diff --git a/blacklist.conf b/blacklist.conf index f9fd0c0..6bbd4c8 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -816,3 +816,4 @@ db886979683a8360ced9b24ab1125ad0c4d2cf76 # we already have this commit f81fead027ecbb525c29d681eb95a222e76306a3 # correction in a comment only 2355370cd941cbb20882cc3f34460f9f2b8f9a18 # already have it as part of a different commit 7fce8d6eccbc31a561d07c79f359ad09f0424347 # already have it as part of a different commit +9dba4d24cbb5524dd39ab1e08886373b17f07ff2 # breaks KABI diff --git a/patches.suse/KVM-LAPIC-Enable-timer-posted-interrupt-only-when-mw.patch b/patches.suse/KVM-LAPIC-Enable-timer-posted-interrupt-only-when-mw.patch new file mode 100644 index 0000000..69293f1 --- /dev/null +++ b/patches.suse/KVM-LAPIC-Enable-timer-posted-interrupt-only-when-mw.patch @@ -0,0 +1,52 @@ +Patch-mainline: v5.18-rc1 +Git-commit: 1714a4eb6fb0cb79f182873cd011a8ed60ac65e8 +References: git-fixes +From: Wanpeng Li +Date: Tue, 25 Jan 2022 04:08:58 -0800 +Subject: [PATCH] KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt + is advertised + +As commit 0c5f81dad46 ("KVM: LAPIC: Inject timer interrupt via posted +interrupt") mentioned that the host admin should well tune the guest +setup, so that vCPUs are placed on isolated pCPUs, and with several pCPUs +surplus for *busy* housekeeping. In this setup, it is preferrable to +disable mwait/hlt/pause vmexits to keep the vCPUs in non-root mode. + +However, if only some guests isolated and others not, they would not +have any benefit from posted timer interrupts, and at the same time lose +VMX preemption timer fast paths because kvm_can_post_timer_interrupt() +returns true and therefore forces kvm_can_use_hv_timer() to false. + +By guaranteeing that posted-interrupt timer is only used if MWAIT or +HLT are done without vmexit, KVM can make a better choice and use the +VMX preemption timer and the corresponding fast paths. + +Reported-by: Aili Yao +Reviewed-by: Sean Christopherson +Cc: Aili Yao +Cc: Sean Christopherson +Signed-off-by: Wanpeng Li +Message-Id: <1643112538-36743-1-git-send-email-wanpengli@tencent.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/lapic.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c +index 5fe507242960..dd4e2888c244 100644 +--- a/arch/x86/kvm/lapic.c ++++ b/arch/x86/kvm/lapic.c +@@ -113,7 +113,8 @@ static inline u32 kvm_x2apic_id(struct kvm_lapic *apic) + + static bool kvm_can_post_timer_interrupt(struct kvm_vcpu *vcpu) + { +- return pi_inject_timer && kvm_vcpu_apicv_active(vcpu); ++ return pi_inject_timer && kvm_vcpu_apicv_active(vcpu) && ++ (kvm_mwait_in_guest(vcpu->kvm) || kvm_hlt_in_guest(vcpu->kvm)); + } + + bool kvm_can_use_hv_timer(struct kvm_vcpu *vcpu) +-- +2.35.3 + diff --git a/patches.suse/KVM-SVM-Don-t-rewrite-guest-ICR-on-AVIC-IPI-virtuali.patch b/patches.suse/KVM-SVM-Don-t-rewrite-guest-ICR-on-AVIC-IPI-virtuali.patch new file mode 100644 index 0000000..0f1e71b --- /dev/null +++ b/patches.suse/KVM-SVM-Don-t-rewrite-guest-ICR-on-AVIC-IPI-virtuali.patch @@ -0,0 +1,73 @@ +Patch-mainline: v5.18-rc1 +Git-commit: b51818afdc1d3c7cc269e295953685558d3af71c +References: git-fixes +From: Sean Christopherson +Date: Fri, 4 Feb 2022 21:41:59 +0000 +Subject: [PATCH] KVM: SVM: Don't rewrite guest ICR on AVIC IPI virtualization + failure + +Don't bother rewriting the ICR value into the vAPIC page on an AVIC IPI +virtualization failure, the access is a trap, i.e. the value has already +been written to the vAPIC page. The one caveat is if hardware left the +BUSY flag set (which appears to happen somewhat arbitrarily), in which +case go through the "nodecode" APIC-write path in order to clear the BUSY +flag. + +Signed-off-by: Sean Christopherson +Message-Id: <20220204214205.3306634-6-seanjc@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/lapic.c | 1 + + arch/x86/kvm/svm/avic.c | 22 +++++++++++----------- + 2 files changed, 12 insertions(+), 11 deletions(-) + +diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c +index 307f81635b6c..2b5db464c7aa 100644 +--- a/arch/x86/kvm/lapic.c ++++ b/arch/x86/kvm/lapic.c +@@ -1291,6 +1291,7 @@ void kvm_apic_send_ipi(struct kvm_lapic *apic, u32 icr_low, u32 icr_high) + + kvm_irq_delivery_to_apic(apic->vcpu->kvm, apic, &irq, NULL); + } ++EXPORT_SYMBOL_GPL(kvm_apic_send_ipi); + + static u32 apic_get_tmcct(struct kvm_lapic *apic) + { +diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c +index 45b4bc657f74..aea0b13773fd 100644 +--- a/arch/x86/kvm/svm/avic.c ++++ b/arch/x86/kvm/svm/avic.c +@@ -324,18 +324,18 @@ int avic_incomplete_ipi_interception(struct kvm_vcpu *vcpu) + switch (id) { + case AVIC_IPI_FAILURE_INVALID_INT_TYPE: + /* +- * AVIC hardware handles the generation of +- * IPIs when the specified Message Type is Fixed +- * (also known as fixed delivery mode) and +- * the Trigger Mode is edge-triggered. The hardware +- * also supports self and broadcast delivery modes +- * specified via the Destination Shorthand(DSH) +- * field of the ICRL. Logical and physical APIC ID +- * formats are supported. All other IPI types cause +- * a #VMEXIT, which needs to emulated. ++ * Emulate IPIs that are not handled by AVIC hardware, which ++ * only virtualizes Fixed, Edge-Triggered INTRs. The exit is ++ * a trap, e.g. ICR holds the correct value and RIP has been ++ * advanced, KVM is responsible only for emulating the IPI. ++ * Sadly, hardware may sometimes leave the BUSY flag set, in ++ * which case KVM needs to emulate the ICR write as well in ++ * order to clear the BUSY flag. + */ +- kvm_lapic_reg_write(apic, APIC_ICR2, icrh); +- kvm_lapic_reg_write(apic, APIC_ICR, icrl); ++ if (icrl & APIC_ICR_BUSY) ++ kvm_apic_write_nodecode(vcpu, APIC_ICR); ++ else ++ kvm_apic_send_ipi(apic, icrl, icrh); + break; + case AVIC_IPI_FAILURE_TARGET_NOT_RUNNING: + /* +-- +2.35.3 + diff --git a/patches.suse/KVM-VMX-Introduce-vmx_msr_bitmap_l01_changed-helper.patch b/patches.suse/KVM-VMX-Introduce-vmx_msr_bitmap_l01_changed-helper.patch new file mode 100644 index 0000000..85aca94 --- /dev/null +++ b/patches.suse/KVM-VMX-Introduce-vmx_msr_bitmap_l01_changed-helper.patch @@ -0,0 +1,72 @@ +Patch-mainline: v5.17-rc1 +Git-commit: b84155c38076b36d625043a06a2f1c90bde62903 +References: git-fixes +From: Vitaly Kuznetsov +Date: Mon, 29 Nov 2021 10:47:02 +0100 +Subject: [PATCH] KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper + +In preparation to enabling 'Enlightened MSR Bitmap' feature for Hyper-V +guests move MSR bitmap update tracking to a dedicated helper. + +Note: vmx_msr_bitmap_l01_changed() is called when MSR bitmap might be +updated. KVM doesn't check if the bit we're trying to set is already set +(or the bit it's trying to clear is already cleared). Such situations +should not be common and a few false positives should not be a problem. + +No functional change intended. + +Signed-off-by: Vitaly Kuznetsov +Reviewed-by: Maxim Levitsky +Reviewed-by: Sean Christopherson +Message-Id: <20211129094704.326635-3-vkuznets@redhat.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/vmx/vmx.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c +index 9d7f26eaf05f..7ee50671191b 100644 +--- a/arch/x86/kvm/vmx/vmx.c ++++ b/arch/x86/kvm/vmx/vmx.c +@@ -3688,6 +3688,17 @@ void free_vpid(int vpid) + spin_unlock(&vmx_vpid_lock); + } + ++static void vmx_msr_bitmap_l01_changed(struct vcpu_vmx *vmx) ++{ ++ /* ++ * When KVM is a nested hypervisor on top of Hyper-V and uses ++ * 'Enlightened MSR Bitmap' feature L0 needs to know that MSR ++ * bitmap has changed. ++ */ ++ if (static_branch_unlikely(&enable_evmcs)) ++ evmcs_touch_msr_bitmap(); ++} ++ + void vmx_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type) + { + struct vcpu_vmx *vmx = to_vmx(vcpu); +@@ -3696,8 +3707,7 @@ void vmx_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type) + if (!cpu_has_vmx_msr_bitmap()) + return; + +- if (static_branch_unlikely(&enable_evmcs)) +- evmcs_touch_msr_bitmap(); ++ vmx_msr_bitmap_l01_changed(vmx); + + /* + * Mark the desired intercept state in shadow bitmap, this is needed +@@ -3741,8 +3751,7 @@ void vmx_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type) + if (!cpu_has_vmx_msr_bitmap()) + return; + +- if (static_branch_unlikely(&enable_evmcs)) +- evmcs_touch_msr_bitmap(); ++ vmx_msr_bitmap_l01_changed(vmx); + + /* + * Mark the desired intercept state in shadow bitmap, this is needed +-- +2.35.3 + diff --git a/patches.suse/KVM-VMX-Set-vmcs.PENDING_DBG.BS-on-DB-in-STI-MOVSS-b.patch b/patches.suse/KVM-VMX-Set-vmcs.PENDING_DBG.BS-on-DB-in-STI-MOVSS-b.patch new file mode 100644 index 0000000..4aad261 --- /dev/null +++ b/patches.suse/KVM-VMX-Set-vmcs.PENDING_DBG.BS-on-DB-in-STI-MOVSS-b.patch @@ -0,0 +1,100 @@ +Patch-mainline: v5.17-rc2 +Git-commit: b9bed78e2fa9571b7c983b20666efa0009030c71 +References: git-fixes +From: Sean Christopherson +Date: Thu, 20 Jan 2022 00:06:24 +0000 +Subject: [PATCH] KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS + blocking shadow + +Set vmcs.GUEST_PENDING_DBG_EXCEPTIONS.BS, a.k.a. the pending single-step +breakpoint flag, when re-injecting a #DB with RFLAGS.TF=1, and STI or +MOVSS blocking is active. Setting the flag is necessary to make VM-Entry +consistency checks happy, as VMX has an invariant that if RFLAGS.TF is +set and STI/MOVSS blocking is true, then the previous instruction must +have been STI or MOV/POP, and therefore a single-step #DB must be pending +since the RFLAGS.TF cannot have been set by the previous instruction, +i.e. the one instruction delay after setting RFLAGS.TF must have already +expired. + +Normally, the CPU sets vmcs.GUEST_PENDING_DBG_EXCEPTIONS.BS appropriately +when recording guest state as part of a VM-Exit, but #DB VM-Exits +intentionally do not treat the #DB as "guest state" as interception of +the #DB effectively makes the #DB host-owned, thus KVM needs to manually +set PENDING_DBG.BS when forwarding/re-injecting the #DB to the guest. + +Note, although this bug can be triggered by guest userspace, doing so +requires IOPL=3, and guest userspace running with IOPL=3 has full access +to all I/O ports (from the guest's perspective) and can crash/reboot the +guest any number of ways. IOPL=3 is required because STI blocking kicks +in if and only if RFLAGS.IF is toggled 0=>1, and if CPL>IOPL, STI either +takes a #GP or modifies RFLAGS.VIF, not RFLAGS.IF. + +MOVSS blocking can be initiated by userspace, but can be coincident with +a #DB if and only if DR7.GD=1 (General Detect enabled) and a MOV DR is +executed in the MOVSS shadow. MOV DR #GPs at CPL>0, thus MOVSS blocking +is problematic only for CPL0 (and only if the guest is crazy enough to +access a DR in a MOVSS shadow). All other sources of #DBs are either +suppressed by MOVSS blocking (single-step, code fetch, data, and I/O), +are mutually exclusive with MOVSS blocking (T-bit task switch), or are +already handled by KVM (ICEBP, a.k.a. INT1). + +This bug was originally found by running tests[1] created for XSA-308[2]. +Note that Xen's userspace test emits ICEBP in the MOVSS shadow, which is +presumably why the Xen bug was deemed to be an exploitable DOS from guest +userspace. KVM already handles ICEBP by skipping the ICEBP instruction +and thus clears MOVSS blocking as a side effect of its "emulation". + +[1] http://xenbits.xenproject.org/docs/xtf/xsa-308_2main_8c_source.html +[2] https://xenbits.xen.org/xsa/advisory-308.html + +Reported-by: David Woodhouse +Reported-by: Alexander Graf +Signed-off-by: Sean Christopherson +Message-Id: <20220120000624.655815-1-seanjc@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/vmx/vmx.c | 25 +++++++++++++++++++++++++ + 1 file changed, 25 insertions(+) + +diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c +index 705e5c082738..2833b095a804 100644 +--- a/arch/x86/kvm/vmx/vmx.c ++++ b/arch/x86/kvm/vmx/vmx.c +@@ -4905,8 +4905,33 @@ static int handle_exception_nmi(struct kvm_vcpu *vcpu) + dr6 = vmx_get_exit_qual(vcpu); + if (!(vcpu->guest_debug & + (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))) { ++ /* ++ * If the #DB was due to ICEBP, a.k.a. INT1, skip the ++ * instruction. ICEBP generates a trap-like #DB, but ++ * despite its interception control being tied to #DB, ++ * is an instruction intercept, i.e. the VM-Exit occurs ++ * on the ICEBP itself. Note, skipping ICEBP also ++ * clears STI and MOVSS blocking. ++ * ++ * For all other #DBs, set vmcs.PENDING_DBG_EXCEPTIONS.BS ++ * if single-step is enabled in RFLAGS and STI or MOVSS ++ * blocking is active, as the CPU doesn't set the bit ++ * on VM-Exit due to #DB interception. VM-Entry has a ++ * consistency check that a single-step #DB is pending ++ * in this scenario as the previous instruction cannot ++ * have toggled RFLAGS.TF 0=>1 (because STI and POP/MOV ++ * don't modify RFLAGS), therefore the one instruction ++ * delay when activating single-step breakpoints must ++ * have already expired. Note, the CPU sets/clears BS ++ * as appropriate for all other VM-Exits types. ++ */ + if (is_icebp(intr_info)) + WARN_ON(!skip_emulated_instruction(vcpu)); ++ else if ((vmx_get_rflags(vcpu) & X86_EFLAGS_TF) && ++ (vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & ++ (GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS))) ++ vmcs_writel(GUEST_PENDING_DBG_EXCEPTIONS, ++ vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS) | DR6_BS); + + kvm_queue_exception_p(vcpu, DB_VECTOR, dr6); + return 1; +-- +2.35.3 + diff --git a/patches.suse/KVM-X86-Fix-tlb-flush-for-tdp-in-kvm_invalidate_pcid.patch b/patches.suse/KVM-X86-Fix-tlb-flush-for-tdp-in-kvm_invalidate_pcid.patch new file mode 100644 index 0000000..3d97aed --- /dev/null +++ b/patches.suse/KVM-X86-Fix-tlb-flush-for-tdp-in-kvm_invalidate_pcid.patch @@ -0,0 +1,49 @@ +Patch-mainline: v5.16-rc1 +Git-commit: e45e9e3998f0001079b09555db5bb3b4257f6746 +References: git-fixes +From: Lai Jiangshan +Date: Tue, 19 Oct 2021 19:01:51 +0800 +Subject: [PATCH] KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() + +The KVM doesn't know whether any TLB for a specific pcid is cached in +the CPU when tdp is enabled. So it is better to flush all the guest +TLB when invalidating any single PCID context. + +The case is very rare or even impossible since KVM generally doesn't +intercept CR3 write or INVPCID instructions when tdp is enabled, so the +fix is mostly for the sake of overall robustness. + +Signed-off-by: Lai Jiangshan +Message-Id: <20211019110154.4091-2-jiangshanlai@gmail.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/x86.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index f55654158836..f7806e3f3019 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -1073,6 +1073,18 @@ static void kvm_invalidate_pcid(struct kvm_vcpu *vcpu, unsigned long pcid) + unsigned long roots_to_free = 0; + int i; + ++ /* ++ * MOV CR3 and INVPCID are usually not intercepted when using TDP, but ++ * this is reachable when running EPT=1 and unrestricted_guest=0, and ++ * also via the emulator. KVM's TDP page tables are not in the scope of ++ * the invalidation, but the guest's TLB entries need to be flushed as ++ * the CPU may have cached entries in its TLB for the target PCID. ++ */ ++ if (unlikely(tdp_enabled)) { ++ kvm_make_request(KVM_REQ_TLB_FLUSH_GUEST, vcpu); ++ return; ++ } ++ + /* + * If neither the current CR3 nor any of the prev_roots use the given + * PCID, then nothing needs to be done here because a resync will +-- +2.35.3 + diff --git a/patches.suse/KVM-nVMX-Also-filter-MSR_IA32_VMX_TRUE_PINBASED_CTLS.patch b/patches.suse/KVM-nVMX-Also-filter-MSR_IA32_VMX_TRUE_PINBASED_CTLS.patch new file mode 100644 index 0000000..f778fc7 --- /dev/null +++ b/patches.suse/KVM-nVMX-Also-filter-MSR_IA32_VMX_TRUE_PINBASED_CTLS.patch @@ -0,0 +1,41 @@ +Patch-mainline: v5.17-rc2 +Git-commit: f80ae0ef089a09e8c18da43a382c3caac9a424a7 +References: git-fixes +From: Vitaly Kuznetsov +Date: Wed, 12 Jan 2022 18:01:30 +0100 +Subject: [PATCH] KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when + eVMCS + +Similar to MSR_IA32_VMX_EXIT_CTLS/MSR_IA32_VMX_TRUE_EXIT_CTLS, +MSR_IA32_VMX_ENTRY_CTLS/MSR_IA32_VMX_TRUE_ENTRY_CTLS pair, +MSR_IA32_VMX_TRUE_PINBASED_CTLS needs to be filtered the same way +MSR_IA32_VMX_PINBASED_CTLS is currently filtered as guests may solely rely +on 'true' MSR data. + +Note, none of the currently existing Windows/Hyper-V versions are known +to stumble upon the unfiltered MSR_IA32_VMX_TRUE_PINBASED_CTLS, the change +is aimed at making the filtering future proof. + +Signed-off-by: Vitaly Kuznetsov +Message-Id: <20220112170134.1904308-2-vkuznets@redhat.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/vmx/evmcs.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c +index ba6f99f584ac..a7ed30d5647a 100644 +--- a/arch/x86/kvm/vmx/evmcs.c ++++ b/arch/x86/kvm/vmx/evmcs.c +@@ -362,6 +362,7 @@ void nested_evmcs_filter_control_msr(u32 msr_index, u64 *pdata) + case MSR_IA32_VMX_PROCBASED_CTLS2: + ctl_high &= ~EVMCS1_UNSUPPORTED_2NDEXEC; + break; ++ case MSR_IA32_VMX_TRUE_PINBASED_CTLS: + case MSR_IA32_VMX_PINBASED_CTLS: + ctl_high &= ~EVMCS1_UNSUPPORTED_PINCTRL; + break; +-- +2.35.3 + diff --git a/patches.suse/KVM-nVMX-Don-t-use-Enlightened-MSR-Bitmap-for-L3.patch b/patches.suse/KVM-nVMX-Don-t-use-Enlightened-MSR-Bitmap-for-L3.patch new file mode 100644 index 0000000..f0a9a8c --- /dev/null +++ b/patches.suse/KVM-nVMX-Don-t-use-Enlightened-MSR-Bitmap-for-L3.patch @@ -0,0 +1,79 @@ +Patch-mainline: v5.16-rc5 +Git-commit: 250552b925ce400c17d166422fde9bb215958481 +References: git-fixes +From: Vitaly Kuznetsov +Date: Mon, 29 Nov 2021 10:47:01 +0100 +Subject: [PATCH] KVM: nVMX: Don't use Enlightened MSR Bitmap for L3 + +When KVM runs as a nested hypervisor on top of Hyper-V it uses Enlightened +VMCS and enables Enlightened MSR Bitmap feature for its L1s and L2s (which +are actually L2s and L3s from Hyper-V's perspective). When MSR bitmap is +updated, KVM has to reset HV_VMX_ENLIGHTENED_CLEAN_FIELD_MSR_BITMAP from +clean fields to make Hyper-V aware of the change. For KVM's L1s, this is +done in vmx_disable_intercept_for_msr()/vmx_enable_intercept_for_msr(). +MSR bitmap for L2 is build in nested_vmx_prepare_msr_bitmap() by blending +MSR bitmap for L1 and L1's idea of MSR bitmap for L2. KVM, however, doesn't +check if the resulting bitmap is different and never cleans +HV_VMX_ENLIGHTENED_CLEAN_FIELD_MSR_BITMAP in eVMCS02. This is incorrect and +may result in Hyper-V missing the update. + +The issue could've been solved by calling evmcs_touch_msr_bitmap() for +eVMCS02 from nested_vmx_prepare_msr_bitmap() unconditionally but doing so +would not give any performance benefits (compared to not using Enlightened +MSR Bitmap at all). 3-level nesting is also not a very common setup +nowadays. + +Don't enable 'Enlightened MSR Bitmap' feature for KVM's L2s (real L3s) for +now. + +Signed-off-by: Vitaly Kuznetsov +Message-Id: <20211129094704.326635-2-vkuznets@redhat.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/vmx/vmx.c | 22 +++++++++++++--------- + 1 file changed, 13 insertions(+), 9 deletions(-) + +diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c +index 9453743ce0c4..5aadad3e7367 100644 +--- a/arch/x86/kvm/vmx/vmx.c ++++ b/arch/x86/kvm/vmx/vmx.c +@@ -2646,15 +2646,6 @@ int alloc_loaded_vmcs(struct loaded_vmcs *loaded_vmcs) + if (!loaded_vmcs->msr_bitmap) + goto out_vmcs; + memset(loaded_vmcs->msr_bitmap, 0xff, PAGE_SIZE); +- +- if (IS_ENABLED(CONFIG_HYPERV) && +- static_branch_unlikely(&enable_evmcs) && +- (ms_hyperv.nested_features & HV_X64_NESTED_MSR_BITMAP)) { +- struct hv_enlightened_vmcs *evmcs = +- (struct hv_enlightened_vmcs *)loaded_vmcs->vmcs; +- +- evmcs->hv_enlightenments_control.msr_bitmap = 1; +- } + } + + memset(&loaded_vmcs->host_state, 0, sizeof(struct vmcs_host_state)); +@@ -6842,6 +6833,19 @@ static int vmx_create_vcpu(struct kvm_vcpu *vcpu) + if (err < 0) + goto free_pml; + ++ /* ++ * Use Hyper-V 'Enlightened MSR Bitmap' feature when KVM runs as a ++ * nested (L1) hypervisor and Hyper-V in L0 supports it. Enable the ++ * feature only for vmcs01, KVM currently isn't equipped to realize any ++ * performance benefits from enabling it for vmcs02. ++ */ ++ if (IS_ENABLED(CONFIG_HYPERV) && static_branch_unlikely(&enable_evmcs) && ++ (ms_hyperv.nested_features & HV_X64_NESTED_MSR_BITMAP)) { ++ struct hv_enlightened_vmcs *evmcs = (void *)vmx->vmcs01.vmcs; ++ ++ evmcs->hv_enlightenments_control.msr_bitmap = 1; ++ } ++ + /* The MSR bitmap starts with all ones */ + bitmap_fill(vmx->shadow_msr_intercept.read, MAX_POSSIBLE_PASSTHROUGH_MSRS); + bitmap_fill(vmx->shadow_msr_intercept.write, MAX_POSSIBLE_PASSTHROUGH_MSRS); +-- +2.35.3 + diff --git a/patches.suse/KVM-nVMX-eVMCS-Filter-out-VM_EXIT_SAVE_VMX_PREEMPTIO.patch b/patches.suse/KVM-nVMX-eVMCS-Filter-out-VM_EXIT_SAVE_VMX_PREEMPTIO.patch new file mode 100644 index 0000000..60c7b3e --- /dev/null +++ b/patches.suse/KVM-nVMX-eVMCS-Filter-out-VM_EXIT_SAVE_VMX_PREEMPTIO.patch @@ -0,0 +1,42 @@ +Patch-mainline: v5.17-rc2 +Git-commit: 7a601e2cf61558dfd534a9ecaad09f5853ad8204 +References: git-fixes +From: Vitaly Kuznetsov +Date: Wed, 12 Jan 2022 18:01:31 +0100 +Subject: [PATCH] KVM: nVMX: eVMCS: Filter out + VM_EXIT_SAVE_VMX_PREEMPTION_TIMER + +Enlightened VMCS v1 doesn't have VMX_PREEMPTION_TIMER_VALUE field, +PIN_BASED_VMX_PREEMPTION_TIMER is also filtered out already so it makes +sense to filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER too. + +Note, none of the currently existing Windows/Hyper-V versions are known +to enable 'save VMX-preemption timer value' when eVMCS is in use, the +change is aimed at making the filtering future proof. + +Signed-off-by: Vitaly Kuznetsov +Message-Id: <20220112170134.1904308-3-vkuznets@redhat.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/vmx/evmcs.h | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/arch/x86/kvm/vmx/evmcs.h b/arch/x86/kvm/vmx/evmcs.h +index 16731d2cf231..3a461a32128b 100644 +--- a/arch/x86/kvm/vmx/evmcs.h ++++ b/arch/x86/kvm/vmx/evmcs.h +@@ -59,7 +59,9 @@ DECLARE_STATIC_KEY_FALSE(enable_evmcs); + SECONDARY_EXEC_SHADOW_VMCS | \ + SECONDARY_EXEC_TSC_SCALING | \ + SECONDARY_EXEC_PAUSE_LOOP_EXITING) +-#define EVMCS1_UNSUPPORTED_VMEXIT_CTRL (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL) ++#define EVMCS1_UNSUPPORTED_VMEXIT_CTRL \ ++ (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | \ ++ VM_EXIT_SAVE_VMX_PREEMPTION_TIMER) + #define EVMCS1_UNSUPPORTED_VMENTRY_CTRL (VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL) + #define EVMCS1_UNSUPPORTED_VMFUNC (VMX_VMFUNC_EPTP_SWITCHING) + +-- +2.35.3 + diff --git a/patches.suse/KVM-x86-Copy-filter-arg-outside-kvm_vm_ioctl_set_msr.patch b/patches.suse/KVM-x86-Copy-filter-arg-outside-kvm_vm_ioctl_set_msr.patch new file mode 100644 index 0000000..1c6f712 --- /dev/null +++ b/patches.suse/KVM-x86-Copy-filter-arg-outside-kvm_vm_ioctl_set_msr.patch @@ -0,0 +1,92 @@ +Patch-mainline: v6.1-rc2 +Git-commit: 2e3272bc1790825c43d2c39690bf2836b81c6d36 +References: git-fixes +From: Alexander Graf +Date: Mon, 17 Oct 2022 20:45:40 +0200 +Subject: [PATCH] KVM: x86: Copy filter arg outside + kvm_vm_ioctl_set_msr_filter() + +In the next patch we want to introduce a second caller to +set_msr_filter() which constructs its own filter list on the stack. +Refactor the original function so it takes it as argument instead of +reading it through copy_from_user(). + +Signed-off-by: Alexander Graf +Message-Id: <20221017184541.2658-3-graf@amazon.com> +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/x86.c | 31 +++++++++++++++++-------------- + 1 file changed, 17 insertions(+), 14 deletions(-) + +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index 4bd5f8a751de..78f779f0264b 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -6442,26 +6442,22 @@ static int kvm_add_msr_filter(struct kvm_x86_msr_filter *msr_filter, + return 0; + } + +-static int kvm_vm_ioctl_set_msr_filter(struct kvm *kvm, void __user *argp) ++static int kvm_vm_ioctl_set_msr_filter(struct kvm *kvm, ++ struct kvm_msr_filter *filter) + { +- struct kvm_msr_filter __user *user_msr_filter = argp; + struct kvm_x86_msr_filter *new_filter, *old_filter; +- struct kvm_msr_filter filter; + bool default_allow; + bool empty = true; + int r = 0; + u32 i; + +- if (copy_from_user(&filter, user_msr_filter, sizeof(filter))) +- return -EFAULT; +- +- if (filter.flags & ~KVM_MSR_FILTER_DEFAULT_DENY) ++ if (filter->flags & ~KVM_MSR_FILTER_DEFAULT_DENY) + return -EINVAL; + +- for (i = 0; i < ARRAY_SIZE(filter.ranges); i++) +- empty &= !filter.ranges[i].nmsrs; ++ for (i = 0; i < ARRAY_SIZE(filter->ranges); i++) ++ empty &= !filter->ranges[i].nmsrs; + +- default_allow = !(filter.flags & KVM_MSR_FILTER_DEFAULT_DENY); ++ default_allow = !(filter->flags & KVM_MSR_FILTER_DEFAULT_DENY); + if (empty && !default_allow) + return -EINVAL; + +@@ -6469,8 +6465,8 @@ static int kvm_vm_ioctl_set_msr_filter(struct kvm *kvm, void __user *argp) + if (!new_filter) + return -ENOMEM; + +- for (i = 0; i < ARRAY_SIZE(filter.ranges); i++) { +- r = kvm_add_msr_filter(new_filter, &filter.ranges[i]); ++ for (i = 0; i < ARRAY_SIZE(filter->ranges); i++) { ++ r = kvm_add_msr_filter(new_filter, &filter->ranges[i]); + if (r) { + kvm_free_msr_filter(new_filter); + return r; +@@ -6915,9 +6911,16 @@ long kvm_arch_vm_ioctl(struct file *filp, + case KVM_SET_PMU_EVENT_FILTER: + r = kvm_vm_ioctl_set_pmu_event_filter(kvm, argp); + break; +- case KVM_X86_SET_MSR_FILTER: +- r = kvm_vm_ioctl_set_msr_filter(kvm, argp); ++ case KVM_X86_SET_MSR_FILTER: { ++ struct kvm_msr_filter __user *user_msr_filter = argp; ++ struct kvm_msr_filter filter; ++ ++ if (copy_from_user(&filter, user_msr_filter, sizeof(filter))) ++ return -EFAULT; ++ ++ r = kvm_vm_ioctl_set_msr_filter(kvm, &filter); + break; ++ } + default: + r = -ENOTTY; + } +-- +2.35.3 + diff --git a/patches.suse/KVM-x86-Do-not-change-ICR-on-write-to-APIC_SELF_IPI.patch b/patches.suse/KVM-x86-Do-not-change-ICR-on-write-to-APIC_SELF_IPI.patch new file mode 100644 index 0000000..2f23b24 --- /dev/null +++ b/patches.suse/KVM-x86-Do-not-change-ICR-on-write-to-APIC_SELF_IPI.patch @@ -0,0 +1,41 @@ +Patch-mainline: v5.18-rc1 +Git-commit: d22a81b304a27fca6124174a8e842e826c193466 +References: git-fixes +From: Paolo Bonzini +Date: Thu, 24 Feb 2022 09:53:36 -0500 +Subject: [PATCH] KVM: x86: Do not change ICR on write to APIC_SELF_IPI + +Emulating writes to SELF_IPI with a write to ICR has an unwanted side effect: +the value of ICR in vAPIC page gets changed. The lists SELF_IPI as write-only, +with no associated MMIO offset, so any write should have no visible side +effect in the vAPIC page. + +Reported-by: Chao Gao +Reviewed-by: Sean Christopherson +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/lapic.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c +index ad8857359ad6..d5a33b6be7d5 100644 +--- a/arch/x86/kvm/lapic.c ++++ b/arch/x86/kvm/lapic.c +@@ -2120,10 +2120,9 @@ int kvm_lapic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val) + break; + + case APIC_SELF_IPI: +- if (apic_x2apic_mode(apic)) { +- kvm_lapic_reg_write(apic, APIC_ICR, +- APIC_DEST_SELF | (val & APIC_VECTOR_MASK)); +- } else ++ if (apic_x2apic_mode(apic)) ++ kvm_apic_send_ipi(apic, APIC_DEST_SELF | (val & APIC_VECTOR_MASK), 0); ++ else + ret = 1; + break; + default: +-- +2.35.3 + diff --git a/patches.suse/KVM-x86-Inject-GP-if-WRMSR-sets-reserved-bits-in-API.patch b/patches.suse/KVM-x86-Inject-GP-if-WRMSR-sets-reserved-bits-in-API.patch new file mode 100644 index 0000000..2614466 --- /dev/null +++ b/patches.suse/KVM-x86-Inject-GP-if-WRMSR-sets-reserved-bits-in-API.patch @@ -0,0 +1,48 @@ +Patch-mainline: v6.3-rc1 +Git-commit: ba5838abb05334e4abfdff1490585c7f365e0424 +References: git-fixes +From: Sean Christopherson +Date: Sat, 7 Jan 2023 01:10:20 +0000 +Subject: [PATCH] KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC + Self-IPI + +Inject a #GP if the guest attempts to set reserved bits in the x2APIC-only +Self-IPI register. Bits 7:0 hold the vector, all other bits are reserved. + +Reported-by: Marc Orr +Cc: Ben Gardon +Cc: Venkatesh Srinivas +Cc: stable@vger.kernel.org +Reviewed-by: Maxim Levitsky +Link: https://lore.kernel.org/r/20230107011025.565472-2-seanjc@google.com +Signed-off-by: Sean Christopherson +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/lapic.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c +index 08450b3e7040..9aca006b2d22 100644 +--- a/arch/x86/kvm/lapic.c ++++ b/arch/x86/kvm/lapic.c +@@ -2324,10 +2324,14 @@ static int kvm_lapic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val) + break; + + case APIC_SELF_IPI: +- if (apic_x2apic_mode(apic)) +- kvm_apic_send_ipi(apic, APIC_DEST_SELF | (val & APIC_VECTOR_MASK), 0); +- else ++ /* ++ * Self-IPI exists only when x2APIC is enabled. Bits 7:0 hold ++ * the vector, everything else is reserved. ++ */ ++ if (!apic_x2apic_mode(apic) || (val & ~APIC_VECTOR_MASK)) + ret = 1; ++ else ++ kvm_apic_send_ipi(apic, APIC_DEST_SELF | val, 0); + break; + default: + ret = 1; +-- +2.35.3 + diff --git a/patches.suse/KVM-x86-Protect-the-unused-bits-in-MSR-exiting-flags.patch b/patches.suse/KVM-x86-Protect-the-unused-bits-in-MSR-exiting-flags.patch new file mode 100644 index 0000000..3577297 --- /dev/null +++ b/patches.suse/KVM-x86-Protect-the-unused-bits-in-MSR-exiting-flags.patch @@ -0,0 +1,49 @@ +Patch-mainline: v5.19-rc8 +Git-commit: cf5029d5dd7cb0aaa53250fa9e389abd231606b3 +References: git-fixes +From: Aaron Lewis +Date: Thu, 14 Jul 2022 16:13:15 +0000 +Subject: [PATCH] KVM: x86: Protect the unused bits in MSR exiting flags + +The flags for KVM_CAP_X86_USER_SPACE_MSR and KVM_X86_SET_MSR_FILTER +have no protection for their unused bits. Without protection, future +development for these features will be difficult. Add the protection +needed to make it possible to extend these features in the future. + +Signed-off-by: Aaron Lewis +Message-Id: <20220714161314.1715227-1-aaronlewis@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/x86.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index 143e37298d8a..e5fa335a4ea7 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -6029,6 +6029,11 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm, + r = 0; + break; + case KVM_CAP_X86_USER_SPACE_MSR: ++ r = -EINVAL; ++ if (cap->args[0] & ~(KVM_MSR_EXIT_REASON_INVAL | ++ KVM_MSR_EXIT_REASON_UNKNOWN | ++ KVM_MSR_EXIT_REASON_FILTER)) ++ break; + kvm->arch.user_space_msr_mask = cap->args[0]; + r = 0; + break; +@@ -6183,6 +6188,9 @@ static int kvm_vm_ioctl_set_msr_filter(struct kvm *kvm, void __user *argp) + if (copy_from_user(&filter, user_msr_filter, sizeof(filter))) + return -EFAULT; + ++ if (filter.flags & ~KVM_MSR_FILTER_DEFAULT_DENY) ++ return -EINVAL; ++ + for (i = 0; i < ARRAY_SIZE(filter.ranges); i++) + empty &= !filter.ranges[i].nmsrs; + +-- +2.35.3 + diff --git a/patches.suse/KVM-x86-Report-deprecated-x87-features-in-supported-.patch b/patches.suse/KVM-x86-Report-deprecated-x87-features-in-supported-.patch new file mode 100644 index 0000000..ee1f838 --- /dev/null +++ b/patches.suse/KVM-x86-Report-deprecated-x87-features-in-supported-.patch @@ -0,0 +1,65 @@ +Patch-mainline: v5.17-rc3 +Git-commit: e3bcfda012edd3564e12551b212afbd2521a1f68 +References: git-fixes +From: Jim Mattson +Date: Thu, 3 Feb 2022 16:13:48 -0800 +Subject: [PATCH] KVM: x86: Report deprecated x87 features in supported CPUID + +CPUID.(EAX=7,ECX=0):EBX.FDP_EXCPTN_ONLY[bit 6] and +CPUID.(EAX=7,ECX=0):EBX.ZERO_FCS_FDS[bit 13] are "defeature" +bits. Unlike most of the other CPUID feature bits, these bits are +clear if the features are present and set if the features are not +present. These bits should be reported in KVM_GET_SUPPORTED_CPUID, +because if these bits are set on hardware, they cannot be cleared in +the guest CPUID. Doing so would claim guest support for a feature that +the hardware doesn't support and that can't be efficiently emulated. + +Of course, any software (e.g WIN87EM.DLL) expecting these features to +be present likely predates these CPUID feature bits and therefore +doesn't know to check for them anyway. + +Aaron Lewis added the corresponding X86_FEATURE macros in +commit cbb99c0f5887 ("x86/cpufeatures: Add FDP_EXCPTN_ONLY and +ZERO_FCS_FDS"), with the intention of reporting these bits in +KVM_GET_SUPPORTED_CPUID, but I was unable to find a proposed patch on +the kvm list. + +Opportunistically reordered the CPUID_7_0_EBX capability bits from +least to most significant. + +Cc: Aaron Lewis +Signed-off-by: Jim Mattson +Message-Id: <20220204001348.2844660-1-jmattson@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/cpuid.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c +index 28be02adc669..494d4d351859 100644 +--- a/arch/x86/kvm/cpuid.c ++++ b/arch/x86/kvm/cpuid.c +@@ -554,12 +554,13 @@ void kvm_set_cpu_caps(void) + ); + + kvm_cpu_cap_mask(CPUID_7_0_EBX, +- F(FSGSBASE) | F(SGX) | F(BMI1) | F(HLE) | F(AVX2) | F(SMEP) | +- F(BMI2) | F(ERMS) | F(INVPCID) | F(RTM) | 0 /*MPX*/ | F(RDSEED) | +- F(ADX) | F(SMAP) | F(AVX512IFMA) | F(AVX512F) | F(AVX512PF) | +- F(AVX512ER) | F(AVX512CD) | F(CLFLUSHOPT) | F(CLWB) | F(AVX512DQ) | +- F(SHA_NI) | F(AVX512BW) | F(AVX512VL) | 0 /*INTEL_PT*/ +- ); ++ F(FSGSBASE) | F(SGX) | F(BMI1) | F(HLE) | F(AVX2) | ++ F(FDP_EXCPTN_ONLY) | F(SMEP) | F(BMI2) | F(ERMS) | F(INVPCID) | ++ F(RTM) | F(ZERO_FCS_FDS) | 0 /*MPX*/ | F(AVX512F) | ++ F(AVX512DQ) | F(RDSEED) | F(ADX) | F(SMAP) | F(AVX512IFMA) | ++ F(CLFLUSHOPT) | F(CLWB) | 0 /*INTEL_PT*/ | F(AVX512PF) | ++ F(AVX512ER) | F(AVX512CD) | F(SHA_NI) | F(AVX512BW) | ++ F(AVX512VL)); + + kvm_cpu_cap_mask(CPUID_7_ECX, + F(AVX512VBMI) | F(LA57) | F(PKU) | 0 /*OSPKE*/ | F(RDPID) | +-- +2.35.3 + diff --git a/patches.suse/KVM-x86-do-not-set-st-preempted-when-going-back-to-u.patch b/patches.suse/KVM-x86-do-not-set-st-preempted-when-going-back-to-u.patch new file mode 100644 index 0000000..5308316 --- /dev/null +++ b/patches.suse/KVM-x86-do-not-set-st-preempted-when-going-back-to-u.patch @@ -0,0 +1,80 @@ +Patch-mainline: v5.19-rc2 +Git-commit: 54aa83c90198e68eee8b0850c749bc70efb548da +References: git-fixes +From: Paolo Bonzini +Date: Tue, 7 Jun 2022 10:07:11 -0400 +Subject: [PATCH] KVM: x86: do not set st->preempted when going back to user + space + +Similar to the Xen path, only change the vCPU's reported state if the vCPU +was actually preempted. The reason for KVM's behavior is that for example +optimistic spinning might not be a good idea if the guest is doing repeated +exits to userspace; however, it is confusing and unlikely to make a difference, +because well-tuned guests will hardly ever exit KVM_RUN in the first place. + +Suggested-by: Sean Christopherson +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/x86.c | 26 ++++++++++++++------------ + arch/x86/kvm/xen.h | 6 ++++-- + 2 files changed, 18 insertions(+), 14 deletions(-) + +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index b81ef4f497f4..a8bb635cb76b 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -4654,19 +4654,21 @@ void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu) + { + int idx; + +- if (vcpu->preempted && !vcpu->arch.guest_state_protected) +- vcpu->arch.preempted_in_kernel = !static_call(kvm_x86_get_cpl)(vcpu); ++ if (vcpu->preempted) { ++ if (!vcpu->arch.guest_state_protected) ++ vcpu->arch.preempted_in_kernel = !static_call(kvm_x86_get_cpl)(vcpu); + +- /* +- * Take the srcu lock as memslots will be accessed to check the gfn +- * cache generation against the memslots generation. +- */ +- idx = srcu_read_lock(&vcpu->kvm->srcu); +- if (kvm_xen_msr_enabled(vcpu->kvm)) +- kvm_xen_runstate_set_preempted(vcpu); +- else +- kvm_steal_time_set_preempted(vcpu); +- srcu_read_unlock(&vcpu->kvm->srcu, idx); ++ /* ++ * Take the srcu lock as memslots will be accessed to check the gfn ++ * cache generation against the memslots generation. ++ */ ++ idx = srcu_read_lock(&vcpu->kvm->srcu); ++ if (kvm_xen_msr_enabled(vcpu->kvm)) ++ kvm_xen_runstate_set_preempted(vcpu); ++ else ++ kvm_steal_time_set_preempted(vcpu); ++ srcu_read_unlock(&vcpu->kvm->srcu, idx); ++ } + + static_call(kvm_x86_vcpu_put)(vcpu); + vcpu->arch.last_host_tsc = rdtsc(); +diff --git a/arch/x86/kvm/xen.h b/arch/x86/kvm/xen.h +index ee5c4ae0755c..532a535a9e99 100644 +--- a/arch/x86/kvm/xen.h ++++ b/arch/x86/kvm/xen.h +@@ -159,8 +159,10 @@ static inline void kvm_xen_runstate_set_preempted(struct kvm_vcpu *vcpu) + * behalf of the vCPU. Only if the VMM does actually block + * does it need to enter RUNSTATE_blocked. + */ +- if (vcpu->preempted) +- kvm_xen_update_runstate_guest(vcpu, RUNSTATE_runnable); ++ if (WARN_ON_ONCE(!vcpu->preempted)) ++ return; ++ ++ kvm_xen_update_runstate_guest(vcpu, RUNSTATE_runnable); + } + + /* 32-bit compatibility definitions, also used natively in 32-bit build */ +-- +2.35.3 + diff --git a/patches.suse/KVM-x86-mmu-avoid-NULL-pointer-dereference-on-page-f.patch b/patches.suse/KVM-x86-mmu-avoid-NULL-pointer-dereference-on-page-f.patch new file mode 100644 index 0000000..ba87c8b --- /dev/null +++ b/patches.suse/KVM-x86-mmu-avoid-NULL-pointer-dereference-on-page-f.patch @@ -0,0 +1,38 @@ +Patch-mainline: v5.18-rc1 +Git-commit: 9191b8f0745e63edf519e4a54a4aaae1d3d46fbd +References: git-fixes +From: Paolo Bonzini +Date: Tue, 8 Feb 2022 19:08:33 -0500 +Subject: [PATCH] KVM: x86/mmu: avoid NULL-pointer dereference on page freeing + bugs + +WARN and bail if KVM attempts to free a root that isn't backed by a shadow +page. KVM allocates a bare page for "special" roots, e.g. when using PAE +paging or shadowing 2/3/4-level page tables with 4/5-level, and so root_hpa +will be valid but won't be backed by a shadow page. It's all too easy to +blindly call mmu_free_root_page() on root_hpa, be nice and WARN instead of +crashing KVM and possibly the kernel. + +Reviewed-by: Sean Christopherson +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/mmu/mmu.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c +index 0620480b99e0..28c4d658d2ac 100644 +--- a/arch/x86/kvm/mmu/mmu.c ++++ b/arch/x86/kvm/mmu/mmu.c +@@ -3206,6 +3206,8 @@ static void mmu_free_root_page(struct kvm *kvm, hpa_t *root_hpa, + return; + + sp = to_shadow_page(*root_hpa & PT64_BASE_ADDR_MASK); ++ if (WARN_ON(!sp)) ++ return; + + if (is_tdp_mmu_page(sp)) + kvm_tdp_mmu_put_root(kvm, sp, false); +-- +2.35.3 + diff --git a/patches.suse/KVM-x86-pmu-Ignore-pmu-global_ctrl-check-if-vPMU-doe.patch b/patches.suse/KVM-x86-pmu-Ignore-pmu-global_ctrl-check-if-vPMU-doe.patch new file mode 100644 index 0000000..087cb5a --- /dev/null +++ b/patches.suse/KVM-x86-pmu-Ignore-pmu-global_ctrl-check-if-vPMU-doe.patch @@ -0,0 +1,38 @@ +Patch-mainline: v6.0-rc1 +Git-commit: 98defd2e17803263f49548fea930cfc974d505aa +References: git-fixes +From: Like Xu +Date: Mon, 9 May 2022 18:22:02 +0800 +Subject: [PATCH] KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't + support global_ctrl + +MSR_CORE_PERF_GLOBAL_CTRL is introduced as part of Architecture PMU V2, +as indicated by Intel SDM 19.2.2 and the intel_is_valid_msr() function. + +So in the absence of global_ctrl support, all PMCs are enabled as AMD does. + +Signed-off-by: Like Xu +Message-Id: <20220509102204.62389-1-likexu@tencent.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/vmx/pmu_intel.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c +index 1c6f2ca2beac..2fc90080dcce 100644 +--- a/arch/x86/kvm/vmx/pmu_intel.c ++++ b/arch/x86/kvm/vmx/pmu_intel.c +@@ -98,6 +98,9 @@ static bool intel_pmc_is_enabled(struct kvm_pmc *pmc) + { + struct kvm_pmu *pmu = pmc_to_pmu(pmc); + ++ if (pmu->version < 2) ++ return true; ++ + return test_bit(pmc->idx, (unsigned long *)&pmu->global_ctrl); + } + +-- +2.35.3 + diff --git a/patches.suse/KVM-x86-svm-add-__GFP_ACCOUNT-to-__sev_dbg_-en-de-cr.patch b/patches.suse/KVM-x86-svm-add-__GFP_ACCOUNT-to-__sev_dbg_-en-de-cr.patch new file mode 100644 index 0000000..9709550 --- /dev/null +++ b/patches.suse/KVM-x86-svm-add-__GFP_ACCOUNT-to-__sev_dbg_-en-de-cr.patch @@ -0,0 +1,46 @@ +Patch-mainline: v5.19-rc4 +Git-commit: ebdec859faa8cfbfef9f6c1f83d79dd6c8f4ab8c +References: git-fixes +From: Mingwei Zhang +Date: Thu, 23 Jun 2022 17:18:58 +0000 +Subject: [PATCH] KVM: x86/svm: add __GFP_ACCOUNT to + __sev_dbg_{en,de}crypt_user() + +Adding the accounting flag when allocating pages within the SEV function, +since these memory pages should belong to individual VM. + +No functional change intended. + +Signed-off-by: Mingwei Zhang +Message-Id: <20220623171858.2083637-1-mizhang@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/svm/sev.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c +index 51fd985cf21d..e2c7fada0b3d 100644 +--- a/arch/x86/kvm/svm/sev.c ++++ b/arch/x86/kvm/svm/sev.c +@@ -844,7 +844,7 @@ static int __sev_dbg_encrypt_user(struct kvm *kvm, unsigned long paddr, + + /* If source buffer is not aligned then use an intermediate buffer */ + if (!IS_ALIGNED((unsigned long)vaddr, 16)) { +- src_tpage = alloc_page(GFP_KERNEL); ++ src_tpage = alloc_page(GFP_KERNEL_ACCOUNT); + if (!src_tpage) + return -ENOMEM; + +@@ -865,7 +865,7 @@ static int __sev_dbg_encrypt_user(struct kvm *kvm, unsigned long paddr, + if (!IS_ALIGNED((unsigned long)dst_vaddr, 16) || !IS_ALIGNED(size, 16)) { + int dst_offset; + +- dst_tpage = alloc_page(GFP_KERNEL); ++ dst_tpage = alloc_page(GFP_KERNEL_ACCOUNT); + if (!dst_tpage) { + ret = -ENOMEM; + goto e_free; +-- +2.35.3 + diff --git a/patches.suse/KVM-x86-vmx-Do-not-skip-segment-attributes-if-unusab.patch b/patches.suse/KVM-x86-vmx-Do-not-skip-segment-attributes-if-unusab.patch new file mode 100644 index 0000000..7b8f2a3 --- /dev/null +++ b/patches.suse/KVM-x86-vmx-Do-not-skip-segment-attributes-if-unusab.patch @@ -0,0 +1,90 @@ +Patch-mainline: v6.2-rc6 +Git-commit: a44b331614e6f7e63902ed7dff7adc8c85edd8bc +References: git-fixes +From: Hendrik Borghorst +Date: Mon, 14 Nov 2022 16:48:23 +0000 +Subject: [PATCH] KVM: x86/vmx: Do not skip segment attributes if unusable bit + is set + +When serializing and deserializing kvm_sregs, attributes of the segment +descriptors are stored by user space. For unusable segments, +vmx_segment_access_rights skips all attributes and sets them to 0. + +This means we zero out the DPL (Descriptor Privilege Level) for unusable +entries. + +Unusable segments are - contrary to their name - usable in 64bit mode and +are used by guests to for example create a linear map through the +NULL selector. + +VMENTER checks if SS.DPL is correct depending on the CS segment type. +For types 9 (Execute Only) and 11 (Execute Read), CS.DPL must be equal to +SS.DPL [1]. + +We have seen real world guests setting CS to a usable segment with DPL=3 +and SS to an unusable segment with DPL=3. Once we go through an sregs +get/set cycle, SS.DPL turns to 0. This causes the virtual machine to crash +reproducibly. + +This commit changes the attribute logic to always preserve attributes for +unusable segments. According to [2] SS.DPL is always saved on VM exits, +regardless of the unusable bit so user space applications should have saved +the information on serialization correctly. + +[3] specifies that besides SS.DPL the rest of the attributes of the +descriptors are undefined after VM entry if unusable bit is set. So, there +should be no harm in setting them all to the previous state. + +[1] Intel SDM Vol 3C 26.3.1.2 Checks on Guest Segment Registers +[2] Intel SDM Vol 3C 27.3.2 Saving Segment Registers and Descriptor-Table +Registers +[3] Intel SDM Vol 3C 26.3.2.2 Loading Guest Segment Registers and +Descriptor-Table Registers + +Cc: Alexander Graf +Cc: stable@vger.kernel.org +Signed-off-by: Hendrik Borghorst +Reviewed-by: Jim Mattson +Reviewed-by: Alexander Graf +Message-Id: <20221114164823.69555-1-hborghor@amazon.de> +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/vmx/vmx.c | 21 +++++++++------------ + 1 file changed, 9 insertions(+), 12 deletions(-) + +diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c +index fc9008dbed33..7eec0226d56a 100644 +--- a/arch/x86/kvm/vmx/vmx.c ++++ b/arch/x86/kvm/vmx/vmx.c +@@ -3440,18 +3440,15 @@ static u32 vmx_segment_access_rights(struct kvm_segment *var) + { + u32 ar; + +- if (var->unusable || !var->present) +- ar = 1 << 16; +- else { +- ar = var->type & 15; +- ar |= (var->s & 1) << 4; +- ar |= (var->dpl & 3) << 5; +- ar |= (var->present & 1) << 7; +- ar |= (var->avl & 1) << 12; +- ar |= (var->l & 1) << 13; +- ar |= (var->db & 1) << 14; +- ar |= (var->g & 1) << 15; +- } ++ ar = var->type & 15; ++ ar |= (var->s & 1) << 4; ++ ar |= (var->dpl & 3) << 5; ++ ar |= (var->present & 1) << 7; ++ ar |= (var->avl & 1) << 12; ++ ar |= (var->l & 1) << 13; ++ ar |= (var->db & 1) << 14; ++ ar |= (var->g & 1) << 15; ++ ar |= (var->unusable || !var->present) << 16; + + return ar; + } +-- +2.35.3 + diff --git a/patches.suse/f2fs-Fix-f2fs_truncate_partial_nodes-ftrace-event.patch b/patches.suse/f2fs-Fix-f2fs_truncate_partial_nodes-ftrace-event.patch new file mode 100644 index 0000000..811a135 --- /dev/null +++ b/patches.suse/f2fs-Fix-f2fs_truncate_partial_nodes-ftrace-event.patch @@ -0,0 +1,43 @@ +From: Douglas Raillard +Date: Mon, 6 Mar 2023 12:25:49 +0000 +Subject: f2fs: Fix f2fs_truncate_partial_nodes ftrace event +Git-commit: 0b04d4c0542e8573a837b1d81b94209e48723b25 +Patch-mainline: v6.3-rc5 +References: git-fixes + +Fix the nid_t field so that its size is correctly reported in the text +format embedded in trace.dat files. As it stands, it is reported as +being of size 4: + + field:nid_t nid[3]; offset:24; size:4; signed:0; + +Instead of 12: + + field:nid_t nid[3]; offset:24; size:12; signed:0; + +This also fixes the reported offset of subsequent fields so that they +match with the actual struct layout. + +Signed-off-by: Douglas Raillard +Reviewed-by: Mukesh Ojha +Reviewed-by: Chao Yu +Signed-off-by: Jaegeuk Kim +Acked-by: Petr Pavlu +--- + include/trace/events/f2fs.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/trace/events/f2fs.h b/include/trace/events/f2fs.h +index 1322d34a5dfc..99cbc5949e3c 100644 +--- a/include/trace/events/f2fs.h ++++ b/include/trace/events/f2fs.h +@@ -512,7 +512,7 @@ TRACE_EVENT(f2fs_truncate_partial_nodes, + TP_STRUCT__entry( + __field(dev_t, dev) + __field(ino_t, ino) +- __field(nid_t, nid[3]) ++ __array(nid_t, nid, 3) + __field(int, depth) + __field(int, err) + ), + diff --git a/patches.suse/google-gve-fix-repeated-words-in-comments.patch b/patches.suse/google-gve-fix-repeated-words-in-comments.patch new file mode 100644 index 0000000..6c7e8e7 --- /dev/null +++ b/patches.suse/google-gve-fix-repeated-words-in-comments.patch @@ -0,0 +1,28 @@ +From: Jilin Yuan +Date: Wed, 29 Jun 2022 21:00:13 +0800 +Subject: google/gve:fix repeated words in comments +Patch-mainline: v6.0-rc1 +Git-commit: 577d7685d591e5b247d460972123e3931c91321a +References: bsc#1211519 + +Delete the redundant word 'a'. + +Signed-off-by: Jilin Yuan +Link: https://lore.kernel.org/r/20220629130013.3273-1-yuanjilin@cdjrlc.com +Signed-off-by: Jakub Kicinski +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/google/gve/gve_tx_dqo.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/ethernet/google/gve/gve_tx_dqo.c ++++ b/drivers/net/ethernet/google/gve/gve_tx_dqo.c +@@ -795,7 +795,7 @@ static void gve_handle_packet_completion + GVE_PACKET_STATE_PENDING_REINJECT_COMPL)) { + /* No outstanding miss completion but packet allocated + * implies packet receives a re-injection completion +- * without a a prior miss completion. Return without ++ * without a prior miss completion. Return without + * completing the packet. + */ + net_err_ratelimited("%s: Re-injection completion received without corresponding miss completion: %d\n", diff --git a/patches.suse/gve-Adding-a-new-AdminQ-command-to-verify-driver.patch b/patches.suse/gve-Adding-a-new-AdminQ-command-to-verify-driver.patch new file mode 100644 index 0000000..c808649 --- /dev/null +++ b/patches.suse/gve-Adding-a-new-AdminQ-command-to-verify-driver.patch @@ -0,0 +1,229 @@ +From: Jeroen de Borst +Date: Thu, 17 Nov 2022 08:27:00 -0800 +Subject: gve: Adding a new AdminQ command to verify driver +Patch-mainline: v6.2-rc1 +Git-commit: c2a0c3ed5b64750a41cec052e40cb377b5c4b9bc +References: bsc#1211519 + +Check whether the driver is compatible with the device +presented. + +Signed-off-by: Jeroen de Borst +Reviewed-by: Jesse Brandeburg +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/google/gve/gve.h | 1 + drivers/net/ethernet/google/gve/gve_adminq.c | 21 ++++++++++ + drivers/net/ethernet/google/gve/gve_adminq.h | 49 +++++++++++++++++++++++++ + drivers/net/ethernet/google/gve/gve_main.c | 52 +++++++++++++++++++++++++++ + 4 files changed, 122 insertions(+), 1 deletion(-) + +--- a/drivers/net/ethernet/google/gve/gve.h ++++ b/drivers/net/ethernet/google/gve/gve.h +@@ -563,6 +563,7 @@ struct gve_priv { + u32 adminq_report_stats_cnt; + u32 adminq_report_link_speed_cnt; + u32 adminq_get_ptype_map_cnt; ++ u32 adminq_verify_driver_compatibility_cnt; + + /* Global stats */ + u32 interface_up_cnt; /* count of times interface turned up since last reset */ +--- a/drivers/net/ethernet/google/gve/gve_adminq.c ++++ b/drivers/net/ethernet/google/gve/gve_adminq.c +@@ -289,7 +289,7 @@ static int gve_adminq_parse_err(struct g + case GVE_ADMINQ_COMMAND_ERROR_RESOURCE_EXHAUSTED: + return -ENOMEM; + case GVE_ADMINQ_COMMAND_ERROR_UNIMPLEMENTED: +- return -ENOTSUPP; ++ return -EOPNOTSUPP; + default: + dev_err(&priv->pdev->dev, "parse_aq_err: unknown status code %d\n", status); + return -EINVAL; +@@ -407,6 +407,9 @@ static int gve_adminq_issue_cmd(struct g + case GVE_ADMINQ_GET_PTYPE_MAP: + priv->adminq_get_ptype_map_cnt++; + break; ++ case GVE_ADMINQ_VERIFY_DRIVER_COMPATIBILITY: ++ priv->adminq_verify_driver_compatibility_cnt++; ++ break; + default: + dev_err(&priv->pdev->dev, "unknown AQ command opcode %d\n", opcode); + } +@@ -876,6 +879,22 @@ int gve_adminq_report_stats(struct gve_p + }; + + return gve_adminq_execute_cmd(priv, &cmd); ++} ++ ++int gve_adminq_verify_driver_compatibility(struct gve_priv *priv, ++ u64 driver_info_len, ++ dma_addr_t driver_info_addr) ++{ ++ union gve_adminq_command cmd; ++ ++ memset(&cmd, 0, sizeof(cmd)); ++ cmd.opcode = cpu_to_be32(GVE_ADMINQ_VERIFY_DRIVER_COMPATIBILITY); ++ cmd.verify_driver_compatibility = (struct gve_adminq_verify_driver_compatibility) { ++ .driver_info_len = cpu_to_be64(driver_info_len), ++ .driver_info_addr = cpu_to_be64(driver_info_addr), ++ }; ++ ++ return gve_adminq_execute_cmd(priv, &cmd); + } + + int gve_adminq_report_link_speed(struct gve_priv *priv) +--- a/drivers/net/ethernet/google/gve/gve_adminq.h ++++ b/drivers/net/ethernet/google/gve/gve_adminq.h +@@ -24,6 +24,7 @@ enum gve_adminq_opcodes { + GVE_ADMINQ_REPORT_STATS = 0xC, + GVE_ADMINQ_REPORT_LINK_SPEED = 0xD, + GVE_ADMINQ_GET_PTYPE_MAP = 0xE, ++ GVE_ADMINQ_VERIFY_DRIVER_COMPATIBILITY = 0xF, + }; + + /* Admin queue status codes */ +@@ -146,6 +147,49 @@ enum gve_sup_feature_mask { + + #define GVE_DEV_OPT_LEN_GQI_RAW_ADDRESSING 0x0 + ++#define GVE_VERSION_STR_LEN 128 ++ ++enum gve_driver_capbility { ++ gve_driver_capability_gqi_qpl = 0, ++ gve_driver_capability_gqi_rda = 1, ++ gve_driver_capability_dqo_qpl = 2, /* reserved for future use */ ++ gve_driver_capability_dqo_rda = 3, ++}; ++ ++#define GVE_CAP1(a) BIT((int)a) ++#define GVE_CAP2(a) BIT(((int)a) - 64) ++#define GVE_CAP3(a) BIT(((int)a) - 128) ++#define GVE_CAP4(a) BIT(((int)a) - 192) ++ ++#define GVE_DRIVER_CAPABILITY_FLAGS1 \ ++ (GVE_CAP1(gve_driver_capability_gqi_qpl) | \ ++ GVE_CAP1(gve_driver_capability_gqi_rda) | \ ++ GVE_CAP1(gve_driver_capability_dqo_rda)) ++ ++#define GVE_DRIVER_CAPABILITY_FLAGS2 0x0 ++#define GVE_DRIVER_CAPABILITY_FLAGS3 0x0 ++#define GVE_DRIVER_CAPABILITY_FLAGS4 0x0 ++ ++struct gve_driver_info { ++ u8 os_type; /* 0x01 = Linux */ ++ u8 driver_major; ++ u8 driver_minor; ++ u8 driver_sub; ++ __be32 os_version_major; ++ __be32 os_version_minor; ++ __be32 os_version_sub; ++ __be64 driver_capability_flags[4]; ++ u8 os_version_str1[GVE_VERSION_STR_LEN]; ++ u8 os_version_str2[GVE_VERSION_STR_LEN]; ++}; ++ ++struct gve_adminq_verify_driver_compatibility { ++ __be64 driver_info_len; ++ __be64 driver_info_addr; ++}; ++ ++static_assert(sizeof(struct gve_adminq_verify_driver_compatibility) == 16); ++ + struct gve_adminq_configure_device_resources { + __be64 counter_array; + __be64 irq_db_addr; +@@ -345,6 +389,8 @@ union gve_adminq_command { + struct gve_adminq_report_stats report_stats; + struct gve_adminq_report_link_speed report_link_speed; + struct gve_adminq_get_ptype_map get_ptype_map; ++ struct gve_adminq_verify_driver_compatibility ++ verify_driver_compatibility; + }; + }; + u8 reserved[64]; +@@ -372,6 +418,9 @@ int gve_adminq_unregister_page_list(stru + int gve_adminq_set_mtu(struct gve_priv *priv, u64 mtu); + int gve_adminq_report_stats(struct gve_priv *priv, u64 stats_report_len, + dma_addr_t stats_report_addr, u64 interval); ++int gve_adminq_verify_driver_compatibility(struct gve_priv *priv, ++ u64 driver_info_len, ++ dma_addr_t driver_info_addr); + int gve_adminq_report_link_speed(struct gve_priv *priv); + + struct gve_ptype_lut; +--- a/drivers/net/ethernet/google/gve/gve_main.c ++++ b/drivers/net/ethernet/google/gve/gve_main.c +@@ -12,6 +12,8 @@ + #include + #include + #include ++#include ++#include + #include + #include "gve.h" + #include "gve_dqo.h" +@@ -30,6 +32,49 @@ + const char gve_version_str[] = GVE_VERSION; + static const char gve_version_prefix[] = GVE_VERSION_PREFIX; + ++static int gve_verify_driver_compatibility(struct gve_priv *priv) ++{ ++ int err; ++ struct gve_driver_info *driver_info; ++ dma_addr_t driver_info_bus; ++ ++ driver_info = dma_alloc_coherent(&priv->pdev->dev, ++ sizeof(struct gve_driver_info), ++ &driver_info_bus, GFP_KERNEL); ++ if (!driver_info) ++ return -ENOMEM; ++ ++ *driver_info = (struct gve_driver_info) { ++ .os_type = 1, /* Linux */ ++ .os_version_major = cpu_to_be32(LINUX_VERSION_MAJOR), ++ .os_version_minor = cpu_to_be32(LINUX_VERSION_SUBLEVEL), ++ .os_version_sub = cpu_to_be32(LINUX_VERSION_PATCHLEVEL), ++ .driver_capability_flags = { ++ cpu_to_be64(GVE_DRIVER_CAPABILITY_FLAGS1), ++ cpu_to_be64(GVE_DRIVER_CAPABILITY_FLAGS2), ++ cpu_to_be64(GVE_DRIVER_CAPABILITY_FLAGS3), ++ cpu_to_be64(GVE_DRIVER_CAPABILITY_FLAGS4), ++ }, ++ }; ++ strscpy(driver_info->os_version_str1, utsname()->release, ++ sizeof(driver_info->os_version_str1)); ++ strscpy(driver_info->os_version_str2, utsname()->version, ++ sizeof(driver_info->os_version_str2)); ++ ++ err = gve_adminq_verify_driver_compatibility(priv, ++ sizeof(struct gve_driver_info), ++ driver_info_bus); ++ ++ /* It's ok if the device doesn't support this */ ++ if (err == -EOPNOTSUPP) ++ err = 0; ++ ++ dma_free_coherent(&priv->pdev->dev, ++ sizeof(struct gve_driver_info), ++ driver_info, driver_info_bus); ++ return err; ++} ++ + static netdev_tx_t gve_start_xmit(struct sk_buff *skb, struct net_device *dev) + { + struct gve_priv *priv = netdev_priv(dev); +@@ -1369,6 +1414,13 @@ static int gve_init_priv(struct gve_priv + return err; + } + ++ err = gve_verify_driver_compatibility(priv); ++ if (err) { ++ dev_err(&priv->pdev->dev, ++ "Could not verify driver compatibility: err=%d\n", err); ++ goto err; ++ } ++ + if (skip_describe_device) + goto setup_device; + diff --git a/patches.suse/gve-Fix-error-return-code-in-gve_prefill_rx_pages.patch b/patches.suse/gve-Fix-error-return-code-in-gve_prefill_rx_pages.patch new file mode 100644 index 0000000..dd8e6bf --- /dev/null +++ b/patches.suse/gve-Fix-error-return-code-in-gve_prefill_rx_pages.patch @@ -0,0 +1,36 @@ +From: Yang Yingliang +Date: Fri, 4 Nov 2022 14:17:36 +0800 +Subject: gve: Fix error return code in gve_prefill_rx_pages() +Patch-mainline: v6.2-rc1 +Git-commit: 64c426dfbbd2710e4bcac42aaced21fe10f05fde +References: bsc#1211519 + +If alloc_page() fails in gve_prefill_rx_pages(), it should return +an error code in the error path. + +Fixes: 82fd151d38d9 ("gve: Reduce alloc and copy costs in the GQ rx path") +Cc: Jeroen de Borst +Cc: Catherine Sullivan +Cc: Shailend Chand +Cc: "David S. Miller" +Signed-off-by: Yang Yingliang +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/google/gve/gve_rx.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/net/ethernet/google/gve/gve_rx.c ++++ b/drivers/net/ethernet/google/gve/gve_rx.c +@@ -150,8 +150,10 @@ static int gve_prefill_rx_pages(struct g + for (j = 0; j < rx->qpl_copy_pool_mask + 1; j++) { + struct page *page = alloc_page(GFP_KERNEL); + +- if (!page) ++ if (!page) { ++ err = -ENOMEM; + goto alloc_err_qpl; ++ } + + rx->qpl_copy_pool[j].page = page; + rx->qpl_copy_pool[j].page_offset = 0; diff --git a/patches.suse/gve-Fix-spelling-mistake-droping-dropping.patch b/patches.suse/gve-Fix-spelling-mistake-droping-dropping.patch new file mode 100644 index 0000000..0f5822f --- /dev/null +++ b/patches.suse/gve-Fix-spelling-mistake-droping-dropping.patch @@ -0,0 +1,28 @@ +From: Colin Ian King +Date: Tue, 15 Mar 2022 22:26:15 +0000 +Subject: gve: Fix spelling mistake "droping" -> "dropping" +Patch-mainline: v5.18-rc1 +Git-commit: 2fc559c8cba028aaa80f73796a8ce5325418fb3e +References: bsc#1211519 + +There is a spelling mistake in a netdev_warn warning. Fix it. + +Signed-off-by: Colin Ian King +Link: https://lore.kernel.org/r/20220315222615.2960504-1-colin.i.king@gmail.com +Signed-off-by: Jakub Kicinski +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/google/gve/gve_rx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/ethernet/google/gve/gve_rx.c ++++ b/drivers/net/ethernet/google/gve/gve_rx.c +@@ -439,7 +439,7 @@ static bool gve_rx_ctx_init(struct gve_r + if (frag_size > rx->packet_buffer_size) { + packet_size_error = true; + netdev_warn(priv->dev, +- "RX fragment error: packet_buffer_size=%d, frag_size=%d, droping packet.", ++ "RX fragment error: packet_buffer_size=%d, frag_size=%d, dropping packet.", + rx->packet_buffer_size, be16_to_cpu(desc->len)); + } + page_info = &rx->data.page_info[idx]; diff --git a/patches.suse/gve-Handle-alternate-miss-completions.patch b/patches.suse/gve-Handle-alternate-miss-completions.patch new file mode 100644 index 0000000..525692c --- /dev/null +++ b/patches.suse/gve-Handle-alternate-miss-completions.patch @@ -0,0 +1,90 @@ +From: Jeroen de Borst +Date: Thu, 17 Nov 2022 08:27:01 -0800 +Subject: gve: Handle alternate miss completions +Patch-mainline: v6.2-rc1 +Git-commit: a5affbd8a73eb0a62378767f9d44527738213c07 +References: bsc#1211519 + +The virtual NIC has 2 ways of indicating a miss-path +completion. This handles the alternate. + +Signed-off-by: Jeroen de Borst +Reviewed-by: Jesse Brandeburg +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/google/gve/gve_adminq.h | 4 +++- + drivers/net/ethernet/google/gve/gve_desc_dqo.h | 5 +++++ + drivers/net/ethernet/google/gve/gve_tx_dqo.c | 20 +++++++++++++------- + 3 files changed, 21 insertions(+), 8 deletions(-) + +--- a/drivers/net/ethernet/google/gve/gve_adminq.h ++++ b/drivers/net/ethernet/google/gve/gve_adminq.h +@@ -154,6 +154,7 @@ enum gve_driver_capbility { + gve_driver_capability_gqi_rda = 1, + gve_driver_capability_dqo_qpl = 2, /* reserved for future use */ + gve_driver_capability_dqo_rda = 3, ++ gve_driver_capability_alt_miss_compl = 4, + }; + + #define GVE_CAP1(a) BIT((int)a) +@@ -164,7 +165,8 @@ enum gve_driver_capbility { + #define GVE_DRIVER_CAPABILITY_FLAGS1 \ + (GVE_CAP1(gve_driver_capability_gqi_qpl) | \ + GVE_CAP1(gve_driver_capability_gqi_rda) | \ +- GVE_CAP1(gve_driver_capability_dqo_rda)) ++ GVE_CAP1(gve_driver_capability_dqo_rda) | \ ++ GVE_CAP1(gve_driver_capability_alt_miss_compl)) + + #define GVE_DRIVER_CAPABILITY_FLAGS2 0x0 + #define GVE_DRIVER_CAPABILITY_FLAGS3 0x0 +--- a/drivers/net/ethernet/google/gve/gve_desc_dqo.h ++++ b/drivers/net/ethernet/google/gve/gve_desc_dqo.h +@@ -176,6 +176,11 @@ static_assert(sizeof(struct gve_tx_compl + #define GVE_COMPL_TYPE_DQO_MISS 0x1 /* Miss path completion */ + #define GVE_COMPL_TYPE_DQO_REINJECTION 0x3 /* Re-injection completion */ + ++/* The most significant bit in the completion tag can change the completion ++ * type from packet completion to miss path completion. ++ */ ++#define GVE_ALT_MISS_COMPL_BIT BIT(15) ++ + /* Descriptor to post buffers to HW on buffer queue. */ + struct gve_rx_desc_dqo { + __le16 buf_id; /* ID returned in Rx completion descriptor */ +--- a/drivers/net/ethernet/google/gve/gve_tx_dqo.c ++++ b/drivers/net/ethernet/google/gve/gve_tx_dqo.c +@@ -953,12 +953,18 @@ int gve_clean_tx_done_dqo(struct gve_pri + atomic_set_release(&tx->dqo_compl.hw_tx_head, tx_head); + } else if (type == GVE_COMPL_TYPE_DQO_PKT) { + u16 compl_tag = le16_to_cpu(compl_desc->completion_tag); +- +- gve_handle_packet_completion(priv, tx, !!napi, +- compl_tag, +- &pkt_compl_bytes, +- &pkt_compl_pkts, +- /*is_reinjection=*/false); ++ if (compl_tag & GVE_ALT_MISS_COMPL_BIT) { ++ compl_tag &= ~GVE_ALT_MISS_COMPL_BIT; ++ gve_handle_miss_completion(priv, tx, compl_tag, ++ &miss_compl_bytes, ++ &miss_compl_pkts); ++ } else { ++ gve_handle_packet_completion(priv, tx, !!napi, ++ compl_tag, ++ &pkt_compl_bytes, ++ &pkt_compl_pkts, ++ false); ++ } + } else if (type == GVE_COMPL_TYPE_DQO_MISS) { + u16 compl_tag = le16_to_cpu(compl_desc->completion_tag); + +@@ -972,7 +978,7 @@ int gve_clean_tx_done_dqo(struct gve_pri + compl_tag, + &reinject_compl_bytes, + &reinject_compl_pkts, +- /*is_reinjection=*/true); ++ true); + } + + tx->dqo_compl.head = diff --git a/patches.suse/gve-Reduce-alloc-and-copy-costs-in-the-GQ-rx-path.patch b/patches.suse/gve-Reduce-alloc-and-copy-costs-in-the-GQ-rx-path.patch new file mode 100644 index 0000000..3c8c651 --- /dev/null +++ b/patches.suse/gve-Reduce-alloc-and-copy-costs-in-the-GQ-rx-path.patch @@ -0,0 +1,886 @@ +From: Shailend Chand +Date: Sat, 29 Oct 2022 09:53:22 -0700 +Subject: gve: Reduce alloc and copy costs in the GQ rx path +Patch-mainline: v6.2-rc1 +Git-commit: 82fd151d38d9fda714c5bb2e9e79ecd6bdc72da6 +References: bsc#1211519 + +Previously, even if just one of the many fragments of a 9k packet +required a copy, we'd copy the whole packet into a freshly-allocated +9k-sized linear SKB, and this led to performance issues. + +By having a pool of pages to copy into, each fragment can be +independently handled, leading to a reduced incidence of +allocation and copy. + +Signed-off-by: Shailend Chand +Signed-off-by: David S. Miller +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/google/gve/gve.h | 26 - + drivers/net/ethernet/google/gve/gve_ethtool.c | 2 + drivers/net/ethernet/google/gve/gve_rx.c | 546 ++++++++++++++------------ + drivers/net/ethernet/google/gve/gve_rx_dqo.c | 2 + drivers/net/ethernet/google/gve/gve_utils.c | 28 - + drivers/net/ethernet/google/gve/gve_utils.h | 2 + 6 files changed, 339 insertions(+), 267 deletions(-) + +--- a/drivers/net/ethernet/google/gve/gve.h ++++ b/drivers/net/ethernet/google/gve/gve.h +@@ -60,7 +60,8 @@ struct gve_rx_slot_page_info { + void *page_address; + u32 page_offset; /* offset to write to in page */ + int pagecnt_bias; /* expected pagecnt if only the driver has a ref */ +- u8 can_flip; ++ u16 pad; /* adjustment for rx padding */ ++ u8 can_flip; /* tracks if the networking stack is using the page */ + }; + + /* A list of pages registered with the device during setup and used by a queue +@@ -149,10 +150,17 @@ struct gve_rx_ctx { + /* head and tail of skb chain for the current packet or NULL if none */ + struct sk_buff *skb_head; + struct sk_buff *skb_tail; +- u16 total_expected_size; +- u8 expected_frag_cnt; +- u8 curr_frag_cnt; +- u8 reuse_frags; ++ u32 total_size; ++ u8 frag_cnt; ++ bool drop_pkt; ++}; ++ ++struct gve_rx_cnts { ++ u32 ok_pkt_bytes; ++ u16 ok_pkt_cnt; ++ u16 total_pkt_cnt; ++ u16 cont_pkt_cnt; ++ u16 desc_err_pkt_cnt; + }; + + /* Contains datapath state used to represent an RX queue. */ +@@ -167,6 +175,10 @@ struct gve_rx_ring { + /* threshold for posting new buffs and descs */ + u32 db_threshold; + u16 packet_buffer_size; ++ ++ u32 qpl_copy_pool_mask; ++ u32 qpl_copy_pool_head; ++ struct gve_rx_slot_page_info *qpl_copy_pool; + }; + + /* DQO fields. */ +@@ -216,7 +228,9 @@ struct gve_rx_ring { + u64 rx_desc_err_dropped_pkt; /* free-running count of packets dropped by descriptor error */ + u64 rx_cont_packet_cnt; /* free-running multi-fragment packets received */ + u64 rx_frag_flip_cnt; /* free-running count of rx segments where page_flip was used */ +- u64 rx_frag_copy_cnt; /* free-running count of rx segments copied into skb linear portion */ ++ u64 rx_frag_copy_cnt; /* free-running count of rx segments copied */ ++ u64 rx_frag_alloc_cnt; /* free-running count of rx page allocations */ ++ + u32 q_num; /* queue index */ + u32 ntfy_id; /* notification block index */ + struct gve_queue_resources *q_resources; /* head and tail pointer idx */ +--- a/drivers/net/ethernet/google/gve/gve_ethtool.c ++++ b/drivers/net/ethernet/google/gve/gve_ethtool.c +@@ -45,6 +45,7 @@ static const char gve_gstrings_main_stat + static const char gve_gstrings_rx_stats[][ETH_GSTRING_LEN] = { + "rx_posted_desc[%u]", "rx_completed_desc[%u]", "rx_consumed_desc[%u]", "rx_bytes[%u]", + "rx_cont_packet_cnt[%u]", "rx_frag_flip_cnt[%u]", "rx_frag_copy_cnt[%u]", ++ "rx_frag_alloc_cnt[%u]", + "rx_dropped_pkt[%u]", "rx_copybreak_pkt[%u]", "rx_copied_pkt[%u]", + "rx_queue_drop_cnt[%u]", "rx_no_buffers_posted[%u]", + "rx_drops_packet_over_mru[%u]", "rx_drops_invalid_checksum[%u]", +@@ -271,6 +272,7 @@ gve_get_ethtool_stats(struct net_device + data[i++] = rx->rx_cont_packet_cnt; + data[i++] = rx->rx_frag_flip_cnt; + data[i++] = rx->rx_frag_copy_cnt; ++ data[i++] = rx->rx_frag_alloc_cnt; + /* rx dropped packets */ + data[i++] = tmp_rx_skb_alloc_fail + + tmp_rx_buf_alloc_fail + +--- a/drivers/net/ethernet/google/gve/gve_rx.c ++++ b/drivers/net/ethernet/google/gve/gve_rx.c +@@ -35,6 +35,12 @@ static void gve_rx_unfill_pages(struct g + rx->data.page_info[i].pagecnt_bias - 1); + gve_unassign_qpl(priv, rx->data.qpl->id); + rx->data.qpl = NULL; ++ ++ for (i = 0; i < rx->qpl_copy_pool_mask + 1; i++) { ++ page_ref_sub(rx->qpl_copy_pool[i].page, ++ rx->qpl_copy_pool[i].pagecnt_bias - 1); ++ put_page(rx->qpl_copy_pool[i].page); ++ } + } + kvfree(rx->data.page_info); + rx->data.page_info = NULL; +@@ -63,6 +69,10 @@ static void gve_rx_free_ring(struct gve_ + dma_free_coherent(dev, bytes, rx->data.data_ring, + rx->data.data_bus); + rx->data.data_ring = NULL; ++ ++ kvfree(rx->qpl_copy_pool); ++ rx->qpl_copy_pool = NULL; ++ + netif_dbg(priv, drv, priv->dev, "freed rx ring %d\n", idx); + } + +@@ -101,6 +111,7 @@ static int gve_prefill_rx_pages(struct g + u32 slots; + int err; + int i; ++ int j; + + /* Allocate one page per Rx queue slot. Each page is split into two + * packet buffers, when possible we "page flip" between the two. +@@ -135,7 +146,31 @@ static int gve_prefill_rx_pages(struct g + goto alloc_err; + } + ++ if (!rx->data.raw_addressing) { ++ for (j = 0; j < rx->qpl_copy_pool_mask + 1; j++) { ++ struct page *page = alloc_page(GFP_KERNEL); ++ ++ if (!page) ++ goto alloc_err_qpl; ++ ++ rx->qpl_copy_pool[j].page = page; ++ rx->qpl_copy_pool[j].page_offset = 0; ++ rx->qpl_copy_pool[j].page_address = page_address(page); ++ ++ /* The page already has 1 ref. */ ++ page_ref_add(page, INT_MAX - 1); ++ rx->qpl_copy_pool[j].pagecnt_bias = INT_MAX; ++ } ++ } ++ + return slots; ++ ++alloc_err_qpl: ++ while (j--) { ++ page_ref_sub(rx->qpl_copy_pool[j].page, ++ rx->qpl_copy_pool[j].pagecnt_bias - 1); ++ put_page(rx->qpl_copy_pool[j].page); ++ } + alloc_err: + while (i--) + gve_rx_free_buffer(&priv->pdev->dev, +@@ -146,12 +181,11 @@ alloc_err: + + static void gve_rx_ctx_clear(struct gve_rx_ctx *ctx) + { +- ctx->curr_frag_cnt = 0; +- ctx->total_expected_size = 0; +- ctx->expected_frag_cnt = 0; + ctx->skb_head = NULL; + ctx->skb_tail = NULL; +- ctx->reuse_frags = false; ++ ctx->total_size = 0; ++ ctx->frag_cnt = 0; ++ ctx->drop_pkt = false; + } + + static int gve_rx_alloc_ring(struct gve_priv *priv, int idx) +@@ -181,10 +215,22 @@ static int gve_rx_alloc_ring(struct gve_ + GFP_KERNEL); + if (!rx->data.data_ring) + return -ENOMEM; ++ ++ rx->qpl_copy_pool_mask = min_t(u32, U32_MAX, slots * 2) - 1; ++ rx->qpl_copy_pool_head = 0; ++ rx->qpl_copy_pool = kvcalloc(rx->qpl_copy_pool_mask + 1, ++ sizeof(rx->qpl_copy_pool[0]), ++ GFP_KERNEL); ++ ++ if (!rx->qpl_copy_pool) { ++ err = -ENOMEM; ++ goto abort_with_slots; ++ } ++ + filled_pages = gve_prefill_rx_pages(rx); + if (filled_pages < 0) { + err = -ENOMEM; +- goto abort_with_slots; ++ goto abort_with_copy_pool; + } + rx->fill_cnt = filled_pages; + /* Ensure data ring slots (packet buffers) are visible. */ +@@ -236,6 +282,9 @@ abort_with_q_resources: + rx->q_resources = NULL; + abort_filled: + gve_rx_unfill_pages(priv, rx); ++abort_with_copy_pool: ++ kvfree(rx->qpl_copy_pool); ++ rx->qpl_copy_pool = NULL; + abort_with_slots: + bytes = sizeof(*rx->data.data_ring) * slots; + dma_free_coherent(hdev, bytes, rx->data.data_ring, rx->data.data_bus); +@@ -292,30 +341,47 @@ static enum pkt_hash_types gve_rss_type( + return PKT_HASH_TYPE_L2; + } + +-static u16 gve_rx_ctx_padding(struct gve_rx_ctx *ctx) +-{ +- return (ctx->curr_frag_cnt == 0) ? GVE_RX_PAD : 0; +-} +- + static struct sk_buff *gve_rx_add_frags(struct napi_struct *napi, + struct gve_rx_slot_page_info *page_info, + u16 packet_buffer_size, u16 len, + struct gve_rx_ctx *ctx) + { +- u32 offset = page_info->page_offset + gve_rx_ctx_padding(ctx); +- struct sk_buff *skb; ++ u32 offset = page_info->page_offset + page_info->pad; ++ struct sk_buff *skb = ctx->skb_tail; ++ int num_frags = 0; ++ ++ if (!skb) { ++ skb = napi_get_frags(napi); ++ if (unlikely(!skb)) ++ return NULL; + +- if (!ctx->skb_head) +- ctx->skb_head = napi_get_frags(napi); ++ ctx->skb_head = skb; ++ ctx->skb_tail = skb; ++ } else { ++ num_frags = skb_shinfo(ctx->skb_tail)->nr_frags; ++ if (num_frags == MAX_SKB_FRAGS) { ++ skb = napi_alloc_skb(napi, 0); ++ if (!skb) ++ return NULL; + +- if (unlikely(!ctx->skb_head)) +- return NULL; ++ // We will never chain more than two SKBs: 2 * 16 * 2k > 64k ++ // which is why we do not need to chain by using skb->next ++ skb_shinfo(ctx->skb_tail)->frag_list = skb; ++ ++ ctx->skb_tail = skb; ++ num_frags = 0; ++ } ++ } + +- skb = ctx->skb_head; +- skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, page_info->page, ++ if (skb != ctx->skb_head) { ++ ctx->skb_head->len += len; ++ ctx->skb_head->data_len += len; ++ ctx->skb_head->truesize += packet_buffer_size; ++ } ++ skb_add_rx_frag(skb, num_frags, page_info->page, + offset, len, packet_buffer_size); + +- return skb; ++ return ctx->skb_head; + } + + static void gve_rx_flip_buff(struct gve_rx_slot_page_info *page_info, __be64 *slot_addr) +@@ -363,6 +429,92 @@ gve_rx_raw_addressing(struct device *dev + return skb; + } + ++static struct sk_buff *gve_rx_copy_to_pool(struct gve_rx_ring *rx, ++ struct gve_rx_slot_page_info *page_info, ++ u16 len, struct napi_struct *napi) ++{ ++ u32 pool_idx = rx->qpl_copy_pool_head & rx->qpl_copy_pool_mask; ++ void *src = page_info->page_address + page_info->page_offset; ++ struct gve_rx_slot_page_info *copy_page_info; ++ struct gve_rx_ctx *ctx = &rx->ctx; ++ bool alloc_page = false; ++ struct sk_buff *skb; ++ void *dst; ++ ++ copy_page_info = &rx->qpl_copy_pool[pool_idx]; ++ if (!copy_page_info->can_flip) { ++ int recycle = gve_rx_can_recycle_buffer(copy_page_info); ++ ++ if (unlikely(recycle < 0)) { ++ gve_schedule_reset(rx->gve); ++ return NULL; ++ } ++ alloc_page = !recycle; ++ } ++ ++ if (alloc_page) { ++ struct gve_rx_slot_page_info alloc_page_info; ++ struct page *page; ++ ++ /* The least recently used page turned out to be ++ * still in use by the kernel. Ignoring it and moving ++ * on alleviates head-of-line blocking. ++ */ ++ rx->qpl_copy_pool_head++; ++ ++ page = alloc_page(GFP_ATOMIC); ++ if (!page) ++ return NULL; ++ ++ alloc_page_info.page = page; ++ alloc_page_info.page_offset = 0; ++ alloc_page_info.page_address = page_address(page); ++ alloc_page_info.pad = page_info->pad; ++ ++ memcpy(alloc_page_info.page_address, src, page_info->pad + len); ++ skb = gve_rx_add_frags(napi, &alloc_page_info, ++ rx->packet_buffer_size, ++ len, ctx); ++ ++ u64_stats_update_begin(&rx->statss); ++ rx->rx_frag_copy_cnt++; ++ rx->rx_frag_alloc_cnt++; ++ u64_stats_update_end(&rx->statss); ++ ++ return skb; ++ } ++ ++ dst = copy_page_info->page_address + copy_page_info->page_offset; ++ memcpy(dst, src, page_info->pad + len); ++ copy_page_info->pad = page_info->pad; ++ ++ skb = gve_rx_add_frags(napi, copy_page_info, ++ rx->packet_buffer_size, len, ctx); ++ if (unlikely(!skb)) ++ return NULL; ++ ++ gve_dec_pagecnt_bias(copy_page_info); ++ copy_page_info->page_offset += rx->packet_buffer_size; ++ copy_page_info->page_offset &= (PAGE_SIZE - 1); ++ ++ if (copy_page_info->can_flip) { ++ /* We have used both halves of this copy page, it ++ * is time for it to go to the back of the queue. ++ */ ++ copy_page_info->can_flip = false; ++ rx->qpl_copy_pool_head++; ++ prefetch(rx->qpl_copy_pool[rx->qpl_copy_pool_head & rx->qpl_copy_pool_mask].page); ++ } else { ++ copy_page_info->can_flip = true; ++ } ++ ++ u64_stats_update_begin(&rx->statss); ++ rx->rx_frag_copy_cnt++; ++ u64_stats_update_end(&rx->statss); ++ ++ return skb; ++} ++ + static struct sk_buff * + gve_rx_qpl(struct device *dev, struct net_device *netdev, + struct gve_rx_ring *rx, struct gve_rx_slot_page_info *page_info, +@@ -377,7 +529,7 @@ gve_rx_qpl(struct device *dev, struct ne + * choice is to copy the data out of it so that we can return it to the + * device. + */ +- if (ctx->reuse_frags) { ++ if (page_info->can_flip) { + skb = gve_rx_add_frags(napi, page_info, rx->packet_buffer_size, len, ctx); + /* No point in recycling if we didn't get the skb */ + if (skb) { +@@ -386,116 +538,23 @@ gve_rx_qpl(struct device *dev, struct ne + gve_rx_flip_buff(page_info, &data_slot->qpl_offset); + } + } else { +- const u16 padding = gve_rx_ctx_padding(ctx); +- +- skb = gve_rx_copy(netdev, napi, page_info, len, padding, ctx); +- if (skb) { +- u64_stats_update_begin(&rx->statss); +- rx->rx_frag_copy_cnt++; +- u64_stats_update_end(&rx->statss); +- } ++ skb = gve_rx_copy_to_pool(rx, page_info, len, napi); + } + return skb; + } + +-#define GVE_PKTCONT_BIT_IS_SET(x) (GVE_RXF_PKT_CONT & (x)) +-static u16 gve_rx_get_fragment_size(struct gve_rx_ctx *ctx, struct gve_rx_desc *desc) +-{ +- return be16_to_cpu(desc->len) - gve_rx_ctx_padding(ctx); +-} +- +-static bool gve_rx_ctx_init(struct gve_rx_ctx *ctx, struct gve_rx_ring *rx) +-{ +- bool qpl_mode = !rx->data.raw_addressing, packet_size_error = false; +- bool buffer_error = false, desc_error = false, seqno_error = false; +- struct gve_rx_slot_page_info *page_info; +- struct gve_priv *priv = rx->gve; +- u32 idx = rx->cnt & rx->mask; +- bool reuse_frags, can_flip; +- struct gve_rx_desc *desc; +- u16 packet_size = 0; +- u16 n_frags = 0; +- int recycle; +- +- /** In QPL mode, we only flip buffers when all buffers containing the packet +- * can be flipped. RDA can_flip decisions will be made later, per frag. +- */ +- can_flip = qpl_mode; +- reuse_frags = can_flip; +- do { +- u16 frag_size; +- +- n_frags++; +- desc = &rx->desc.desc_ring[idx]; +- desc_error = unlikely(desc->flags_seq & GVE_RXF_ERR) || desc_error; +- if (GVE_SEQNO(desc->flags_seq) != rx->desc.seqno) { +- seqno_error = true; +- netdev_warn(priv->dev, +- "RX seqno error: want=%d, got=%d, dropping packet and scheduling reset.", +- rx->desc.seqno, GVE_SEQNO(desc->flags_seq)); +- } +- frag_size = be16_to_cpu(desc->len); +- packet_size += frag_size; +- if (frag_size > rx->packet_buffer_size) { +- packet_size_error = true; +- netdev_warn(priv->dev, +- "RX fragment error: packet_buffer_size=%d, frag_size=%d, dropping packet.", +- rx->packet_buffer_size, be16_to_cpu(desc->len)); +- } +- page_info = &rx->data.page_info[idx]; +- if (can_flip) { +- recycle = gve_rx_can_recycle_buffer(page_info); +- reuse_frags = reuse_frags && recycle > 0; +- buffer_error = buffer_error || unlikely(recycle < 0); +- } +- idx = (idx + 1) & rx->mask; +- rx->desc.seqno = gve_next_seqno(rx->desc.seqno); +- } while (GVE_PKTCONT_BIT_IS_SET(desc->flags_seq)); +- +- prefetch(rx->desc.desc_ring + idx); +- +- ctx->curr_frag_cnt = 0; +- ctx->total_expected_size = packet_size - GVE_RX_PAD; +- ctx->expected_frag_cnt = n_frags; +- ctx->skb_head = NULL; +- ctx->reuse_frags = reuse_frags; +- +- if (ctx->expected_frag_cnt > 1) { +- u64_stats_update_begin(&rx->statss); +- rx->rx_cont_packet_cnt++; +- u64_stats_update_end(&rx->statss); +- } +- if (ctx->total_expected_size > priv->rx_copybreak && !ctx->reuse_frags && qpl_mode) { +- u64_stats_update_begin(&rx->statss); +- rx->rx_copied_pkt++; +- u64_stats_update_end(&rx->statss); +- } +- +- if (unlikely(buffer_error || seqno_error || packet_size_error)) { +- gve_schedule_reset(priv); +- return false; +- } +- +- if (unlikely(desc_error)) { +- u64_stats_update_begin(&rx->statss); +- rx->rx_desc_err_dropped_pkt++; +- u64_stats_update_end(&rx->statss); +- return false; +- } +- return true; +-} +- + static struct sk_buff *gve_rx_skb(struct gve_priv *priv, struct gve_rx_ring *rx, + struct gve_rx_slot_page_info *page_info, struct napi_struct *napi, +- u16 len, union gve_rx_data_slot *data_slot) ++ u16 len, union gve_rx_data_slot *data_slot, ++ bool is_only_frag) + { + struct net_device *netdev = priv->dev; + struct gve_rx_ctx *ctx = &rx->ctx; + struct sk_buff *skb = NULL; + +- if (len <= priv->rx_copybreak && ctx->expected_frag_cnt == 1) { ++ if (len <= priv->rx_copybreak && is_only_frag) { + /* Just copy small packets */ +- skb = gve_rx_copy(netdev, napi, page_info, len, GVE_RX_PAD, ctx); ++ skb = gve_rx_copy(netdev, napi, page_info, len, GVE_RX_PAD); + if (skb) { + u64_stats_update_begin(&rx->statss); + rx->rx_copied_pkt++; +@@ -504,29 +563,25 @@ static struct sk_buff *gve_rx_skb(struct + u64_stats_update_end(&rx->statss); + } + } else { +- if (rx->data.raw_addressing) { +- int recycle = gve_rx_can_recycle_buffer(page_info); ++ int recycle = gve_rx_can_recycle_buffer(page_info); + +- if (unlikely(recycle < 0)) { +- gve_schedule_reset(priv); +- return NULL; +- } +- page_info->can_flip = recycle; +- if (page_info->can_flip) { +- u64_stats_update_begin(&rx->statss); +- rx->rx_frag_flip_cnt++; +- u64_stats_update_end(&rx->statss); +- } ++ if (unlikely(recycle < 0)) { ++ gve_schedule_reset(priv); ++ return NULL; ++ } ++ page_info->can_flip = recycle; ++ if (page_info->can_flip) { ++ u64_stats_update_begin(&rx->statss); ++ rx->rx_frag_flip_cnt++; ++ u64_stats_update_end(&rx->statss); ++ } ++ ++ if (rx->data.raw_addressing) { + skb = gve_rx_raw_addressing(&priv->pdev->dev, netdev, + page_info, len, napi, + data_slot, + rx->packet_buffer_size, ctx); + } else { +- if (ctx->reuse_frags) { +- u64_stats_update_begin(&rx->statss); +- rx->rx_frag_flip_cnt++; +- u64_stats_update_end(&rx->statss); +- } + skb = gve_rx_qpl(&priv->pdev->dev, netdev, rx, + page_info, len, napi, data_slot); + } +@@ -534,101 +589,113 @@ static struct sk_buff *gve_rx_skb(struct + return skb; + } + +-static bool gve_rx(struct gve_rx_ring *rx, netdev_features_t feat, +- u64 *packet_size_bytes, u32 *work_done) ++#define GVE_PKTCONT_BIT_IS_SET(x) (GVE_RXF_PKT_CONT & (x)) ++static void gve_rx(struct gve_rx_ring *rx, netdev_features_t feat, ++ struct gve_rx_desc *desc, u32 idx, ++ struct gve_rx_cnts *cnts) + { ++ bool is_last_frag = !GVE_PKTCONT_BIT_IS_SET(desc->flags_seq); + struct gve_rx_slot_page_info *page_info; ++ u16 frag_size = be16_to_cpu(desc->len); + struct gve_rx_ctx *ctx = &rx->ctx; + union gve_rx_data_slot *data_slot; + struct gve_priv *priv = rx->gve; +- struct gve_rx_desc *first_desc; + struct sk_buff *skb = NULL; +- struct gve_rx_desc *desc; +- struct napi_struct *napi; + dma_addr_t page_bus; +- u32 work_cnt = 0; + void *va; +- u32 idx; +- u16 len; + +- idx = rx->cnt & rx->mask; +- first_desc = &rx->desc.desc_ring[idx]; +- desc = first_desc; +- napi = &priv->ntfy_blocks[rx->ntfy_id].napi; +- +- if (unlikely(!gve_rx_ctx_init(ctx, rx))) +- goto skb_alloc_fail; +- +- while (ctx->curr_frag_cnt < ctx->expected_frag_cnt) { +- /* Prefetch two packet buffers ahead, we will need it soon. */ +- page_info = &rx->data.page_info[(idx + 2) & rx->mask]; +- va = page_info->page_address + page_info->page_offset; +- +- prefetch(page_info->page); /* Kernel page struct. */ +- prefetch(va); /* Packet header. */ +- prefetch(va + 64); /* Next cacheline too. */ ++ struct napi_struct *napi = &priv->ntfy_blocks[rx->ntfy_id].napi; ++ bool is_first_frag = ctx->frag_cnt == 0; + +- len = gve_rx_get_fragment_size(ctx, desc); ++ bool is_only_frag = is_first_frag && is_last_frag; + +- page_info = &rx->data.page_info[idx]; +- data_slot = &rx->data.data_ring[idx]; +- page_bus = rx->data.raw_addressing ? +- be64_to_cpu(data_slot->addr) - page_info->page_offset : +- rx->data.qpl->page_buses[idx]; +- dma_sync_single_for_cpu(&priv->pdev->dev, page_bus, PAGE_SIZE, DMA_FROM_DEVICE); ++ if (unlikely(ctx->drop_pkt)) ++ goto finish_frag; + +- skb = gve_rx_skb(priv, rx, page_info, napi, len, data_slot); +- if (!skb) { +- u64_stats_update_begin(&rx->statss); +- rx->rx_skb_alloc_fail++; +- u64_stats_update_end(&rx->statss); +- goto skb_alloc_fail; +- } ++ if (desc->flags_seq & GVE_RXF_ERR) { ++ ctx->drop_pkt = true; ++ cnts->desc_err_pkt_cnt++; ++ napi_free_frags(napi); ++ goto finish_frag; ++ } + +- ctx->curr_frag_cnt++; +- rx->cnt++; +- idx = rx->cnt & rx->mask; +- work_cnt++; +- desc = &rx->desc.desc_ring[idx]; ++ if (unlikely(frag_size > rx->packet_buffer_size)) { ++ netdev_warn(priv->dev, "Unexpected frag size %d, can't exceed %d, scheduling reset", ++ frag_size, rx->packet_buffer_size); ++ ctx->drop_pkt = true; ++ napi_free_frags(napi); ++ gve_schedule_reset(rx->gve); ++ goto finish_frag; + } + +- if (likely(feat & NETIF_F_RXCSUM)) { +- /* NIC passes up the partial sum */ +- if (first_desc->csum) +- skb->ip_summed = CHECKSUM_COMPLETE; +- else +- skb->ip_summed = CHECKSUM_NONE; +- skb->csum = csum_unfold(first_desc->csum); ++ /* Prefetch two packet buffers ahead, we will need it soon. */ ++ page_info = &rx->data.page_info[(idx + 2) & rx->mask]; ++ va = page_info->page_address + page_info->page_offset; ++ prefetch(page_info->page); /* Kernel page struct. */ ++ prefetch(va); /* Packet header. */ ++ prefetch(va + 64); /* Next cacheline too. */ ++ ++ page_info = &rx->data.page_info[idx]; ++ data_slot = &rx->data.data_ring[idx]; ++ page_bus = (rx->data.raw_addressing) ? ++ be64_to_cpu(data_slot->addr) - page_info->page_offset : ++ rx->data.qpl->page_buses[idx]; ++ dma_sync_single_for_cpu(&priv->pdev->dev, page_bus, ++ PAGE_SIZE, DMA_FROM_DEVICE); ++ page_info->pad = is_first_frag ? GVE_RX_PAD : 0; ++ frag_size -= page_info->pad; ++ ++ skb = gve_rx_skb(priv, rx, page_info, napi, frag_size, ++ data_slot, is_only_frag); ++ if (!skb) { ++ u64_stats_update_begin(&rx->statss); ++ rx->rx_skb_alloc_fail++; ++ u64_stats_update_end(&rx->statss); ++ ++ napi_free_frags(napi); ++ ctx->drop_pkt = true; ++ goto finish_frag; + } ++ ctx->total_size += frag_size; + +- /* parse flags & pass relevant info up */ +- if (likely(feat & NETIF_F_RXHASH) && +- gve_needs_rss(first_desc->flags_seq)) +- skb_set_hash(skb, be32_to_cpu(first_desc->rss_hash), +- gve_rss_type(first_desc->flags_seq)); +- +- *packet_size_bytes = skb->len + (skb->protocol ? ETH_HLEN : 0); +- *work_done = work_cnt; +- skb_record_rx_queue(skb, rx->q_num); +- if (skb_is_nonlinear(skb)) +- napi_gro_frags(napi); +- else +- napi_gro_receive(napi, skb); ++ if (is_first_frag) { ++ if (likely(feat & NETIF_F_RXCSUM)) { ++ /* NIC passes up the partial sum */ ++ if (desc->csum) ++ skb->ip_summed = CHECKSUM_COMPLETE; ++ else ++ skb->ip_summed = CHECKSUM_NONE; ++ skb->csum = csum_unfold(desc->csum); ++ } ++ ++ /* parse flags & pass relevant info up */ ++ if (likely(feat & NETIF_F_RXHASH) && ++ gve_needs_rss(desc->flags_seq)) ++ skb_set_hash(skb, be32_to_cpu(desc->rss_hash), ++ gve_rss_type(desc->flags_seq)); ++ } ++ ++ if (is_last_frag) { ++ skb_record_rx_queue(skb, rx->q_num); ++ if (skb_is_nonlinear(skb)) ++ napi_gro_frags(napi); ++ else ++ napi_gro_receive(napi, skb); ++ goto finish_ok_pkt; ++ } + +- gve_rx_ctx_clear(ctx); +- return true; ++ goto finish_frag; + +-skb_alloc_fail: +- if (napi->skb) +- napi_free_frags(napi); +- *packet_size_bytes = 0; +- *work_done = ctx->expected_frag_cnt; +- while (ctx->curr_frag_cnt < ctx->expected_frag_cnt) { +- rx->cnt++; +- ctx->curr_frag_cnt++; ++finish_ok_pkt: ++ cnts->ok_pkt_bytes += ctx->total_size; ++ cnts->ok_pkt_cnt++; ++finish_frag: ++ ctx->frag_cnt++; ++ if (is_last_frag) { ++ cnts->total_pkt_cnt++; ++ cnts->cont_pkt_cnt += (ctx->frag_cnt > 1); ++ gve_rx_ctx_clear(ctx); + } +- gve_rx_ctx_clear(ctx); +- return false; + } + + bool gve_rx_work_pending(struct gve_rx_ring *rx) +@@ -704,36 +771,39 @@ static bool gve_rx_refill_buffers(struct + static int gve_clean_rx_done(struct gve_rx_ring *rx, int budget, + netdev_features_t feat) + { +- u32 work_done = 0, total_packet_cnt = 0, ok_packet_cnt = 0; ++ struct gve_rx_ctx *ctx = &rx->ctx; + struct gve_priv *priv = rx->gve; ++ struct gve_rx_cnts cnts = {0}; ++ struct gve_rx_desc *next_desc; + u32 idx = rx->cnt & rx->mask; +- struct gve_rx_desc *desc; +- u64 bytes = 0; ++ u32 work_done = 0; ++ ++ struct gve_rx_desc *desc = &rx->desc.desc_ring[idx]; + +- desc = &rx->desc.desc_ring[idx]; ++ // Exceed budget only if (and till) the inflight packet is consumed. + while ((GVE_SEQNO(desc->flags_seq) == rx->desc.seqno) && +- work_done < budget) { +- u64 packet_size_bytes = 0; +- u32 work_cnt = 0; +- bool dropped; +- +- netif_info(priv, rx_status, priv->dev, +- "[%d] idx=%d desc=%p desc->flags_seq=0x%x\n", +- rx->q_num, idx, desc, desc->flags_seq); +- netif_info(priv, rx_status, priv->dev, +- "[%d] seqno=%d rx->desc.seqno=%d\n", +- rx->q_num, GVE_SEQNO(desc->flags_seq), +- rx->desc.seqno); +- +- dropped = !gve_rx(rx, feat, &packet_size_bytes, &work_cnt); +- if (!dropped) { +- bytes += packet_size_bytes; +- ok_packet_cnt++; +- } +- total_packet_cnt++; ++ (work_done < budget || ctx->frag_cnt)) { ++ next_desc = &rx->desc.desc_ring[(idx + 1) & rx->mask]; ++ prefetch(next_desc); ++ ++ gve_rx(rx, feat, desc, idx, &cnts); ++ ++ rx->cnt++; + idx = rx->cnt & rx->mask; + desc = &rx->desc.desc_ring[idx]; +- work_done += work_cnt; ++ rx->desc.seqno = gve_next_seqno(rx->desc.seqno); ++ work_done++; ++ } ++ ++ // The device will only send whole packets. ++ if (unlikely(ctx->frag_cnt)) { ++ struct napi_struct *napi = &priv->ntfy_blocks[rx->ntfy_id].napi; ++ ++ napi_free_frags(napi); ++ gve_rx_ctx_clear(&rx->ctx); ++ netdev_warn(priv->dev, "Unexpected seq number %d with incomplete packet, expected %d, scheduling reset", ++ GVE_SEQNO(desc->flags_seq), rx->desc.seqno); ++ gve_schedule_reset(rx->gve); + } + + if (!work_done && rx->fill_cnt - rx->cnt > rx->db_threshold) +@@ -741,8 +811,10 @@ static int gve_clean_rx_done(struct gve_ + + if (work_done) { + u64_stats_update_begin(&rx->statss); +- rx->rpackets += ok_packet_cnt; +- rx->rbytes += bytes; ++ rx->rpackets += cnts.ok_pkt_cnt; ++ rx->rbytes += cnts.ok_pkt_bytes; ++ rx->rx_cont_packet_cnt += cnts.cont_pkt_cnt; ++ rx->rx_desc_err_dropped_pkt += cnts.desc_err_pkt_cnt; + u64_stats_update_end(&rx->statss); + } + +@@ -767,7 +839,7 @@ static int gve_clean_rx_done(struct gve_ + } + + gve_rx_write_doorbell(priv, rx); +- return total_packet_cnt; ++ return cnts.total_pkt_cnt; + } + + int gve_rx_poll(struct gve_notify_block *block, int budget) +--- a/drivers/net/ethernet/google/gve/gve_rx_dqo.c ++++ b/drivers/net/ethernet/google/gve/gve_rx_dqo.c +@@ -568,7 +568,7 @@ static int gve_rx_dqo(struct napi_struct + + if (eop && buf_len <= priv->rx_copybreak) { + rx->ctx.skb_head = gve_rx_copy(priv->dev, napi, +- &buf_state->page_info, buf_len, 0, NULL); ++ &buf_state->page_info, buf_len, 0); + if (unlikely(!rx->ctx.skb_head)) + goto error; + rx->ctx.skb_tail = rx->ctx.skb_head; +--- a/drivers/net/ethernet/google/gve/gve_utils.c ++++ b/drivers/net/ethernet/google/gve/gve_utils.c +@@ -50,34 +50,18 @@ void gve_rx_add_to_block(struct gve_priv + + struct sk_buff *gve_rx_copy(struct net_device *dev, struct napi_struct *napi, + struct gve_rx_slot_page_info *page_info, u16 len, +- u16 padding, struct gve_rx_ctx *ctx) ++ u16 padding) + { + void *va = page_info->page_address + padding + page_info->page_offset; +- int skb_linear_offset = 0; +- bool set_protocol = false; + struct sk_buff *skb; + +- if (ctx) { +- if (!ctx->skb_head) +- ctx->skb_head = napi_alloc_skb(napi, ctx->total_expected_size); ++ skb = napi_alloc_skb(napi, len); ++ if (unlikely(!skb)) ++ return NULL; + +- if (unlikely(!ctx->skb_head)) +- return NULL; +- skb = ctx->skb_head; +- skb_linear_offset = skb->len; +- set_protocol = ctx->curr_frag_cnt == ctx->expected_frag_cnt - 1; +- } else { +- skb = napi_alloc_skb(napi, len); +- +- if (unlikely(!skb)) +- return NULL; +- set_protocol = true; +- } + __skb_put(skb, len); +- skb_copy_to_linear_data_offset(skb, skb_linear_offset, va, len); +- +- if (set_protocol) +- skb->protocol = eth_type_trans(skb, dev); ++ skb_copy_to_linear_data_offset(skb, 0, va, len); ++ skb->protocol = eth_type_trans(skb, dev); + + return skb; + } +--- a/drivers/net/ethernet/google/gve/gve_utils.h ++++ b/drivers/net/ethernet/google/gve/gve_utils.h +@@ -19,7 +19,7 @@ void gve_rx_add_to_block(struct gve_priv + + struct sk_buff *gve_rx_copy(struct net_device *dev, struct napi_struct *napi, + struct gve_rx_slot_page_info *page_info, u16 len, +- u16 pad, struct gve_rx_ctx *ctx); ++ u16 pad); + + /* Decrement pagecnt_bias. Set it back to INT_MAX if it reached zero. */ + void gve_dec_pagecnt_bias(struct gve_rx_slot_page_info *page_info); diff --git a/patches.suse/gve-enhance-no-queue-page-list-detection.patch b/patches.suse/gve-enhance-no-queue-page-list-detection.patch new file mode 100644 index 0000000..023b091 --- /dev/null +++ b/patches.suse/gve-enhance-no-queue-page-list-detection.patch @@ -0,0 +1,52 @@ +From: Haiyue Wang +Date: Tue, 15 Feb 2022 13:17:49 +0800 +Subject: gve: enhance no queue page list detection +Patch-mainline: v5.18-rc1 +Git-commit: b0471c26108160217fc17acec4a9fdce92aaeeea +References: bsc#1211519 + +The commit +a5886ef4f4bf ("gve: Introduce per netdev `enum gve_queue_format`") +introduces three queue format type, only GVE_GQI_QPL_FORMAT queue has +page list. So it should use the queue page list number to detect the +zero size queue page list. Correct the design logic. + +Using the 'queue_format == GVE_GQI_RDA_FORMAT' may lead to request zero +sized memory allocation, like if the queue format is GVE_DQO_RDA_FORMAT. + +The kernel memory subsystem will return ZERO_SIZE_PTR, which is not NULL +address, so the driver can run successfully. Also the code still checks +the queue page list number firstly, then accesses the allocated memory, +so zero number queue page list allocation will not lead to access fault. + +Signed-off-by: Haiyue Wang +Reviewed-by: Bailey Forrest +Link: https://lore.kernel.org/r/20220215051751.260866-1-haiyue.wang@intel.com +Signed-off-by: Jakub Kicinski +Acked-by: Thomas Bogendoerfer +--- + drivers/net/ethernet/google/gve/gve_main.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +--- a/drivers/net/ethernet/google/gve/gve_main.c ++++ b/drivers/net/ethernet/google/gve/gve_main.c +@@ -857,8 +857,7 @@ static int gve_alloc_qpls(struct gve_pri + int i, j; + int err; + +- /* Raw addressing means no QPLs */ +- if (priv->queue_format == GVE_GQI_RDA_FORMAT) ++ if (num_qpls == 0) + return 0; + + priv->qpls = kvcalloc(num_qpls, sizeof(*priv->qpls), GFP_KERNEL); +@@ -901,8 +900,7 @@ static void gve_free_qpls(struct gve_pri + int num_qpls = gve_num_tx_qpls(priv) + gve_num_rx_qpls(priv); + int i; + +- /* Raw addressing means no QPLs */ +- if (priv->queue_format == GVE_GQI_RDA_FORMAT) ++ if (num_qpls == 0) + return; + + kvfree(priv->qpl_cfg.qpl_id_map); diff --git a/patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch b/patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch new file mode 100644 index 0000000..869f8db --- /dev/null +++ b/patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch @@ -0,0 +1,77 @@ +From 4388f1ebeee9ba362b6b94ea587e1006a8721a15 Mon Sep 17 00:00:00 2001 +From: David Lebrun +Date: Fri, 2 Sep 2022 10:45:06 +0100 +Subject: [PATCH] ipv6: sr: fix out-of-bounds read when setting HMAC data. +Git-commit: 84a53580c5d2138c7361c7c3eea5b31827e63b35 +Patch-mainline: v6.0-rc5 +References: bsc#1211592 + +The SRv6 layer allows defining HMAC data that can later be used to sign IPv6 +Segment Routing Headers. This configuration is realised via netlink through +four attributes: SEG6_ATTR_HMACKEYID, SEG6_ATTR_SECRET, SEG6_ATTR_SECRETLEN and +SEG6_ATTR_ALGID. Because the SECRETLEN attribute is decoupled from the actual +length of the SECRET attribute, it is possible to provide invalid combinations +(e.g., secret = "", secretlen = 64). This case is not checked in the code and +with an appropriately crafted netlink message, an out-of-bounds read of up +to 64 bytes (max secret length) can occur past the skb end pointer and into +skb_shared_info: + +Breakpoint 1, seg6_genl_sethmac (skb=, info=) at net/ipv6/seg6.c:208 +208 memcpy(hinfo->secret, secret, slen); +(gdb) bt + #0 seg6_genl_sethmac (skb=, info=) at net/ipv6/seg6.c:208 + #1 0xffffffff81e012e9 in genl_family_rcv_msg_doit (skb=skb@entry=0xffff88800b1f9f00, nlh=nlh@entry=0xffff88800b1b7600, + extack=extack@entry=0xffffc90000ba7af0, ops=ops@entry=0xffffc90000ba7a80, hdrlen=4, net=0xffffffff84237580 , family=, + family=) at net/netlink/genetlink.c:731 + #2 0xffffffff81e01435 in genl_family_rcv_msg (extack=0xffffc90000ba7af0, nlh=0xffff88800b1b7600, skb=0xffff88800b1f9f00, + family=0xffffffff82fef6c0 ) at net/netlink/genetlink.c:775 + #3 genl_rcv_msg (skb=0xffff88800b1f9f00, nlh=0xffff88800b1b7600, extack=0xffffc90000ba7af0) at net/netlink/genetlink.c:792 + #4 0xffffffff81dfffc3 in netlink_rcv_skb (skb=skb@entry=0xffff88800b1f9f00, cb=cb@entry=0xffffffff81e01350 ) + at net/netlink/af_netlink.c:2501 + #5 0xffffffff81e00919 in genl_rcv (skb=0xffff88800b1f9f00) at net/netlink/genetlink.c:803 + #6 0xffffffff81dff6ae in netlink_unicast_kernel (ssk=0xffff888010eec800, skb=0xffff88800b1f9f00, sk=0xffff888004aed000) + at net/netlink/af_netlink.c:1319 + #7 netlink_unicast (ssk=ssk@entry=0xffff888010eec800, skb=skb@entry=0xffff88800b1f9f00, portid=portid@entry=0, nonblock=) + at net/netlink/af_netlink.c:1345 + #8 0xffffffff81dff9a4 in netlink_sendmsg (sock=, msg=0xffffc90000ba7e48, len=) at net/netlink/af_netlink.c:1921 +... +(gdb) p/x ((struct sk_buff *)0xffff88800b1f9f00)->head + ((struct sk_buff *)0xffff88800b1f9f00)->end +$1 = 0xffff88800b1b76c0 +(gdb) p/x secret +$2 = 0xffff88800b1b76c0 +(gdb) p slen +$3 = 64 '@' + +The OOB data can then be read back from userspace by dumping HMAC state. This +commit fixes this by ensuring SECRETLEN cannot exceed the actual length of +SECRET. + +Reported-by: Lucas Leong +Tested: verified that EINVAL is correctly returned when secretlen > len(secret) +Fixes: 4f4853dc1c9c1 ("ipv6: sr: implement API to control SR HMAC structure") +Signed-off-by: David Lebrun +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + net/ipv6/seg6.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c +index 4458e46977fe..c7f5e76d1544 100644 +--- a/net/ipv6/seg6.c ++++ b/net/ipv6/seg6.c +@@ -129,6 +129,11 @@ static int seg6_genl_sethmac(struct sk_buff *skb, struct genl_info *info) + goto out_unlock; + } + ++ if (slen > nla_len(info->attrs[SEG6_ATTR_SECRET])) { ++ err = -EINVAL; ++ goto out_unlock; ++ } ++ + if (hinfo) { + err = seg6_hmac_info_del(net, hmackeyid); + if (err) +-- +2.16.4 + diff --git a/patches.suse/kvm-x86-Disable-KVM_HC_CLOCK_PAIRING-if-tsc-is-in-al.patch b/patches.suse/kvm-x86-Disable-KVM_HC_CLOCK_PAIRING-if-tsc-is-in-al.patch new file mode 100644 index 0000000..af425ab --- /dev/null +++ b/patches.suse/kvm-x86-Disable-KVM_HC_CLOCK_PAIRING-if-tsc-is-in-al.patch @@ -0,0 +1,48 @@ +Patch-mainline: v5.17-rc6 +Git-commit: 3a55f729240a686aa8af00af436306c0cd532522 +References: git-fixes +From: Anton Romanov +Date: Wed, 16 Feb 2022 18:26:54 +0000 +Subject: [PATCH] kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always + catchup mode + +If vcpu has tsc_always_catchup set each request updates pvclock data. +KVM_HC_CLOCK_PAIRING consumers such as ptp_kvm_x86 rely on tsc read on +host's side and do hypercall inside pvclock_read_retry loop leading to +infinite loop in such situation. + +v3: + Removed warn + Changed return code to KVM_EFAULT +v2: + Added warn + +Signed-off-by: Anton Romanov +Message-Id: <20220216182653.506850-1-romanton@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/x86.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index b8bd8da32045..3471efe47e5f 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -8943,6 +8943,13 @@ static int kvm_pv_clock_pairing(struct kvm_vcpu *vcpu, gpa_t paddr, + if (clock_type != KVM_CLOCK_PAIRING_WALLCLOCK) + return -KVM_EOPNOTSUPP; + ++ /* ++ * When tsc is in permanent catchup mode guests won't be able to use ++ * pvclock_read_retry loop to get consistent view of pvclock ++ */ ++ if (vcpu->arch.tsc_always_catchup) ++ return -KVM_EOPNOTSUPP; ++ + if (!kvm_get_walltime_and_clockread(&ts, &cycle)) + return -KVM_EOPNOTSUPP; + +-- +2.35.3 + diff --git a/patches.suse/net-qrtr-correct-types-of-trace-event-parameters.patch b/patches.suse/net-qrtr-correct-types-of-trace-event-parameters.patch new file mode 100644 index 0000000..af329df --- /dev/null +++ b/patches.suse/net-qrtr-correct-types-of-trace-event-parameters.patch @@ -0,0 +1,104 @@ +From: Simon Horman +Date: Mon, 3 Apr 2023 17:43:16 +0200 +Subject: net: qrtr: correct types of trace event parameters +Git-commit: 054fbf7ff8143d35ca7d3bb5414bb44ee1574194 +Patch-mainline: v6.4-rc1 +References: git-fixes + +The arguments passed to the trace events are of type unsigned int, +however the signature of the events used __le32 parameters. + +I may be missing the point here, but sparse flagged this and it +does seem incorrect to me. + + net/qrtr/ns.c: note: in included file (through include/trace/trace_events.h, include/trace/define_trace.h, include/trace/events/qrtr.h): + ./include/trace/events/qrtr.h:11:1: warning: cast to restricted __le32 + ./include/trace/events/qrtr.h:11:1: warning: restricted __le32 degrades to integer + ./include/trace/events/qrtr.h:11:1: warning: restricted __le32 degrades to integer + ... (a lot more similar warnings) + net/qrtr/ns.c:115:47: expected restricted __le32 [usertype] service + net/qrtr/ns.c:115:47: got unsigned int service + net/qrtr/ns.c:115:61: warning: incorrect type in argument 2 (different base types) + ... (a lot more similar warnings) + +Fixes: dfddb54043f0 ("net: qrtr: Add tracepoint support") +Reviewed-by: Manivannan Sadhasivam +Signed-off-by: Simon Horman +Link: https://lore.kernel.org/r/20230402-qrtr-trace-types-v1-1-92ad55008dd3@kernel.org +Signed-off-by: Jakub Kicinski +Acked-by: Petr Pavlu +--- + include/trace/events/qrtr.h | 33 ++++++++++++++++++--------------- + 1 file changed, 18 insertions(+), 15 deletions(-) + +diff --git a/include/trace/events/qrtr.h b/include/trace/events/qrtr.h +index b1de14c3bb93..441132c67133 100644 +--- a/include/trace/events/qrtr.h ++++ b/include/trace/events/qrtr.h +@@ -10,15 +10,16 @@ + + TRACE_EVENT(qrtr_ns_service_announce_new, + +- TP_PROTO(__le32 service, __le32 instance, __le32 node, __le32 port), ++ TP_PROTO(unsigned int service, unsigned int instance, ++ unsigned int node, unsigned int port), + + TP_ARGS(service, instance, node, port), + + TP_STRUCT__entry( +- __field(__le32, service) +- __field(__le32, instance) +- __field(__le32, node) +- __field(__le32, port) ++ __field(unsigned int, service) ++ __field(unsigned int, instance) ++ __field(unsigned int, node) ++ __field(unsigned int, port) + ), + + TP_fast_assign( +@@ -36,15 +37,16 @@ TRACE_EVENT(qrtr_ns_service_announce_new, + + TRACE_EVENT(qrtr_ns_service_announce_del, + +- TP_PROTO(__le32 service, __le32 instance, __le32 node, __le32 port), ++ TP_PROTO(unsigned int service, unsigned int instance, ++ unsigned int node, unsigned int port), + + TP_ARGS(service, instance, node, port), + + TP_STRUCT__entry( +- __field(__le32, service) +- __field(__le32, instance) +- __field(__le32, node) +- __field(__le32, port) ++ __field(unsigned int, service) ++ __field(unsigned int, instance) ++ __field(unsigned int, node) ++ __field(unsigned int, port) + ), + + TP_fast_assign( +@@ -62,15 +64,16 @@ TRACE_EVENT(qrtr_ns_service_announce_del, + + TRACE_EVENT(qrtr_ns_server_add, + +- TP_PROTO(__le32 service, __le32 instance, __le32 node, __le32 port), ++ TP_PROTO(unsigned int service, unsigned int instance, ++ unsigned int node, unsigned int port), + + TP_ARGS(service, instance, node, port), + + TP_STRUCT__entry( +- __field(__le32, service) +- __field(__le32, instance) +- __field(__le32, node) +- __field(__le32, port) ++ __field(unsigned int, service) ++ __field(unsigned int, instance) ++ __field(unsigned int, node) ++ __field(unsigned int, port) + ), + + TP_fast_assign( + diff --git a/patches.suse/power-supply-bq24190-Fix-use-after-free-bug-in-bq241.patch b/patches.suse/power-supply-bq24190-Fix-use-after-free-bug-in-bq241.patch new file mode 100644 index 0000000..b0e0de1 --- /dev/null +++ b/patches.suse/power-supply-bq24190-Fix-use-after-free-bug-in-bq241.patch @@ -0,0 +1,50 @@ +From 47c29d69212911f50bdcdd0564b5999a559010d4 Mon Sep 17 00:00:00 2001 +From: Zheng Wang +Date: Fri, 10 Mar 2023 01:47:28 +0800 +Subject: [PATCH] power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition +Git-commit: 47c29d69212911f50bdcdd0564b5999a559010d4 +Patch-mainline: v6.3-rc4 +References: CVE-2023-33288 bsc#1211590 + +In bq24190_probe, &bdi->input_current_limit_work is bound +with bq24190_input_current_limit_work. When external power +changed, it will call bq24190_charger_external_power_changed + to start the work. + +If we remove the module which will call bq24190_remove to make +cleanup, there may be a unfinished work. The possible +sequence is as follows: + +CPU0 CPUc1 + + |bq24190_input_current_limit_work +bq24190_remove | +power_supply_unregister | +device_unregister | +power_supply_dev_release| +kfree(psy) | + | + | power_supply_get_property_from_supplier + | //use + +Fix it by finishing the work before cleanup in the bq24190_remove + +Fixes: 97774672573a ("power_supply: Initialize changed_work before calling device_add") +Signed-off-by: Zheng Wang +Signed-off-by: Sebastian Reichel +Acked-by: Takashi Iwai + +--- + drivers/power/supply/bq24190_charger.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/power/supply/bq24190_charger.c ++++ b/drivers/power/supply/bq24190_charger.c +@@ -1847,6 +1847,7 @@ static int bq24190_remove(struct i2c_cli + struct bq24190_dev_info *bdi = i2c_get_clientdata(client); + int error; + ++ cancel_delayed_work_sync(&bdi->input_current_limit_work); + error = pm_runtime_get_sync(bdi->dev); + if (error < 0) { + dev_warn(bdi->dev, "pm_runtime_get failed: %i\n", error); diff --git a/patches.suse/ring-buffer-Ensure-proper-resetting-of-atomic-variables-in-ring_buffer_reset_online_cpus.patch b/patches.suse/ring-buffer-Ensure-proper-resetting-of-atomic-variables-in-ring_buffer_reset_online_cpus.patch new file mode 100644 index 0000000..c09ce0d --- /dev/null +++ b/patches.suse/ring-buffer-Ensure-proper-resetting-of-atomic-variables-in-ring_buffer_reset_online_cpus.patch @@ -0,0 +1,83 @@ +From: Tze-nan Wu +Date: Wed, 26 Apr 2023 14:20:23 +0800 +Subject: ring-buffer: Ensure proper resetting of atomic variables in + ring_buffer_reset_online_cpus +Git-commit: 7c339fb4d8577792378136c15fde773cfb863cb8 +Patch-mainline: v6.4-rc1 +References: git-fixes + +In ring_buffer_reset_online_cpus, the buffer_size_kb write operation +may permanently fail if the cpu_online_mask changes between two +for_each_online_buffer_cpu loops. The number of increases and decreases +on both cpu_buffer->resize_disabled and cpu_buffer->record_disabled may be +inconsistent, causing some CPUs to have non-zero values for these atomic +variables after the function returns. + +This issue can be reproduced by "echo 0 > trace" while hotplugging cpu. +After reproducing success, we can find out buffer_size_kb will not be +functional anymore. + +To prevent leaving 'resize_disabled' and 'record_disabled' non-zero after +ring_buffer_reset_online_cpus returns, we ensure that each atomic variable +has been set up before atomic_sub() to it. + +Link: https://lore.kernel.org/linux-trace-kernel/20230426062027.17451-1-Tze-nan.Wu@mediatek.com + +Cc: stable@vger.kernel.org +Cc: +Cc: npiggin@gmail.com +Fixes: b23d7a5f4a07 ("ring-buffer: speed up buffer resets by avoiding synchronize_rcu for each CPU") +Reviewed-by: Cheng-Jui Wang +Signed-off-by: Tze-nan Wu +Signed-off-by: Steven Rostedt (Google) +Acked-by: Petr Pavlu +--- + kernel/trace/ring_buffer.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index 58be5b409f72..9a0cb94c3972 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -5326,6 +5326,9 @@ void ring_buffer_reset_cpu(struct trace_buffer *buffer, int cpu) + } + EXPORT_SYMBOL_GPL(ring_buffer_reset_cpu); + ++/* Flag to ensure proper resetting of atomic variables */ ++#define RESET_BIT (1 << 30) ++ + /** + * ring_buffer_reset_online_cpus - reset a ring buffer per CPU buffer + * @buffer: The ring buffer to reset a per cpu buffer of +@@ -5342,20 +5345,27 @@ void ring_buffer_reset_online_cpus(struct trace_buffer *buffer) + for_each_online_buffer_cpu(buffer, cpu) { + cpu_buffer = buffer->buffers[cpu]; + +- atomic_inc(&cpu_buffer->resize_disabled); ++ atomic_add(RESET_BIT, &cpu_buffer->resize_disabled); + atomic_inc(&cpu_buffer->record_disabled); + } + + /* Make sure all commits have finished */ + synchronize_rcu(); + +- for_each_online_buffer_cpu(buffer, cpu) { ++ for_each_buffer_cpu(buffer, cpu) { + cpu_buffer = buffer->buffers[cpu]; + ++ /* ++ * If a CPU came online during the synchronize_rcu(), then ++ * ignore it. ++ */ ++ if (!(atomic_read(&cpu_buffer->resize_disabled) & RESET_BIT)) ++ continue; ++ + reset_disabled_cpu_buffer(cpu_buffer); + + atomic_dec(&cpu_buffer->record_disabled); +- atomic_dec(&cpu_buffer->resize_disabled); ++ atomic_sub(RESET_BIT, &cpu_buffer->resize_disabled); + } + + mutex_unlock(&buffer->mutex); + diff --git a/patches.suse/ring-buffer-Fix-kernel-doc.patch b/patches.suse/ring-buffer-Fix-kernel-doc.patch new file mode 100644 index 0000000..0854552 --- /dev/null +++ b/patches.suse/ring-buffer-Fix-kernel-doc.patch @@ -0,0 +1,54 @@ +From: Jiapeng Chong +Date: Sun, 9 Oct 2022 10:06:42 +0800 +Subject: ring-buffer: Fix kernel-doc +Git-commit: b7085b6ffe71ac2668f27a2ced6a1e516f66f8c1 +Patch-mainline: v6.1-rc1 +References: git-fixes + +kernel/trace/ring_buffer.c:895: warning: expecting prototype for ring_buffer_nr_pages_dirty(). Prototype was for ring_buffer_nr_dirty_pages() instead. +kernel/trace/ring_buffer.c:5313: warning: expecting prototype for ring_buffer_reset_cpu(). Prototype was for ring_buffer_reset_online_cpus() instead. +kernel/trace/ring_buffer.c:5382: warning: expecting prototype for rind_buffer_empty(). Prototype was for ring_buffer_empty() instead. + +Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=2340 +Link: https://lkml.kernel.org/r/20221009020642.12506-1-jiapeng.chong@linux.alibaba.com + +Reported-by: Abaci Robot +Signed-off-by: Jiapeng Chong +Signed-off-by: Steven Rostedt (Google) +Acked-by: Petr Pavlu +--- + kernel/trace/ring_buffer.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index c3f354cfc5ba..199759c73519 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -885,7 +885,7 @@ size_t ring_buffer_nr_pages(struct trace_buffer *buffer, int cpu) + } + + /** +- * ring_buffer_nr_pages_dirty - get the number of used pages in the ring buffer ++ * ring_buffer_nr_dirty_pages - get the number of used pages in the ring buffer + * @buffer: The ring_buffer to get the number of pages from + * @cpu: The cpu of the ring_buffer to get the number of pages from + * +@@ -5305,7 +5305,7 @@ void ring_buffer_reset_cpu(struct trace_buffer *buffer, int cpu) + EXPORT_SYMBOL_GPL(ring_buffer_reset_cpu); + + /** +- * ring_buffer_reset_cpu - reset a ring buffer per CPU buffer ++ * ring_buffer_reset_online_cpus - reset a ring buffer per CPU buffer + * @buffer: The ring buffer to reset a per cpu buffer of + * @cpu: The CPU buffer to be reset + */ +@@ -5375,7 +5375,7 @@ void ring_buffer_reset(struct trace_buffer *buffer) + EXPORT_SYMBOL_GPL(ring_buffer_reset); + + /** +- * rind_buffer_empty - is the ring buffer empty? ++ * ring_buffer_empty - is the ring buffer empty? + * @buffer: The ring buffer to test + */ + bool ring_buffer_empty(struct trace_buffer *buffer) + diff --git a/patches.suse/ring-buffer-Sync-IRQ-works-before-buffer-destruction.patch b/patches.suse/ring-buffer-Sync-IRQ-works-before-buffer-destruction.patch new file mode 100644 index 0000000..94b11dd --- /dev/null +++ b/patches.suse/ring-buffer-Sync-IRQ-works-before-buffer-destruction.patch @@ -0,0 +1,95 @@ +From: Johannes Berg +Date: Thu, 27 Apr 2023 17:59:20 +0200 +Subject: ring-buffer: Sync IRQ works before buffer destruction +Git-commit: 675751bb20634f981498c7d66161584080cc061e +Patch-mainline: v6.4-rc1 +References: git-fixes + +If something was written to the buffer just before destruction, +it may be possible (maybe not in a real system, but it did +happen in ARCH=um with time-travel) to destroy the ringbuffer +before the IRQ work ran, leading this KASAN report (or a crash +without KASAN): + + BUG: KASAN: slab-use-after-free in irq_work_run_list+0x11a/0x13a + Read of size 8 at addr 000000006d640a48 by task swapper/0 + + CPU: 0 PID: 0 Comm: swapper Tainted: G W O 6.3.0-rc1 #7 + Stack: + 60c4f20f 0c203d48 41b58ab3 60f224fc + 600477fa 60f35687 60c4f20f 601273dd + 00000008 6101eb00 6101eab0 615be548 + Call Trace: + [<60047a58>] show_stack+0x25e/0x282 + [<60c609e0>] dump_stack_lvl+0x96/0xfd + [<60c50d4c>] print_report+0x1a7/0x5a8 + [<603078d3>] kasan_report+0xc1/0xe9 + [<60308950>] __asan_report_load8_noabort+0x1b/0x1d + [<60232844>] irq_work_run_list+0x11a/0x13a + [<602328b4>] irq_work_tick+0x24/0x34 + [<6017f9dc>] update_process_times+0x162/0x196 + [<6019f335>] tick_sched_handle+0x1a4/0x1c3 + [<6019fd9e>] tick_sched_timer+0x79/0x10c + [<601812b9>] __hrtimer_run_queues.constprop.0+0x425/0x695 + [<60182913>] hrtimer_interrupt+0x16c/0x2c4 + [<600486a3>] um_timer+0x164/0x183 + [...] + + Allocated by task 411: + save_stack_trace+0x99/0xb5 + stack_trace_save+0x81/0x9b + kasan_save_stack+0x2d/0x54 + kasan_set_track+0x34/0x3e + kasan_save_alloc_info+0x25/0x28 + ____kasan_kmalloc+0x8b/0x97 + __kasan_kmalloc+0x10/0x12 + __kmalloc+0xb2/0xe8 + load_elf_phdrs+0xee/0x182 + [...] + + The buggy address belongs to the object at 000000006d640800 + which belongs to the cache kmalloc-1k of size 1024 + The buggy address is located 584 bytes inside of + freed 1024-byte region [000000006d640800, 000000006d640c00) + +Add the appropriate irq_work_sync() so the work finishes before +the buffers are destroyed. + +Prior to the commit in the Fixes tag below, there was only a +single global IRQ work, so this issue didn't exist. + +Link: https://lore.kernel.org/linux-trace-kernel/20230427175920.a76159263122.I8295e405c44362a86c995e9c2c37e3e03810aa56@changeid + +Cc: stable@vger.kernel.org +Cc: Masami Hiramatsu +Fixes: 15693458c4bc ("tracing/ring-buffer: Move poll wake ups into ring buffer code") +Signed-off-by: Johannes Berg +Signed-off-by: Steven Rostedt (Google) +Acked-by: Petr Pavlu +--- + kernel/trace/ring_buffer.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index 9a0cb94c3972..0d748f1f79ff 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -1767,6 +1767,8 @@ static void rb_free_cpu_buffer(struct ring_buffer_per_cpu *cpu_buffer) + struct list_head *head = cpu_buffer->pages; + struct buffer_page *bpage, *tmp; + ++ irq_work_sync(&cpu_buffer->irq_work.work); ++ + free_buffer_page(cpu_buffer->reader_page); + + if (head) { +@@ -1873,6 +1875,8 @@ ring_buffer_free(struct trace_buffer *buffer) + + cpuhp_state_remove_instance(CPUHP_TRACE_RB_PREPARE, &buffer->node); + ++ irq_work_sync(&buffer->irq_work.work); ++ + for_each_buffer_cpu(buffer, cpu) + rb_free_cpu_buffer(buffer->buffers[cpu]); + + diff --git a/patches.suse/tracing-Fix-permissions-for-the-buffer_percent-file.patch b/patches.suse/tracing-Fix-permissions-for-the-buffer_percent-file.patch new file mode 100644 index 0000000..a3cb920 --- /dev/null +++ b/patches.suse/tracing-Fix-permissions-for-the-buffer_percent-file.patch @@ -0,0 +1,38 @@ +From: Ondrej Mosnacek +Date: Wed, 3 May 2023 16:01:14 +0200 +Subject: tracing: Fix permissions for the buffer_percent file +Git-commit: 4f94559f40ad06d627c0fdfc3319cec778a2845b +Patch-mainline: v6.4-rc1 +References: git-fixes + +This file defines both read and write operations, yet it is being +created as read-only. This means that it can't be written to without the +CAP_DAC_OVERRIDE capability. Fix the permissions to allow root to write +to it without the need to override DAC perms. + +Link: https://lore.kernel.org/linux-trace-kernel/20230503140114.3280002-1-omosnace@redhat.com + +Cc: stable@vger.kernel.org +Cc: Masami Hiramatsu +Fixes: 03329f993978 ("tracing: Add tracefs file buffer_percentage") +Signed-off-by: Ondrej Mosnacek +Signed-off-by: Steven Rostedt (Google) +Acked-by: Petr Pavlu +--- + kernel/trace/trace.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index 076d893d2965..b9be1af23a73 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -9660,7 +9660,7 @@ init_tracer_tracefs(struct trace_array *tr, struct dentry *d_tracer) + + tr->buffer_percent = 50; + +- trace_create_file("buffer_percent", TRACE_MODE_READ, d_tracer, ++ trace_create_file("buffer_percent", TRACE_MODE_WRITE, d_tracer, + tr, &buffer_percent_fops); + + create_trace_options_dir(tr); + diff --git a/patches.suse/xen-netback-use-same-error-messages-for-same-errors.patch b/patches.suse/xen-netback-use-same-error-messages-for-same-errors.patch new file mode 100644 index 0000000..f057fa2 --- /dev/null +++ b/patches.suse/xen-netback-use-same-error-messages-for-same-errors.patch @@ -0,0 +1,39 @@ +Patch-mainline: v6.3-rc5 +Git-commit: 2eca98e5b24d01c02b46c67be05a5f98cc9789b1 +References: git-fixes +From: Juergen Gross +Date: Wed, 29 Mar 2023 10:02:59 +0200 +Subject: [PATCH] xen/netback: use same error messages for same errors + +Issue the same error message in case an illegal page boundary crossing +has been detected in both cases where this is tested. + +Suggested-by: Jan Beulich +Signed-off-by: Juergen Gross +Reviewed-by: Jan Beulich +Link: https://lore.kernel.org/r/20230329080259.14823-1-jgross@suse.com +Signed-off-by: Paolo Abeni +--- + drivers/net/xen-netback/netback.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c +index 4943be4fd99d..c1501f41e2d8 100644 +--- a/drivers/net/xen-netback/netback.c ++++ b/drivers/net/xen-netback/netback.c +@@ -994,10 +994,8 @@ static void xenvif_tx_build_gops(struct xenvif_queue *queue, + + /* No crossing a page as the payload mustn't fragment. */ + if (unlikely((txreq.offset + txreq.size) > XEN_PAGE_SIZE)) { +- netdev_err(queue->vif->dev, +- "txreq.offset: %u, size: %u, end: %lu\n", +- txreq.offset, txreq.size, +- (unsigned long)(txreq.offset&~XEN_PAGE_MASK) + txreq.size); ++ netdev_err(queue->vif->dev, "Cross page boundary, txreq.offset: %u, size: %u\n", ++ txreq.offset, txreq.size); + xenvif_fatal_tx_err(queue->vif); + break; + } +-- +2.35.3 + diff --git a/rpm/kernel-source.spec.in b/rpm/kernel-source.spec.in index 08a5860..7563da1 100644 --- a/rpm/kernel-source.spec.in +++ b/rpm/kernel-source.spec.in @@ -152,7 +152,6 @@ Recommends: kernel-install-tools %define _binary_payload w9.bzdio %define symbols %(set -- $([ -e %_sourcedir/extra-symbols ] && cat %_sourcedir/extra-symbols) ; echo $*) -%define variant_symbols %(case %name in (*-rt) echo "RT" ;; esac) %define do_vanilla "%variant" == "" diff --git a/series.conf b/series.conf index aa6e422..5090628 100644 --- a/series.conf +++ b/series.conf @@ -5933,6 +5933,7 @@ patches.suse/KVM-x86-mmu-Complete-prefetch-for-trailing-SPTEs-for.patch patches.suse/KVM-x86-SVM-don-t-set-VMLOAD-VMSAVE-intercepts-on-vC.patch patches.suse/KVM-x86-avoid-warning-with-Wbitwise-instead-of-logic.patch + patches.suse/KVM-X86-Fix-tlb-flush-for-tdp-in-kvm_invalidate_pcid.patch patches.suse/x86-irq-Ensure-PI-wakeup-handler-is-unregistered-bef.patch patches.suse/KVM-VMX-Unregister-posted-interrupt-wakeup-handler-o.patch patches.suse/KVM-selftests-Fix-nested-SVM-tests-when-built-with-c.patch @@ -7871,6 +7872,7 @@ patches.suse/libata-add-horkage-for-ASMedia-1092.patch patches.suse/mmc-renesas_sdhi-initialize-variable-properly-when-t.patch patches.suse/Revert-PCI-aardvark-Fix-support-for-PCI_ROM_ADDRESS1.patch + patches.suse/KVM-nVMX-Don-t-use-Enlightened-MSR-Bitmap-for-L3.patch patches.suse/KVM-x86-Wait-for-IPIs-to-be-delivered-when-handling-.patch patches.suse/KVM-x86-Ignore-sparse-banks-size-for-an-all-CPUs-non.patch patches.suse/selftests-KVM-avoid-failures-due-to-reserved-HyperTr.patch @@ -9552,6 +9554,7 @@ patches.suse/KVM-x86-don-t-print-when-fail-to-read-write-pv-eoi-m.patch patches.suse/KVM-x86-Handle-32-bit-wrap-of-EIP-for-EMULTYPE_SKIP-.patch patches.suse/KVM-x86-Exit-to-userspace-if-emulation-prepared-a-co.patch + patches.suse/KVM-VMX-Introduce-vmx_msr_bitmap_l01_changed-helper.patch patches.suse/KVM-nVMX-Ensure-vCPU-honors-event-request-if-posting.patch patches.suse/KVM-s390-Clarify-SIGP-orders-versus-STOP-RESTART patches.suse/KVM-arm64-Drop-unused-workaround_flags-vcpu-field.patch @@ -9847,6 +9850,7 @@ patches.suse/s390-nmi-handle-vector-validity-failures-for-KVM-guests patches.suse/s390-module-fix-loading-modules-with-a-lot-of-relocations patches.suse/s390-hypfs-include-z-VM-guests-with-access-control-group-set + patches.suse/KVM-VMX-Set-vmcs.PENDING_DBG.BS-on-DB-in-STI-MOVSS-b.patch patches.suse/KVM-selftests-Re-enable-access_tracking_perf_test.patch patches.suse/KVM-LAPIC-Also-cancel-preemption-timer-during-SET_LA.patch patches.suse/KVM-x86-nSVM-skip-eax-alignment-check-for-non-SVM-in.patch @@ -9859,6 +9863,8 @@ patches.suse/KVM-x86-Keep-MSR_IA32_XSS-unchanged-for-INIT.patch patches.suse/KVM-x86-Update-vCPU-s-runtime-CPUID-on-write-to-MSR_.patch patches.suse/KVM-x86-Sync-the-states-size-with-the-XCR0-IA32_XSS-.patch + patches.suse/KVM-nVMX-Also-filter-MSR_IA32_VMX_TRUE_PINBASED_CTLS.patch + patches.suse/KVM-nVMX-eVMCS-Filter-out-VM_EXIT_SAVE_VMX_PREEMPTIO.patch patches.suse/KVM-arm64-pkvm-Use-the-mm_ops-indirection-for-cache-.patch patches.suse/KVM-arm64-Use-shadow-SPSR_EL1-when-injecting-excepti.patch patches.suse/msft-hv-2512-Drivers-hv-balloon-account-for-vmbus-packet-header-i.patch @@ -10073,6 +10079,7 @@ patches.suse/vfs-make-sync_filesystem-return-errors-from-sync_fs.patch patches.suse/xfs-return-errors-in-xfs_fs_sync_fs.patch patches.suse/xfs-reject-crazy-array-sizes-being-fed-to-XFS_IOC_GE.patch + patches.suse/KVM-x86-Report-deprecated-x87-features-in-supported-.patch patches.suse/KVM-arm64-Avoid-consuming-a-stale-esr-value-when-SEr.patch patches.suse/KVM-arm64-Stop-handle_exit-from-handling-HVC-twice-when-an-SError-occurs.patch patches.suse/x86-Xen-streamline-and-fix-PV-CPU-enumeration.patch @@ -10433,6 +10440,7 @@ patches.suse/PCI-mvebu-Fix-device-enumeration-regression.patch patches.suse/PCI-Mark-all-AMD-Navi10-and-Navi14-GPU-ATS-as-broken.patch patches.suse/KVM-x86-Add-KVM_CAP_ENABLE_CAP-to-x86.patch + patches.suse/kvm-x86-Disable-KVM_HC_CLOCK_PAIRING-if-tsc-is-in-al.patch patches.suse/x86-kvm-Don-t-use-pv-tlb-ipi-sched_yield-if-on-1-vCP.patch patches.suse/KVM-x86-mmu-make-apf-token-non-zero-to-fix-bug.patch patches.suse/drm-vc4-crtc-Fix-runtime_pm-reference-counting.patch @@ -11270,11 +11278,15 @@ patches.suse/TOMOYO-fix-__setup-handlers-return-values.patch patches.suse/KVM-x86-mmu-Move-invalid-check-out-of-kvm_tdp_mmu_ge.patch patches.suse/KVM-x86-mmu-Zap-_all_-roots-when-unmapping-gfn-range.patch + patches.suse/KVM-LAPIC-Enable-timer-posted-interrupt-only-when-mw.patch patches.suse/KVM-x86-hyper-v-Drop-redundant-ex-parameter-from-kvm-ipi.patch patches.suse/KVM-x86-hyper-v-Drop-redundant-ex-parameter-from-kvm.patch patches.suse/KVM-x86-hyper-v-Fix-the-maximum-number-of-sparse-ban.patch patches.suse/KVM-x86-hyper-v-HVCALL_SEND_IPI_EX-is-an-XMM-fast-hy.patch + patches.suse/KVM-x86-mmu-avoid-NULL-pointer-dereference-on-page-f.patch patches.suse/KVM-x86-Fix-emulation-in-writing-cr8.patch + patches.suse/KVM-x86-Do-not-change-ICR-on-write-to-APIC_SELF_IPI.patch + patches.suse/KVM-SVM-Don-t-rewrite-guest-ICR-on-AVIC-IPI-virtuali.patch patches.suse/KVM-x86-emulator-Defer-not-present-segment-check-in-.patch patches.suse/KVM-SVM-Exit-to-userspace-on-ENOMEM-EFAULT-GHCB-erro.patch patches.suse/mm-vmalloc-introduce-array-allocation-functions @@ -11366,6 +11378,7 @@ patches.suse/mt76-stop-the-radar-detector-after-leaving-dfs-chann.patch patches.suse/mt76-dma-initialize-skip_unmap-in-mt76_dma_rx_fill.patch patches.suse/octeontx2-af-fix-array-bound-error.patch + patches.suse/gve-enhance-no-queue-page-list-detection.patch patches.suse/selftests-mptcp-add-csum-mib-check-for-mptcp_connect.patch patches.suse/net-ibmvnic-Cleanup-workaround-doing-an-EOI-after-pa.patch patches.suse/ipv6-annotate-some-data-races-around-sk-sk_prot.patch @@ -11497,6 +11510,7 @@ patches.suse/can-isotp-return-EADDRNOTAVAIL-when-reading-from-unb.patch patches.suse/can-isotp-support-MSG_TRUNC-flag-when-reading-from-s.patch patches.suse/bareudp-use-ipv6_mod_enabled-to-check-if-IPv6-enable.patch + patches.suse/gve-Fix-spelling-mistake-droping-dropping.patch patches.suse/net-stmmac-clean-up-impossible-condition.patch patches.suse/mt76-mt7921-fix-mt7921_queues_acq-implementation.patch patches.suse/mt76-fix-monitor-mode-crash-with-sdio-driver.patch @@ -13953,6 +13967,7 @@ patches.suse/KEYS-trusted-tpm2-Fix-migratable-logic.patch patches.suse/x86-drop-bogus-cc-clobber-from-_try_cmpxchg_user_asm.patch patches.suse/KVM-SVM-fix-tsc-scaling-cache-logic.patch + patches.suse/KVM-x86-do-not-set-st-preempted-when-going-back-to-u.patch patches.suse/0001-KVM-x86-do-not-report-a-vCPU-as-preempted-outside-in.patch patches.suse/drm-imx-fix-compiler-warning-with-gcc-12.patch patches.suse/net-phy-dp83867-retrigger-SGMII-AN-when-link-change.patch @@ -14150,6 +14165,7 @@ patches.suse/drm-msm-mdp4-Fix-refcount-leak-in-mdp4_modeset_init_.patch patches.suse/drm-msm-dp-check-core_initialized-before-disable-int.patch patches.suse/drm-msm-dp-force-link-training-for-display-resolutio.patch + patches.suse/KVM-x86-svm-add-__GFP_ACCOUNT-to-__sev_dbg_-en-de-cr.patch patches.suse/xen-blkfront-Handle-NULL-gendisk.patch patches.suse/x86-xen-Remove-undefined-behavior-in-setup_features.patch patches.suse/xen-gntdev-Avoid-blocking-in-unmap_grant_pages.patch @@ -14577,6 +14593,7 @@ patches.suse/i2c-cadence-Change-large-transfer-count-reset-logic-.patch patches.suse/spi-bcm2835-bcm2835_spi_handle_err-fix-NULL-pointer-.patch patches.suse/spi-spi-rspi-Fix-PIO-fallback-on-RZ-platforms.patch + patches.suse/KVM-x86-Protect-the-unused-bits-in-MSR-exiting-flags.patch patches.suse/x86-amd-use-ibpb-for-firmware-calls.patch patches.suse/virt-sev-guest-Pass-the-appropriate-argument-type-to-iounmap patches.suse/x86-alternative-report-missing-return-thunk-details.patch @@ -14795,6 +14812,7 @@ patches.suse/can-netlink-allow-configuring-of-fixed-bit-rates-wit.patch patches.suse/can-Break-loopback-loop-on-loopback-documentation.patch patches.suse/can-netlink-allow-configuring-of-fixed-data-bit-rate.patch + patches.suse/google-gve-fix-repeated-words-in-comments.patch patches.suse/octeontx2-af-fix-operand-size-in-bitwise-operation.patch patches.suse/octeontx2-af-Don-t-reset-previous-pfc-config.patch patches.suse/octeontx2-Modify-mbox-request-and-response-structure.patch @@ -15079,6 +15097,7 @@ patches.suse/KVM-SVM-Don-t-BUG-if-userspace-injects-an-interrupt-.patch patches.suse/KVM-SVM-Unwind-speculative-RIP-advancement-if-INTn-i.patch patches.suse/KVM-SVM-Stuff-next_rip-on-emulated-INT3-injection-if.patch + patches.suse/KVM-x86-pmu-Ignore-pmu-global_ctrl-check-if-vPMU-doe.patch patches.suse/KVM-nVMX-Snapshot-pre-VM-Enter-BNDCFGS-for-nested_ru.patch patches.suse/KVM-nVMX-Snapshot-pre-VM-Enter-DEBUGCTL-for-nested_r.patch patches.suse/KVM-Don-t-set-Accessed-Dirty-bits-for-ZERO_PAGE.patch @@ -15906,6 +15925,7 @@ patches.suse/iavf-Detach-device-during-reset-task.patch patches.suse/wifi-iwlegacy-4965-corrected-fix-for-potential-off-b.patch patches.suse/wifi-mac80211_hwsim-check-length-for-virtio-packets.patch + patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch patches.suse/net-usb-qmi_wwan-add-Quectel-RM520N.patch patches.suse/net-smc-Fix-possible-access-to-freed-memory-in-link-clear patches.suse/sch_sfb-Also-store-skb-len-before-calling-child-enqu.patch @@ -16761,6 +16781,7 @@ patches.suse/watchdog-ftwdt010_wdt-fix-test-for-platform_get_irq-.patch patches.suse/watchdog-armada_37xx_wdt-Fix-.set_timeout-callback.patch patches.suse/ftrace-Fix-char-print-issue-in-print_ip_ins.patch + patches.suse/ring-buffer-Fix-kernel-doc.patch patches.suse/tracing-Move-duplicate-code-of-trace_kprobe-eprobe.c-into-header.patch patches.suse/tracing-Add-fault-name-injection-to-kernel-probes.patch patches.suse/tracing-Fix-reading-strings-from-synthetic-events.patch @@ -16905,6 +16926,7 @@ patches.suse/perf-x86-intel-lbr-Use-setup_clear_cpu_cap-instead-of-clear_cpu_cap.patch patches.suse/sched-core-Fix-comparison-in-sched_group_cookie_matc.patch patches.suse/KVM-arm64-vgic-Fix-exit-condition-in-scan_its_table.patch + patches.suse/KVM-x86-Copy-filter-arg-outside-kvm_vm_ioctl_set_msr.patch patches.suse/KVM-x86-Add-compat-handler-for-KVM_X86_SET_MSR_FILTE.patch patches.suse/pinctrl-Ingenic-JZ4755-bug-fixes.patch patches.suse/selftests-intel_pstate-fix-build-for-ARCH-x86_64.patch @@ -17904,9 +17926,11 @@ patches.suse/can-kvaser_usb_leaf-Fix-bogus-restart-events.patch patches.suse/wifi-rtl8xxxu-gen2-Turn-on-the-rate-control.patch patches.suse/brcmfmac-return-error-when-getting-invalid-max_flowr.patch + patches.suse/gve-Reduce-alloc-and-copy-costs-in-the-GQ-rx-path.patch patches.suse/octeontx2-af-Allow-mkex-profile-without-DMAC-and-add.patch patches.suse/net-mana-Assign-interrupts-to-CPUs-based-on-NUMA-nod.patch patches.suse/hamradio-baycom_epp-Fix-return-type-of-baycom_send_p.patch + patches.suse/gve-Fix-error-return-code-in-gve_prefill_rx_pages.patch patches.suse/net-mana-Add-support-for-auxiliary-device.patch patches.suse/net-mana-Record-the-physical-address-for-doorbell-pa.patch patches.suse/net-mana-Handle-vport-sharing-between-devices.patch @@ -17927,6 +17951,8 @@ patches.suse/wifi-rsi-Fix-handling-of-802.3-EAPOL-frames-sent-via.patch patches.suse/wifi-rtw89-use-u32_encode_bits-to-fill-MAC-quota-val.patch patches.suse/wifi-rtw89-Fix-some-error-handling-path-in-rtw89_cor.patch + patches.suse/gve-Adding-a-new-AdminQ-command-to-verify-driver.patch + patches.suse/gve-Handle-alternate-miss-completions.patch patches.suse/Revert-dt-bindings-marvell-prestera-Add-description-.patch patches.suse/Documentation-bonding-update-miimon-default-to-100.patch patches.suse/wifi-rtw89-fix-physts-IE-page-check.patch @@ -18577,6 +18603,7 @@ patches.suse/scsi-iscsi_tcp-Fix-UAF-during-logout-when-accessing-the-shost-ipaddress.patch patches.suse/scsi-iscsi_tcp-Fix-UAF-during-login-when-accessing-the-shost-ipaddress.patch patches.suse/KVM-arm64-GICv4.1-Fix-race-with-doorbell-on-VPE-activation-deactivation.patch + patches.suse/KVM-x86-vmx-Do-not-skip-segment-attributes-if-unusab.patch patches.suse/module-Don-t-wait-for-GOING-modules.patch patches.suse/netlink-prevent-potential-spectre-v1-gadgets.patch patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch @@ -19206,6 +19233,7 @@ patches.suse/x86-reboot-disable-svm-not-just-vmx-when-stopping-cpus.patch patches.suse/KVM-SVM-Fix-potential-overflow-in-SEV-s-send-receive.patch patches.suse/KVM-arm64-Don-t-arm-a-hrtimer-for-an-already-pending-timer.patch + patches.suse/KVM-x86-Inject-GP-if-WRMSR-sets-reserved-bits-in-API.patch patches.suse/KVM-SVM-hyper-v-placate-modpost-section-mismatch-err.patch patches.suse/vdpa_sim-not-reset-state-in-vdpasim_queue_ready.patch patches.suse/PCI-Add-SolidRun-vendor-ID.patch @@ -19497,6 +19525,7 @@ patches.suse/drm-i915-active-Fix-missing-debug-object-activation.patch patches.suse/drm-i915-gt-perform-uc-late-init-after-probe-error-i.patch patches.suse/power-supply-cros_usbpd-reclassify-default-case-as-d.patch + patches.suse/power-supply-bq24190-Fix-use-after-free-bug-in-bq241.patch patches.suse/power-supply-da9150-Fix-use-after-free-bug-in-da9150.patch patches.suse/arm64-dts-imx8mm-nitrogen-r2-fix-WM8960-clock-name.patch patches.suse/ARM-dts-imx6sll-e60k02-fix-usbotg1-pinctrl.patch @@ -19550,6 +19579,7 @@ patches.suse/s390-vfio-ap-fix-memory-leak-in-vfio_ap-device-drive.patch patches.suse/selftests-sigaltstack-fix-Wuninitialized.patch patches.suse/rcu-Fix-rcu_torture_read-ftrace-event.patch + patches.suse/f2fs-Fix-f2fs_truncate_partial_nodes-ftrace-event.patch patches.suse/ALSA-hda-realtek-Add-quirks-for-some-Clevo-laptops.patch patches.suse/ALSA-hda-conexant-Partial-revert-of-a-quirk-for-Leno.patch patches.suse/ALSA-usb-audio-Fix-recursive-locking-at-XRUN-during-.patch @@ -19571,6 +19601,7 @@ patches.suse/bnxt_en-Fix-reporting-of-test-result-in-ethtool-self.patch patches.suse/bnxt_en-Fix-typo-in-PCI-id-to-device-description-str.patch patches.suse/bnxt_en-Add-missing-200G-link-speed-reporting.patch + patches.suse/xen-netback-use-same-error-messages-for-same-errors.patch patches.suse/scsi-megaraid_sas-Fix-crash-after-a-double-completion.patch patches.suse/scsi-mpt3sas-Don-t-print-sense-pool-info-twice.patch patches.suse/regulator-Handle-deferred-clk.patch @@ -19818,6 +19849,7 @@ patches.suse/wifi-ath5k-fix-an-off-by-one-check-in-ath5k_eeprom_r.patch patches.suse/wifi-ath6kl-reduce-WARN-to-dev_dbg-in-callback.patch patches.suse/wifi-rtl8xxxu-RTL8192EU-always-needs-full-init.patch + patches.suse/net-qrtr-correct-types-of-trace-event-parameters.patch patches.suse/wifi-rtlwifi-fix-incorrect-error-codes-in-rtl_debugf.patch patches.suse/wifi-rtlwifi-fix-incorrect-error-codes-in-rtl_debugf-5dbe1f8eb8c5.patch patches.suse/wifi-rtw89-fix-potential-race-condition-between-napi.patch @@ -19891,6 +19923,8 @@ patches.suse/firmware-stratix10-svc-Fix-an-NULL-vs-IS_ERR-bug-in-.patch patches.suse/pstore-Revert-pmsg_lock-back-to-a-normal-mutex.patch patches.suse/virtio_ring-don-t-update-event-idx-on-get_buf.patch + patches.suse/ring-buffer-Ensure-proper-resetting-of-atomic-variables-in-ring_buffer_reset_online_cpus.patch + patches.suse/ring-buffer-Sync-IRQ-works-before-buffer-destruction.patch patches.suse/powerpc-rtas-use-memmove-for-potentially-overlapping.patch patches.suse/powerpc-64-Always-build-with-128-bit-long-double.patch patches.suse/workqueue-Fix-hung-time-report-of-worker-pools.patch @@ -19940,6 +19974,7 @@ patches.suse/drm-amd-display-Fix-hang-when-skipping-modeset.patch patches.suse/drm-amd-display-fix-flickering-caused-by-S-G-mode.patch patches.suse/drm-amdgpu-add-a-missing-lock-for-AMDGPU_SCHED.patch + patches.suse/tracing-Fix-permissions-for-the-buffer_percent-file.patch patches.suse/i2c-tegra-Fix-PEC-support-for-SMBUS-block-read.patch patches.suse/i2c-omap-Fix-standard-mode-false-ACK-readings.patch patches.suse/ixgbe-Fix-panic-during-XDP_TX-with-64-CPUs.patch