset; /* sector where this sb was written */ ++ __le64 version; ++ ++ __u8 magic[16]; ++ ++ __u8 uuid[16]; ++ union { ++ __u8 set_uuid[16]; ++ __le64 set_magic; ++ }; ++ __u8 label[SB_LABEL_SIZE]; ++ ++ __le64 flags; ++ __le64 seq; ++ ++ __le64 feature_compat; ++ __le64 feature_incompat; ++ __le64 feature_ro_compat; ++ ++ __le64 pad[5]; ++ ++ union { ++ struct { ++ /* Cache devices */ ++ __le64 nbuckets; /* device size */ ++ ++ __le16 block_size; /* sectors */ ++ __le16 bucket_size; /* sectors */ ++ ++ __le16 nr_in_set; ++ __le16 nr_this_dev; ++ }; ++ struct { ++ /* Backing devices */ ++ __le64 data_offset; ++ ++ /* ++ * block_size from the cache device section is still used by ++ * backing devices, so don't add anything here until we fix ++ * things to not need it for backing devices anymore ++ */ ++ }; ++ }; ++ ++ __le32 last_mount; /* time overflow in y2106 */ ++ ++ __le16 first_bucket; ++ union { ++ __le16 njournal_buckets; ++ __le16 keys; ++ }; ++ __le64 d[SB_JOURNAL_BUCKETS]; /* journal buckets */ ++ __le16 obso_bucket_size_hi; /* obsoleted */ ++}; ++ ++/* ++ * This is for in-memory bcache super block. ++ * NOTE: cache_sb is NOT exactly mapping to cache_sb_disk, the member ++ * size, ordering and even whole struct size may be different ++ * from cache_sb_disk. ++ */ ++struct cache_sb { ++ __u64 offset; /* sector where this sb was written */ ++ __u64 version; ++ ++ __u8 magic[16]; ++ ++ __u8 uuid[16]; ++ union { ++ __u8 set_uuid[16]; ++ __u64 set_magic; ++ }; ++ __u8 label[SB_LABEL_SIZE]; ++ ++ __u64 flags; ++ __u64 seq; ++ ++ __u64 feature_compat; ++ __u64 feature_incompat; ++ __u64 feature_ro_compat; ++ ++ union { ++ struct { ++ /* Cache devices */ ++ __u64 nbuckets; /* device size */ ++ ++ __u16 block_size; /* sectors */ ++ __u16 nr_in_set; ++ __u16 nr_this_dev; ++ __u32 bucket_size; /* sectors */ ++ }; ++ struct { ++ /* Backing devices */ ++ __u64 data_offset; ++ ++ /* ++ * block_size from the cache device section is still used by ++ * backing devices, so don't add anything here until we fix ++ * things to not need it for backing devices anymore ++ */ ++ }; ++ }; ++ ++ __u32 last_mount; /* time overflow in y2106 */ ++ ++ __u16 first_bucket; ++ union { ++ __u16 njournal_buckets; ++ __u16 keys; ++ }; ++ __u64 d[SB_JOURNAL_BUCKETS]; /* journal buckets */ ++}; ++ ++static inline _Bool SB_IS_BDEV(const struct cache_sb *sb) ++{ ++ return sb->version == BCACHE_SB_VERSION_BDEV ++ || sb->version == BCACHE_SB_VERSION_BDEV_WITH_OFFSET ++ || sb->version == BCACHE_SB_VERSION_BDEV_WITH_FEATURES; ++} ++ ++BITMASK(CACHE_SYNC, struct cache_sb, flags, 0, 1); ++BITMASK(CACHE_DISCARD, struct cache_sb, flags, 1, 1); ++BITMASK(CACHE_REPLACEMENT, struct cache_sb, flags, 2, 3); ++#define CACHE_REPLACEMENT_LRU 0U ++#define CACHE_REPLACEMENT_FIFO 1U ++#define CACHE_REPLACEMENT_RANDOM 2U ++ ++BITMASK(BDEV_CACHE_MODE, struct cache_sb, flags, 0, 4); ++#define CACHE_MODE_WRITETHROUGH 0U ++#define CACHE_MODE_WRITEBACK 1U ++#define CACHE_MODE_WRITEAROUND 2U ++#define CACHE_MODE_NONE 3U ++BITMASK(BDEV_STATE, struct cache_sb, flags, 61, 2); ++#define BDEV_STATE_NONE 0U ++#define BDEV_STATE_CLEAN 1U ++#define BDEV_STATE_DIRTY 2U ++#define BDEV_STATE_STALE 3U ++ ++/* ++ * Magic numbers ++ * ++ * The various other data structures have their own magic numbers, which are ++ * xored with the first part of the cache set's UUID ++ */ ++ ++#define JSET_MAGIC 0x245235c1a3625032ULL ++#define PSET_MAGIC 0x6750e15f87337f91ULL ++#define BSET_MAGIC 0x90135c78b99e07f5ULL ++ ++static inline __u64 jset_magic(struct cache_sb *sb) ++{ ++ return sb->set_magic ^ JSET_MAGIC; ++} ++ ++static inline __u64 pset_magic(struct cache_sb *sb) ++{ ++ return sb->set_magic ^ PSET_MAGIC; ++} ++ ++static inline __u64 bset_magic(struct cache_sb *sb) ++{ ++ return sb->set_magic ^ BSET_MAGIC; ++} ++ ++/* ++ * Journal ++ * ++ * On disk format for a journal entry: ++ * seq is monotonically increasing; every journal entry has its own unique ++ * sequence number. ++ * ++ * last_seq is the oldest journal entry that still has keys the btree hasn't ++ * flushed to disk yet. ++ * ++ * version is for on disk format changes. ++ */ ++ ++#define BCACHE_JSET_VERSION_UUIDv1 1 ++#define BCACHE_JSET_VERSION_UUID 1 /* Always latest UUID format */ ++#define BCACHE_JSET_VERSION 1 ++ ++struct jset { ++ __u64 csum; ++ __u64 magic; ++ __u64 seq; ++ __u32 version; ++ __u32 keys; ++ ++ __u64 last_seq; ++ ++ BKEY_PADDED(uuid_bucket); ++ BKEY_PADDED(btree_root); ++ __u16 btree_level; ++ __u16 pad[3]; ++ ++ __u64 prio_bucket[MAX_CACHES_PER_SET]; ++ ++ union { ++ struct bkey start[0]; ++ __u64 d[0]; ++ }; ++}; ++ ++/* Bucket prios/gens */ ++ ++struct prio_set { ++ __u64 csum; ++ __u64 magic; ++ __u64 seq; ++ __u32 version; ++ __u32 pad; ++ ++ __u64 next_bucket; ++ ++ struct bucket_disk { ++ __u16 prio; ++ __u8 gen; ++ } __attribute((packed)) data[]; ++}; ++ ++/* UUIDS - per backing device/flash only volume metadata */ ++ ++struct uuid_entry { ++ union { ++ struct { ++ __u8 uuid[16]; ++ __u8 label[32]; ++ __u32 first_reg; /* time overflow in y2106 */ ++ __u32 last_reg; ++ __u32 invalidated; ++ ++ __u32 flags; ++ /* Size of flash only volumes */ ++ __u64 sectors; ++ }; ++ ++ __u8 pad[128]; ++ }; ++}; ++ ++BITMASK(UUID_FLASH_ONLY, struct uuid_entry, flags, 0, 1); ++ ++/* Btree nodes */ ++ ++/* Version 1: Seed pointer into btree node checksum ++ */ ++#define BCACHE_BSET_CSUM 1 ++#define BCACHE_BSET_VERSION 1 ++ ++/* ++ * Btree nodes ++ * ++ * On disk a btree node is a list/log of these; within each set the keys are ++ * sorted ++ */ ++struct bset { ++ __u64 csum; ++ __u64 magic; ++ __u64 seq; ++ __u32 version; ++ __u32 keys; ++ ++ union { ++ struct bkey start[0]; ++ __u64 d[0]; ++ }; ++}; ++ ++/* OBSOLETE */ ++ ++/* UUIDS - per backing device/flash only volume metadata */ ++ ++struct uuid_entry_v0 { ++ __u8 uuid[16]; ++ __u8 label[32]; ++ __u32 first_reg; ++ __u32 last_reg; ++ __u32 invalidated; ++ __u32 pad; ++}; ++ ++#endif /* _LINUX_BCACHE_H */ +--- a/drivers/md/bcache/bset.h ++++ b/drivers/md/bcache/bset.h +@@ -2,10 +2,10 @@ + #ifndef _BCACHE_BSET_H + #define _BCACHE_BSET_H + +-#include + #include + #include + ++#include "bcache_ondisk.h" + #include "util.h" /* for time_stats */ + + /* +--- a/drivers/md/bcache/features.c ++++ b/drivers/md/bcache/features.c +@@ -6,7 +6,7 @@ + * Copyright 2020 Coly Li + * + */ +-#include ++#include "bcache_ondisk.h" + #include "bcache.h" + #include "features.h" + +--- a/drivers/md/bcache/features.h ++++ b/drivers/md/bcache/features.h +@@ -2,10 +2,11 @@ + #ifndef _BCACHE_FEATURES_H + #define _BCACHE_FEATURES_H + +-#include + #include + #include + ++#include "bcache_ondisk.h" ++ + #define BCH_FEATURE_COMPAT 0 + #define BCH_FEATURE_RO_COMPAT 1 + #define BCH_FEATURE_INCOMPAT 2 +--- a/include/uapi/linux/bcache.h ++++ /dev/null +@@ -1,445 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +-#ifndef _LINUX_BCACHE_H +-#define _LINUX_BCACHE_H +- +-/* +- * Bcache on disk data structures +- */ +- +-#include +- +-#define BITMASK(name, type, field, offset, size) \ +-static inline __u64 name(const type *k) \ +-{ return (k->field >> offset) & ~(~0ULL << size); } \ +- \ +-static inline void SET_##name(type *k, __u64 v) \ +-{ \ +- k->field &= ~(~(~0ULL << size) << offset); \ +- k->field |= (v & ~(~0ULL << size)) << offset; \ +-} +- +-/* Btree keys - all units are in sectors */ +- +-struct bkey { +- __u64 high; +- __u64 low; +- __u64 ptr[]; +-}; +- +-#define KEY_FIELD(name, field, offset, size) \ +- BITMASK(name, struct bkey, field, offset, size) +- +-#define PTR_FIELD(name, offset, size) \ +-static inline __u64 name(const struct bkey *k, unsigned int i) \ +-{ return (k->ptr[i] >> offset) & ~(~0ULL << size); } \ +- \ +-static inline void SET_##name(struct bkey *k, unsigned int i, __u64 v) \ +-{ \ +- k->ptr[i] &= ~(~(~0ULL << size) << offset); \ +- k->ptr[i] |= (v & ~(~0ULL << size)) << offset; \ +-} +- +-#define KEY_SIZE_BITS 16 +-#define KEY_MAX_U64S 8 +- +-KEY_FIELD(KEY_PTRS, high, 60, 3) +-KEY_FIELD(HEADER_SIZE, high, 58, 2) +-KEY_FIELD(KEY_CSUM, high, 56, 2) +-KEY_FIELD(KEY_PINNED, high, 55, 1) +-KEY_FIELD(KEY_DIRTY, high, 36, 1) +- +-KEY_FIELD(KEY_SIZE, high, 20, KEY_SIZE_BITS) +-KEY_FIELD(KEY_INODE, high, 0, 20) +- +-/* Next time I change the on disk format, KEY_OFFSET() won't be 64 bits */ +- +-static inline __u64 KEY_OFFSET(const struct bkey *k) +-{ +- return k->low; +-} +- +-static inline void SET_KEY_OFFSET(struct bkey *k, __u64 v) +-{ +- k->low = v; +-} +- +-/* +- * The high bit being set is a relic from when we used it to do binary +- * searches - it told you where a key started. It's not used anymore, +- * and can probably be safely dropped. +- */ +-#define KEY(inode, offset, size) \ +-((struct bkey) { \ +- .high = (1ULL << 63) | ((__u64) (size) << 20) | (inode), \ +- .low = (offset) \ +-}) +- +-#define ZERO_KEY KEY(0, 0, 0) +- +-#define MAX_KEY_INODE (~(~0 << 20)) +-#define MAX_KEY_OFFSET (~0ULL >> 1) +-#define MAX_KEY KEY(MAX_KEY_INODE, MAX_KEY_OFFSET, 0) +- +-#define KEY_START(k) (KEY_OFFSET(k) - KEY_SIZE(k)) +-#define START_KEY(k) KEY(KEY_INODE(k), KEY_START(k), 0) +- +-#define PTR_DEV_BITS 12 +- +-PTR_FIELD(PTR_DEV, 51, PTR_DEV_BITS) +-PTR_FIELD(PTR_OFFSET, 8, 43) +-PTR_FIELD(PTR_GEN, 0, 8) +- +-#define PTR_CHECK_DEV ((1 << PTR_DEV_BITS) - 1) +- +-#define MAKE_PTR(gen, offset, dev) \ +- ((((__u64) dev) << 51) | ((__u64) offset) << 8 | gen) +- +-/* Bkey utility code */ +- +-static inline unsigned long bkey_u64s(const struct bkey *k) +-{ +- return (sizeof(struct bkey) / sizeof(__u64)) + KEY_PTRS(k); +-} +- +-static inline unsigned long bkey_bytes(const struct bkey *k) +-{ +- return bkey_u64s(k) * sizeof(__u64); +-} +- +-#define bkey_copy(_dest, _src) memcpy(_dest, _src, bkey_bytes(_src)) +- +-static inline void bkey_copy_key(struct bkey *dest, const struct bkey *src) +-{ +- SET_KEY_INODE(dest, KEY_INODE(src)); +- SET_KEY_OFFSET(dest, KEY_OFFSET(src)); +-} +- +-static inline struct bkey *bkey_next(const struct bkey *k) +-{ +- __u64 *d = (void *) k; +- +- return (struct bkey *) (d + bkey_u64s(k)); +-} +- +-static inline struct bkey *bkey_idx(const struct bkey *k, unsigned int nr_keys) +-{ +- __u64 *d = (void *) k; +- +- return (struct bkey *) (d + nr_keys); +-} +-/* Enough for a key with 6 pointers */ +-#define BKEY_PAD 8 +- +-#define BKEY_PADDED(key) \ +- union { struct bkey key; __u64 key ## _pad[BKEY_PAD]; } +- +-/* Superblock */ +- +-/* Version 0: Cache device +- * Version 1: Backing device +- * Version 2: Seed pointer into btree node checksum +- * Version 3: Cache device with new UUID format +- * Version 4: Backing device with data offset +- */ +-#define BCACHE_SB_VERSION_CDEV 0 +-#define BCACHE_SB_VERSION_BDEV 1 +-#define BCACHE_SB_VERSION_CDEV_WITH_UUID 3 +-#define BCACHE_SB_VERSION_BDEV_WITH_OFFSET 4 +-#define BCACHE_SB_VERSION_CDEV_WITH_FEATURES 5 +-#define BCACHE_SB_VERSION_BDEV_WITH_FEATURES 6 +-#define BCACHE_SB_MAX_VERSION 6 +- +-#define SB_SECTOR 8 +-#define SB_OFFSET (SB_SECTOR << SECTOR_SHIFT) +-#define SB_SIZE 4096 +-#define SB_LABEL_SIZE 32 +-#define SB_JOURNAL_BUCKETS 256U +-/* SB_JOURNAL_BUCKETS must be divisible by BITS_PER_LONG */ +-#define MAX_CACHES_PER_SET 8 +- +-#define BDEV_DATA_START_DEFAULT 16 /* sectors */ +- +-struct cache_sb_disk { +- __le64 csum; +- __le64 offset; /* sector where this sb was written */ +- __le64 version; +- +- __u8 magic[16]; +- +- __u8 uuid[16]; +- union { +- __u8 set_uuid[16]; +- __le64 set_magic; +- }; +- __u8 label[SB_LABEL_SIZE]; +- +- __le64 flags; +- __le64 seq; +- +- __le64 feature_compat; +- __le64 feature_incompat; +- __le64 feature_ro_compat; +- +- __le64 pad[5]; +- +- union { +- struct { +- /* Cache devices */ +- __le64 nbuckets; /* device size */ +- +- __le16 block_size; /* sectors */ +- __le16 bucket_size; /* sectors */ +- +- __le16 nr_in_set; +- __le16 nr_this_dev; +- }; +- struct { +- /* Backing devices */ +- __le64 data_offset; +- +- /* +- * block_size from the cache device section is still used by +- * backing devices, so don't add anything here until we fix +- * things to not need it for backing devices anymore +- */ +- }; +- }; +- +- __le32 last_mount; /* time overflow in y2106 */ +- +- __le16 first_bucket; +- union { +- __le16 njournal_buckets; +- __le16 keys; +- }; +- __le64 d[SB_JOURNAL_BUCKETS]; /* journal buckets */ +- __le16 obso_bucket_size_hi; /* obsoleted */ +-}; +- +-/* +- * This is for in-memory bcache super block. +- * NOTE: cache_sb is NOT exactly mapping to cache_sb_disk, the member +- * size, ordering and even whole struct size may be different +- * from cache_sb_disk. +- */ +-struct cache_sb { +- __u64 offset; /* sector where this sb was written */ +- __u64 version; +- +- __u8 magic[16]; +- +- __u8 uuid[16]; +- union { +- __u8 set_uuid[16]; +- __u64 set_magic; +- }; +- __u8 label[SB_LABEL_SIZE]; +- +- __u64 flags; +- __u64 seq; +- +- __u64 feature_compat; +- __u64 feature_incompat; +- __u64 feature_ro_compat; +- +- union { +- struct { +- /* Cache devices */ +- __u64 nbuckets; /* device size */ +- +- __u16 block_size; /* sectors */ +- __u16 nr_in_set; +- __u16 nr_this_dev; +- __u32 bucket_size; /* sectors */ +- }; +- struct { +- /* Backing devices */ +- __u64 data_offset; +- +- /* +- * block_size from the cache device section is still used by +- * backing devices, so don't add anything here until we fix +- * things to not need it for backing devices anymore +- */ +- }; +- }; +- +- __u32 last_mount; /* time overflow in y2106 */ +- +- __u16 first_bucket; +- union { +- __u16 njournal_buckets; +- __u16 keys; +- }; +- __u64 d[SB_JOURNAL_BUCKETS]; /* journal buckets */ +-}; +- +-static inline _Bool SB_IS_BDEV(const struct cache_sb *sb) +-{ +- return sb->version == BCACHE_SB_VERSION_BDEV +- || sb->version == BCACHE_SB_VERSION_BDEV_WITH_OFFSET +- || sb->version == BCACHE_SB_VERSION_BDEV_WITH_FEATURES; +-} +- +-BITMASK(CACHE_SYNC, struct cache_sb, flags, 0, 1); +-BITMASK(CACHE_DISCARD, struct cache_sb, flags, 1, 1); +-BITMASK(CACHE_REPLACEMENT, struct cache_sb, flags, 2, 3); +-#define CACHE_REPLACEMENT_LRU 0U +-#define CACHE_REPLACEMENT_FIFO 1U +-#define CACHE_REPLACEMENT_RANDOM 2U +- +-BITMASK(BDEV_CACHE_MODE, struct cache_sb, flags, 0, 4); +-#define CACHE_MODE_WRITETHROUGH 0U +-#define CACHE_MODE_WRITEBACK 1U +-#define CACHE_MODE_WRITEAROUND 2U +-#define CACHE_MODE_NONE 3U +-BITMASK(BDEV_STATE, struct cache_sb, flags, 61, 2); +-#define BDEV_STATE_NONE 0U +-#define BDEV_STATE_CLEAN 1U +-#define BDEV_STATE_DIRTY 2U +-#define BDEV_STATE_STALE 3U +- +-/* +- * Magic numbers +- * +- * The various other data structures have their own magic numbers, which are +- * xored with the first part of the cache set's UUID +- */ +- +-#define JSET_MAGIC 0x245235c1a3625032ULL +-#define PSET_MAGIC 0x6750e15f87337f91ULL +-#define BSET_MAGIC 0x90135c78b99e07f5ULL +- +-static inline __u64 jset_magic(struct cache_sb *sb) +-{ +- return sb->set_magic ^ JSET_MAGIC; +-} +- +-static inline __u64 pset_magic(struct cache_sb *sb) +-{ +- return sb->set_magic ^ PSET_MAGIC; +-} +- +-static inline __u64 bset_magic(struct cache_sb *sb) +-{ +- return sb->set_magic ^ BSET_MAGIC; +-} +- +-/* +- * Journal +- * +- * On disk format for a journal entry: +- * seq is monotonically increasing; every journal entry has its own unique +- * sequence number. +- * +- * last_seq is the oldest journal entry that still has keys the btree hasn't +- * flushed to disk yet. +- * +- * version is for on disk format changes. +- */ +- +-#define BCACHE_JSET_VERSION_UUIDv1 1 +-#define BCACHE_JSET_VERSION_UUID 1 /* Always latest UUID format */ +-#define BCACHE_JSET_VERSION 1 +- +-struct jset { +- __u64 csum; +- __u64 magic; +- __u64 seq; +- __u32 version; +- __u32 keys; +- +- __u64 last_seq; +- +- BKEY_PADDED(uuid_bucket); +- BKEY_PADDED(btree_root); +- __u16 btree_level; +- __u16 pad[3]; +- +- __u64 prio_bucket[MAX_CACHES_PER_SET]; +- +- union { +- struct bkey start[0]; +- __u64 d[0]; +- }; +-}; +- +-/* Bucket prios/gens */ +- +-struct prio_set { +- __u64 csum; +- __u64 magic; +- __u64 seq; +- __u32 version; +- __u32 pad; +- +- __u64 next_bucket; +- +- struct bucket_disk { +- __u16 prio; +- __u8 gen; +- } __attribute((packed)) data[]; +-}; +- +-/* UUIDS - per backing device/flash only volume metadata */ +- +-struct uuid_entry { +- union { +- struct { +- __u8 uuid[16]; +- __u8 label[32]; +- __u32 first_reg; /* time overflow in y2106 */ +- __u32 last_reg; +- __u32 invalidated; +- +- __u32 flags; +- /* Size of flash only volumes */ +- __u64 sectors; +- }; +- +- __u8 pad[128]; +- }; +-}; +- +-BITMASK(UUID_FLASH_ONLY, struct uuid_entry, flags, 0, 1); +- +-/* Btree nodes */ +- +-/* Version 1: Seed pointer into btree node checksum +- */ +-#define BCACHE_BSET_CSUM 1 +-#define BCACHE_BSET_VERSION 1 +- +-/* +- * Btree nodes +- * +- * On disk a btree node is a list/log of these; within each set the keys are +- * sorted +- */ +-struct bset { +- __u64 csum; +- __u64 magic; +- __u64 seq; +- __u32 version; +- __u32 keys; +- +- union { +- struct bkey start[0]; +- __u64 d[0]; +- }; +-}; +- +-/* OBSOLETE */ +- +-/* UUIDS - per backing device/flash only volume metadata */ +- +-struct uuid_entry_v0 { +- __u8 uuid[16]; +- __u8 label[32]; +- __u32 first_reg; +- __u32 last_reg; +- __u32 invalidated; +- __u32 pad; +-}; +- +-#endif /* _LINUX_BCACHE_H */ diff --git a/patches.suse/bcache-prevent-potential-division-by-zero-error-2c7f.patch b/patches.suse/bcache-prevent-potential-division-by-zero-error-2c7f.patch new file mode 100644 index 0000000..2bb30f1 --- /dev/null +++ b/patches.suse/bcache-prevent-potential-division-by-zero-error-2c7f.patch @@ -0,0 +1,57 @@ +From 2c7f497ac274a14330208b18f6f734000868ebf9 Mon Sep 17 00:00:00 2001 +From: Rand Deeb +Date: Mon, 20 Nov 2023 13:24:57 +0800 +Subject: [PATCH] bcache: prevent potential division by zero error +Git-commit: 2c7f497ac274a14330208b18f6f734000868ebf9 +Patch-mainline: v6.7-rc3 +References: git-fixes + +In SHOW(), the variable 'n' is of type 'size_t.' While there is a +conditional check to verify that 'n' is not equal to zero before +executing the 'do_div' macro, concerns arise regarding potential +division by zero error in 64-bit environments. + +The concern arises when 'n' is 64 bits in size, greater than zero, and +the lower 32 bits of it are zeros. In such cases, the conditional check +passes because 'n' is non-zero, but the 'do_div' macro casts 'n' to +'uint32_t,' effectively truncating it to its lower 32 bits. +Consequently, the 'n' value becomes zero. + +To fix this potential division by zero error and ensure precise +division handling, this commit replaces the 'do_div' macro with +div64_u64(). div64_u64() is designed to work with 64-bit operands, +guaranteeing that division is performed correctly. + +This change enhances the robustness of the code, ensuring that division +operations yield accurate results in all scenarios, eliminating the +possibility of division by zero, and improving compatibility across +different 64-bit environments. + +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +Signed-off-by: Rand Deeb +Cc: +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20231120052503.6122-5-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/sysfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c +index 45d8af755de6..a438efb66069 100644 +--- a/drivers/md/bcache/sysfs.c ++++ b/drivers/md/bcache/sysfs.c +@@ -1104,7 +1104,7 @@ SHOW(__bch_cache) + sum += INITIAL_PRIO - cached[i]; + + if (n) +- do_div(sum, n); ++ sum = div64_u64(sum, n); + + for (i = 0; i < ARRAY_SIZE(q); i++) + q[i] = INITIAL_PRIO - cached[n * (i + 1) / +-- +2.35.3 + diff --git a/patches.suse/bcache-remove-EXPERIMENTAL-for-Kconfig-option-Asynch-640c.patch b/patches.suse/bcache-remove-EXPERIMENTAL-for-Kconfig-option-Asynch-640c.patch new file mode 100644 index 0000000..8e9bd1c --- /dev/null +++ b/patches.suse/bcache-remove-EXPERIMENTAL-for-Kconfig-option-Asynch-640c.patch @@ -0,0 +1,43 @@ +From 640c46a21f89364f04445cdd43b61eb46bd49b5d Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Tue, 19 Jul 2022 12:27:24 +0800 +Subject: [PATCH] bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous + device registration' +Git-commit: 640c46a21f89364f04445cdd43b61eb46bd49b5d +Patch-mainline: v6.0-rc1 +References: git-fixes + +The "Asynchronous device registration (EXPERIMENTAL)" Kconfig option is +for 2+ years, it is used when registration takes too much time for +massive amount of cached data, to avoid udev task timeout during boot +time. + +Many users and products enable this Kconfig option for quite long time +(e.g. SUSE Linux) and it works as expected and no issue reported. + +It is time to remove the "EXPERIMENTAL" tag from this Kconfig item. + +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20220719042724.8498-2-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/Kconfig b/drivers/md/bcache/Kconfig +index cf3e8096942a..529c9d04e9a4 100644 +--- a/drivers/md/bcache/Kconfig ++++ b/drivers/md/bcache/Kconfig +@@ -29,7 +29,7 @@ config BCACHE_CLOSURES_DEBUG + operations that get stuck. + + config BCACHE_ASYNC_REGISTRATION +- bool "Asynchronous device registration (EXPERIMENTAL)" ++ bool "Asynchronous device registration" + depends on BCACHE + help + Add a sysfs file /sys/fs/bcache/register_async. Writing registering +-- +2.35.3 + diff --git a/patches.suse/bcache-remove-bch_crc64_update-39fa.patch b/patches.suse/bcache-remove-bch_crc64_update-39fa.patch new file mode 100644 index 0000000..cafb871 --- /dev/null +++ b/patches.suse/bcache-remove-bch_crc64_update-39fa.patch @@ -0,0 +1,69 @@ +From 39fa7a95552cc851029267b97c1317f1dea61cad Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Wed, 20 Oct 2021 22:38:12 +0800 +Subject: [PATCH] bcache: remove bch_crc64_update +Git-commit: 39fa7a95552cc851029267b97c1317f1dea61cad +Patch-mainline: v5.16-rc1 +References: git-fixes + +bch_crc64_update is an entirely pointless wrapper around crc64_be. + +Signed-off-by: Christoph Hellwig +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20211020143812.6403-9-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/btree.c | 2 +- + drivers/md/bcache/request.c | 2 +- + drivers/md/bcache/util.h | 8 -------- + 3 files changed, 2 insertions(+), 10 deletions(-) + +diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c +index 0595559de174..93b67b8d31c3 100644 +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -141,7 +141,7 @@ static uint64_t btree_csum_set(struct btree *b, struct bset *i) + uint64_t crc = b->key.ptr[0]; + void *data = (void *) i + 8, *end = bset_bkey_last(i); + +- crc = bch_crc64_update(crc, data, end - data); ++ crc = crc64_be(crc, data, end - data); + return crc ^ 0xffffffffffffffffULL; + } + +diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c +index f86909a66ac6..d15aae6c51c1 100644 +--- a/drivers/md/bcache/request.c ++++ b/drivers/md/bcache/request.c +@@ -46,7 +46,7 @@ static void bio_csum(struct bio *bio, struct bkey *k) + bio_for_each_segment(bv, bio, iter) { + void *d = kmap(bv.bv_page) + bv.bv_offset; + +- csum = bch_crc64_update(csum, d, bv.bv_len); ++ csum = crc64_be(csum, d, bv.bv_len); + kunmap(bv.bv_page); + } + +diff --git a/drivers/md/bcache/util.h b/drivers/md/bcache/util.h +index b64460a76267..6274d6a17e5e 100644 +--- a/drivers/md/bcache/util.h ++++ b/drivers/md/bcache/util.h +@@ -548,14 +548,6 @@ static inline uint64_t bch_crc64(const void *p, size_t len) + return crc ^ 0xffffffffffffffffULL; + } + +-static inline uint64_t bch_crc64_update(uint64_t crc, +- const void *p, +- size_t len) +-{ +- crc = crc64_be(crc, p, len); +- return crc; +-} +- + /* + * A stepwise-linear pseudo-exponential. This returns 1 << (x >> + * frac_bits), with the less-significant bits filled in by linear +-- +2.35.3 + diff --git a/patches.suse/bcache-remove-redundant-assignment-to-variable-cur_i-be93.patch b/patches.suse/bcache-remove-redundant-assignment-to-variable-cur_i-be93.patch new file mode 100644 index 0000000..399624b --- /dev/null +++ b/patches.suse/bcache-remove-redundant-assignment-to-variable-cur_i-be93.patch @@ -0,0 +1,41 @@ +From be93825f0e6428c2d3f03a6e4d447dc48d33d7ff Mon Sep 17 00:00:00 2001 +From: Colin Ian King +Date: Mon, 20 Nov 2023 13:24:56 +0800 +Subject: [PATCH] bcache: remove redundant assignment to variable cur_idx +Git-commit: be93825f0e6428c2d3f03a6e4d447dc48d33d7ff +Patch-mainline: v6.7-rc3 +References: git-fixes + +Variable cur_idx is being initialized with a value that is never read, +it is being re-assigned later in a while-loop. Remove the redundant +assignment. Cleans up clang scan build warning: + +drivers/md/bcache/writeback.c:916:2: warning: Value stored to 'cur_idx' +is never read [deadcode.DeadStores] + +Signed-off-by: Colin Ian King +Reviewed-by: Coly Li +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20231120052503.6122-4-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/writeback.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c +index 24c049067f61..c3e872e0a6f2 100644 +--- a/drivers/md/bcache/writeback.c ++++ b/drivers/md/bcache/writeback.c +@@ -913,7 +913,7 @@ static int bch_dirty_init_thread(void *arg) + int cur_idx, prev_idx, skip_nr; + + k = p = NULL; +- cur_idx = prev_idx = 0; ++ prev_idx = 0; + + bch_btree_iter_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); +-- +2.35.3 + diff --git a/patches.suse/bcache-remove-the-backing_dev_name-field-from-struct-0f5c.patch b/patches.suse/bcache-remove-the-backing_dev_name-field-from-struct-0f5c.patch new file mode 100644 index 0000000..55286ef --- /dev/null +++ b/patches.suse/bcache-remove-the-backing_dev_name-field-from-struct-0f5c.patch @@ -0,0 +1,262 @@ +From 0f5cd7815f7f4bb1dd340a9aeb9b9d6a7c7eec22 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Wed, 20 Oct 2021 22:38:10 +0800 +Subject: [PATCH] bcache: remove the backing_dev_name field from struct + cached_dev +Git-commit: 0f5cd7815f7f4bb1dd340a9aeb9b9d6a7c7eec22 +Patch-mainline: v5.16-rc1 +References: git-fixes + +Just use the %pg format specifier to print the name directly. + +Signed-off-by: Christoph Hellwig +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20211020143812.6403-7-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/bcache.h | 2 -- + drivers/md/bcache/debug.c | 4 ++-- + drivers/md/bcache/io.c | 8 +++---- + drivers/md/bcache/request.c | 4 ++-- + drivers/md/bcache/super.c | 48 ++++++++++++++++--------------------- + drivers/md/bcache/sysfs.c | 2 +- + 6 files changed, 29 insertions(+), 39 deletions(-) + +diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h +index 47ff9ecea2e2..941685409c68 100644 +--- a/drivers/md/bcache/bcache.h ++++ b/drivers/md/bcache/bcache.h +@@ -395,8 +395,6 @@ struct cached_dev { + atomic_t io_errors; + unsigned int error_limit; + unsigned int offline_seconds; +- +- char backing_dev_name[BDEVNAME_SIZE]; + }; + + enum alloc_reserve { +diff --git a/drivers/md/bcache/debug.c b/drivers/md/bcache/debug.c +index 116edda845c3..e803cad864be 100644 +--- a/drivers/md/bcache/debug.c ++++ b/drivers/md/bcache/debug.c +@@ -137,8 +137,8 @@ void bch_data_verify(struct cached_dev *dc, struct bio *bio) + p2 + bv.bv_offset, + bv.bv_len), + dc->disk.c, +- "verify failed at dev %s sector %llu", +- dc->backing_dev_name, ++ "verify failed at dev %pg sector %llu", ++ dc->bdev, + (uint64_t) bio->bi_iter.bi_sector); + + kunmap_atomic(p1); +diff --git a/drivers/md/bcache/io.c b/drivers/md/bcache/io.c +index 564357de7640..9c6f9ec55b72 100644 +--- a/drivers/md/bcache/io.c ++++ b/drivers/md/bcache/io.c +@@ -65,15 +65,15 @@ void bch_count_backing_io_errors(struct cached_dev *dc, struct bio *bio) + * we shouldn't count failed REQ_RAHEAD bio to dc->io_errors. + */ + if (bio->bi_opf & REQ_RAHEAD) { +- pr_warn_ratelimited("%s: Read-ahead I/O failed on backing device, ignore\n", +- dc->backing_dev_name); ++ pr_warn_ratelimited("%pg: Read-ahead I/O failed on backing device, ignore\n", ++ dc->bdev); + return; + } + + errors = atomic_add_return(1, &dc->io_errors); + if (errors < dc->error_limit) +- pr_err("%s: IO error on backing device, unrecoverable\n", +- dc->backing_dev_name); ++ pr_err("%pg: IO error on backing device, unrecoverable\n", ++ dc->bdev); + else + bch_cached_dev_error(dc); + } +diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c +index 23b28edae90f..f86909a66ac6 100644 +--- a/drivers/md/bcache/request.c ++++ b/drivers/md/bcache/request.c +@@ -651,8 +651,8 @@ static void backing_request_endio(struct bio *bio) + */ + if (unlikely(s->iop.writeback && + bio->bi_opf & REQ_PREFLUSH)) { +- pr_err("Can't flush %s: returned bi_status %i\n", +- dc->backing_dev_name, bio->bi_status); ++ pr_err("Can't flush %pg: returned bi_status %i\n", ++ dc->bdev, bio->bi_status); + } else { + /* set to orig_bio->bi_status in bio_complete() */ + s->iop.status = bio->bi_status; +diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c +index 88cdce218f5c..dc35f6e1d8d3 100644 +--- a/drivers/md/bcache/super.c ++++ b/drivers/md/bcache/super.c +@@ -1026,8 +1026,8 @@ static int cached_dev_status_update(void *arg) + dc->offline_seconds = 0; + + if (dc->offline_seconds >= BACKING_DEV_OFFLINE_TIMEOUT) { +- pr_err("%s: device offline for %d seconds\n", +- dc->backing_dev_name, ++ pr_err("%pg: device offline for %d seconds\n", ++ dc->bdev, + BACKING_DEV_OFFLINE_TIMEOUT); + pr_err("%s: disable I/O request due to backing device offline\n", + dc->disk.name); +@@ -1058,15 +1058,13 @@ int bch_cached_dev_run(struct cached_dev *dc) + }; + + if (dc->io_disable) { +- pr_err("I/O disabled on cached dev %s\n", +- dc->backing_dev_name); ++ pr_err("I/O disabled on cached dev %pg\n", dc->bdev); + ret = -EIO; + goto out; + } + + if (atomic_xchg(&dc->running, 1)) { +- pr_info("cached dev %s is running already\n", +- dc->backing_dev_name); ++ pr_info("cached dev %pg is running already\n", dc->bdev); + ret = -EBUSY; + goto out; + } +@@ -1163,7 +1161,7 @@ static void cached_dev_detach_finish(struct work_struct *w) + + mutex_unlock(&bch_register_lock); + +- pr_info("Caching disabled for %s\n", dc->backing_dev_name); ++ pr_info("Caching disabled for %pg\n", dc->bdev); + + /* Drop ref we took in cached_dev_detach() */ + closure_put(&dc->disk.cl); +@@ -1203,29 +1201,27 @@ int bch_cached_dev_attach(struct cached_dev *dc, struct cache_set *c, + return -ENOENT; + + if (dc->disk.c) { +- pr_err("Can't attach %s: already attached\n", +- dc->backing_dev_name); ++ pr_err("Can't attach %pg: already attached\n", dc->bdev); + return -EINVAL; + } + + if (test_bit(CACHE_SET_STOPPING, &c->flags)) { +- pr_err("Can't attach %s: shutting down\n", +- dc->backing_dev_name); ++ pr_err("Can't attach %pg: shutting down\n", dc->bdev); + return -EINVAL; + } + + if (dc->sb.block_size < c->cache->sb.block_size) { + /* Will die */ +- pr_err("Couldn't attach %s: block size less than set's block size\n", +- dc->backing_dev_name); ++ pr_err("Couldn't attach %pg: block size less than set's block size\n", ++ dc->bdev); + return -EINVAL; + } + + /* Check whether already attached */ + list_for_each_entry_safe(exist_dc, t, &c->cached_devs, list) { + if (!memcmp(dc->sb.uuid, exist_dc->sb.uuid, 16)) { +- pr_err("Tried to attach %s but duplicate UUID already attached\n", +- dc->backing_dev_name); ++ pr_err("Tried to attach %pg but duplicate UUID already attached\n", ++ dc->bdev); + + return -EINVAL; + } +@@ -1243,15 +1239,13 @@ int bch_cached_dev_attach(struct cached_dev *dc, struct cache_set *c, + + if (!u) { + if (BDEV_STATE(&dc->sb) == BDEV_STATE_DIRTY) { +- pr_err("Couldn't find uuid for %s in set\n", +- dc->backing_dev_name); ++ pr_err("Couldn't find uuid for %pg in set\n", dc->bdev); + return -ENOENT; + } + + u = uuid_find_empty(c); + if (!u) { +- pr_err("Not caching %s, no room for UUID\n", +- dc->backing_dev_name); ++ pr_err("Not caching %pg, no room for UUID\n", dc->bdev); + return -EINVAL; + } + } +@@ -1319,8 +1313,7 @@ int bch_cached_dev_attach(struct cached_dev *dc, struct cache_set *c, + */ + kthread_stop(dc->writeback_thread); + cancel_writeback_rate_update_dwork(dc); +- pr_err("Couldn't run cached device %s\n", +- dc->backing_dev_name); ++ pr_err("Couldn't run cached device %pg\n", dc->bdev); + return ret; + } + +@@ -1336,8 +1329,8 @@ int bch_cached_dev_attach(struct cached_dev *dc, struct cache_set *c, + /* Allow the writeback thread to proceed */ + up_write(&dc->writeback_lock); + +- pr_info("Caching %s as %s on set %pU\n", +- dc->backing_dev_name, ++ pr_info("Caching %pg as %s on set %pU\n", ++ dc->bdev, + dc->disk.disk->disk_name, + dc->disk.c->set_uuid); + return 0; +@@ -1461,7 +1454,6 @@ static int register_bdev(struct cache_sb *sb, struct cache_sb_disk *sb_disk, + struct cache_set *c; + int ret = -ENOMEM; + +- bdevname(bdev, dc->backing_dev_name); + memcpy(&dc->sb, sb, sizeof(struct cache_sb)); + dc->bdev = bdev; + dc->bdev->bd_holder = dc; +@@ -1476,7 +1468,7 @@ static int register_bdev(struct cache_sb *sb, struct cache_sb_disk *sb_disk, + if (bch_cache_accounting_add_kobjs(&dc->accounting, &dc->disk.kobj)) + goto err; + +- pr_info("registered backing device %s\n", dc->backing_dev_name); ++ pr_info("registered backing device %pg\n", dc->bdev); + + list_add(&dc->list, &uncached_devices); + /* attach to a matched cache set if it exists */ +@@ -1493,7 +1485,7 @@ static int register_bdev(struct cache_sb *sb, struct cache_sb_disk *sb_disk, + + return 0; + err: +- pr_notice("error %s: %s\n", dc->backing_dev_name, err); ++ pr_notice("error %pg: %s\n", dc->bdev, err); + bcache_device_stop(&dc->disk); + return ret; + } +@@ -1621,8 +1613,8 @@ bool bch_cached_dev_error(struct cached_dev *dc) + /* make others know io_disable is true earlier */ + smp_mb(); + +- pr_err("stop %s: too many IO errors on backing device %s\n", +- dc->disk.disk->disk_name, dc->backing_dev_name); ++ pr_err("stop %s: too many IO errors on backing device %pg\n", ++ dc->disk.disk->disk_name, dc->bdev); + + bcache_device_stop(&dc->disk); + return true; +diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c +index 05ac1d6fbbf3..1f0dce30fa75 100644 +--- a/drivers/md/bcache/sysfs.c ++++ b/drivers/md/bcache/sysfs.c +@@ -271,7 +271,7 @@ SHOW(__bch_cached_dev) + } + + if (attr == &sysfs_backing_dev_name) { +- snprintf(buf, BDEVNAME_SIZE + 1, "%s", dc->backing_dev_name); ++ snprintf(buf, BDEVNAME_SIZE + 1, "%pg", dc->bdev); + strcat(buf, "\n"); + return strlen(buf); + } +-- +2.35.3 + diff --git a/patches.suse/bcache-remove-the-cache_dev_name-field-from-struct-c-7e84.patch b/patches.suse/bcache-remove-the-cache_dev_name-field-from-struct-c-7e84.patch new file mode 100644 index 0000000..26163c9 --- /dev/null +++ b/patches.suse/bcache-remove-the-cache_dev_name-field-from-struct-c-7e84.patch @@ -0,0 +1,97 @@ +From 7e84c2150731faec088ebfe33459f61d118b2497 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Wed, 20 Oct 2021 22:38:09 +0800 +Subject: [PATCH] bcache: remove the cache_dev_name field from struct cache +Git-commit: 7e84c2150731faec088ebfe33459f61d118b2497 +Patch-mainline: v5.16-rc1 +References: git-fixes + +Just use the %pg format specifier to print the name directly. + +Signed-off-by: Christoph Hellwig +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20211020143812.6403-6-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/bcache.h | 2 -- + drivers/md/bcache/io.c | 8 ++++---- + drivers/md/bcache/super.c | 7 +++---- + 3 files changed, 7 insertions(+), 10 deletions(-) + +diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h +index 5fc989a6d452..47ff9ecea2e2 100644 +--- a/drivers/md/bcache/bcache.h ++++ b/drivers/md/bcache/bcache.h +@@ -470,8 +470,6 @@ struct cache { + atomic_long_t meta_sectors_written; + atomic_long_t btree_sectors_written; + atomic_long_t sectors_written; +- +- char cache_dev_name[BDEVNAME_SIZE]; + }; + + struct gc_stat { +diff --git a/drivers/md/bcache/io.c b/drivers/md/bcache/io.c +index e4388fe3ab7e..564357de7640 100644 +--- a/drivers/md/bcache/io.c ++++ b/drivers/md/bcache/io.c +@@ -123,13 +123,13 @@ void bch_count_io_errors(struct cache *ca, + errors >>= IO_ERROR_SHIFT; + + if (errors < ca->set->error_limit) +- pr_err("%s: IO error on %s%s\n", +- ca->cache_dev_name, m, ++ pr_err("%pg: IO error on %s%s\n", ++ ca->bdev, m, + is_read ? ", recovering." : "."); + else + bch_cache_set_error(ca->set, +- "%s: too many IO errors %s\n", +- ca->cache_dev_name, m); ++ "%pg: too many IO errors %s\n", ++ ca->bdev, m); + } + } + +diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c +index dced2ea17431..88cdce218f5c 100644 +--- a/drivers/md/bcache/super.c ++++ b/drivers/md/bcache/super.c +@@ -2338,7 +2338,7 @@ static int cache_alloc(struct cache *ca) + err_free: + module_put(THIS_MODULE); + if (err) +- pr_notice("error %s: %s\n", ca->cache_dev_name, err); ++ pr_notice("error %pg: %s\n", ca->bdev, err); + return ret; + } + +@@ -2348,7 +2348,6 @@ static int register_cache(struct cache_sb *sb, struct cache_sb_disk *sb_disk, + const char *err = NULL; /* must be set for any error case */ + int ret = 0; + +- bdevname(bdev, ca->cache_dev_name); + memcpy(&ca->sb, sb, sizeof(struct cache_sb)); + ca->bdev = bdev; + ca->bdev->bd_holder = ca; +@@ -2390,14 +2389,14 @@ static int register_cache(struct cache_sb *sb, struct cache_sb_disk *sb_disk, + goto out; + } + +- pr_info("registered cache device %s\n", ca->cache_dev_name); ++ pr_info("registered cache device %pg\n", ca->bdev); + + out: + kobject_put(&ca->kobj); + + err: + if (err) +- pr_notice("error %s: %s\n", ca->cache_dev_name, err); ++ pr_notice("error %pg: %s\n", ca->bdev, err); + + return ret; + } +-- +2.35.3 + diff --git a/patches.suse/bcache-remove-unnecessary-flush_workqueue-97d2.patch b/patches.suse/bcache-remove-unnecessary-flush_workqueue-97d2.patch new file mode 100644 index 0000000..031dcd3 --- /dev/null +++ b/patches.suse/bcache-remove-unnecessary-flush_workqueue-97d2.patch @@ -0,0 +1,40 @@ +From 97d26ae764a43bfaf870312761a0a0f9b49b6351 Mon Sep 17 00:00:00 2001 +From: Li Lei +Date: Tue, 20 Sep 2022 00:16:43 +0800 +Subject: [PATCH] bcache: remove unnecessary flush_workqueue +Git-commit: 97d26ae764a43bfaf870312761a0a0f9b49b6351 +Patch-mainline: v6.1-rc1 +References: git-fixes + +All pending works will be drained by destroy_workqueue(), no need to call +flush_workqueue() explicitly. + +Signed-off-by: Li Lei +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20220919161647.81238-2-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/writeback.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c +index 3f0ff3aab6f2..647661005176 100644 +--- a/drivers/md/bcache/writeback.c ++++ b/drivers/md/bcache/writeback.c +@@ -801,10 +801,9 @@ static int bch_writeback_thread(void *arg) + } + } + +- if (dc->writeback_write_wq) { +- flush_workqueue(dc->writeback_write_wq); ++ if (dc->writeback_write_wq) + destroy_workqueue(dc->writeback_write_wq); +- } ++ + cached_dev_put(dc); + wait_for_kthread_stop(); + +-- +2.35.3 + diff --git a/patches.suse/bcache-remove-unused-bch_mark_cache_readahead-functi-d86b.patch b/patches.suse/bcache-remove-unused-bch_mark_cache_readahead-functi-d86b.patch new file mode 100644 index 0000000..f19ad64 --- /dev/null +++ b/patches.suse/bcache-remove-unused-bch_mark_cache_readahead-functi-d86b.patch @@ -0,0 +1,37 @@ +From d86b4e6dc88826f2b5cfa90c4ebbccb19a88bc39 Mon Sep 17 00:00:00 2001 +From: Lin Feng +Date: Tue, 20 Sep 2022 00:16:44 +0800 +Subject: [PATCH] bcache: remove unused bch_mark_cache_readahead function def + in stats.h +Git-commit: d86b4e6dc88826f2b5cfa90c4ebbccb19a88bc39 +Patch-mainline: v6.1-rc1 +References: git-fixes + +This is a cleanup for commit 1616a4c2ab1a ("bcache: remove bcache device +self-defined readahead")', currently no user for +bch_mark_cache_readahead() since that commit. + +Signed-off-by: Lin Feng +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20220919161647.81238-3-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/stats.h | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/drivers/md/bcache/stats.h b/drivers/md/bcache/stats.h +index ca4f435f7216..bd3afc856d53 100644 +--- a/drivers/md/bcache/stats.h ++++ b/drivers/md/bcache/stats.h +@@ -54,7 +54,6 @@ void bch_cache_accounting_destroy(struct cache_accounting *acc); + + void bch_mark_cache_accounting(struct cache_set *c, struct bcache_device *d, + bool hit, bool bypass); +-void bch_mark_cache_readahead(struct cache_set *c, struct bcache_device *d); + void bch_mark_cache_miss_collision(struct cache_set *c, + struct bcache_device *d); + void bch_mark_sectors_bypassed(struct cache_set *c, +-- +2.35.3 + diff --git a/patches.suse/bcache-replace-a-mistaken-IS_ERR-by-IS_ERR_OR_NULL-i-f72f.patch b/patches.suse/bcache-replace-a-mistaken-IS_ERR-by-IS_ERR_OR_NULL-i-f72f.patch new file mode 100644 index 0000000..73c2540 --- /dev/null +++ b/patches.suse/bcache-replace-a-mistaken-IS_ERR-by-IS_ERR_OR_NULL-i-f72f.patch @@ -0,0 +1,57 @@ +From f72f4312d4388376fc8a1f6cf37cb21a0d41758b Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Mon, 20 Nov 2023 13:25:01 +0800 +Subject: [PATCH] bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in + btree_gc_coalesce() +Git-commit: f72f4312d4388376fc8a1f6cf37cb21a0d41758b +Patch-mainline: v6.7-rc3 +References: git-fixes + +Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in +node allocations") do the following change inside btree_gc_coalesce(), + +31 @@ -1340,7 +1340,7 @@ static int btree_gc_coalesce( +32 memset(new_nodes, 0, sizeof(new_nodes)); +33 closure_init_stack(&cl); +34 +35 - while (nodes < GC_MERGE_NODES && !IS_ERR_OR_NULL(r[nodes].b)) +36 + while (nodes < GC_MERGE_NODES && !IS_ERR(r[nodes].b)) +37 keys += r[nodes++].keys; +38 +39 blocks = btree_default_blocks(b->c) * 2 / 3; + +At line 35 the original r[nodes].b is not always allocatored from +__bch_btree_node_alloc(), and possibly initialized as NULL pointer by +caller of btree_gc_coalesce(). Therefore the change at line 36 is not +correct. + +This patch replaces the mistaken IS_ERR() by IS_ERR_OR_NULL() to avoid +potential issue. + +Fixes: 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations") +Cc: # 6.5+ +Cc: Zheng Wang +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20231120052503.6122-9-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/btree.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c +index de8d552201dc..79f1fa4a0d55 100644 +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -1368,7 +1368,7 @@ static int btree_gc_coalesce(struct btree *b, struct btree_op *op, + memset(new_nodes, 0, sizeof(new_nodes)); + closure_init_stack(&cl); + +- while (nodes < GC_MERGE_NODES && !IS_ERR(r[nodes].b)) ++ while (nodes < GC_MERGE_NODES && !IS_ERR_OR_NULL(r[nodes].b)) + keys += r[nodes++].keys; + + blocks = btree_default_blocks(b->c) * 2 / 3; +-- +2.35.3 + diff --git a/patches.suse/bcache-replace-snprintf-in-show-functions-with-sysfs-1b86.patch b/patches.suse/bcache-replace-snprintf-in-show-functions-with-sysfs-1b86.patch new file mode 100644 index 0000000..3c88284 --- /dev/null +++ b/patches.suse/bcache-replace-snprintf-in-show-functions-with-sysfs-1b86.patch @@ -0,0 +1,92 @@ +From 1b86db5f4e025840e0bf7cef2b10e84531954386 Mon Sep 17 00:00:00 2001 +From: Qing Wang +Date: Fri, 29 Oct 2021 14:09:30 +0800 +Subject: [PATCH] bcache: replace snprintf in show functions with sysfs_emit +Git-commit: 1b86db5f4e025840e0bf7cef2b10e84531954386 +Patch-mainline: v5.16-rc1 +References: git-fixes + +coccicheck complains about the use of snprintf() in sysfs show functions. + +Fix the following coccicheck warning: +drivers/md/bcache/sysfs.h:54:12-20: WARNING: use scnprintf or sprintf. + +Implement sysfs_print() by sysfs_emit() and remove snprint() since no one +uses it any more. + +Suggested-by: Coly Li +Signed-off-by: Qing Wang +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20211029060930.119923-3-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/sysfs.h | 18 ++++++++++++++++-- + drivers/md/bcache/util.h | 17 ----------------- + 2 files changed, 16 insertions(+), 19 deletions(-) + +diff --git a/drivers/md/bcache/sysfs.h b/drivers/md/bcache/sysfs.h +index 215df32f567b..c1752ba2e05b 100644 +--- a/drivers/md/bcache/sysfs.h ++++ b/drivers/md/bcache/sysfs.h +@@ -51,13 +51,27 @@ STORE(fn) \ + #define sysfs_printf(file, fmt, ...) \ + do { \ + if (attr == &sysfs_ ## file) \ +- return snprintf(buf, PAGE_SIZE, fmt "\n", __VA_ARGS__); \ ++ return sysfs_emit(buf, fmt "\n", __VA_ARGS__); \ + } while (0) + + #define sysfs_print(file, var) \ + do { \ + if (attr == &sysfs_ ## file) \ +- return snprint(buf, PAGE_SIZE, var); \ ++ return sysfs_emit(buf, \ ++ __builtin_types_compatible_p(typeof(var), int) \ ++ ? "%i\n" : \ ++ __builtin_types_compatible_p(typeof(var), unsigned int) \ ++ ? "%u\n" : \ ++ __builtin_types_compatible_p(typeof(var), long) \ ++ ? "%li\n" : \ ++ __builtin_types_compatible_p(typeof(var), unsigned long)\ ++ ? "%lu\n" : \ ++ __builtin_types_compatible_p(typeof(var), int64_t) \ ++ ? "%lli\n" : \ ++ __builtin_types_compatible_p(typeof(var), uint64_t) \ ++ ? "%llu\n" : \ ++ __builtin_types_compatible_p(typeof(var), const char *) \ ++ ? "%s\n" : "%i\n", var); \ + } while (0) + + #define sysfs_hprint(file, val) \ +diff --git a/drivers/md/bcache/util.h b/drivers/md/bcache/util.h +index 6274d6a17e5e..cdb165517d0b 100644 +--- a/drivers/md/bcache/util.h ++++ b/drivers/md/bcache/util.h +@@ -340,23 +340,6 @@ static inline int bch_strtoul_h(const char *cp, long *res) + _r; \ + }) + +-#define snprint(buf, size, var) \ +- snprintf(buf, size, \ +- __builtin_types_compatible_p(typeof(var), int) \ +- ? "%i\n" : \ +- __builtin_types_compatible_p(typeof(var), unsigned int) \ +- ? "%u\n" : \ +- __builtin_types_compatible_p(typeof(var), long) \ +- ? "%li\n" : \ +- __builtin_types_compatible_p(typeof(var), unsigned long)\ +- ? "%lu\n" : \ +- __builtin_types_compatible_p(typeof(var), int64_t) \ +- ? "%lli\n" : \ +- __builtin_types_compatible_p(typeof(var), uint64_t) \ +- ? "%llu\n" : \ +- __builtin_types_compatible_p(typeof(var), const char *) \ +- ? "%s\n" : "%i\n", var) +- + ssize_t bch_hprint(char *buf, int64_t v); + + bool bch_is_zero(const char *p, size_t n); +-- +2.35.3 + diff --git a/patches.suse/bcache-revert-replacing-IS_ERR_OR_NULL-with-IS_ERR-bb6c.patch b/patches.suse/bcache-revert-replacing-IS_ERR_OR_NULL-with-IS_ERR-bb6c.patch new file mode 100644 index 0000000..1cecfaf --- /dev/null +++ b/patches.suse/bcache-revert-replacing-IS_ERR_OR_NULL-with-IS_ERR-bb6c.patch @@ -0,0 +1,76 @@ +From bb6cc253861bd5a7cf8439e2118659696df9619f Mon Sep 17 00:00:00 2001 +From: Markus Weippert +Date: Fri, 24 Nov 2023 16:14:37 +0100 +Subject: [PATCH] bcache: revert replacing IS_ERR_OR_NULL with IS_ERR +Git-commit: bb6cc253861bd5a7cf8439e2118659696df9619f +Patch-mainline: v6.7-rc4 +References: git-fixes + +Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in +node allocations") replaced IS_ERR_OR_NULL by IS_ERR. This leads to a +NULL pointer dereference. + +Bug: kernel NULL pointer dereference, address: 0000000000000080 +Call Trace: + ? __die_body.cold+0x1a/0x1f + ? page_fault_oops+0xd2/0x2b0 + ? exc_page_fault+0x70/0x170 + ? asm_exc_page_fault+0x22/0x30 + ? btree_node_free+0xf/0x160 [bcache] + ? up_write+0x32/0x60 + btree_gc_coalesce+0x2aa/0x890 [bcache] + ? bch_extent_bad+0x70/0x170 [bcache] + btree_gc_recurse+0x130/0x390 [bcache] + ? btree_gc_mark_node+0x72/0x230 [bcache] + bch_btree_gc+0x5da/0x600 [bcache] + ? cpuusage_read+0x10/0x10 + ? bch_btree_gc+0x600/0x600 [bcache] + bch_gc_thread+0x135/0x180 [bcache] + +The relevant code starts with: + + new_nodes[0] = NULL; + + for (i = 0; i < nodes; i++) { + if (__bch_keylist_realloc(&keylist, bkey_u64s(&r[i].b->key))) + goto out_nocoalesce; + // ... +Out_nocoalesce: // ... + for (i = 0; i < nodes; i++) + if (!IS_ERR(new_nodes[i])) { // IS_ERR_OR_NULL before +028ddcac477b + btree_node_free(new_nodes[i]); // new_nodes[0] is NULL + rw_unlock(true, new_nodes[i]); + } + +This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this. + +Fixes: 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations") +Link: https://lore.kernel.org/all/3DF4A87A-2AC1-4893-AE5F-E921478419A9@suse.de/ +Cc: stable@vger.kernel.org +Cc: Zheng Wang +Cc: Coly Li +Signed-off-by: Markus Weippert +Signed-off-by: Jens Axboe +Signed-off-by: Coly Li + +--- + drivers/md/bcache/btree.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c +index de3019972b35..261596791218 100644 +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -1522,7 +1522,7 @@ static int btree_gc_coalesce(struct btree *b, struct btree_op *op, + bch_keylist_free(&keylist); + + for (i = 0; i < nodes; i++) +- if (!IS_ERR(new_nodes[i])) { ++ if (!IS_ERR_OR_NULL(new_nodes[i])) { + btree_node_free(new_nodes[i]); + rw_unlock(true, new_nodes[i]); + } +-- +2.35.3 + diff --git a/patches.suse/bcache-use-bvec_kmap_local-in-bch_data_verify-0038.patch b/patches.suse/bcache-use-bvec_kmap_local-in-bch_data_verify-0038.patch new file mode 100644 index 0000000..560a27b --- /dev/null +++ b/patches.suse/bcache-use-bvec_kmap_local-in-bch_data_verify-0038.patch @@ -0,0 +1,57 @@ +From 00387bd21dac98f9e793294c895768d9e5441f82 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Wed, 20 Oct 2021 22:38:11 +0800 +Subject: [PATCH] bcache: use bvec_kmap_local in bch_data_verify +Git-commit: 00387bd21dac98f9e793294c895768d9e5441f82 +Patch-mainline: v5.16-rc1 +References: git-fixes + +Using local kmaps slightly reduces the chances to stray writes, and +the bvec interface cleans up the code a little bit. + +Also switch from page_address to bvec_kmap_local for cbv to be on the +safe side and to avoid pointlessly poking into bvec internals. + +Signed-off-by: Christoph Hellwig +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20211020143812.6403-8-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/debug.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/drivers/md/bcache/debug.c b/drivers/md/bcache/debug.c +index e803cad864be..6230dfdd9286 100644 +--- a/drivers/md/bcache/debug.c ++++ b/drivers/md/bcache/debug.c +@@ -127,21 +127,20 @@ void bch_data_verify(struct cached_dev *dc, struct bio *bio) + + citer.bi_size = UINT_MAX; + bio_for_each_segment(bv, bio, iter) { +- void *p1 = kmap_atomic(bv.bv_page); ++ void *p1 = bvec_kmap_local(&bv); + void *p2; + + cbv = bio_iter_iovec(check, citer); +- p2 = page_address(cbv.bv_page); ++ p2 = bvec_kmap_local(&cbv); + +- cache_set_err_on(memcmp(p1 + bv.bv_offset, +- p2 + bv.bv_offset, +- bv.bv_len), ++ cache_set_err_on(memcmp(p1, p2, bv.bv_len), + dc->disk.c, + "verify failed at dev %pg sector %llu", + dc->bdev, + (uint64_t) bio->bi_iter.bi_sector); + +- kunmap_atomic(p1); ++ kunmap_local(p2); ++ kunmap_local(p1); + bio_advance_iter(check, &citer, bv.bv_len); + } + +-- +2.35.3 + diff --git a/patches.suse/bcache-use-bvec_kmap_local-in-bio_csum-07fe.patch b/patches.suse/bcache-use-bvec_kmap_local-in-bio_csum-07fe.patch new file mode 100644 index 0000000..0d83619 --- /dev/null +++ b/patches.suse/bcache-use-bvec_kmap_local-in-bio_csum-07fe.patch @@ -0,0 +1,41 @@ +From 07fee7aba5472d0e65345146a68b4bd1a8b656c3 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Thu, 3 Mar 2022 14:19:02 +0300 +Subject: [PATCH] bcache: use bvec_kmap_local in bio_csum +Git-commit: 07fee7aba5472d0e65345146a68b4bd1a8b656c3 +Patch-mainline: v5.18-rc1 +References: git-fixes + +Using local kmaps slightly reduces the chances to stray writes, and +the bvec interface cleans up the code a little bit. + +Signed-off-by: Christoph Hellwig +Reviewed-by: Ira Weiny +Link: https://lore.kernel.org/r/20220303111905.321089-8-hch@lst.de +Signed-off-by: Jens Axboe +Signed-off-by: Coly Li + +--- + drivers/md/bcache/request.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c +index 6869e010475a..fdd0194f84dd 100644 +--- a/drivers/md/bcache/request.c ++++ b/drivers/md/bcache/request.c +@@ -44,10 +44,10 @@ static void bio_csum(struct bio *bio, struct bkey *k) + uint64_t csum = 0; + + bio_for_each_segment(bv, bio, iter) { +- void *d = kmap(bv.bv_page) + bv.bv_offset; ++ void *d = bvec_kmap_local(&bv); + + csum = crc64_be(csum, d, bv.bv_len); +- kunmap(bv.bv_page); ++ kunmap_local(d); + } + + k->ptr[KEY_PTRS(k)] = csum & (~0ULL >> 1); +-- +2.35.3 + diff --git a/patches.suse/bcache-use-default_groups-in-kobj_type-fa97.patch b/patches.suse/bcache-use-default_groups-in-kobj_type-fa97.patch new file mode 100644 index 0000000..be6de6d --- /dev/null +++ b/patches.suse/bcache-use-default_groups-in-kobj_type-fa97.patch @@ -0,0 +1,147 @@ +From fa97cb843cfb874c50cd1dcc46a2f28187e184e9 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Thu, 6 Jan 2022 11:00:04 +0100 +Subject: [PATCH] bcache: use default_groups in kobj_type +Git-commit: fa97cb843cfb874c50cd1dcc46a2f28187e184e9 +Patch-mainline: v5.18-rc1 +References: git-fixes + +There are currently 2 ways to create a set of sysfs files for a +kobj_type, through the default_attrs field, and the default_groups +field. Move the bcache sysfs code to use default_groups field which has +been the preferred way since aa30f47cf666 ("kobject: Add support for +default attribute groups to kobj_type") so that we can soon get rid of +the obsolete default_attrs field. + +Cc: Kent Overstreet +Cc: linux-bcache@vger.kernel.org +Acked-by: Coly Li +Link: https://lore.kernel.org/r/20220106100004.3277439-1-gregkh@linuxfoundation.org +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Coly Li + +--- + drivers/md/bcache/stats.c | 3 ++- + drivers/md/bcache/sysfs.c | 15 ++++++++++----- + drivers/md/bcache/sysfs.h | 2 +- + 3 files changed, 13 insertions(+), 7 deletions(-) + +diff --git a/drivers/md/bcache/stats.c b/drivers/md/bcache/stats.c +index 4c7ee5fedb9d..68b02216033d 100644 +--- a/drivers/md/bcache/stats.c ++++ b/drivers/md/bcache/stats.c +@@ -78,7 +78,7 @@ static void bch_stats_release(struct kobject *k) + { + } + +-static struct attribute *bch_stats_files[] = { ++static struct attribute *bch_stats_attrs[] = { + &sysfs_cache_hits, + &sysfs_cache_misses, + &sysfs_cache_bypass_hits, +@@ -88,6 +88,7 @@ static struct attribute *bch_stats_files[] = { + &sysfs_bypassed, + NULL + }; ++ATTRIBUTE_GROUPS(bch_stats); + static KTYPE(bch_stats); + + int bch_cache_accounting_add_kobjs(struct cache_accounting *acc, +diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c +index 1f0dce30fa75..d1029d71ff3b 100644 +--- a/drivers/md/bcache/sysfs.c ++++ b/drivers/md/bcache/sysfs.c +@@ -500,7 +500,7 @@ STORE(bch_cached_dev) + return size; + } + +-static struct attribute *bch_cached_dev_files[] = { ++static struct attribute *bch_cached_dev_attrs[] = { + &sysfs_attach, + &sysfs_detach, + &sysfs_stop, +@@ -543,6 +543,7 @@ static struct attribute *bch_cached_dev_files[] = { + &sysfs_backing_dev_uuid, + NULL + }; ++ATTRIBUTE_GROUPS(bch_cached_dev); + KTYPE(bch_cached_dev); + + SHOW(bch_flash_dev) +@@ -600,7 +601,7 @@ STORE(__bch_flash_dev) + } + STORE_LOCKED(bch_flash_dev) + +-static struct attribute *bch_flash_dev_files[] = { ++static struct attribute *bch_flash_dev_attrs[] = { + &sysfs_unregister, + #if 0 + &sysfs_data_csum, +@@ -609,6 +610,7 @@ static struct attribute *bch_flash_dev_files[] = { + &sysfs_size, + NULL + }; ++ATTRIBUTE_GROUPS(bch_flash_dev); + KTYPE(bch_flash_dev); + + struct bset_stats_op { +@@ -955,7 +957,7 @@ static void bch_cache_set_internal_release(struct kobject *k) + { + } + +-static struct attribute *bch_cache_set_files[] = { ++static struct attribute *bch_cache_set_attrs[] = { + &sysfs_unregister, + &sysfs_stop, + &sysfs_synchronous, +@@ -980,9 +982,10 @@ static struct attribute *bch_cache_set_files[] = { + &sysfs_clear_stats, + NULL + }; ++ATTRIBUTE_GROUPS(bch_cache_set); + KTYPE(bch_cache_set); + +-static struct attribute *bch_cache_set_internal_files[] = { ++static struct attribute *bch_cache_set_internal_attrs[] = { + &sysfs_active_journal_entries, + + sysfs_time_stats_attribute_list(btree_gc, sec, ms) +@@ -1022,6 +1025,7 @@ static struct attribute *bch_cache_set_internal_files[] = { + &sysfs_feature_incompat, + NULL + }; ++ATTRIBUTE_GROUPS(bch_cache_set_internal); + KTYPE(bch_cache_set_internal); + + static int __bch_cache_cmp(const void *l, const void *r) +@@ -1182,7 +1186,7 @@ STORE(__bch_cache) + } + STORE_LOCKED(bch_cache) + +-static struct attribute *bch_cache_files[] = { ++static struct attribute *bch_cache_attrs[] = { + &sysfs_bucket_size, + &sysfs_block_size, + &sysfs_nbuckets, +@@ -1196,4 +1200,5 @@ static struct attribute *bch_cache_files[] = { + &sysfs_cache_replacement_policy, + NULL + }; ++ATTRIBUTE_GROUPS(bch_cache); + KTYPE(bch_cache); +diff --git a/drivers/md/bcache/sysfs.h b/drivers/md/bcache/sysfs.h +index c1752ba2e05b..a2ff6447b699 100644 +--- a/drivers/md/bcache/sysfs.h ++++ b/drivers/md/bcache/sysfs.h +@@ -9,7 +9,7 @@ struct kobj_type type ## _ktype = { \ + .show = type ## _show, \ + .store = type ## _store \ + }), \ +- .default_attrs = type ## _files \ ++ .default_groups = type ## _groups \ + } + + #define SHOW(fn) \ +-- +2.35.3 + diff --git a/patches.suse/bpf-Fix-racing-between-bpf_timer_cancel_and_free-and.patch b/patches.suse/bpf-Fix-racing-between-bpf_timer_cancel_and_free-and.patch new file mode 100644 index 0000000..5ac4b62 --- /dev/null +++ b/patches.suse/bpf-Fix-racing-between-bpf_timer_cancel_and_free-and.patch @@ -0,0 +1,91 @@ +From: Martin KaFai Lau +Date: Thu, 15 Feb 2024 13:12:17 -0800 +Subject: bpf: Fix racing between bpf_timer_cancel_and_free and + bpf_timer_cancel +Patch-mainline: v6.8-rc6 +Git-commit: 0281b919e175bb9c3128bd3872ac2903e9436e3f +References: bsc#1222557 CVE-2024-26737 + +The following race is possible between bpf_timer_cancel_and_free +and bpf_timer_cancel. It will lead a UAF on the timer->timer. + +bpf_timer_cancel(); + spin_lock(); + t = timer->time; + spin_unlock(); + + bpf_timer_cancel_and_free(); + spin_lock(); + t = timer->timer; + timer->timer = NULL; + spin_unlock(); + hrtimer_cancel(&t->timer); + kfree(t); + + /* UAF on t */ + hrtimer_cancel(&t->timer); + +In bpf_timer_cancel_and_free, this patch frees the timer->timer +after a rcu grace period. This requires a rcu_head addition +to the "struct bpf_hrtimer". Another kfree(t) happens in bpf_timer_init, +this does not need a kfree_rcu because it is still under the +spin_lock and timer->timer has not been visible by others yet. + +In bpf_timer_cancel, rcu_read_lock() is added because this helper +can be used in a non rcu critical section context (e.g. from +a sleepable bpf prog). Other timer->timer usages in helpers.c +have been audited, bpf_timer_cancel() is the only place where +timer->timer is used outside of the spin_lock. + +Another solution considered is to mark a t->flag in bpf_timer_cancel +and clear it after hrtimer_cancel() is done. In bpf_timer_cancel_and_free, +it busy waits for the flag to be cleared before kfree(t). This patch +goes with a straight forward solution and frees timer->timer after +a rcu grace period. + +Fixes: b00628b1c7d5 ("bpf: Introduce bpf timers.") +Suggested-by: Alexei Starovoitov +Signed-off-by: Martin KaFai Lau +Signed-off-by: Daniel Borkmann +Acked-by: Hou Tao +Link: https://lore.kernel.org/bpf/20240215211218.990808-1-martin.lau@linux.dev +Acked-by: Shung-Hsi Yu +--- + kernel/bpf/helpers.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/kernel/bpf/helpers.c ++++ b/kernel/bpf/helpers.c +@@ -1100,6 +1100,7 @@ struct bpf_hrtimer { + struct bpf_prog *prog; + void __rcu *callback_fn; + void *value; ++ struct rcu_head rcu; + }; + + /* the actual struct hidden inside uapi struct bpf_timer */ +@@ -1321,6 +1322,7 @@ BPF_CALL_1(bpf_timer_cancel, struct bpf_ + + if (in_nmi()) + return -EOPNOTSUPP; ++ rcu_read_lock(); + __bpf_spin_lock_irqsave(&timer->lock); + t = timer->timer; + if (!t) { +@@ -1342,6 +1344,7 @@ out: + * if it was running. + */ + ret = ret ?: hrtimer_cancel(&t->timer); ++ rcu_read_unlock(); + return ret; + } + +@@ -1396,7 +1399,7 @@ out: + */ + if (this_cpu_read(hrtimer_running) != t) + hrtimer_cancel(&t->timer); +- kfree(t); ++ kfree_rcu(t, rcu); + } + + BPF_CALL_2(bpf_kptr_xchg, void *, map_value, void *, ptr) diff --git a/patches.suse/bpf-sockmap-Prevent-lock-inversion-deadlock-in-map-d.patch b/patches.suse/bpf-sockmap-Prevent-lock-inversion-deadlock-in-map-d.patch index 693ebfc..72c21dc 100644 --- a/patches.suse/bpf-sockmap-Prevent-lock-inversion-deadlock-in-map-d.patch +++ b/patches.suse/bpf-sockmap-Prevent-lock-inversion-deadlock-in-map-d.patch @@ -1,8 +1,7 @@ From: Jakub Sitnicki Date: Tue, 2 Apr 2024 12:46:21 +0200 Subject: bpf, sockmap: Prevent lock inversion deadlock in map delete elem -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git +Patch-mainline: v6.9-rc3 Git-commit: ff91059932401894e6c86341915615c5eb0eca48 References: bsc#1209657 CVE-2023-0160 diff --git a/patches.suse/dm-add-cond_resched-to-dm_wq_work-0ca4.patch b/patches.suse/dm-add-cond_resched-to-dm_wq_work-0ca4.patch new file mode 100644 index 0000000..90e0508 --- /dev/null +++ b/patches.suse/dm-add-cond_resched-to-dm_wq_work-0ca4.patch @@ -0,0 +1,37 @@ +From 0ca44fcef241768fd25ee763b3d203b9852f269b Mon Sep 17 00:00:00 2001 +From: Pingfan Liu +Date: Wed, 15 Feb 2023 19:23:40 +0800 +Subject: [PATCH] dm: add cond_resched() to dm_wq_work() +Git-commit: 0ca44fcef241768fd25ee763b3d203b9852f269b +Patch-mainline: v6.3-rc1 +References: git-fixes + +Otherwise the while() loop in dm_wq_work() can result in a "dead +loop" on systems that have preemption disabled. This is particularly +problematic on single cpu systems. + +Cc: stable@vger.kernel.org +Signed-off-by: Pingfan Liu +Acked-by: Ming Lei +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/md/dm.c b/drivers/md/dm.c +index 90b64bfc63b0..15b91959e433 100644 +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -2570,6 +2570,7 @@ static void dm_wq_work(struct work_struct *work) + break; + + submit_bio_noacct(bio); ++ cond_resched(); + } + } + +-- +2.35.3 + diff --git a/patches.suse/dm-cache-add-cond_resched-to-various-workqueue-loops-7622.patch b/patches.suse/dm-cache-add-cond_resched-to-various-workqueue-loops-7622.patch new file mode 100644 index 0000000..9aa83e3 --- /dev/null +++ b/patches.suse/dm-cache-add-cond_resched-to-various-workqueue-loops-7622.patch @@ -0,0 +1,50 @@ +From 76227f6dc805e9e960128bcc6276647361e0827c Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Thu, 16 Feb 2023 15:31:08 -0500 +Subject: [PATCH] dm cache: add cond_resched() to various workqueue loops +Git-commit: 76227f6dc805e9e960128bcc6276647361e0827c +Patch-mainline: v6.3-rc1 +References: git-fixes + +Otherwise on resource constrained systems these workqueues may be too +greedy. + +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-cache-target.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c +index 23195701dc15..dbbcfa580078 100644 +--- a/drivers/md/dm-cache-target.c ++++ b/drivers/md/dm-cache-target.c +@@ -1829,6 +1829,7 @@ static void process_deferred_bios(struct work_struct *ws) + + else + commit_needed = process_bio(cache, bio) || commit_needed; ++ cond_resched(); + } + + if (commit_needed) +@@ -1852,6 +1853,7 @@ static void requeue_deferred_bios(struct cache *cache) + while ((bio = bio_list_pop(&bios))) { + bio->bi_status = BLK_STS_DM_REQUEUE; + bio_endio(bio); ++ cond_resched(); + } + } + +@@ -1892,6 +1894,8 @@ static void check_migrations(struct work_struct *ws) + r = mg_start(cache, op, NULL); + if (r) + break; ++ ++ cond_resched(); + } + } + +-- +2.35.3 + diff --git a/patches.suse/dm-cache-policy-smq-ensure-IO-doesn-t-prevent-cleane-1e4a.patch b/patches.suse/dm-cache-policy-smq-ensure-IO-doesn-t-prevent-cleane-1e4a.patch new file mode 100644 index 0000000..306720e --- /dev/null +++ b/patches.suse/dm-cache-policy-smq-ensure-IO-doesn-t-prevent-cleane-1e4a.patch @@ -0,0 +1,107 @@ +From 1e4ab7b4c881cf26c1c72b3f56519e03475486fb Mon Sep 17 00:00:00 2001 +From: Joe Thornber +Date: Tue, 25 Jul 2023 11:44:41 -0400 +Subject: [PATCH] dm cache policy smq: ensure IO doesn't prevent cleaner policy + progress +Git-commit: 1e4ab7b4c881cf26c1c72b3f56519e03475486fb +Patch-mainline: v6.5-rc4 +References: git-fixes + +When using the cleaner policy to decommission the cache, there is +never any writeback started from the cache as it is constantly delayed +due to normal I/O keeping the device busy. Meaning @idle=false was +always being passed to clean_target_met() + +Fix this by adding a specific 'cleaner' flag that is set when the +cleaner policy is configured. This flag serves to always allow the +cleaner's writeback work to be queued until the cache is +decommissioned (even if the cache isn't idle). + +Reported-by: David Jeffery +Fixes: b29d4986d0da ("dm cache: significant rework to leverage dm-bio-prison-v2") +Cc: stable@vger.kernel.org +Signed-off-by: Joe Thornber +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-cache-policy-smq.c | 28 ++++++++++++++++++---------- + 1 file changed, 18 insertions(+), 10 deletions(-) + +--- a/drivers/md/dm-cache-policy-smq.c ++++ b/drivers/md/dm-cache-policy-smq.c +@@ -854,7 +854,13 @@ struct smq_policy { + + struct background_tracker *bg_work; + +- bool migrations_allowed; ++ bool migrations_allowed:1; ++ ++ /* ++ * If this is set the policy will try and clean the whole cache ++ * even if the device is not idle. ++ */ ++ bool cleaner:1; + }; + + /*----------------------------------------------------------------*/ +@@ -1135,7 +1141,7 @@ static bool clean_target_met(struct smq_ + * Cache entries may not be populated. So we cannot rely on the + * size of the clean queue. + */ +- if (idle) { ++ if (idle || mq->cleaner) { + /* + * We'd like to clean everything. + */ +@@ -1718,11 +1724,9 @@ static void calc_hotspot_params(sector_t + *hotspot_block_size /= 2u; + } + +-static struct dm_cache_policy *__smq_create(dm_cblock_t cache_size, +- sector_t origin_size, +- sector_t cache_block_size, +- bool mimic_mq, +- bool migrations_allowed) ++static struct dm_cache_policy * ++__smq_create(dm_cblock_t cache_size, sector_t origin_size, sector_t cache_block_size, ++ bool mimic_mq, bool migrations_allowed, bool cleaner) + { + unsigned i; + unsigned nr_sentinels_per_queue = 2u * NR_CACHE_LEVELS; +@@ -1809,6 +1813,7 @@ static struct dm_cache_policy *__smq_cre + goto bad_btracker; + + mq->migrations_allowed = migrations_allowed; ++ mq->cleaner = cleaner; + + return &mq->policy; + +@@ -1832,21 +1837,24 @@ static struct dm_cache_policy *smq_creat + sector_t origin_size, + sector_t cache_block_size) + { +- return __smq_create(cache_size, origin_size, cache_block_size, false, true); ++ return __smq_create(cache_size, origin_size, cache_block_size, ++ false, true, false); + } + + static struct dm_cache_policy *mq_create(dm_cblock_t cache_size, + sector_t origin_size, + sector_t cache_block_size) + { +- return __smq_create(cache_size, origin_size, cache_block_size, true, true); ++ return __smq_create(cache_size, origin_size, cache_block_size, ++ true, true, false); + } + + static struct dm_cache_policy *cleaner_create(dm_cblock_t cache_size, + sector_t origin_size, + sector_t cache_block_size) + { +- return __smq_create(cache_size, origin_size, cache_block_size, false, false); ++ return __smq_create(cache_size, origin_size, cache_block_size, ++ false, false, true); + } + + /*----------------------------------------------------------------*/ diff --git a/patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch b/patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch new file mode 100644 index 0000000..ac36ed5 --- /dev/null +++ b/patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch @@ -0,0 +1,123 @@ +From 65e8fbde64520001abf1c8d0e573561b4746ef38 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Mon, 11 Mar 2024 15:06:39 +0100 +Subject: [PATCH] dm: call the resume method on internal suspend +Git-commit: 65e8fbde64520001abf1c8d0e573561b4746ef38 +Patch-mainline: v6.9-rc1 +References: git-fixes + +There is this reported crash when experimenting with the lvm2 testsuite. +The list corruption is caused by the fact that the postsuspend and resume +methods were not paired correctly; there were two consecutive calls to the +origin_postsuspend function. The second call attempts to remove the +"hash_list" entry from a list, while it was already removed by the first +call. + +Fix __dm_internal_resume so that it calls the preresume and resume +methods of the table's targets. + +If a preresume method of some target fails, we are in a tricky situation. +We can't return an error because dm_internal_resume isn't supposed to +return errors. We can't return success, because then the "resume" and +"postsuspend" methods would not be paired correctly. So, we set the +DMF_SUSPENDED flag and we fake normal suspend - it may confuse userspace +tools, but it won't cause a kernel crash. + +Signed-off-by: Coly Li + +------------[ cut here ]------------ +kernel BUG at lib/list_debug.c:56! +invalid opcode: 0000 [#1] PREEMPT SMP +CPU: 1 PID: 8343 Comm: dmsetup Not tainted 6.8.0-rc6 #4 +Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 +RIP: 0010:__list_del_entry_valid_or_report+0x77/0xc0 + +RSP: 0018:ffff8881b831bcc0 EFLAGS: 00010282 +RAX: 000000000000004e RBX: ffff888143b6eb80 RCX: 0000000000000000 +RDX: 0000000000000001 RSI: ffffffff819053d0 RDI: 00000000ffffffff +RBP: ffff8881b83a3400 R08: 00000000fffeffff R09: 0000000000000058 +R10: 0000000000000000 R11: ffffffff81a24080 R12: 0000000000000001 +R13: ffff88814538e000 R14: ffff888143bc6dc0 R15: ffffffffa02e4bb0 +FS: 00000000f7c0f780(0000) GS:ffff8893f0a40000(0000) knlGS:0000000000000000 +CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 +CR2: 0000000057fb5000 CR3: 0000000143474000 CR4: 00000000000006b0 +Call Trace: + + ? die+0x2d/0x80 + ? do_trap+0xeb/0xf0 + ? __list_del_entry_valid_or_report+0x77/0xc0 + ? do_error_trap+0x60/0x80 + ? __list_del_entry_valid_or_report+0x77/0xc0 + ? exc_invalid_op+0x49/0x60 + ? __list_del_entry_valid_or_report+0x77/0xc0 + ? asm_exc_invalid_op+0x16/0x20 + ? table_deps+0x1b0/0x1b0 [dm_mod] + ? __list_del_entry_valid_or_report+0x77/0xc0 + origin_postsuspend+0x1a/0x50 [dm_snapshot] + dm_table_postsuspend_targets+0x34/0x50 [dm_mod] + dm_suspend+0xd8/0xf0 [dm_mod] + dev_suspend+0x1f2/0x2f0 [dm_mod] + ? table_deps+0x1b0/0x1b0 [dm_mod] + ctl_ioctl+0x300/0x5f0 [dm_mod] + dm_compat_ctl_ioctl+0x7/0x10 [dm_mod] + __x64_compat_sys_ioctl+0x104/0x170 + do_syscall_64+0x184/0x1b0 + entry_SYSCALL_64_after_hwframe+0x46/0x4e +RIP: 0033:0xf7e6aead + +---[ end trace 0000000000000000 ]--- + +Fixes: ffcc39364160 ("dm: enhance internal suspend and resume interface") +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +--- + drivers/md/dm.c | 26 ++++++++++++++++++++------ + 1 file changed, 20 insertions(+), 6 deletions(-) + +diff --git a/drivers/md/dm.c b/drivers/md/dm.c +index 1bed115a7e8e..f1fe8828e1de 100644 +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -2945,6 +2945,9 @@ static void __dm_internal_suspend(struct mapped_device *md, unsigned int suspend + + static void __dm_internal_resume(struct mapped_device *md) + { ++ int r; ++ struct dm_table *map; ++ + BUG_ON(!md->internal_suspend_count); + + if (--md->internal_suspend_count) +@@ -2953,12 +2956,23 @@ static void __dm_internal_resume(struct mapped_device *md) + if (dm_suspended_md(md)) + goto done; /* resume from nested suspend */ + +- /* +- * NOTE: existing callers don't need to call dm_table_resume_targets +- * (which may fail -- so best to avoid it for now by passing NULL map) +- */ +- (void) __dm_resume(md, NULL); +- ++ map = rcu_dereference_protected(md->map, lockdep_is_held(&md->suspend_lock)); ++ r = __dm_resume(md, map); ++ if (r) { ++ /* ++ * If a preresume method of some target failed, we are in a ++ * tricky situation. We can't return an error to the caller. We ++ * can't fake success because then the "resume" and ++ * "postsuspend" methods would not be paired correctly, and it ++ * would break various targets, for example it would cause list ++ * corruption in the "origin" target. ++ * ++ * So, we fake normal suspend here, to make sure that the ++ * "resume" and "postsuspend" methods will be paired correctly. ++ */ ++ DMERR("Preresume method failed: %d", r); ++ set_bit(DMF_SUSPENDED, &md->flags); ++ } + done: + clear_bit(DMF_SUSPENDED_INTERNALLY, &md->flags); + smp_mb__after_atomic(); +-- +2.35.3 + diff --git a/patches.suse/dm-clone-call-kmem_cache_destroy-in-dm_clone_init-er-6827.patch b/patches.suse/dm-clone-call-kmem_cache_destroy-in-dm_clone_init-er-6827.patch new file mode 100644 index 0000000..bdb4efc --- /dev/null +++ b/patches.suse/dm-clone-call-kmem_cache_destroy-in-dm_clone_init-er-6827.patch @@ -0,0 +1,34 @@ +From 6827af4a9a9f5bb664c42abf7c11af4978d72201 Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Tue, 4 Apr 2023 11:59:00 -0400 +Subject: [PATCH] dm clone: call kmem_cache_destroy() in dm_clone_init() error + path +Git-commit: 6827af4a9a9f5bb664c42abf7c11af4978d72201 +Patch-mainline: v6.4-rc1 +References: git-fixes + +Otherwise the _hydration_cache will leak if dm_register_target() fails. + +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-clone-target.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/md/dm-clone-target.c b/drivers/md/dm-clone-target.c +index f38a27604c7a..fc30ebd67622 100644 +--- a/drivers/md/dm-clone-target.c ++++ b/drivers/md/dm-clone-target.c +@@ -2205,6 +2205,7 @@ static int __init dm_clone_init(void) + r = dm_register_target(&clone_target); + if (r < 0) { + DMERR("Failed to register clone target"); ++ kmem_cache_destroy(_hydration_cache); + return r; + } + +-- +2.35.3 + diff --git a/patches.suse/dm-crypt-add-cond_resched-to-dmcrypt_write-fb29.patch b/patches.suse/dm-crypt-add-cond_resched-to-dmcrypt_write-fb29.patch new file mode 100644 index 0000000..469c35c --- /dev/null +++ b/patches.suse/dm-crypt-add-cond_resched-to-dmcrypt_write-fb29.patch @@ -0,0 +1,50 @@ +From fb294b1c0ba982144ca467a75e7d01ff26304e2b Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Mon, 6 Mar 2023 11:17:58 -0500 +Subject: [PATCH] dm crypt: add cond_resched() to dmcrypt_write() +Git-commit: fb294b1c0ba982144ca467a75e7d01ff26304e2b +Patch-mainline: v6.3-rc4 +References: git-fixes + +The loop in dmcrypt_write may be running for unbounded amount of time, +thus we need cond_resched() in it. + +This commit fixes the following warning: + +[ 3391.153255][ C12] watchdog: BUG: soft lockup - CPU#12 stuck for 23s! [dmcrypt_write/2:2897] +... +[ 3391.387210][ C12] Call trace: +[ 3391.390338][ C12] blk_attempt_bio_merge.part.6+0x38/0x158 +[ 3391.395970][ C12] blk_attempt_plug_merge+0xc0/0x1b0 +[ 3391.401085][ C12] blk_mq_submit_bio+0x398/0x550 +[ 3391.405856][ C12] submit_bio_noacct+0x308/0x380 +[ 3391.410630][ C12] dmcrypt_write+0x1e4/0x208 [dm_crypt] +[ 3391.416005][ C12] kthread+0x130/0x138 +[ 3391.419911][ C12] ret_from_fork+0x10/0x18 + +Reported-by: yangerkun +Fixes: dc2676210c42 ("dm crypt: offload writes to thread") +Cc: stable@vger.kernel.org +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-crypt.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c +index 87c5706131f2..faba1be572f9 100644 +--- a/drivers/md/dm-crypt.c ++++ b/drivers/md/dm-crypt.c +@@ -1937,6 +1937,7 @@ static int dmcrypt_write(void *data) + io = crypt_io_from_node(rb_first(&write_tree)); + rb_erase(&io->rb_node, &write_tree); + kcryptd_io_write(io); ++ cond_resched(); + } while (!RB_EMPTY_ROOT(&write_tree)); + blk_finish_plug(&plug); + } +-- +2.35.3 + diff --git a/patches.suse/dm-crypt-avoid-accessing-uninitialized-tasklet-d9a0.patch b/patches.suse/dm-crypt-avoid-accessing-uninitialized-tasklet-d9a0.patch new file mode 100644 index 0000000..ebc2929 --- /dev/null +++ b/patches.suse/dm-crypt-avoid-accessing-uninitialized-tasklet-d9a0.patch @@ -0,0 +1,86 @@ +From d9a02e016aaf5a57fb44e9a5e6da8ccd3b9e2e70 Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Wed, 8 Mar 2023 14:39:54 -0500 +Subject: [PATCH] dm crypt: avoid accessing uninitialized tasklet +Git-commit: d9a02e016aaf5a57fb44e9a5e6da8ccd3b9e2e70 +Patch-mainline: v6.3-rc4 +References: git-fixes + +When neither "no_read_workqueue" nor "no_write_workqueue" are enabled, +tasklet_trylock() in crypt_dec_pending() may still return false due to +an uninitialized state, and dm-crypt will unnecessarily do io completion +in io_queue workqueue instead of current context. + +Fix this by adding an 'in_tasklet' flag to dm_crypt_io struct and +initialize it to false in crypt_io_init(). Set this flag to true in +kcryptd_queue_crypt() before calling tasklet_schedule(). If set +crypt_dec_pending() will punt io completion to a workqueue. + +This also nicely avoids the tasklet_trylock/unlock hack when tasklets +aren't in use. + +Fixes: 8e14f610159d ("dm crypt: do not call bio_endio() from the dm-crypt tasklet") +Cc: stable@vger.kernel.org +Reported-by: Hou Tao +Suggested-by: Ignat Korchagin +Reviewed-by: Ignat Korchagin +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-crypt.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c +index faba1be572f9..2764b4ea18a3 100644 +--- a/drivers/md/dm-crypt.c ++++ b/drivers/md/dm-crypt.c +@@ -72,7 +72,9 @@ struct dm_crypt_io { + struct crypt_config *cc; + struct bio *base_bio; + u8 *integrity_metadata; +- bool integrity_metadata_from_pool; ++ bool integrity_metadata_from_pool:1; ++ bool in_tasklet:1; ++ + struct work_struct work; + struct tasklet_struct tasklet; + +@@ -1731,6 +1733,7 @@ static void crypt_io_init(struct dm_crypt_io *io, struct crypt_config *cc, + io->ctx.r.req = NULL; + io->integrity_metadata = NULL; + io->integrity_metadata_from_pool = false; ++ io->in_tasklet = false; + atomic_set(&io->io_pending, 0); + } + +@@ -1777,14 +1780,13 @@ static void crypt_dec_pending(struct dm_crypt_io *io) + * our tasklet. In this case we need to delay bio_endio() + * execution to after the tasklet is done and dequeued. + */ +- if (tasklet_trylock(&io->tasklet)) { +- tasklet_unlock(&io->tasklet); +- bio_endio(base_bio); ++ if (io->in_tasklet) { ++ INIT_WORK(&io->work, kcryptd_io_bio_endio); ++ queue_work(cc->io_queue, &io->work); + return; + } + +- INIT_WORK(&io->work, kcryptd_io_bio_endio); +- queue_work(cc->io_queue, &io->work); ++ bio_endio(base_bio); + } + + /* +@@ -2233,6 +2235,7 @@ static void kcryptd_queue_crypt(struct dm_crypt_io *io) + * it is being executed with irqs disabled. + */ + if (in_hardirq() || irqs_disabled()) { ++ io->in_tasklet = true; + tasklet_init(&io->tasklet, kcryptd_crypt_tasklet, (unsigned long)&io->work); + tasklet_schedule(&io->tasklet); + return; +-- +2.35.3 + diff --git a/patches.suse/dm-crypt-dm-verity-disable-tasklets-0a9b.patch b/patches.suse/dm-crypt-dm-verity-disable-tasklets-0a9b.patch new file mode 100644 index 0000000..d2fe3af --- /dev/null +++ b/patches.suse/dm-crypt-dm-verity-disable-tasklets-0a9b.patch @@ -0,0 +1,184 @@ +From 0a9bab391e336489169b95cb0d4553d921302189 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Wed, 31 Jan 2024 21:57:27 +0100 +Subject: [PATCH] dm-crypt, dm-verity: disable tasklets +Git-commit: 0a9bab391e336489169b95cb0d4553d921302189 +Patch-mainline: v6.8-rc3 +References: bsc#1222416, CVE-2024-26718 + +Tasklets have an inherent problem with memory corruption. The function +tasklet_action_common calls tasklet_trylock, then it calls the tasklet +callback and then it calls tasklet_unlock. If the tasklet callback frees +the structure that contains the tasklet or if it calls some code that may +free it, tasklet_unlock will write into free memory. + +The commits 8e14f610159d and d9a02e016aaf try to fix it for dm-crypt, but +it is not a sufficient fix and the data corruption can still happen [1]. +There is no fix for dm-verity and dm-verity will write into free memory +with every tasklet-processed bio. + +There will be atomic workqueues implemented in the kernel 6.9 [2]. They +will have better interface and they will not suffer from the memory +corruption problem. + +But we need something that stops the memory corruption now and that can be +backported to the stable kernels. So, I'm proposing this commit that +disables tasklets in both dm-crypt and dm-verity. This commit doesn't +remove the tasklet support, because the tasklet code will be reused when +atomic workqueues will be implemented. + +[1] https://lore.kernel.org/all/d390d7ee-f142-44d3-822a-87949e14608b@suse.de/T/ +[2] https://lore.kernel.org/lkml/20240130091300.2968534-1-tj@kernel.org/ + +(Coly Li: rebased for Linux 5.14 based SUSE kernel) + +Signed-off-by: Mikulas Patocka +Cc: stable@vger.kernel.org +Fixes: 39d42fa96ba1b ("dm crypt: add flags to optionally bypass kcryptd workqueues") +Fixes: 5721d4e5a9cdb ("dm verity: Add optional "try_verify_in_tasklet" feature") +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-crypt.c | 37 ++----------------------------------- + drivers/md/dm-verity-target.c | 26 ++------------------------ + drivers/md/dm-verity.h | 1 - + 3 files changed, 4 insertions(+), 60 deletions(-) + +--- a/drivers/md/dm-crypt.c ++++ b/drivers/md/dm-crypt.c +@@ -72,10 +72,8 @@ struct dm_crypt_io { + struct bio *base_bio; + u8 *integrity_metadata; + bool integrity_metadata_from_pool:1; +- bool in_tasklet:1; + + struct work_struct work; +- struct tasklet_struct tasklet; + + struct convert_context ctx; + +@@ -1730,7 +1728,6 @@ static void crypt_io_init(struct dm_cryp + io->ctx.r.req = NULL; + io->integrity_metadata = NULL; + io->integrity_metadata_from_pool = false; +- io->in_tasklet = false; + atomic_set(&io->io_pending, 0); + } + +@@ -1739,12 +1736,6 @@ static void crypt_inc_pending(struct dm_ + atomic_inc(&io->io_pending); + } + +-static void kcryptd_io_bio_endio(struct work_struct *work) +-{ +- struct dm_crypt_io *io = container_of(work, struct dm_crypt_io, work); +- bio_endio(io->base_bio); +-} +- + /* + * One of the bios was finished. Check for completion of + * the whole request and correctly clean up the buffer. +@@ -1768,20 +1759,6 @@ static void crypt_dec_pending(struct dm_ + + base_bio->bi_status = error; + +- /* +- * If we are running this function from our tasklet, +- * we can't call bio_endio() here, because it will call +- * clone_endio() from dm.c, which in turn will +- * free the current struct dm_crypt_io structure with +- * our tasklet. In this case we need to delay bio_endio() +- * execution to after the tasklet is done and dequeued. +- */ +- if (io->in_tasklet) { +- INIT_WORK(&io->work, kcryptd_io_bio_endio); +- queue_work(cc->io_queue, &io->work); +- return; +- } +- + bio_endio(base_bio); + } + +@@ -2214,11 +2191,6 @@ static void kcryptd_crypt(struct work_st + kcryptd_crypt_write_convert(io); + } + +-static void kcryptd_crypt_tasklet(unsigned long work) +-{ +- kcryptd_crypt((struct work_struct *)work); +-} +- + static void kcryptd_queue_crypt(struct dm_crypt_io *io) + { + struct crypt_config *cc = io->cc; +@@ -2230,15 +2202,10 @@ static void kcryptd_queue_crypt(struct d + * irqs_disabled(): the kernel may run some IO completion from the idle thread, but + * it is being executed with irqs disabled. + */ +- if (in_hardirq() || irqs_disabled()) { +- io->in_tasklet = true; +- tasklet_init(&io->tasklet, kcryptd_crypt_tasklet, (unsigned long)&io->work); +- tasklet_schedule(&io->tasklet); ++ if (!(in_hardirq() || irqs_disabled())) { ++ kcryptd_crypt(&io->work); + return; + } +- +- kcryptd_crypt(&io->work); +- return; + } + + INIT_WORK(&io->work, kcryptd_crypt); +--- a/drivers/md/dm-verity-target.c ++++ b/drivers/md/dm-verity-target.c +@@ -634,23 +634,6 @@ static void verity_work(struct work_stru + verity_finish_io(io, errno_to_blk_status(verity_verify_io(io))); + } + +-static void verity_tasklet(unsigned long data) +-{ +- struct dm_verity_io *io = (struct dm_verity_io *)data; +- int err; +- +- io->in_tasklet = true; +- err = verity_verify_io(io); +- if (err == -EAGAIN || err == -ENOMEM) { +- /* fallback to retrying with work-queue */ +- INIT_WORK(&io->work, verity_work); +- queue_work(io->v->verify_wq, &io->work); +- return; +- } +- +- verity_finish_io(io, errno_to_blk_status(err)); +-} +- + static void verity_end_io(struct bio *bio) + { + struct dm_verity_io *io = bio->bi_private; +@@ -663,13 +646,8 @@ static void verity_end_io(struct bio *bi + return; + } + +- if (static_branch_unlikely(&use_tasklet_enabled) && io->v->use_tasklet) { +- tasklet_init(&io->tasklet, verity_tasklet, (unsigned long)io); +- tasklet_schedule(&io->tasklet); +- } else { +- INIT_WORK(&io->work, verity_work); +- queue_work(io->v->verify_wq, &io->work); +- } ++ INIT_WORK(&io->work, verity_work); ++ queue_work(io->v->verify_wq, &io->work); + } + + /* +--- a/drivers/md/dm-verity.h ++++ b/drivers/md/dm-verity.h +@@ -83,7 +83,6 @@ struct dm_verity_io { + struct bvec_iter iter; + + struct work_struct work; +- struct tasklet_struct tasklet; + + /* + * Three variably-size fields follow this struct: diff --git a/patches.suse/dm-crypt-don-t-modify-the-data-when-using-authentica-50c7.patch b/patches.suse/dm-crypt-don-t-modify-the-data-when-using-authentica-50c7.patch new file mode 100644 index 0000000..77792e9 --- /dev/null +++ b/patches.suse/dm-crypt-don-t-modify-the-data-when-using-authentica-50c7.patch @@ -0,0 +1,49 @@ +From 50c70240097ce41fe6bce6478b80478281e4d0f7 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Mon, 19 Feb 2024 21:30:10 +0100 +Subject: [PATCH] dm-crypt: don't modify the data when using authenticated + encryption +Git-commit: 50c70240097ce41fe6bce6478b80478281e4d0f7 +Patch-mainline: v6.8-rc6 +References: bsc#1222720, CVE-2024-26763 + +It was said that authenticated encryption could produce invalid tag when +the data that is being encrypted is modified [1]. So, fix this problem by +copying the data into the clone bio first and then encrypt them inside the +clone bio. + +This may reduce performance, but it is needed to prevent the user from +corrupting the device by writing data with O_DIRECT and modifying them at +the same time. + +[1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/ + +Signed-off-by: Mikulas Patocka +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-crypt.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c +index f745f8508243..14c5be6eda3b 100644 +--- a/drivers/md/dm-crypt.c ++++ b/drivers/md/dm-crypt.c +@@ -2071,6 +2071,12 @@ static void kcryptd_crypt_write_convert(struct dm_crypt_io *io) + io->ctx.bio_out = clone; + io->ctx.iter_out = clone->bi_iter; + ++ if (crypt_integrity_aead(cc)) { ++ bio_copy_data(clone, io->base_bio); ++ io->ctx.bio_in = clone; ++ io->ctx.iter_in = clone->bi_iter; ++ } ++ + sector += bio_sectors(clone); + + crypt_inc_pending(io); +-- +2.35.3 + diff --git a/patches.suse/dm-delay-fix-a-race-between-delay_presuspend-and-del-6fc4.patch b/patches.suse/dm-delay-fix-a-race-between-delay_presuspend-and-del-6fc4.patch new file mode 100644 index 0000000..052858c --- /dev/null +++ b/patches.suse/dm-delay-fix-a-race-between-delay_presuspend-and-del-6fc4.patch @@ -0,0 +1,94 @@ +From 6fc45b6ed921dc00dfb264dc08c7d67ee63d2656 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Fri, 17 Nov 2023 18:21:14 +0100 +Subject: [PATCH] dm-delay: fix a race between delay_presuspend and delay_bio +Git-commit: 6fc45b6ed921dc00dfb264dc08c7d67ee63d2656 +Patch-mainline: v6.7-rc2 +References: git-fixes + +In delay_presuspend, we set the atomic variable may_delay and then stop +the timer and flush pending bios. The intention here is to prevent the +delay target from re-arming the timer again. + +However, this test is racy. Suppose that one thread goes to delay_bio, +sees that dc->may_delay is one and proceeds; now, another thread executes +delay_presuspend, it sets dc->may_delay to zero, deletes the timer and +flushes pending bios. Then, the first thread continues and adds the bio to +delayed->list despite the fact that dc->may_delay is false. + +Fix this bug by changing may_delay's type from atomic_t to bool and +only access it while holding the delayed_bios_lock mutex. Note that we +don't have to grab the mutex in delay_resume because there are no bios +in flight at this point. + +(Coly Li: rebased for Linux 5.14 based SUSE kernel) + +Signed-off-by: Mikulas Patocka +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-delay.c | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +--- a/drivers/md/dm-delay.c ++++ b/drivers/md/dm-delay.c +@@ -30,7 +30,7 @@ struct delay_c { + struct workqueue_struct *kdelayd_wq; + struct work_struct flush_expired_bios; + struct list_head delayed_bios; +- atomic_t may_delay; ++ bool may_delay; + + struct delay_class read; + struct delay_class write; +@@ -191,7 +191,7 @@ static int delay_ctr(struct dm_target *t + INIT_WORK(&dc->flush_expired_bios, flush_expired_bios); + INIT_LIST_HEAD(&dc->delayed_bios); + mutex_init(&dc->timer_lock); +- atomic_set(&dc->may_delay, 1); ++ dc->may_delay = true; + dc->argc = argc; + + ret = delay_class_ctr(ti, &dc->read, argv); +@@ -246,7 +246,7 @@ static int delay_bio(struct delay_c *dc, + struct dm_delay_info *delayed; + unsigned long expires = 0; + +- if (!c->delay || !atomic_read(&dc->may_delay)) ++ if (!c->delay) + return DM_MAPIO_REMAPPED; + + delayed = dm_per_bio_data(bio, sizeof(struct dm_delay_info)); +@@ -255,6 +255,10 @@ static int delay_bio(struct delay_c *dc, + delayed->expires = expires = jiffies + msecs_to_jiffies(c->delay); + + mutex_lock(&delayed_bios_lock); ++ if (unlikely(!dc->may_delay)) { ++ mutex_unlock(&delayed_bios_lock); ++ return DM_MAPIO_REMAPPED; ++ } + c->ops++; + list_add_tail(&delayed->list, &dc->delayed_bios); + mutex_unlock(&delayed_bios_lock); +@@ -268,7 +272,9 @@ static void delay_presuspend(struct dm_t + { + struct delay_c *dc = ti->private; + +- atomic_set(&dc->may_delay, 0); ++ mutex_lock(&delayed_bios_lock); ++ dc->may_delay = false; ++ mutex_unlock(&delayed_bios_lock); + del_timer_sync(&dc->delay_timer); + flush_bios(flush_delayed_bios(dc, 1)); + } +@@ -277,7 +283,7 @@ static void delay_resume(struct dm_targe + { + struct delay_c *dc = ti->private; + +- atomic_set(&dc->may_delay, 1); ++ dc->may_delay = true; + } + + static int delay_map(struct dm_target *ti, struct bio *bio) diff --git a/patches.suse/dm-don-t-lock-fs-when-the-map-is-NULL-during-suspend-2760.patch b/patches.suse/dm-don-t-lock-fs-when-the-map-is-NULL-during-suspend-2760.patch new file mode 100644 index 0000000..27dd0d9 --- /dev/null +++ b/patches.suse/dm-don-t-lock-fs-when-the-map-is-NULL-during-suspend-2760.patch @@ -0,0 +1,65 @@ +From 2760904d895279f87196f0fa9ec570c79fe6a2e4 Mon Sep 17 00:00:00 2001 +From: Li Lingfeng +Date: Thu, 1 Jun 2023 14:14:23 +0800 +Subject: [PATCH] dm: don't lock fs when the map is NULL during suspend or + resume +Git-commit: 2760904d895279f87196f0fa9ec570c79fe6a2e4 +Patch-mainline: v6.4-rc7 +References: git-fixes + +As described in commit 38d11da522aa ("dm: don't lock fs when the map is +NULL in process of resume"), a deadlock may be triggered between +do_resume() and do_mount(). + +This commit preserves the fix from commit 38d11da522aa but moves it to +where it also serves to fix a similar deadlock between do_suspend() +and do_mount(). It does so, if the active map is NULL, by clearing +DM_SUSPEND_LOCKFS_FLAG in dm_suspend() which is called by both +do_suspend() and do_resume(). + +Fixes: 38d11da522aa ("dm: don't lock fs when the map is NULL in process of resume") +Signed-off-by: Li Lingfeng +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li +--- + drivers/md/dm-ioctl.c | 5 +---- + drivers/md/dm.c | 4 ++++ + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c +index cc77cf3d4109..7d5c9c582ed2 100644 +--- a/drivers/md/dm-ioctl.c ++++ b/drivers/md/dm-ioctl.c +@@ -1168,13 +1168,10 @@ static int do_resume(struct dm_ioctl *param) + /* Do we need to load a new map ? */ + if (new_map) { + sector_t old_size, new_size; +- int srcu_idx; + + /* Suspend if it isn't already suspended */ +- old_map = dm_get_live_table(md, &srcu_idx); +- if ((param->flags & DM_SKIP_LOCKFS_FLAG) || !old_map) ++ if (param->flags & DM_SKIP_LOCKFS_FLAG) + suspend_flags &= ~DM_SUSPEND_LOCKFS_FLAG; +- dm_put_live_table(md, srcu_idx); + if (param->flags & DM_NOFLUSH_FLAG) + suspend_flags |= DM_SUSPEND_NOFLUSH_FLAG; + if (!dm_suspended_md(md)) +diff --git a/drivers/md/dm.c b/drivers/md/dm.c +index 3b694ba3a106..8488547fc00d 100644 +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -2808,6 +2808,10 @@ int dm_suspend(struct mapped_device *md, unsigned int suspend_flags) + } + + map = rcu_dereference_protected(md->map, lockdep_is_held(&md->suspend_lock)); ++ if (!map) { ++ /* avoid deadlock with fs/namespace.c:do_mount() */ ++ suspend_flags &= ~DM_SUSPEND_LOCKFS_FLAG; ++ } + + r = __dm_suspend(md, map, suspend_flags, TASK_INTERRUPTIBLE, DMF_SUSPENDED); + if (r) +-- +2.35.3 + diff --git a/patches.suse/dm-don-t-lock-fs-when-the-map-is-NULL-in-process-of--38d1.patch b/patches.suse/dm-don-t-lock-fs-when-the-map-is-NULL-in-process-of--38d1.patch new file mode 100644 index 0000000..2f45511 --- /dev/null +++ b/patches.suse/dm-don-t-lock-fs-when-the-map-is-NULL-in-process-of--38d1.patch @@ -0,0 +1,86 @@ +From 38d11da522aacaa05898c734a1cec86f1e611129 Mon Sep 17 00:00:00 2001 +From: Li Lingfeng +Date: Tue, 18 Apr 2023 16:38:04 +0800 +Subject: [PATCH] dm: don't lock fs when the map is NULL in process of resume +Git-commit: 38d11da522aacaa05898c734a1cec86f1e611129 +Patch-mainline: v6.4-rc1 +References: git-fixes + +Commit fa247089de99 ("dm: requeue IO if mapping table not yet available") +added a detection of whether the mapping table is available in the IO +submission process. If the mapping table is unavailable, it returns +BLK_STS_RESOURCE and requeues the IO. +This can lead to the following deadlock problem: + +dm create mount +ioctl(DM_DEV_CREATE_CMD) +ioctl(DM_TABLE_LOAD_CMD) + do_mount + vfs_get_tree + ext4_get_tree + get_tree_bdev + sget_fc + alloc_super + // got &s->s_umount + down_write_nested(&s->s_umount, ...); + ext4_fill_super + ext4_load_super + ext4_read_bh + submit_bio + // submit and wait io end +ioctl(DM_DEV_SUSPEND_CMD) +dev_suspend + do_resume + dm_suspend + __dm_suspend + lock_fs + freeze_bdev + get_active_super + grab_super + // wait for &s->s_umount + down_write(&s->s_umount); + dm_swap_table + __bind + // set md->map(can't get here) + +IO will be continuously requeued while holding the lock since mapping +table is NULL. At the same time, mapping table won't be set since the +lock is not available. +Like request-based DM, bio-based DM also has the same problem. + +It's not proper to just abort IO if the mapping table not available. +So clear DM_SKIP_LOCKFS_FLAG when the mapping table is NULL, this +allows the DM table to be loaded and the IO submitted upon resume. + +Fixes: fa247089de99 ("dm: requeue IO if mapping table not yet available") +Cc: stable@vger.kernel.org +Signed-off-by: Li Lingfeng +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-ioctl.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c +index 7d5c9c582ed2..cc77cf3d4109 100644 +--- a/drivers/md/dm-ioctl.c ++++ b/drivers/md/dm-ioctl.c +@@ -1168,10 +1168,13 @@ static int do_resume(struct dm_ioctl *param) + /* Do we need to load a new map ? */ + if (new_map) { + sector_t old_size, new_size; ++ int srcu_idx; + + /* Suspend if it isn't already suspended */ +- if (param->flags & DM_SKIP_LOCKFS_FLAG) ++ old_map = dm_get_live_table(md, &srcu_idx); ++ if ((param->flags & DM_SKIP_LOCKFS_FLAG) || !old_map) + suspend_flags &= ~DM_SUSPEND_LOCKFS_FLAG; ++ dm_put_live_table(md, srcu_idx); + if (param->flags & DM_NOFLUSH_FLAG) + suspend_flags |= DM_SUSPEND_NOFLUSH_FLAG; + if (!dm_suspended_md(md)) +-- +2.35.3 + diff --git a/patches.suse/dm-flakey-don-t-corrupt-the-zero-page-f507.patch b/patches.suse/dm-flakey-don-t-corrupt-the-zero-page-f507.patch new file mode 100644 index 0000000..4201e25 --- /dev/null +++ b/patches.suse/dm-flakey-don-t-corrupt-the-zero-page-f507.patch @@ -0,0 +1,51 @@ +From f50714b57aecb6b3dc81d578e295f86d9c73f078 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Sun, 22 Jan 2023 14:02:57 -0500 +Subject: [PATCH] dm flakey: don't corrupt the zero page +Git-commit: f50714b57aecb6b3dc81d578e295f86d9c73f078 +Patch-mainline: v6.3-rc1 +References: git-fixes + +When we need to zero some range on a block device, the function +__blkdev_issue_zero_pages submits a write bio with the bio vector pointing +to the zero page. If we use dm-flakey with corrupt bio writes option, it +will corrupt the content of the zero page which results in crashes of +various userspace programs. Glibc assumes that memory returned by mmap is +zeroed and it uses it for calloc implementation; if the newly mapped +memory is not zeroed, calloc will return non-zeroed memory. + +Fix this bug by testing if the page is equal to ZERO_PAGE(0) and +avoiding the corruption in this case. + +Cc: stable@vger.kernel.org +Fixes: a00f5276e266 ("dm flakey: Properly corrupt multi-page bios.") +Signed-off-by: Mikulas Patocka +Reviewed-by: Sweet Tea Dorminy +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-flakey.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/drivers/md/dm-flakey.c b/drivers/md/dm-flakey.c +index 89fa7a68c6c4..ff9ca5b2a47e 100644 +--- a/drivers/md/dm-flakey.c ++++ b/drivers/md/dm-flakey.c +@@ -303,8 +303,11 @@ static void corrupt_bio_data(struct bio *bio, struct flakey_c *fc) + */ + bio_for_each_segment(bvec, bio, iter) { + if (bio_iter_len(bio, iter) > corrupt_bio_byte) { +- char *segment = (page_address(bio_iter_page(bio, iter)) +- + bio_iter_offset(bio, iter)); ++ char *segment; ++ struct page *page = bio_iter_page(bio, iter); ++ if (unlikely(page == ZERO_PAGE(0))) ++ break; ++ segment = (page_address(page) + bio_iter_offset(bio, iter)); + segment[corrupt_bio_byte] = fc->corrupt_bio_value; + DMDEBUG("Corrupting data bio=%p by writing %u to byte %u " + "(rw=%c bi_opf=%u bi_sector=%llu size=%u)\n", +-- +2.35.3 + diff --git a/patches.suse/dm-flakey-fix-a-bug-with-32-bit-highmem-systems-8eb2.patch b/patches.suse/dm-flakey-fix-a-bug-with-32-bit-highmem-systems-8eb2.patch new file mode 100644 index 0000000..3711903 --- /dev/null +++ b/patches.suse/dm-flakey-fix-a-bug-with-32-bit-highmem-systems-8eb2.patch @@ -0,0 +1,39 @@ +From 8eb29c4fbf9661e6bd4dd86197a37ffe0ecc9d50 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Sun, 22 Jan 2023 14:03:31 -0500 +Subject: [PATCH] dm flakey: fix a bug with 32-bit highmem systems +Git-commit: 8eb29c4fbf9661e6bd4dd86197a37ffe0ecc9d50 +Patch-mainline: v6.3-rc1 +References: git-fixes + +The function page_address does not work with 32-bit systems with high +memory. Use bvec_kmap_local/kunmap_local instead. + +Cc: stable@vger.kernel.org +Signed-off-by: Mikulas Patocka +Reviewed-by: Sweet Tea Dorminy +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-flakey.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/md/dm-flakey.c b/drivers/md/dm-flakey.c +index ff9ca5b2a47e..33608d436cec 100644 +--- a/drivers/md/dm-flakey.c ++++ b/drivers/md/dm-flakey.c +@@ -307,8 +307,9 @@ static void corrupt_bio_data(struct bio *bio, struct flakey_c *fc) + struct page *page = bio_iter_page(bio, iter); + if (unlikely(page == ZERO_PAGE(0))) + break; +- segment = (page_address(page) + bio_iter_offset(bio, iter)); ++ segment = bvec_kmap_local(&bvec); + segment[corrupt_bio_byte] = fc->corrupt_bio_value; ++ kunmap_local(segment); + DMDEBUG("Corrupting data bio=%p by writing %u to byte %u " + "(rw=%c bi_opf=%u bi_sector=%llu size=%u)\n", + bio, fc->corrupt_bio_value, fc->corrupt_bio_byte, +-- +2.35.3 + diff --git a/patches.suse/dm-flakey-fix-a-crash-with-invalid-table-line-98db.patch b/patches.suse/dm-flakey-fix-a-crash-with-invalid-table-line-98db.patch new file mode 100644 index 0000000..95e0720 --- /dev/null +++ b/patches.suse/dm-flakey-fix-a-crash-with-invalid-table-line-98db.patch @@ -0,0 +1,42 @@ +From 98dba02d9a93eec11bffbb93c7c51624290702d2 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Tue, 18 Apr 2023 15:57:47 -0400 +Subject: [PATCH] dm flakey: fix a crash with invalid table line +Git-commit: 98dba02d9a93eec11bffbb93c7c51624290702d2 +Patch-mainline: v6.4-rc1 +References: git-fixes + +This command will crash with NULL pointer dereference: + dmsetup create flakey --table \ + "0 `blockdev --getsize /dev/ram0` flakey /dev/ram0 0 0 1 2 corrupt_bio_byte 512" + +Fix the crash by checking if arg_name is non-NULL before comparing it. + +Cc: stable@vger.kernel.org +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-flakey.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/md/dm-flakey.c b/drivers/md/dm-flakey.c +index ebcfb99b186b..ef07b294e550 100644 +--- a/drivers/md/dm-flakey.c ++++ b/drivers/md/dm-flakey.c +@@ -125,9 +125,9 @@ static int parse_features(struct dm_arg_set *as, struct flakey_c *fc, + * Direction r or w? + */ + arg_name = dm_shift_arg(as); +- if (!strcasecmp(arg_name, "w")) ++ if (arg_name && !strcasecmp(arg_name, "w")) + fc->corrupt_bio_rw = WRITE; +- else if (!strcasecmp(arg_name, "r")) ++ else if (arg_name && !strcasecmp(arg_name, "r")) + fc->corrupt_bio_rw = READ; + else { + ti->error = "Invalid corrupt bio direction (r or w)"; +-- +2.35.3 + diff --git a/patches.suse/dm-flakey-fix-logic-when-corrupting-a-bio-aa56.patch b/patches.suse/dm-flakey-fix-logic-when-corrupting-a-bio-aa56.patch new file mode 100644 index 0000000..199335d --- /dev/null +++ b/patches.suse/dm-flakey-fix-logic-when-corrupting-a-bio-aa56.patch @@ -0,0 +1,70 @@ +From aa56b9b75996ff4c76a0a4181c2fa0206c3d91cc Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Sun, 22 Jan 2023 14:03:56 -0500 +Subject: [PATCH] dm flakey: fix logic when corrupting a bio +Git-commit: aa56b9b75996ff4c76a0a4181c2fa0206c3d91cc +Patch-mainline: v6.3-rc1 +References: git-fixes + +If "corrupt_bio_byte" is set to corrupt reads and corrupt_bio_flags is +used, dm-flakey would erroneously return all writes as errors. Likewise, +if "corrupt_bio_byte" is set to corrupt writes, dm-flakey would return +errors for all reads. + +Fix the logic so that if fc->corrupt_bio_byte is non-zero, dm-flakey +will not abort reads on writes with an error. + +Cc: stable@vger.kernel.org +Signed-off-by: Mikulas Patocka +Reviewed-by: Sweet Tea Dorminy +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-flakey.c | 23 +++++++++++++---------- + 1 file changed, 13 insertions(+), 10 deletions(-) + +diff --git a/drivers/md/dm-flakey.c b/drivers/md/dm-flakey.c +index 33608d436cec..335684a1aeaa 100644 +--- a/drivers/md/dm-flakey.c ++++ b/drivers/md/dm-flakey.c +@@ -365,9 +365,11 @@ static int flakey_map(struct dm_target *ti, struct bio *bio) + /* + * Corrupt matching writes. + */ +- if (fc->corrupt_bio_byte && (fc->corrupt_bio_rw == WRITE)) { +- if (all_corrupt_bio_flags_match(bio, fc)) +- corrupt_bio_data(bio, fc); ++ if (fc->corrupt_bio_byte) { ++ if (fc->corrupt_bio_rw == WRITE) { ++ if (all_corrupt_bio_flags_match(bio, fc)) ++ corrupt_bio_data(bio, fc); ++ } + goto map_bio; + } + +@@ -393,13 +395,14 @@ static int flakey_end_io(struct dm_target *ti, struct bio *bio, + return DM_ENDIO_DONE; + + if (!*error && pb->bio_submitted && (bio_data_dir(bio) == READ)) { +- if (fc->corrupt_bio_byte && (fc->corrupt_bio_rw == READ) && +- all_corrupt_bio_flags_match(bio, fc)) { +- /* +- * Corrupt successful matching READs while in down state. +- */ +- corrupt_bio_data(bio, fc); +- ++ if (fc->corrupt_bio_byte) { ++ if ((fc->corrupt_bio_rw == READ) && ++ all_corrupt_bio_flags_match(bio, fc)) { ++ /* ++ * Corrupt successful matching READs while in down state. ++ */ ++ corrupt_bio_data(bio, fc); ++ } + } else if (!test_bit(DROP_WRITES, &fc->flags) && + !test_bit(ERROR_WRITES, &fc->flags)) { + /* +-- +2.35.3 + diff --git a/patches.suse/dm-init-add-dm-mod.waitfor-to-wait-for-asynchronousl-0356.patch b/patches.suse/dm-init-add-dm-mod.waitfor-to-wait-for-asynchronousl-0356.patch new file mode 100644 index 0000000..e9b3096 --- /dev/null +++ b/patches.suse/dm-init-add-dm-mod.waitfor-to-wait-for-asynchronousl-0356.patch @@ -0,0 +1,126 @@ +From 035641b01e72af4f6c6cf22a4bdb5d7dfc4e8e8e Mon Sep 17 00:00:00 2001 +From: Peter Korsgaard +Date: Wed, 16 Nov 2022 07:16:56 +0100 +Subject: [PATCH] dm init: add dm-mod.waitfor to wait for asynchronously probed + block devices +Git-commit: 035641b01e72af4f6c6cf22a4bdb5d7dfc4e8e8e +Patch-mainline: v6.2-rc1 +References: git-fixes + +Just calling wait_for_device_probe() is not enough to ensure that +asynchronously probed block devices are available (E.G. mmc, usb), so +add a "dm-mod.waitfor=[,..,]" parameter to get +dm-init to explicitly wait for specific block devices before +initializing the tables with logic similar to the rootwait logic that +was introduced with commit cc1ed7542c8c ("init: wait for +asynchronously scanned block devices"). + +E.G. with dm-verity on mmc using: +dm-mod.waitfor="PARTLABEL=hash-a,PARTLABEL=root-a" + +[ 0.671671] device-mapper: init: waiting for all devices to be available before creating mapped devices +[ 0.671679] device-mapper: init: waiting for device PARTLABEL=hash-a ... +[ 0.710695] mmc0: new HS200 MMC card at address 0001 +[ 0.711158] mmcblk0: mmc0:0001 004GA0 3.69 GiB +[ 0.715954] mmcblk0boot0: mmc0:0001 004GA0 partition 1 2.00 MiB +[ 0.722085] mmcblk0boot1: mmc0:0001 004GA0 partition 2 2.00 MiB +[ 0.728093] mmcblk0rpmb: mmc0:0001 004GA0 partition 3 512 KiB, chardev (249:0) +[ 0.738274] mmcblk0: p1 p2 p3 p4 p5 p6 p7 +[ 0.751282] device-mapper: init: waiting for device PARTLABEL=root-a ... +[ 0.751306] device-mapper: init: all devices available +[ 0.751683] device-mapper: verity: sha256 using implementation "sha256-generic" +[ 0.759344] device-mapper: ioctl: dm-0 (vroot) is ready +[ 0.766540] VFS: Mounted root (squashfs filesystem) readonly on device 254:0. + +Signed-off-by: Peter Korsgaard +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + .../admin-guide/device-mapper/dm-init.rst | 8 +++++++ + drivers/md/dm-init.c | 22 ++++++++++++++++++- + 2 files changed, 29 insertions(+), 1 deletion(-) + +diff --git a/Documentation/admin-guide/device-mapper/dm-init.rst b/Documentation/admin-guide/device-mapper/dm-init.rst +index e5242ff17e9b..981d6a907699 100644 +--- a/Documentation/admin-guide/device-mapper/dm-init.rst ++++ b/Documentation/admin-guide/device-mapper/dm-init.rst +@@ -123,3 +123,11 @@ Other examples (per target): + 0 1638400 verity 1 8:1 8:2 4096 4096 204800 1 sha256 + fb1a5a0f00deb908d8b53cb270858975e76cf64105d412ce764225d53b8f3cfd + 51934789604d1b92399c52e7cb149d1b3a1b74bbbcb103b2a0aaacbed5c08584 ++ ++For setups using device-mapper on top of asynchronously probed block ++devices (MMC, USB, ..), it may be necessary to tell dm-init to ++explicitly wait for them to become available before setting up the ++device-mapper tables. This can be done with the "dm-mod.waitfor=" ++module parameter, which takes a list of devices to wait for:: ++ ++ dm-mod.waitfor=[,..,] +diff --git a/drivers/md/dm-init.c b/drivers/md/dm-init.c +index b0c45c6ebe0b..dc4381d68313 100644 +--- a/drivers/md/dm-init.c ++++ b/drivers/md/dm-init.c +@@ -8,6 +8,7 @@ + */ + + #include ++#include + #include + #include + #include +@@ -18,12 +19,17 @@ + #define DM_MAX_DEVICES 256 + #define DM_MAX_TARGETS 256 + #define DM_MAX_STR_SIZE 4096 ++#define DM_MAX_WAITFOR 256 + + static char *create; + ++static char *waitfor[DM_MAX_WAITFOR]; ++ + /* + * Format: dm-mod.create=,,,,[,
+][;,,,,
[,
+]+] + * Table format: ++ * Block devices to wait for to become available before setting up tables: ++ * dm-mod.waitfor=[,..,] + * + * See Documentation/admin-guide/device-mapper/dm-init.rst for dm-mod.create="..." format + * details. +@@ -266,7 +272,7 @@ static int __init dm_init_init(void) + struct dm_device *dev; + LIST_HEAD(devices); + char *str; +- int r; ++ int i, r; + + if (!create) + return 0; +@@ -286,6 +292,17 @@ static int __init dm_init_init(void) + DMINFO("waiting for all devices to be available before creating mapped devices"); + wait_for_device_probe(); + ++ for (i = 0; i < ARRAY_SIZE(waitfor); i++) { ++ if (waitfor[i]) { ++ DMINFO("waiting for device %s ...", waitfor[i]); ++ while (!dm_get_dev_t(waitfor[i])) ++ msleep(5); ++ } ++ } ++ ++ if (waitfor[0]) ++ DMINFO("all devices available"); ++ + list_for_each_entry(dev, &devices, list) { + if (dm_early_create(&dev->dmi, dev->table, + dev->target_args_array)) +@@ -301,3 +318,6 @@ late_initcall(dm_init_init); + + module_param(create, charp, 0); + MODULE_PARM_DESC(create, "Create a mapped device in early boot"); ++ ++module_param_array(waitfor, charp, NULL, 0); ++MODULE_PARM_DESC(waitfor, "Devices to wait for before setting up tables"); +-- +2.35.3 + diff --git a/patches.suse/dm-integrity-call-kmem_cache_destroy-in-dm_integrity-6b79.patch b/patches.suse/dm-integrity-call-kmem_cache_destroy-in-dm_integrity-6b79.patch new file mode 100644 index 0000000..b509c5f --- /dev/null +++ b/patches.suse/dm-integrity-call-kmem_cache_destroy-in-dm_integrity-6b79.patch @@ -0,0 +1,43 @@ +From 6b79a428c02769f2a11f8ae76bf866226d134887 Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Tue, 4 Apr 2023 13:34:28 -0400 +Subject: [PATCH] dm integrity: call kmem_cache_destroy() in + dm_integrity_init() error path +Git-commit: 6b79a428c02769f2a11f8ae76bf866226d134887 +Patch-mainline: v6.4-rc1 +References: git-fixes + +Otherwise the journal_io_cache will leak if dm_register_target() fails. + +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-integrity.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c +index b0d5057fbdd9..54830b07b829 100644 +--- a/drivers/md/dm-integrity.c ++++ b/drivers/md/dm-integrity.c +@@ -4703,11 +4703,13 @@ static int __init dm_integrity_init(void) + } + + r = dm_register_target(&integrity_target); +- +- if (r < 0) ++ if (r < 0) { + DMERR("register failed %d", r); ++ kmem_cache_destroy(journal_io_cache); ++ return r; ++ } + +- return r; ++ return 0; + } + + static void __exit dm_integrity_exit(void) +-- +2.35.3 + diff --git a/patches.suse/dm-integrity-don-t-modify-bio-s-immutable-bio_vec-in-b86f.patch b/patches.suse/dm-integrity-don-t-modify-bio-s-immutable-bio_vec-in-b86f.patch new file mode 100644 index 0000000..f98b74d --- /dev/null +++ b/patches.suse/dm-integrity-don-t-modify-bio-s-immutable-bio_vec-in-b86f.patch @@ -0,0 +1,69 @@ +From b86f4b790c998afdbc88fe1aa55cfe89c4068726 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Tue, 5 Dec 2023 16:39:16 +0100 +Subject: [PATCH] dm-integrity: don't modify bio's immutable bio_vec in + integrity_metadata() +Git-commit: b86f4b790c998afdbc88fe1aa55cfe89c4068726 +Patch-mainline: v6.7-rc7 +References: git-fixes + +__bio_for_each_segment assumes that the first struct bio_vec argument +doesn't change - it calls "bio_advance_iter_single((bio), &(iter), +(bvl).bv_len)" to advance the iterator. Unfortunately, the dm-integrity +code changes the bio_vec with "bv.bv_len -= pos". When this code path +is taken, the iterator would be out of sync and dm-integrity would +report errors. This happens if the machine is out of memory and +"kmalloc" fails. + +Fix this bug by making a copy of "bv" and changing the copy instead. + +(Coly Li: rebased for Linux 5.14 based SUSE kernel) + +Fixes: 7eada909bfd7 ("dm: add integrity target") +Cc: stable@vger.kernel.org # v4.12+ +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-integrity.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +--- a/drivers/md/dm-integrity.c ++++ b/drivers/md/dm-integrity.c +@@ -1769,11 +1769,12 @@ static void integrity_metadata(struct wo + sectors_to_process = dio->range.n_sectors; + + __bio_for_each_segment(bv, bio, iter, dio->bio_details.bi_iter) { ++ struct bio_vec bv_copy = bv; + unsigned pos; + char *mem, *checksums_ptr; + + again: +- mem = bvec_kmap_local(&bv); ++ mem = bvec_kmap_local(&bv_copy); + pos = 0; + checksums_ptr = checksums; + do { +@@ -1782,7 +1783,7 @@ again: + sectors_to_process -= ic->sectors_per_block; + pos += ic->sectors_per_block << SECTOR_SHIFT; + sector += ic->sectors_per_block; +- } while (pos < bv.bv_len && sectors_to_process && checksums != checksums_onstack); ++ } while (pos < bv_copy.bv_len && sectors_to_process && checksums != checksums_onstack); + kunmap_local(mem); + + r = dm_integrity_rw_tag(ic, checksums, &dio->metadata_block, &dio->metadata_offset, +@@ -1807,9 +1808,9 @@ again: + if (!sectors_to_process) + break; + +- if (unlikely(pos < bv.bv_len)) { +- bv.bv_offset += pos; +- bv.bv_len -= pos; ++ if (unlikely(pos < bv_copy.bv_len)) { ++ bv_copy.bv_offset += pos; ++ bv_copy.bv_len -= pos; + goto again; + } + } diff --git a/patches.suse/dm-integrity-fix-out-of-range-warning-8e91.patch b/patches.suse/dm-integrity-fix-out-of-range-warning-8e91.patch new file mode 100644 index 0000000..c19a65e --- /dev/null +++ b/patches.suse/dm-integrity-fix-out-of-range-warning-8e91.patch @@ -0,0 +1,47 @@ +From 8e91c2342351e0f5ef6c0a704384a7f6fc70c3b2 Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Thu, 28 Mar 2024 15:30:39 +0100 +Subject: [PATCH] dm integrity: fix out-of-range warning +Git-commit: 8e91c2342351e0f5ef6c0a704384a7f6fc70c3b2 +Patch-mainline: v6.9-rc2 +References: git-fixes + +Depending on the value of CONFIG_HZ, clang complains about a pointless +Comparison: + +drivers/md/dm-integrity.c:4085:12: error: result of comparison of + constant 42949672950 with expression of type + 'unsigned int' is always false + [-Werror,-Wtautological-constant-out-of-range-compare] + if (val >= (uint64_t)UINT_MAX * 1000 / HZ) { + +As the check remains useful for other configurations, shut up the +warning by adding a second type cast to uint64_t. + +Fixes: 468dfca38b1a ("dm integrity: add a bitmap mode") +Signed-off-by: Arnd Bergmann +Reviewed-by: Mikulas Patocka +Reviewed-by: Justin Stitt +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-integrity.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c +index 37b9f8f1ae1a..7f3dc8ee6ab8 100644 +--- a/drivers/md/dm-integrity.c ++++ b/drivers/md/dm-integrity.c +@@ -4221,7 +4221,7 @@ static int dm_integrity_ctr(struct dm_target *ti, unsigned int argc, char **argv + } else if (sscanf(opt_string, "sectors_per_bit:%llu%c", &llval, &dummy) == 1) { + log2_sectors_per_bitmap_bit = !llval ? 0 : __ilog2_u64(llval); + } else if (sscanf(opt_string, "bitmap_flush_interval:%u%c", &val, &dummy) == 1) { +- if (val >= (uint64_t)UINT_MAX * 1000 / HZ) { ++ if ((uint64_t)val >= (uint64_t)UINT_MAX * 1000 / HZ) { + r = -EINVAL; + ti->error = "Invalid bitmap_flush_interval argument"; + goto bad; +-- +2.35.3 + diff --git a/patches.suse/dm-integrity-reduce-vmalloc-space-footprint-on-32-bi-6d50.patch b/patches.suse/dm-integrity-reduce-vmalloc-space-footprint-on-32-bi-6d50.patch new file mode 100644 index 0000000..45d745b --- /dev/null +++ b/patches.suse/dm-integrity-reduce-vmalloc-space-footprint-on-32-bi-6d50.patch @@ -0,0 +1,48 @@ +From 6d50eb4725934fd22f5eeccb401000687c790fd0 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Mon, 26 Jun 2023 16:44:34 +0200 +Subject: [PATCH] dm integrity: reduce vmalloc space footprint on 32-bit + architectures +Git-commit: 6d50eb4725934fd22f5eeccb401000687c790fd0 +Patch-mainline: v6.5-rc1 +References: git-fixes + +It was reported that dm-integrity runs out of vmalloc space on 32-bit +architectures. On x86, there is only 128MiB vmalloc space and dm-integrity +consumes it quickly because it has a 64MiB journal and 8MiB recalculate +buffer. + +Fix this by reducing the size of the journal to 4MiB and the size of +the recalculate buffer to 1MiB, so that multiple dm-integrity devices +can be created and activated on 32-bit architectures. + +Cc: stable@vger.kernel.org +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-integrity.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c +index 5e5f1c029b75..0a910bb8db17 100644 +--- a/drivers/md/dm-integrity.c ++++ b/drivers/md/dm-integrity.c +@@ -34,11 +34,11 @@ + #define DEFAULT_BUFFER_SECTORS 128 + #define DEFAULT_JOURNAL_WATERMARK 50 + #define DEFAULT_SYNC_MSEC 10000 +-#define DEFAULT_MAX_JOURNAL_SECTORS 131072 ++#define DEFAULT_MAX_JOURNAL_SECTORS (IS_ENABLED(CONFIG_64BIT) ? 131072 : 8192) + #define MIN_LOG2_INTERLEAVE_SECTORS 3 + #define MAX_LOG2_INTERLEAVE_SECTORS 31 + #define METADATA_WORKQUEUE_MAX_ACTIVE 16 +-#define RECALC_SECTORS 32768 ++#define RECALC_SECTORS (IS_ENABLED(CONFIG_64BIT) ? 32768 : 2048) + #define RECALC_WRITE_SUPER 16 + #define BITMAP_BLOCK_SIZE 4096 /* don't change it */ + #define BITMAP_FLUSH_INTERVAL (10 * HZ) +-- +2.35.3 + diff --git a/patches.suse/dm-raid-clean-up-four-equivalent-goto-tags-in-raid_c-e74c.patch b/patches.suse/dm-raid-clean-up-four-equivalent-goto-tags-in-raid_c-e74c.patch new file mode 100644 index 0000000..dfca21f --- /dev/null +++ b/patches.suse/dm-raid-clean-up-four-equivalent-goto-tags-in-raid_c-e74c.patch @@ -0,0 +1,96 @@ +From e74c874eabe2e9173a8fbdad616cd89c70eb8ffd Mon Sep 17 00:00:00 2001 +From: Yu Kuai +Date: Sat, 8 Jul 2023 17:21:52 +0800 +Subject: [PATCH] dm raid: clean up four equivalent goto tags in raid_ctr() +Git-commit: e74c874eabe2e9173a8fbdad616cd89c70eb8ffd +Patch-mainline: v6.5-rc4 +References: git-fixes + +There are four equivalent goto tags in raid_ctr(), clean them up to +use just one. + +There is no functional change and this is preparation to fix +raid_ctr()'s unprotected md_stop(). + +Signed-off-by: Yu Kuai +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-raid.c | 27 +++++++++------------------ + 1 file changed, 9 insertions(+), 18 deletions(-) + +diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c +index 3d7366b912bf..845b68c3fd5f 100644 +--- a/drivers/md/dm-raid.c ++++ b/drivers/md/dm-raid.c +@@ -3251,8 +3251,7 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv) + r = md_start(&rs->md); + if (r) { + ti->error = "Failed to start raid array"; +- mddev_unlock(&rs->md); +- goto bad_md_start; ++ goto bad_unlock; + } + + /* If raid4/5/6 journal mode explicitly requested (only possible with journal dev) -> set it */ +@@ -3260,8 +3259,7 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv) + r = r5c_journal_mode_set(&rs->md, rs->journal_dev.mode); + if (r) { + ti->error = "Failed to set raid4/5/6 journal mode"; +- mddev_unlock(&rs->md); +- goto bad_journal_mode_set; ++ goto bad_unlock; + } + } + +@@ -3271,19 +3269,15 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv) + /* Try to adjust the raid4/5/6 stripe cache size to the stripe size */ + if (rs_is_raid456(rs)) { + r = rs_set_raid456_stripe_cache(rs); +- if (r) { +- mddev_unlock(&rs->md); +- goto bad_stripe_cache; +- } ++ if (r) ++ goto bad_unlock; + } + + /* Now do an early reshape check */ + if (test_bit(RT_FLAG_RESHAPE_RS, &rs->runtime_flags)) { + r = rs_check_reshape(rs); +- if (r) { +- mddev_unlock(&rs->md); +- goto bad_check_reshape; +- } ++ if (r) ++ goto bad_unlock; + + /* Restore new, ctr requested layout to perform check */ + rs_config_restore(rs, &rs_layout); +@@ -3292,8 +3286,7 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv) + r = rs->md.pers->check_reshape(&rs->md); + if (r) { + ti->error = "Reshape check failed"; +- mddev_unlock(&rs->md); +- goto bad_check_reshape; ++ goto bad_unlock; + } + } + } +@@ -3304,10 +3297,8 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv) + mddev_unlock(&rs->md); + return 0; + +-bad_md_start: +-bad_journal_mode_set: +-bad_stripe_cache: +-bad_check_reshape: ++bad_unlock: ++ mddev_unlock(&rs->md); + md_stop(&rs->md); + bad: + raid_set_free(rs); +-- +2.35.3 + diff --git a/patches.suse/dm-raid-fix-false-positive-for-requeue-needed-during-b25b.patch b/patches.suse/dm-raid-fix-false-positive-for-requeue-needed-during-b25b.patch new file mode 100644 index 0000000..cc29801 --- /dev/null +++ b/patches.suse/dm-raid-fix-false-positive-for-requeue-needed-during-b25b.patch @@ -0,0 +1,46 @@ +From b25b8f4b8ecef0f48c05f0c3572daeabefe16526 Mon Sep 17 00:00:00 2001 +From: Ming Lei +Date: Mon, 11 Mar 2024 13:42:55 -0400 +Subject: [PATCH] dm raid: fix false positive for requeue needed during reshape +Git-commit: b25b8f4b8ecef0f48c05f0c3572daeabefe16526 +Patch-mainline: v6.9-rc1 +References: git-fixes + +An empty flush doesn't have a payload, so it should never be looked at +when considering to possibly requeue a bio for the case when a reshape +is in progress. + +Fixes: 9dbd1aa3a81c ("dm raid: add reshaping support to the target") +Reported-by: Patrick Plenefisch +Signed-off-by: Ming Lei +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-raid.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c +index 6bb1765be1e5..b3c8920fe723 100644 +--- a/drivers/md/dm-raid.c ++++ b/drivers/md/dm-raid.c +@@ -3329,14 +3329,14 @@ static int raid_map(struct dm_target *ti, struct bio *bio) + struct mddev *mddev = &rs->md; + + /* +- * If we're reshaping to add disk(s)), ti->len and ++ * If we're reshaping to add disk(s), ti->len and + * mddev->array_sectors will differ during the process + * (ti->len > mddev->array_sectors), so we have to requeue + * bios with addresses > mddev->array_sectors here or + * there will occur accesses past EOD of the component + * data images thus erroring the raid set. + */ +- if (unlikely(bio_end_sector(bio) > mddev->array_sectors)) ++ if (unlikely(bio_has_data(bio) && bio_end_sector(bio) > mddev->array_sectors)) + return DM_MAPIO_REQUEUE; + + md_handle_request(mddev, bio); +-- +2.35.3 + diff --git a/patches.suse/dm-raid-fix-lockdep-waring-in-pers-hot_add_disk-9500.patch b/patches.suse/dm-raid-fix-lockdep-waring-in-pers-hot_add_disk-9500.patch new file mode 100644 index 0000000..a4efc06 --- /dev/null +++ b/patches.suse/dm-raid-fix-lockdep-waring-in-pers-hot_add_disk-9500.patch @@ -0,0 +1,49 @@ +From 95009ae904b1e9dca8db6f649f2d7c18a6e42c75 Mon Sep 17 00:00:00 2001 +From: Yu Kuai +Date: Tue, 5 Mar 2024 15:23:06 +0800 +Subject: [PATCH] dm-raid: fix lockdep waring in "pers->hot_add_disk" +Git-commit: 95009ae904b1e9dca8db6f649f2d7c18a6e42c75 +Patch-mainline: v6.9-rc1 +References: git-fixes + +The lockdep assert is added by commit a448af25becf ("md/raid10: remove +rcu protection to access rdev from conf") in print_conf(). And I didn't +notice that dm-raid is calling "pers->hot_add_disk" without holding +'reconfig_mutex'. + +"pers->hot_add_disk" read and write many fields that is protected by +'reconfig_mutex', and raid_resume() already grab the lock in other +contex. Hence fix this problem by protecting "pers->host_add_disk" +with the lock. + +Fixes: 9092c02d9435 ("DM RAID: Add ability to restore transiently failed devices on resume") +Fixes: a448af25becf ("md/raid10: remove rcu protection to access rdev from conf") +Cc: stable@vger.kernel.org # v6.7+ +Signed-off-by: Yu Kuai +Signed-off-by: Xiao Ni +Acked-by: Mike Snitzer +Signed-off-by: Song Liu +Link: https://lore.kernel.org/r/20240305072306.2562024-10-yukuai1@huaweicloud.com +Signed-off-by: Coly Li + +--- + drivers/md/dm-raid.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c +index ea45f777691c..17e9af60bbf7 100644 +--- a/drivers/md/dm-raid.c ++++ b/drivers/md/dm-raid.c +@@ -4091,7 +4091,9 @@ static void raid_resume(struct dm_target *ti) + * Take this opportunity to check whether any failed + * devices are reachable again. + */ ++ mddev_lock_nointr(mddev); + attempt_restore_of_faulty_devices(rs); ++ mddev_unlock(mddev); + } + + if (test_and_clear_bit(RT_FLAG_RS_SUSPENDED, &rs->runtime_flags)) { +-- +2.35.3 + diff --git a/patches.suse/dm-raid-fix-missing-reconfig_mutex-unlock-in-raid_ct-bae3.patch b/patches.suse/dm-raid-fix-missing-reconfig_mutex-unlock-in-raid_ct-bae3.patch new file mode 100644 index 0000000..e17c57c --- /dev/null +++ b/patches.suse/dm-raid-fix-missing-reconfig_mutex-unlock-in-raid_ct-bae3.patch @@ -0,0 +1,58 @@ +From bae3028799dc4f1109acc4df37c8ff06f2d8f1a0 Mon Sep 17 00:00:00 2001 +From: Yu Kuai +Date: Sat, 8 Jul 2023 17:21:51 +0800 +Subject: [PATCH] dm raid: fix missing reconfig_mutex unlock in raid_ctr() + error paths +Git-commit: bae3028799dc4f1109acc4df37c8ff06f2d8f1a0 +Patch-mainline: v6.5-rc4 +References: git-fixes + +In the error paths 'bad_stripe_cache' and 'bad_check_reshape', +'reconfig_mutex' is still held after raid_ctr() returns. + +Fixes: 9dbd1aa3a81c ("dm raid: add reshaping support to the target") +Signed-off-by: Yu Kuai +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-raid.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c +index 8846bf510a35..3d7366b912bf 100644 +--- a/drivers/md/dm-raid.c ++++ b/drivers/md/dm-raid.c +@@ -3271,15 +3271,19 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv) + /* Try to adjust the raid4/5/6 stripe cache size to the stripe size */ + if (rs_is_raid456(rs)) { + r = rs_set_raid456_stripe_cache(rs); +- if (r) ++ if (r) { ++ mddev_unlock(&rs->md); + goto bad_stripe_cache; ++ } + } + + /* Now do an early reshape check */ + if (test_bit(RT_FLAG_RESHAPE_RS, &rs->runtime_flags)) { + r = rs_check_reshape(rs); +- if (r) ++ if (r) { ++ mddev_unlock(&rs->md); + goto bad_check_reshape; ++ } + + /* Restore new, ctr requested layout to perform check */ + rs_config_restore(rs, &rs_layout); +@@ -3288,6 +3292,7 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv) + r = rs->md.pers->check_reshape(&rs->md); + if (r) { + ti->error = "Reshape check failed"; ++ mddev_unlock(&rs->md); + goto bad_check_reshape; + } + } +-- +2.35.3 + diff --git a/patches.suse/dm-remove-flush_scheduled_work-during-local_exit-0b22.patch b/patches.suse/dm-remove-flush_scheduled_work-during-local_exit-0b22.patch new file mode 100644 index 0000000..638fe1b --- /dev/null +++ b/patches.suse/dm-remove-flush_scheduled_work-during-local_exit-0b22.patch @@ -0,0 +1,43 @@ +From 0b22ff5360f5c4e11050b89206370fdf7dc0a226 Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Tue, 14 Feb 2023 13:06:05 -0500 +Subject: [PATCH] dm: remove flush_scheduled_work() during local_exit() +Git-commit: 0b22ff5360f5c4e11050b89206370fdf7dc0a226 +Patch-mainline: v6.3-rc1 +References: git-fixes + +Commit acfe0ad74d2e1 ("dm: allocate a special workqueue for deferred +device removal") switched from using system workqueue to a single +workqueue local to DM. But it didn't eliminate the call to +flush_scheduled_work() that was introduced purely for the benefit of +deferred device removal with commit 2c140a246dc ("dm: allow remove to +be deferred"). + +Since DM core uses its own workqueue (and queue_work) there is no need +to call flush_scheduled_work() from local_exit(). local_exit()'s +destroy_workqueue(deferred_remove_workqueue) handles flushing work +started with queue_work(). + +Fixes: acfe0ad74d2e1 ("dm: allocate a special workqueue for deferred device removal") +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/drivers/md/dm.c b/drivers/md/dm.c +index 50dc1f4e4615..90b64bfc63b0 100644 +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -233,7 +233,6 @@ static int __init local_init(void) + + static void local_exit(void) + { +- flush_scheduled_work(); + destroy_workqueue(deferred_remove_workqueue); + + unregister_blkdev(_major, _name); +-- +2.35.3 + diff --git a/patches.suse/dm-send-just-one-event-on-resize-not-two-7533.patch b/patches.suse/dm-send-just-one-event-on-resize-not-two-7533.patch new file mode 100644 index 0000000..ace12e1 --- /dev/null +++ b/patches.suse/dm-send-just-one-event-on-resize-not-two-7533.patch @@ -0,0 +1,177 @@ +From 7533afa1d27ba1234146d31d2402c195cf195962 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Tue, 7 Feb 2023 08:33:06 -0500 +Subject: [PATCH] dm: send just one event on resize, not two +Git-commit: 7533afa1d27ba1234146d31d2402c195cf195962 +Patch-mainline: v6.3-rc1 +References: git-fixes + +Device mapper sends an uevent when the device is suspended, using the +function set_capacity_and_notify. However, this causes a race condition +with udev. + +Udev skips scanning dm devices that are suspended. If we send an uevent +while we are suspended, udev will be racing with device mapper resume +code. If the device mapper resume code wins the race, udev will process +the uevent after the device is resumed and it will properly scan the +device. + +However, if udev wins the race, it will receive the uevent, find out that +the dm device is suspended and skip scanning the device. This causes bugs +such as systemd unmounting the device - see +https://bugzilla.redhat.com/show_bug.cgi?id=2158628 + +This commit fixes this race. + +We replace the function set_capacity_and_notify with set_capacity, so that +the uevent is not sent at this point. In do_resume, we detect if the +capacity has changed and we pass a boolean variable need_resize_uevent to +dm_kobject_uevent. dm_kobject_uevent adds "RESIZE=1" to the uevent if +need_resize_uevent is set. + +Signed-off-by: Mikulas Patocka +Tested-by: Peter Rajnoha +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-ioctl.c | 13 ++++++++++--- + drivers/md/dm.c | 27 +++++++++++++-------------- + drivers/md/dm.h | 2 +- + 3 files changed, 24 insertions(+), 18 deletions(-) + +diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c +index 9160159ef881..a3b86716f606 100644 +--- a/drivers/md/dm-ioctl.c ++++ b/drivers/md/dm-ioctl.c +@@ -482,7 +482,7 @@ static struct mapped_device *dm_hash_rename(struct dm_ioctl *param, + dm_table_event(table); + dm_put_live_table(hc->md, srcu_idx); + +- if (!dm_kobject_uevent(hc->md, KOBJ_CHANGE, param->event_nr)) ++ if (!dm_kobject_uevent(hc->md, KOBJ_CHANGE, param->event_nr, false)) + param->flags |= DM_UEVENT_GENERATED_FLAG; + + md = hc->md; +@@ -995,7 +995,7 @@ static int dev_remove(struct file *filp, struct dm_ioctl *param, size_t param_si + + dm_ima_measure_on_device_remove(md, false); + +- if (!dm_kobject_uevent(md, KOBJ_REMOVE, param->event_nr)) ++ if (!dm_kobject_uevent(md, KOBJ_REMOVE, param->event_nr, false)) + param->flags |= DM_UEVENT_GENERATED_FLAG; + + dm_put(md); +@@ -1128,6 +1128,7 @@ static int do_resume(struct dm_ioctl *param) + struct hash_cell *hc; + struct mapped_device *md; + struct dm_table *new_map, *old_map = NULL; ++ bool need_resize_uevent = false; + + down_write(&_hash_lock); + +@@ -1148,6 +1149,8 @@ static int do_resume(struct dm_ioctl *param) + + /* Do we need to load a new map ? */ + if (new_map) { ++ sector_t old_size, new_size; ++ + /* Suspend if it isn't already suspended */ + if (param->flags & DM_SKIP_LOCKFS_FLAG) + suspend_flags &= ~DM_SUSPEND_LOCKFS_FLAG; +@@ -1156,6 +1159,7 @@ static int do_resume(struct dm_ioctl *param) + if (!dm_suspended_md(md)) + dm_suspend(md, suspend_flags); + ++ old_size = dm_get_size(md); + old_map = dm_swap_table(md, new_map); + if (IS_ERR(old_map)) { + dm_sync_table(md); +@@ -1163,6 +1167,9 @@ static int do_resume(struct dm_ioctl *param) + dm_put(md); + return PTR_ERR(old_map); + } ++ new_size = dm_get_size(md); ++ if (old_size && new_size && old_size != new_size) ++ need_resize_uevent = true; + + if (dm_table_get_mode(new_map) & FMODE_WRITE) + set_disk_ro(dm_disk(md), 0); +@@ -1175,7 +1182,7 @@ static int do_resume(struct dm_ioctl *param) + if (!r) { + dm_ima_measure_on_device_resume(md, new_map ? true : false); + +- if (!dm_kobject_uevent(md, KOBJ_CHANGE, param->event_nr)) ++ if (!dm_kobject_uevent(md, KOBJ_CHANGE, param->event_nr, need_resize_uevent)) + param->flags |= DM_UEVENT_GENERATED_FLAG; + } + } +diff --git a/drivers/md/dm.c b/drivers/md/dm.c +index b424a6ee27ba..c391a618fb71 100644 +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -2172,10 +2172,7 @@ static struct dm_table *__bind(struct mapped_device *md, struct dm_table *t, + if (size != dm_get_size(md)) + memset(&md->geometry, 0, sizeof(md->geometry)); + +- if (!get_capacity(md->disk)) +- set_capacity(md->disk, size); +- else +- set_capacity_and_notify(md->disk, size); ++ set_capacity(md->disk, size); + + dm_table_event_callback(t, event_callback, md); + +@@ -2968,23 +2965,25 @@ EXPORT_SYMBOL_GPL(dm_internal_resume_fast); + * Event notification. + *---------------------------------------------------------------*/ + int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, +- unsigned cookie) ++ unsigned cookie, bool need_resize_uevent) + { + int r; + unsigned noio_flag; + char udev_cookie[DM_COOKIE_LENGTH]; +- char *envp[] = { udev_cookie, NULL }; +- +- noio_flag = memalloc_noio_save(); +- +- if (!cookie) +- r = kobject_uevent(&disk_to_dev(md->disk)->kobj, action); +- else { ++ char *envp[3] = { NULL, NULL, NULL }; ++ char **envpp = envp; ++ if (cookie) { + snprintf(udev_cookie, DM_COOKIE_LENGTH, "%s=%u", + DM_COOKIE_ENV_VAR_NAME, cookie); +- r = kobject_uevent_env(&disk_to_dev(md->disk)->kobj, +- action, envp); ++ *envpp++ = udev_cookie; + } ++ if (need_resize_uevent) { ++ *envpp++ = "RESIZE=1"; ++ } ++ ++ noio_flag = memalloc_noio_save(); ++ ++ r = kobject_uevent_env(&disk_to_dev(md->disk)->kobj, action, envp); + + memalloc_noio_restore(noio_flag); + +diff --git a/drivers/md/dm.h b/drivers/md/dm.h +index 5201df03ce40..a9a3ffcad084 100644 +--- a/drivers/md/dm.h ++++ b/drivers/md/dm.h +@@ -203,7 +203,7 @@ int dm_get_table_device(struct mapped_device *md, dev_t dev, fmode_t mode, + void dm_put_table_device(struct mapped_device *md, struct dm_dev *d); + + int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, +- unsigned cookie); ++ unsigned cookie, bool need_resize_uevent); + + void dm_internal_suspend(struct mapped_device *md); + void dm_internal_resume(struct mapped_device *md); +-- +2.35.3 + diff --git a/patches.suse/dm-stats-check-for-and-propagate-alloc_percpu-failur-d3aa.patch b/patches.suse/dm-stats-check-for-and-propagate-alloc_percpu-failur-d3aa.patch new file mode 100644 index 0000000..453aaf3 --- /dev/null +++ b/patches.suse/dm-stats-check-for-and-propagate-alloc_percpu-failur-d3aa.patch @@ -0,0 +1,88 @@ +From d3aa3e060c4a80827eb801fc448debc9daa7c46b Mon Sep 17 00:00:00 2001 +From: Jiasheng Jiang +Date: Thu, 16 Mar 2023 14:55:06 +0800 +Subject: [PATCH] dm stats: check for and propagate alloc_percpu failure +Git-commit: d3aa3e060c4a80827eb801fc448debc9daa7c46b +Patch-mainline: v6.3-rc4 +References: git-fixes + +Check alloc_precpu()'s return value and return an error from +dm_stats_init() if it fails. Update alloc_dev() to fail if +dm_stats_init() does. + +Otherwise, a NULL pointer dereference will occur in dm_stats_cleanup() +even if dm-stats isn't being actively used. + +Fixes: fd2ed4d25270 ("dm: add statistics support") +Cc: stable@vger.kernel.org +Signed-off-by: Jiasheng Jiang +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-stats.c | 7 ++++++- + drivers/md/dm-stats.h | 2 +- + drivers/md/dm.c | 4 +++- + 3 files changed, 10 insertions(+), 3 deletions(-) + +diff --git a/drivers/md/dm-stats.c b/drivers/md/dm-stats.c +index c21a19ab73f7..db2d997a6c18 100644 +--- a/drivers/md/dm-stats.c ++++ b/drivers/md/dm-stats.c +@@ -188,7 +188,7 @@ static int dm_stat_in_flight(struct dm_stat_shared *shared) + atomic_read(&shared->in_flight[WRITE]); + } + +-void dm_stats_init(struct dm_stats *stats) ++int dm_stats_init(struct dm_stats *stats) + { + int cpu; + struct dm_stats_last_position *last; +@@ -197,11 +197,16 @@ void dm_stats_init(struct dm_stats *stats) + INIT_LIST_HEAD(&stats->list); + stats->precise_timestamps = false; + stats->last = alloc_percpu(struct dm_stats_last_position); ++ if (!stats->last) ++ return -ENOMEM; ++ + for_each_possible_cpu(cpu) { + last = per_cpu_ptr(stats->last, cpu); + last->last_sector = (sector_t)ULLONG_MAX; + last->last_rw = UINT_MAX; + } ++ ++ return 0; + } + + void dm_stats_cleanup(struct dm_stats *stats) +diff --git a/drivers/md/dm-stats.h b/drivers/md/dm-stats.h +index 0bc152c8e4f3..c6728c8b4159 100644 +--- a/drivers/md/dm-stats.h ++++ b/drivers/md/dm-stats.h +@@ -21,7 +21,7 @@ struct dm_stats_aux { + unsigned long long duration_ns; + }; + +-void dm_stats_init(struct dm_stats *st); ++int dm_stats_init(struct dm_stats *st); + void dm_stats_cleanup(struct dm_stats *st); + + struct mapped_device; +diff --git a/drivers/md/dm.c b/drivers/md/dm.c +index eace45a18d45..b6ace995b9ca 100644 +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -2097,7 +2097,9 @@ static struct mapped_device *alloc_dev(int minor) + if (!md->pending_io) + goto bad; + +- dm_stats_init(&md->stats); ++ r = dm_stats_init(&md->stats); ++ if (r < 0) ++ goto bad; + + /* Populate the mapping, nobody knows we exist yet */ + spin_lock(&_minor_lock); +-- +2.35.3 + diff --git a/patches.suse/dm-thin-add-cond_resched-to-various-workqueue-loops-e4f8.patch b/patches.suse/dm-thin-add-cond_resched-to-various-workqueue-loops-e4f8.patch new file mode 100644 index 0000000..47eaefb --- /dev/null +++ b/patches.suse/dm-thin-add-cond_resched-to-various-workqueue-loops-e4f8.patch @@ -0,0 +1,41 @@ +From e4f80303c2353952e6e980b23914e4214487f2a6 Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Thu, 16 Feb 2023 15:29:44 -0500 +Subject: [PATCH] dm thin: add cond_resched() to various workqueue loops +Git-commit: e4f80303c2353952e6e980b23914e4214487f2a6 +Patch-mainline: v6.3-rc1 +References: git-fixes + +Otherwise on resource constrained systems these workqueues may be too +greedy. + +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-thin.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/md/dm-thin.c b/drivers/md/dm-thin.c +index affd91a53042..6cd105c1cef3 100644 +--- a/drivers/md/dm-thin.c ++++ b/drivers/md/dm-thin.c +@@ -2209,6 +2209,7 @@ static void process_thin_deferred_bios(struct thin_c *tc) + throttle_work_update(&pool->throttle); + dm_pool_issue_prefetches(pool->pmd); + } ++ cond_resched(); + } + blk_finish_plug(&plug); + } +@@ -2291,6 +2292,7 @@ static void process_thin_deferred_cells(struct thin_c *tc) + else + pool->process_cell(tc, cell); + } ++ cond_resched(); + } while (!list_empty(&cells)); + } + +-- +2.35.3 + diff --git a/patches.suse/dm-thin-fix-deadlock-when-swapping-to-thin-device-9bbf.patch b/patches.suse/dm-thin-fix-deadlock-when-swapping-to-thin-device-9bbf.patch new file mode 100644 index 0000000..0ce43ab --- /dev/null +++ b/patches.suse/dm-thin-fix-deadlock-when-swapping-to-thin-device-9bbf.patch @@ -0,0 +1,74 @@ +From 9bbf5feecc7eab2c370496c1c161bbfe62084028 Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Mon, 27 Feb 2023 23:23:17 +0800 +Subject: [PATCH] dm thin: fix deadlock when swapping to thin device +Git-commit: 9bbf5feecc7eab2c370496c1c161bbfe62084028 +Patch-mainline: v6.3-rc4 +References: bsc#1177529 + +This is an already known issue that dm-thin volume cannot be used as +swap, otherwise a deadlock may happen when dm-thin internal memory +demand triggers swap I/O on the dm-thin volume itself. + +But thanks to commit a666e5c05e7c ("dm: fix deadlock when swapping to +encrypted device"), the limit_swap_bios target flag can also be used +for dm-thin to avoid the recursive I/O when it is used as swap. + +Fix is to simply set ti->limit_swap_bios to true in both pool_ctr() +and thin_ctr(). + +In my test, I create a dm-thin volume /dev/vg/swap and use it as swap +device. Then I run fio on another dm-thin volume /dev/vg/main and use +large --blocksize to trigger swap I/O onto /dev/vg/swap. + +The following fio command line is used in my test, + fio --name recursive-swap-io --lockmem 1 --iodepth 128 \ + --ioengine libaio --filename /dev/vg/main --rw randrw \ + --blocksize 1M --numjobs 32 --time_based --runtime=12h + +Without this fix, the whole system can be locked up within 15 seconds. + +With this fix, there is no any deadlock or hung task observed after +2 hours of running fio. + +Furthermore, if blocksize is changed from 1M to 128M, after around 30 +seconds fio has no visible I/O, and the out-of-memory killer message +shows up in kernel message. After around 20 minutes all fio processes +are killed and the whole system is back to being alive. + +This is exactly what is expected when recursive I/O happens on dm-thin +volume when it is used as swap. + +Depends-on: a666e5c05e7c ("dm: fix deadlock when swapping to encrypted device") +Cc: stable@vger.kernel.org +Signed-off-by: Coly Li +Acked-by: Mikulas Patocka +Signed-off-by: Mike Snitzer + +--- + drivers/md/dm-thin.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/md/dm-thin.c b/drivers/md/dm-thin.c +index 6cd105c1cef3..13d4677baafd 100644 +--- a/drivers/md/dm-thin.c ++++ b/drivers/md/dm-thin.c +@@ -3369,6 +3369,7 @@ static int pool_ctr(struct dm_target *ti, unsigned int argc, char **argv) + pt->low_water_blocks = low_water_blocks; + pt->adjusted_pf = pt->requested_pf = pf; + ti->num_flush_bios = 1; ++ ti->limit_swap_bios = true; + + /* + * Only need to enable discards if the pool should pass +@@ -4249,6 +4250,7 @@ static int thin_ctr(struct dm_target *ti, unsigned int argc, char **argv) + goto bad; + + ti->num_flush_bios = 1; ++ ti->limit_swap_bios = true; + ti->flush_supported = true; + ti->accounts_remapped_io = true; + ti->per_io_data_size = sizeof(struct dm_thin_endio_hook); +-- +2.35.3 + diff --git a/patches.suse/dm-thin-metadata-Fix-ABBA-deadlock-by-resetting-dm_b-d483.patch b/patches.suse/dm-thin-metadata-Fix-ABBA-deadlock-by-resetting-dm_b-d483.patch new file mode 100644 index 0000000..c411a27 --- /dev/null +++ b/patches.suse/dm-thin-metadata-Fix-ABBA-deadlock-by-resetting-dm_b-d483.patch @@ -0,0 +1,340 @@ +From d48300120627a1cb98914738fff38b424625b8ad Mon Sep 17 00:00:00 2001 +From: Li Lingfeng +Date: Mon, 5 Jun 2023 15:03:16 +0800 +Subject: [PATCH] dm thin metadata: Fix ABBA deadlock by resetting + dm_bufio_client +Git-commit: d48300120627a1cb98914738fff38b424625b8ad +Patch-mainline: v6.5-rc1 +References: git-fixes + +As described in commit 8111964f1b85 ("dm thin: Fix ABBA deadlock between +shrink_slab and dm_pool_abort_metadata"), ABBA deadlocks will be +triggered because shrinker_rwsem currently needs to held by +dm_pool_abort_metadata() as a side-effect of thin-pool metadata +operation failure. + +The following three problem scenarios have been noticed: + +1) Described by commit 8111964f1b85 ("dm thin: Fix ABBA deadlock between + shrink_slab and dm_pool_abort_metadata") + +2) shrinker_rwsem and throttle->lock + P1(drop cache) P2(kworker) +drop_caches_sysctl_handler + drop_slab + shrink_slab + down_read(&shrinker_rwsem) - LOCK A + do_shrink_slab + super_cache_scan + prune_icache_sb + dispose_list + evict + ext4_evict_inode + ext4_clear_inode + ext4_discard_preallocations + ext4_mb_load_buddy_gfp + ext4_mb_init_cache + ext4_wait_block_bitmap + __ext4_error + ext4_handle_error + ext4_commit_super + ... + dm_submit_bio + do_worker + throttle_work_update + down_write(&t->lock) -- LOCK B + process_deferred_bios + commit + metadata_operation_failed + dm_pool_abort_metadata + dm_block_manager_create + dm_bufio_client_create + register_shrinker + down_write(&shrinker_rwsem) + -- LOCK A + thin_map + thin_bio_map + thin_defer_bio_with_throttle + throttle_lock + down_read(&t->lock) - LOCK B + +3) shrinker_rwsem and wait_on_buffer + P1(drop cache) P2(kworker) +drop_caches_sysctl_handler + drop_slab + shrink_slab + down_read(&shrinker_rwsem) - LOCK A + do_shrink_slab + ... + ext4_wait_block_bitmap + __ext4_error + ext4_handle_error + jbd2_journal_abort + jbd2_journal_update_sb_errno + jbd2_write_superblock + submit_bh + // LOCK B + // RELEASE B + do_worker + throttle_work_update + down_write(&t->lock) - LOCK B + process_deferred_bios + process_bio + commit + metadata_operation_failed + dm_pool_abort_metadata + dm_block_manager_create + dm_bufio_client_create + register_shrinker + register_shrinker_prepared + down_write(&shrinker_rwsem) - LOCK A + bio_endio + wait_on_buffer + __wait_on_buffer + +Fix these by resetting dm_bufio_client without holding shrinker_rwsem. + +(Coly Li: rebased for Linux 5.14 based SUSE kernel) + +Fixes: 8111964f1b85 ("dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata") +Cc: stable@vger.kernel.org +Signed-off-by: Li Lingfeng +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-bufio.c | 7 ++ + drivers/md/dm-thin-metadata.c | 58 ++++++++------------ + drivers/md/persistent-data/dm-block-manager.c | 6 ++ + drivers/md/persistent-data/dm-block-manager.h | 1 + drivers/md/persistent-data/dm-space-map.h | 3 - + drivers/md/persistent-data/dm-transaction-manager.c | 3 + + include/linux/dm-bufio.h | 2 + 7 files changed, 46 insertions(+), 34 deletions(-) + +--- a/drivers/md/dm-bufio.c ++++ b/drivers/md/dm-bufio.c +@@ -1914,6 +1914,13 @@ void dm_bufio_client_destroy(struct dm_b + } + EXPORT_SYMBOL_GPL(dm_bufio_client_destroy); + ++void dm_bufio_client_reset(struct dm_bufio_client *c) ++{ ++ drop_buffers(c); ++ flush_work(&c->shrink_work); ++} ++EXPORT_SYMBOL_GPL(dm_bufio_client_reset); ++ + void dm_bufio_set_sector_offset(struct dm_bufio_client *c, sector_t start) + { + c->start = start; +--- a/drivers/md/dm-thin-metadata.c ++++ b/drivers/md/dm-thin-metadata.c +@@ -597,6 +597,8 @@ static int __format_metadata(struct dm_p + r = dm_tm_create_with_sm(pmd->bm, THIN_SUPERBLOCK_LOCATION, + &pmd->tm, &pmd->metadata_sm); + if (r < 0) { ++ pmd->tm = NULL; ++ pmd->metadata_sm = NULL; + DMERR("tm_create_with_sm failed"); + return r; + } +@@ -605,6 +607,7 @@ static int __format_metadata(struct dm_p + if (IS_ERR(pmd->data_sm)) { + DMERR("sm_disk_create failed"); + r = PTR_ERR(pmd->data_sm); ++ pmd->data_sm = NULL; + goto bad_cleanup_tm; + } + +@@ -635,11 +638,15 @@ static int __format_metadata(struct dm_p + + bad_cleanup_nb_tm: + dm_tm_destroy(pmd->nb_tm); ++ pmd->nb_tm = NULL; + bad_cleanup_data_sm: + dm_sm_destroy(pmd->data_sm); ++ pmd->data_sm = NULL; + bad_cleanup_tm: + dm_tm_destroy(pmd->tm); ++ pmd->tm = NULL; + dm_sm_destroy(pmd->metadata_sm); ++ pmd->metadata_sm = NULL; + + return r; + } +@@ -705,6 +712,8 @@ static int __open_metadata(struct dm_poo + sizeof(disk_super->metadata_space_map_root), + &pmd->tm, &pmd->metadata_sm); + if (r < 0) { ++ pmd->tm = NULL; ++ pmd->metadata_sm = NULL; + DMERR("tm_open_with_sm failed"); + goto bad_unlock_sblock; + } +@@ -714,6 +723,7 @@ static int __open_metadata(struct dm_poo + if (IS_ERR(pmd->data_sm)) { + DMERR("sm_disk_open failed"); + r = PTR_ERR(pmd->data_sm); ++ pmd->data_sm = NULL; + goto bad_cleanup_tm; + } + +@@ -740,9 +750,12 @@ static int __open_metadata(struct dm_poo + + bad_cleanup_data_sm: + dm_sm_destroy(pmd->data_sm); ++ pmd->data_sm = NULL; + bad_cleanup_tm: + dm_tm_destroy(pmd->tm); ++ pmd->tm = NULL; + dm_sm_destroy(pmd->metadata_sm); ++ pmd->metadata_sm = NULL; + bad_unlock_sblock: + dm_bm_unlock(sblock); + +@@ -789,9 +802,13 @@ static void __destroy_persistent_data_ob + bool destroy_bm) + { + dm_sm_destroy(pmd->data_sm); ++ pmd->data_sm = NULL; + dm_sm_destroy(pmd->metadata_sm); ++ pmd->metadata_sm = NULL; + dm_tm_destroy(pmd->nb_tm); ++ pmd->nb_tm = NULL; + dm_tm_destroy(pmd->tm); ++ pmd->tm = NULL; + if (destroy_bm) + dm_block_manager_destroy(pmd->bm); + } +@@ -999,8 +1016,7 @@ int dm_pool_metadata_close(struct dm_poo + __func__, r); + } + pmd_write_unlock(pmd); +- if (!pmd->fail_io) +- __destroy_persistent_data_objects(pmd, true); ++ __destroy_persistent_data_objects(pmd, true); + + kfree(pmd); + return 0; +@@ -1875,53 +1891,29 @@ static void __set_abort_with_changes_fla + int dm_pool_abort_metadata(struct dm_pool_metadata *pmd) + { + int r = -EINVAL; +- struct dm_block_manager *old_bm = NULL, *new_bm = NULL; + + /* fail_io is double-checked with pmd->root_lock held below */ + if (unlikely(pmd->fail_io)) + return r; + +- /* +- * Replacement block manager (new_bm) is created and old_bm destroyed outside of +- * pmd root_lock to avoid ABBA deadlock that would result (due to life-cycle of +- * shrinker associated with the block manager's bufio client vs pmd root_lock). +- * - must take shrinker_rwsem without holding pmd->root_lock +- */ +- new_bm = dm_block_manager_create(pmd->bdev, THIN_METADATA_BLOCK_SIZE << SECTOR_SHIFT, +- THIN_MAX_CONCURRENT_LOCKS); +- + pmd_write_lock(pmd); + if (pmd->fail_io) { + pmd_write_unlock(pmd); +- goto out; ++ return r; + } +- + __set_abort_with_changes_flags(pmd); ++ ++ /* destroy data_sm/metadata_sm/nb_tm/tm */ + __destroy_persistent_data_objects(pmd, false); +- old_bm = pmd->bm; +- if (IS_ERR(new_bm)) { +- DMERR("could not create block manager during abort"); +- pmd->bm = NULL; +- r = PTR_ERR(new_bm); +- goto out_unlock; +- } + +- pmd->bm = new_bm; ++ /* reset bm */ ++ dm_block_manager_reset(pmd->bm); ++ ++ /* rebuild data_sm/metadata_sm/nb_tm/tm */ + r = __open_or_format_metadata(pmd, false); +- if (r) { +- pmd->bm = NULL; +- goto out_unlock; +- } +- new_bm = NULL; +-out_unlock: + if (r) + pmd->fail_io = true; + pmd_write_unlock(pmd); +- dm_block_manager_destroy(old_bm); +-out: +- if (new_bm && !IS_ERR(new_bm)) +- dm_block_manager_destroy(new_bm); +- + return r; + } + +--- a/drivers/md/persistent-data/dm-block-manager.c ++++ b/drivers/md/persistent-data/dm-block-manager.c +@@ -415,6 +415,12 @@ void dm_block_manager_destroy(struct dm_ + } + EXPORT_SYMBOL_GPL(dm_block_manager_destroy); + ++void dm_block_manager_reset(struct dm_block_manager *bm) ++{ ++ dm_bufio_client_reset(bm->bufio); ++} ++EXPORT_SYMBOL_GPL(dm_block_manager_reset); ++ + unsigned dm_bm_block_size(struct dm_block_manager *bm) + { + return dm_bufio_get_block_size(bm->bufio); +--- a/drivers/md/persistent-data/dm-block-manager.h ++++ b/drivers/md/persistent-data/dm-block-manager.h +@@ -35,6 +35,7 @@ struct dm_block_manager *dm_block_manage + struct block_device *bdev, unsigned block_size, + unsigned max_held_per_thread); + void dm_block_manager_destroy(struct dm_block_manager *bm); ++void dm_block_manager_reset(struct dm_block_manager *bm); + + unsigned dm_bm_block_size(struct dm_block_manager *bm); + dm_block_t dm_bm_nr_blocks(struct dm_block_manager *bm); +--- a/drivers/md/persistent-data/dm-space-map.h ++++ b/drivers/md/persistent-data/dm-space-map.h +@@ -76,7 +76,8 @@ struct dm_space_map { + + static inline void dm_sm_destroy(struct dm_space_map *sm) + { +- sm->destroy(sm); ++ if (sm) ++ sm->destroy(sm); + } + + static inline int dm_sm_extend(struct dm_space_map *sm, dm_block_t extra_blocks) +--- a/drivers/md/persistent-data/dm-transaction-manager.c ++++ b/drivers/md/persistent-data/dm-transaction-manager.c +@@ -197,6 +197,9 @@ EXPORT_SYMBOL_GPL(dm_tm_create_non_block + + void dm_tm_destroy(struct dm_transaction_manager *tm) + { ++ if (!tm) ++ return; ++ + if (!tm->is_clone) + wipe_shadow_table(tm); + +--- a/include/linux/dm-bufio.h ++++ b/include/linux/dm-bufio.h +@@ -37,6 +37,8 @@ dm_bufio_client_create(struct block_devi + */ + void dm_bufio_client_destroy(struct dm_bufio_client *c); + ++void dm_bufio_client_reset(struct dm_bufio_client *c); ++ + /* + * Set the sector range. + * When this function is called, there must be no I/O in progress on the bufio diff --git a/patches.suse/dm-thin-metadata-check-fail_io-before-using-data_sm-cb65.patch b/patches.suse/dm-thin-metadata-check-fail_io-before-using-data_sm-cb65.patch new file mode 100644 index 0000000..24f8d80 --- /dev/null +++ b/patches.suse/dm-thin-metadata-check-fail_io-before-using-data_sm-cb65.patch @@ -0,0 +1,103 @@ +From cb65b282c9640c27d3129e2e04b711ce1b352838 Mon Sep 17 00:00:00 2001 +From: Li Lingfeng +Date: Tue, 6 Jun 2023 20:20:24 +0800 +Subject: [PATCH] dm thin metadata: check fail_io before using data_sm +Git-commit: cb65b282c9640c27d3129e2e04b711ce1b352838 +Patch-mainline: v6.4-rc7 +References: git-fixes + +Must check pmd->fail_io before using pmd->data_sm since +pmd->data_sm may be destroyed by other processes. + + P1(kworker) P2(message) +do_worker + process_prepared + process_prepared_discard_passdown_pt2 + dm_pool_dec_data_range + pool_message + commit + dm_pool_commit_metadata + ↓ + // commit failed + metadata_operation_failed + abort_transaction + dm_pool_abort_metadata + __open_or_format_metadata + ↓ + dm_sm_disk_open + ↓ + // open failed + // pmd->data_sm is NULL + dm_sm_dec_blocks + ↓ + // try to access pmd->data_sm --> UAF + +As shown above, if dm_pool_commit_metadata() and +dm_pool_abort_metadata() fail in pool_message process, kworker may +trigger UAF. + +Fixes: be500ed721a6 ("dm space maps: improve performance with inc/dec on ranges of blocks") +Cc: stable@vger.kernel.org +Signed-off-by: Li Lingfeng +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-thin-metadata.c | 20 ++++++++++++-------- + 1 file changed, 12 insertions(+), 8 deletions(-) + +diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c +index 9f5cb52c5763..b9461faa9f0d 100644 +--- a/drivers/md/dm-thin-metadata.c ++++ b/drivers/md/dm-thin-metadata.c +@@ -1756,13 +1756,15 @@ int dm_thin_remove_range(struct dm_thin_device *td, + + int dm_pool_block_is_shared(struct dm_pool_metadata *pmd, dm_block_t b, bool *result) + { +- int r; ++ int r = -EINVAL; + uint32_t ref_count; + + down_read(&pmd->root_lock); +- r = dm_sm_get_count(pmd->data_sm, b, &ref_count); +- if (!r) +- *result = (ref_count > 1); ++ if (!pmd->fail_io) { ++ r = dm_sm_get_count(pmd->data_sm, b, &ref_count); ++ if (!r) ++ *result = (ref_count > 1); ++ } + up_read(&pmd->root_lock); + + return r; +@@ -1770,10 +1772,11 @@ int dm_pool_block_is_shared(struct dm_pool_metadata *pmd, dm_block_t b, bool *re + + int dm_pool_inc_data_range(struct dm_pool_metadata *pmd, dm_block_t b, dm_block_t e) + { +- int r = 0; ++ int r = -EINVAL; + + pmd_write_lock(pmd); +- r = dm_sm_inc_blocks(pmd->data_sm, b, e); ++ if (!pmd->fail_io) ++ r = dm_sm_inc_blocks(pmd->data_sm, b, e); + pmd_write_unlock(pmd); + + return r; +@@ -1781,10 +1784,11 @@ int dm_pool_inc_data_range(struct dm_pool_metadata *pmd, dm_block_t b, dm_block_ + + int dm_pool_dec_data_range(struct dm_pool_metadata *pmd, dm_block_t b, dm_block_t e) + { +- int r = 0; ++ int r = -EINVAL; + + pmd_write_lock(pmd); +- r = dm_sm_dec_blocks(pmd->data_sm, b, e); ++ if (!pmd->fail_io) ++ r = dm_sm_dec_blocks(pmd->data_sm, b, e); + pmd_write_unlock(pmd); + + return r; +-- +2.35.3 + diff --git a/patches.suse/dm-verity-align-struct-dm_verity_fec_io-properly-38bc.patch b/patches.suse/dm-verity-align-struct-dm_verity_fec_io-properly-38bc.patch new file mode 100644 index 0000000..4639f5a --- /dev/null +++ b/patches.suse/dm-verity-align-struct-dm_verity_fec_io-properly-38bc.patch @@ -0,0 +1,59 @@ +From 38bc1ab135db87577695816b190e7d6d8ec75879 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Tue, 28 Nov 2023 14:50:23 +0100 +Subject: [PATCH] dm-verity: align struct dm_verity_fec_io properly +Git-commit: 38bc1ab135db87577695816b190e7d6d8ec75879 +Patch-mainline: v6.7-rc4 +References: git-fixes + +dm_verity_fec_io is placed after the end of two hash digests. If the hash +digest has unaligned length, struct dm_verity_fec_io could be unaligned. + +This commit fixes the placement of struct dm_verity_fec_io, so that it's +aligned. + +Signed-off-by: Mikulas Patocka +Cc: stable@vger.kernel.org +Fixes: a739ff3f543a ("dm verity: add support for forward error correction") +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-verity-fec.c | 3 ++- + drivers/md/dm-verity.h | 6 ------ + 2 files changed, 2 insertions(+), 7 deletions(-) + +diff --git a/drivers/md/dm-verity-fec.c b/drivers/md/dm-verity-fec.c +index 2099c755119e..b475200d8586 100644 +--- a/drivers/md/dm-verity-fec.c ++++ b/drivers/md/dm-verity-fec.c +@@ -24,7 +24,8 @@ bool verity_fec_is_enabled(struct dm_verity *v) + */ + static inline struct dm_verity_fec_io *fec_io(struct dm_verity_io *io) + { +- return (struct dm_verity_fec_io *) verity_io_digest_end(io->v, io); ++ return (struct dm_verity_fec_io *) ++ ((char *)io + io->v->ti->per_io_data_size - sizeof(struct dm_verity_fec_io)); + } + + /* +diff --git a/drivers/md/dm-verity.h b/drivers/md/dm-verity.h +index f96f4e281ee4..f9d522c870e6 100644 +--- a/drivers/md/dm-verity.h ++++ b/drivers/md/dm-verity.h +@@ -115,12 +115,6 @@ static inline u8 *verity_io_want_digest(struct dm_verity *v, + return (u8 *)(io + 1) + v->ahash_reqsize + v->digest_size; + } + +-static inline u8 *verity_io_digest_end(struct dm_verity *v, +- struct dm_verity_io *io) +-{ +- return verity_io_want_digest(v, io) + v->digest_size; +-} +- + extern int verity_for_bv_block(struct dm_verity *v, struct dm_verity_io *io, + struct bvec_iter *iter, + int (*process)(struct dm_verity *v, +-- +2.35.3 + diff --git a/patches.suse/dm-verity-dm-crypt-align-struct-bvec_iter-correctly-787f.patch b/patches.suse/dm-verity-dm-crypt-align-struct-bvec_iter-correctly-787f.patch new file mode 100644 index 0000000..fd70c68 --- /dev/null +++ b/patches.suse/dm-verity-dm-crypt-align-struct-bvec_iter-correctly-787f.patch @@ -0,0 +1,66 @@ +From 787f1b2800464aa277236a66eb3c279535edd460 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Tue, 20 Feb 2024 19:11:51 +0100 +Subject: [PATCH] dm-verity, dm-crypt: align "struct bvec_iter" correctly +Git-commit: 787f1b2800464aa277236a66eb3c279535edd460 +Patch-mainline: v6.8-rc6 +References: git-fixes + +"struct bvec_iter" is defined with the __packed attribute, so it is +aligned on a single byte. On X86 (and on other architectures that support +unaligned addresses in hardware), "struct bvec_iter" is accessed using the +8-byte and 4-byte memory instructions, however these instructions are less +efficient if they operate on unaligned addresses. + +(on RISC machines that don't have unaligned access in hardware, GCC +generates byte-by-byte accesses that are very inefficient - see [1]) + +This commit reorders the entries in "struct dm_verity_io" and "struct +convert_context", so that "struct bvec_iter" is aligned on 8 bytes. + +[1] https://lore.kernel.org/all/ZcLuWUNRZadJr0tQ@fedora/T/ + +(Coly Li: rebased for Linux 5.14 based SUSE kernel) + +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-crypt.c | 4 ++-- + drivers/md/dm-verity.h | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/md/dm-crypt.c ++++ b/drivers/md/dm-crypt.c +@@ -52,11 +52,11 @@ + struct convert_context { + struct completion restart; + struct bio *bio_in; +- struct bio *bio_out; + struct bvec_iter iter_in; ++ struct bio *bio_out; + struct bvec_iter iter_out; +- u64 cc_sector; + atomic_t cc_pending; ++ u64 cc_sector; + union { + struct skcipher_request *req; + struct aead_request *req_aead; +--- a/drivers/md/dm-verity.h ++++ b/drivers/md/dm-verity.h +@@ -76,12 +76,12 @@ struct dm_verity_io { + /* original value of bio->bi_end_io */ + bio_end_io_t *orig_bi_end_io; + ++ struct bvec_iter iter; ++ + sector_t block; + unsigned n_blocks; + bool in_tasklet; + +- struct bvec_iter iter; +- + struct work_struct work; + + /* diff --git a/patches.suse/dm-verity-don-t-perform-FEC-for-failed-readahead-IO-0193.patch b/patches.suse/dm-verity-don-t-perform-FEC-for-failed-readahead-IO-0193.patch new file mode 100644 index 0000000..a0293b7 --- /dev/null +++ b/patches.suse/dm-verity-don-t-perform-FEC-for-failed-readahead-IO-0193.patch @@ -0,0 +1,88 @@ +From 0193e3966ceeeef69e235975918b287ab093082b Mon Sep 17 00:00:00 2001 +From: Wu Bo +Date: Tue, 21 Nov 2023 20:51:50 -0700 +Subject: [PATCH] dm verity: don't perform FEC for failed readahead IO +Git-commit: 0193e3966ceeeef69e235975918b287ab093082b +Patch-mainline: v6.7-rc4 +References: git-fixes + +We found an issue under Android OTA scenario that many BIOs have to do +FEC where the data under dm-verity is 100% complete and no corruption. + +Android OTA has many dm-block layers, from upper to lower: +dm-verity +dm-snapshot +dm-origin & dm-cow +dm-linear +ufs + +DM tables have to change 2 times during Android OTA merging process. +When doing table change, the dm-snapshot will be suspended for a while. +During this interval, many readahead IOs are submitted to dm_verity +from filesystem. Then the kverity works are busy doing FEC process +which cost too much time to finish dm-verity IO. This causes needless +delay which feels like system is hung. + +After adding debugging it was found that each readahead IO needed +around 10s to finish when this situation occurred. This is due to IO +Amplification: + +dm-snapshot suspend +erofs_readahead // 300+ io is submitted + dm_submit_bio (dm_verity) + dm_submit_bio (dm_snapshot) + bio return EIO + bio got nothing, it's empty + verity_end_io + verity_verify_io + forloop range(0, io->n_blocks) // each io->nblocks ~= 20 + verity_fec_decode + fec_decode_rsb + fec_read_bufs + forloop range(0, v->fec->rsn) // v->fec->rsn = 253 + new_read + submit_bio (dm_snapshot) + end loop + end loop +dm-snapshot resume + +Readahead BIOs get nothing while dm-snapshot is suspended, so all of +them will cause verity's FEC. +Each readahead BIO needs to verify ~20 (io->nblocks) blocks. +Each block needs to do FEC, and every block needs to do 253 +(v->fec->rsn) reads. +So during the suspend interval(~200ms), 300 readahead BIOs trigger +~1518000 (300*20*253) IOs to dm-snapshot. + +As readahead IO is not required by userspace, and to fix this issue, +it is best to pass readahead errors to upper layer to handle it. + +Cc: stable@vger.kernel.org +Fixes: a739ff3f543a ("dm verity: add support for forward error correction") +Signed-off-by: Wu Bo +Reviewed-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-verity-target.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c +index beec14b6b044..14e58ae70521 100644 +--- a/drivers/md/dm-verity-target.c ++++ b/drivers/md/dm-verity-target.c +@@ -667,7 +667,9 @@ static void verity_end_io(struct bio *bio) + struct dm_verity_io *io = bio->bi_private; + + if (bio->bi_status && +- (!verity_fec_is_enabled(io->v) || verity_is_system_shutting_down())) { ++ (!verity_fec_is_enabled(io->v) || ++ verity_is_system_shutting_down() || ++ (bio->bi_opf & REQ_RAHEAD))) { + verity_finish_io(io, bio->bi_status); + return; + } +-- +2.35.3 + diff --git a/patches.suse/dm-verity-fix-error-handling-for-check_at_most_once--e8c5.patch b/patches.suse/dm-verity-fix-error-handling-for-check_at_most_once--e8c5.patch new file mode 100644 index 0000000..ed8baf0 --- /dev/null +++ b/patches.suse/dm-verity-fix-error-handling-for-check_at_most_once--e8c5.patch @@ -0,0 +1,49 @@ +From e8c5d45f82ce0c238a4817739892fe8897a3dcc3 Mon Sep 17 00:00:00 2001 +From: Yeongjin Gil +Date: Mon, 20 Mar 2023 15:59:32 +0900 +Subject: [PATCH] dm verity: fix error handling for check_at_most_once on FEC +Git-commit: e8c5d45f82ce0c238a4817739892fe8897a3dcc3 +Patch-mainline: v6.4-rc1 +References: git-fixes + +In verity_end_io(), if bi_status is not BLK_STS_OK, it can be return +directly. But if FEC configured, it is desired to correct the data page +through verity_verify_io. And the return value will be converted to +blk_status and passed to verity_finish_io(). + +BTW, when a bit is set in v->validated_blocks, verity_verify_io() skips +verification regardless of I/O error for the corresponding bio. In this +case, the I/O error could not be returned properly, and as a result, +there is a problem that abnormal data could be read for the +corresponding block. + +To fix this problem, when an I/O error occurs, do not skip verification +even if the bit related is set in v->validated_blocks. + +Fixes: 843f38d382b1 ("dm verity: add 'check_at_most_once' option to only validate hashes once") +Cc: stable@vger.kernel.org +Reviewed-by: Sungjong Seo +Signed-off-by: Yeongjin Gil +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-verity-target.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c +index ade83ef3b439..9316399b920e 100644 +--- a/drivers/md/dm-verity-target.c ++++ b/drivers/md/dm-verity-target.c +@@ -523,7 +523,7 @@ static int verity_verify_io(struct dm_verity_io *io) + sector_t cur_block = io->block + b; + struct ahash_request *req = verity_io_hash_req(v, io); + +- if (v->validated_blocks && ++ if (v->validated_blocks && bio->bi_status == BLK_STS_OK && + likely(test_bit(cur_block, v->validated_blocks))) { + verity_bv_skip_block(v, io, iter); + continue; +-- +2.35.3 + diff --git a/patches.suse/dm-zoned-free-dmz-ddev-array-in-dmz_put_zoned_device-9850.patch b/patches.suse/dm-zoned-free-dmz-ddev-array-in-dmz_put_zoned_device-9850.patch new file mode 100644 index 0000000..9ae00f8 --- /dev/null +++ b/patches.suse/dm-zoned-free-dmz-ddev-array-in-dmz_put_zoned_device-9850.patch @@ -0,0 +1,77 @@ +From 9850ccd5dd88075b2b7fd28d96299d5535f58cc5 Mon Sep 17 00:00:00 2001 +From: Fedor Pchelkin +Date: Wed, 20 Sep 2023 13:51:16 +0300 +Subject: [PATCH] dm zoned: free dmz->ddev array in dmz_put_zoned_devices +Git-commit: 9850ccd5dd88075b2b7fd28d96299d5535f58cc5 +Patch-mainline: v6.6-rc5 +References: git-fixes + +Commit 4dba12881f88 ("dm zoned: support arbitrary number of devices") +made the pointers to additional zoned devices to be stored in a +dynamically allocated dmz->ddev array. However, this array is not freed. + +Rename dmz_put_zoned_device to dmz_put_zoned_devices and fix it to +free the dmz->ddev array when cleaning up zoned device information. +Remove NULL assignment for all dmz->ddev elements and just free the +dmz->ddev array instead. + +Found by Linux Verification Center (linuxtesting.org). + +Fixes: 4dba12881f88 ("dm zoned: support arbitrary number of devices") +Cc: stable@vger.kernel.org +Signed-off-by: Fedor Pchelkin +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-zoned-target.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/drivers/md/dm-zoned-target.c b/drivers/md/dm-zoned-target.c +index ad8e670a2f9b..b487f7acc860 100644 +--- a/drivers/md/dm-zoned-target.c ++++ b/drivers/md/dm-zoned-target.c +@@ -748,17 +748,16 @@ static int dmz_get_zoned_device(struct dm_target *ti, char *path, + /* + * Cleanup zoned device information. + */ +-static void dmz_put_zoned_device(struct dm_target *ti) ++static void dmz_put_zoned_devices(struct dm_target *ti) + { + struct dmz_target *dmz = ti->private; + int i; + +- for (i = 0; i < dmz->nr_ddevs; i++) { +- if (dmz->ddev[i]) { ++ for (i = 0; i < dmz->nr_ddevs; i++) ++ if (dmz->ddev[i]) + dm_put_device(ti, dmz->ddev[i]); +- dmz->ddev[i] = NULL; +- } +- } ++ ++ kfree(dmz->ddev); + } + + static int dmz_fixup_devices(struct dm_target *ti) +@@ -948,7 +947,7 @@ static int dmz_ctr(struct dm_target *ti, unsigned int argc, char **argv) + err_meta: + dmz_dtr_metadata(dmz->metadata); + err_dev: +- dmz_put_zoned_device(ti); ++ dmz_put_zoned_devices(ti); + err: + kfree(dmz->dev); + kfree(dmz); +@@ -978,7 +977,7 @@ static void dmz_dtr(struct dm_target *ti) + + bioset_exit(&dmz->bio_set); + +- dmz_put_zoned_device(ti); ++ dmz_put_zoned_devices(ti); + + mutex_destroy(&dmz->chunk_lock); + +-- +2.35.3 + diff --git a/patches.suse/dmaengine-fsl-qdma-fix-SoC-may-hang-on-16-byte-unali.patch b/patches.suse/dmaengine-fsl-qdma-fix-SoC-may-hang-on-16-byte-unali.patch index c917c64..0f52f06 100644 --- a/patches.suse/dmaengine-fsl-qdma-fix-SoC-may-hang-on-16-byte-unali.patch +++ b/patches.suse/dmaengine-fsl-qdma-fix-SoC-may-hang-on-16-byte-unali.patch @@ -4,7 +4,7 @@ Date: Thu, 1 Feb 2024 16:50:07 -0500 Subject: [PATCH] dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Git-commit: 9d739bccf261dd93ec1babf82f5c5d71dd4caa3e Patch-mainline: v6.8-rc7 -References: git-fixes +References: git-fixes CVE-2024-26790 bsc#1222784 There is chip (ls1028a) errata: diff --git a/patches.suse/dmaengine-ti-edma-Add-some-null-pointer-checks-to-th.patch b/patches.suse/dmaengine-ti-edma-Add-some-null-pointer-checks-to-th.patch index 6380214..2a6c8b7 100644 --- a/patches.suse/dmaengine-ti-edma-Add-some-null-pointer-checks-to-th.patch +++ b/patches.suse/dmaengine-ti-edma-Add-some-null-pointer-checks-to-th.patch @@ -4,7 +4,7 @@ Date: Thu, 18 Jan 2024 11:19:29 +0800 Subject: [PATCH] dmaengine: ti: edma: Add some null pointer checks to the edma_probe Git-commit: 6e2276203ac9ff10fc76917ec9813c660f627369 Patch-mainline: v6.8-rc3 -References: git-fixes +References: git-fixes CVE-2024-26771 bsc#1222610 devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful diff --git a/patches.suse/gtp-fix-use-after-free-and-null-ptr-deref-in-gtp_gen.patch b/patches.suse/gtp-fix-use-after-free-and-null-ptr-deref-in-gtp_gen.patch new file mode 100644 index 0000000..e4c142b --- /dev/null +++ b/patches.suse/gtp-fix-use-after-free-and-null-ptr-deref-in-gtp_gen.patch @@ -0,0 +1,95 @@ +From: Vasiliy Kovalev +Date: Wed, 14 Feb 2024 19:27:33 +0300 +Subject: gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() +Patch-mainline: v6.8-rc6 +Git-commit: 136cfaca22567a03bbb3bf53a43d8cb5748b80ec +References: bsc#1222428 CVE-2024-26793 bsc#1222632 CVE-2024-26754 + +The gtp_net_ops pernet operations structure for the subsystem must be +registered before registering the generic netlink family. + +Syzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug: + +general protection fault, probably for non-canonical address +0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN NOPTI +KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] +CPU: 1 PID: 5826 Comm: gtp Not tainted 6.8.0-rc3-std-def-alt1 #1 +Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 +RIP: 0010:gtp_genl_dump_pdp+0x1be/0x800 [gtp] +Code: c6 89 c6 e8 64 e9 86 df 58 45 85 f6 0f 85 4e 04 00 00 e8 c5 ee 86 + df 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> + 3c 02 00 0f 85 de 05 00 00 48 8b 44 24 18 4c 8b 30 4c 39 f0 74 +RSP: 0018:ffff888014107220 EFLAGS: 00010202 +RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 +RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 +RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 +R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 +R13: ffff88800fcda588 R14: 0000000000000001 R15: 0000000000000000 +FS: 00007f1be4eb05c0(0000) GS:ffff88806ce80000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 00007f1be4e766cf CR3: 000000000c33e000 CR4: 0000000000750ef0 +PKRU: 55555554 +Call Trace: + + ? show_regs+0x90/0xa0 + ? die_addr+0x50/0xd0 + ? exc_general_protection+0x148/0x220 + ? asm_exc_general_protection+0x22/0x30 + ? gtp_genl_dump_pdp+0x1be/0x800 [gtp] + ? __alloc_skb+0x1dd/0x350 + ? __pfx___alloc_skb+0x10/0x10 + genl_dumpit+0x11d/0x230 + netlink_dump+0x5b9/0xce0 + ? lockdep_hardirqs_on_prepare+0x253/0x430 + ? __pfx_netlink_dump+0x10/0x10 + ? kasan_save_track+0x10/0x40 + ? __kasan_kmalloc+0x9b/0xa0 + ? genl_start+0x675/0x970 + __netlink_dump_start+0x6fc/0x9f0 + genl_family_rcv_msg_dumpit+0x1bb/0x2d0 + ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 + ? genl_op_from_small+0x2a/0x440 + ? cap_capable+0x1d0/0x240 + ? __pfx_genl_start+0x10/0x10 + ? __pfx_genl_dumpit+0x10/0x10 + ? __pfx_genl_done+0x10/0x10 + ? security_capable+0x9d/0xe0 + +Cc: stable@vger.kernel.org +Signed-off-by: Vasiliy Kovalev +Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)") +Link: https://lore.kernel.org/r/20240214162733.34214-1-kovalev@altlinux.org +Signed-off-by: Jakub Kicinski +Acked-by: Thomas Bogendoerfer +--- + drivers/net/gtp.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/drivers/net/gtp.c ++++ b/drivers/net/gtp.c +@@ -1902,20 +1902,20 @@ static int __init gtp_init(void) + if (err < 0) + goto error_out; + +- err = genl_register_family(>p_genl_family); ++ err = register_pernet_subsys(>p_net_ops); + if (err < 0) + goto unreg_rtnl_link; + +- err = register_pernet_subsys(>p_net_ops); ++ err = genl_register_family(>p_genl_family); + if (err < 0) +- goto unreg_genl_family; ++ goto unreg_pernet_subsys; + + pr_info("GTP module loaded (pdp ctx size %zd bytes)\n", + sizeof(struct pdp_ctx)); + return 0; + +-unreg_genl_family: +- genl_unregister_family(>p_genl_family); ++unreg_pernet_subsys: ++ unregister_pernet_subsys(>p_net_ops); + unreg_rtnl_link: + rtnl_link_unregister(>p_link_ops); + error_out: diff --git a/patches.suse/gtp-fix-use-after-free-and-null-ptr-deref-in-gtp_new.patch b/patches.suse/gtp-fix-use-after-free-and-null-ptr-deref-in-gtp_new.patch new file mode 100644 index 0000000..8a5d3f2 --- /dev/null +++ b/patches.suse/gtp-fix-use-after-free-and-null-ptr-deref-in-gtp_new.patch @@ -0,0 +1,149 @@ +From: Alexander Ofitserov +Date: Wed, 28 Feb 2024 14:47:03 +0300 +Subject: gtp: fix use-after-free and null-ptr-deref in gtp_newlink() +Patch-mainline: v6.8-rc7 +Git-commit: 616d82c3cfa2a2146dd7e3ae47bda7e877ee549e +References: bsc#1222428 CVE-2024-26793 + +The gtp_link_ops operations structure for the subsystem must be +registered after registering the gtp_net_ops pernet operations structure. + +Syzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug: + +[ 1010.702740] gtp: GTP module unloaded +[ 1010.715877] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI +[ 1010.715888] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] +[ 1010.715895] CPU: 1 PID: 128616 Comm: a.out Not tainted 6.8.0-rc6-std-def-alt1 #1 +[ 1010.715899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 +[ 1010.715908] RIP: 0010:gtp_newlink+0x4d7/0x9c0 [gtp] +[ 1010.715915] Code: 80 3c 02 00 0f 85 41 04 00 00 48 8b bb d8 05 00 00 e8 ed f6 ff ff 48 89 c2 48 89 c5 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 4f 04 00 00 4c 89 e2 4c 8b 6d 00 48 b8 00 00 00 +[ 1010.715920] RSP: 0018:ffff888020fbf180 EFLAGS: 00010203 +[ 1010.715929] RAX: dffffc0000000000 RBX: ffff88800399c000 RCX: 0000000000000000 +[ 1010.715933] RDX: 0000000000000001 RSI: ffffffff84805280 RDI: 0000000000000282 +[ 1010.715938] RBP: 000000000000000d R08: 0000000000000001 R09: 0000000000000000 +[ 1010.715942] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800399cc80 +[ 1010.715947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000400 +[ 1010.715953] FS: 00007fd1509ab5c0(0000) GS:ffff88805b300000(0000) knlGS:0000000000000000 +[ 1010.715958] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 1010.715962] CR2: 0000000000000000 CR3: 000000001c07a000 CR4: 0000000000750ee0 +[ 1010.715968] PKRU: 55555554 +[ 1010.715972] Call Trace: +[ 1010.715985] ? __die_body.cold+0x1a/0x1f +[ 1010.715995] ? die_addr+0x43/0x70 +[ 1010.716002] ? exc_general_protection+0x199/0x2f0 +[ 1010.716016] ? asm_exc_general_protection+0x1e/0x30 +[ 1010.716026] ? gtp_newlink+0x4d7/0x9c0 [gtp] +[ 1010.716034] ? gtp_net_exit+0x150/0x150 [gtp] +[ 1010.716042] __rtnl_newlink+0x1063/0x1700 +[ 1010.716051] ? rtnl_setlink+0x3c0/0x3c0 +[ 1010.716063] ? is_bpf_text_address+0xc0/0x1f0 +[ 1010.716070] ? kernel_text_address.part.0+0xbb/0xd0 +[ 1010.716076] ? __kernel_text_address+0x56/0xa0 +[ 1010.716084] ? unwind_get_return_address+0x5a/0xa0 +[ 1010.716091] ? create_prof_cpu_mask+0x30/0x30 +[ 1010.716098] ? arch_stack_walk+0x9e/0xf0 +[ 1010.716106] ? stack_trace_save+0x91/0xd0 +[ 1010.716113] ? stack_trace_consume_entry+0x170/0x170 +[ 1010.716121] ? __lock_acquire+0x15c5/0x5380 +[ 1010.716139] ? mark_held_locks+0x9e/0xe0 +[ 1010.716148] ? kmem_cache_alloc_trace+0x35f/0x3c0 +[ 1010.716155] ? __rtnl_newlink+0x1700/0x1700 +[ 1010.716160] rtnl_newlink+0x69/0xa0 +[ 1010.716166] rtnetlink_rcv_msg+0x43b/0xc50 +[ 1010.716172] ? rtnl_fdb_dump+0x9f0/0x9f0 +[ 1010.716179] ? lock_acquire+0x1fe/0x560 +[ 1010.716188] ? netlink_deliver_tap+0x12f/0xd50 +[ 1010.716196] netlink_rcv_skb+0x14d/0x440 +[ 1010.716202] ? rtnl_fdb_dump+0x9f0/0x9f0 +[ 1010.716208] ? netlink_ack+0xab0/0xab0 +[ 1010.716213] ? netlink_deliver_tap+0x202/0xd50 +[ 1010.716220] ? netlink_deliver_tap+0x218/0xd50 +[ 1010.716226] ? __virt_addr_valid+0x30b/0x590 +[ 1010.716233] netlink_unicast+0x54b/0x800 +[ 1010.716240] ? netlink_attachskb+0x870/0x870 +[ 1010.716248] ? __check_object_size+0x2de/0x3b0 +[ 1010.716254] netlink_sendmsg+0x938/0xe40 +[ 1010.716261] ? netlink_unicast+0x800/0x800 +[ 1010.716269] ? __import_iovec+0x292/0x510 +[ 1010.716276] ? netlink_unicast+0x800/0x800 +[ 1010.716284] __sock_sendmsg+0x159/0x190 +[ 1010.716290] ____sys_sendmsg+0x712/0x880 +[ 1010.716297] ? sock_write_iter+0x3d0/0x3d0 +[ 1010.716304] ? __ia32_sys_recvmmsg+0x270/0x270 +[ 1010.716309] ? lock_acquire+0x1fe/0x560 +[ 1010.716315] ? drain_array_locked+0x90/0x90 +[ 1010.716324] ___sys_sendmsg+0xf8/0x170 +[ 1010.716331] ? sendmsg_copy_msghdr+0x170/0x170 +[ 1010.716337] ? lockdep_init_map_type+0x2c7/0x860 +[ 1010.716343] ? lockdep_hardirqs_on_prepare+0x430/0x430 +[ 1010.716350] ? debug_mutex_init+0x33/0x70 +[ 1010.716360] ? percpu_counter_add_batch+0x8b/0x140 +[ 1010.716367] ? lock_acquire+0x1fe/0x560 +[ 1010.716373] ? find_held_lock+0x2c/0x110 +[ 1010.716384] ? __fd_install+0x1b6/0x6f0 +[ 1010.716389] ? lock_downgrade+0x810/0x810 +[ 1010.716396] ? __fget_light+0x222/0x290 +[ 1010.716403] __sys_sendmsg+0xea/0x1b0 +[ 1010.716409] ? __sys_sendmsg_sock+0x40/0x40 +[ 1010.716419] ? lockdep_hardirqs_on_prepare+0x2b3/0x430 +[ 1010.716425] ? syscall_enter_from_user_mode+0x1d/0x60 +[ 1010.716432] do_syscall_64+0x30/0x40 +[ 1010.716438] entry_SYSCALL_64_after_hwframe+0x62/0xc7 +[ 1010.716444] RIP: 0033:0x7fd1508cbd49 +[ 1010.716452] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ef 70 0d 00 f7 d8 64 89 01 48 +[ 1010.716456] RSP: 002b:00007fff18872348 EFLAGS: 00000202 ORIG_RAX: 000000000000002e +[ 1010.716463] RAX: ffffffffffffffda RBX: 000055f72bf0eac0 RCX: 00007fd1508cbd49 +[ 1010.716468] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 +[ 1010.716473] RBP: 00007fff18872360 R08: 00007fff18872360 R09: 00007fff18872360 +[ 1010.716478] R10: 00007fff18872360 R11: 0000000000000202 R12: 000055f72bf0e1b0 +[ 1010.716482] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 +[ 1010.716491] Modules linked in: gtp(+) udp_tunnel ib_core uinput af_packet rfkill qrtr joydev hid_generic usbhid hid kvm_intel iTCO_wdt intel_pmc_bxt iTCO_vendor_support kvm snd_hda_codec_generic ledtrig_audio irqbypass crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel snd_hda_intel nls_utf8 snd_intel_dspcfg nls_cp866 psmouse aesni_intel vfat crypto_simd fat cryptd glue_helper snd_hda_codec pcspkr snd_hda_core i2c_i801 snd_hwdep i2c_smbus xhci_pci snd_pcm lpc_ich xhci_pci_renesas xhci_hcd qemu_fw_cfg tiny_power_button button sch_fq_codel vboxvideo drm_vram_helper drm_ttm_helper ttm vboxsf vboxguest snd_seq_midi snd_seq_midi_event snd_seq snd_rawmidi snd_seq_device snd_timer snd soundcore msr fuse efi_pstore dm_mod ip_tables x_tables autofs4 virtio_gpu virtio_dma_buf drm_kms_helper cec rc_core drm virtio_rng virtio_scsi rng_core virtio_balloon virtio_blk virtio_net virtio_console net_failover failover ahci libahci libata evdev scsi_mod input_leds serio_raw virtio_pci intel_agp +[ 1010.716674] virtio_ring intel_gtt virtio [last unloaded: gtp] +[ 1010.716693] ---[ end trace 04990a4ce61e174b ]--- + +Cc: stable@vger.kernel.org +Signed-off-by: Alexander Ofitserov +Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)") +Reviewed-by: Jiri Pirko +Link: https://lore.kernel.org/r/20240228114703.465107-1-oficerovas@altlinux.org +Signed-off-by: Paolo Abeni +Acked-by: Thomas Bogendoerfer +--- + drivers/net/gtp.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/drivers/net/gtp.c ++++ b/drivers/net/gtp.c +@@ -1898,26 +1898,26 @@ static int __init gtp_init(void) + + get_random_bytes(>p_h_initval, sizeof(gtp_h_initval)); + +- err = rtnl_link_register(>p_link_ops); ++ err = register_pernet_subsys(>p_net_ops); + if (err < 0) + goto error_out; + +- err = register_pernet_subsys(>p_net_ops); ++ err = rtnl_link_register(>p_link_ops); + if (err < 0) +- goto unreg_rtnl_link; ++ goto unreg_pernet_subsys; + + err = genl_register_family(>p_genl_family); + if (err < 0) +- goto unreg_pernet_subsys; ++ goto unreg_rtnl_link; + + pr_info("GTP module loaded (pdp ctx size %zd bytes)\n", + sizeof(struct pdp_ctx)); + return 0; + +-unreg_pernet_subsys: +- unregister_pernet_subsys(>p_net_ops); + unreg_rtnl_link: + rtnl_link_unregister(>p_link_ops); ++unreg_pernet_subsys: ++ unregister_pernet_subsys(>p_net_ops); + error_out: + pr_err("error loading GTP module loaded\n"); + return err; diff --git a/patches.suse/iio-adc-ad7091r-Allow-users-to-configure-device-events.patch b/patches.suse/iio-adc-ad7091r-Allow-users-to-configure-device-events.patch new file mode 100644 index 0000000..f060108 --- /dev/null +++ b/patches.suse/iio-adc-ad7091r-Allow-users-to-configure-device-events.patch @@ -0,0 +1,284 @@ +From: Marcelo Schmitt +Date: Tue, 19 Dec 2023 17:26:01 -0300 +Subject: iio: adc: ad7091r: Allow users to configure device events +Git-commit: 020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f +Patch-mainline: v6.8-rc1 +References: CVE-2023-52627 bsc#1222051 + +AD7091R-5 devices are supported by the ad7091r-5 driver together with +the ad7091r-base driver. Those drivers declared iio events for notifying +user space when ADC readings fall bellow the thresholds of low limit +registers or above the values set in high limit registers. +However, to configure iio events and their thresholds, a set of callback +functions must be implemented and those were not present until now. +The consequence of trying to configure ad7091r-5 events without the +proper callback functions was a null pointer dereference in the kernel +because the pointers to the callback functions were not set. + +Implement event configuration callbacks allowing users to read/write +event thresholds and enable/disable event generation. + +Since the event spec structs are generic to AD7091R devices, also move +those from the ad7091r-5 driver the base driver so they can be reused +when support for ad7091r-2/-4/-8 be added. + +Fixes: ca69300173b6 ("iio: adc: Add support for AD7091R5 ADC") +Suggested-by: David Lechner +Signed-off-by: Marcelo Schmitt +Link: https://lore.kernel.org/r/59552d3548dabd56adc3107b7b4869afee2b0c3c.1703013352.git.marcelo.schmitt1@gmail.com +Cc: +Signed-off-by: Jonathan Cameron +Acked-by: Ivan T. Ivanov +--- + drivers/iio/adc/ad7091r-base.c | 156 +++++++++++++++++++++++++++++++++++++++++ + drivers/iio/adc/ad7091r-base.h | 6 + + drivers/iio/adc/ad7091r5.c | 28 +------ + 3 files changed, 166 insertions(+), 24 deletions(-) + +--- a/drivers/iio/adc/ad7091r-base.c ++++ b/drivers/iio/adc/ad7091r-base.c +@@ -6,6 +6,7 @@ + */ + + #include ++#include + #include + #include + #include +@@ -50,6 +51,27 @@ struct ad7091r_state { + struct mutex lock; /*lock to prevent concurent reads */ + }; + ++const struct iio_event_spec ad7091r_events[] = { ++ { ++ .type = IIO_EV_TYPE_THRESH, ++ .dir = IIO_EV_DIR_RISING, ++ .mask_separate = BIT(IIO_EV_INFO_VALUE) | ++ BIT(IIO_EV_INFO_ENABLE), ++ }, ++ { ++ .type = IIO_EV_TYPE_THRESH, ++ .dir = IIO_EV_DIR_FALLING, ++ .mask_separate = BIT(IIO_EV_INFO_VALUE) | ++ BIT(IIO_EV_INFO_ENABLE), ++ }, ++ { ++ .type = IIO_EV_TYPE_THRESH, ++ .dir = IIO_EV_DIR_EITHER, ++ .mask_separate = BIT(IIO_EV_INFO_HYSTERESIS), ++ }, ++}; ++EXPORT_SYMBOL_NS_GPL(ad7091r_events, IIO_AD7091R); ++ + static int ad7091r_set_mode(struct ad7091r_state *st, enum ad7091r_mode mode) + { + int ret, conf; +@@ -169,8 +191,142 @@ unlock: + return ret; + } + ++static int ad7091r_read_event_config(struct iio_dev *indio_dev, ++ const struct iio_chan_spec *chan, ++ enum iio_event_type type, ++ enum iio_event_direction dir) ++{ ++ struct ad7091r_state *st = iio_priv(indio_dev); ++ int val, ret; ++ ++ switch (dir) { ++ case IIO_EV_DIR_RISING: ++ ret = regmap_read(st->map, ++ AD7091R_REG_CH_HIGH_LIMIT(chan->channel), ++ &val); ++ if (ret) ++ return ret; ++ return val != AD7091R_HIGH_LIMIT; ++ case IIO_EV_DIR_FALLING: ++ ret = regmap_read(st->map, ++ AD7091R_REG_CH_LOW_LIMIT(chan->channel), ++ &val); ++ if (ret) ++ return ret; ++ return val != AD7091R_LOW_LIMIT; ++ default: ++ return -EINVAL; ++ } ++} ++ ++static int ad7091r_write_event_config(struct iio_dev *indio_dev, ++ const struct iio_chan_spec *chan, ++ enum iio_event_type type, ++ enum iio_event_direction dir, int state) ++{ ++ struct ad7091r_state *st = iio_priv(indio_dev); ++ ++ if (state) { ++ return regmap_set_bits(st->map, AD7091R_REG_CONF, ++ AD7091R_REG_CONF_ALERT_EN); ++ } else { ++ /* ++ * Set thresholds either to 0 or to 2^12 - 1 as appropriate to ++ * prevent alerts and thus disable event generation. ++ */ ++ switch (dir) { ++ case IIO_EV_DIR_RISING: ++ return regmap_write(st->map, ++ AD7091R_REG_CH_HIGH_LIMIT(chan->channel), ++ AD7091R_HIGH_LIMIT); ++ case IIO_EV_DIR_FALLING: ++ return regmap_write(st->map, ++ AD7091R_REG_CH_LOW_LIMIT(chan->channel), ++ AD7091R_LOW_LIMIT); ++ default: ++ return -EINVAL; ++ } ++ } ++} ++ ++static int ad7091r_read_event_value(struct iio_dev *indio_dev, ++ const struct iio_chan_spec *chan, ++ enum iio_event_type type, ++ enum iio_event_direction dir, ++ enum iio_event_info info, int *val, int *val2) ++{ ++ struct ad7091r_state *st = iio_priv(indio_dev); ++ int ret; ++ ++ switch (info) { ++ case IIO_EV_INFO_VALUE: ++ switch (dir) { ++ case IIO_EV_DIR_RISING: ++ ret = regmap_read(st->map, ++ AD7091R_REG_CH_HIGH_LIMIT(chan->channel), ++ val); ++ if (ret) ++ return ret; ++ return IIO_VAL_INT; ++ case IIO_EV_DIR_FALLING: ++ ret = regmap_read(st->map, ++ AD7091R_REG_CH_LOW_LIMIT(chan->channel), ++ val); ++ if (ret) ++ return ret; ++ return IIO_VAL_INT; ++ default: ++ return -EINVAL; ++ } ++ case IIO_EV_INFO_HYSTERESIS: ++ ret = regmap_read(st->map, ++ AD7091R_REG_CH_HYSTERESIS(chan->channel), ++ val); ++ if (ret) ++ return ret; ++ return IIO_VAL_INT; ++ default: ++ return -EINVAL; ++ } ++} ++ ++static int ad7091r_write_event_value(struct iio_dev *indio_dev, ++ const struct iio_chan_spec *chan, ++ enum iio_event_type type, ++ enum iio_event_direction dir, ++ enum iio_event_info info, int val, int val2) ++{ ++ struct ad7091r_state *st = iio_priv(indio_dev); ++ ++ switch (info) { ++ case IIO_EV_INFO_VALUE: ++ switch (dir) { ++ case IIO_EV_DIR_RISING: ++ return regmap_write(st->map, ++ AD7091R_REG_CH_HIGH_LIMIT(chan->channel), ++ val); ++ case IIO_EV_DIR_FALLING: ++ return regmap_write(st->map, ++ AD7091R_REG_CH_LOW_LIMIT(chan->channel), ++ val); ++ default: ++ return -EINVAL; ++ } ++ case IIO_EV_INFO_HYSTERESIS: ++ return regmap_write(st->map, ++ AD7091R_REG_CH_HYSTERESIS(chan->channel), ++ val); ++ default: ++ return -EINVAL; ++ } ++} ++ + static const struct iio_info ad7091r_info = { + .read_raw = ad7091r_read_raw, ++ .read_event_config = &ad7091r_read_event_config, ++ .write_event_config = &ad7091r_write_event_config, ++ .read_event_value = &ad7091r_read_event_value, ++ .write_event_value = &ad7091r_write_event_value, + }; + + static irqreturn_t ad7091r_event_handler(int irq, void *private) +--- a/drivers/iio/adc/ad7091r-base.h ++++ b/drivers/iio/adc/ad7091r-base.h +@@ -8,6 +8,10 @@ + #ifndef __DRIVERS_IIO_ADC_AD7091R_BASE_H__ + #define __DRIVERS_IIO_ADC_AD7091R_BASE_H__ + ++/* AD7091R_REG_CH_LIMIT */ ++#define AD7091R_HIGH_LIMIT 0xFFF ++#define AD7091R_LOW_LIMIT 0x0 ++ + struct device; + struct ad7091r_state; + +@@ -17,6 +21,8 @@ struct ad7091r_chip_info { + unsigned int vref_mV; + }; + ++extern const struct iio_event_spec ad7091r_events[3]; ++ + extern const struct regmap_config ad7091r_regmap_config; + + int ad7091r_probe(struct device *dev, const char *name, +--- a/drivers/iio/adc/ad7091r5.c ++++ b/drivers/iio/adc/ad7091r5.c +@@ -12,26 +12,6 @@ + + #include "ad7091r-base.h" + +-static const struct iio_event_spec ad7091r5_events[] = { +- { +- .type = IIO_EV_TYPE_THRESH, +- .dir = IIO_EV_DIR_RISING, +- .mask_separate = BIT(IIO_EV_INFO_VALUE) | +- BIT(IIO_EV_INFO_ENABLE), +- }, +- { +- .type = IIO_EV_TYPE_THRESH, +- .dir = IIO_EV_DIR_FALLING, +- .mask_separate = BIT(IIO_EV_INFO_VALUE) | +- BIT(IIO_EV_INFO_ENABLE), +- }, +- { +- .type = IIO_EV_TYPE_THRESH, +- .dir = IIO_EV_DIR_EITHER, +- .mask_separate = BIT(IIO_EV_INFO_HYSTERESIS), +- }, +-}; +- + #define AD7091R_CHANNEL(idx, bits, ev, num_ev) { \ + .type = IIO_VOLTAGE, \ + .info_mask_separate = BIT(IIO_CHAN_INFO_RAW), \ +@@ -44,10 +24,10 @@ static const struct iio_event_spec ad709 + .scan_type.realbits = bits, \ + } + static const struct iio_chan_spec ad7091r5_channels_irq[] = { +- AD7091R_CHANNEL(0, 12, ad7091r5_events, ARRAY_SIZE(ad7091r5_events)), +- AD7091R_CHANNEL(1, 12, ad7091r5_events, ARRAY_SIZE(ad7091r5_events)), +- AD7091R_CHANNEL(2, 12, ad7091r5_events, ARRAY_SIZE(ad7091r5_events)), +- AD7091R_CHANNEL(3, 12, ad7091r5_events, ARRAY_SIZE(ad7091r5_events)), ++ AD7091R_CHANNEL(0, 12, ad7091r_events, ARRAY_SIZE(ad7091r_events)), ++ AD7091R_CHANNEL(1, 12, ad7091r_events, ARRAY_SIZE(ad7091r_events)), ++ AD7091R_CHANNEL(2, 12, ad7091r_events, ARRAY_SIZE(ad7091r_events)), ++ AD7091R_CHANNEL(3, 12, ad7091r_events, ARRAY_SIZE(ad7091r_events)), + }; + + static const struct iio_chan_spec ad7091r5_channels_noirq[] = { diff --git a/patches.suse/iio-adc-ad7091r-Move-exports-into-IIO_AD7091R-namespace.patch b/patches.suse/iio-adc-ad7091r-Move-exports-into-IIO_AD7091R-namespace.patch new file mode 100644 index 0000000..66fe9ca --- /dev/null +++ b/patches.suse/iio-adc-ad7091r-Move-exports-into-IIO_AD7091R-namespace.patch @@ -0,0 +1,56 @@ +From: Jonathan Cameron +Date: Sun, 30 Jan 2022 20:56:47 +0000 +Subject: iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. +Git-commit: 8a0080af84d3fb2423f0b3b55eff666f545eb097 +Patch-mainline: v5.18-rc1 +References: CVE-2023-52627 bsc#1222051 + +In order to avoid unnecessary pollution of the global symbol namespace +move the core/library functions into a specific namespace and import +that into the various specific device drivers that use them. + +For more information see https://lwn.net/Articles/760045/ + +An alternative here would be to conclude that we are unlikely to see +support for the other ad7091r parts in the near future and just merge +the two modules into one supporting just the i2c -5 variant. + +Signed-off-by: Jonathan Cameron +Cc: Paul Cercueil +Reviewed-by: Paul Cercueil +Reviewed-by: Andy Shevchenko +Link: https://lore.kernel.org/r/20220130205701.334592-3-jic23@kernel.org + +Acked-by: Ivan T. Ivanov +--- + drivers/iio/adc/ad7091r-base.c | 4 ++-- + drivers/iio/adc/ad7091r5.c | 1 + + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/iio/adc/ad7091r-base.c ++++ b/drivers/iio/adc/ad7091r-base.c +@@ -260,7 +260,7 @@ int ad7091r_probe(struct device *dev, co + + return devm_iio_device_register(dev, iio_dev); + } +-EXPORT_SYMBOL_GPL(ad7091r_probe); ++EXPORT_SYMBOL_NS_GPL(ad7091r_probe, IIO_AD7091R); + + static bool ad7091r_writeable_reg(struct device *dev, unsigned int reg) + { +@@ -290,7 +290,7 @@ const struct regmap_config ad7091r_regma + .writeable_reg = ad7091r_writeable_reg, + .volatile_reg = ad7091r_volatile_reg, + }; +-EXPORT_SYMBOL_GPL(ad7091r_regmap_config); ++EXPORT_SYMBOL_NS_GPL(ad7091r_regmap_config, IIO_AD7091R); + + MODULE_AUTHOR("Beniamin Bia "); + MODULE_DESCRIPTION("Analog Devices AD7091Rx multi-channel converters"); +--- a/drivers/iio/adc/ad7091r5.c ++++ b/drivers/iio/adc/ad7091r5.c +@@ -111,3 +111,4 @@ module_i2c_driver(ad7091r5_driver); + MODULE_AUTHOR("Beniamin Bia "); + MODULE_DESCRIPTION("Analog Devices AD7091R5 multi-channel ADC driver"); + MODULE_LICENSE("GPL v2"); ++MODULE_IMPORT_NS(IIO_AD7091R); diff --git a/patches.suse/kprobes-Fix-double-free-of-kretprobe_holder.patch b/patches.suse/kprobes-Fix-double-free-of-kretprobe_holder.patch new file mode 100644 index 0000000..dee117c --- /dev/null +++ b/patches.suse/kprobes-Fix-double-free-of-kretprobe_holder.patch @@ -0,0 +1,63 @@ +From e14cbede05bc5f1ec13a802159f5374bdb84e7f2 Mon Sep 17 00:00:00 2001 +From: Petr Pavlu +Date: Thu, 4 Apr 2024 16:44:02 +0200 +Subject: [PATCH] kprobes: Fix double free of kretprobe_holder +Patch-mainline: Never, the code has been reworked upstream +References: bsc#1220901 + +When unregistering a kretprobe, the code in unregister_kretprobes() sets +rp->rph->rp to NULL which forces all associated kretprobe_instances +still in use to be later freed separately via free_rp_inst_rcu(). + +Function unregister_kretprobes() then calls free_rp_inst() which takes +care of releasing all currently unused kretprobe_instances, the ones +that are on the kretprobe's freelist. The code in free_rp_inst() counts +a number of these released kretprobe_instances and invokes +refcount_sub_and_test(count, &rp->rph->ref) to decrease the +kretprobe_holder's refcount and subsequently calls kfree(rp->rph) if the +function returns true, indicating the refcount reached zero. + +It is possible that the number of released kretprobe_instances in +free_rp_inst() is zero and therefore refcount_sub_and_test() is invoked +with count=0. Additionally, depending on timing, it can happen +that all previously used kretprobe_instances were already freed via +free_rp_inst_rcu(). This means the refcount of kretprobe_holder already +reached zero and was deallocated. + +The resulting call of refcount_sub_and_test(0, &rp->rph->ref) in +free_rp_inst() is then a use-after-free. If the memory previously +occupied by the refcount is still set to zero then the call returns true +and kretprobe_holder gets wrongly freed for the second time. + +Fix the problem by adding a check for count>0 before calling +refcount_sub_and_test() in free_rp_inst(). + +Note that this code was reworked upstream in commit 4bbd93455659 +("kprobes: kretprobe scalability improvement") and the new objpool +implementation doesn't have this problem. + +Signed-off-by: Petr Pavlu +--- + kernel/kprobes.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/kernel/kprobes.c b/kernel/kprobes.c +index 77f5bcfc9b54..e532418256cd 100644 +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -1288,10 +1288,9 @@ static inline void free_rp_inst(struct kretprobe *rp) + count++; + } + +- if (refcount_sub_and_test(count, &rp->rph->ref)) { ++ if (count > 0 && refcount_sub_and_test(count, &rp->rph->ref)) + kfree(rp->rph); +- rp->rph = NULL; +- } ++ rp->rph = NULL; + } + + /* Add the new probe to ap->list */ +-- +2.44.0 + diff --git a/patches.suse/libnvdimm-of_pmem-Use-devm_kstrdup-instead-of-kstrdu-6fd4.patch b/patches.suse/libnvdimm-of_pmem-Use-devm_kstrdup-instead-of-kstrdu-6fd4.patch new file mode 100644 index 0000000..86bfceb --- /dev/null +++ b/patches.suse/libnvdimm-of_pmem-Use-devm_kstrdup-instead-of-kstrdu-6fd4.patch @@ -0,0 +1,45 @@ +From 6fd4ebfc4d61e3097b595ab2725d513e3bbd6739 Mon Sep 17 00:00:00 2001 +From: Chen Ni +Date: Thu, 14 Sep 2023 07:03:27 +0000 +Subject: [PATCH] libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and + check its return value +Git-commit: 6fd4ebfc4d61e3097b595ab2725d513e3bbd6739 +Patch-mainline: v6.7-rc1 +References: git-fixes + +Use devm_kstrdup() instead of kstrdup() and check its return value to +avoid memory leak. + +Fixes: 49bddc73d15c ("libnvdimm/of_pmem: Provide a unique name for bus provider") +Signed-off-by: Chen Ni +Reviewed-by: Ira Weiny +Reviewed-by: Dave Jiang +Signed-off-by: Ira Weiny +Signed-off-by: Coly Li + +--- + drivers/nvdimm/of_pmem.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/drivers/nvdimm/of_pmem.c b/drivers/nvdimm/of_pmem.c +index 1b9f5b8a6167..d3fca0ab6290 100644 +--- a/drivers/nvdimm/of_pmem.c ++++ b/drivers/nvdimm/of_pmem.c +@@ -30,7 +30,13 @@ static int of_pmem_region_probe(struct platform_device *pdev) + if (!priv) + return -ENOMEM; + +- priv->bus_desc.provider_name = kstrdup(pdev->name, GFP_KERNEL); ++ priv->bus_desc.provider_name = devm_kstrdup(&pdev->dev, pdev->name, ++ GFP_KERNEL); ++ if (!priv->bus_desc.provider_name) { ++ kfree(priv); ++ return -ENOMEM; ++ } ++ + priv->bus_desc.module = THIS_MODULE; + priv->bus_desc.of_node = np; + +-- +2.35.3 + diff --git a/patches.suse/libnvdimm-region-Allow-setting-align-attribute-on-re-2e50.patch b/patches.suse/libnvdimm-region-Allow-setting-align-attribute-on-re-2e50.patch new file mode 100644 index 0000000..a82cc09 --- /dev/null +++ b/patches.suse/libnvdimm-region-Allow-setting-align-attribute-on-re-2e50.patch @@ -0,0 +1,79 @@ +From 2e5021cc42ba26c98fe83b973d774a999fa4f219 Mon Sep 17 00:00:00 2001 +From: Tyler Hicks +Date: Tue, 30 Aug 2022 00:45:05 -0500 +Subject: [PATCH] libnvdimm/region: Allow setting align attribute on regions + without mappings +Git-commit: 2e5021cc42ba26c98fe83b973d774a999fa4f219 +Patch-mainline: v6.1-rc1 +References: git-fixes + +The alignment constraint for namespace creation in a region was +increased, from 2M to 16M, for non-PowerPC architectures in v5.7 with +commit 2522afb86a8c ("libnvdimm/region: Introduce an 'align' +attribute"). The thought behind the change was that region alignment +should be uniform across all architectures and, since PowerPC had the +largest alignment constraint of 16M, all architectures should conform to +that alignment. + +The change regressed namespace creation in pre-defined regions that +relied on 2M alignment but a workaround was provided in the form of a +sysfs attribute, named 'align', that could be adjusted to a non-default +alignment value. + +However, the sysfs attribute's store function returned an error (-ENXIO) +when userspace attempted to change the alignment of a region that had no +mappings. This affected 2M aligned regions of volatile memory that were +defined in a device tree using "pmem-region" and created by the +of_pmem_region_driver, since those regions do not contain mappings +(ndr_mappings is 0). + +Allow userspace to set the align attribute on pre-existing regions that +do not have mappings so that namespaces can still be within those +regions, despite not being aligned to 16M. + +Link: https://lore.kernel.org/lkml/CA+CK2bDJ3hrWoE91L2wpAk+Yu0_=GtYw=4gLDDD7mxs321b_aA@mail.gmail.com +Fixes: 2522afb86a8c ("libnvdimm/region: Introduce an 'align' attribute") +Signed-off-by: Tyler Hicks +Link: https://lore.kernel.org/r/20220830054505.1159488-1-tyhicks@linux.microsoft.com +Signed-off-by: Dan Williams +Signed-off-by: Coly Li + +--- + drivers/nvdimm/region_devs.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/drivers/nvdimm/region_devs.c b/drivers/nvdimm/region_devs.c +index 70f1a23cbe31..e0875d369762 100644 +--- a/drivers/nvdimm/region_devs.c ++++ b/drivers/nvdimm/region_devs.c +@@ -509,16 +509,13 @@ static ssize_t align_store(struct device *dev, + { + struct nd_region *nd_region = to_nd_region(dev); + unsigned long val, dpa; +- u32 remainder; ++ u32 mappings, remainder; + int rc; + + rc = kstrtoul(buf, 0, &val); + if (rc) + return rc; + +- if (!nd_region->ndr_mappings) +- return -ENXIO; +- + /* + * Ensure space-align is evenly divisible by the region + * interleave-width because the kernel typically has no facility +@@ -526,7 +523,8 @@ static ssize_t align_store(struct device *dev, + * contribute to the tail capacity in system-physical-address + * space for the namespace. + */ +- dpa = div_u64_rem(val, nd_region->ndr_mappings, &remainder); ++ mappings = max_t(u32, 1, nd_region->ndr_mappings); ++ dpa = div_u64_rem(val, mappings, &remainder); + if (!is_power_of_2(dpa) || dpa < PAGE_SIZE + || val > region_size(nd_region) || remainder) + return -EINVAL; +-- +2.35.3 + diff --git a/patches.suse/md-Don-t-clear-MD_CLOSING-when-the-raid-is-about-to--9674.patch b/patches.suse/md-Don-t-clear-MD_CLOSING-when-the-raid-is-about-to--9674.patch new file mode 100644 index 0000000..8a57768 --- /dev/null +++ b/patches.suse/md-Don-t-clear-MD_CLOSING-when-the-raid-is-about-to--9674.patch @@ -0,0 +1,68 @@ +From 9674f54e41fffaf06f6a60202e1fa4cc13de3cf5 Mon Sep 17 00:00:00 2001 +From: Li Nan +Date: Mon, 26 Feb 2024 11:14:40 +0800 +Subject: [PATCH] md: Don't clear MD_CLOSING when the raid is about to stop +Git-commit: 9674f54e41fffaf06f6a60202e1fa4cc13de3cf5 +Patch-mainline: v6.9-rc1 +References: git-fixes + +The raid should not be opened anymore when it is about to be stopped. +However, other processes can open it again if the flag MD_CLOSING is +cleared before exiting. From now on, this flag will not be cleared when +the raid will be stopped. + +Fixes: 065e519e71b2 ("md: MD_CLOSING needs to be cleared after called md_set_readonly or do_md_stop") +Signed-off-by: Li Nan +Reviewed-by: Yu Kuai +Signed-off-by: Song Liu +Link: https://lore.kernel.org/r/20240226031444.3606764-6-linan666@huaweicloud.com +Signed-off-by: Coly Li + +--- + drivers/md/md.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -6206,7 +6206,15 @@ static void md_clean(struct mddev *mddev + mddev->persistent = 0; + mddev->level = LEVEL_NONE; + mddev->clevel[0] = 0; +- mddev->flags = 0; ++ /* ++ * Don't clear MD_CLOSING, or mddev can be opened again. ++ * 'hold_active != 0' means mddev is still in the creation ++ * process and will be used later. ++ */ ++ if (mddev->hold_active) ++ mddev->flags = 0; ++ else ++ mddev->flags &= BIT_ULL_MASK(MD_CLOSING); + mddev->sb_flags = 0; + mddev->ro = MD_RDWR; + mddev->metadata_type[0] = 0; +@@ -7528,7 +7536,6 @@ static int md_ioctl(struct block_device + int err = 0; + void __user *argp = (void __user *)arg; + struct mddev *mddev = NULL; +- bool did_set_md_closing = false; + + if (!md_ioctl_valid(cmd)) + return -ENOTTY; +@@ -7615,7 +7622,6 @@ static int md_ioctl(struct block_device + err = -EBUSY; + goto out; + } +- did_set_md_closing = true; + mutex_unlock(&mddev->open_mutex); + sync_blockdev(bdev); + } +@@ -7778,7 +7784,7 @@ unlock: + mddev->hold_active = 0; + mddev_unlock(mddev); + out: +- if(did_set_md_closing) ++ if (cmd == STOP_ARRAY_RO || (err && cmd == STOP_ARRAY)) + clear_bit(MD_CLOSING, &mddev->flags); + return err; + } diff --git a/patches.suse/md-don-t-clear-MD_RECOVERY_FROZEN-for-new-dm-raid-un-2f03.patch b/patches.suse/md-don-t-clear-MD_RECOVERY_FROZEN-for-new-dm-raid-un-2f03.patch new file mode 100644 index 0000000..e16f583 --- /dev/null +++ b/patches.suse/md-don-t-clear-MD_RECOVERY_FROZEN-for-new-dm-raid-un-2f03.patch @@ -0,0 +1,54 @@ +From 2f03d0c2cd451c7ac2f317079d4ec518f0986b55 Mon Sep 17 00:00:00 2001 +From: Yu Kuai +Date: Tue, 5 Mar 2024 15:22:58 +0800 +Subject: [PATCH] md: don't clear MD_RECOVERY_FROZEN for new dm-raid until + resume +Git-commit: 2f03d0c2cd451c7ac2f317079d4ec518f0986b55 +Patch-mainline: v6.9-rc1 +References: git-fixes + +After commit 9dbd1aa3a81c ("dm raid: add reshaping support to the +target") raid_ctr() will set MD_RECOVERY_FROZEN before md_run() and +expect to keep array frozen until resume. However, md_run() will clear +the flag by setting mddev->recovery to 0. + +Before commit 1baae052cccd ("md: Don't ignore suspended array in +md_check_recovery()"), dm-raid actually relied on suspending to prevent +starting new sync_thread. + +Fix this problem by keeping 'MD_RECOVERY_FROZEN' for dm-raid in +md_run(). + +Fixes: 1baae052cccd ("md: Don't ignore suspended array in md_check_recovery()") +Fixes: 9dbd1aa3a81c ("dm raid: add reshaping support to the target") +Cc: stable@vger.kernel.org # v6.7+ +Signed-off-by: Yu Kuai +Signed-off-by: Xiao Ni +Acked-by: Mike Snitzer +Signed-off-by: Song Liu +Link: https://lore.kernel.org/r/20240305072306.2562024-2-yukuai1@huaweicloud.com +Signed-off-by: Coly Li + +--- + drivers/md/md.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/md/md.c b/drivers/md/md.c +index 48ae2b1cb57a..0c4e00e8d485 100644 +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -6062,7 +6062,10 @@ int md_run(struct mddev *mddev) + pr_warn("True protection against single-disk failure might be compromised.\n"); + } + +- mddev->recovery = 0; ++ /* dm-raid expect sync_thread to be frozen until resume */ ++ if (mddev->gendisk) ++ mddev->recovery = 0; ++ + /* may be over-ridden by personality */ + mddev->resync_max_sectors = mddev->dev_sectors; + +-- +2.35.3 + diff --git a/patches.suse/md-raid1-fix-choose-next-idle-in-read_balance-257a.patch b/patches.suse/md-raid1-fix-choose-next-idle-in-read_balance-257a.patch new file mode 100644 index 0000000..1d9742a --- /dev/null +++ b/patches.suse/md-raid1-fix-choose-next-idle-in-read_balance-257a.patch @@ -0,0 +1,146 @@ +From 257ac239ffcfd097a9a0732bf5095fb00164f334 Mon Sep 17 00:00:00 2001 +From: Yu Kuai +Date: Thu, 29 Feb 2024 17:57:07 +0800 +Subject: [PATCH] md/raid1: fix choose next idle in read_balance() +Git-commit: 257ac239ffcfd097a9a0732bf5095fb00164f334 +Patch-mainline: v6.9-rc1 +References: git-fixes + +Commit 12cee5a8a29e ("md/raid1: prevent merging too large request") add +the case choose next idle in read_balance(): + +Read_balance: for_each_rdev + if(next_seq_sect == this_sector || dist == 0) + -> sequential reads + best_disk = disk; + if (...) + choose_next_idle = 1 + continue; + + for_each_rdev + -> iterate next rdev + if (pending == 0) + best_disk = disk; + -> choose the next idle disk + break; + + if (choose_next_idle) + -> keep using this rdev if there are no other idle disk + contine + +However, commit 2e52d449bcec ("md/raid1: add failfast handling for reads.") +remove the code: + +- /* If device is idle, use it */ +- if (pending == 0) { +- best_disk = disk; +- break; +- } + +Hence choose next idle will never work now, fix this problem by +Following: + +1) don't set best_disk in this case, read_balance() will choose the best + disk after iterating all the disks; +2) add 'pending' so that other idle disk will be chosen; +3) add a new local variable 'sequential_disk' to record the disk, and if + there is no other idle disk, 'sequential_disk' will be chosen; + +(Coly Li: rebased for Linux 5.14 based SUSE kernel) + +Fixes: 2e52d449bcec ("md/raid1: add failfast handling for reads.") +Co-developed-by: Paul Luse +Signed-off-by: Paul Luse +Signed-off-by: Yu Kuai +Reviewed-by: Xiao Ni +Signed-off-by: Song Liu +Link: https://lore.kernel.org/r/20240229095714.926789-5-yukuai1@huaweicloud.com +Signed-off-by: Coly Li + +--- + drivers/md/raid1.c | 32 ++++++++++++++++++++++---------- + 1 file changed, 22 insertions(+), 10 deletions(-) + +--- a/drivers/md/raid1.c ++++ b/drivers/md/raid1.c +@@ -601,14 +601,13 @@ static int read_balance(struct r1conf *c + const sector_t this_sector = r1_bio->sector; + int sectors; + int best_good_sectors; +- int best_disk, best_dist_disk, best_pending_disk; ++ int best_disk, best_dist_disk, best_pending_disk, sequential_disk; + int has_nonrot_disk; + int disk; + sector_t best_dist; + unsigned int min_pending; + struct md_rdev *rdev; + int choose_first; +- int choose_next_idle; + + rcu_read_lock(); + /* +@@ -620,12 +619,12 @@ static int read_balance(struct r1conf *c + sectors = r1_bio->sectors; + best_disk = -1; + best_dist_disk = -1; ++ sequential_disk = -1; + best_dist = MaxSector; + best_pending_disk = -1; + min_pending = UINT_MAX; + best_good_sectors = 0; + has_nonrot_disk = 0; +- choose_next_idle = 0; + clear_bit(R1BIO_FailFast, &r1_bio->state); + + if ((conf->mddev->recovery_cp < this_sector + sectors) || +@@ -721,7 +720,6 @@ static int read_balance(struct r1conf *c + int opt_iosize = bdev_io_opt(rdev->bdev) >> 9; + struct raid1_info *mirror = &conf->mirrors[disk]; + +- best_disk = disk; + /* + * If buffered sequential IO size exceeds optimal + * iosize, check if there is idle disk. If yes, choose +@@ -740,15 +738,22 @@ static int read_balance(struct r1conf *c + mirror->next_seq_sect > opt_iosize && + mirror->next_seq_sect - opt_iosize >= + mirror->seq_start) { +- choose_next_idle = 1; +- continue; ++ /* ++ * Add 'pending' to avoid choosing this disk if ++ * there is other idle disk. ++ */ ++ pending++; ++ /* ++ * If there is no other idle disk, this disk ++ * will be chosen. ++ */ ++ sequential_disk = disk; ++ } else { ++ best_disk = disk; ++ break; + } +- break; + } + +- if (choose_next_idle) +- continue; +- + if (min_pending > pending) { + min_pending = pending; + best_pending_disk = disk; +@@ -761,6 +766,13 @@ static int read_balance(struct r1conf *c + } + + /* ++ * sequential IO size exceeds optimal iosize, however, there is no other ++ * idle disk, so choose the sequential disk. ++ */ ++ if (best_disk == -1 && min_pending != 0) ++ best_disk = sequential_disk; ++ ++ /* + * If all disks are rotational, choose the closest disk. If any disk is + * non-rotational, choose the disk with less pending request even the + * disk is rotational, which might/might not be optimal for raids with diff --git a/patches.suse/mmc-mmci-stm32-fix-DMA-API-overlapping-mappings-warn.patch b/patches.suse/mmc-mmci-stm32-fix-DMA-API-overlapping-mappings-warn.patch index 65cc94b..fe2602b 100644 --- a/patches.suse/mmc-mmci-stm32-fix-DMA-API-overlapping-mappings-warn.patch +++ b/patches.suse/mmc-mmci-stm32-fix-DMA-API-overlapping-mappings-warn.patch @@ -4,7 +4,7 @@ Date: Wed, 7 Feb 2024 15:39:51 +0100 Subject: [PATCH] mmc: mmci: stm32: fix DMA API overlapping mappings warning Git-commit: 6b1ba3f9040be5efc4396d86c9752cdc564730be Patch-mainline: v6.8-rc7 -References: git-fixes +References: git-fixes CVE-2024-26787 bsc#1222781 Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: diff --git a/patches.suse/nd_btt-Make-BTT-lanes-preemptible-36c7.patch b/patches.suse/nd_btt-Make-BTT-lanes-preemptible-36c7.patch new file mode 100644 index 0000000..65a70a5 --- /dev/null +++ b/patches.suse/nd_btt-Make-BTT-lanes-preemptible-36c7.patch @@ -0,0 +1,94 @@ +From 36c75ce3bd299878fd9b238e9803d3817ddafbf3 Mon Sep 17 00:00:00 2001 +From: Tomas Glozar +Date: Wed, 20 Sep 2023 07:37:12 +0200 +Subject: [PATCH] nd_btt: Make BTT lanes preemptible +Git-commit: 36c75ce3bd299878fd9b238e9803d3817ddafbf3 +Patch-mainline: v6.7-rc1 +References: git-fixes + +nd_region_acquire_lane uses get_cpu, which disables preemption. This is +an issue on PREEMPT_RT kernels, since btt_write_pg and also +nd_region_acquire_lane itself take a spin lock, resulting in BUG: +sleeping function called from invalid context. + +Fix the issue by replacing get_cpu with smp_process_id and +migrate_disable when needed. This makes BTT operations preemptible, thus +permitting the use of spin_lock. + +BUG example occurring when running ndctl tests on PREEMPT_RT kernel: + +Bug: sleeping function called from invalid context at +kernel/locking/spinlock_rt.c:48 +In_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4903, name: +libndctl +Preempt_count: 1, expected: 0 +RCU nest depth: 0, expected: 0 +Preemption disabled at: +[] nd_region_acquire_lane+0x15/0x90 [libnvdimm] +Call Trace: + + dump_stack_lvl+0x8e/0xb0 + __might_resched+0x19b/0x250 + rt_spin_lock+0x4c/0x100 + ? btt_write_pg+0x2d7/0x500 [nd_btt] + btt_write_pg+0x2d7/0x500 [nd_btt] + ? local_clock_noinstr+0x9/0xc0 + btt_submit_bio+0x16d/0x270 [nd_btt] + __submit_bio+0x48/0x80 + __submit_bio_noacct+0x7e/0x1e0 + submit_bio_wait+0x58/0xb0 + __blkdev_direct_IO_simple+0x107/0x240 + ? inode_set_ctime_current+0x51/0x110 + ? __pfx_submit_bio_wait_endio+0x10/0x10 + blkdev_write_iter+0x1d8/0x290 + vfs_write+0x237/0x330 + ... + + +Fixes: 5212e11fde4d ("nd_btt: atomic sector updates") +Signed-off-by: Tomas Glozar +Reviewed-by: Ira Weiny +Reviewed-by: Vishal Verma +Signed-off-by: Ira Weiny +Signed-off-by: Coly Li + +--- + drivers/nvdimm/region_devs.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/drivers/nvdimm/region_devs.c b/drivers/nvdimm/region_devs.c +index 0a81f87f6f6c..e2f1fb99707f 100644 +--- a/drivers/nvdimm/region_devs.c ++++ b/drivers/nvdimm/region_devs.c +@@ -939,7 +939,8 @@ unsigned int nd_region_acquire_lane(struct nd_region *nd_region) + { + unsigned int cpu, lane; + +- cpu = get_cpu(); ++ migrate_disable(); ++ cpu = smp_processor_id(); + if (nd_region->num_lanes < nr_cpu_ids) { + struct nd_percpu_lane *ndl_lock, *ndl_count; + +@@ -958,16 +959,15 @@ EXPORT_SYMBOL(nd_region_acquire_lane); + void nd_region_release_lane(struct nd_region *nd_region, unsigned int lane) + { + if (nd_region->num_lanes < nr_cpu_ids) { +- unsigned int cpu = get_cpu(); ++ unsigned int cpu = smp_processor_id(); + struct nd_percpu_lane *ndl_lock, *ndl_count; + + ndl_count = per_cpu_ptr(nd_region->lane, cpu); + ndl_lock = per_cpu_ptr(nd_region->lane, lane); + if (--ndl_count->count == 0) + spin_unlock(&ndl_lock->lock); +- put_cpu(); + } +- put_cpu(); ++ migrate_enable(); + } + EXPORT_SYMBOL(nd_region_release_lane); + +-- +2.35.3 + diff --git a/patches.suse/net-atlantic-Fix-DMA-mapping-for-PTP-hwts-ring.patch b/patches.suse/net-atlantic-Fix-DMA-mapping-for-PTP-hwts-ring.patch new file mode 100644 index 0000000..3ef7f98 --- /dev/null +++ b/patches.suse/net-atlantic-Fix-DMA-mapping-for-PTP-hwts-ring.patch @@ -0,0 +1,111 @@ +From: Ivan Vecera +Date: Thu, 1 Feb 2024 10:47:51 +0100 +Subject: net: atlantic: Fix DMA mapping for PTP hwts ring +Patch-mainline: v6.8-rc4 +Git-commit: 2e7d3b67630dfd8f178c41fa2217aa00e79a5887 +References: bsc#1222427 CVE-2024-26680 + +Function aq_ring_hwts_rx_alloc() maps extra AQ_CFG_RXDS_DEF bytes +for PTP HWTS ring but then generic aq_ring_free() does not take this +into account. +Create and use a specific function to free HWTS ring to fix this +issue. + +Trace: +[ 215.351607] ------------[ cut here ]------------ +[ 215.351612] DMA-API: atlantic 0000:4b:00.0: device driver frees DMA memory with different size [device address=0x00000000fbdd0000] [map size=34816 bytes] [unmap size=32768 bytes] +[ 215.351635] WARNING: CPU: 33 PID: 10759 at kernel/dma/debug.c:988 check_unmap+0xa6f/0x2360 +... +[ 215.581176] Call Trace: +[ 215.583632] +[ 215.585745] ? show_trace_log_lvl+0x1c4/0x2df +[ 215.590114] ? show_trace_log_lvl+0x1c4/0x2df +[ 215.594497] ? debug_dma_free_coherent+0x196/0x210 +[ 215.599305] ? check_unmap+0xa6f/0x2360 +[ 215.603147] ? __warn+0xca/0x1d0 +[ 215.606391] ? check_unmap+0xa6f/0x2360 +[ 215.610237] ? report_bug+0x1ef/0x370 +[ 215.613921] ? handle_bug+0x3c/0x70 +[ 215.617423] ? exc_invalid_op+0x14/0x50 +[ 215.621269] ? asm_exc_invalid_op+0x16/0x20 +[ 215.625480] ? check_unmap+0xa6f/0x2360 +[ 215.629331] ? mark_lock.part.0+0xca/0xa40 +[ 215.633445] debug_dma_free_coherent+0x196/0x210 +[ 215.638079] ? __pfx_debug_dma_free_coherent+0x10/0x10 +[ 215.643242] ? slab_free_freelist_hook+0x11d/0x1d0 +[ 215.648060] dma_free_attrs+0x6d/0x130 +[ 215.651834] aq_ring_free+0x193/0x290 [atlantic] +[ 215.656487] aq_ptp_ring_free+0x67/0x110 [atlantic] +... +[ 216.127540] ---[ end trace 6467e5964dd2640b ]--- +[ 216.132160] DMA-API: Mapped at: +[ 216.132162] debug_dma_alloc_coherent+0x66/0x2f0 +[ 216.132165] dma_alloc_attrs+0xf5/0x1b0 +[ 216.132168] aq_ring_hwts_rx_alloc+0x150/0x1f0 [atlantic] +[ 216.132193] aq_ptp_ring_alloc+0x1bb/0x540 [atlantic] +[ 216.132213] aq_nic_init+0x4a1/0x760 [atlantic] + +Fixes: 94ad94558b0f ("net: aquantia: add PTP rings infrastructure") +Signed-off-by: Ivan Vecera +Reviewed-by: Jiri Pirko +Link: https://lore.kernel.org/r/20240201094752.883026-1-ivecera@redhat.com +Signed-off-by: Jakub Kicinski +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/aquantia/atlantic/aq_ptp.c | 4 ++-- + drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 13 +++++++++++++ + drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 1 + + 3 files changed, 16 insertions(+), 2 deletions(-) + +--- a/drivers/net/ethernet/aquantia/atlantic/aq_ptp.c ++++ b/drivers/net/ethernet/aquantia/atlantic/aq_ptp.c +@@ -1001,7 +1001,7 @@ int aq_ptp_ring_alloc(struct aq_nic_s *a + return 0; + + err_exit_hwts_rx: +- aq_ring_free(&aq_ptp->hwts_rx); ++ aq_ring_hwts_rx_free(&aq_ptp->hwts_rx); + err_exit_ptp_rx: + aq_ring_free(&aq_ptp->ptp_rx); + err_exit_ptp_tx: +@@ -1019,7 +1019,7 @@ void aq_ptp_ring_free(struct aq_nic_s *a + + aq_ring_free(&aq_ptp->ptp_tx); + aq_ring_free(&aq_ptp->ptp_rx); +- aq_ring_free(&aq_ptp->hwts_rx); ++ aq_ring_hwts_rx_free(&aq_ptp->hwts_rx); + + aq_ptp_skb_ring_release(&aq_ptp->skb_ring); + } +--- a/drivers/net/ethernet/aquantia/atlantic/aq_ring.c ++++ b/drivers/net/ethernet/aquantia/atlantic/aq_ring.c +@@ -584,6 +584,19 @@ void aq_ring_free(struct aq_ring_s *self + self->dx_ring_pa); + } + ++void aq_ring_hwts_rx_free(struct aq_ring_s *self) ++{ ++ if (!self) ++ return; ++ ++ if (self->dx_ring) { ++ dma_free_coherent(aq_nic_get_dev(self->aq_nic), ++ self->size * self->dx_size + AQ_CFG_RXDS_DEF, ++ self->dx_ring, self->dx_ring_pa); ++ self->dx_ring = NULL; ++ } ++} ++ + unsigned int aq_ring_fill_stats_data(struct aq_ring_s *self, u64 *data) + { + unsigned int count; +--- a/drivers/net/ethernet/aquantia/atlantic/aq_ring.h ++++ b/drivers/net/ethernet/aquantia/atlantic/aq_ring.h +@@ -191,6 +191,7 @@ int aq_ring_rx_fill(struct aq_ring_s *se + struct aq_ring_s *aq_ring_hwts_rx_alloc(struct aq_ring_s *self, + struct aq_nic_s *aq_nic, unsigned int idx, + unsigned int size, unsigned int dx_size); ++void aq_ring_hwts_rx_free(struct aq_ring_s *self); + void aq_ring_hwts_rx_clean(struct aq_ring_s *self, struct aq_nic_s *aq_nic); + + unsigned int aq_ring_fill_stats_data(struct aq_ring_s *self, u64 *data); diff --git a/patches.suse/net-stmmac-xgmac-fix-a-typo-of-register-name-in-DPP-.patch b/patches.suse/net-stmmac-xgmac-fix-a-typo-of-register-name-in-DPP-.patch new file mode 100644 index 0000000..ecea365 --- /dev/null +++ b/patches.suse/net-stmmac-xgmac-fix-a-typo-of-register-name-in-DPP-.patch @@ -0,0 +1,49 @@ +From: Furong Xu <0x1207@gmail.com> +Date: Sat, 3 Feb 2024 13:31:33 +0800 +Subject: net: stmmac: xgmac: fix a typo of register name in DPP safety + handling +Patch-mainline: v6.8-rc4 +Git-commit: 1ce2654d87e2fb91fea83b288bd9b2641045e42a +References: bsc#1222445 CVE-2024-26684 + +DDPP is copied from Synopsys Data book: + +DDPP: Disable Data path Parity Protection. + When it is 0x0, Data path Parity Protection is enabled. + When it is 0x1, Data path Parity Protection is disabled. + +The macro name should be XGMAC_DPP_DISABLE. + +Fixes: 46eba193d04f ("net: stmmac: xgmac: fix handling of DPP safety error for DMA channels") +Signed-off-by: Furong Xu <0x1207@gmail.com> +Reviewed-by: Serge Semin +Link: https://lore.kernel.org/r/20240203053133.1129236-1-0x1207@gmail.com +Signed-off-by: Paolo Abeni +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h | 2 +- + drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h ++++ b/drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h +@@ -283,7 +283,7 @@ + #define XGMAC_TXCEIE BIT(0) + #define XGMAC_MTL_ECC_INT_STATUS 0x000010cc + #define XGMAC_MTL_DPP_CONTROL 0x000010e0 +-#define XGMAC_DDPP_DISABLE BIT(0) ++#define XGMAC_DPP_DISABLE BIT(0) + #define XGMAC_MTL_TXQ_OPMODE(x) (0x00001100 + (0x80 * (x))) + #define XGMAC_TQS GENMASK(25, 16) + #define XGMAC_TQS_SHIFT 16 +--- a/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c ++++ b/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c +@@ -885,7 +885,7 @@ dwxgmac3_safety_feat_config(void __iomem + /* 5. Enable Data Path Parity Protection */ + value = readl(ioaddr + XGMAC_MTL_DPP_CONTROL); + /* already enabled by default, explicit enable it again */ +- value &= ~XGMAC_DDPP_DISABLE; ++ value &= ~XGMAC_DPP_DISABLE; + writel(value, ioaddr + XGMAC_MTL_DPP_CONTROL); + + return 0; diff --git a/patches.suse/net-stmmac-xgmac-fix-handling-of-DPP-safety-error-fo.patch b/patches.suse/net-stmmac-xgmac-fix-handling-of-DPP-safety-error-fo.patch new file mode 100644 index 0000000..30d2f96 --- /dev/null +++ b/patches.suse/net-stmmac-xgmac-fix-handling-of-DPP-safety-error-fo.patch @@ -0,0 +1,147 @@ +From: Furong Xu <0x1207@gmail.com> +Date: Wed, 31 Jan 2024 10:08:28 +0800 +Subject: net: stmmac: xgmac: fix handling of DPP safety error for DMA channels +Patch-mainline: v6.8-rc4 +Git-commit: 46eba193d04f8bd717e525eb4110f3c46c12aec3 +References: bsc#1222445 CVE-2024-26684 + +Commit 56e58d6c8a56 ("net: stmmac: Implement Safety Features in +XGMAC core") checks and reports safety errors, but leaves the +Data Path Parity Errors for each channel in DMA unhandled at all, lead to +a storm of interrupt. +Fix it by checking and clearing the DMA_DPP_Interrupt_Status register. + +Fixes: 56e58d6c8a56 ("net: stmmac: Implement Safety Features in XGMAC core") +Signed-off-by: Furong Xu <0x1207@gmail.com> +Reviewed-by: Simon Horman +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h | 3 + + drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 57 +++++++++++++++++++- + 3 files changed, 60 insertions(+), 1 deletion(-) + +--- a/drivers/net/ethernet/stmicro/stmmac/common.h ++++ b/drivers/net/ethernet/stmicro/stmmac/common.h +@@ -196,6 +196,7 @@ struct stmmac_safety_stats { + unsigned long mac_errors[32]; + unsigned long mtl_errors[32]; + unsigned long dma_errors[32]; ++ unsigned long dma_dpp_errors[32]; + }; + + /* Number of fields in Safety Stats */ +--- a/drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h ++++ b/drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h +@@ -282,6 +282,8 @@ + #define XGMAC_RXCEIE BIT(4) + #define XGMAC_TXCEIE BIT(0) + #define XGMAC_MTL_ECC_INT_STATUS 0x000010cc ++#define XGMAC_MTL_DPP_CONTROL 0x000010e0 ++#define XGMAC_DDPP_DISABLE BIT(0) + #define XGMAC_MTL_TXQ_OPMODE(x) (0x00001100 + (0x80 * (x))) + #define XGMAC_TQS GENMASK(25, 16) + #define XGMAC_TQS_SHIFT 16 +@@ -364,6 +366,7 @@ + #define XGMAC_DCEIE BIT(1) + #define XGMAC_TCEIE BIT(0) + #define XGMAC_DMA_ECC_INT_STATUS 0x0000306c ++#define XGMAC_DMA_DPP_INT_STATUS 0x00003074 + #define XGMAC_DMA_CH_CONTROL(x) (0x00003100 + (0x80 * (x))) + #define XGMAC_SPH BIT(24) + #define XGMAC_PBLx8 BIT(16) +--- a/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c ++++ b/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c +@@ -789,6 +789,43 @@ static const struct dwxgmac3_error_desc + { false, "UNKNOWN", "Unknown Error" }, /* 31 */ + }; + ++static const char * const dpp_rx_err = "Read Rx Descriptor Parity checker Error"; ++static const char * const dpp_tx_err = "Read Tx Descriptor Parity checker Error"; ++static const struct dwxgmac3_error_desc dwxgmac3_dma_dpp_errors[32] = { ++ { true, "TDPES0", dpp_tx_err }, ++ { true, "TDPES1", dpp_tx_err }, ++ { true, "TDPES2", dpp_tx_err }, ++ { true, "TDPES3", dpp_tx_err }, ++ { true, "TDPES4", dpp_tx_err }, ++ { true, "TDPES5", dpp_tx_err }, ++ { true, "TDPES6", dpp_tx_err }, ++ { true, "TDPES7", dpp_tx_err }, ++ { true, "TDPES8", dpp_tx_err }, ++ { true, "TDPES9", dpp_tx_err }, ++ { true, "TDPES10", dpp_tx_err }, ++ { true, "TDPES11", dpp_tx_err }, ++ { true, "TDPES12", dpp_tx_err }, ++ { true, "TDPES13", dpp_tx_err }, ++ { true, "TDPES14", dpp_tx_err }, ++ { true, "TDPES15", dpp_tx_err }, ++ { true, "RDPES0", dpp_rx_err }, ++ { true, "RDPES1", dpp_rx_err }, ++ { true, "RDPES2", dpp_rx_err }, ++ { true, "RDPES3", dpp_rx_err }, ++ { true, "RDPES4", dpp_rx_err }, ++ { true, "RDPES5", dpp_rx_err }, ++ { true, "RDPES6", dpp_rx_err }, ++ { true, "RDPES7", dpp_rx_err }, ++ { true, "RDPES8", dpp_rx_err }, ++ { true, "RDPES9", dpp_rx_err }, ++ { true, "RDPES10", dpp_rx_err }, ++ { true, "RDPES11", dpp_rx_err }, ++ { true, "RDPES12", dpp_rx_err }, ++ { true, "RDPES13", dpp_rx_err }, ++ { true, "RDPES14", dpp_rx_err }, ++ { true, "RDPES15", dpp_rx_err }, ++}; ++ + static void dwxgmac3_handle_dma_err(struct net_device *ndev, + void __iomem *ioaddr, bool correctable, + struct stmmac_safety_stats *stats) +@@ -800,6 +837,13 @@ static void dwxgmac3_handle_dma_err(stru + + dwxgmac3_log_error(ndev, value, correctable, "DMA", + dwxgmac3_dma_errors, STAT_OFF(dma_errors), stats); ++ ++ value = readl(ioaddr + XGMAC_DMA_DPP_INT_STATUS); ++ writel(value, ioaddr + XGMAC_DMA_DPP_INT_STATUS); ++ ++ dwxgmac3_log_error(ndev, value, false, "DMA_DPP", ++ dwxgmac3_dma_dpp_errors, ++ STAT_OFF(dma_dpp_errors), stats); + } + + static int +@@ -838,6 +882,12 @@ dwxgmac3_safety_feat_config(void __iomem + value |= XGMAC_TMOUTEN; /* FSM Timeout Feature */ + writel(value, ioaddr + XGMAC_MAC_FSM_CONTROL); + ++ /* 5. Enable Data Path Parity Protection */ ++ value = readl(ioaddr + XGMAC_MTL_DPP_CONTROL); ++ /* already enabled by default, explicit enable it again */ ++ value &= ~XGMAC_DDPP_DISABLE; ++ writel(value, ioaddr + XGMAC_MTL_DPP_CONTROL); ++ + return 0; + } + +@@ -871,7 +921,11 @@ static int dwxgmac3_safety_feat_irq_stat + ret |= !corr; + } + +- err = dma & (XGMAC_DEUIS | XGMAC_DECIS); ++ /* DMA_DPP_Interrupt_Status is indicated by MCSIS bit in ++ * DMA_Safety_Interrupt_Status, so we handle DMA Data Path ++ * Parity Errors here ++ */ ++ err = dma & (XGMAC_DEUIS | XGMAC_DECIS | XGMAC_MCSIS); + corr = dma & XGMAC_DECIS; + if (err) { + dwxgmac3_handle_dma_err(ndev, ioaddr, corr, stats); +@@ -887,6 +941,7 @@ static const struct dwxgmac3_error { + { dwxgmac3_mac_errors }, + { dwxgmac3_mtl_errors }, + { dwxgmac3_dma_errors }, ++ { dwxgmac3_dma_dpp_errors }, + }; + + static int dwxgmac3_safety_feat_dump(struct stmmac_safety_stats *stats, diff --git a/patches.suse/net-stmmac-xgmac-use-define-for-string-constants.patch b/patches.suse/net-stmmac-xgmac-use-define-for-string-constants.patch new file mode 100644 index 0000000..b3dee91 --- /dev/null +++ b/patches.suse/net-stmmac-xgmac-use-define-for-string-constants.patch @@ -0,0 +1,122 @@ +From: Simon Horman +Date: Thu, 8 Feb 2024 09:48:27 +0000 +Subject: net: stmmac: xgmac: use #define for string constants +Patch-mainline: v6.8-rc5 +Git-commit: 1692b9775e745f84b69dc8ad0075b0855a43db4e +References: bsc#1222445 CVE-2024-26684 + +The cited commit introduces and uses the string constants dpp_tx_err and +dpp_rx_err. These are assigned to constant fields of the array +dwxgmac3_error_desc. + +It has been reported that on GCC 6 and 7.5.0 this results in warnings +such as: + + .../dwxgmac2_core.c:836:20: error: initialiser element is not constant + { true, "TDPES0", dpp_tx_err }, + +I have been able to reproduce this using: GCC 7.5.0, 8.4.0, 9.4.0 and 10.5.0. +But not GCC 13.2.0. + +So it seems this effects older compilers but not newer ones. +As Jon points out in his report, the minimum compiler supported by +the kernel is GCC 5.1, so it does seem that this ought to be fixed. + +It is not clear to me what combination of 'const', if any, would address +this problem. So this patch takes of using #defines for the string +constants + +Compile tested only. + +Fixes: 46eba193d04f ("net: stmmac: xgmac: fix handling of DPP safety error for DMA channels") +Reported-by: Jon Hunter +Closes: https://lore.kernel.org/netdev/c25eb595-8d91-40ea-9f52-efa15ebafdbc@nvidia.com/ +Reported-by: kernel test robot +Closes: https://lore.kernel.org/oe-kbuild-all/202402081135.lAxxBXHk-lkp@intel.com/ +Signed-off-by: Simon Horman +Link: https://lore.kernel.org/r/20240208-xgmac-const-v1-1-e69a1eeabfc8@kernel.org +Signed-off-by: Jakub Kicinski +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 69 ++++++++++---------- + 1 file changed, 35 insertions(+), 34 deletions(-) + +--- a/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c ++++ b/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c +@@ -789,41 +789,42 @@ static const struct dwxgmac3_error_desc + { false, "UNKNOWN", "Unknown Error" }, /* 31 */ + }; + +-static const char * const dpp_rx_err = "Read Rx Descriptor Parity checker Error"; +-static const char * const dpp_tx_err = "Read Tx Descriptor Parity checker Error"; ++#define DPP_RX_ERR "Read Rx Descriptor Parity checker Error" ++#define DPP_TX_ERR "Read Tx Descriptor Parity checker Error" ++ + static const struct dwxgmac3_error_desc dwxgmac3_dma_dpp_errors[32] = { +- { true, "TDPES0", dpp_tx_err }, +- { true, "TDPES1", dpp_tx_err }, +- { true, "TDPES2", dpp_tx_err }, +- { true, "TDPES3", dpp_tx_err }, +- { true, "TDPES4", dpp_tx_err }, +- { true, "TDPES5", dpp_tx_err }, +- { true, "TDPES6", dpp_tx_err }, +- { true, "TDPES7", dpp_tx_err }, +- { true, "TDPES8", dpp_tx_err }, +- { true, "TDPES9", dpp_tx_err }, +- { true, "TDPES10", dpp_tx_err }, +- { true, "TDPES11", dpp_tx_err }, +- { true, "TDPES12", dpp_tx_err }, +- { true, "TDPES13", dpp_tx_err }, +- { true, "TDPES14", dpp_tx_err }, +- { true, "TDPES15", dpp_tx_err }, +- { true, "RDPES0", dpp_rx_err }, +- { true, "RDPES1", dpp_rx_err }, +- { true, "RDPES2", dpp_rx_err }, +- { true, "RDPES3", dpp_rx_err }, +- { true, "RDPES4", dpp_rx_err }, +- { true, "RDPES5", dpp_rx_err }, +- { true, "RDPES6", dpp_rx_err }, +- { true, "RDPES7", dpp_rx_err }, +- { true, "RDPES8", dpp_rx_err }, +- { true, "RDPES9", dpp_rx_err }, +- { true, "RDPES10", dpp_rx_err }, +- { true, "RDPES11", dpp_rx_err }, +- { true, "RDPES12", dpp_rx_err }, +- { true, "RDPES13", dpp_rx_err }, +- { true, "RDPES14", dpp_rx_err }, +- { true, "RDPES15", dpp_rx_err }, ++ { true, "TDPES0", DPP_TX_ERR }, ++ { true, "TDPES1", DPP_TX_ERR }, ++ { true, "TDPES2", DPP_TX_ERR }, ++ { true, "TDPES3", DPP_TX_ERR }, ++ { true, "TDPES4", DPP_TX_ERR }, ++ { true, "TDPES5", DPP_TX_ERR }, ++ { true, "TDPES6", DPP_TX_ERR }, ++ { true, "TDPES7", DPP_TX_ERR }, ++ { true, "TDPES8", DPP_TX_ERR }, ++ { true, "TDPES9", DPP_TX_ERR }, ++ { true, "TDPES10", DPP_TX_ERR }, ++ { true, "TDPES11", DPP_TX_ERR }, ++ { true, "TDPES12", DPP_TX_ERR }, ++ { true, "TDPES13", DPP_TX_ERR }, ++ { true, "TDPES14", DPP_TX_ERR }, ++ { true, "TDPES15", DPP_TX_ERR }, ++ { true, "RDPES0", DPP_RX_ERR }, ++ { true, "RDPES1", DPP_RX_ERR }, ++ { true, "RDPES2", DPP_RX_ERR }, ++ { true, "RDPES3", DPP_RX_ERR }, ++ { true, "RDPES4", DPP_RX_ERR }, ++ { true, "RDPES5", DPP_RX_ERR }, ++ { true, "RDPES6", DPP_RX_ERR }, ++ { true, "RDPES7", DPP_RX_ERR }, ++ { true, "RDPES8", DPP_RX_ERR }, ++ { true, "RDPES9", DPP_RX_ERR }, ++ { true, "RDPES10", DPP_RX_ERR }, ++ { true, "RDPES11", DPP_RX_ERR }, ++ { true, "RDPES12", DPP_RX_ERR }, ++ { true, "RDPES13", DPP_RX_ERR }, ++ { true, "RDPES14", DPP_RX_ERR }, ++ { true, "RDPES15", DPP_RX_ERR }, + }; + + static void dwxgmac3_handle_dma_err(struct net_device *ndev, diff --git a/patches.suse/net-usb-ax88179_178a-avoid-the-interface-always-conf.patch b/patches.suse/net-usb-ax88179_178a-avoid-the-interface-always-conf.patch new file mode 100644 index 0000000..30262c1 --- /dev/null +++ b/patches.suse/net-usb-ax88179_178a-avoid-the-interface-always-conf.patch @@ -0,0 +1,53 @@ +From 2e91bb99b9d4f756e92e83c4453f894dda220f09 Mon Sep 17 00:00:00 2001 +From: Jose Ignacio Tornos Martinez +Date: Wed, 3 Apr 2024 15:21:58 +0200 +Subject: [PATCH] net: usb: ax88179_178a: avoid the interface always configured + as random address +Git-commit: 2e91bb99b9d4f756e92e83c4453f894dda220f09 +References: git-fixes +Patch-mainline: v6.9-rc3 + +After the commit d2689b6a86b9 ("net: usb: ax88179_178a: avoid two +consecutive device resets"), reset is not executed from bind operation and +mac address is not read from the device registers or the devicetree at that +moment. Since the check to configure if the assigned mac address is random +or not for the interface, happens after the bind operation from +usbnet_probe, the interface keeps configured as random address, although the +address is correctly read and set during open operation (the only reset +now). + +In order to keep only one reset for the device and to avoid the interface +always configured as random address, after reset, configure correctly the +suitable field from the driver, if the mac address is read successfully from +the device registers or the devicetree. Take into account if a locally +administered address (random) was previously stored. + +Cc: stable@vger.kernel.org # 6.6+ +Fixes: d2689b6a86b9 ("net: usb: ax88179_178a: avoid two consecutive device resets") +Reported-by: Dave Stevenson +Signed-off-by: Jose Ignacio Tornos Martinez +Reviewed-by: Simon Horman +Link: https://lore.kernel.org/r/20240403132158.344838-1-jtornosm@redhat.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Oliver Neukum + +--- + drivers/net/usb/ax88179_178a.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c +index 88e084534853..a9c418890a1c 100644 +--- a/drivers/net/usb/ax88179_178a.c ++++ b/drivers/net/usb/ax88179_178a.c +@@ -1273,6 +1273,8 @@ static void ax88179_get_mac_addr(struct usbnet *dev) + + if (is_valid_ether_addr(mac)) { + eth_hw_addr_set(dev->net, mac); ++ if (!is_local_ether_addr(mac)) ++ dev->net->addr_assign_type = NET_ADDR_PERM; + } else { + netdev_info(dev->net, "invalid MAC address, using random\n"); + eth_hw_addr_random(dev->net); +-- +2.44.0 + diff --git a/patches.suse/netdevsim-avoid-potential-loop-in-nsim_dev_trap_repo.patch b/patches.suse/netdevsim-avoid-potential-loop-in-nsim_dev_trap_repo.patch new file mode 100644 index 0000000..e79f76d --- /dev/null +++ b/patches.suse/netdevsim-avoid-potential-loop-in-nsim_dev_trap_repo.patch @@ -0,0 +1,103 @@ +From b43613be24dd1fe2f46dcad65d26511803a37669 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Thu, 1 Feb 2024 17:53:24 +0000 +Subject: [PATCH 09/35] netdevsim: avoid potential loop in + nsim_dev_trap_report_work() +Git-commit: ba5e1272142d051dcc57ca1d3225ad8a089f9858 +Patch-mainline: v6.8-rc4 +References: git-fixes CVE-2024-26681 bsc#1222431 + +Many syzbot reports include the following trace [1] + +If nsim_dev_trap_report_work() can not grab the mutex, +it should rearm itself at least one jiffie later. + +[1] +Sending NMI from CPU 1 to CPUs 0: +NMI backtrace for cpu 0 +CPU: 0 PID: 32383 Comm: kworker/0:2 Not tainted 6.8.0-rc2-syzkaller-00031-g861c0981648f #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 +Workqueue: events nsim_dev_trap_report_work + RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:89 [inline] + RIP: 0010:memory_is_nonzero mm/kasan/generic.c:104 [inline] + RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:129 [inline] + RIP: 0010:memory_is_poisoned mm/kasan/generic.c:161 [inline] + RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline] + RIP: 0010:kasan_check_range+0x101/0x190 mm/kasan/generic.c:189 +Code: 07 49 39 d1 75 0a 45 3a 11 b8 01 00 00 00 7c 0b 44 89 c2 e8 21 ed ff ff 83 f0 01 5b 5d 41 5c c3 48 85 d2 74 4f 48 01 ea eb 09 <48> 83 c0 01 48 39 d0 74 41 80 38 00 74 f2 eb b6 41 bc 08 00 00 00 +RSP: 0018:ffffc90012dcf998 EFLAGS: 00000046 +RAX: fffffbfff258af1e RBX: fffffbfff258af1f RCX: ffffffff8168eda3 +RDX: fffffbfff258af1f RSI: 0000000000000004 RDI: ffffffff92c578f0 +RBP: fffffbfff258af1e R08: 0000000000000000 R09: fffffbfff258af1e +R10: ffffffff92c578f3 R11: ffffffff8acbcbc0 R12: 0000000000000002 +R13: ffff88806db38400 R14: 1ffff920025b9f42 R15: ffffffff92c578e8 +FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 000000c00994e078 CR3: 000000002c250000 CR4: 00000000003506f0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +Call Trace: + + + + instrument_atomic_read include/linux/instrumented.h:68 [inline] + atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] + queued_spin_is_locked include/asm-generic/qspinlock.h:57 [inline] + debug_spin_unlock kernel/locking/spinlock_debug.c:101 [inline] + do_raw_spin_unlock+0x53/0x230 kernel/locking/spinlock_debug.c:141 + __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:150 [inline] + _raw_spin_unlock_irqrestore+0x22/0x70 kernel/locking/spinlock.c:194 + debug_object_activate+0x349/0x540 lib/debugobjects.c:726 + debug_work_activate kernel/workqueue.c:578 [inline] + insert_work+0x30/0x230 kernel/workqueue.c:1650 + __queue_work+0x62e/0x11d0 kernel/workqueue.c:1802 + __queue_delayed_work+0x1bf/0x270 kernel/workqueue.c:1953 + queue_delayed_work_on+0x106/0x130 kernel/workqueue.c:1989 + queue_delayed_work include/linux/workqueue.h:563 [inline] + schedule_delayed_work include/linux/workqueue.h:677 [inline] + nsim_dev_trap_report_work+0x9c0/0xc80 drivers/net/netdevsim/dev.c:842 + process_one_work+0x886/0x15d0 kernel/workqueue.c:2633 + process_scheduled_works kernel/workqueue.c:2706 [inline] + worker_thread+0x8b9/0x1290 kernel/workqueue.c:2787 + kthread+0x2c6/0x3a0 kernel/kthread.c:388 + ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 + ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 + + +Fixes: 012ec02ae441 ("netdevsim: convert driver to use unlocked devlink API during init/fini") +Reported-by: syzbot +Signed-off-by: Eric Dumazet +Reviewed-by: Jiri Pirko +Link: https://lore.kernel.org/r/20240201175324.3752746-1-edumazet@google.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/netdevsim/dev.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/netdevsim/dev.c b/drivers/net/netdevsim/dev.c +index b4d3b9cde8bd..92a7a36b93ac 100644 +--- a/drivers/net/netdevsim/dev.c ++++ b/drivers/net/netdevsim/dev.c +@@ -835,14 +835,14 @@ static void nsim_dev_trap_report_work(struct work_struct *work) + trap_report_dw.work); + nsim_dev = nsim_trap_data->nsim_dev; + +- /* For each running port and enabled packet trap, generate a UDP +- * packet with a random 5-tuple and report it. +- */ + if (!devl_trylock(priv_to_devlink(nsim_dev))) { +- schedule_delayed_work(&nsim_dev->trap_data->trap_report_dw, 0); ++ schedule_delayed_work(&nsim_dev->trap_data->trap_report_dw, 1); + return; + } + ++ /* For each running port and enabled packet trap, generate a UDP ++ * packet with a random 5-tuple and report it. ++ */ + list_for_each_entry(nsim_dev_port, &nsim_dev->port_list, list) { + if (!netif_running(nsim_dev_port->ns->netdev)) + continue; +-- +2.16.4 + diff --git a/patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-for-small-block-sizes.patch b/patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-for-small-block-sizes.patch index 7a2a94d..139775a 100644 --- a/patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-for-small-block-sizes.patch +++ b/patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-for-small-block-sizes.patch @@ -5,7 +5,7 @@ Subject: [PATCH] nilfs2: fix data corruption in dsync block recovery for small block sizes Git-commit: 67b8bcbaed4777871bb0dcc888fb02a614a98ab1 Patch-mainline: v6.8-rc4 -References: git-fixes +References: git-fixes CVE-2024-26697 bsc#1222550 The helper function nilfs_recovery_copy_block() of nilfs_recovery_dsync_blocks(), which recovers data from logs created by diff --git a/patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch b/patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch new file mode 100644 index 0000000..c76a6fd --- /dev/null +++ b/patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch @@ -0,0 +1,67 @@ +From 38296afe3c6ee07319e01bb249aa4bb47c07b534 Mon Sep 17 00:00:00 2001 +From: Ryusuke Konishi +Date: Wed, 31 Jan 2024 23:56:57 +0900 +Subject: [PATCH] nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() +Git-commit: 38296afe3c6ee07319e01bb249aa4bb47c07b534 +Patch-mainline: v6.8-rc4 +References: bsc#1222549 CVE-2024-26696 + +Syzbot reported a hang issue in migrate_pages_batch() called by mbind() +and nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2. + +While migrate_pages_batch() locks a folio and waits for the writeback to +complete, the log writer thread that should bring the writeback to +completion picks up the folio being written back in +nilfs_lookup_dirty_data_buffers() that it calls for subsequent log +creation and was trying to lock the folio. Thus causing a deadlock. + +In the first place, it is unexpected that folios/pages in the middle of +writeback will be updated and become dirty. Nilfs2 adds a checksum to +verify the validity of the log being written and uses it for recovery at +mount, so data changes during writeback are suppressed. Since this is +broken, an unclean shutdown could potentially cause recovery to fail. + +Investigation revealed that the root cause is that the wait for writeback +completion in nilfs_page_mkwrite() is conditional, and if the backing +device does not require stable writes, data may be modified without +waiting. + +Fix these issues by making nilfs_page_mkwrite() wait for writeback to +finish regardless of the stable write requirement of the backing device. + +Link: https://lkml.kernel.org/r/20240131145657.4209-1-konishi.ryusuke@gmail.com +Fixes: 1d1d1a767206 ("mm: only enforce stable page writes if the backing device requires it") +Signed-off-by: Ryusuke Konishi +Reported-by: syzbot+ee2ae68da3b22d04cd8d@syzkaller.appspotmail.com +Closes: https://lkml.kernel.org/r/00000000000047d819061004ad6c@google.com +Tested-by: Ryusuke Konishi +Cc: +Signed-off-by: Andrew Morton +Acked-by: Anthony Iliopoulos + +--- + fs/nilfs2/file.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/fs/nilfs2/file.c b/fs/nilfs2/file.c +index 7cf765258fda..e337afb9fade 100644 +--- a/fs/nilfs2/file.c ++++ b/fs/nilfs2/file.c +@@ -105,7 +105,13 @@ static vm_fault_t nilfs_page_mkwrite(struct vm_fault *vmf) + nilfs_transaction_commit(inode->i_sb); + + mapped: +- wait_for_stable_page(page); ++ /* ++ * Since checksumming including data blocks is performed to determine ++ * the validity of the log to be written and used for recovery, it is ++ * necessary to wait for writeback to finish here, regardless of the ++ * stable write requirement of the backing device. ++ */ ++ wait_on_page_writeback(page); + out: + sb_end_pagefault(inode->i_sb); + return block_page_mkwrite_return(ret); +-- +2.44.0 + diff --git a/patches.suse/nilfs2-fix-potential-bug-in-end_buffer_async_write.patch b/patches.suse/nilfs2-fix-potential-bug-in-end_buffer_async_write.patch new file mode 100644 index 0000000..cf3e7b5 --- /dev/null +++ b/patches.suse/nilfs2-fix-potential-bug-in-end_buffer_async_write.patch @@ -0,0 +1,104 @@ +From 5bc09b397cbf1221f8a8aacb1152650c9195b02b Mon Sep 17 00:00:00 2001 +From: Ryusuke Konishi +Date: Sun, 4 Feb 2024 01:16:45 +0900 +Subject: [PATCH] nilfs2: fix potential bug in end_buffer_async_write +Git-commit: 5bc09b397cbf1221f8a8aacb1152650c9195b02b +Patch-mainline: v6.8-rc4 +References: bsc#1222437 CVE-2024-26685 + +According to a syzbot report, end_buffer_async_write(), which handles the +completion of block device writes, may detect abnormal condition of the +buffer async_write flag and cause a BUG_ON failure when using nilfs2. + +Nilfs2 itself does not use end_buffer_async_write(). But, the async_write +flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue +with race condition of competition between segments for dirty blocks") as +a means of resolving double list insertion of dirty blocks in +nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the +resulting crash. + +This modification is safe as long as it is used for file data and b-tree +node blocks where the page caches are independent. However, it was +irrelevant and redundant to also introduce async_write for segment summary +and super root blocks that share buffers with the backing device. This +led to the possibility that the BUG_ON check in end_buffer_async_write +would fail as described above, if independent writebacks of the backing +device occurred in parallel. + +The use of async_write for segment summary buffers has already been +removed in a previous change. + +Fix this issue by removing the manipulation of the async_write flag for +the remaining super root block buffer. + +Link: https://lkml.kernel.org/r/20240203161645.4992-1-konishi.ryusuke@gmail.com +Fixes: 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") +Signed-off-by: Ryusuke Konishi +Reported-by: syzbot+5c04210f7c7f897c1e7f@syzkaller.appspotmail.com +Closes: https://lkml.kernel.org/r/00000000000019a97c05fd42f8c8@google.com +Cc: +Signed-off-by: Andrew Morton +Acked-by: Anthony Iliopoulos + +--- + fs/nilfs2/segment.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c +index 9e865732d352..293dc4ff6784 100644 +--- a/fs/nilfs2/segment.c ++++ b/fs/nilfs2/segment.c +@@ -1697,7 +1697,6 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) + + list_for_each_entry(bh, &segbuf->sb_payload_buffers, + b_assoc_buffers) { +- set_buffer_async_write(bh); + if (bh == segbuf->sb_super_root) { + if (bh->b_page != bd_page) { + lock_page(bd_page); +@@ -1708,6 +1707,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) + } + break; + } ++ set_buffer_async_write(bh); + if (bh->b_page != fs_page) { + nilfs_begin_page_io(fs_page); + fs_page = bh->b_page; +@@ -1793,7 +1793,6 @@ static void nilfs_abort_logs(struct list_head *logs, int err) + + list_for_each_entry(bh, &segbuf->sb_payload_buffers, + b_assoc_buffers) { +- clear_buffer_async_write(bh); + if (bh == segbuf->sb_super_root) { + clear_buffer_uptodate(bh); + if (bh->b_page != bd_page) { +@@ -1802,6 +1801,7 @@ static void nilfs_abort_logs(struct list_head *logs, int err) + } + break; + } ++ clear_buffer_async_write(bh); + if (bh->b_page != fs_page) { + nilfs_end_page_io(fs_page, err); + fs_page = bh->b_page; +@@ -1889,8 +1889,9 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) + BIT(BH_Delay) | BIT(BH_NILFS_Volatile) | + BIT(BH_NILFS_Redirected)); + +- set_mask_bits(&bh->b_state, clear_bits, set_bits); + if (bh == segbuf->sb_super_root) { ++ set_buffer_uptodate(bh); ++ clear_buffer_dirty(bh); + if (bh->b_page != bd_page) { + end_page_writeback(bd_page); + bd_page = bh->b_page; +@@ -1898,6 +1899,7 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) + update_sr = true; + break; + } ++ set_mask_bits(&bh->b_state, clear_bits, set_bits); + if (bh->b_page != fs_page) { + nilfs_end_page_io(fs_page, 0); + fs_page = bh->b_page; +-- +2.44.0 + diff --git a/patches.suse/nvdimm-Allow-overwrite-in-the-presence-of-disabled-d-bb7b.patch b/patches.suse/nvdimm-Allow-overwrite-in-the-presence-of-disabled-d-bb7b.patch new file mode 100644 index 0000000..1dea63a --- /dev/null +++ b/patches.suse/nvdimm-Allow-overwrite-in-the-presence-of-disabled-d-bb7b.patch @@ -0,0 +1,50 @@ +From bb7bf697fed58eae9d3445944e457ab0de4da54f Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Thu, 28 Apr 2022 15:47:46 -0700 +Subject: [PATCH] nvdimm: Allow overwrite in the presence of disabled dimms +Git-commit: bb7bf697fed58eae9d3445944e457ab0de4da54f +Patch-mainline: v5.19-rc1 +References: git-fixes + +It is not clear why the original implementation of overwrite support +required the dimm driver to be active before overwrite could proceed. In +fact that can lead to cases where the kernel retains an invalid cached +copy of the labels from before the overwrite. Unfortunately the kernel +has not only allowed that case, but enforced it. + +Going forward, allow for overwrite to happen while the label area is +offline, and follow-on with updates to 'ndctl sanitize-dimm --overwrite' +to trigger the label area invalidation by default. + +Cc: Vishal Verma +Cc: Dave Jiang +Cc: Ira Weiny +Cc: Jeff Moyer +Reported-by: Krzysztof Kensicki +Fixes: 7d988097c546 ("acpi/nfit, libnvdimm/security: Add security DSM overwrite support") +Signed-off-by: Dan Williams +Signed-off-by: Coly Li + +--- + drivers/nvdimm/security.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c +index 4b80150e4afa..b5aa55c61461 100644 +--- a/drivers/nvdimm/security.c ++++ b/drivers/nvdimm/security.c +@@ -379,11 +379,6 @@ static int security_overwrite(struct nvdimm *nvdimm, unsigned int keyid) + || !nvdimm->sec.flags) + return -EOPNOTSUPP; + +- if (dev->driver == NULL) { +- dev_dbg(dev, "Unable to overwrite while DIMM active.\n"); +- return -EINVAL; +- } +- + rc = check_security_state(nvdimm); + if (rc) + return rc; +-- +2.35.3 + diff --git a/patches.suse/nvdimm-Fix-badblocks-clear-off-by-one-error-ef91.patch b/patches.suse/nvdimm-Fix-badblocks-clear-off-by-one-error-ef91.patch new file mode 100644 index 0000000..3cd804c --- /dev/null +++ b/patches.suse/nvdimm-Fix-badblocks-clear-off-by-one-error-ef91.patch @@ -0,0 +1,43 @@ +From ef9102004a87cb3f8b26e000a095a261fc0467d3 Mon Sep 17 00:00:00 2001 +From: Chris Ye +Date: Tue, 31 May 2022 17:09:54 -0700 +Subject: [PATCH] nvdimm: Fix badblocks clear off-by-one error +Git-commit: ef9102004a87cb3f8b26e000a095a261fc0467d3 +Patch-mainline: v5.19-rc5 +References: git-fixes + +nvdimm_clear_badblocks_region() validates badblock clearing requests +against the span of the region, however it compares the inclusive +badblock request range to the exclusive region range. Fix up the +off-by-one error. + +Fixes: 23f498448362 ("libnvdimm: rework region badblocks clearing") +Cc: +Signed-off-by: Chris Ye +Reviewed-by: Vishal Verma +Link: https://lore.kernel.org/r/165404219489.2445897.9792886413715690399.stgit@dwillia2-xfh +Signed-off-by: Dan Williams +Signed-off-by: Coly Li + +--- + drivers/nvdimm/bus.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/nvdimm/bus.c b/drivers/nvdimm/bus.c +index a4fc17db707c..b38d0355b0ac 100644 +--- a/drivers/nvdimm/bus.c ++++ b/drivers/nvdimm/bus.c +@@ -176,8 +176,8 @@ static int nvdimm_clear_badblocks_region(struct device *dev, void *data) + ndr_end = nd_region->ndr_start + nd_region->ndr_size - 1; + + /* make sure we are in the region */ +- if (ctx->phys < nd_region->ndr_start +- || (ctx->phys + ctx->cleared) > ndr_end) ++ if (ctx->phys < nd_region->ndr_start || ++ (ctx->phys + ctx->cleared - 1) > ndr_end) + return 0; + + sector = (ctx->phys - nd_region->ndr_start) / 512; +-- +2.35.3 + diff --git a/patches.suse/nvdimm-Fix-dereference-after-free-in-register_nvdimm-08ca.patch b/patches.suse/nvdimm-Fix-dereference-after-free-in-register_nvdimm-08ca.patch new file mode 100644 index 0000000..d5675ec --- /dev/null +++ b/patches.suse/nvdimm-Fix-dereference-after-free-in-register_nvdimm-08ca.patch @@ -0,0 +1,43 @@ +From 08ca6906a4b7e48f8e93b7c1f49a742a415be6d5 Mon Sep 17 00:00:00 2001 +From: Konstantin Meskhidze +Date: Thu, 17 Aug 2023 19:41:03 +0800 +Subject: [PATCH] nvdimm: Fix dereference after free in register_nvdimm_pmu() +Git-commit: 08ca6906a4b7e48f8e93b7c1f49a742a415be6d5 +Patch-mainline: v6.6-rc1 +References: git-fixes + +'nd_pmu->pmu.attr_groups' is dereferenced in function +'nvdimm_pmu_free_hotplug_memory' call after it has been freed. Because in +function 'nvdimm_pmu_free_hotplug_memory' memory pointed by the fields of +'nd_pmu->pmu.attr_groups' is deallocated it is necessary to call 'kfree' +after 'nvdimm_pmu_free_hotplug_memory'. + +Fixes: 0fab1ba6ad6b ("drivers/nvdimm: Add perf interface to expose nvdimm performance stats") +Co-developed-by: Ivanov Mikhail +Signed-off-by: Konstantin Meskhidze +Reviewed-by: Jeff Moyer +Link: https://lore.kernel.org/r/20230817114103.754977-1-konstantin.meskhidze@huawei.com +Signed-off-by: Dave Jiang +Signed-off-by: Coly Li + +--- + drivers/nvdimm/nd_perf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/nvdimm/nd_perf.c b/drivers/nvdimm/nd_perf.c +index 14881c4e03e6..2b6dc80d8fb5 100644 +--- a/drivers/nvdimm/nd_perf.c ++++ b/drivers/nvdimm/nd_perf.c +@@ -308,8 +308,8 @@ int register_nvdimm_pmu(struct nvdimm_pmu *nd_pmu, struct platform_device *pdev) + + rc = perf_pmu_register(&nd_pmu->pmu, nd_pmu->pmu.name, -1); + if (rc) { +- kfree(nd_pmu->pmu.attr_groups); + nvdimm_pmu_free_hotplug_memory(nd_pmu); ++ kfree(nd_pmu->pmu.attr_groups); + return rc; + } + +-- +2.35.3 + diff --git a/patches.suse/nvdimm-Fix-firmware-activation-deadlock-scenarios-e682.patch b/patches.suse/nvdimm-Fix-firmware-activation-deadlock-scenarios-e682.patch new file mode 100644 index 0000000..1aabb41 --- /dev/null +++ b/patches.suse/nvdimm-Fix-firmware-activation-deadlock-scenarios-e682.patch @@ -0,0 +1,112 @@ +From e6829d1bd3c4b58296ee9e412f7ed4d6cb390192 Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Tue, 26 Apr 2022 13:23:05 -0700 +Subject: [PATCH] nvdimm: Fix firmware activation deadlock scenarios +Git-commit: e6829d1bd3c4b58296ee9e412f7ed4d6cb390192 +Patch-mainline: v5.19-rc1 +References: git-fixes + +Lockdep reports the following deadlock scenarios for CXL root device +power-management, device_prepare(), operations, and device_shutdown() +operations for 'nd_region' devices: + + Chain exists of: + &nvdimm_region_key --> &nvdimm_bus->reconfig_mutex --> system_transition_mutex + + Possible unsafe locking scenario: + + CPU0 CPU1 + ---- ---- + lock(system_transition_mutex); + lock(&nvdimm_bus->reconfig_mutex); + lock(system_transition_mutex); + lock(&nvdimm_region_key); + + Chain exists of: + &cxl_nvdimm_bridge_key --> acpi_scan_lock --> &cxl_root_key + + Possible unsafe locking scenario: + + CPU0 CPU1 + ---- ---- + lock(&cxl_root_key); + lock(acpi_scan_lock); + lock(&cxl_root_key); + lock(&cxl_nvdimm_bridge_key); + +These stem from holding nvdimm_bus_lock() over hibernate_quiet_exec() +which walks the entire system device topology taking device_lock() along +the way. The nvdimm_bus_lock() is protecting against unregistration, +multiple simultaneous ops callers, and preventing activate_show() from +racing activate_store(). For the first 2, the lock is redundant. +Unregistration already flushes all ops users, and sysfs already prevents +multiple threads to be active in an ops handler at the same time. For +the last userspace should already be waiting for its last +activate_store() to complete, and does not need activate_show() to flush +the write side, so this lock usage can be deleted in these attributes. + +Fixes: 48001ea50d17 ("PM, libnvdimm: Add runtime firmware activation support") +Reviewed-by: Ira Weiny +Link: https://lore.kernel.org/r/165074883800.4116052.10737040861825806582.stgit@dwillia2-desk3.amr.corp.intel.com +Signed-off-by: Dan Williams +Signed-off-by: Coly Li + +--- + drivers/nvdimm/core.c | 9 --------- + 1 file changed, 9 deletions(-) + +diff --git a/drivers/nvdimm/core.c b/drivers/nvdimm/core.c +index 144926b7451c..d91799b71d23 100644 +--- a/drivers/nvdimm/core.c ++++ b/drivers/nvdimm/core.c +@@ -368,9 +368,7 @@ static ssize_t capability_show(struct device *dev, + if (!nd_desc->fw_ops) + return -EOPNOTSUPP; + +- nvdimm_bus_lock(dev); + cap = nd_desc->fw_ops->capability(nd_desc); +- nvdimm_bus_unlock(dev); + + switch (cap) { + case NVDIMM_FWA_CAP_QUIESCE: +@@ -395,10 +393,8 @@ static ssize_t activate_show(struct device *dev, + if (!nd_desc->fw_ops) + return -EOPNOTSUPP; + +- nvdimm_bus_lock(dev); + cap = nd_desc->fw_ops->capability(nd_desc); + state = nd_desc->fw_ops->activate_state(nd_desc); +- nvdimm_bus_unlock(dev); + + if (cap < NVDIMM_FWA_CAP_QUIESCE) + return -EOPNOTSUPP; +@@ -443,7 +439,6 @@ static ssize_t activate_store(struct device *dev, + else + return -EINVAL; + +- nvdimm_bus_lock(dev); + state = nd_desc->fw_ops->activate_state(nd_desc); + + switch (state) { +@@ -461,7 +456,6 @@ static ssize_t activate_store(struct device *dev, + default: + rc = -ENXIO; + } +- nvdimm_bus_unlock(dev); + + if (rc == 0) + rc = len; +@@ -484,10 +478,7 @@ static umode_t nvdimm_bus_firmware_visible(struct kobject *kobj, struct attribut + if (!nd_desc->fw_ops) + return 0; + +- nvdimm_bus_lock(dev); + cap = nd_desc->fw_ops->capability(nd_desc); +- nvdimm_bus_unlock(dev); +- + if (cap < NVDIMM_FWA_CAP_QUIESCE) + return 0; + +-- +2.35.3 + diff --git a/patches.suse/nvdimm-Fix-memleak-of-pmu-attr_groups-in-unregister_-85ae.patch b/patches.suse/nvdimm-Fix-memleak-of-pmu-attr_groups-in-unregister_-85ae.patch new file mode 100644 index 0000000..92b9cc0 --- /dev/null +++ b/patches.suse/nvdimm-Fix-memleak-of-pmu-attr_groups-in-unregister_-85ae.patch @@ -0,0 +1,40 @@ +From 85ae42c72142346645e63c33835da947dfa008b3 Mon Sep 17 00:00:00 2001 +From: Konstantin Meskhidze +Date: Thu, 17 Aug 2023 19:59:45 +0800 +Subject: [PATCH] nvdimm: Fix memleak of pmu attr_groups in + unregister_nvdimm_pmu() +Git-commit: 85ae42c72142346645e63c33835da947dfa008b3 +Patch-mainline: v6.6-rc1 +References: git-fixes + +Memory pointed by 'nd_pmu->pmu.attr_groups' is allocated in function +'register_nvdimm_pmu' and is lost after 'kfree(nd_pmu)' call in function +'unregister_nvdimm_pmu'. + +Fixes: 0fab1ba6ad6b ("drivers/nvdimm: Add perf interface to expose nvdimm performance stats") +Co-developed-by: Ivanov Mikhail +Signed-off-by: Konstantin Meskhidze +Reviewed-by: Jeff Moyer +Link: https://lore.kernel.org/r/20230817115945.771826-1-konstantin.meskhidze@huawei.com +Signed-off-by: Dave Jiang +Signed-off-by: Coly Li + +--- + drivers/nvdimm/nd_perf.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/nvdimm/nd_perf.c b/drivers/nvdimm/nd_perf.c +index 433bbb68ae64..14881c4e03e6 100644 +--- a/drivers/nvdimm/nd_perf.c ++++ b/drivers/nvdimm/nd_perf.c +@@ -324,6 +324,7 @@ void unregister_nvdimm_pmu(struct nvdimm_pmu *nd_pmu) + { + perf_pmu_unregister(&nd_pmu->pmu); + nvdimm_pmu_free_hotplug_memory(nd_pmu); ++ kfree(nd_pmu->pmu.attr_groups); + kfree(nd_pmu); + } + EXPORT_SYMBOL_GPL(unregister_nvdimm_pmu); +-- +2.35.3 + diff --git a/patches.suse/nvdimm-namespace-drop-nested-variable-in-create_name-d342.patch b/patches.suse/nvdimm-namespace-drop-nested-variable-in-create_name-d342.patch new file mode 100644 index 0000000..9bbe3af --- /dev/null +++ b/patches.suse/nvdimm-namespace-drop-nested-variable-in-create_name-d342.patch @@ -0,0 +1,43 @@ +From d34213ebfea31229411583716a9ebe3610bf2d29 Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Tue, 7 Jun 2022 19:49:37 +0300 +Subject: [PATCH] nvdimm/namespace: drop nested variable in + create_namespace_pmem() +Git-commit: d34213ebfea31229411583716a9ebe3610bf2d29 +Patch-mainline: v6.0-rc7 +References: git-fixes + +Kernel build bot reported: + + namespace_devs.c:1991:10: warning: Local variable 'uuid' shadows outer variable [shadowVariable] + +Refactor create_namespace_pmem() by dropping a nested version of +the same variable. + +Fixes: d1c6e08e7503 ("libnvdimm/labels: Add uuid helpers") +Reported-by: kernel test robot +Signed-off-by: Andy Shevchenko +Link: https://lore.kernel.org/r/20220607164937.33967-1-andriy.shevchenko@linux.intel.com +Signed-off-by: Dan Williams +Signed-off-by: Coly Li + +--- + drivers/nvdimm/namespace_devs.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/drivers/nvdimm/namespace_devs.c b/drivers/nvdimm/namespace_devs.c +index bf4f5c09d9b1..bbe5099c836d 100644 +--- a/drivers/nvdimm/namespace_devs.c ++++ b/drivers/nvdimm/namespace_devs.c +@@ -1712,8 +1712,6 @@ static struct device *create_namespace_pmem(struct nd_region *nd_region, + res->flags = IORESOURCE_MEM; + + for (i = 0; i < nd_region->ndr_mappings; i++) { +- uuid_t uuid; +- + nsl_get_uuid(ndd, nd_label, &uuid); + if (has_uuid_at_pos(nd_region, &uuid, cookie, i)) + continue; +-- +2.35.3 + diff --git a/patches.suse/pci_iounmap-Fix-MMIO-mapping-leak.patch b/patches.suse/pci_iounmap-Fix-MMIO-mapping-leak.patch new file mode 100644 index 0000000..fc5dda6 --- /dev/null +++ b/patches.suse/pci_iounmap-Fix-MMIO-mapping-leak.patch @@ -0,0 +1,44 @@ +From 7626913652cc786c238e2dd7d8740b17d41b2637 Mon Sep 17 00:00:00 2001 +From: Philipp Stanner +Date: Wed, 31 Jan 2024 10:00:20 +0100 +Subject: [PATCH] pci_iounmap(): Fix MMIO mapping leak +Git-commit: 7626913652cc786c238e2dd7d8740b17d41b2637 +References: git-fixes +Patch-mainline: v6.9-rc1 + +The #ifdef ARCH_HAS_GENERIC_IOPORT_MAP accidentally also guards iounmap(), +which means MMIO mappings are leaked. + +Move the guard so we call iounmap() for MMIO mappings. + +Fixes: 316e8d79a095 ("pci_iounmap'2: Electric Boogaloo: try to make sense of it all") +Link: https://lore.kernel.org/r/20240131090023.12331-2-pstanner@redhat.com +Reported-by: Danilo Krummrich +Suggested-by: Arnd Bergmann +Signed-off-by: Philipp Stanner +Signed-off-by: Bjorn Helgaas +Reviewed-by: Arnd Bergmann +Cc: # v5.15+ +Signed-off-by: Oliver Neukum + +--- + lib/pci_iomap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/pci_iomap.c b/lib/pci_iomap.c +index ce39ce9f3526..2829ddb0e316 100644 +--- a/lib/pci_iomap.c ++++ b/lib/pci_iomap.c +@@ -170,8 +170,8 @@ void pci_iounmap(struct pci_dev *dev, void __iomem *p) + + if (addr >= start && addr < start + IO_SPACE_LIMIT) + return; +- iounmap(p); + #endif ++ iounmap(p); + } + EXPORT_SYMBOL(pci_iounmap); + +-- +2.44.0 + diff --git a/patches.suse/powerpc-pseries-Add-a-clear-modifier-to-ibm-pa-pi-fe.patch b/patches.suse/powerpc-pseries-Add-a-clear-modifier-to-ibm-pa-pi-fe.patch index 26e09fc..913118c 100644 --- a/patches.suse/powerpc-pseries-Add-a-clear-modifier-to-ibm-pa-pi-fe.patch +++ b/patches.suse/powerpc-pseries-Add-a-clear-modifier-to-ibm-pa-pi-fe.patch @@ -5,8 +5,7 @@ Subject: [PATCH] powerpc/pseries: Add a clear modifier to ibm,pa/pi-features parser References: bsc#1220348 -Patch-mainline: queued -Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git +Patch-mainline: v6.9-rc1 Git-commit: 8b338061065b1871fc9ec53bd772321c15363123 When a new ibm,pa/pi-features bit is introduced that is intended to diff --git a/patches.suse/powerpc-pseries-Set-CPU_FTR_DBELL-according-to-ibm-p.patch b/patches.suse/powerpc-pseries-Set-CPU_FTR_DBELL-according-to-ibm-p.patch index b312eb1..3435b10 100644 --- a/patches.suse/powerpc-pseries-Set-CPU_FTR_DBELL-according-to-ibm-p.patch +++ b/patches.suse/powerpc-pseries-Set-CPU_FTR_DBELL-according-to-ibm-p.patch @@ -5,8 +5,7 @@ Subject: [PATCH] powerpc/pseries: Set CPU_FTR_DBELL according to ibm,pi-features References: bsc#1220348 -Patch-mainline: queued -Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git +Patch-mainline: v6.9-rc1 Git-commit: 6e9de2054eb417d6e05561b19c825c29b424b475 PAPR will define a new ibm,pi-features bit which says that doorbells diff --git a/patches.suse/powerpc-pseries-iommu-IOMMU-table-is-not-initialized.patch b/patches.suse/powerpc-pseries-iommu-IOMMU-table-is-not-initialized.patch index 2056a85..4455f89 100644 --- a/patches.suse/powerpc-pseries-iommu-IOMMU-table-is-not-initialized.patch +++ b/patches.suse/powerpc-pseries-iommu-IOMMU-table-is-not-initialized.patch @@ -4,7 +4,7 @@ Date: Thu, 25 Jan 2024 14:30:17 -0600 Subject: [PATCH] powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV -References: bsc#1220492 ltc#205270 +References: bsc#1220492 ltc#205270 CVE-2024-26745 bsc#1222678 Patch-mainline: v6.8-rc7 Git-commit: 09a3c1e46142199adcee372a420b024b4fc61051 diff --git a/patches.suse/ring-buffer-Do-not-set-shortest_full-when-full-target-is-hit.patch b/patches.suse/ring-buffer-Do-not-set-shortest_full-when-full-target-is-hit.patch new file mode 100644 index 0000000..16d8dfe --- /dev/null +++ b/patches.suse/ring-buffer-Do-not-set-shortest_full-when-full-target-is-hit.patch @@ -0,0 +1,50 @@ +From: "Steven Rostedt (Google)" +Date: Tue, 12 Mar 2024 11:56:41 -0400 +Subject: ring-buffer: Do not set shortest_full when full target is hit +Git-commit: 761d9473e27f0c8782895013a3e7b52a37c8bcfc +Patch-mainline: v6.9-rc1 +References: git-fixes + +The rb_watermark_hit() checks if the amount of data in the ring buffer is +above the percentage level passed in by the "full" variable. If it is, it +returns true. + +But it also sets the "shortest_full" field of the cpu_buffer that informs +writers that it needs to call the irq_work if the amount of data on the +ring buffer is above the requested amount. + +The rb_watermark_hit() always sets the shortest_full even if the amount in +the ring buffer is what it wants. As it is not going to wait, because it +has what it wants, there's no reason to set shortest_full. + +Link: https://lore.kernel.org/linux-trace-kernel/20240312115641.6aa8ba08@gandalf.local.home + +Cc: stable@vger.kernel.org +Cc: Mathieu Desnoyers +Fixes: 42fb0a1e84ff5 ("tracing/ring-buffer: Have polling block on watermark") +Reviewed-by: Masami Hiramatsu (Google) +Signed-off-by: Steven Rostedt (Google) +Acked-by: Petr Pavlu +--- + kernel/trace/ring_buffer.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index aa332ace108b..6ffbccb9bcf0 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -834,9 +834,10 @@ static bool rb_watermark_hit(struct trace_buffer *buffer, int cpu, int full) + pagebusy = cpu_buffer->reader_page == cpu_buffer->commit_page; + ret = !pagebusy && full_hit(buffer, cpu, full); + +- if (!cpu_buffer->shortest_full || +- cpu_buffer->shortest_full > full) +- cpu_buffer->shortest_full = full; ++ if (!ret && (!cpu_buffer->shortest_full || ++ cpu_buffer->shortest_full > full)) { ++ cpu_buffer->shortest_full = full; ++ } + raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags); + } + return ret; + diff --git a/patches.suse/ring-buffer-Fix-full_waiters_pending-in-poll.patch b/patches.suse/ring-buffer-Fix-full_waiters_pending-in-poll.patch new file mode 100644 index 0000000..ceb9574 --- /dev/null +++ b/patches.suse/ring-buffer-Fix-full_waiters_pending-in-poll.patch @@ -0,0 +1,134 @@ +From: "Steven Rostedt (Google)" +Date: Tue, 12 Mar 2024 09:19:20 -0400 +Subject: ring-buffer: Fix full_waiters_pending in poll +Git-commit: 8145f1c35fa648da662078efab299c4467b85ad5 +Patch-mainline: v6.9-rc1 +References: git-fixes + +If a reader of the ring buffer is doing a poll, and waiting for the ring +buffer to hit a specific watermark, there could be a case where it gets +into an infinite ping-pong loop. + +The poll code has: + + rbwork->full_waiters_pending = true; + if (!cpu_buffer->shortest_full || + cpu_buffer->shortest_full > full) + cpu_buffer->shortest_full = full; + +The writer will see full_waiters_pending and check if the ring buffer is +filled over the percentage of the shortest_full value. If it is, it calls +an irq_work to wake up all the waiters. + +But the code could get into a circular loop: + + CPU 0 CPU 1 + ----- ----- + [ Poll ] + [ shortest_full = 0 ] + rbwork->full_waiters_pending = true; + if (rbwork->full_waiters_pending && + [ buffer percent ] > shortest_full) { + rbwork->wakeup_full = true; + [ queue_irqwork ] + + cpu_buffer->shortest_full = full; + + [ IRQ work ] + if (rbwork->wakeup_full) { + cpu_buffer->shortest_full = 0; + wakeup poll waiters; + [woken] + if ([ buffer percent ] > full) + break; + rbwork->full_waiters_pending = true; + if (rbwork->full_waiters_pending && + [ buffer percent ] > shortest_full) { + rbwork->wakeup_full = true; + [ queue_irqwork ] + + cpu_buffer->shortest_full = full; + + [ IRQ work ] + if (rbwork->wakeup_full) { + cpu_buffer->shortest_full = 0; + wakeup poll waiters; + [woken] + + [ Wash, rinse, repeat! ] + +In the poll, the shortest_full needs to be set before the +full_pending_waiters, as once that is set, the writer will compare the +current shortest_full (which is incorrect) to decide to call the irq_work, +which will reset the shortest_full (expecting the readers to update it). + +Also move the setting of full_waiters_pending after the check if the ring +buffer has the required percentage filled. There's no reason to tell the +writer to wake up waiters if there are no waiters. + +Link: https://lore.kernel.org/linux-trace-kernel/20240312131952.630922155@goodmis.org + +Cc: stable@vger.kernel.org +Cc: Mark Rutland +Cc: Mathieu Desnoyers +Cc: Andrew Morton +Fixes: 42fb0a1e84ff5 ("tracing/ring-buffer: Have polling block on watermark") +Reviewed-by: Masami Hiramatsu (Google) +Signed-off-by: Steven Rostedt (Google) +Acked-by: Petr Pavlu +--- + kernel/trace/ring_buffer.c | 27 ++++++++++++++++++++------- + 1 file changed, 20 insertions(+), 7 deletions(-) + +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index 6ffbccb9bcf0..99fdda29ce4e 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -965,16 +965,32 @@ __poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu, + poll_wait(filp, &rbwork->full_waiters, poll_table); + + raw_spin_lock_irqsave(&cpu_buffer->reader_lock, flags); +- rbwork->full_waiters_pending = true; + if (!cpu_buffer->shortest_full || + cpu_buffer->shortest_full > full) + cpu_buffer->shortest_full = full; + raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags); +- } else { +- poll_wait(filp, &rbwork->waiters, poll_table); +- rbwork->waiters_pending = true; ++ if (full_hit(buffer, cpu, full)) ++ return EPOLLIN | EPOLLRDNORM; ++ /* ++ * Only allow full_waiters_pending update to be seen after ++ * the shortest_full is set. If the writer sees the ++ * full_waiters_pending flag set, it will compare the ++ * amount in the ring buffer to shortest_full. If the amount ++ * in the ring buffer is greater than the shortest_full ++ * percent, it will call the irq_work handler to wake up ++ * this list. The irq_handler will reset shortest_full ++ * back to zero. That's done under the reader_lock, but ++ * the below smp_mb() makes sure that the update to ++ * full_waiters_pending doesn't leak up into the above. ++ */ ++ smp_mb(); ++ rbwork->full_waiters_pending = true; ++ return 0; + } + ++ poll_wait(filp, &rbwork->waiters, poll_table); ++ rbwork->waiters_pending = true; ++ + /* + * There's a tight race between setting the waiters_pending and + * checking if the ring buffer is empty. Once the waiters_pending bit +@@ -990,9 +1006,6 @@ __poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu, + */ + smp_mb(); + +- if (full) +- return full_hit(buffer, cpu, full) ? EPOLLIN | EPOLLRDNORM : 0; +- + if ((cpu == RING_BUFFER_ALL_CPUS && !ring_buffer_empty(buffer)) || + (cpu != RING_BUFFER_ALL_CPUS && !ring_buffer_empty_cpu(buffer, cpu))) + return EPOLLIN | EPOLLRDNORM; + diff --git a/patches.suse/ring-buffer-Fix-resetting-of-shortest_full.patch b/patches.suse/ring-buffer-Fix-resetting-of-shortest_full.patch new file mode 100644 index 0000000..29b73a4 --- /dev/null +++ b/patches.suse/ring-buffer-Fix-resetting-of-shortest_full.patch @@ -0,0 +1,112 @@ +From: "Steven Rostedt (Google)" +Date: Fri, 8 Mar 2024 15:24:04 -0500 +Subject: ring-buffer: Fix resetting of shortest_full +Git-commit: 68282dd930ea38b068ce2c109d12405f40df3f93 +Patch-mainline: v6.8 +References: git-fixes + +The "shortest_full" variable is used to keep track of the waiter that is +waiting for the smallest amount on the ring buffer before being woken up. +When a tasks waits on the ring buffer, it passes in a "full" value that is +a percentage. 0 means wake up on any data. 1-100 means wake up from 1% to +100% full buffer. + +As all waiters are on the same wait queue, the wake up happens for the +waiter with the smallest percentage. + +The problem is that the smallest_full on the cpu_buffer that stores the +smallest amount doesn't get reset when all the waiters are woken up. It +does get reset when the ring buffer is reset (echo > /sys/kernel/tracing/trace). + +This means that tasks may be woken up more often then when they want to +be. Instead, have the shortest_full field get reset just before waking up +all the tasks. If the tasks wait again, they will update the shortest_full +before sleeping. + +Also add locking around setting of shortest_full in the poll logic, and +change "work" to "rbwork" to match the variable name for rb_irq_work +structures that are used in other places. + +Link: https://lore.kernel.org/linux-trace-kernel/20240308202431.948914369@goodmis.org + +Cc: stable@vger.kernel.org +Cc: Masami Hiramatsu +Cc: Mark Rutland +Cc: Mathieu Desnoyers +Cc: Andrew Morton +Cc: Linus Torvalds +Cc: linke li +Cc: Rabin Vincent +Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader") +Signed-off-by: Steven Rostedt (Google) +Acked-by: Petr Pavlu +--- + kernel/trace/ring_buffer.c | 30 +++++++++++++++++++++++------- + 1 file changed, 23 insertions(+), 7 deletions(-) + +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index 3400f11286e3..aa332ace108b 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -755,8 +755,19 @@ static void rb_wake_up_waiters(struct irq_work *work) + + wake_up_all(&rbwork->waiters); + if (rbwork->full_waiters_pending || rbwork->wakeup_full) { ++ /* Only cpu_buffer sets the above flags */ ++ struct ring_buffer_per_cpu *cpu_buffer = ++ container_of(rbwork, struct ring_buffer_per_cpu, irq_work); ++ ++ /* Called from interrupt context */ ++ raw_spin_lock(&cpu_buffer->reader_lock); + rbwork->wakeup_full = false; + rbwork->full_waiters_pending = false; ++ ++ /* Waking up all waiters, they will reset the shortest full */ ++ cpu_buffer->shortest_full = 0; ++ raw_spin_unlock(&cpu_buffer->reader_lock); ++ + wake_up_all(&rbwork->full_waiters); + } + } +@@ -934,28 +945,33 @@ __poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu, + struct file *filp, poll_table *poll_table, int full) + { + struct ring_buffer_per_cpu *cpu_buffer; +- struct rb_irq_work *work; ++ struct rb_irq_work *rbwork; + + if (cpu == RING_BUFFER_ALL_CPUS) { +- work = &buffer->irq_work; ++ rbwork = &buffer->irq_work; + full = 0; + } else { + if (!cpumask_test_cpu(cpu, buffer->cpumask)) + return EPOLLERR; + + cpu_buffer = buffer->buffers[cpu]; +- work = &cpu_buffer->irq_work; ++ rbwork = &cpu_buffer->irq_work; + } + + if (full) { +- poll_wait(filp, &work->full_waiters, poll_table); +- work->full_waiters_pending = true; ++ unsigned long flags; ++ ++ poll_wait(filp, &rbwork->full_waiters, poll_table); ++ ++ raw_spin_lock_irqsave(&cpu_buffer->reader_lock, flags); ++ rbwork->full_waiters_pending = true; + if (!cpu_buffer->shortest_full || + cpu_buffer->shortest_full > full) + cpu_buffer->shortest_full = full; ++ raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags); + } else { +- poll_wait(filp, &work->waiters, poll_table); +- work->waiters_pending = true; ++ poll_wait(filp, &rbwork->waiters, poll_table); ++ rbwork->waiters_pending = true; + } + + /* + diff --git a/patches.suse/ring-buffer-Fix-waking-up-ring-buffer-readers.patch b/patches.suse/ring-buffer-Fix-waking-up-ring-buffer-readers.patch new file mode 100644 index 0000000..3505499 --- /dev/null +++ b/patches.suse/ring-buffer-Fix-waking-up-ring-buffer-readers.patch @@ -0,0 +1,248 @@ +From: "Steven Rostedt (Google)" +Date: Fri, 8 Mar 2024 15:24:03 -0500 +Subject: ring-buffer: Fix waking up ring buffer readers +Git-commit: b3594573681b53316ec0365332681a30463edfd6 +Patch-mainline: v6.8 +References: git-fixes + +A task can wait on a ring buffer for when it fills up to a specific +watermark. The writer will check the minimum watermark that waiters are +waiting for and if the ring buffer is past that, it will wake up all the +waiters. + +The waiters are in a wait loop, and will first check if a signal is +pending and then check if the ring buffer is at the desired level where it +should break out of the loop. + +If a file that uses a ring buffer closes, and there's threads waiting on +the ring buffer, it needs to wake up those threads. To do this, a +"wait_index" was used. + +Before entering the wait loop, the waiter will read the wait_index. On +wakeup, it will check if the wait_index is different than when it entered +the loop, and will exit the loop if it is. The waker will only need to +update the wait_index before waking up the waiters. + +This had a couple of bugs. One trivial one and one broken by design. + +The trivial bug was that the waiter checked the wait_index after the +schedule() call. It had to be checked between the prepare_to_wait() and +the schedule() which it was not. + +The main bug is that the first check to set the default wait_index will +always be outside the prepare_to_wait() and the schedule(). That's because +the ring_buffer_wait() doesn't have enough context to know if it should +break out of the loop. + +The loop itself is not needed, because all the callers to the +ring_buffer_wait() also has their own loop, as the callers have a better +sense of what the context is to decide whether to break out of the loop +or not. + +Just have the ring_buffer_wait() block once, and if it gets woken up, exit +the function and let the callers decide what to do next. + +Link: https://lore.kernel.org/all/CAHk-=whs5MdtNjzFkTyaUy=vHi=qwWgPi0JgTe6OYUYMNSRZfg@mail.gmail.com/ +Link: https://lore.kernel.org/linux-trace-kernel/20240308202431.792933613@goodmis.org + +Cc: stable@vger.kernel.org +Cc: Masami Hiramatsu +Cc: Mark Rutland +Cc: Mathieu Desnoyers +Cc: Andrew Morton +Cc: Linus Torvalds +Cc: linke li +Cc: Rabin Vincent +Fixes: e30f53aad2202 ("tracing: Do not busy wait in buffer splice") +Signed-off-by: Steven Rostedt (Google) +Acked-by: Petr Pavlu +--- + kernel/trace/ring_buffer.c | 139 ++++++++++++++++++++++----------------------- + 1 file changed, 68 insertions(+), 71 deletions(-) + +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index 0699027b4f4c..3400f11286e3 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -384,7 +384,6 @@ struct rb_irq_work { + struct irq_work work; + wait_queue_head_t waiters; + wait_queue_head_t full_waiters; +- long wait_index; + bool waiters_pending; + bool full_waiters_pending; + bool wakeup_full; +@@ -798,14 +797,40 @@ void ring_buffer_wake_waiters(struct trace_buffer *buffer, int cpu) + rbwork = &cpu_buffer->irq_work; + } + +- rbwork->wait_index++; +- /* make sure the waiters see the new index */ +- smp_wmb(); +- + /* This can be called in any context */ + irq_work_queue(&rbwork->work); + } + ++static bool rb_watermark_hit(struct trace_buffer *buffer, int cpu, int full) ++{ ++ struct ring_buffer_per_cpu *cpu_buffer; ++ bool ret = false; ++ ++ /* Reads of all CPUs always waits for any data */ ++ if (cpu == RING_BUFFER_ALL_CPUS) ++ return !ring_buffer_empty(buffer); ++ ++ cpu_buffer = buffer->buffers[cpu]; ++ ++ if (!ring_buffer_empty_cpu(buffer, cpu)) { ++ unsigned long flags; ++ bool pagebusy; ++ ++ if (!full) ++ return true; ++ ++ raw_spin_lock_irqsave(&cpu_buffer->reader_lock, flags); ++ pagebusy = cpu_buffer->reader_page == cpu_buffer->commit_page; ++ ret = !pagebusy && full_hit(buffer, cpu, full); ++ ++ if (!cpu_buffer->shortest_full || ++ cpu_buffer->shortest_full > full) ++ cpu_buffer->shortest_full = full; ++ raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags); ++ } ++ return ret; ++} ++ + /** + * ring_buffer_wait - wait for input to the ring buffer + * @buffer: buffer to wait on +@@ -821,7 +846,6 @@ int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full) + struct ring_buffer_per_cpu *cpu_buffer; + DEFINE_WAIT(wait); + struct rb_irq_work *work; +- long wait_index; + int ret = 0; + + /* +@@ -840,81 +864,54 @@ int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full) + work = &cpu_buffer->irq_work; + } + +- wait_index = READ_ONCE(work->wait_index); +- +- while (true) { +- if (full) +- prepare_to_wait(&work->full_waiters, &wait, TASK_INTERRUPTIBLE); +- else +- prepare_to_wait(&work->waiters, &wait, TASK_INTERRUPTIBLE); +- +- /* +- * The events can happen in critical sections where +- * checking a work queue can cause deadlocks. +- * After adding a task to the queue, this flag is set +- * only to notify events to try to wake up the queue +- * using irq_work. +- * +- * We don't clear it even if the buffer is no longer +- * empty. The flag only causes the next event to run +- * irq_work to do the work queue wake up. The worse +- * that can happen if we race with !trace_empty() is that +- * an event will cause an irq_work to try to wake up +- * an empty queue. +- * +- * There's no reason to protect this flag either, as +- * the work queue and irq_work logic will do the necessary +- * synchronization for the wake ups. The only thing +- * that is necessary is that the wake up happens after +- * a task has been queued. It's OK for spurious wake ups. +- */ +- if (full) +- work->full_waiters_pending = true; +- else +- work->waiters_pending = true; +- +- if (signal_pending(current)) { +- ret = -EINTR; +- break; +- } +- +- if (cpu == RING_BUFFER_ALL_CPUS && !ring_buffer_empty(buffer)) +- break; +- +- if (cpu != RING_BUFFER_ALL_CPUS && +- !ring_buffer_empty_cpu(buffer, cpu)) { +- unsigned long flags; +- bool pagebusy; +- bool done; +- +- if (!full) +- break; +- +- raw_spin_lock_irqsave(&cpu_buffer->reader_lock, flags); +- pagebusy = cpu_buffer->reader_page == cpu_buffer->commit_page; +- done = !pagebusy && full_hit(buffer, cpu, full); ++ if (full) ++ prepare_to_wait(&work->full_waiters, &wait, TASK_INTERRUPTIBLE); ++ else ++ prepare_to_wait(&work->waiters, &wait, TASK_INTERRUPTIBLE); + +- if (!cpu_buffer->shortest_full || +- cpu_buffer->shortest_full > full) +- cpu_buffer->shortest_full = full; +- raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags); +- if (done) +- break; +- } ++ /* ++ * The events can happen in critical sections where ++ * checking a work queue can cause deadlocks. ++ * After adding a task to the queue, this flag is set ++ * only to notify events to try to wake up the queue ++ * using irq_work. ++ * ++ * We don't clear it even if the buffer is no longer ++ * empty. The flag only causes the next event to run ++ * irq_work to do the work queue wake up. The worse ++ * that can happen if we race with !trace_empty() is that ++ * an event will cause an irq_work to try to wake up ++ * an empty queue. ++ * ++ * There's no reason to protect this flag either, as ++ * the work queue and irq_work logic will do the necessary ++ * synchronization for the wake ups. The only thing ++ * that is necessary is that the wake up happens after ++ * a task has been queued. It's OK for spurious wake ups. ++ */ ++ if (full) ++ work->full_waiters_pending = true; ++ else ++ work->waiters_pending = true; + +- schedule(); ++ if (rb_watermark_hit(buffer, cpu, full)) ++ goto out; + +- /* Make sure to see the new wait index */ +- smp_rmb(); +- if (wait_index != work->wait_index) +- break; ++ if (signal_pending(current)) { ++ ret = -EINTR; ++ goto out; + } + ++ schedule(); ++ out: + if (full) + finish_wait(&work->full_waiters, &wait); + else + finish_wait(&work->waiters, &wait); + ++ if (!ret && !rb_watermark_hit(buffer, cpu, full) && signal_pending(current)) ++ ret = -EINTR; ++ + return ret; + } + + diff --git a/patches.suse/ring-buffer-Make-wake-once-of-ring_buffer_wait-more-robust.patch b/patches.suse/ring-buffer-Make-wake-once-of-ring_buffer_wait-more-robust.patch new file mode 100644 index 0000000..f8c45d2 --- /dev/null +++ b/patches.suse/ring-buffer-Make-wake-once-of-ring_buffer_wait-more-robust.patch @@ -0,0 +1,129 @@ +From: "Steven Rostedt (Google)" +Date: Fri, 15 Mar 2024 06:31:15 -0400 +Subject: ring-buffer: Make wake once of ring_buffer_wait() more robust +Git-commit: b70f2938242a028f8e9473781ede175486a59dc8 +Patch-mainline: v6.9-rc1 +References: git-fixes + +The default behavior of ring_buffer_wait() when passed a NULL "cond" +parameter is to exit the function the first time it is woken up. The +current implementation uses a counter that starts at zero and when it is +greater than one it exits the wait_event_interruptible(). + +But this relies on the internal working of wait_event_interruptible() as +that code basically has: + + if (cond) + return; + prepare_to_wait(); + if (!cond) + schedule(); + finish_wait(); + +That is, cond is called twice before it sleeps. The default cond of +ring_buffer_wait() needs to account for that and wait for its counter to +increment twice before exiting. + +Instead, use the seq/atomic_inc logic that is used by the tracing code +that calls this function. Add an atomic_t seq to rb_irq_work and when cond +is NULL, have the default callback take a descriptor as its data that +holds the rbwork and the value of the seq when it started. + +The wakeups will now increment the rbwork->seq and the cond callback will +simply check if that number is different, and no longer have to rely on +the implementation of wait_event_interruptible(). + +Link: https://lore.kernel.org/linux-trace-kernel/20240315063115.6cb5d205@gandalf.local.home + +Cc: Masami Hiramatsu +Cc: Mathieu Desnoyers +Fixes: 7af9ded0c2ca ("ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()") +Signed-off-by: Steven Rostedt (Google) +Acked-by: Petr Pavlu +--- + kernel/trace/ring_buffer.c | 34 +++++++++++++++++++++------------- + 1 file changed, 21 insertions(+), 13 deletions(-) + +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index 788d321036bd..25476ead681b 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -384,6 +384,7 @@ struct rb_irq_work { + struct irq_work work; + wait_queue_head_t waiters; + wait_queue_head_t full_waiters; ++ atomic_t seq; + bool waiters_pending; + bool full_waiters_pending; + bool wakeup_full; +@@ -753,6 +754,9 @@ static void rb_wake_up_waiters(struct irq_work *work) + { + struct rb_irq_work *rbwork = container_of(work, struct rb_irq_work, work); + ++ /* For waiters waiting for the first wake up */ ++ (void)atomic_fetch_inc_release(&rbwork->seq); ++ + wake_up_all(&rbwork->waiters); + if (rbwork->full_waiters_pending || rbwork->wakeup_full) { + /* Only cpu_buffer sets the above flags */ +@@ -881,20 +885,21 @@ rb_wait_cond(struct rb_irq_work *rbwork, struct trace_buffer *buffer, + return false; + } + ++struct rb_wait_data { ++ struct rb_irq_work *irq_work; ++ int seq; ++}; ++ + /* + * The default wait condition for ring_buffer_wait() is to just to exit the + * wait loop the first time it is woken up. + */ + static bool rb_wait_once(void *data) + { +- long *once = data; ++ struct rb_wait_data *rdata = data; ++ struct rb_irq_work *rbwork = rdata->irq_work; + +- /* wait_event() actually calls this twice before scheduling*/ +- if (*once > 1) +- return true; +- +- (*once)++; +- return false; ++ return atomic_read_acquire(&rbwork->seq) != rdata->seq; + } + + /** +@@ -915,14 +920,9 @@ int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full, + struct ring_buffer_per_cpu *cpu_buffer; + struct wait_queue_head *waitq; + struct rb_irq_work *rbwork; +- long once = 0; ++ struct rb_wait_data rdata; + int ret = 0; + +- if (!cond) { +- cond = rb_wait_once; +- data = &once; +- } +- + /* + * Depending on what the caller is waiting for, either any + * data in any cpu buffer, or a specific buffer, put the +@@ -944,6 +944,14 @@ int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full, + else + waitq = &rbwork->waiters; + ++ /* Set up to exit loop as soon as it is woken */ ++ if (!cond) { ++ cond = rb_wait_once; ++ rdata.irq_work = rbwork; ++ rdata.seq = atomic_read_acquire(&rbwork->seq); ++ data = &rdata; ++ } ++ + ret = wait_event_interruptible((*waitq), + rb_wait_cond(rbwork, buffer, cpu, full, cond, data)); + + diff --git a/patches.suse/ring-buffer-Use-wait_event_interruptible-in-ring_buffer_wait.patch b/patches.suse/ring-buffer-Use-wait_event_interruptible-in-ring_buffer_wait.patch new file mode 100644 index 0000000..dfd345e --- /dev/null +++ b/patches.suse/ring-buffer-Use-wait_event_interruptible-in-ring_buffer_wait.patch @@ -0,0 +1,199 @@ +From: "Steven Rostedt (Google)" +Date: Tue, 12 Mar 2024 08:15:07 -0400 +Subject: ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() +Git-commit: 7af9ded0c2caac0a95f33df5cb04706b0f502588 +Patch-mainline: v6.9-rc1 +References: git-fixes + +Convert ring_buffer_wait() over to wait_event_interruptible(). The default +condition is to execute the wait loop inside __wait_event() just once. + +This does not change the ring_buffer_wait() prototype yet, but +restructures the code so that it can take a "cond" and "data" parameter +and will call wait_event_interruptible() with a helper function as the +condition. + +The helper function (rb_wait_cond) takes the cond function and data +parameters. It will first check if the buffer hit the watermark defined by +the "full" parameter and then call the passed in condition parameter. If +either are true, it returns true. + +If rb_wait_cond() does not return true, it will set the appropriate +"waiters_pending" flag and returns false. + +Link: https://lore.kernel.org/linux-trace-kernel/CAHk-=wgsNgewHFxZAJiAQznwPMqEtQmi1waeS2O1v6L4c_Um5A@mail.gmail.com/ +Link: https://lore.kernel.org/linux-trace-kernel/20240312121703.399598519@goodmis.org + +Cc: stable@vger.kernel.org +Cc: Masami Hiramatsu +Cc: Mark Rutland +Cc: Mathieu Desnoyers +Cc: Andrew Morton +Cc: Linus Torvalds +Cc: linke li +Cc: Rabin Vincent +Fixes: f3ddb74ad0790 ("tracing: Wake up ring buffer waiters on closing of the file") +Signed-off-by: Steven Rostedt (Google) +Acked-by: Petr Pavlu +--- + include/linux/ring_buffer.h | 1 + + kernel/trace/ring_buffer.c | 116 ++++++++++++++++++++++++++------------------ + 2 files changed, 69 insertions(+), 48 deletions(-) + +diff --git a/include/linux/ring_buffer.h b/include/linux/ring_buffer.h +index fa802db216f9..338a33db1577 100644 +--- a/include/linux/ring_buffer.h ++++ b/include/linux/ring_buffer.h +@@ -98,6 +98,7 @@ __ring_buffer_alloc(unsigned long size, unsigned flags, struct lock_class_key *k + __ring_buffer_alloc((size), (flags), &__key); \ + }) + ++typedef bool (*ring_buffer_cond_fn)(void *data); + int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full); + __poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu, + struct file *filp, poll_table *poll_table, int full); +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index 8c3730a88662..f4c34b7c7e1e 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -843,43 +843,15 @@ static bool rb_watermark_hit(struct trace_buffer *buffer, int cpu, int full) + return ret; + } + +-/** +- * ring_buffer_wait - wait for input to the ring buffer +- * @buffer: buffer to wait on +- * @cpu: the cpu buffer to wait on +- * @full: wait until the percentage of pages are available, if @cpu != RING_BUFFER_ALL_CPUS +- * +- * If @cpu == RING_BUFFER_ALL_CPUS then the task will wake up as soon +- * as data is added to any of the @buffer's cpu buffers. Otherwise +- * it will wait for data to be added to a specific cpu buffer. +- */ +-int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full) ++static inline bool ++rb_wait_cond(struct rb_irq_work *rbwork, struct trace_buffer *buffer, ++ int cpu, int full, ring_buffer_cond_fn cond, void *data) + { +- struct ring_buffer_per_cpu *cpu_buffer; +- DEFINE_WAIT(wait); +- struct rb_irq_work *work; +- int ret = 0; +- +- /* +- * Depending on what the caller is waiting for, either any +- * data in any cpu buffer, or a specific buffer, put the +- * caller on the appropriate wait queue. +- */ +- if (cpu == RING_BUFFER_ALL_CPUS) { +- work = &buffer->irq_work; +- /* Full only makes sense on per cpu reads */ +- full = 0; +- } else { +- if (!cpumask_test_cpu(cpu, buffer->cpumask)) +- return -ENODEV; +- cpu_buffer = buffer->buffers[cpu]; +- work = &cpu_buffer->irq_work; +- } ++ if (rb_watermark_hit(buffer, cpu, full)) ++ return true; + +- if (full) +- prepare_to_wait(&work->full_waiters, &wait, TASK_INTERRUPTIBLE); +- else +- prepare_to_wait(&work->waiters, &wait, TASK_INTERRUPTIBLE); ++ if (cond(data)) ++ return true; + + /* + * The events can happen in critical sections where +@@ -902,27 +874,75 @@ int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full) + * a task has been queued. It's OK for spurious wake ups. + */ + if (full) +- work->full_waiters_pending = true; ++ rbwork->full_waiters_pending = true; + else +- work->waiters_pending = true; ++ rbwork->waiters_pending = true; + +- if (rb_watermark_hit(buffer, cpu, full)) +- goto out; ++ return false; ++} + +- if (signal_pending(current)) { +- ret = -EINTR; +- goto out; ++/* ++ * The default wait condition for ring_buffer_wait() is to just to exit the ++ * wait loop the first time it is woken up. ++ */ ++static bool rb_wait_once(void *data) ++{ ++ long *once = data; ++ ++ /* wait_event() actually calls this twice before scheduling*/ ++ if (*once > 1) ++ return true; ++ ++ (*once)++; ++ return false; ++} ++ ++/** ++ * ring_buffer_wait - wait for input to the ring buffer ++ * @buffer: buffer to wait on ++ * @cpu: the cpu buffer to wait on ++ * @full: wait until the percentage of pages are available, if @cpu != RING_BUFFER_ALL_CPUS ++ * ++ * If @cpu == RING_BUFFER_ALL_CPUS then the task will wake up as soon ++ * as data is added to any of the @buffer's cpu buffers. Otherwise ++ * it will wait for data to be added to a specific cpu buffer. ++ */ ++int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full) ++{ ++ struct ring_buffer_per_cpu *cpu_buffer; ++ struct wait_queue_head *waitq; ++ ring_buffer_cond_fn cond; ++ struct rb_irq_work *rbwork; ++ void *data; ++ long once = 0; ++ int ret = 0; ++ ++ cond = rb_wait_once; ++ data = &once; ++ ++ /* ++ * Depending on what the caller is waiting for, either any ++ * data in any cpu buffer, or a specific buffer, put the ++ * caller on the appropriate wait queue. ++ */ ++ if (cpu == RING_BUFFER_ALL_CPUS) { ++ rbwork = &buffer->irq_work; ++ /* Full only makes sense on per cpu reads */ ++ full = 0; ++ } else { ++ if (!cpumask_test_cpu(cpu, buffer->cpumask)) ++ return -ENODEV; ++ cpu_buffer = buffer->buffers[cpu]; ++ rbwork = &cpu_buffer->irq_work; + } + +- schedule(); +- out: + if (full) +- finish_wait(&work->full_waiters, &wait); ++ waitq = &rbwork->full_waiters; + else +- finish_wait(&work->waiters, &wait); ++ waitq = &rbwork->waiters; + +- if (!ret && !rb_watermark_hit(buffer, cpu, full) && signal_pending(current)) +- ret = -EINTR; ++ ret = wait_event_interruptible((*waitq), ++ rb_wait_cond(rbwork, buffer, cpu, full, cond, data)); + + return ret; + } + diff --git a/patches.suse/scsi-lpfc-Add-condition-to-delete-ndlp-object-after-.patch b/patches.suse/scsi-lpfc-Add-condition-to-delete-ndlp-object-after-.patch index 578d62e..b653586 100644 --- a/patches.suse/scsi-lpfc-Add-condition-to-delete-ndlp-object-after-.patch +++ b/patches.suse/scsi-lpfc-Add-condition-to-delete-ndlp-object-after-.patch @@ -2,8 +2,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:51:03 -0800 Subject: scsi: lpfc: Add condition to delete ndlp object after sending BLS_RJT to an ABTS -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: 900db34ad26554d83ae033065a047358994bfe88 References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Allow-lpfc_plogi_confirm_nport-logic-to-ex.patch b/patches.suse/scsi-lpfc-Allow-lpfc_plogi_confirm_nport-logic-to-ex.patch index 28eb8b6..b9c5904 100644 --- a/patches.suse/scsi-lpfc-Allow-lpfc_plogi_confirm_nport-logic-to-ex.patch +++ b/patches.suse/scsi-lpfc-Allow-lpfc_plogi_confirm_nport-logic-to-ex.patch @@ -2,8 +2,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:51:00 -0800 Subject: scsi: lpfc: Allow lpfc_plogi_confirm_nport() logic to execute for Fabric nodes -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: e1b3acad0d7bb3b7134eebe6a35b2dbc72c52b32 References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Change-lpfc_vport-fc_flag-member-into-a-bi.patch b/patches.suse/scsi-lpfc-Change-lpfc_vport-fc_flag-member-into-a-bi.patch index 2dbd3e5..3ca84e4 100644 --- a/patches.suse/scsi-lpfc-Change-lpfc_vport-fc_flag-member-into-a-bi.patch +++ b/patches.suse/scsi-lpfc-Change-lpfc_vport-fc_flag-member-into-a-bi.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:51:09 -0800 Subject: scsi: lpfc: Change lpfc_vport fc_flag member into a bitmask -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: a645b8c1f5bcfc5d6ce8cb8eb2015bcbc4b37909 References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Change-lpfc_vport-load_flag-member-into-a-.patch b/patches.suse/scsi-lpfc-Change-lpfc_vport-load_flag-member-into-a-.patch index 5f907e4..029ac2e 100644 --- a/patches.suse/scsi-lpfc-Change-lpfc_vport-load_flag-member-into-a-.patch +++ b/patches.suse/scsi-lpfc-Change-lpfc_vport-load_flag-member-into-a-.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:51:10 -0800 Subject: scsi: lpfc: Change lpfc_vport load_flag member into a bitmask -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: e39811bec6b17dd36794381d839abffab61abfcf References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Change-nlp-state-statistic-counters-into-a.patch b/patches.suse/scsi-lpfc-Change-nlp-state-statistic-counters-into-a.patch index befb1be..c6b0cea 100644 --- a/patches.suse/scsi-lpfc-Change-nlp-state-statistic-counters-into-a.patch +++ b/patches.suse/scsi-lpfc-Change-nlp-state-statistic-counters-into-a.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:51:07 -0800 Subject: scsi: lpfc: Change nlp state statistic counters into atomic_t -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: 0dfd9cbc187c4bb7e35decacae9a131027ea50a3 References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Copyright-updates-for-14.4.0.0-patches.patch b/patches.suse/scsi-lpfc-Copyright-updates-for-14.4.0.0-patches.patch index 158cc7a..ec8638b 100644 --- a/patches.suse/scsi-lpfc-Copyright-updates-for-14.4.0.0-patches.patch +++ b/patches.suse/scsi-lpfc-Copyright-updates-for-14.4.0.0-patches.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:51:12 -0800 Subject: scsi: lpfc: Copyright updates for 14.4.0.0 patches -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: ea4044e4dd0d0cea5cc476c7d4857425e793b7e1 References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Copyright-updates-for-14.4.0.1-patches.patch b/patches.suse/scsi-lpfc-Copyright-updates-for-14.4.0.1-patches.patch index 5abcf1c..c1a05cf 100644 --- a/patches.suse/scsi-lpfc-Copyright-updates-for-14.4.0.1-patches.patch +++ b/patches.suse/scsi-lpfc-Copyright-updates-for-14.4.0.1-patches.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Tue, 5 Mar 2024 12:05:03 -0800 Subject: scsi: lpfc: Copyright updates for 14.4.0.1 patches -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 0fa215e5326b49fc7870e2f576bc4316017a23dd References: bsc#1221777 diff --git a/patches.suse/scsi-lpfc-Correct-size-for-cmdwqe-rspwqe-for-memset.patch b/patches.suse/scsi-lpfc-Correct-size-for-cmdwqe-rspwqe-for-memset.patch index 5202ac0..fe5a39d 100644 --- a/patches.suse/scsi-lpfc-Correct-size-for-cmdwqe-rspwqe-for-memset.patch +++ b/patches.suse/scsi-lpfc-Correct-size-for-cmdwqe-rspwqe-for-memset.patch @@ -1,8 +1,7 @@ From: Muhammad Usama Anjum Date: Mon, 4 Mar 2024 14:11:19 +0500 Subject: scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 16cc2ba71b9f6440805aef7f92ba0f031f79b765 References: bsc#1221777 diff --git a/patches.suse/scsi-lpfc-Correct-size-for-wqe-for-memset.patch b/patches.suse/scsi-lpfc-Correct-size-for-wqe-for-memset.patch index 594c4b6..e4c80da 100644 --- a/patches.suse/scsi-lpfc-Correct-size-for-wqe-for-memset.patch +++ b/patches.suse/scsi-lpfc-Correct-size-for-wqe-for-memset.patch @@ -1,8 +1,7 @@ From: Muhammad Usama Anjum Date: Mon, 4 Mar 2024 14:06:48 +0500 Subject: scsi: lpfc: Correct size for wqe for memset() -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 28d41991182c210ec1654f8af2e140ef4cc73f20 References: bsc#1221777 diff --git a/patches.suse/scsi-lpfc-Define-lpfc_dmabuf-type-for-ctx_buf-ptr.patch b/patches.suse/scsi-lpfc-Define-lpfc_dmabuf-type-for-ctx_buf-ptr.patch index d24e00f..83b1559 100644 --- a/patches.suse/scsi-lpfc-Define-lpfc_dmabuf-type-for-ctx_buf-ptr.patch +++ b/patches.suse/scsi-lpfc-Define-lpfc_dmabuf-type-for-ctx_buf-ptr.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Tue, 5 Mar 2024 12:05:00 -0800 Subject: scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 115d137aa918d879e3cca9605bbf59e0482aa734 References: bsc#1221777 diff --git a/patches.suse/scsi-lpfc-Define-lpfc_nodelist-type-for-ctx_ndlp-ptr.patch b/patches.suse/scsi-lpfc-Define-lpfc_nodelist-type-for-ctx_ndlp-ptr.patch index 211f92a..05052ed 100644 --- a/patches.suse/scsi-lpfc-Define-lpfc_nodelist-type-for-ctx_ndlp-ptr.patch +++ b/patches.suse/scsi-lpfc-Define-lpfc_nodelist-type-for-ctx_ndlp-ptr.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Tue, 5 Mar 2024 12:04:59 -0800 Subject: scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 18f7fe44bc79e67eccd4c118f10aa16647d446f8 References: bsc#1221777 diff --git a/patches.suse/scsi-lpfc-Define-types-in-a-union-for-generic-void-c.patch b/patches.suse/scsi-lpfc-Define-types-in-a-union-for-generic-void-c.patch index 3388130..ef5fe30 100644 --- a/patches.suse/scsi-lpfc-Define-types-in-a-union-for-generic-void-c.patch +++ b/patches.suse/scsi-lpfc-Define-types-in-a-union-for-generic-void-c.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Tue, 5 Mar 2024 12:05:01 -0800 Subject: scsi: lpfc: Define types in a union for generic void *context3 ptr -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 85d77f917a3b86872d3d52d5cea945a661858d20 References: bsc#1221777 diff --git a/patches.suse/scsi-lpfc-Fix-failure-to-delete-vports-when-discover.patch b/patches.suse/scsi-lpfc-Fix-failure-to-delete-vports-when-discover.patch index 57c1d0a..8c0ebff 100644 --- a/patches.suse/scsi-lpfc-Fix-failure-to-delete-vports-when-discover.patch +++ b/patches.suse/scsi-lpfc-Fix-failure-to-delete-vports-when-discover.patch @@ -2,8 +2,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:51:02 -0800 Subject: scsi: lpfc: Fix failure to delete vports when discovery is in progress -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: 7bb6cb7bb21c01cda4425efc935eb8f187832eb6 References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Fix-possible-memory-leak-in-lpfc_rcv_padis.patch b/patches.suse/scsi-lpfc-Fix-possible-memory-leak-in-lpfc_rcv_padis.patch index 8f9db77..3c7bd0d 100644 --- a/patches.suse/scsi-lpfc-Fix-possible-memory-leak-in-lpfc_rcv_padis.patch +++ b/patches.suse/scsi-lpfc-Fix-possible-memory-leak-in-lpfc_rcv_padis.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:50:57 -0800 Subject: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: 2ae917d4bcab80ab304b774d492e2fcd6c52c06b References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Initialize-status-local-variable-in-lpfc_s.patch b/patches.suse/scsi-lpfc-Initialize-status-local-variable-in-lpfc_s.patch index 4ce5906..f4cb699 100644 --- a/patches.suse/scsi-lpfc-Initialize-status-local-variable-in-lpfc_s.patch +++ b/patches.suse/scsi-lpfc-Initialize-status-local-variable-in-lpfc_s.patch @@ -2,8 +2,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:50:56 -0800 Subject: scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: 3d0f9342ae200aa1ddc4d6e7a573c6f8f068d994 References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch b/patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch index 7135ed2..36f8d48 100644 --- a/patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch +++ b/patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch @@ -2,8 +2,7 @@ From: Justin Tee Date: Tue, 5 Mar 2024 12:04:53 -0800 Subject: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 4ddf01f2f1504fa08b766e8cfeec558e9f8eef6c References: bsc#1221777 diff --git a/patches.suse/scsi-lpfc-Move-handling-of-reset-congestion-statisti.patch b/patches.suse/scsi-lpfc-Move-handling-of-reset-congestion-statisti.patch index 0b44d3c..623af61 100644 --- a/patches.suse/scsi-lpfc-Move-handling-of-reset-congestion-statisti.patch +++ b/patches.suse/scsi-lpfc-Move-handling-of-reset-congestion-statisti.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:51:05 -0800 Subject: scsi: lpfc: Move handling of reset congestion statistics events -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: 140bd888ed0dc192e858c68411ede16fff0fe5fb References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Protect-vport-fc_nodes-list-with-an-explic.patch b/patches.suse/scsi-lpfc-Protect-vport-fc_nodes-list-with-an-explic.patch index 72934ad..ebd072b 100644 --- a/patches.suse/scsi-lpfc-Protect-vport-fc_nodes-list-with-an-explic.patch +++ b/patches.suse/scsi-lpfc-Protect-vport-fc_nodes-list-with-an-explic.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:51:08 -0800 Subject: scsi: lpfc: Protect vport fc_nodes list with an explicit spin lock -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: 9bb36777d0a2a22f11264c36f91a2682bfedb9d4 References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch b/patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch index def4af4..b350da5 100644 --- a/patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch +++ b/patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Tue, 5 Mar 2024 12:04:57 -0800 Subject: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: ded20192dff31c91cef2a04f7e20e60e9bb887d3 References: bsc#1221777 diff --git a/patches.suse/scsi-lpfc-Remove-D_ID-swap-log-message-from-trace-ev.patch b/patches.suse/scsi-lpfc-Remove-D_ID-swap-log-message-from-trace-ev.patch index 35f9766..9f4b59a 100644 --- a/patches.suse/scsi-lpfc-Remove-D_ID-swap-log-message-from-trace-ev.patch +++ b/patches.suse/scsi-lpfc-Remove-D_ID-swap-log-message-from-trace-ev.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:50:59 -0800 Subject: scsi: lpfc: Remove D_ID swap log message from trace event logger -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: b76beac1a4f57f0f049476d4271710b3c0d05f91 References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Remove-IRQF_ONESHOT-flag-from-threaded-IRQ.patch b/patches.suse/scsi-lpfc-Remove-IRQF_ONESHOT-flag-from-threaded-IRQ.patch index 105b394..427ff93 100644 --- a/patches.suse/scsi-lpfc-Remove-IRQF_ONESHOT-flag-from-threaded-IRQ.patch +++ b/patches.suse/scsi-lpfc-Remove-IRQF_ONESHOT-flag-from-threaded-IRQ.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Tue, 5 Mar 2024 12:04:54 -0800 Subject: scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 4623713e7ade46bfc63a3eade836f566ccbcd771 References: bsc#1221777 bsc#1217959 diff --git a/patches.suse/scsi-lpfc-Remove-NLP_RCV_PLOGI-early-return-during-R.patch b/patches.suse/scsi-lpfc-Remove-NLP_RCV_PLOGI-early-return-during-R.patch index a5522c3..266acc1 100644 --- a/patches.suse/scsi-lpfc-Remove-NLP_RCV_PLOGI-early-return-during-R.patch +++ b/patches.suse/scsi-lpfc-Remove-NLP_RCV_PLOGI-early-return-during-R.patch @@ -2,8 +2,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:51:01 -0800 Subject: scsi: lpfc: Remove NLP_RCV_PLOGI early return during RSCN processing for ndlps -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: a801d57a110d68aacf8f8b9bb85ef2164c800461 References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Remove-shost_lock-protection-for-fc_host_p.patch b/patches.suse/scsi-lpfc-Remove-shost_lock-protection-for-fc_host_p.patch index 88eeaf3..5b97ce6 100644 --- a/patches.suse/scsi-lpfc-Remove-shost_lock-protection-for-fc_host_p.patch +++ b/patches.suse/scsi-lpfc-Remove-shost_lock-protection-for-fc_host_p.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:51:06 -0800 Subject: scsi: lpfc: Remove shost_lock protection for fc_host_port shost APIs -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: 4be4ad6cd2371ffca86e4446feae3d8373e4b02a References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Remove-unnecessary-log-message-in-queuecom.patch b/patches.suse/scsi-lpfc-Remove-unnecessary-log-message-in-queuecom.patch index a5336c3..0103661 100644 --- a/patches.suse/scsi-lpfc-Remove-unnecessary-log-message-in-queuecom.patch +++ b/patches.suse/scsi-lpfc-Remove-unnecessary-log-message-in-queuecom.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Tue, 5 Mar 2024 12:04:52 -0800 Subject: scsi: lpfc: Remove unnecessary log message in queuecommand path -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 91ddb6d0c3159bcc505bfa564d0573ae500cc2c7 References: bsc#1221777 diff --git a/patches.suse/scsi-lpfc-Replace-deprecated-strncpy-with-strscpy.patch b/patches.suse/scsi-lpfc-Replace-deprecated-strncpy-with-strscpy.patch index 937987e..4ce416a 100644 --- a/patches.suse/scsi-lpfc-Replace-deprecated-strncpy-with-strscpy.patch +++ b/patches.suse/scsi-lpfc-Replace-deprecated-strncpy-with-strscpy.patch @@ -1,8 +1,7 @@ From: Justin Stitt Date: Mon, 26 Feb 2024 23:53:44 +0000 Subject: scsi: lpfc: Replace deprecated strncpy() with strscpy() -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: e100c01efa85c8a0ee7527bf28ef7ea7c3ca57e1 References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Replace-hbalock-with-ndlp-lock-in-lpfc_nvm.patch b/patches.suse/scsi-lpfc-Replace-hbalock-with-ndlp-lock-in-lpfc_nvm.patch index 18b2988..19cbd5e 100644 --- a/patches.suse/scsi-lpfc-Replace-hbalock-with-ndlp-lock-in-lpfc_nvm.patch +++ b/patches.suse/scsi-lpfc-Replace-hbalock-with-ndlp-lock-in-lpfc_nvm.patch @@ -2,8 +2,7 @@ From: Justin Tee Date: Tue, 5 Mar 2024 12:04:56 -0800 Subject: scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: d11272be497e48a8e8f980470eb6b70e92eed0ce References: bsc#1221777 diff --git a/patches.suse/scsi-lpfc-Save-FPIN-frequency-statistics-upon-receip.patch b/patches.suse/scsi-lpfc-Save-FPIN-frequency-statistics-upon-receip.patch index 94ff3f8..ce68fcb 100644 --- a/patches.suse/scsi-lpfc-Save-FPIN-frequency-statistics-upon-receip.patch +++ b/patches.suse/scsi-lpfc-Save-FPIN-frequency-statistics-upon-receip.patch @@ -2,8 +2,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:51:04 -0800 Subject: scsi: lpfc: Save FPIN frequency statistics upon receipt of peer cgn notifications -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: 6ca396c5e3c4fb3d2df176145d4800e47cd0d18b References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.0.patch b/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.0.patch index f55ac66..3c38bd7 100644 --- a/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.0.patch +++ b/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.0.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:51:11 -0800 Subject: scsi: lpfc: Update lpfc version to 14.4.0.0 -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: 5b22878daf484a69c299a42f04e7d209d475e9fc References: bsc#1220021 diff --git a/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.1.patch b/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.1.patch index 6210aa5..d2f62f6 100644 --- a/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.1.patch +++ b/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.1.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Tue, 5 Mar 2024 12:05:02 -0800 Subject: scsi: lpfc: Update lpfc version to 14.4.0.1 -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 01b6b70d98f2e0c9c7b8b5d962b5e22f74f60056 References: bsc#1221777 diff --git a/patches.suse/scsi-lpfc-Update-lpfc_ramp_down_queue_handler-logic.patch b/patches.suse/scsi-lpfc-Update-lpfc_ramp_down_queue_handler-logic.patch index ab8a738..f2ee4f7 100644 --- a/patches.suse/scsi-lpfc-Update-lpfc_ramp_down_queue_handler-logic.patch +++ b/patches.suse/scsi-lpfc-Update-lpfc_ramp_down_queue_handler-logic.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Tue, 5 Mar 2024 12:04:55 -0800 Subject: scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: bb011631435c705cdeddca68d5c85fd40a4320f9 References: bsc#1221777 diff --git a/patches.suse/scsi-lpfc-Use-a-dedicated-lock-for-ras_fwlog-state.patch b/patches.suse/scsi-lpfc-Use-a-dedicated-lock-for-ras_fwlog-state.patch index 66dfd83..05172f6 100644 --- a/patches.suse/scsi-lpfc-Use-a-dedicated-lock-for-ras_fwlog-state.patch +++ b/patches.suse/scsi-lpfc-Use-a-dedicated-lock-for-ras_fwlog-state.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Tue, 5 Mar 2024 12:04:58 -0800 Subject: scsi: lpfc: Use a dedicated lock for ras_fwlog state -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: f733a76ea0a9a84aee4ac41b81fad4d610ecbd8e References: bsc#1221777 diff --git a/patches.suse/scsi-lpfc-Use-sg_dma_len-API-to-get-struct-scatterli.patch b/patches.suse/scsi-lpfc-Use-sg_dma_len-API-to-get-struct-scatterli.patch index 3772053..faddf56 100644 --- a/patches.suse/scsi-lpfc-Use-sg_dma_len-API-to-get-struct-scatterli.patch +++ b/patches.suse/scsi-lpfc-Use-sg_dma_len-API-to-get-struct-scatterli.patch @@ -1,8 +1,7 @@ From: Justin Tee Date: Wed, 31 Jan 2024 10:50:58 -0800 Subject: scsi: lpfc: Use sg_dma_len() API to get struct scatterlist's length -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v6.9-rc1 Git-commit: aa7674bd8da57932766b7aaf73cc7837f74d7852 References: bsc#1220021 diff --git a/patches.suse/scsi-qla2xxx-Change-debug-message-during-driver-unlo.patch b/patches.suse/scsi-qla2xxx-Change-debug-message-during-driver-unlo.patch index 7e5ccd1..c4f14c6 100644 --- a/patches.suse/scsi-qla2xxx-Change-debug-message-during-driver-unlo.patch +++ b/patches.suse/scsi-qla2xxx-Change-debug-message-during-driver-unlo.patch @@ -1,8 +1,7 @@ From: Saurav Kashyap Date: Tue, 27 Feb 2024 22:11:25 +0530 Subject: scsi: qla2xxx: Change debug message during driver unload -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: b5a30840727a3e41d12a336d19f6c0716b299161 References: bsc1221816 diff --git a/patches.suse/scsi-qla2xxx-Delay-I-O-Abort-on-PCI-error.patch b/patches.suse/scsi-qla2xxx-Delay-I-O-Abort-on-PCI-error.patch index 9f92306..2908e06 100644 --- a/patches.suse/scsi-qla2xxx-Delay-I-O-Abort-on-PCI-error.patch +++ b/patches.suse/scsi-qla2xxx-Delay-I-O-Abort-on-PCI-error.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Tue, 27 Feb 2024 22:11:26 +0530 Subject: scsi: qla2xxx: Delay I/O Abort on PCI error -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 591c1fdf2016d118b8fbde427b796fac13f3f070 References: bsc1221816 diff --git a/patches.suse/scsi-qla2xxx-Fix-N2N-stuck-connection.patch b/patches.suse/scsi-qla2xxx-Fix-N2N-stuck-connection.patch index 73548c2..174e208 100644 --- a/patches.suse/scsi-qla2xxx-Fix-N2N-stuck-connection.patch +++ b/patches.suse/scsi-qla2xxx-Fix-N2N-stuck-connection.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Tue, 27 Feb 2024 22:11:18 +0530 Subject: scsi: qla2xxx: Fix N2N stuck connection -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 881eb861ca3877300570db10abbf11494e48548d References: bsc1221816 diff --git a/patches.suse/scsi-qla2xxx-Fix-command-flush-on-cable-pull.patch b/patches.suse/scsi-qla2xxx-Fix-command-flush-on-cable-pull.patch index 8f59740..791c99a 100644 --- a/patches.suse/scsi-qla2xxx-Fix-command-flush-on-cable-pull.patch +++ b/patches.suse/scsi-qla2xxx-Fix-command-flush-on-cable-pull.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Tue, 27 Feb 2024 22:11:22 +0530 Subject: scsi: qla2xxx: Fix command flush on cable pull -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: a27d4d0e7de305def8a5098a614053be208d1aa1 References: bsc1221816 diff --git a/patches.suse/scsi-qla2xxx-Fix-double-free-of-fcport.patch b/patches.suse/scsi-qla2xxx-Fix-double-free-of-fcport.patch index 7790a26..65db0ab 100644 --- a/patches.suse/scsi-qla2xxx-Fix-double-free-of-fcport.patch +++ b/patches.suse/scsi-qla2xxx-Fix-double-free-of-fcport.patch @@ -1,8 +1,7 @@ From: Saurav Kashyap Date: Tue, 27 Feb 2024 22:11:24 +0530 Subject: scsi: qla2xxx: Fix double free of fcport -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 82f522ae0d97119a43da53e0f729275691b9c525 References: bsc1221816 diff --git a/patches.suse/scsi-qla2xxx-Fix-double-free-of-the-ha-vp_map-pointe.patch b/patches.suse/scsi-qla2xxx-Fix-double-free-of-the-ha-vp_map-pointe.patch index 568777d..1816b28 100644 --- a/patches.suse/scsi-qla2xxx-Fix-double-free-of-the-ha-vp_map-pointe.patch +++ b/patches.suse/scsi-qla2xxx-Fix-double-free-of-the-ha-vp_map-pointe.patch @@ -1,8 +1,7 @@ From: Saurav Kashyap Date: Tue, 27 Feb 2024 22:11:23 +0530 Subject: scsi: qla2xxx: Fix double free of the ha->vp_map pointer -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: e288285d47784fdcf7c81be56df7d65c6f10c58b References: bsc1221816 diff --git a/patches.suse/scsi-qla2xxx-NVME-FCP-prefer-flag-not-being-honored.patch b/patches.suse/scsi-qla2xxx-NVME-FCP-prefer-flag-not-being-honored.patch index 2a9b88a..96ea27e 100644 --- a/patches.suse/scsi-qla2xxx-NVME-FCP-prefer-flag-not-being-honored.patch +++ b/patches.suse/scsi-qla2xxx-NVME-FCP-prefer-flag-not-being-honored.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Tue, 27 Feb 2024 22:11:21 +0530 Subject: scsi: qla2xxx: NVME|FCP prefer flag not being honored -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 69aecdd410106dc3a8f543a4f7ec6379b995b8d0 References: bsc1221816 diff --git a/patches.suse/scsi-qla2xxx-Prevent-command-send-on-chip-reset.patch b/patches.suse/scsi-qla2xxx-Prevent-command-send-on-chip-reset.patch index 5a89887..9061eb1 100644 --- a/patches.suse/scsi-qla2xxx-Prevent-command-send-on-chip-reset.patch +++ b/patches.suse/scsi-qla2xxx-Prevent-command-send-on-chip-reset.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Tue, 27 Feb 2024 22:11:17 +0530 Subject: scsi: qla2xxx: Prevent command send on chip reset -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 4895009c4bb72f71f2e682f1e7d2c2d96e482087 References: bsc1221816 diff --git a/patches.suse/scsi-qla2xxx-Split-FCE-EFT-trace-control.patch b/patches.suse/scsi-qla2xxx-Split-FCE-EFT-trace-control.patch index de69fac..379af3c 100644 --- a/patches.suse/scsi-qla2xxx-Split-FCE-EFT-trace-control.patch +++ b/patches.suse/scsi-qla2xxx-Split-FCE-EFT-trace-control.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Tue, 27 Feb 2024 22:11:19 +0530 Subject: scsi: qla2xxx: Split FCE|EFT trace control -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 76a192e1a566e15365704b9f8fb3b70825f85064 References: bsc1221816 diff --git a/patches.suse/scsi-qla2xxx-Update-manufacturer-detail.patch b/patches.suse/scsi-qla2xxx-Update-manufacturer-detail.patch index f9ff015..2fb70b7 100644 --- a/patches.suse/scsi-qla2xxx-Update-manufacturer-detail.patch +++ b/patches.suse/scsi-qla2xxx-Update-manufacturer-detail.patch @@ -1,8 +1,7 @@ From: Bikash Hazarika Date: Tue, 27 Feb 2024 22:11:20 +0530 Subject: scsi: qla2xxx: Update manufacturer detail -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: 688fa069fda6fce24d243cddfe0c7024428acb74 References: bsc1221816 diff --git a/patches.suse/scsi-qla2xxx-Update-version-to-10.02.09.200-k.patch b/patches.suse/scsi-qla2xxx-Update-version-to-10.02.09.200-k.patch index 18a11ce..6818e0b 100644 --- a/patches.suse/scsi-qla2xxx-Update-version-to-10.02.09.200-k.patch +++ b/patches.suse/scsi-qla2xxx-Update-version-to-10.02.09.200-k.patch @@ -1,8 +1,7 @@ From: Nilesh Javali Date: Tue, 27 Feb 2024 22:11:27 +0530 Subject: scsi: qla2xxx: Update version to 10.02.09.200-k -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Patch-mainline: v6.9-rc2 Git-commit: b8260ca37930a4b007f7b662d4b501a030a4935f References: bsc1221816 diff --git a/patches.suse/selftests-bpf-Test-racing-between-bpf_timer_cancel_a.patch b/patches.suse/selftests-bpf-Test-racing-between-bpf_timer_cancel_a.patch new file mode 100644 index 0000000..6f936d3 --- /dev/null +++ b/patches.suse/selftests-bpf-Test-racing-between-bpf_timer_cancel_a.patch @@ -0,0 +1,137 @@ +From: Martin KaFai Lau +Date: Thu, 15 Feb 2024 13:12:18 -0800 +Subject: selftests/bpf: Test racing between bpf_timer_cancel_and_free and + bpf_timer_cancel +Patch-mainline: v6.8-rc6 +Git-commit: 3f00e4a9c96f4488a924aff4e35b77c8eced897e +References: bsc#1222557 CVE-2024-26737 +X-Info: context change in tools/testing/selftests/bpf/progs/timer.c due to commit 0d7ae0686075 "bpf/selftests: Test pinning bpf timer to a core" not backported +X-Info: include abs_timer map definition from 944459e88b4f "selftests/bpf: Add absolute timer test" + +This selftest is based on a Alexei's test adopted from an internal +user to troubleshoot another bug. During this exercise, a separate +racing bug was discovered between bpf_timer_cancel_and_free +and bpf_timer_cancel. The details can be found in the previous +patch. + +This patch is to add a selftest that can trigger the bug. +I can trigger the UAF everytime in my qemu setup with KASAN. The idea +is to have multiple user space threads running in a tight loop to exercise +both bpf_map_update_elem (which calls into bpf_timer_cancel_and_free) +and bpf_timer_cancel. + +Signed-off-by: Martin KaFai Lau +Signed-off-by: Daniel Borkmann +Acked-by: Hou Tao +Link: https://lore.kernel.org/bpf/20240215211218.990808-2-martin.lau@linux.dev +Acked-by: Shung-Hsi Yu +--- + tools/testing/selftests/bpf/prog_tests/timer.c | 35 ++++++++++++++++++++++- + tools/testing/selftests/bpf/progs/timer.c | 38 +++++++++++++++++++++++++ + 2 files changed, 72 insertions(+), 1 deletion(-) + +--- a/tools/testing/selftests/bpf/prog_tests/timer.c ++++ b/tools/testing/selftests/bpf/prog_tests/timer.c +@@ -3,10 +3,29 @@ + #include + #include "timer.skel.h" + ++#define NUM_THR 8 ++ ++static void *spin_lock_thread(void *arg) ++{ ++ int i, err, prog_fd = *(int *)arg; ++ LIBBPF_OPTS(bpf_test_run_opts, topts); ++ ++ for (i = 0; i < 10000; i++) { ++ err = bpf_prog_test_run_opts(prog_fd, &topts); ++ if (!ASSERT_OK(err, "test_run_opts err") || ++ !ASSERT_OK(topts.retval, "test_run_opts retval")) ++ break; ++ } ++ ++ pthread_exit(arg); ++} ++ + static int timer(struct timer *timer_skel) + { +- int err, prog_fd; ++ int i, err, prog_fd; + LIBBPF_OPTS(bpf_test_run_opts, topts); ++ pthread_t thread_id[NUM_THR]; ++ void *ret; + + err = timer__attach(timer_skel); + if (!ASSERT_OK(err, "timer_attach")) +@@ -35,6 +54,20 @@ static int timer(struct timer *timer_ske + /* check that code paths completed */ + ASSERT_EQ(timer_skel->bss->ok, 1 | 2 | 4, "ok"); + ++ prog_fd = bpf_program__fd(timer_skel->progs.race); ++ for (i = 0; i < NUM_THR; i++) { ++ err = pthread_create(&thread_id[i], NULL, ++ &spin_lock_thread, &prog_fd); ++ if (!ASSERT_OK(err, "pthread_create")) ++ break; ++ } ++ ++ while (i) { ++ err = pthread_join(thread_id[--i], &ret); ++ if (ASSERT_OK(err, "pthread_join")) ++ ASSERT_EQ(ret, (void *)&prog_fd, "pthread_join"); ++ } ++ + return 0; + } + +--- a/tools/testing/selftests/bpf/progs/timer.c ++++ b/tools/testing/selftests/bpf/progs/timer.c +@@ -46,6 +46,13 @@ struct { + __type(value, struct elem); + } lru SEC(".maps"); + ++struct { ++ __uint(type, BPF_MAP_TYPE_ARRAY); ++ __uint(max_entries, 1); ++ __type(key, int); ++ __type(value, struct elem); ++} race_array SEC(".maps"); ++ + __u64 bss_data; + __u64 err; + __u64 ok; +@@ -295,3 +302,34 @@ int BPF_PROG(test2, int a, int b) + + return bpf_timer_test(); + } ++ ++static int race_timer_callback(void *race_array, int *race_key, struct bpf_timer *timer) ++{ ++ bpf_timer_start(timer, 1000000, 0); ++ return 0; ++} ++ ++SEC("syscall") ++int race(void *ctx) ++{ ++ struct bpf_timer *timer; ++ int err, race_key = 0; ++ struct elem init; ++ ++ __builtin_memset(&init, 0, sizeof(struct elem)); ++ bpf_map_update_elem(&race_array, &race_key, &init, BPF_ANY); ++ ++ timer = bpf_map_lookup_elem(&race_array, &race_key); ++ if (!timer) ++ return 1; ++ ++ err = bpf_timer_init(timer, &race_array, CLOCK_MONOTONIC); ++ if (err && err != -EBUSY) ++ return 1; ++ ++ bpf_timer_set_callback(timer, race_timer_callback); ++ bpf_timer_start(timer, 0, 0); ++ bpf_timer_cancel(timer); ++ ++ return 0; ++} diff --git a/patches.suse/spi-hisi-sfc-v3xx-Return-IRQ_NONE-if-no-interrupts-w.patch b/patches.suse/spi-hisi-sfc-v3xx-Return-IRQ_NONE-if-no-interrupts-w.patch index 4ca2fc2..4d003e5 100644 --- a/patches.suse/spi-hisi-sfc-v3xx-Return-IRQ_NONE-if-no-interrupts-w.patch +++ b/patches.suse/spi-hisi-sfc-v3xx-Return-IRQ_NONE-if-no-interrupts-w.patch @@ -4,7 +4,7 @@ Date: Tue, 23 Jan 2024 15:11:49 +0800 Subject: [PATCH] spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Git-commit: de8b6e1c231a95abf95ad097b993d34b31458ec9 Patch-mainline: v6.8-rc2 -References: git-fixes +References: git-fixes CVE-2024-26776 bsc#1222764 Return IRQ_NONE from the interrupt handler when no interrupt was detected. Because an empty interrupt will cause a null pointer error: diff --git a/patches.suse/tee-amdtee-fix-use-after-free-vulnerability-in-amdte.patch b/patches.suse/tee-amdtee-fix-use-after-free-vulnerability-in-amdte.patch new file mode 100644 index 0000000..d426785 --- /dev/null +++ b/patches.suse/tee-amdtee-fix-use-after-free-vulnerability-in-amdte.patch @@ -0,0 +1,79 @@ +From: Rijo Thomas +Date: Fri, 29 Sep 2023 12:30:24 +0530 +Subject: tee: amdtee: fix use-after-free vulnerability in amdtee_close_session +Git-commit: f4384b3e54ea813868bb81a861bf5b2406e15d8f +Patch-mainline: v6.6-rc6 +References: bsc#1220915 CVE-2023-52503 + +There is a potential race condition in amdtee_close_session that may +cause use-after-free in amdtee_open_session. For instance, if a session +has refcount == 1, and one thread tries to free this session via: + + kref_put(&sess->refcount, destroy_session); + +the reference count will get decremented, and the next step would be to +call destroy_session(). However, if in another thread, +amdtee_open_session() is called before destroy_session() has completed +execution, alloc_session() may return 'sess' that will be freed up +later in destroy_session() leading to use-after-free in +amdtee_open_session. + +To fix this issue, treat decrement of sess->refcount and removal of +'sess' from session list in destroy_session() as a critical section, so +that it is executed atomically. + +Fixes: 757cc3e9ff1d ("tee: add AMD-TEE driver") +Cc: stable@vger.kernel.org +Signed-off-by: Rijo Thomas +Reviewed-by: Sumit Garg +Signed-off-by: Jens Wiklander +Signed-off-by: Matthias Brugger +--- + drivers/tee/amdtee/core.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/drivers/tee/amdtee/core.c ++++ b/drivers/tee/amdtee/core.c +@@ -217,12 +217,12 @@ unlock: + return rc; + } + ++/* mutex must be held by caller */ + static void destroy_session(struct kref *ref) + { + struct amdtee_session *sess = container_of(ref, struct amdtee_session, + refcount); + +- mutex_lock(&session_list_mutex); + list_del(&sess->list_node); + mutex_unlock(&session_list_mutex); + kfree(sess); +@@ -277,7 +277,8 @@ int amdtee_open_session(struct tee_conte + if (i >= TEE_NUM_SESSIONS) { + pr_err("reached maximum session count %d\n", TEE_NUM_SESSIONS); + handle_unload_ta(ta_handle); +- kref_put(&sess->refcount, destroy_session); ++ kref_put_mutex(&sess->refcount, destroy_session, ++ &session_list_mutex); + rc = -ENOMEM; + goto out; + } +@@ -290,7 +291,8 @@ int amdtee_open_session(struct tee_conte + clear_bit(i, sess->sess_mask); + spin_unlock(&sess->lock); + handle_unload_ta(ta_handle); +- kref_put(&sess->refcount, destroy_session); ++ kref_put_mutex(&sess->refcount, destroy_session, ++ &session_list_mutex); + goto out; + } + +@@ -332,7 +334,7 @@ int amdtee_close_session(struct tee_cont + handle_close_session(ta_handle, session_info); + handle_unload_ta(ta_handle); + +- kref_put(&sess->refcount, destroy_session); ++ kref_put_mutex(&sess->refcount, destroy_session, &session_list_mutex); + + return 0; + } diff --git a/patches.suse/tracing-Have-saved_cmdlines-arrays-all-in-one-allocation.patch b/patches.suse/tracing-Have-saved_cmdlines-arrays-all-in-one-allocation.patch new file mode 100644 index 0000000..38c4065 --- /dev/null +++ b/patches.suse/tracing-Have-saved_cmdlines-arrays-all-in-one-allocation.patch @@ -0,0 +1,100 @@ +From: "Steven Rostedt (Google)" +Date: Tue, 20 Feb 2024 09:06:14 -0500 +Subject: tracing: Have saved_cmdlines arrays all in one allocation +Git-commit: 0b18c852cc6fb8284ac0ab97e3e840974a6a8a64 +Patch-mainline: v6.9-rc1 +References: git-fixes + +The saved_cmdlines have three arrays for mapping PIDs to COMMs: + + - map_pid_to_cmdline[] + - map_cmdline_to_pid[] + - saved_cmdlines + +The map_pid_to_cmdline[] is PID_MAX_DEFAULT in size and holds the index +into the other arrays. The map_cmdline_to_pid[] is a mapping back to the +full pid as it can be larger than PID_MAX_DEFAULT. And the +saved_cmdlines[] just holds the COMMs associated to the pids. + +Currently the map_pid_to_cmdline[] and saved_cmdlines[] are allocated +together (in reality the saved_cmdlines is just in the memory of the +rounding of the allocation of the structure as it is always allocated in +powers of two). The map_cmdline_to_pid[] array is allocated separately. + +Since the rounding to a power of two is rather large (it allows for 8000 +elements in saved_cmdlines), also include the map_cmdline_to_pid[] array. +(This drops it to 6000 by default, which is still plenty for most use +cases). This saves even more memory as the map_cmdline_to_pid[] array +doesn't need to be allocated. + +Link: https://lore.kernel.org/linux-trace-kernel/20240212174011.068211d9@gandalf.local.home/ +Link: https://lore.kernel.org/linux-trace-kernel/20240220140703.182330529@goodmis.org + +Cc: Mark Rutland +Cc: Mathieu Desnoyers +Cc: Andrew Morton +Cc: Tim Chen +Cc: Vincent Donnefort +Cc: Sven Schnelle +Cc: Mete Durlu +Fixes: 44dc5c41b5b1 ("tracing: Fix wasted memory in saved_cmdlines logic") +Acked-by: Masami Hiramatsu (Google) +Signed-off-by: Steven Rostedt (Google) +Acked-by: Petr Pavlu +--- + kernel/trace/trace.c | 18 ++++++++---------- + 1 file changed, 8 insertions(+), 10 deletions(-) + +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index ab4c1a1fbda8..70202e60a60a 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -2346,6 +2346,10 @@ struct saved_cmdlines_buffer { + }; + static struct saved_cmdlines_buffer *savedcmd; + ++/* Holds the size of a cmdline and pid element */ ++#define SAVED_CMDLINE_MAP_ELEMENT_SIZE(s) \ ++ (TASK_COMM_LEN + sizeof((s)->map_cmdline_to_pid[0])) ++ + static inline char *get_saved_cmdlines(int idx) + { + return &savedcmd->saved_cmdlines[idx * TASK_COMM_LEN]; +@@ -2360,7 +2364,6 @@ static void free_saved_cmdlines_buffer(struct saved_cmdlines_buffer *s) + { + int order = get_order(sizeof(*s) + s->cmdline_num * TASK_COMM_LEN); + +- kfree(s->map_cmdline_to_pid); + kmemleak_free(s); + free_pages((unsigned long)s, order); + } +@@ -2373,7 +2376,7 @@ static struct saved_cmdlines_buffer *allocate_cmdlines_buffer(unsigned int val) + int order; + + /* Figure out how much is needed to hold the given number of cmdlines */ +- orig_size = sizeof(*s) + val * TASK_COMM_LEN; ++ orig_size = sizeof(*s) + val * SAVED_CMDLINE_MAP_ELEMENT_SIZE(s); + order = get_order(orig_size); + size = 1 << (order + PAGE_SHIFT); + page = alloc_pages(GFP_KERNEL, order); +@@ -2385,16 +2388,11 @@ static struct saved_cmdlines_buffer *allocate_cmdlines_buffer(unsigned int val) + memset(s, 0, sizeof(*s)); + + /* Round up to actual allocation */ +- val = (size - sizeof(*s)) / TASK_COMM_LEN; ++ val = (size - sizeof(*s)) / SAVED_CMDLINE_MAP_ELEMENT_SIZE(s); + s->cmdline_num = val; + +- s->map_cmdline_to_pid = kmalloc_array(val, +- sizeof(*s->map_cmdline_to_pid), +- GFP_KERNEL); +- if (!s->map_cmdline_to_pid) { +- free_saved_cmdlines_buffer(s); +- return NULL; +- } ++ /* Place map_cmdline_to_pid array right after saved_cmdlines */ ++ s->map_cmdline_to_pid = (unsigned *)&s->saved_cmdlines[val * TASK_COMM_LEN]; + + s->cmdline_idx = 0; + memset(&s->map_pid_to_cmdline, NO_CMDLINE_MAP, + diff --git a/patches.suse/tracing-Remove-precision-vsnprintf-check-from-print-event.patch b/patches.suse/tracing-Remove-precision-vsnprintf-check-from-print-event.patch new file mode 100644 index 0000000..df2bf11 --- /dev/null +++ b/patches.suse/tracing-Remove-precision-vsnprintf-check-from-print-event.patch @@ -0,0 +1,65 @@ +From: "Steven Rostedt (Google)" +Date: Mon, 4 Mar 2024 17:43:41 -0500 +Subject: tracing: Remove precision vsnprintf() check from print event +Git-commit: 5efd3e2aef91d2d812290dcb25b2058e6f3f532c +Patch-mainline: v6.8 +References: git-fixes + +This reverts 60be76eeabb3d ("tracing: Add size check when printing +trace_marker output"). The only reason the precision check was added +was because of a bug that miscalculated the write size of the string into +the ring buffer and it truncated it removing the terminating nul byte. On +reading the trace it crashed the kernel. But this was due to the bug in +the code that happened during development and should never happen in +practice. If anything, the precision can hide bugs where the string in the +ring buffer isn't nul terminated and it will not be checked. + +Link: https://lore.kernel.org/all/C7E7AF1A-D30F-4D18-B8E5-AF1EF58004F5@linux.ibm.com/ +Link: https://lore.kernel.org/linux-trace-kernel/20240227125706.04279ac2@gandalf.local.home +Link: https://lore.kernel.org/all/20240302111244.3a1674be@gandalf.local.home/ +Link: https://lore.kernel.org/linux-trace-kernel/20240304174341.2a561d9f@gandalf.local.home + +Cc: Masami Hiramatsu +Cc: Linus Torvalds +Fixes: 60be76eeabb3d ("tracing: Add size check when printing trace_marker output") +Reported-by: Sachin Sant +Tested-by: Sachin Sant +Reviewed-by: Mathieu Desnoyers +Signed-off-by: Steven Rostedt (Google) +Acked-by: Petr Pavlu +--- + kernel/trace/trace_output.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c +index 3e7fa44dc2b2..d8b302d01083 100644 +--- a/kernel/trace/trace_output.c ++++ b/kernel/trace/trace_output.c +@@ -1587,12 +1587,11 @@ static enum print_line_t trace_print_print(struct trace_iterator *iter, + { + struct print_entry *field; + struct trace_seq *s = &iter->seq; +- int max = iter->ent_size - offsetof(struct print_entry, buf); + + trace_assign_type(field, iter->ent); + + seq_print_ip_sym(s, field->ip, flags); +- trace_seq_printf(s, ": %.*s", max, field->buf); ++ trace_seq_printf(s, ": %s", field->buf); + + return trace_handle_return(s); + } +@@ -1601,11 +1600,10 @@ static enum print_line_t trace_print_raw(struct trace_iterator *iter, int flags, + struct trace_event *event) + { + struct print_entry *field; +- int max = iter->ent_size - offsetof(struct print_entry, buf); + + trace_assign_type(field, iter->ent); + +- trace_seq_printf(&iter->seq, "# %lx %.*s", field->ip, max, field->buf); ++ trace_seq_printf(&iter->seq, "# %lx %s", field->ip, field->buf); + + return trace_handle_return(&iter->seq); + } + diff --git a/patches.suse/tracing-Use-.flush-call-to-wake-up-readers.patch b/patches.suse/tracing-Use-.flush-call-to-wake-up-readers.patch new file mode 100644 index 0000000..1626a70 --- /dev/null +++ b/patches.suse/tracing-Use-.flush-call-to-wake-up-readers.patch @@ -0,0 +1,90 @@ +From: "Steven Rostedt (Google)" +Date: Fri, 8 Mar 2024 15:24:05 -0500 +Subject: tracing: Use .flush() call to wake up readers +Git-commit: e5d7c1916562f0e856eb3d6f569629fcd535fed2 +Patch-mainline: v6.8 +References: git-fixes + +The .release() function does not get called until all readers of a file +descriptor are finished. + +If a thread is blocked on reading a file descriptor in ring_buffer_wait(), +and another thread closes the file descriptor, it will not wake up the +other thread as ring_buffer_wake_waiters() is called by .release(), and +that will not get called until the .read() is finished. + +The issue originally showed up in trace-cmd, but the readers are actually +other processes with their own file descriptors. So calling close() would wake +up the other tasks because they are blocked on another descriptor then the +one that was closed(). But there's other wake ups that solve that issue. + +When a thread is blocked on a read, it can still hang even when another +thread closed its descriptor. + +This is what the .flush() callback is for. Have the .flush() wake up the +readers. + +Link: https://lore.kernel.org/linux-trace-kernel/20240308202432.107909457@goodmis.org + +Cc: stable@vger.kernel.org +Cc: Masami Hiramatsu +Cc: Mark Rutland +Cc: Mathieu Desnoyers +Cc: Andrew Morton +Cc: Linus Torvalds +Cc: linke li +Cc: Rabin Vincent +Fixes: f3ddb74ad0790 ("tracing: Wake up ring buffer waiters on closing of the file") +Signed-off-by: Steven Rostedt (Google) +Acked-by: Petr Pavlu +--- + kernel/trace/trace.c | 21 +++++++++++++++------ + 1 file changed, 15 insertions(+), 6 deletions(-) + +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index d16b95ca58a7..c9c898307348 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -8393,6 +8393,20 @@ tracing_buffers_read(struct file *filp, char __user *ubuf, + return size; + } + ++static int tracing_buffers_flush(struct file *file, fl_owner_t id) ++{ ++ struct ftrace_buffer_info *info = file->private_data; ++ struct trace_iterator *iter = &info->iter; ++ ++ iter->wait_index++; ++ /* Make sure the waiters see the new wait_index */ ++ smp_wmb(); ++ ++ ring_buffer_wake_waiters(iter->array_buffer->buffer, iter->cpu_file); ++ ++ return 0; ++} ++ + static int tracing_buffers_release(struct inode *inode, struct file *file) + { + struct ftrace_buffer_info *info = file->private_data; +@@ -8404,12 +8418,6 @@ static int tracing_buffers_release(struct inode *inode, struct file *file) + + __trace_array_put(iter->tr); + +- iter->wait_index++; +- /* Make sure the waiters see the new wait_index */ +- smp_wmb(); +- +- ring_buffer_wake_waiters(iter->array_buffer->buffer, iter->cpu_file); +- + if (info->spare) + ring_buffer_free_read_page(iter->array_buffer->buffer, + info->spare_cpu, info->spare); +@@ -8625,6 +8633,7 @@ static const struct file_operations tracing_buffers_fops = { + .read = tracing_buffers_read, + .poll = tracing_buffers_poll, + .release = tracing_buffers_release, ++ .flush = tracing_buffers_flush, + .splice_read = tracing_buffers_splice_read, + .unlocked_ioctl = tracing_buffers_ioctl, + .llseek = no_llseek, + diff --git a/patches.suse/tracing-ring-buffer-Fix-wait_on_pipe-race.patch b/patches.suse/tracing-ring-buffer-Fix-wait_on_pipe-race.patch new file mode 100644 index 0000000..238d449 --- /dev/null +++ b/patches.suse/tracing-ring-buffer-Fix-wait_on_pipe-race.patch @@ -0,0 +1,253 @@ +From: "Steven Rostedt (Google)" +Date: Tue, 12 Mar 2024 08:15:08 -0400 +Subject: tracing/ring-buffer: Fix wait_on_pipe() race +Git-commit: 2aa043a55b9a764c9cbde5a8c654eeaaffe224cf +Patch-mainline: v6.9-rc1 +References: git-fixes + +When the trace_pipe_raw file is closed, there should be no new readers on +the file descriptor. This is mostly handled with the waking and wait_index +fields of the iterator. But there's still a slight race. + + CPU 0 CPU 1 + ----- ----- + wait_index++; + index = wait_index; + ring_buffer_wake_waiters(); + wait_on_pipe() + ring_buffer_wait(); + +The ring_buffer_wait() will miss the wakeup from CPU 1. The problem is +that the ring_buffer_wait() needs the logic of: + + prepare_to_wait(); + if (!condition) + schedule(); + +Where the missing condition check is the iter->wait_index update. + +Have the ring_buffer_wait() take a conditional callback function and a +data parameter that can be used within the wait_event_interruptible() of +the ring_buffer_wait() function. + +In wait_on_pipe(), pass a condition function that will check if the +wait_index has been updated, if it has, it will return true to break out +of the wait_event_interruptible() loop. + +Create a new field "closed" in the trace_iterator and set it in the +.flush() callback before calling ring_buffer_wake_waiters(). +This will keep any new readers from waiting on a closed file descriptor. + +Have the wait_on_pipe() condition callback also check the closed field. + +Change the wait_index field of the trace_iterator to atomic_t. There's no +reason it needs to be 'long' and making it atomic and using +atomic_read_acquire() and atomic_fetch_inc_release() will provide the +necessary memory barriers. + +Add a "woken" flag to tracing_buffers_splice_read() to exit the loop after +one more try to fetch data. That is, if it waited for data and something +woke it up, it should try to collect any new data and then exit back to +user space. + +Link: https://lore.kernel.org/linux-trace-kernel/CAHk-=wgsNgewHFxZAJiAQznwPMqEtQmi1waeS2O1v6L4c_Um5A@mail.gmail.com/ +Link: https://lore.kernel.org/linux-trace-kernel/20240312121703.557950713@goodmis.org + +Cc: stable@vger.kernel.org +Cc: Masami Hiramatsu +Cc: Mark Rutland +Cc: Mathieu Desnoyers +Cc: Andrew Morton +Cc: Linus Torvalds +Cc: linke li +Cc: Rabin Vincent +Fixes: f3ddb74ad0790 ("tracing: Wake up ring buffer waiters on closing of the file") +Signed-off-by: Steven Rostedt (Google) +Acked-by: Petr Pavlu +--- + include/linux/ring_buffer.h | 3 ++- + include/linux/trace_events.h | 5 ++++- + kernel/trace/ring_buffer.c | 13 ++++++++----- + kernel/trace/trace.c | 43 +++++++++++++++++++++++++++++++------------ + 4 files changed, 45 insertions(+), 19 deletions(-) + +diff --git a/include/linux/ring_buffer.h b/include/linux/ring_buffer.h +index 338a33db1577..dc5ae4e96aee 100644 +--- a/include/linux/ring_buffer.h ++++ b/include/linux/ring_buffer.h +@@ -99,7 +99,8 @@ __ring_buffer_alloc(unsigned long size, unsigned flags, struct lock_class_key *k + }) + + typedef bool (*ring_buffer_cond_fn)(void *data); +-int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full); ++int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full, ++ ring_buffer_cond_fn cond, void *data); + __poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu, + struct file *filp, poll_table *poll_table, int full); + void ring_buffer_wake_waiters(struct trace_buffer *buffer, int cpu); +diff --git a/include/linux/trace_events.h b/include/linux/trace_events.h +index d68ff9b1247f..fc6d0af56bb1 100644 +--- a/include/linux/trace_events.h ++++ b/include/linux/trace_events.h +@@ -103,13 +103,16 @@ struct trace_iterator { + unsigned int temp_size; + char *fmt; /* modified format holder */ + unsigned int fmt_size; +- long wait_index; ++ atomic_t wait_index; + + /* trace_seq for __print_flags() and __print_symbolic() etc. */ + struct trace_seq tmp_seq; + + cpumask_var_t started; + ++ /* Set when the file is closed to prevent new waiters */ ++ bool closed; ++ + /* it's true when current open file is snapshot */ + bool snapshot; + +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index f4c34b7c7e1e..350607cce869 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -902,23 +902,26 @@ static bool rb_wait_once(void *data) + * @buffer: buffer to wait on + * @cpu: the cpu buffer to wait on + * @full: wait until the percentage of pages are available, if @cpu != RING_BUFFER_ALL_CPUS ++ * @cond: condition function to break out of wait (NULL to run once) ++ * @data: the data to pass to @cond. + * + * If @cpu == RING_BUFFER_ALL_CPUS then the task will wake up as soon + * as data is added to any of the @buffer's cpu buffers. Otherwise + * it will wait for data to be added to a specific cpu buffer. + */ +-int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full) ++int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full, ++ ring_buffer_cond_fn cond, void *data) + { + struct ring_buffer_per_cpu *cpu_buffer; + struct wait_queue_head *waitq; +- ring_buffer_cond_fn cond; + struct rb_irq_work *rbwork; +- void *data; + long once = 0; + int ret = 0; + +- cond = rb_wait_once; +- data = &once; ++ if (!cond) { ++ cond = rb_wait_once; ++ data = &once; ++ } + + /* + * Depending on what the caller is waiting for, either any +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index c9c898307348..d390fea3a6a5 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -1955,15 +1955,36 @@ update_max_tr_single(struct trace_array *tr, struct task_struct *tsk, int cpu) + + #endif /* CONFIG_TRACER_MAX_TRACE */ + ++struct pipe_wait { ++ struct trace_iterator *iter; ++ int wait_index; ++}; ++ ++static bool wait_pipe_cond(void *data) ++{ ++ struct pipe_wait *pwait = data; ++ struct trace_iterator *iter = pwait->iter; ++ ++ if (atomic_read_acquire(&iter->wait_index) != pwait->wait_index) ++ return true; ++ ++ return iter->closed; ++} ++ + static int wait_on_pipe(struct trace_iterator *iter, int full) + { ++ struct pipe_wait pwait; + int ret; + + /* Iterators are static, they should be filled or empty */ + if (trace_buffer_iter(iter, iter->cpu_file)) + return 0; + +- ret = ring_buffer_wait(iter->array_buffer->buffer, iter->cpu_file, full); ++ pwait.wait_index = atomic_read_acquire(&iter->wait_index); ++ pwait.iter = iter; ++ ++ ret = ring_buffer_wait(iter->array_buffer->buffer, iter->cpu_file, full, ++ wait_pipe_cond, &pwait); + + #ifdef CONFIG_TRACER_MAX_TRACE + /* +@@ -8398,9 +8419,9 @@ static int tracing_buffers_flush(struct file *file, fl_owner_t id) + struct ftrace_buffer_info *info = file->private_data; + struct trace_iterator *iter = &info->iter; + +- iter->wait_index++; ++ iter->closed = true; + /* Make sure the waiters see the new wait_index */ +- smp_wmb(); ++ (void)atomic_fetch_inc_release(&iter->wait_index); + + ring_buffer_wake_waiters(iter->array_buffer->buffer, iter->cpu_file); + +@@ -8500,6 +8521,7 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos, + .spd_release = buffer_spd_release, + }; + struct buffer_ref *ref; ++ bool woken = false; + int entries, i; + ssize_t ret = 0; + +@@ -8573,17 +8595,17 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos, + + /* did we read anything? */ + if (!spd.nr_pages) { +- long wait_index; + + if (ret) + goto out; + ++ if (woken) ++ goto out; ++ + ret = -EAGAIN; + if ((file->f_flags & O_NONBLOCK) || (flags & SPLICE_F_NONBLOCK)) + goto out; + +- wait_index = READ_ONCE(iter->wait_index); +- + ret = wait_on_pipe(iter, iter->snapshot ? 0 : iter->tr->buffer_percent); + if (ret) + goto out; +@@ -8592,10 +8614,8 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos, + if (!tracer_tracing_is_on(iter->tr)) + goto out; + +- /* Make sure we see the new wait_index */ +- smp_rmb(); +- if (wait_index != iter->wait_index) +- goto out; ++ /* Iterate one more time to collect any new data then exit */ ++ woken = true; + + goto again; + } +@@ -8618,9 +8638,8 @@ static long tracing_buffers_ioctl(struct file *file, unsigned int cmd, unsigned + + mutex_lock(&trace_types_lock); + +- iter->wait_index++; + /* Make sure the waiters see the new wait_index */ +- smp_wmb(); ++ (void)atomic_fetch_inc_release(&iter->wait_index); + + ring_buffer_wake_waiters(iter->array_buffer->buffer, iter->cpu_file); + + diff --git a/patches.suse/usb-cdns3-fixed-memory-use-after-free-at-cdns3_gadge.patch b/patches.suse/usb-cdns3-fixed-memory-use-after-free-at-cdns3_gadge.patch index e478b79..774542f 100644 --- a/patches.suse/usb-cdns3-fixed-memory-use-after-free-at-cdns3_gadge.patch +++ b/patches.suse/usb-cdns3-fixed-memory-use-after-free-at-cdns3_gadge.patch @@ -4,7 +4,7 @@ Date: Fri, 2 Feb 2024 10:42:16 -0500 Subject: [PATCH] usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() Git-commit: cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6 Patch-mainline: v6.8-rc6 -References: git-fixes +References: git-fixes CVE-2024-26749 bsc#1222680 ... cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); diff --git a/patches.suse/vdpa-mlx5-Allow-CVQ-size-changes.patch b/patches.suse/vdpa-mlx5-Allow-CVQ-size-changes.patch new file mode 100644 index 0000000..f3a8acd --- /dev/null +++ b/patches.suse/vdpa-mlx5-Allow-CVQ-size-changes.patch @@ -0,0 +1,78 @@ +From 749a4016839270163efc36ecddddd01de491a16b Mon Sep 17 00:00:00 2001 +From: Jonah Palmer +Date: Fri, 16 Feb 2024 09:25:02 -0500 +Subject: [PATCH] vdpa/mlx5: Allow CVQ size changes +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 749a4016839270163efc36ecddddd01de491a16b +References: git-fixes +Patch-mainline: v6.9-rc1 + +The MLX driver was not updating its control virtqueue size at set_vq_num +and instead always initialized to MLX5_CVQ_MAX_ENT (16) at +setup_cvq_vring. + +Qemu would try to set the size to 64 by default, however, because the +CVQ size always was initialized to 16, an error would be thrown when +sending >16 control messages (as used-ring entry 17 is initialized to 0). +For example, starting a guest with x-svq=on and then executing the +following command would produce the error below: + + # for i in {1..20}; do ifconfig eth0 hw ether XX:xx:XX:xx:XX:XX; done + + qemu-system-x86_64: Insufficient written data (0) + [ 435.331223] virtio_net virtio0: Failed to set mac address by vq command. + SIOCSIFHWADDR: Invalid argument + +Acked-by: Dragos Tatulea +Acked-by: Eugenio Pérez +Signed-off-by: Jonah Palmer +Message-id: <20240216142502.78095-1-jonah.palmer@oracle.com> +Signed-off-by: Michael S. Tsirkin +Tested-by: Lei Yang +Fixes: 5262912ef3cf ("vdpa/mlx5: Add support for control VQ and MAC setting") +Signed-off-by: Oliver Neukum + +--- + drivers/vdpa/mlx5/net/mlx5_vnet.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +--- a/drivers/vdpa/mlx5/net/mlx5_vnet.c ++++ b/drivers/vdpa/mlx5/net/mlx5_vnet.c +@@ -185,8 +185,6 @@ static void teardown_driver(struct mlx5_ + + static bool mlx5_vdpa_debug; + +-#define MLX5_CVQ_MAX_ENT 16 +- + #define MLX5_LOG_VIO_FLAG(_feature) \ + do { \ + if (features & BIT_ULL(_feature)) \ +@@ -1977,9 +1975,16 @@ static void mlx5_vdpa_set_vq_num(struct + struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev); + struct mlx5_vdpa_virtqueue *mvq; + +- if (!is_index_valid(mvdev, idx) || is_ctrl_vq_idx(mvdev, idx)) ++ if (!is_index_valid(mvdev, idx)) + return; + ++ if (is_ctrl_vq_idx(mvdev, idx)) { ++ struct mlx5_control_vq *cvq = &mvdev->cvq; ++ ++ cvq->vring.vring.num = num; ++ return; ++ } ++ + mvq = &ndev->vqs[idx]; + mvq->num_ent = num; + } +@@ -2506,7 +2511,7 @@ static int setup_cvq_vring(struct mlx5_v + + if (mvdev->actual_features & BIT_ULL(VIRTIO_NET_F_CTRL_VQ)) + err = vringh_init_iotlb(&cvq->vring, mvdev->actual_features, +- MLX5_CVQ_MAX_ENT, false, ++ cvq->vring.vring.num, false, + (struct vring_desc *)(uintptr_t)cvq->desc_addr, + (struct vring_avail *)(uintptr_t)cvq->driver_addr, + (struct vring_used *)(uintptr_t)cvq->device_addr); diff --git a/patches.suse/x86-sev-Harden-VC-instruction-emulation-somewhat b/patches.suse/x86-sev-Harden-VC-instruction-emulation-somewhat new file mode 100644 index 0000000..4e7eaf6 --- /dev/null +++ b/patches.suse/x86-sev-Harden-VC-instruction-emulation-somewhat @@ -0,0 +1,180 @@ +From: "Borislav Petkov (AMD)" +Date: Fri, 5 Jan 2024 11:14:07 +0100 +Subject: x86/sev: Harden #VC instruction emulation somewhat +Git-commit: e3ef461af35a8c74f2f4ce6616491ddb355a208f +Patch-mainline: v6.9-rc1 +References: CVE-2024-25742 bsc#1221725 + +Compare the opcode bytes at rIP for each #VC exit reason to verify the +instruction which raised the #VC exception is actually the right one. + +Signed-off-by: Borislav Petkov (AMD) +Acked-by: Tom Lendacky +Link: https://lore.kernel.org/r/20240105101407.11694-1-bp@alien8.de + +Acked-by: Joerg Roedel +--- + arch/x86/boot/compressed/sev.c | 4 + + arch/x86/kernel/sev-shared.c | 102 ++++++++++++++++++++++++++++++++++++++++- + arch/x86/kernel/sev.c | 5 +- + 3 files changed, 108 insertions(+), 3 deletions(-) + +--- a/arch/x86/boot/compressed/sev.c ++++ b/arch/x86/boot/compressed/sev.c +@@ -304,6 +304,10 @@ void do_boot_stage2_vc(struct pt_regs *r + if (result != ES_OK) + goto finish; + ++ result = vc_check_opcode_bytes(&ctxt, exit_code); ++ if (result != ES_OK) ++ goto finish; ++ + switch (exit_code) { + case SVM_EXIT_RDTSC: + case SVM_EXIT_RDTSCP: +--- a/arch/x86/kernel/sev-shared.c ++++ b/arch/x86/kernel/sev-shared.c +@@ -10,11 +10,15 @@ + */ + + #ifndef __BOOT_COMPRESSED +-#define error(v) pr_err(v) +-#define has_cpuflag(f) boot_cpu_has(f) ++#define error(v) pr_err(v) ++#define has_cpuflag(f) boot_cpu_has(f) ++#define sev_printk(fmt, ...) printk(fmt, ##__VA_ARGS__) ++#define sev_printk_rtl(fmt, ...) printk_ratelimited(fmt, ##__VA_ARGS__) + #else + #undef WARN + #define WARN(condition, format...) (!!(condition)) ++#define sev_printk(fmt, ...) ++#define sev_printk_rtl(fmt, ...) + #endif + + /* I/O parameters for CPUID-related helpers */ +@@ -574,6 +578,7 @@ void __init do_vc_no_ghcb(struct pt_regs + { + unsigned int subfn = lower_bits(regs->cx, 32); + unsigned int fn = lower_bits(regs->ax, 32); ++ u16 opcode = *(unsigned short *)regs->ip; + struct cpuid_leaf leaf; + int ret; + +@@ -581,6 +586,10 @@ void __init do_vc_no_ghcb(struct pt_regs + if (exit_code != SVM_EXIT_CPUID) + goto fail; + ++ /* Is it really a CPUID insn? */ ++ if (opcode != 0xa20f) ++ goto fail; ++ + leaf.fn = fn; + leaf.subfn = subfn; + +@@ -1170,3 +1179,92 @@ static int vmgexit_psc(struct ghcb *ghcb + out: + return ret; + } ++ ++static enum es_result vc_check_opcode_bytes(struct es_em_ctxt *ctxt, ++ unsigned long exit_code) ++{ ++ unsigned int opcode = (unsigned int)ctxt->insn.opcode.value; ++ u8 modrm = ctxt->insn.modrm.value; ++ ++ switch (exit_code) { ++ ++ case SVM_EXIT_IOIO: ++ case SVM_EXIT_NPF: ++ /* handled separately */ ++ return ES_OK; ++ ++ case SVM_EXIT_CPUID: ++ if (opcode == 0xa20f) ++ return ES_OK; ++ break; ++ ++ case SVM_EXIT_INVD: ++ if (opcode == 0x080f) ++ return ES_OK; ++ break; ++ ++ case SVM_EXIT_MONITOR: ++ if (opcode == 0x010f && modrm == 0xc8) ++ return ES_OK; ++ break; ++ ++ case SVM_EXIT_MWAIT: ++ if (opcode == 0x010f && modrm == 0xc9) ++ return ES_OK; ++ break; ++ ++ case SVM_EXIT_MSR: ++ /* RDMSR */ ++ if (opcode == 0x320f || ++ /* WRMSR */ ++ opcode == 0x300f) ++ return ES_OK; ++ break; ++ ++ case SVM_EXIT_RDPMC: ++ if (opcode == 0x330f) ++ return ES_OK; ++ break; ++ ++ case SVM_EXIT_RDTSC: ++ if (opcode == 0x310f) ++ return ES_OK; ++ break; ++ ++ case SVM_EXIT_RDTSCP: ++ if (opcode == 0x010f && modrm == 0xf9) ++ return ES_OK; ++ break; ++ ++ case SVM_EXIT_READ_DR7: ++ if (opcode == 0x210f && ++ X86_MODRM_REG(ctxt->insn.modrm.value) == 7) ++ return ES_OK; ++ break; ++ ++ case SVM_EXIT_VMMCALL: ++ if (opcode == 0x010f && modrm == 0xd9) ++ return ES_OK; ++ ++ break; ++ ++ case SVM_EXIT_WRITE_DR7: ++ if (opcode == 0x230f && ++ X86_MODRM_REG(ctxt->insn.modrm.value) == 7) ++ return ES_OK; ++ break; ++ ++ case SVM_EXIT_WBINVD: ++ if (opcode == 0x90f) ++ return ES_OK; ++ break; ++ ++ default: ++ break; ++ } ++ ++ sev_printk(KERN_ERR "Wrong/unhandled opcode bytes: 0x%x, exit_code: 0x%lx, rIP: 0x%lx\n", ++ opcode, exit_code, ctxt->regs->ip); ++ ++ return ES_UNSUPPORTED; ++} +--- a/arch/x86/kernel/sev.c ++++ b/arch/x86/kernel/sev.c +@@ -1743,7 +1743,10 @@ static enum es_result vc_handle_exitcode + struct ghcb *ghcb, + unsigned long exit_code) + { +- enum es_result result; ++ enum es_result result = vc_check_opcode_bytes(ctxt, exit_code); ++ ++ if (result != ES_OK) ++ return result; + + switch (exit_code) { + case SVM_EXIT_READ_DR7: diff --git a/series.conf b/series.conf index eb835ba..8c455d4 100644 --- a/series.conf +++ b/series.conf @@ -6709,6 +6709,12 @@ patches.suse/nvme-move-command-clear-into-the-various-setup-helpe.patch patches.suse/nvme-don-t-memset-the-normal-read-write-command.patch patches.suse/nbd-Fix-use-after-free-in-pid_show.patch + patches.suse/bcache-fix-error-info-in-register_bcache-d55f.patch + patches.suse/bcache-move-calc_cached_dev_sectors-to-proper-place--0259.patch + patches.suse/bcache-remove-the-cache_dev_name-field-from-struct-c-7e84.patch + patches.suse/bcache-remove-the-backing_dev_name-field-from-struct-0f5c.patch + patches.suse/bcache-use-bvec_kmap_local-in-bch_data_verify-0038.patch + patches.suse/bcache-remove-bch_crc64_update-39fa.patch patches.suse/nvme-generate-uevent-once-a-multipath-namespace-is-o.patch patches.suse/nvme-fc-add-support-for-map_queues.patch patches.suse/qla2xxx-add-map_queues-support-for-nvme.patch @@ -6745,6 +6751,8 @@ patches.suse/nvmet-switch-check-for-subsystem-type.patch patches.suse/nvmet-register-discovery-subsystem-as-current.patch patches.suse/nvmet-use-flex_array_size-and-struct_size.patch + patches.suse/bcache-move-uapi-header-bcache.h-to-bcache-code-dire-cf21.patch + patches.suse/bcache-replace-snprintf-in-show-functions-with-sysfs-1b86.patch patches.suse/block-ataflop-Fix-warning-comparing-pointer-to-0.patch patches.suse/null_blk-Fix-handling-of-submit_queues-and-poll_queu.patch patches.suse/io_uring-dump-sqe-contents-if-issue-fails.patch @@ -11388,6 +11396,7 @@ patches.suse/pci-acpi-check-for-osc-support-in-acpi_pci_osc_control_set patches.suse/PCI-Rename-pcibios_add_device-to-pcibios_device_add.patch patches.suse/PCI-Do-not-enable-AtomicOps-on-VFs.patch + patches.suse/PCI-Drop-pci_device_remove-test-of-pci_dev-driver.patch patches.suse/scsi-message-fusion-Remove-unused-mpt_pci-driver-.pr.patch patches.suse/crypto-qat-simplify-adf_enable_aer.patch patches.suse/net-hns3-use-dev_driver_string-instead-of-pci_dev-dr.patch @@ -13019,6 +13028,7 @@ patches.suse/io-wq-drop-wqe-lock-before-creating-new-worker.patch patches.suse/iocost-Fix-divide-by-zero-on-donation-from-low-hweig.patch patches.suse/block-reduce-kblockd_mod_delayed_work_on-CPU-consump.patch + patches.suse/bcache-fix-NULL-pointer-reference-in-cached_dev_deta-aa97.patch patches.suse/selinux-fix-sleeping-function-called-from-invalid-co.patch patches.suse/btrfs-fix-memory-leak-in-__add_inode_ref.patch patches.suse/btrfs-fix-double-free-of-anon_dev-after-failure-to-c.patch @@ -19248,6 +19258,8 @@ patches.suse/nvme-fix-the-check-for-duplicate-unique-identifiers.patch patches.suse/nvme-check-for-duplicate-identifiers-earlier.patch patches.suse/nvme-check-that-EUI-GUID-UUID-are-globally-unique.patch + patches.suse/bcache-use-bvec_kmap_local-in-bio_csum-07fe.patch + patches.suse/bcache-fixup-bcache_dev_sectors_dirty_add-multithrea-7b10.patch patches.suse/0003-bcache-fixup-multiple-threads-crash.patch patches.suse/0055-md-raid1-raid10-drop-pending_cnt.patch patches.suse/lib-raid6-test-fix-multiple-definition-linking-error.patch @@ -23464,6 +23476,7 @@ patches.suse/iio-inkern-make-a-best-effort-on-offset-calculation.patch patches.suse/iio-afe-rescale-use-s64-for-temporary-scale-calculat.patch patches.suse/iio-mma8452-Fix-probe-failing-when-an-i2c_device_id-.patch + patches.suse/iio-adc-ad7091r-Move-exports-into-IIO_AD7091R-namespace.patch patches.suse/staging-iio-adc-ad7280a-Fix-handing-of-device-addres.patch patches.suse/iio-adc-Add-check-for-devm_request_threaded_irq.patch patches.suse/iio-accel-mma8452-use-the-correct-logic-to-get-mma84.patch @@ -23486,6 +23499,7 @@ patches.suse/firmware-stratix10-svc-add-missing-callback-paramete.patch patches.suse/firmware-sysfb-fix-platform-device-leak-in-error-pat.patch patches.suse/firmware-google-Properly-state-IOMEM-dependency.patch + patches.suse/bcache-use-default_groups-in-kobj_type-fa97.patch patches.suse/component-Replace-most-references-to-master-with-agg.patch patches.suse/component-Add-common-helper-for-compare-release-func.patch patches.suse/1477-drm-komeda-Make-use-of-the-helper-component_compare_.patch @@ -28566,6 +28580,7 @@ patches.suse/clk-imx8mp-fix-usb_root_clk-parent.patch patches.suse/mfd-ipaq-micro-Fix-error-check-return-value-of-platf.patch patches.suse/mfd-davinci_voicecodec-Fix-possible-null-ptr-deref-d.patch + patches.suse/nvdimm-Allow-overwrite-in-the-presence-of-disabled-d-bb7b.patch patches.suse/testing-nvdimm-iomap-make-__nfit_test_ioremap-a-macr.patch patches.suse/testing-nvdimm-asm-mce.h-is-not-needed-in-nfit.c.patch patches.suse/acpi-nfit-rely-on-mce-misc-to-determine-poison-granu.patch @@ -28643,6 +28658,7 @@ patches.suse/PCI-ACPI-Prefer-CXL-_OSC-instead-of-PCIe-_OSC-for-CX.patch patches.suse/PCI-ACPI-negotiate-CXL-_OSC.patch patches.suse/ACPI-NFIT-Drop-nfit_device_lock.patch + patches.suse/nvdimm-Fix-firmware-activation-deadlock-scenarios-e682.patch patches.suse/pinctrl-mediatek-mt8195-enable-driver-on-mtk-platfor.patch patches.suse/pinctrl-mvebu-Fix-irq_of_parse_and_map-return-value.patch patches.suse/pinctrl-tegra-tegra194-drop-unused-pin-groups.patch @@ -29931,6 +29947,7 @@ patches.suse/cpufreq-amd-pstate-Add-resume-and-suspend-callbacks.patch patches.suse/drivers-cpufreq-Add-missing-of_node_put-in-qoriq-cpu.patch patches.suse/cpufreq-pmac32-cpufreq-Fix-refcount-leak-bug.patch + patches.suse/nvdimm-Fix-badblocks-clear-off-by-one-error-ef91.patch patches.suse/powerpc-xive-spapr-correct-bitmap-allocation-size.patch patches.suse/powerpc-prom_init-Fix-kernel-config-grep.patch patches.suse/powerpc-bpf-Fix-use-of-user_pt_regs-in-uapi.patch @@ -33028,6 +33045,7 @@ patches.suse/nvme-multipath-refactor-nvme_mpath_add_disk.patch patches.suse/0026-null_blk-fix-ida-error-handling-in-null_add_dev.patch patches.suse/nbd-add-missing-definition-of-pr_fmt-bc9d.patch + patches.suse/bcache-remove-EXPERIMENTAL-for-Kconfig-option-Asynch-640c.patch patches.suse/0211-md-raid5-Fix-sectors_to_do-bitmap-overflow-in-raid5_make_request.patch patches.suse/0212-md-raid5-Convert-prepare_to_wait-to-wait_woken-api.patch patches.suse/0213-md-fix-mddev-kobj-lifetime.patch @@ -34885,6 +34903,7 @@ patches.suse/i2c-mlxbf-incorrect-base-address-passed-during-io-wr.patch patches.suse/i2c-mlxbf-prevent-stack-overflow-in-mlxbf_i2c_smbus_.patch patches.suse/i2c-mlxbf-Fix-frequency-calculation.patch + patches.suse/nvdimm-namespace-drop-nested-variable-in-create_name-d342.patch patches.suse/devdax-Fix-soft-reservation-memory-description.patch patches.suse/ext4-fix-bug-in-extents-parsing-when-eh_entries-0-an.patch patches.suse/ext4-limit-the-number-of-retries-after-discarding-pr.patch @@ -36018,6 +36037,10 @@ patches.suse/sbitmap-fix-batched-wait_cnt-accounting.patch patches.suse/blk-throttle-fix-that-io-throttle-can-only-work-for-single-bio-320f.patch patches.suse/0032-blk-throttle-prevent-overflow-while-calculating-wait-time.patch + patches.suse/bcache-remove-unnecessary-flush_workqueue-97d2.patch + patches.suse/bcache-remove-unused-bch_mark_cache_readahead-functi-d86b.patch + patches.suse/bcache-bset-Fix-comment-typos-11e5.patch + patches.suse/bcache-fix-repeated-words-in-comments-6dd3.patch patches.suse/0033-bcache-fix-set_at_max_writeback_rate-for-multiple-attached-devices.patch patches.suse/nvmet-expose-max-queues-to-configfs.patch patches.suse/nvme-tcp-handle-number-of-queue-changes.patch @@ -36519,6 +36542,7 @@ patches.suse/i2c-designware-Fix-handling-of-real-but-unexpected-d.patch patches.suse/PCI-ASPM-Ignore-L1-PM-Substates-if-device-lacks-capa.patch patches.suse/PCI-ASPM-Correct-LTR_L1.2_THRESHOLD-computation.patch + patches.suse/PCI-DPC-Quirk-PIO-log-size-for-certain-Intel-Root-Po.patch patches.suse/PCI-PTM-Add-pci_suspend_ptm-and-pci_resume_ptm.patch patches.suse/PCI-PM-Always-disable-PTM-for-all-devices-during-sus.patch patches.suse/PCI-Fix-used_buses-calculation-in-pci_scan_child_bus.patch @@ -36734,6 +36758,7 @@ patches.suse/ubifs-Fix-AA-deadlock-when-setting-xattr-for-encrypted-file.patch patches.suse/rtc-stmp3xxx-Add-failure-handling-for-stmp3xxx_wdt_r.patch patches.suse/rtc-cmos-Fix-event-handler-registration-ordering-iss.patch + patches.suse/libnvdimm-region-Allow-setting-align-attribute-on-re-2e50.patch patches.suse/ACPI-HMAT-Release-platform-device-in-case-of-platfor.patch patches.suse/cifs-fix-skipping-to-incorrect-offset-in-emit_cached_dirents.patch patches.suse/smb3-clarify-multichannel-warning.patch @@ -38088,6 +38113,7 @@ patches.suse/0049-dm-cache-Fix-ABBA-deadlock-between-shrink_slab-and-dm_cache_metadata_abort.patch patches.suse/0050-dm-cache-set-needs_check-flag-after-aborting-metadata.patch patches.suse/0051-dm-thin-resume-even-if-in-FAIL-mode.patch + patches.suse/dm-init-add-dm-mod.waitfor-to-wait-for-asynchronousl-0356.patch patches.suse/0052-dm-thin-Use-last-transaction-s-pmd-root-when-commit-failed.patch patches.suse/ALSA-memalloc-Allocate-more-contiguous-pages-for-fal.patch patches.suse/ALSA-pcm-fix-undefined-behavior-in-bit-shift-for-SND.patch @@ -40044,7 +40070,15 @@ patches.suse/docs-ftrace-fix-a-issue-with-duplicated-subtitle-num.patch patches.suse/docs-scripts-gdb-add-necessary-make-scripts_gdb-step.patch patches.suse/audit-update-the-mailing-list-in-MAINTAINERS.patch + patches.suse/dm-flakey-don-t-corrupt-the-zero-page-f507.patch + patches.suse/dm-flakey-fix-a-bug-with-32-bit-highmem-systems-8eb2.patch + patches.suse/dm-flakey-fix-logic-when-corrupting-a-bio-aa56.patch + patches.suse/dm-send-just-one-event-on-resize-not-two-7533.patch + patches.suse/dm-remove-flush_scheduled_work-during-local_exit-0b22.patch + patches.suse/dm-add-cond_resched-to-dm_wq_work-0ca4.patch patches.suse/dm-add-cond_resched-to-dm_wq_requeue_work-f776.patch + patches.suse/dm-thin-add-cond_resched-to-various-workqueue-loops-e4f8.patch + patches.suse/dm-cache-add-cond_resched-to-various-workqueue-loops-7622.patch patches.suse/scsi-libsas-Remove-useless-dev_list-delete-in-sas_ex_discover_end_dev.patch patches.suse/scsi-qla2xxx-check-if-port-is-online-before-sending-els.patch patches.suse/scsi-qla2xxx-fix-link-failure-in-npiv-environment.patch @@ -40873,6 +40907,10 @@ patches.suse/ACPI-resource-Add-Medion-S17413-to-IRQ-override-quir.patch patches.suse/io_uring-rsrc-fix-null-ptr-deref-in-io_file_bitmap_g.patch patches.suse/nvme-send-Identify-with-CNS-06h-only-to-I-O-controll.patch + patches.suse/dm-thin-fix-deadlock-when-swapping-to-thin-device-9bbf.patch + patches.suse/dm-crypt-add-cond_resched-to-dmcrypt_write-fb29.patch + patches.suse/dm-crypt-avoid-accessing-uninitialized-tasklet-d9a0.patch + patches.suse/dm-stats-check-for-and-propagate-alloc_percpu-failur-d3aa.patch patches.suse/drm-panel-orientation-quirks-Add-quirk-for-Lenovo-Yo.patch patches.suse/drm-meson-fix-missing-component-unbind-on-bind-error.patch patches.suse/drm-bridge-lt8912b-return-EPROBE_DEFER-if-bridge-is-.patch @@ -41423,7 +41461,12 @@ patches.suse/md-raid10-fix-memleak-of-md-thread-f0dd.patch patches.suse/md-raid10-don-t-call-bio_start_io_acct-twice-for-bio-7cdd.patch patches.suse/block-bfq-Fix-division-by-zero-error-on-zero-wsum.patch + patches.suse/dm-verity-fix-error-handling-for-check_at_most_once--e8c5.patch + patches.suse/dm-clone-call-kmem_cache_destroy-in-dm_clone_init-er-6827.patch + patches.suse/dm-integrity-call-kmem_cache_destroy-in-dm_integrity-6b79.patch patches.suse/dm-ioctl-fix-nested-locking-in-table_clear-to-remove-deadlock-concern-3b89.patch + patches.suse/dm-flakey-fix-a-crash-with-invalid-table-line-98db.patch + patches.suse/dm-don-t-lock-fs-when-the-map-is-NULL-in-process-of--38d1.patch patches.suse/scsi-lpfc-Prevent-lpfc_debugfs_lockstat_write-buffer.patch patches.suse/scsi-lpfc-Reorder-freeing-of-various-DMA-buffers-and.patch patches.suse/scsi-lpfc-Fix-lockdep-warning-for-rx_monitor-lock-wh.patch @@ -42026,6 +42069,7 @@ patches.suse/cpufreq-amd-pstate-Add-fast_switch-callback.patch patches.suse/cpufreq-amd-pstate-Remove-fast_switch_possible-flag-.patch patches.suse/cpufreq-amd-pstate-Update-policy-cur-in-amd_pstate_a.patch + patches.suse/PCI-DPC-Quirk-PIO-log-size-for-Intel-Ice-Lake-Root-P.patch patches.suse/ARM-dts-vexpress-add-missing-cache-properties.patch patches.suse/arm64-dts-arm-add-missing-cache-properties.patch patches.suse/arm64-dts-imx8mn-var-som-fix-PHY-detection-bug-by-adding-deassert-delay.patch @@ -42231,6 +42275,8 @@ patches.suse/IB-isert-Fix-possible-list-corruption-in-CMA-handler.patch patches.suse/IB-isert-Fix-incorrect-release-of-isert-connection.patch patches.suse/RDMA-rxe-Fix-rxe_cq_post.patch + patches.suse/dm-don-t-lock-fs-when-the-map-is-NULL-during-suspend-2760.patch + patches.suse/dm-thin-metadata-check-fail_io-before-using-data_sm-cb65.patch patches.suse/igb-Fix-extts-capture-value-format-for-82580-i354-i3.patch patches.suse/net-usb-qmi_wwan-add-support-for-Compal-RXM-G1.patch patches.suse/net-sched-cls_u32-Fix-reference-counter-leak-leading.patch @@ -42338,6 +42384,10 @@ patches.suse/md-raid10-fix-null-ptr-deref-of-mreplace-in-raid10_s-3481.patch patches.suse/md-raid10-fix-io-loss-while-replacement-replace-rdev-2ae6.patch patches.suse/md-raid10-prevent-soft-lockup-while-flush-writes-0104.patch + patches.suse/bcache-Remove-dead-references-to-cache_readaheads-ccb8.patch + patches.suse/bcache-Remove-unnecessary-NULL-point-check-in-node-a-028d.patch + patches.suse/bcache-Fix-__bch_btree_node_alloc-to-make-the-failur-80fc.patch + patches.suse/bcache-fixup-btree_cache_wait-list-damage-f085.patch patches.suse/nvme-core-fix-memory-leak-in-dhchap_secret_store.patch patches.suse/nvme-core-fix-memory-leak-in-dhchap_ctrl_secret.patch patches.suse/nvme-core-fix-dev_pm_qos-memleak.patch @@ -42691,6 +42741,8 @@ patches.suse/scsi-core-Don-t-wait-for-quiesce-in-scsi_stop_queue.patch patches.suse/scsi-core-Don-t-wait-for-quiesce-in-scsi_device_bloc.patch patches.suse/scsi-core-Improve-warning-message-in-scsi_device_blo.patch + patches.suse/dm-thin-metadata-Fix-ABBA-deadlock-by-resetting-dm_b-d483.patch + patches.suse/dm-integrity-reduce-vmalloc-space-footprint-on-32-bi-6d50.patch patches.suse/platform-x86-intel-uncore-freq-Uncore-frequency-control-via-TPMI.patch patches.suse/platform-x86-intel-uncore-freq-Support-for-cluster-level-controls.patch patches.suse/platform-x86-intel-uncore-freq-tpmi-Provide-cluster-level-control.patch @@ -43152,6 +43204,9 @@ patches.suse/ASoC-rt711-fix-for-JD-event-handling-in-ClockStop-Mo.patch patches.suse/ASoC-rt711-sdca-fix-for-JD-event-handling-in-ClockSt.patch patches.suse/ASoC-atmel-Fix-the-8K-sample-parameter-in-I2SC-maste.patch + patches.suse/dm-raid-fix-missing-reconfig_mutex-unlock-in-raid_ct-bae3.patch + patches.suse/dm-raid-clean-up-four-equivalent-goto-tags-in-raid_c-e74c.patch + patches.suse/dm-cache-policy-smq-ensure-IO-doesn-t-prevent-cleane-1e4a.patch patches.suse/s390-dasd-fix-hanging-device-after-quiesce-resume.patch patches.suse/s390-dasd-use-correct-number-of-retries-for-ERP-requests.patch patches.suse/s390-dasd-fix-hanging-device-after-request-requeue.patch @@ -43631,6 +43686,7 @@ patches.suse/bus-ti-sysc-Fix-cast-to-enum-warning.patch patches.suse/arm64-tegra-Update-AHUB-clock-parent-and-rate.patch patches.suse/dt-bindings-crypto-ti-sa2ul-make-power-domains-condi.patch + patches.suse/arm64-dts-qcom-sdm845-db845c-Mark-cont-splash-memory-region-as-reserved.patch patches.suse/ipmi-ssif-Add-check-for-kstrdup.patch patches.suse/ipmi-ssif-Fix-a-memory-leak-when-scanning-for-an-ada.patch patches.suse/ipmi_si-fix-a-memleak-in-try_smi_init.patch @@ -43663,6 +43719,8 @@ patches.suse/Revert-PCI-tegra194-Enable-support-for-256-Byte-payl.patch patches.suse/PCI-meson-Remove-cast-between-incompatible-function-.patch patches.suse/PCI-microchip-Remove-cast-between-incompatible-funct.patch + patches.suse/nvdimm-Fix-memleak-of-pmu-attr_groups-in-unregister_-85ae.patch + patches.suse/nvdimm-Fix-dereference-after-free-in-register_nvdimm-08ca.patch patches.suse/powerpc-pseries-Initialise-CPU-hotplug-callbacks-ear.patch patches.suse/powerpc-Add-HOTPLUG_SMT-support.patch patches.suse/powerpc-pseries-Honour-current-SMT-state-when-DLPAR-.patch @@ -44166,6 +44224,7 @@ patches.suse/RDMA-core-Require-admin-capabilities-to-set-system-p.patch patches.suse/gpio-pxa-disable-pinctrl-calls-for-MMP_GPIO.patch patches.suse/gpio-aspeed-fix-the-GPIO-number-passed-to-pinctrl_gp.patch + patches.suse/dm-zoned-free-dmz-ddev-array-in-dmz_put_zoned_device-9850.patch patches.suse/x86-sev-use-the-ghcb-protocol-when-available-for-snp-cpuid-requests.patch patches.suse/x86-sev-Change-npages-to-unsigned-long-in-snp_accept_memory.patch patches.suse/ALSA-hda-realtek-ALC287-merge-RTK-codec-with-CS-CS35.patch @@ -44180,6 +44239,7 @@ patches.suse/quota-Fix-slow-quotaoff.patch patches.suse/pinctrl-avoid-unsafe-code-pattern-in-find_pinctrl.patch patches.suse/pinctrl-renesas-rzn1-Enable-missing-PINMUX.patch + patches.suse/tee-amdtee-fix-use-after-free-vulnerability-in-amdte.patch patches.suse/ravb-Fix-use-after-free-issue-in-ravb_tx_timeout_wor.patch patches.suse/xen-netback-use-default-TX-queue-size-for-vifs.patch patches.suse/net-nfc-fix-races-in-nfc_llcp_sock_get-and-nfc_llcp_.patch @@ -44565,6 +44625,8 @@ patches.suse/leds-turris-omnia-Do-not-use-SMBUS-calls.patch patches.suse/leds-pwm-Don-t-disable-the-PWM-when-the-LED-should-b.patch patches.suse/leds-trigger-ledtrig-cpu-Fix-output-may-be-truncated.patch + patches.suse/libnvdimm-of_pmem-Use-devm_kstrdup-instead-of-kstrdu-6fd4.patch + patches.suse/nd_btt-Make-BTT-lanes-preemptible-36c7.patch patches.suse/scsi-qla2xxx-Use-FIELD_GET-to-extract-PCIe-capabilit.patch patches.suse/scsi-hisi_sas-Set-debugfs_dir-pointer-to-NULL-after-removing-debugfs.patch patches.suse/scsi-ibmvfc-Remove-BUG_ON-in-the-case-of-an-empty-ev.patch @@ -44770,6 +44832,7 @@ patches.suse/mm-kmem-drop-__GFP_NOFAIL-when-allocating-objcg-vectors.patch patches.suse/Revert-i2c-pxa-move-to-generic-GPIO-recovery.patch patches.suse/i2c-designware-Fix-corrupted-memory-seen-in-the-ISR.patch + patches.suse/dm-delay-fix-a-race-between-delay_presuspend-and-del-6fc4.patch patches.suse/dm-verity-don-t-use-blocking-calls-from-tasklets-28f0.patch patches.suse/nfsd-fix-file-memleak-on-client_opens_release.patch patches.suse/scsi-qla2xxx-Fix-system-crash-due-to-bad-pointer-access.patch @@ -44787,6 +44850,16 @@ patches.suse/HID-hid-asus-add-const-to-read-only-outgoing-usb-buf.patch patches.suse/HID-hid-asus-reset-the-backlight-brightness-level-on.patch patches.suse/HID-multitouch-Add-quirk-for-HONOR-GLO-GXXX-touchpad.patch + patches.suse/bcache-avoid-oversize-memory-allocation-by-small-str-baf8.patch + patches.suse/bcache-check-return-value-from-btree_node_alloc_repl-7779.patch + patches.suse/bcache-remove-redundant-assignment-to-variable-cur_i-be93.patch + patches.suse/bcache-prevent-potential-division-by-zero-error-2c7f.patch + patches.suse/bcache-fixup-init-dirty-data-errors-7cc4.patch + patches.suse/bcache-fixup-lock-c-root-error-e348.patch + patches.suse/bcache-fixup-multi-threaded-bch_sectors_dirty_init-w-2faa.patch + patches.suse/bcache-replace-a-mistaken-IS_ERR-by-IS_ERR_OR_NULL-i-f72f.patch + patches.suse/bcache-add-code-comments-for-bch_btree_node_get-and--31f5.patch + patches.suse/bcache-avoid-NULL-checking-to-c-root-in-run_cache_se-3eba.patch patches.suse/md-fix-bi_status-reporting-in-md_end_clone_io-45b4.patch patches.suse/s390-dasd-protect-device-queue-against-concurrent-access.patch patches.suse/nvmet-nul-terminate-the-NQNs-passed-in-the-connect-c.patch @@ -44833,6 +44906,9 @@ patches.suse/wifi-cfg80211-lock-wiphy-mutex-for-rfkill-poll.patch patches.suse/uapi-propagate-__struct_group-attributes-to-the-cont.patch patches.suse/dm-verity-initialize-fec-io-before-freeing-it-7be0.patch + patches.suse/dm-verity-don-t-perform-FEC-for-failed-readahead-IO-0193.patch + patches.suse/dm-verity-align-struct-dm_verity_fec_io-properly-38bc.patch + patches.suse/bcache-revert-replacing-IS_ERR_OR_NULL-with-IS_ERR-bb6c.patch patches.suse/nvme-core-check-for-too-small-lba-shift.patch patches.suse/drm-i915-Call-intel_pre_plane_updates-also-for-pipes.patch patches.suse/drm-amd-display-Include-udelay-when-waiting-for-INBO.patch @@ -44995,6 +45071,7 @@ patches.suse/perf-Fix-perf_event_validate_size-lockdep-splat.patch patches.suse/spi-atmel-Fix-clock-issue-when-using-devices-with-di.patch patches.suse/ring-buffer-Fix-slowpath-of-interrupted-event.patch + patches.suse/dm-integrity-don-t-modify-bio-s-immutable-bio_vec-in-b86f.patch patches.suse/reset-hisilicon-hi6220-fix-Wvoid-pointer-to-enum-cas.patch patches.suse/reset-Fix-crash-when-freeing-non-existent-optional-r.patch patches.suse/bus-ti-sysc-Flush-posted-write-only-after-srst_udela.patch @@ -45395,6 +45472,7 @@ patches.suse/iio-adc-ad9467-add-mutex-to-struct-ad9467_state.patch patches.suse/iio-adc-ad7091r-Pass-iio_dev-to-event-handler.patch patches.suse/iio-adc-ad7091r-Set-alert-bit-in-config-register.patch + patches.suse/iio-adc-ad7091r-Allow-users-to-configure-device-events.patch patches.suse/uio-Fix-use-after-free-in-uio_open.patch patches.suse/acpi-property-Let-args-be-NULL-in-__acpi_node_get_pr.patch patches.suse/software-node-Let-args-be-NULL-in-software_node_get_.patch @@ -45525,6 +45603,7 @@ patches.suse/nvmet-fc-avoid-deadlock-on-delete-association-path.patch patches.suse/nvmet-fc-take-ref-count-on-tgtport-before-delete-ass.patch patches.suse/dm-limit-the-number-of-targets-and-parameter-size-ar.patch + patches.suse/dm-crypt-dm-verity-disable-tasklets-0a9b.patch patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-ZBook-.patch patches.suse/ALSA-hda-cs8409-Suppress-vmaster-control-for-Dolphin.patch patches.suse/ALSA-usb-audio-Add-a-quirk-for-Yamaha-YIT-W12TX-tran.patch @@ -45578,8 +45657,12 @@ patches.suse/KVM-s390-vsie-fix-race-during-shadow-creation.patch patches.suse/KVM-s390-fix-cc-for-successful-PQAP.patch patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_pla.patch + patches.suse/net-stmmac-xgmac-fix-handling-of-DPP-safety-error-fo.patch + patches.suse/netdevsim-avoid-potential-loop-in-nsim_dev_trap_repo.patch + patches.suse/net-atlantic-Fix-DMA-mapping-for-PTP-hwts-ring.patch patches.suse/atm-idt77252-fix-a-memleak-in-open_card_ubr0.patch patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch + patches.suse/net-stmmac-xgmac-fix-a-typo-of-register-name-in-DPP-.patch patches.suse/wifi-mac80211-adding-missing-drv_mgd_complete_tx-cal.patch patches.suse/s390-qeth-Fix-potential-loss-of-L3-IP-in-case-of-network-issues.patch patches.suse/drm-i915-gvt-Fix-uninitialized-variable-in-handle_mm.patch @@ -45605,6 +45688,8 @@ patches.suse/nvme-host-fix-the-updating-of-the-firmware-version.patch patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-for-small-block-sizes.patch patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch + patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch + patches.suse/nilfs2-fix-potential-bug-in-end_buffer_async_write.patch patches.suse/x86-fpu-Stop-relying-on-userspace-for-info-to-fault-in-xsa.patch patches.suse/HID-wacom-Do-not-register-input-devices-until-after-.patch patches.suse/HID-multitouch-Add-required-quirk-for-Synaptics-0xcd-1741a82.patch @@ -45613,6 +45698,7 @@ patches.suse/spi-mxs-Fix-chipselect-glitch.patch patches.suse/net-openvswitch-limit-the-number-of-recursions-from-.patch patches.suse/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch + patches.suse/net-stmmac-xgmac-use-define-for-string-constants.patch patches.suse/wifi-iwlwifi-Fix-some-error-codes.patch patches.suse/wifi-iwlwifi-uninitialized-variable-in-iwl_acpi_get_.patch patches.suse/can-j1939-Fix-UAF-in-j1939_sk_match_filter-during-se.patch @@ -45666,7 +45752,10 @@ patches.suse/RDMA-srpt-Support-specifying-the-srpt_service_guid-p.patch patches.suse/RDMA-qedr-Fix-qedr_create_user_qp-error-flow.patch patches.suse/RDMA-srpt-fix-function-pointer-cast-warnings.patch + patches.suse/gtp-fix-use-after-free-and-null-ptr-deref-in-gtp_gen.patch patches.suse/bpf-scripts-Correct-GPL-license-name.patch + patches.suse/bpf-Fix-racing-between-bpf_timer_cancel_and_free-and.patch + patches.suse/selftests-bpf-Test-racing-between-bpf_timer_cancel_a.patch patches.suse/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch patches.suse/platform-x86-touchscreen_dmi-Allow-partial-prefix-ma.patch @@ -45677,7 +45766,10 @@ patches.suse/drm-ttm-Fix-an-invalid-freeing-on-already-freed-page.patch patches.suse/drm-syncobj-call-drm_syncobj_fence_add_wait-when-WAI.patch patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch + patches.suse/dm-crypt-don-t-modify-the-data-when-using-authentica-50c7.patch + patches.suse/dm-verity-dm-crypt-align-struct-bvec_iter-correctly-787f.patch patches.suse/s390-use-the-correct-count-for-__iowrite64_copy.patch + patches.suse/ARM-ep93xx-Add-terminator-to-gpiod_lookup_table.patch patches.suse/arm64-dts-rockchip-set-num-cs-property-for-spi-on-px30.patch patches.suse/i2c-imx-when-being-a-target-mark-the-last-read-as-pr.patch patches.suse/PCI-MSI-Prevent-MSI-hardware-interrupt-number-truncation.patch @@ -45699,6 +45791,7 @@ patches.suse/lan78xx-enable-auto-speed-configuration-for-LAN7850-.patch patches.suse/net-usb-dm9601-fix-wrong-return-value-in-dm9601_mdio.patch patches.suse/wifi-nl80211-reject-iftype-change-with-mesh-ID-chang.patch + patches.suse/gtp-fix-use-after-free-and-null-ptr-deref-in-gtp_new.patch patches.suse/Bluetooth-hci_sync-Check-the-correct-flag-before-sta.patch patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch patches.suse/Bluetooth-hci_sync-Fix-accept_list-when-attempting-t.patch @@ -45760,8 +45853,17 @@ patches.suse/i2c-i801-Avoid-potential-double-call-to-gpiod_remove.patch patches.suse/i2c-wmt-Fix-an-error-handling-path-in-wmt_i2c_probe.patch patches.suse/i2c-aspeed-Fix-the-dummy-irq-expected-print.patch + patches.suse/tracing-Remove-precision-vsnprintf-check-from-print-event.patch + patches.suse/ring-buffer-Fix-waking-up-ring-buffer-readers.patch + patches.suse/ring-buffer-Fix-resetting-of-shortest_full.patch + patches.suse/tracing-Use-.flush-call-to-wake-up-readers.patch patches.suse/lib-cmdline-Fix-an-invalid-format-specifier-in-an-as.patch + patches.suse/md-Don-t-clear-MD_CLOSING-when-the-raid-is-about-to--9674.patch patches.suse/md-raid5-fix-atomicity-violation-in-raid5_cache_coun-dfd2.patch + patches.suse/md-raid1-fix-choose-next-idle-in-read_balance-257a.patch + patches.suse/md-don-t-clear-MD_RECOVERY_FROZEN-for-new-dm-raid-un-2f03.patch + patches.suse/dm-raid-fix-lockdep-waring-in-pers-hot_add_disk-9500.patch + patches.suse/x86-sev-Harden-VC-instruction-emulation-somewhat patches.suse/RAS-Introduce-AMD-Address-Translation-Library.patch patches.suse/EDAC-amd64-Use-new-AMD-Address-Translation-Library.patch patches.suse/Documentation-RAS-Add-index-and-address-translation-sectio.patch @@ -45828,6 +45930,8 @@ patches.suse/0001-PCI-Make-pci_dev_is_disconnected-helper-public-for-o.patch patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch patches.suse/0001-iommu-amd-Mark-interrupt-as-managed.patch + patches.suse/dm-raid-fix-false-positive-for-requeue-needed-during-b25b.patch + patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch patches.suse/pwm-mediatek-Update-kernel-doc-for-struct-pwm_mediat.patch patches.suse/mmc-tmio-avoid-concurrent-runs-of-mmc_request_done.patch patches.suse/mmc-wmt-sdmmc-remove-an-incorrect-release_mem_region.patch @@ -45885,9 +45989,13 @@ patches.suse/leds-aw2013-Unlock-mutex-before-destroying-it.patch patches.suse/platform-mellanox-mlxreg-hotplug-Remove-redundant-NU.patch patches.suse/PCI-AER-Fix-rootport-attribute-paths-in-ABI-docs.patch + patches.suse/PCI-AER-Block-runtime-suspend-when-handling-errors.patch + patches.suse/pci_iounmap-Fix-MMIO-mapping-leak.patch patches.suse/PCI-DPC-Print-all-TLP-Prefixes-not-just-the-first.patch + patches.suse/PCI-DPC-Quirk-PIO-log-size-for-Intel-Raptor-Lake-Roo.patch patches.suse/PCI-Mark-3ware-9650SE-Root-Port-Extended-Tags-as-bro.patch patches.suse/PCI-P2PDMA-Fix-a-sleeping-issue-in-a-RCU-read-sectio.patch + patches.suse/PCI-PM-Drain-runtime-idle-callbacks-before-driver-re.patch patches.suse/PCI-switchtec-Fix-an-error-handling-path-in-switchte.patch patches.suse/PCI-dwc-endpoint-Fix-advertised-resizable-BAR-size.patch patches.suse/PCI-qcom-Enable-BDF-to-SID-translation-properly.patch @@ -45902,6 +46010,10 @@ patches.suse/ASoC-meson-axg-tdm-interface-add-frame-rate-constrai.patch patches.suse/ALSA-aaci-Delete-unused-variable-in-aaci_do_suspend.patch patches.suse/ALSA-usb-audio-Stop-parsing-channels-bits-when-all-c.patch + patches.suse/ring-buffer-Do-not-set-shortest_full-when-full-target-is-hit.patch + patches.suse/ring-buffer-Fix-full_waiters_pending-in-poll.patch + patches.suse/ring-buffer-Use-wait_event_interruptible-in-ring_buffer_wait.patch + patches.suse/tracing-ring-buffer-Fix-wait_on_pipe-race.patch patches.suse/0001-lib-stackdepot-Fix-first-entry-having-a-0-handle.patch patches.suse/0002-lib-stackdepot-Move-stack_record-struct-definition-i.patch patches.suse/0003-mm-page_owner-Maintain-own-list-of-stack_records-str.patch @@ -45940,19 +46052,42 @@ patches.suse/crypto-qat-resolve-race-condition-during-AER-recover.patch patches.suse/crypto-arm-sha-fix-function-cast-warnings.patch patches.suse/crypto-qat-avoid-division-by-zero.patch + patches.suse/powerpc-pseries-Add-a-clear-modifier-to-ibm-pa-pi-fe.patch + patches.suse/powerpc-pseries-Set-CPU_FTR_DBELL-according-to-ibm-p.patch patches.suse/powerpc-pseries-Fix-potential-memleak-in-papr_get_at.patch patches.suse/x86-CPU-AMD-Update-the-Zenbleed-microcode-revisions.patch patches.suse/net-sunrpc-Fix-an-off-by-one-in-rpc_sockaddr2uaddr.patch patches.suse/NFSv4.2-fix-nfs4_listxattr-kernel-BUG-at-mm-usercopy.patch patches.suse/NFSv4.2-fix-listxattr-maximum-XDR-buffer-size.patch patches.suse/NFS-Fix-an-off-by-one-in-root_nfs_cat.patch + patches.suse/scsi-lpfc-Initialize-status-local-variable-in-lpfc_s.patch + patches.suse/scsi-lpfc-Fix-possible-memory-leak-in-lpfc_rcv_padis.patch + patches.suse/scsi-lpfc-Use-sg_dma_len-API-to-get-struct-scatterli.patch + patches.suse/scsi-lpfc-Remove-D_ID-swap-log-message-from-trace-ev.patch + patches.suse/scsi-lpfc-Allow-lpfc_plogi_confirm_nport-logic-to-ex.patch + patches.suse/scsi-lpfc-Remove-NLP_RCV_PLOGI-early-return-during-R.patch + patches.suse/scsi-lpfc-Fix-failure-to-delete-vports-when-discover.patch + patches.suse/scsi-lpfc-Add-condition-to-delete-ndlp-object-after-.patch + patches.suse/scsi-lpfc-Save-FPIN-frequency-statistics-upon-receip.patch + patches.suse/scsi-lpfc-Move-handling-of-reset-congestion-statisti.patch + patches.suse/scsi-lpfc-Remove-shost_lock-protection-for-fc_host_p.patch + patches.suse/scsi-lpfc-Change-nlp-state-statistic-counters-into-a.patch + patches.suse/scsi-lpfc-Protect-vport-fc_nodes-list-with-an-explic.patch + patches.suse/scsi-lpfc-Change-lpfc_vport-fc_flag-member-into-a-bi.patch + patches.suse/scsi-lpfc-Change-lpfc_vport-load_flag-member-into-a-.patch + patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.0.patch + patches.suse/scsi-lpfc-Copyright-updates-for-14.4.0.0-patches.patch + patches.suse/scsi-lpfc-Replace-deprecated-strncpy-with-strscpy.patch patches.suse/watchdog-stm32_iwdg-initialize-default-timeout.patch + patches.suse/tracing-Have-saved_cmdlines-arrays-all-in-one-allocation.patch + patches.suse/ring-buffer-Make-wake-once-of-ring_buffer_wait-more-robust.patch patches.suse/RDMA-irdma-Remove-duplicate-assignment.patch patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch patches.suse/RDMA-hns-Fix-mis-modifying-default-congestion-contro.patch patches.suse/RDMA-device-Fix-a-race-between-mad_client-and-cm_cli.patch patches.suse/RDMA-rtrs-clt-Check-strnlen-return-len-in-sysfs-mpat.patch patches.suse/msft-hv-2962-RDMA-mana_ib-Fix-bug-in-creation-of-dma-regions.patch + patches.suse/vdpa-mlx5-Allow-CVQ-size-changes.patch patches.suse/s390-vtime-fix-average-steal-time-calculation.patch patches.suse/arm64-dts-broadcom-bcmbca-bcm4908-drop-invalid-switch-cells.patch patches.suse/usb-audio-v2-Correct-comments-for-struct-uac_clock_s.patch @@ -45996,6 +46131,7 @@ patches.suse/ALSA-aoa-avoid-false-positive-format-truncation-warn.patch patches.suse/mmc-core-Initialize-mmc_blk_ioc_data.patch patches.suse/mmc-core-Avoid-negative-index-with-array-access.patch + patches.suse/dm-integrity-fix-out-of-range-warning-8e91.patch patches.suse/ACPICA-debugger-check-status-of-acpi_evaluate_object.patch patches.suse/x86-bugs-Fix-the-SRSO-mitigation-on-Zen3-4.patch patches.suse/drm-amdkfd-fix-TLB-flush-after-unmap-for-GFX9.4.2.patch @@ -46017,46 +46153,6 @@ patches.suse/usb-typec-Return-size-of-buffer-if-pd_set-operation-.patch patches.suse/usb-typec-ucsi-Clear-EVENT_PENDING-under-PPM-lock.patch patches.suse/usb-typec-ucsi-Check-for-notifications-after-init.patch - patches.suse/RAS-Avoid-build-errors-when-CONFIG_DEBUG_FS-n.patch - patches.suse/vboxsf-Avoid-an-spurious-warning-if-load_nls_xxx-fai.patch - patches.suse/msft-hv-2971-net-mana-Fix-Rx-DMA-datasize-and-skb_over_panic.patch - patches.suse/drm-panfrost-fix-power-transition-timeout-warnings.patch - patches.suse/drm-display-fix-typo.patch - patches.suse/drm-i915-gt-Do-not-generate-the-command-streamer-for.patch - patches.suse/ALSA-hda-realtek-Update-Panasonic-CF-SZ6-quirk-to-su.patch - patches.suse/ASoC-ops-Fix-wraparound-for-mask-in-snd_soc_get_vols.patch - patches.suse/ASoC-rt5682-sdw-fix-locking-sequence.patch - patches.suse/ASoC-rt711-sdca-fix-locking-sequence.patch - patches.suse/ASoC-rt711-sdw-fix-locking-sequence.patch - patches.suse/ASoC-amd-acp-fix-for-acp_init-function-error-handlin.patch - patches.suse/ata-sata_sx4-fix-pdc20621_get_from_dimm-on-64-bit.patch - patches.suse/ata-sata_mv-Fix-PCI-device-ID-table-declaration-comp.patch - patches.suse/0001-stackdepot-rename-pool_index-to-pool_index_plus_1.patch - - # jejb/scsi for-next - patches.suse/scsi-lpfc-Initialize-status-local-variable-in-lpfc_s.patch - patches.suse/scsi-lpfc-Fix-possible-memory-leak-in-lpfc_rcv_padis.patch - patches.suse/scsi-lpfc-Use-sg_dma_len-API-to-get-struct-scatterli.patch - patches.suse/scsi-lpfc-Remove-D_ID-swap-log-message-from-trace-ev.patch - patches.suse/scsi-lpfc-Allow-lpfc_plogi_confirm_nport-logic-to-ex.patch - patches.suse/scsi-lpfc-Remove-NLP_RCV_PLOGI-early-return-during-R.patch - patches.suse/scsi-lpfc-Fix-failure-to-delete-vports-when-discover.patch - patches.suse/scsi-lpfc-Add-condition-to-delete-ndlp-object-after-.patch - patches.suse/scsi-lpfc-Save-FPIN-frequency-statistics-upon-receip.patch - patches.suse/scsi-lpfc-Move-handling-of-reset-congestion-statisti.patch - patches.suse/scsi-lpfc-Remove-shost_lock-protection-for-fc_host_p.patch - patches.suse/scsi-lpfc-Change-nlp-state-statistic-counters-into-a.patch - patches.suse/scsi-lpfc-Protect-vport-fc_nodes-list-with-an-explic.patch - patches.suse/scsi-lpfc-Change-lpfc_vport-fc_flag-member-into-a-bi.patch - patches.suse/scsi-lpfc-Change-lpfc_vport-load_flag-member-into-a-.patch - patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.0.patch - patches.suse/scsi-lpfc-Copyright-updates-for-14.4.0.0-patches.patch - - # powerpc/linux next - patches.suse/powerpc-pseries-Add-a-clear-modifier-to-ibm-pa-pi-fe.patch - patches.suse/powerpc-pseries-Set-CPU_FTR_DBELL-according-to-ibm-p.patch - - # mkp/scsi queue patches.suse/scsi-lpfc-Correct-size-for-wqe-for-memset.patch patches.suse/scsi-lpfc-Correct-size-for-cmdwqe-rspwqe-for-memset.patch patches.suse/scsi-qla2xxx-Prevent-command-send-on-chip-reset.patch @@ -46082,17 +46178,25 @@ patches.suse/scsi-lpfc-Define-types-in-a-union-for-generic-void-c.patch patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.1.patch patches.suse/scsi-lpfc-Copyright-updates-for-14.4.0.1-patches.patch - - # mkp/scsi for-next - patches.suse/scsi-lpfc-Replace-deprecated-strncpy-with-strscpy.patch - - # ras/ras edac-for-next patches.suse/RAS-AMD-FMPM-Avoid-NULL-ptr-deref-in-get_saved_records.patch patches.suse/RAS-AMD-FMPM-Safely-handle-saved-records-of-various-sizes.patch - patches.suse/RAS-AMD-FMPM-Fix-build-when-debugfs-is-not-enabled.patch - - # bpf/bpf + patches.suse/RAS-Avoid-build-errors-when-CONFIG_DEBUG_FS-n.patch + patches.suse/vboxsf-Avoid-an-spurious-warning-if-load_nls_xxx-fai.patch + patches.suse/msft-hv-2971-net-mana-Fix-Rx-DMA-datasize-and-skb_over_panic.patch + patches.suse/net-usb-ax88179_178a-avoid-the-interface-always-conf.patch patches.suse/bpf-sockmap-Prevent-lock-inversion-deadlock-in-map-d.patch + patches.suse/drm-panfrost-fix-power-transition-timeout-warnings.patch + patches.suse/drm-display-fix-typo.patch + patches.suse/drm-i915-gt-Do-not-generate-the-command-streamer-for.patch + patches.suse/ALSA-hda-realtek-Update-Panasonic-CF-SZ6-quirk-to-su.patch + patches.suse/ASoC-ops-Fix-wraparound-for-mask-in-snd_soc_get_vols.patch + patches.suse/ASoC-rt5682-sdw-fix-locking-sequence.patch + patches.suse/ASoC-rt711-sdca-fix-locking-sequence.patch + patches.suse/ASoC-rt711-sdw-fix-locking-sequence.patch + patches.suse/ASoC-amd-acp-fix-for-acp_init-function-error-handlin.patch + patches.suse/ata-sata_sx4-fix-pdc20621_get_from_dimm-on-64-bit.patch + patches.suse/ata-sata_mv-Fix-PCI-device-ID-table-declaration-comp.patch + patches.suse/0001-stackdepot-rename-pool_index-to-pool_index_plus_1.patch # out-of-tree patches patches.suse/cifs-Fix-UAF-in-cifs_demultiplex_thread-.patch @@ -46517,9 +46621,6 @@ # bsc#1166486 patches.suse/nvdimm-disable-namespace-on-error.patch - # bsc#1177529 - patches.suse/Avoid-deadlock-for-recursive-I-O-on-dm-thin-when-used-as-swap-4905.patch - patches.suse/sbitmap-avoid-lockups-when-waker-gets-preempted.patch # bsc#1184485, bsc#1216776 @@ -46595,6 +46696,7 @@ # Tracing patches.suse/0003-Add-external-no-support-as-bad-taint-module.patch + patches.suse/kprobes-Fix-double-free-of-kretprobe_holder.patch ######################################################## # Livepatching @@ -46751,6 +46853,7 @@ patches.kabi/SUNRPC-Fix-RPC-client-cleaned-up-the-freed-pipefs-de.patch patches.kabi/pNFS-Fix-the-pnfs-block-driver-s-calculation-of-layo.patch patches.kabi/PCI-Add-locking-to-RMW-PCI-Express-Capability-Regist.patch + patches.kabi/kABI-Adjust-trace_iterator.wait_index.patch ######################################################## # SLE15-SP3 OOT performance patches evaluated but left