diff --git a/blacklist.conf b/blacklist.conf index 12ef3f1..5e9f336 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -51,6 +51,7 @@ arch/xtensa arch/x86/kernel/devicetree.c # we don't support devicetree on x86 arch/x86/um # UML not supported # we support only 64bit POWER8+ pSeries and powernv on ppc +arch/powerpc/boot/dts arch/powerpc/platforms/40x arch/powerpc/platforms/44x arch/powerpc/platforms/512x @@ -117,6 +118,7 @@ arch/powerpc/kernel/setup_32.c arch/powerpc/kernel/swsusp_32.S arch/powerpc/kernel/swsusp_booke.S arch/powerpc/kernel/tau_6xx.c +arch/powerpc/kernel/watchdog.c arch/powerpc/kvm/book3s_32_mmu.c arch/powerpc/kvm/book3s_32_mmu_host.c arch/powerpc/kvm/book3s_32_sr.S @@ -246,7 +248,6 @@ ac5292e9a294618cecb31109d1ba265e3d027ba2 # fix for an obscure vm 428c9de583921c4b699622272c04af4e362c474c # only relevant for compile-testing with CONFIG_OF=n fc2a5a6161a26b386eb0936b74a852ff83793fb6 # only build config fix 3fffc82ad6c78fcc9d5d4eca089f00db14ab0358 # duplicate commit -65c5ec11c25eff6ba6e9b1cbfff014875fddd1e0 # build error fix cb84f56861eb333af0a5bab475d741b13067c05c # driver is not compiled - fix is for security issue f6f58d9d93fdb53f24b0086ce1c51d3388aa6e53 # iio: not applicable e72a060151e5bb673af24993665e270fc4f674a7 # iio: not applicable @@ -980,7 +981,6 @@ e0a7328fad9979104f73e19bedca821ef3262ae1 # wrong Fixes: tag, offending patch has 710ae72877378e7cde611efd30fe90502a6e5b30 # not applicable 583c53185399cea5c51195064564d1c9ddc70cf3 # not applicable 3d51e4d9de7dd4e495dfbc6f4803e0f99c120aff # no applicable -320f35b7bf8cccf1997ca3126843535e1b95e9c4 # Not relevant for 4.12 8a68d3da50b952232bbb39f7582a9050c40a0d78 # Not a bug 3756f6401c302617c5e091081ca4d26ab604bec5 # breaks kABI, only about gcc-8 41729bf2248bc8593e5103d43974079cc269524c # Duplicate of 457db89b538ea4eb2a188c75f8f3a83469395ee0 @@ -2359,3 +2359,35 @@ cc638f329ef605f5c2a57b87dd8e584e9d5f4c2f # Risky -- https://bugzilla.suse.com/sh cbe7dfa26eee4819db7b5846181d56fd0cece0ea # code already present 0228034d8e5915b98c33db35a98f5e909e848ae9 # reverts a commit not present baedf68a068ca29624f241426843635920f16e1d # duplicate of 8f5624629105589bcc23d0e51cc01bd8103d09a5 +7c8b77f81552c2b0e5d9c560da70bc4149ce66a5 # Change in arm64 defconfig +19a2ca0fb560fd7be7b5293c6b652c6d6078dcde # CONFIG_KASAN is not set +b5bb425871186303e6936fa2581521bdd1964a58 # Clang warning +a96a33b1ca57dbea4285893dedf290aeb8eb090b # No support for CONFIG_ARM64_52BIT_VA +ab9dbf771ff9b6b7e814e759213ed01d7f0de320 # reverts a3b2cb30f252b21a6f962e0dd107c8b897ca65e4 +a3b2cb30f252b21a6f962e0dd107c8b897ca65e4 # reverted by ab9dbf771ff9b6b7e814e759213ed01d7f0de320 +ecb101aed86156ec7cd71e5dca668e09146e6994 # fixes c3350602e876f3ccdd3fbbd112faf1cd885ff4fe +c3350602e876f3ccdd3fbbd112faf1cd885ff4fe # fixed by blacklisted ecb101aed86156ec7cd71e5dca668e09146e6994 +4ec591e51a4b0aedb6c7f1a8cd722aa58d7f61ba # fixes 1e0fc9d1eb2b0241a03e0a02bcdb9b5b641b9d35 +1e0fc9d1eb2b0241a03e0a02bcdb9b5b641b9d35 # fixed by blacklisted 4ec591e51a4b0aedb6c7f1a8cd722aa58d7f61ba +75743649064ec0cf5ddd69f240ef23af66dde16e # fixes 2392c8c8c0450293625dbef19ff5e206fb7b6749 +2392c8c8c0450293625dbef19ff5e206fb7b6749 # fixed by blacklisted 75743649064ec0cf5ddd69f240ef23af66dde16e +aaf06665f7ea3ee9f9754e16c1a507a89f1de5b1 # fixes ed49f7fd6438dcc8c93fa7d1d7d815e47c7115dd +ed49f7fd6438dcc8c93fa7d1d7d815e47c7115dd # fixed by blacklisted aaf06665f7ea3ee9f9754e16c1a507a89f1de5b1 +1891ef21d92c4801ea082ee8ed478e304ddc6749 # fixes 2fcff790dcb419af1545cbd6bba7a04f2d90938f +2fcff790dcb419af1545cbd6bba7a04f2d90938f # fixed by blacklisted 1891ef21d92c4801ea082ee8ed478e304ddc6749 +5ae5bc12d0728db60a0aa9b62160ffc038875f1a # fixes 33439620680be5225c1b8806579a291e0d761ca0 +33439620680be5225c1b8806579a291e0d761ca0 # fixes d38153f9ccc9b6b6a27a91559999292c27b72b8c +d38153f9ccc9b6b6a27a91559999292c27b72b8c # fixed by blacklisted 33439620680be5225c1b8806579a291e0d761ca0 +72bf75cfc00c02aa66ef6133048f37aa5d88825c # Fix for bug we don't have +d0fbb1d8a194c0ec0180c1d073ad709e45503a43 # Fix for bug we don't have +b8eee0e90f9797b747113638bc75e739b192ad38 # Fix for bug we don't have +141731d15d6eb2fd9aaefbf9b935ce86ae243074 # Fix for bug we don't have +add42de31721fa29ed77a7ce388674d69f9d31a4 # Fix for bug we don't have +08ca8b21f760c0ed5034a5c122092eec22ccf8f4 # Fix for bug we don't have +23cf1ee1f1869966b75518c59b5cbda4c6c92450 # Fix for bug we don't have +476bdb04c501fc64bf3b8464ffddefc8dbe01577 # Fix for bug we don't have +64a93dbf25d3a1368bb58ddf0f61d0a92d7479e3 # Fix for bug we don't have +5468099c747240ed97dbb34340fece8ca87be34f # designed as a cleanup of sysfs output +32a155b1a83d6659e2272e8e1eec199667b1897e # adds a WARN +ad408a1596b45868e38d0504f2ec1d5fb06f17d4 # cosmetic fix +63d6d7ed475c53dc1cabdfedf63de1fd8dcd72ee # cosmetic fix, function call cannot fail diff --git a/patches.kabi/move-new-members-of-struct-usbnet-to-end.patch b/patches.kabi/move-new-members-of-struct-usbnet-to-end.patch new file mode 100644 index 0000000..2eaea8a --- /dev/null +++ b/patches.kabi/move-new-members-of-struct-usbnet-to-end.patch @@ -0,0 +1,31 @@ +From f6fa5aa1b5b916e3d92513070b046c2b2ff43684 Mon Sep 17 00:00:00 2001 +From: Oliver Neukum +Date: Wed, 28 Dec 2022 15:34:47 +0100 +Subject: [PATCH] move new members of struct usbnet to end +Patch-mainline: Never (kABI fixup) +References: git-fixes + +Signed-off-by: Oliver Neukum +--- + include/linux/usb/usbnet.h | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/include/linux/usb/usbnet.h b/include/linux/usb/usbnet.h +index 4f14bc65b..2f617e5f0 100644 +--- a/include/linux/usb/usbnet.h ++++ b/include/linux/usb/usbnet.h +@@ -83,8 +83,11 @@ struct usbnet { + # define EVENT_SET_RX_MODE 12 + # define EVENT_NO_IP_ALIGN 13 + void *suse_kabi_padding; ++ ++#ifndef __GENKSYMS__ + u32 rx_speed; /* in bps - NOT Mbps */ + u32 tx_speed; /* in bps - NOT Mbps */ ++#endif + }; + + static inline struct usb_driver *driver_of(struct usb_interface *intf) +-- +2.35.3 + diff --git a/patches.kabi/suse-hv-struct-vmbus_channel.patch b/patches.kabi/suse-hv-struct-vmbus_channel.patch index c72cc3b..1dd0c2a 100644 --- a/patches.kabi/suse-hv-struct-vmbus_channel.patch +++ b/patches.kabi/suse-hv-struct-vmbus_channel.patch @@ -8,6 +8,10 @@ A new channel is allocated internally by all in-tree drivers. Preserve layout of struct vmbus_channel. Hide the new members at the end of this struct. +--- + include/linux/hyperv.h | 4 ++++ + 1 file changed, 4 insertions(+) + --- a/include/linux/hyperv.h +++ b/include/linux/hyperv.h @@ -961,14 +961,18 @@ struct vmbus_channel { diff --git a/patches.rt/0070-NFSv4-replace-seqcount_t-with-a-seqlock_t.patch b/patches.rt/0070-NFSv4-replace-seqcount_t-with-a-seqlock_t.patch index b211637..de2ce74 100644 --- a/patches.rt/0070-NFSv4-replace-seqcount_t-with-a-seqlock_t.patch +++ b/patches.rt/0070-NFSv4-replace-seqcount_t-with-a-seqlock_t.patch @@ -31,7 +31,7 @@ Signed-off-by: Mike Galbraith --- a/fs/nfs/delegation.c +++ b/fs/nfs/delegation.c -@@ -151,11 +151,11 @@ again: +@@ -161,11 +161,11 @@ again: sp = state->owner; /* Block nfs4_proc_unlck */ mutex_lock(&sp->so_delegreturn_mutex); @@ -39,7 +39,7 @@ Signed-off-by: Mike Galbraith + seq = read_seqbegin(&sp->so_reclaim_seqlock); err = nfs4_open_delegation_recall(ctx, state, stateid); if (!err) - err = nfs_delegation_claim_locks(ctx, state, stateid); + err = nfs_delegation_claim_locks(state, stateid); - if (!err && read_seqcount_retry(&sp->so_reclaim_seqcount, seq)) + if (!err && read_seqretry(&sp->so_reclaim_seqlock, seq)) err = -EAGAIN; @@ -58,7 +58,7 @@ Signed-off-by: Mike Galbraith --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c -@@ -2787,7 +2787,7 @@ static int _nfs4_open_and_get_state(stru +@@ -2803,7 +2803,7 @@ static int _nfs4_open_and_get_state(stru unsigned int seq; int ret; @@ -67,7 +67,7 @@ Signed-off-by: Mike Galbraith ret = _nfs4_proc_open(opendata); if (ret != 0) -@@ -2825,7 +2825,7 @@ static int _nfs4_open_and_get_state(stru +@@ -2841,7 +2841,7 @@ static int _nfs4_open_and_get_state(stru if (d_inode(dentry) == state->inode) { nfs_inode_attach_open_context(ctx); @@ -78,7 +78,7 @@ Signed-off-by: Mike Galbraith out: --- a/fs/nfs/nfs4state.c +++ b/fs/nfs/nfs4state.c -@@ -492,7 +492,7 @@ nfs4_alloc_state_owner(struct nfs_server +@@ -498,7 +498,7 @@ nfs4_alloc_state_owner(struct nfs_server nfs4_init_seqid_counter(&sp->so_seqid); atomic_set(&sp->so_count, 1); INIT_LIST_HEAD(&sp->so_lru); @@ -87,7 +87,7 @@ Signed-off-by: Mike Galbraith mutex_init(&sp->so_delegreturn_mutex); return sp; } -@@ -1534,8 +1534,12 @@ static int nfs4_reclaim_open_state(struc +@@ -1564,8 +1564,12 @@ static int nfs4_reclaim_open_state(struc * recovering after a network partition or a reboot from a * server that doesn't support a grace period. */ @@ -101,7 +101,7 @@ Signed-off-by: Mike Galbraith restart: list_for_each_entry(state, &sp->so_states, open_states) { if (!test_and_clear_bit(ops->state_flag_bit, &state->flags)) -@@ -1604,14 +1608,20 @@ restart: +@@ -1634,14 +1638,20 @@ restart: spin_lock(&sp->so_lock); goto restart; } diff --git a/patches.suse/0001-memcg-kmem-further-deprecate-kmem.limit_in_bytes.patch b/patches.suse/0001-memcg-kmem-further-deprecate-kmem.limit_in_bytes.patch new file mode 100644 index 0000000..ab677c2 --- /dev/null +++ b/patches.suse/0001-memcg-kmem-further-deprecate-kmem.limit_in_bytes.patch @@ -0,0 +1,78 @@ +From 58056f77502f3567b760c9a8fc8d2e9081515b2d Mon Sep 17 00:00:00 2001 +From: Shakeel Butt +Date: Fri, 5 Nov 2021 13:37:44 -0700 +Subject: [PATCH] memcg, kmem: further deprecate kmem.limit_in_bytes +Git-commit: 58056f77502f3567b760c9a8fc8d2e9081515b2d +Patch-mainline: v5.16-rc1 +References: bsc#1206896 + +mhocko@suse.com: +I am referencing bsc#1206896 although this is not a fix for the reported +CVE. Kmem accounting has never been supported so this patch disables the +feature altogether which also removes the only (remotely) potential +attack vector. + +The deprecation process of kmem.limit_in_bytes started with the commit +0158115f702 ("memcg, kmem: deprecate kmem.limit_in_bytes") which also +explains in detail the motivation behind the deprecation. To summarize, +it is the unexpected behavior on hitting the kmem limit. This patch +moves the deprecation process to the next stage by disallowing to set +the kmem limit. In future we might just remove the kmem.limit_in_bytes +file completely. + +[akpm@linux-foundation.org: s/ENOTSUPP/EOPNOTSUPP/] +[arnd@arndb.de: mark cancel_charge() inline] + Link: https://lkml.kernel.org/r/20211022070542.679839-1-arnd@kernel.org + +Link: https://lkml.kernel.org/r/20211019153408.2916808-1-shakeelb@google.com +Signed-off-by: Shakeel Butt +Signed-off-by: Arnd Bergmann +Acked-by: Roman Gushchin +Acked-by: Michal Hocko +Reviewed-by: Muchun Song +Cc: Vasily Averin +Cc: Johannes Weiner +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds + +--- + Documentation/cgroup-v1/memory.txt | 8 ++------ + mm/memcontrol.c | 3 ++- + 2 files changed, 4 insertions(+), 7 deletions(-) + +--- a/Documentation/cgroup-v1/memory.txt ++++ b/Documentation/cgroup-v1/memory.txt +@@ -78,7 +78,8 @@ Brief summary of control files. + memory.oom_control # set/show oom controls. + memory.numa_stat # show the number of memory usage per numa node + +- memory.kmem.limit_in_bytes # set/show hard limit for kernel memory ++ memory.kmem.limit_in_bytes This knob is deprecated and writing to ++ it will return -ENOTSUPP. + memory.kmem.usage_in_bytes # show current kernel memory allocation + memory.kmem.failcnt # show the number of kernel memory usage hits limits + memory.kmem.max_usage_in_bytes # show max kernel memory usage recorded +@@ -462,11 +463,6 @@ About use_hierarchy, see Section 6. + Because rmdir() moves all pages to parent, some out-of-use page caches can be + moved to the parent. If you want to avoid that, force_empty will be useful. + +- Also, note that when memory.kmem.limit_in_bytes is set the charges due to +- kernel pages will still be seen. This is not considered a failure and the +- write will still return success. In this case, it is expected that +- memory.kmem.usage_in_bytes == memory.usage_in_bytes. +- + About use_hierarchy, see Section 6. + + 5.2 stat file +--- a/mm/memcontrol.c ++++ b/mm/memcontrol.c +@@ -3041,7 +3041,8 @@ static ssize_t mem_cgroup_write(struct k + ret = mem_cgroup_resize_memsw_limit(memcg, nr_pages); + break; + case _KMEM: +- ret = memcg_update_kmem_limit(memcg, nr_pages); ++ /* kmem.limit_in_bytes is deprecated. */ ++ ret = -EOPNOTSUPP; + break; + case _TCP: + ret = memcg_update_tcp_limit(memcg, nr_pages); diff --git a/patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch b/patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch index 5178981..f6e0724 100644 --- a/patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch +++ b/patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch @@ -9,8 +9,8 @@ References: fate#312013 --- include/linux/usb.h | 7 +++++++ include/linux/usb/hcd.h | 2 ++ - include/linux/usb/usbnet.h | 3 +++ - 3 files changed, 12 insertions(+) + include/linux/usb/usbnet.h | 2 ++ + 3 files changed, 11 insertions(+) --- a/include/linux/usb.h +++ b/include/linux/usb.h @@ -38,7 +38,7 @@ References: fate#312013 }; struct usb_dev_state; -@@ -686,6 +689,8 @@ struct usb_device { +@@ -688,6 +691,8 @@ struct usb_device { struct usb3_lpm_parameters u1_params; struct usb3_lpm_parameters u2_params; unsigned lpm_disable_count; @@ -47,7 +47,7 @@ References: fate#312013 }; #define to_usb_device(d) container_of(d, struct usb_device, dev) -@@ -1178,6 +1183,7 @@ struct usb_driver { +@@ -1180,6 +1185,7 @@ struct usb_driver { struct usb_dynids dynids; struct usbdrv_wrap drvwrap; @@ -55,7 +55,7 @@ References: fate#312013 unsigned int no_dynamic_id:1; unsigned int supports_autosuspend:1; unsigned int disable_hub_initiated_lpm:1; -@@ -1557,6 +1563,7 @@ struct urb { +@@ -1559,6 +1565,7 @@ struct urb { usb_complete_t complete; /* (in) completion routine */ struct usb_iso_packet_descriptor iso_frame_desc[0]; /* (in) ISO ONLY */ @@ -83,16 +83,15 @@ References: fate#312013 static inline int hcd_giveback_urb_in_bh(struct usb_hcd *hcd) --- a/include/linux/usb/usbnet.h +++ b/include/linux/usb/usbnet.h -@@ -82,6 +82,8 @@ struct usbnet { +@@ -82,6 +82,7 @@ struct usbnet { # define EVENT_LINK_CHANGE 11 # define EVENT_SET_RX_MODE 12 # define EVENT_NO_IP_ALIGN 13 -+ -+ void *suse_kabi_padding; ++ void *suse_kabi_padding; + u32 rx_speed; /* in bps - NOT Mbps */ + u32 tx_speed; /* in bps - NOT Mbps */ }; - - static inline struct usb_driver *driver_of(struct usb_interface *intf) -@@ -171,6 +173,7 @@ struct driver_info { +@@ -173,6 +174,7 @@ struct driver_info { int out; /* tx endpoint */ unsigned long data; /* Misc driver specific data */ diff --git a/patches.suse/CDC-NCM-remove-connected-log-message.patch b/patches.suse/CDC-NCM-remove-connected-log-message.patch new file mode 100644 index 0000000..c7e95e7 --- /dev/null +++ b/patches.suse/CDC-NCM-remove-connected-log-message.patch @@ -0,0 +1,45 @@ +From 59b4a8fa27f5a895582ada1ae5034af7c94a57b5 Mon Sep 17 00:00:00 2001 +From: Roland Dreier +Date: Wed, 23 Dec 2020 19:21:16 -0800 +Subject: [PATCH] CDC-NCM: remove "connected" log message +Git-commit: 59b4a8fa27f5a895582ada1ae5034af7c94a57b5 +References: git-fixes +Patch-mainline: v5.11-rc3 + +The cdc_ncm driver passes network connection notifications up to +usbnet_link_change(), which is the right place for any logging. +Remove the netdev_info() duplicating this from the driver itself. + +This stops devices such as my "TRENDnet USB 10/100/1G/2.5G LAN" +(ID 20f4:e02b) adapter from spamming the kernel log with + + cdc_ncm 2-2:2.0 enp0s2u2c2: network connection: connected + +messages every 60 msec or so. + +Signed-off-by: Roland Dreier +Reviewed-by: Greg Kroah-Hartman +Link: https://lore.kernel.org/r/20201224032116.2453938-1-roland@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/cdc_ncm.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c +index 2bac57d5e8d5..3b816a4731f2 100644 +--- a/drivers/net/usb/cdc_ncm.c ++++ b/drivers/net/usb/cdc_ncm.c +@@ -1863,9 +1863,6 @@ static void cdc_ncm_status(struct usbnet *dev, struct urb *urb) + * USB_CDC_NOTIFY_NETWORK_CONNECTION notification shall be + * sent by device after USB_CDC_NOTIFY_SPEED_CHANGE. + */ +- netif_info(dev, link, dev->net, +- "network connection: %sconnected\n", +- !!event->wValue ? "" : "dis"); + usbnet_link_change(dev, !!event->wValue, 0); + break; + +-- +2.35.3 + diff --git a/patches.suse/NFS-Correct-size-calculation-for-create-reply-length.patch b/patches.suse/NFS-Correct-size-calculation-for-create-reply-length.patch new file mode 100644 index 0000000..4f808b5 --- /dev/null +++ b/patches.suse/NFS-Correct-size-calculation-for-create-reply-length.patch @@ -0,0 +1,43 @@ +From: Frank Sorenson +Date: Mon, 8 Mar 2021 12:12:13 -0600 +Subject: [PATCH] NFS: Correct size calculation for create reply length +Git-commit: ad3dbe35c833c2d4d0bbf3f04c785d32f931e7c9 +Patch-mainline: v5.12 +References: git-fixes + +CREATE requests return a post_op_fh3, rather than nfs_fh3. The +post_op_fh3 includes an extra word to indicate 'handle_follows'. + +Without that additional word, create fails when full 64-byte +filehandles are in use. + +Add NFS3_post_op_fh_sz, and correct the size calculation for +NFS3_createres_sz. + +Signed-off-by: Frank Sorenson +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/nfs3xdr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/nfs/nfs3xdr.c ++++ b/fs/nfs/nfs3xdr.c +@@ -33,6 +33,7 @@ + */ + #define NFS3_fhandle_sz (1+16) + #define NFS3_fh_sz (NFS3_fhandle_sz) /* shorthand */ ++#define NFS3_post_op_fh_sz (1+NFS3_fh_sz) + #define NFS3_sattr_sz (15) + #define NFS3_filename_sz (1+(NFS3_MAXNAMLEN>>2)) + #define NFS3_path_sz (1+(NFS3_MAXPATHLEN>>2)) +@@ -70,7 +71,7 @@ + #define NFS3_readlinkres_sz (1+NFS3_post_op_attr_sz+1) + #define NFS3_readres_sz (1+NFS3_post_op_attr_sz+3) + #define NFS3_writeres_sz (1+NFS3_wcc_data_sz+4) +-#define NFS3_createres_sz (1+NFS3_fh_sz+NFS3_post_op_attr_sz+NFS3_wcc_data_sz) ++#define NFS3_createres_sz (1+NFS3_post_op_fh_sz+NFS3_post_op_attr_sz+NFS3_wcc_data_sz) + #define NFS3_renameres_sz (1+(2 * NFS3_wcc_data_sz)) + #define NFS3_linkres_sz (1+NFS3_post_op_attr_sz+NFS3_wcc_data_sz) + #define NFS3_readdirres_sz (1+NFS3_post_op_attr_sz+2) diff --git a/patches.suse/NFS-Fix-an-Oops-in-nfs_d_automount.patch b/patches.suse/NFS-Fix-an-Oops-in-nfs_d_automount.patch new file mode 100644 index 0000000..05993ab --- /dev/null +++ b/patches.suse/NFS-Fix-an-Oops-in-nfs_d_automount.patch @@ -0,0 +1,30 @@ +From: Trond Myklebust +Date: Mon, 14 Nov 2022 17:30:39 -0500 +Subject: [PATCH] NFS: Fix an Oops in nfs_d_automount() +Git-commit: 35e3b6ae84935d0d7ff76cbdaa83411b0ad5e471 +Patch-mainline: v6.2 +References: git-fixes + +When mounting from a NFSv4 referral, path->dentry can end up being a +negative dentry, so derive the struct nfs_server from the dentry +itself instead. + +Fixes: 2b0143b5c986 ("VFS: normal filesystems (and lustre): d_inode() annotations") +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/namespace.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfs/namespace.c ++++ b/fs/nfs/namespace.c +@@ -143,7 +143,7 @@ EXPORT_SYMBOL_GPL(nfs_path); + struct vfsmount *nfs_d_automount(struct path *path) + { + struct vfsmount *mnt; +- struct nfs_server *server = NFS_SERVER(d_inode(path->dentry)); ++ struct nfs_server *server = NFS_SB(path->dentry->d_sb); + struct nfs_fh *fh = NULL; + struct nfs_fattr *fattr = NULL; + diff --git a/patches.suse/NFS-Fix-initialisation-of-I-O-result-struct-in-nfs_p.patch b/patches.suse/NFS-Fix-initialisation-of-I-O-result-struct-in-nfs_p.patch new file mode 100644 index 0000000..58c1d55 --- /dev/null +++ b/patches.suse/NFS-Fix-initialisation-of-I-O-result-struct-in-nfs_p.patch @@ -0,0 +1,31 @@ +From: Trond Myklebust +Date: Wed, 14 Aug 2019 14:19:09 -0400 +Subject: [PATCH] NFS: Fix initialisation of I/O result struct in + nfs_pgio_rpcsetup +Git-commit: 17d8c5d145000070c581f2a8aa01edc7998582ab +Patch-mainline: v5.3 +References: git-fixes + +Initialise the result count to 0 rather than initialising it to the +argument count. The reason is that we want to ensure we record the +I/O stats correctly in the case where an error is returned (for +instance in the layoutstats). + +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/pagelist.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfs/pagelist.c ++++ b/fs/nfs/pagelist.c +@@ -581,7 +581,7 @@ static void nfs_pgio_rpcsetup(struct nfs + } + + hdr->res.fattr = &hdr->fattr; +- hdr->res.count = count; ++ hdr->res.count = 0; + hdr->res.eof = 0; + hdr->res.verf = &hdr->verf; + nfs_fattr_init(&hdr->fattr); diff --git a/patches.suse/NFS-Fix-memory-leaks-in-nfs_pageio_stop_mirroring.patch b/patches.suse/NFS-Fix-memory-leaks-in-nfs_pageio_stop_mirroring.patch new file mode 100644 index 0000000..95217bb --- /dev/null +++ b/patches.suse/NFS-Fix-memory-leaks-in-nfs_pageio_stop_mirroring.patch @@ -0,0 +1,50 @@ +From: Trond Myklebust +Date: Sun, 29 Mar 2020 20:06:45 -0400 +Subject: [PATCH] NFS: Fix memory leaks in nfs_pageio_stop_mirroring() +Git-commit: 862f35c94730c9270833f3ad05bd758a29f204ed +Patch-mainline: v5.7 +References: git-fixes + +If we just set the mirror count to 1 without first clearing out +the mirrors, we can leak queued up requests. + +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/pagelist.c | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) + +--- a/fs/nfs/pagelist.c ++++ b/fs/nfs/pagelist.c +@@ -883,15 +883,6 @@ static void nfs_pageio_setup_mirroring(s + pgio->pg_mirror_count = mirror_count; + } + +-/* +- * nfs_pageio_stop_mirroring - stop using mirroring (set mirror count to 1) +- */ +-void nfs_pageio_stop_mirroring(struct nfs_pageio_descriptor *pgio) +-{ +- pgio->pg_mirror_count = 1; +- pgio->pg_mirror_idx = 0; +-} +- + static void nfs_pageio_cleanup_mirroring(struct nfs_pageio_descriptor *pgio) + { + pgio->pg_mirror_count = 1; +@@ -1322,6 +1313,14 @@ void nfs_pageio_cond_complete(struct nfs + } + } + ++/* ++ * nfs_pageio_stop_mirroring - stop using mirroring (set mirror count to 1) ++ */ ++void nfs_pageio_stop_mirroring(struct nfs_pageio_descriptor *pgio) ++{ ++ nfs_pageio_complete(pgio); ++} ++ + int __init nfs_init_nfspagecache(void) + { + nfs_page_cachep = kmem_cache_create("nfs_page", diff --git a/patches.suse/NFS-Further-fixes-to-the-writeback-error-handling.patch b/patches.suse/NFS-Further-fixes-to-the-writeback-error-handling.patch index 1d186ca..989e4fb 100644 --- a/patches.suse/NFS-Further-fixes-to-the-writeback-error-handling.patch +++ b/patches.suse/NFS-Further-fixes-to-the-writeback-error-handling.patch @@ -19,8 +19,8 @@ Signed-off-by: Anna Schumaker Acked-by: NeilBrown --- - fs/nfs/write.c | 37 +++++++++++++++++-------------------- - 1 file changed, 17 insertions(+), 20 deletions(-) + fs/nfs/write.c | 38 ++++++++++++++++++-------------------- + 1 file changed, 18 insertions(+), 20 deletions(-) --- a/fs/nfs/write.c +++ b/fs/nfs/write.c @@ -36,17 +36,18 @@ Acked-by: NeilBrown { struct nfs_page *req; int ret = 0; -@@ -664,12 +665,12 @@ static int nfs_page_async_flush(struct n +@@ -664,12 +665,13 @@ static int nfs_page_async_flush(struct n /* * Remove the problematic req upon fatal errors on the server */ - if (nfs_error_is_fatal(ret)) { -+ if (nfs_error_is_fatal_on_server(ret)) ++ if (nfs_error_is_fatal(ret)) nfs_context_set_write_error(req->wb_context, ret); - if (nfs_error_is_fatal_on_server(ret)) - goto out_launder; - } else - ret = -EAGAIN; ++ if (nfs_error_is_fatal_on_server(ret)) + goto out_launder; + if (wbc->sync_mode == WB_SYNC_NONE) + ret = AOP_WRITEPAGE_ACTIVATE; @@ -54,7 +55,7 @@ Acked-by: NeilBrown nfs_redirty_request(req); } else nfs_add_stats(page_file_mapping(page)->host, -@@ -684,15 +685,8 @@ out_launder: +@@ -684,15 +686,8 @@ out_launder: static int nfs_do_writepage(struct page *page, struct writeback_control *wbc, struct nfs_pageio_descriptor *pgio) { @@ -71,7 +72,7 @@ Acked-by: NeilBrown } /* -@@ -752,11 +746,14 @@ int nfs_writepages(struct address_space +@@ -752,11 +747,14 @@ int nfs_writepages(struct address_space if (ioc) nfs_io_completion_init(ioc, nfs_io_completion_commit, inode); diff --git a/patches.suse/NFS-Handle-missing-attributes-in-OPEN.patch b/patches.suse/NFS-Handle-missing-attributes-in-OPEN.patch new file mode 100644 index 0000000..4a6411a --- /dev/null +++ b/patches.suse/NFS-Handle-missing-attributes-in-OPEN.patch @@ -0,0 +1,120 @@ +Subject: NFS Handle missing attributes in OPEN reply +From: NeilBrown +Patch-mainline: Submitted, 04jan2023 linux-nfs@vger.kernel.org +References: bsc#1203740 + +If a NFSv4 OPEN reply reports that the file was successfully opened but +the subsequent GETATTR fails, Linux-NFS will attempt a stand-alone +GETATTR request. If that also fails, handling of the reply is aborted +with error -EAGAIN and the open is attempted again from the start. + +This leaves the server with an active state (because the OPEN operation +succeeded) which the client doesn't know about. If the open-owner +(local user) did not have the file already open, this has minimal +consequences for the client and only causes the server to spend +resources on an open state that will never be used or explicitly closed. + +If the open-owner DID already have the file open, then it will hold a +reference to the open-state for that file, but the seq-id in the +state-id will now be out-of-sync with the server. The server will have +incremented the seq-id, but the client will not have noticed. So when +the client next attempts to access the file using that state (READ, +WRITE, SETATTR), the attempt will fail with NFS4ERR_OLD_STATEID. + +The Linux-client assumes this error is due to a race and simply retries +on the basis that the local state-id information should have been +updated by another thread. This basis is invalid in this case and the +result is an infinite loop attempting IO and getting OLD_STATEID. + +This has been observed with a NetApp Filer as the server. The client is +creating, writing, and unlinking a particular file from multiple +clients. If a new OPEN from one client races with a REMOVE from +another client while the first client already has the file open, the +Filer can report success for the OPEN op, but NFS4ERR_STALE for the +ACCESS and GETATTR ops in the OPEN request. This gets the seq-id +out-of-sync and a subsequent write to the other open on the first +clients causes the infinite loop to occur. + +The reason that the client returns -EAGAIN is that it needs to find the +inode so it can find the associated state to update the seq-id, but the +inode lookup requires the file-id which is provided in the GETATTR +reply. Without the file-id normal inode lookup cannot be used. + +This patch changes the lookup so that when the file-id is not available +the list of states owned by the open-owner is examined to find the state +with the correct state-id (ignoring the seq-id part of the state-id). +If this is found it is used just as when a normal inode lookup finds an +inode. If it isn't found, -EAGAIN is returned as before. + +Signed-off-by: NeilBrown +Acked-by: NeilBrown + +--- + fs/nfs/nfs4_fs.h | 1 + + fs/nfs/nfs4proc.c | 18 ++++++++++++++---- + fs/nfs/nfs4state.c | 17 +++++++++++++++++ + 3 files changed, 32 insertions(+), 4 deletions(-) + +--- a/fs/nfs/nfs4_fs.h ++++ b/fs/nfs/nfs4_fs.h +@@ -435,6 +435,7 @@ extern void nfs4_put_state_owner(struct + extern void nfs4_purge_state_owners(struct nfs_server *, struct list_head *); + extern void nfs4_free_state_owners(struct list_head *head); + extern struct nfs4_state * nfs4_get_open_state(struct inode *, struct nfs4_state_owner *); ++extern struct inode *nfs4_get_inode_by_stateid(nfs4_stateid *stateid, struct nfs4_state_owner *owner); + extern void nfs4_put_open_state(struct nfs4_state *); + extern void nfs4_close_state(struct nfs4_state *, fmode_t); + extern void nfs4_close_sync(struct nfs4_state *, fmode_t); +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -1837,10 +1837,20 @@ _nfs4_opendata_to_nfs4_state(struct nfs4 + goto out; + } + +- ret = -EAGAIN; +- if (!(data->f_attr.valid & NFS_ATTR_FATTR)) +- goto err; +- inode = nfs_fhget(data->dir->d_sb, &data->o_res.fh, &data->f_attr, data->f_label); ++ if (data->f_attr.valid & NFS_ATTR_FATTR) { ++ inode = nfs_fhget(data->dir->d_sb, &data->o_res.fh, ++ &data->f_attr, data->f_label); ++ } else { ++ /* We don't have the fileid and so cannot do inode ++ * lookup. If we already have this state open we MUST ++ * update the seqid to match the server, so we need to ++ * find it if possible. ++ */ ++ inode = nfs4_get_inode_by_stateid(&data->o_res.stateid, ++ data->owner); ++ if (!inode) ++ inode = ERR_PTR(-EAGAIN); ++ } + ret = PTR_ERR(inode); + if (IS_ERR(inode)) + goto err; +--- a/fs/nfs/nfs4state.c ++++ b/fs/nfs/nfs4state.c +@@ -742,6 +742,23 @@ out: + return state; + } + ++struct inode * ++nfs4_get_inode_by_stateid(nfs4_stateid *stateid, struct nfs4_state_owner *owner) ++{ ++ struct nfs4_state *state; ++ struct inode *inode = NULL; ++ ++ spin_lock(&owner->so_lock); ++ list_for_each_entry(state, &owner->so_states, open_states) ++ if (nfs4_stateid_match_other(stateid, &state->open_stateid)) { ++ inode = state->inode; ++ ihold(inode); ++ break; ++ } ++ spin_unlock(&owner->so_lock); ++ return inode; ++} ++ + void nfs4_put_open_state(struct nfs4_state *state) + { + struct inode *inode = state->inode; diff --git a/patches.suse/NFS-direct.c-Fix-memory-leak-of-dreq-when-nfs_get_lo.patch b/patches.suse/NFS-direct.c-Fix-memory-leak-of-dreq-when-nfs_get_lo.patch new file mode 100644 index 0000000..5cac7fb --- /dev/null +++ b/patches.suse/NFS-direct.c-Fix-memory-leak-of-dreq-when-nfs_get_lo.patch @@ -0,0 +1,45 @@ +From: Misono Tomohiro +Date: Wed, 28 Aug 2019 17:01:22 +0900 +Subject: [PATCH] NFS: direct.c: Fix memory leak of dreq when + nfs_get_lock_context fails +Git-commit: 8605cf0e852af3b2c771c18417499dc4ceed03d5 +Patch-mainline: v5.7 +References: git-fixes + +When dreq is allocated by nfs_direct_req_alloc(), dreq->kref is +initialized to 2. Therefore we need to call nfs_direct_req_release() +twice to release the allocated dreq. Usually it is called in +nfs_file_direct_{read, write}() and nfs_direct_complete(). + +However, current code only calls nfs_direct_req_relese() once if +nfs_get_lock_context() fails in nfs_file_direct_{read, write}(). +So, that case would result in memory leak. + +Fix this by adding the missing call. + +Signed-off-by: Misono Tomohiro +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/direct.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/nfs/direct.c ++++ b/fs/nfs/direct.c +@@ -600,6 +600,7 @@ ssize_t nfs_file_direct_read(struct kioc + l_ctx = nfs_get_lock_context(dreq->ctx); + if (IS_ERR(l_ctx)) { + result = PTR_ERR(l_ctx); ++ nfs_direct_req_release(dreq); + goto out_release; + } + dreq->l_ctx = l_ctx; +@@ -1024,6 +1025,7 @@ ssize_t nfs_file_direct_write(struct kio + l_ctx = nfs_get_lock_context(dreq->ctx); + if (IS_ERR(l_ctx)) { + result = PTR_ERR(l_ctx); ++ nfs_direct_req_release(dreq); + goto out_release; + } + dreq->l_ctx = l_ctx; diff --git a/patches.suse/NFS-nfs_compare_mount_options-always-compare-auth-fl.patch b/patches.suse/NFS-nfs_compare_mount_options-always-compare-auth-fl.patch new file mode 100644 index 0000000..f636c97 --- /dev/null +++ b/patches.suse/NFS-nfs_compare_mount_options-always-compare-auth-fl.patch @@ -0,0 +1,51 @@ +From: Chris Perl +Date: Mon, 17 Dec 2018 10:56:38 -0500 +Subject: [PATCH] NFS: nfs_compare_mount_options always compare auth flavors. +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 594d1644cd59447f4fceb592448d5cd09eb09b5e +Patch-mainline: v5.0 +References: git-fixes + +This patch removes the check from nfs_compare_mount_options to see if a +`sec' option was passed for the current mount before comparing auth +flavors and instead just always compares auth flavors. + +Consider the following scenario: + +You have a server with the address 192.168.1.1 and two exports /export/a +and /export/b. The first export supports `sys' and `krb5' security, the +second just `sys'. + +Assume you start with no mounts from the server. + +The following results in EIOs being returned as the kernel nfs client +incorrectly thinks it can share the underlying `struct nfs_server's: + +$ mkdir /tmp/{a,b} +$ sudo mount -t nfs -o vers=3,sec=krb5 192.168.1.1:/export/a /tmp/a +$ sudo mount -t nfs -o vers=3 192.168.1.1:/export/b /tmp/b +$ df >/dev/null +Df: ‘/tmp/b’: Input/output error + +Signed-off-by: Chris Perl +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/super.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/fs/nfs/super.c ++++ b/fs/nfs/super.c +@@ -2458,8 +2458,7 @@ static int nfs_compare_mount_options(con + goto Ebusy; + if (a->acdirmax != b->acdirmax) + goto Ebusy; +- if (b->auth_info.flavor_len > 0 && +- clnt_a->cl_auth->au_flavor != clnt_b->cl_auth->au_flavor) ++ if (clnt_a->cl_auth->au_flavor != clnt_b->cl_auth->au_flavor) + goto Ebusy; + return 1; + Ebusy: diff --git a/patches.suse/NFS-nfs_find_open_context-may-only-select-open-files.patch b/patches.suse/NFS-nfs_find_open_context-may-only-select-open-files.patch new file mode 100644 index 0000000..b102a90 --- /dev/null +++ b/patches.suse/NFS-nfs_find_open_context-may-only-select-open-files.patch @@ -0,0 +1,56 @@ +From: Trond Myklebust +Date: Tue, 11 May 2021 23:41:10 -0400 +Subject: [PATCH] NFS: nfs_find_open_context() may only select open files +Git-commit: e97bc66377bca097e1f3349ca18ca17f202ff659 +Patch-mainline: v5.14 +References: git-fixes + +If a file has already been closed, then it should not be selected to +support further I/O. + +Signed-off-by: Trond Myklebust +[trond: Fix an invalid pointer deref reported by Colin Ian King] +Acked-by: NeilBrown + +--- + fs/nfs/inode.c | 4 ++++ + include/linux/nfs_fs.h | 1 + + 2 files changed, 5 insertions(+) + +--- a/fs/nfs/inode.c ++++ b/fs/nfs/inode.c +@@ -940,6 +940,7 @@ EXPORT_SYMBOL_GPL(nfs_inode_attach_open_ + void nfs_file_set_open_context(struct file *filp, struct nfs_open_context *ctx) + { + filp->private_data = get_nfs_open_context(ctx); ++ set_bit(NFS_CONTEXT_FILE_OPEN, &ctx->flags); + if (list_empty(&ctx->list)) + nfs_inode_attach_open_context(ctx); + } +@@ -959,6 +960,8 @@ struct nfs_open_context *nfs_find_open_c + continue; + if ((pos->mode & (FMODE_READ|FMODE_WRITE)) != mode) + continue; ++ if (!test_bit(NFS_CONTEXT_FILE_OPEN, &pos->flags)) ++ continue; + ctx = get_nfs_open_context(pos); + break; + } +@@ -973,6 +976,7 @@ void nfs_file_clear_open_context(struct + if (ctx) { + struct inode *inode = d_inode(ctx->dentry); + ++ clear_bit(NFS_CONTEXT_FILE_OPEN, &ctx->flags); + /* + * We fatal error on write before. Try to writeback + * every page again. +--- a/include/linux/nfs_fs.h ++++ b/include/linux/nfs_fs.h +@@ -77,6 +77,7 @@ struct nfs_open_context { + #define NFS_CONTEXT_RESEND_WRITES (1) + #define NFS_CONTEXT_BAD (2) + #define NFS_CONTEXT_UNLOCK (3) ++#define NFS_CONTEXT_FILE_OPEN (4) + int error; + + struct list_head list; diff --git a/patches.suse/NFS-swap-IO-handling-is-slightly-different-for-O_DIR.patch b/patches.suse/NFS-swap-IO-handling-is-slightly-different-for-O_DIR.patch new file mode 100644 index 0000000..e138106 --- /dev/null +++ b/patches.suse/NFS-swap-IO-handling-is-slightly-different-for-O_DIR.patch @@ -0,0 +1,173 @@ +From: NeilBrown +Date: Mon, 7 Mar 2022 10:41:44 +1100 +Subject: [PATCH] NFS: swap IO handling is slightly different for O_DIRECT IO +Git-commit: 64158668ac8b31626a8ce48db4cad08496eb8340 +Patch-mainline: v5.18 +References: git-fixes + +1/ Taking the i_rwsem for swap IO triggers lockdep warnings regarding + possible deadlocks with "fs_reclaim". These deadlocks could, I believe, + eventuate if a buffered read on the swapfile was attempted. + + We don't need coherence with the page cache for a swap file, and + buffered writes are forbidden anyway. There is no other need for + i_rwsem during direct IO. So never take it for swap_rw() + +2/ generic_write_checks() explicitly forbids writes to swap, and + performs checks that are not needed for swap. So bypass it + for swap_rw(). + +Signed-off-by: NeilBrown +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/direct.c | 42 ++++++++++++++++++++++++++++-------------- + fs/nfs/file.c | 4 ++-- + include/linux/nfs_fs.h | 8 ++++---- + 3 files changed, 34 insertions(+), 20 deletions(-) + +--- a/fs/nfs/direct.c ++++ b/fs/nfs/direct.c +@@ -288,8 +288,8 @@ ssize_t nfs_direct_IO(struct kiocb *iocb + VM_BUG_ON(iov_iter_count(iter) != PAGE_SIZE); + + if (iov_iter_rw(iter) == READ) +- return nfs_file_direct_read(iocb, iter); +- return nfs_file_direct_write(iocb, iter); ++ return nfs_file_direct_read(iocb, iter, true); ++ return nfs_file_direct_write(iocb, iter, true); + } + + static void nfs_direct_release_pages(struct page **pages, unsigned int npages) +@@ -553,6 +553,7 @@ static ssize_t nfs_direct_read_schedule_ + * nfs_file_direct_read - file direct read operation for NFS files + * @iocb: target I/O control block + * @iter: vector of user buffers into which to read data ++ * @swap: flag indicating this is swap IO, not O_DIRECT IO + * + * We use this function for direct reads instead of calling + * generic_file_aio_read() in order to avoid gfar's check to see if +@@ -568,7 +569,8 @@ static ssize_t nfs_direct_read_schedule_ + * client must read the updated atime from the server back into its + * cache. + */ +-ssize_t nfs_file_direct_read(struct kiocb *iocb, struct iov_iter *iter) ++ssize_t nfs_file_direct_read(struct kiocb *iocb, struct iov_iter *iter, ++ bool swap) + { + struct file *file = iocb->ki_filp; + struct address_space *mapping = file->f_mapping; +@@ -610,12 +612,14 @@ ssize_t nfs_file_direct_read(struct kioc + if (iter_is_iovec(iter)) + dreq->flags = NFS_ODIRECT_SHOULD_DIRTY; + +- nfs_start_io_direct(inode); ++ if (!swap) ++ nfs_start_io_direct(inode); + + NFS_I(inode)->read_io += count; + requested = nfs_direct_read_schedule_iovec(dreq, iter, iocb->ki_pos); + +- nfs_end_io_direct(inode); ++ if (!swap) ++ nfs_end_io_direct(inode); + + if (requested > 0) { + result = nfs_direct_wait(dreq); +@@ -972,6 +976,7 @@ static ssize_t nfs_direct_write_schedule + * nfs_file_direct_write - file direct write operation for NFS files + * @iocb: target I/O control block + * @iter: vector of user buffers from which to write data ++ * @swap: flag indicating this is swap IO, not O_DIRECT IO + * + * We use this function for direct writes instead of calling + * generic_file_aio_write() in order to avoid taking the inode +@@ -988,7 +993,8 @@ static ssize_t nfs_direct_write_schedule + * Note that O_APPEND is not supported for NFS direct writes, as there + * is no atomic O_APPEND write facility in the NFS protocol. + */ +-ssize_t nfs_file_direct_write(struct kiocb *iocb, struct iov_iter *iter) ++ssize_t nfs_file_direct_write(struct kiocb *iocb, struct iov_iter *iter, ++ bool swap) + { + ssize_t result = -EINVAL, requested; + size_t count; +@@ -1002,7 +1008,11 @@ ssize_t nfs_file_direct_write(struct kio + dfprintk(FILE, "NFS: direct write(%pD2, %zd@%Ld)\n", + file, iov_iter_count(iter), (long long) iocb->ki_pos); + +- result = generic_write_checks(iocb, iter); ++ if (swap) ++ /* bypass generic checks */ ++ result = iov_iter_count(iter); ++ else ++ result = generic_write_checks(iocb, iter); + if (result <= 0) + return result; + count = result; +@@ -1032,16 +1042,20 @@ ssize_t nfs_file_direct_write(struct kio + if (!is_sync_kiocb(iocb)) + dreq->iocb = iocb; + +- nfs_start_io_direct(inode); ++ if (swap) { ++ requested = nfs_direct_write_schedule_iovec(dreq, iter, pos); ++ } else { ++ nfs_start_io_direct(inode); + +- requested = nfs_direct_write_schedule_iovec(dreq, iter, pos); ++ requested = nfs_direct_write_schedule_iovec(dreq, iter, pos); + +- if (mapping->nrpages) { +- invalidate_inode_pages2_range(mapping, +- pos >> PAGE_SHIFT, end); +- } ++ if (mapping->nrpages) { ++ invalidate_inode_pages2_range(mapping, ++ pos >> PAGE_SHIFT, end); ++ } + +- nfs_end_io_direct(inode); ++ nfs_end_io_direct(inode); ++ } + + if (requested > 0) { + result = nfs_direct_wait(dreq); +--- a/fs/nfs/file.c ++++ b/fs/nfs/file.c +@@ -168,7 +168,7 @@ nfs_file_read(struct kiocb *iocb, struct + ssize_t result; + + if (iocb->ki_flags & IOCB_DIRECT) +- return nfs_file_direct_read(iocb, to); ++ return nfs_file_direct_read(iocb, to, false); + + dprintk("NFS: read(%pD2, %zu@%lu)\n", + iocb->ki_filp, +@@ -613,7 +613,7 @@ ssize_t nfs_file_write(struct kiocb *ioc + return result; + + if (iocb->ki_flags & IOCB_DIRECT) +- return nfs_file_direct_write(iocb, from); ++ return nfs_file_direct_write(iocb, from, false); + + dprintk("NFS: write(%pD2, %zu@%Ld)\n", + file, iov_iter_count(from), (long long) iocb->ki_pos); +--- a/include/linux/nfs_fs.h ++++ b/include/linux/nfs_fs.h +@@ -441,10 +441,10 @@ static inline struct rpc_cred *nfs_file_ + * linux/fs/nfs/direct.c + */ + extern ssize_t nfs_direct_IO(struct kiocb *, struct iov_iter *); +-extern ssize_t nfs_file_direct_read(struct kiocb *iocb, +- struct iov_iter *iter); +-extern ssize_t nfs_file_direct_write(struct kiocb *iocb, +- struct iov_iter *iter); ++ssize_t nfs_file_direct_read(struct kiocb *iocb, ++ struct iov_iter *iter, bool swap); ++ssize_t nfs_file_direct_write(struct kiocb *iocb, ++ struct iov_iter *iter, bool swap); + + /* + * linux/fs/nfs/dir.c diff --git a/patches.suse/NFS-swap-out-must-always-use-STABLE-writes.patch b/patches.suse/NFS-swap-out-must-always-use-STABLE-writes.patch new file mode 100644 index 0000000..3963bc1 --- /dev/null +++ b/patches.suse/NFS-swap-out-must-always-use-STABLE-writes.patch @@ -0,0 +1,65 @@ +From: NeilBrown +Date: Mon, 7 Mar 2022 10:41:44 +1100 +Subject: [PATCH] NFS: swap-out must always use STABLE writes. +Git-commit: c265de257f558a05c1859ee9e3fed04883b9ec0e +Patch-mainline: v5.18 +References: git-fixes + +The commit handling code is not safe against memory-pressure deadlocks +when writing to swap. In particular, nfs_commitdata_alloc() blocks +indefinitely waiting for memory, and this can consume all available +workqueue threads. + +swap-out most likely uses STABLE writes anyway as COND_STABLE indicates +that a stable write should be used if the write fits in a single +request, and it normally does. However if we ever swap with a small +wsize, or gather unusually large numbers of pages for a single write, +this might change. + +For safety, make it explicit in the code that direct writes used for swap +must always use FLUSH_STABLE. + +Signed-off-by: NeilBrown +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/direct.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/fs/nfs/direct.c ++++ b/fs/nfs/direct.c +@@ -889,7 +889,7 @@ static const struct nfs_pgio_completion_ + */ + static ssize_t nfs_direct_write_schedule_iovec(struct nfs_direct_req *dreq, + struct iov_iter *iter, +- loff_t pos) ++ loff_t pos, int ioflags) + { + struct nfs_pageio_descriptor desc; + struct inode *inode = dreq->inode; +@@ -897,7 +897,7 @@ static ssize_t nfs_direct_write_schedule + size_t requested_bytes = 0; + size_t wsize = max_t(size_t, NFS_SERVER(inode)->wsize, PAGE_SIZE); + +- nfs_pageio_init_write(&desc, inode, FLUSH_COND_STABLE, false, ++ nfs_pageio_init_write(&desc, inode, ioflags, false, + &nfs_direct_write_completion_ops); + desc.pg_dreq = dreq; + get_dreq(dreq); +@@ -1043,11 +1043,13 @@ ssize_t nfs_file_direct_write(struct kio + dreq->iocb = iocb; + + if (swap) { +- requested = nfs_direct_write_schedule_iovec(dreq, iter, pos); ++ requested = nfs_direct_write_schedule_iovec(dreq, iter, pos, ++ FLUSH_STABLE); + } else { + nfs_start_io_direct(inode); + +- requested = nfs_direct_write_schedule_iovec(dreq, iter, pos); ++ requested = nfs_direct_write_schedule_iovec(dreq, iter, pos, ++ FLUSH_COND_STABLE); + + if (mapping->nrpages) { + invalidate_inode_pages2_range(mapping, diff --git a/patches.suse/NFSD-Keep-existing-listeners-on-portlist-error.patch b/patches.suse/NFSD-Keep-existing-listeners-on-portlist-error.patch new file mode 100644 index 0000000..c1d09a9 --- /dev/null +++ b/patches.suse/NFSD-Keep-existing-listeners-on-portlist-error.patch @@ -0,0 +1,36 @@ +From: Benjamin Coddington +Date: Wed, 6 Oct 2021 13:20:44 -0400 +Subject: [PATCH] NFSD: Keep existing listeners on portlist error +Git-commit: c20106944eb679fa3ab7e686fe5f6ba30fbc51e5 +Patch-mainline: v5.15 +References: git-fixes + +If nfsd has existing listening sockets without any processes, then an error +returned from svc_create_xprt() for an additional transport will remove +those existing listeners. We're seeing this in practice when userspace +attempts to create rpcrdma transports without having the rpcrdma modules +present before creating nfsd kernel processes. Fix this by checking for +existing sockets before calling nfsd_destroy(). + +Signed-off-by: Benjamin Coddington +Signed-off-by: Chuck Lever +Acked-by: NeilBrown + +--- + fs/nfsd/nfsctl.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/fs/nfsd/nfsctl.c ++++ b/fs/nfsd/nfsctl.c +@@ -788,7 +788,10 @@ out_close: + svc_xprt_put(xprt); + } + out_err: +- nfsd_destroy(net); ++ if (!list_empty(&nn->nfsd_serv->sv_permsocks)) ++ nn->nfsd_serv->sv_nrthreads--; ++ else ++ nfsd_destroy(net); + return err; + } + diff --git a/patches.suse/NFSD-Return-nfserr_serverfault-if-splice_ok-but-buf-.patch b/patches.suse/NFSD-Return-nfserr_serverfault-if-splice_ok-but-buf-.patch new file mode 100644 index 0000000..7932761 --- /dev/null +++ b/patches.suse/NFSD-Return-nfserr_serverfault-if-splice_ok-but-buf-.patch @@ -0,0 +1,32 @@ +From: Anna Schumaker +Date: Tue, 13 Sep 2022 14:01:50 -0400 +Subject: [PATCH] NFSD: Return nfserr_serverfault if splice_ok but buf->pages + have data +Git-commit: 06981d560606ac48d61e5f4fff6738b925c93173 +Patch-mainline: v6.1 +References: git-fixes + +This was discussed with Chuck as part of this patch set. Returning +nfserr_resource was decided to not be the best error message here, and +he suggested changing to nfserr_serverfault instead. + +Signed-off-by: Anna Schumaker +Link: https://lore.kernel.org/linux-nfs/20220907195259.926736-1-anna@kernel.org/T/#t +Signed-off-by: Chuck Lever +Acked-by: NeilBrown + +--- + fs/nfsd/nfs4xdr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -3559,7 +3559,7 @@ nfsd4_encode_read(struct nfsd4_compoundr + if (resp->xdr.buf->page_len && + test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags)) { + WARN_ON_ONCE(1); +- nfserr = nfserr_resource; ++ nfserr = nfserr_serverfault; + goto out; + } + xdr_commit_encode(xdr); diff --git a/patches.suse/NFSv2-Fix-eof-handling.patch b/patches.suse/NFSv2-Fix-eof-handling.patch new file mode 100644 index 0000000..eedaaff --- /dev/null +++ b/patches.suse/NFSv2-Fix-eof-handling.patch @@ -0,0 +1,29 @@ +From: Trond Myklebust +Date: Mon, 26 Aug 2019 20:41:16 -0400 +Subject: [PATCH] NFSv2: Fix eof handling +Git-commit: 71affe9be45a5c60b9772e1b2701710712637274 +Patch-mainline: v5.3 +References: git-fixes + +If we received a reply from the server with a zero length read and +no error, then that implies we are at eof. + +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/proc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/nfs/proc.c ++++ b/fs/nfs/proc.c +@@ -588,7 +588,8 @@ static int nfs_read_done(struct rpc_task + /* Emulate the eof flag, which isn't normally needed in NFSv2 + * as it is guaranteed to always return the file attributes + */ +- if (hdr->args.offset + hdr->res.count >= hdr->res.fattr->size) ++ if ((hdr->res.count == 0 && hdr->args.count > 0) || ++ hdr->args.offset + hdr->res.count >= hdr->res.fattr->size) + hdr->res.eof = 1; + } + return 0; diff --git a/patches.suse/NFSv2-Fix-write-regression.patch b/patches.suse/NFSv2-Fix-write-regression.patch new file mode 100644 index 0000000..c09c210 --- /dev/null +++ b/patches.suse/NFSv2-Fix-write-regression.patch @@ -0,0 +1,34 @@ +From: Trond Myklebust +Date: Tue, 27 Aug 2019 07:03:28 -0400 +Subject: [PATCH] NFSv2: Fix write regression +Git-commit: d33d4beb522987d1c305c12500796f9be3687dee +Patch-mainline: v5.3 +References: git-fixes + +Ensure we update the write result count on success, since the +RPC call itself does not do so. + +Reported-by: Jan Stancek +Reported-by: Naresh Kamboju +Signed-off-by: Trond Myklebust +Tested-by: Jan Stancek +Acked-by: NeilBrown + +--- + fs/nfs/proc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/fs/nfs/proc.c ++++ b/fs/nfs/proc.c +@@ -610,8 +610,10 @@ static int nfs_proc_pgio_rpc_prepare(str + + static int nfs_write_done(struct rpc_task *task, struct nfs_pgio_header *hdr) + { +- if (task->tk_status >= 0) ++ if (task->tk_status >= 0) { ++ hdr->res.count = hdr->args.count; + nfs_writeback_update_inode(hdr); ++ } + return 0; + } + diff --git a/patches.suse/NFSv4-Fix-a-deadlock-between-nfs4_open_recover_helpe.patch b/patches.suse/NFSv4-Fix-a-deadlock-between-nfs4_open_recover_helpe.patch new file mode 100644 index 0000000..307dc69 --- /dev/null +++ b/patches.suse/NFSv4-Fix-a-deadlock-between-nfs4_open_recover_helpe.patch @@ -0,0 +1,67 @@ +From: Trond Myklebust +Date: Fri, 4 Nov 2022 13:20:01 -0400 +Subject: [PATCH] NFSv4: Fix a deadlock between nfs4_open_recover_helper() and + delegreturn +Git-commit: 51069e4aef6257b0454057359faed0ab0c9af083 +Patch-mainline: v6.2 +References: git-fixes + +If we're asked to recover open state while a delegation return is +outstanding, then the state manager thread cannot use a cached open, so +if the server returns a delegation, we can end up deadlocked behind the +pending delegreturn. +To avoid this problem, let's just ask the server not to give us a +delegation unless we're explicitly reclaiming one. + +Fixes: be36e185bd26 ("NFSv4: nfs4_open_recover_helper() must set share access") +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/nfs4proc.c | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -1910,18 +1910,18 @@ static struct nfs4_opendata *nfs4_open_r + } + + static int nfs4_open_recover_helper(struct nfs4_opendata *opendata, +- fmode_t fmode) ++ fmode_t fmode) + { + struct nfs4_state *newstate; ++ struct nfs_server *server = NFS_SB(opendata->dentry->d_sb); ++ int openflags = opendata->o_arg.open_flags; + int ret; + + if (!nfs4_mode_match_open_stateid(opendata->state, fmode)) + return 0; +- opendata->o_arg.open_flags = 0; + opendata->o_arg.fmode = fmode; +- opendata->o_arg.share_access = nfs4_map_atomic_open_share( +- NFS_SB(opendata->dentry->d_sb), +- fmode, 0); ++ opendata->o_arg.share_access = ++ nfs4_map_atomic_open_share(server, fmode, openflags); + memset(&opendata->o_res, 0, sizeof(opendata->o_res)); + memset(&opendata->c_res, 0, sizeof(opendata->c_res)); + nfs4_init_opendata_res(opendata); +@@ -2488,10 +2488,15 @@ static int _nfs4_open_expired(struct nfs + struct nfs4_opendata *opendata; + int ret; + +- opendata = nfs4_open_recoverdata_alloc(ctx, state, +- NFS4_OPEN_CLAIM_FH); ++ opendata = nfs4_open_recoverdata_alloc(ctx, state, NFS4_OPEN_CLAIM_FH); + if (IS_ERR(opendata)) + return PTR_ERR(opendata); ++ /* ++ * We're not recovering a delegation, so ask for no delegation. ++ * Otherwise the recovery thread could deadlock with an outstanding ++ * delegation return. ++ */ ++ opendata->o_arg.open_flags = O_DIRECT; + ret = nfs4_open_recover(opendata, state); + if (ret == -ESTALE) + d_drop(ctx->dentry); diff --git a/patches.suse/NFSv4-Fix-delegation-state-recovery.patch b/patches.suse/NFSv4-Fix-delegation-state-recovery.patch index 69f4e41..a0a735f 100644 --- a/patches.suse/NFSv4-Fix-delegation-state-recovery.patch +++ b/patches.suse/NFSv4-Fix-delegation-state-recovery.patch @@ -31,11 +31,11 @@ Acked-by: NeilBrown - err = nfs4_open_delegation_recall(ctx, state, stateid, type); + err = nfs4_open_delegation_recall(ctx, state, stateid); if (!err) - err = nfs_delegation_claim_locks(ctx, state, stateid); + err = nfs_delegation_claim_locks(state, stateid); if (!err && read_seqcount_retry(&sp->so_reclaim_seqcount, seq)) --- a/fs/nfs/delegation.h +++ b/fs/nfs/delegation.h -@@ -59,7 +59,7 @@ void nfs_reap_expired_delegations(struct +@@ -60,7 +60,7 @@ void nfs_reap_expired_delegations(struct /* NFSv4 delegation-related procedures */ int nfs4_proc_delegreturn(struct inode *inode, struct rpc_cred *cred, const nfs4_stateid *stateid, int issync); @@ -46,7 +46,7 @@ Acked-by: NeilBrown bool nfs4_refresh_delegation_stateid(nfs4_stateid *dst, struct inode *inode); --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c -@@ -2029,12 +2029,10 @@ static int nfs4_handle_delegation_recall +@@ -2031,12 +2031,10 @@ static int nfs4_handle_delegation_recall case -NFS4ERR_BAD_HIGH_SLOT: case -NFS4ERR_CONN_NOT_BOUND_TO_SESSION: case -NFS4ERR_DEADSESSION: @@ -59,7 +59,7 @@ Acked-by: NeilBrown /* Don't recall a delegation if it was lost */ nfs4_schedule_lease_recovery(server->nfs_client); return -EAGAIN; -@@ -2055,7 +2053,6 @@ static int nfs4_handle_delegation_recall +@@ -2057,7 +2055,6 @@ static int nfs4_handle_delegation_recall return -EAGAIN; case -NFS4ERR_DELAY: case -NFS4ERR_GRACE: @@ -67,7 +67,7 @@ Acked-by: NeilBrown ssleep(1); return -EAGAIN; case -ENOMEM: -@@ -2071,8 +2068,7 @@ static int nfs4_handle_delegation_recall +@@ -2073,8 +2070,7 @@ static int nfs4_handle_delegation_recall } int nfs4_open_delegation_recall(struct nfs_open_context *ctx, @@ -77,7 +77,7 @@ Acked-by: NeilBrown { struct nfs_server *server = NFS_SERVER(state->inode); struct nfs4_opendata *opendata; -@@ -2083,19 +2079,23 @@ int nfs4_open_delegation_recall(struct n +@@ -2085,19 +2081,23 @@ int nfs4_open_delegation_recall(struct n if (IS_ERR(opendata)) return PTR_ERR(opendata); nfs4_stateid_copy(&opendata->o_arg.u.delegation, stateid); diff --git a/patches.suse/NFSv4-Fix-open-create-exclusive-when-the-server-rebo.patch b/patches.suse/NFSv4-Fix-open-create-exclusive-when-the-server-rebo.patch new file mode 100644 index 0000000..e4a7f27 --- /dev/null +++ b/patches.suse/NFSv4-Fix-open-create-exclusive-when-the-server-rebo.patch @@ -0,0 +1,137 @@ +From: Trond Myklebust +Date: Mon, 6 Nov 2017 15:28:03 -0500 +Subject: [PATCH] NFSv4: Fix open create exclusive when the server reboots +Git-commit: 8fd1ab747d2b1ec7ec663ad0b41a32eaa35117a8 +Patch-mainline: v4.15 +References: git-fixes + +If the server that does not implement NFSv4.1 persistent session +semantics reboots while we are performing an exclusive create, +then the return value of NFS4ERR_DELAY when we replay the open +during the grace period causes us to lose the verifier. +When the grace period expires, and we present a new verifier, +the server will then correctly reply NFS4ERR_EXIST. + +This commit ensures that we always present the same verifier when +replaying the OPEN. + +Reported-by: Tigran Mkrtchyan +Signed-off-by: Trond Myklebust +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/nfs4proc.c | 41 ++++++++++++++++++++++++++--------------- + 1 file changed, 26 insertions(+), 15 deletions(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -1105,6 +1105,12 @@ struct nfs4_opendata { + int cancelled; + }; + ++struct nfs4_open_createattrs { ++ struct nfs4_label *label; ++ struct iattr *sattr; ++ const __u32 verf[2]; ++}; ++ + static bool nfs4_clear_cap_atomic_open_v1(struct nfs_server *server, + int err, struct nfs4_exception *exception) + { +@@ -1174,8 +1180,7 @@ static void nfs4_init_opendata_res(struc + + static struct nfs4_opendata *nfs4_opendata_alloc(struct dentry *dentry, + struct nfs4_state_owner *sp, fmode_t fmode, int flags, +- const struct iattr *attrs, +- struct nfs4_label *label, ++ const struct nfs4_open_createattrs *c, + enum open_claim_type4 claim, + gfp_t gfp_mask) + { +@@ -1183,6 +1188,7 @@ static struct nfs4_opendata *nfs4_openda + struct inode *dir = d_inode(parent); + struct nfs_server *server = NFS_SERVER(dir); + struct nfs_seqid *(*alloc_seqid)(struct nfs_seqid_counter *, gfp_t); ++ struct nfs4_label *label = (c != NULL) ? c->label : NULL; + struct nfs4_opendata *p; + + p = kzalloc(sizeof(*p), gfp_mask); +@@ -1248,15 +1254,11 @@ static struct nfs4_opendata *nfs4_openda + case NFS4_OPEN_CLAIM_DELEG_PREV_FH: + p->o_arg.fh = NFS_FH(d_inode(dentry)); + } +- if (attrs != NULL && attrs->ia_valid != 0) { +- __u32 verf[2]; +- ++ if (c != NULL && c->sattr != NULL && c->sattr->ia_valid != 0) { + p->o_arg.u.attrs = &p->attrs; +- memcpy(&p->attrs, attrs, sizeof(p->attrs)); ++ memcpy(&p->attrs, c->sattr, sizeof(p->attrs)); + +- verf[0] = jiffies; +- verf[1] = current->pid; +- memcpy(p->o_arg.u.verifier.data, verf, ++ memcpy(p->o_arg.u.verifier.data, c->verf, + sizeof(p->o_arg.u.verifier.data)); + } + p->c_arg.fh = &p->o_res.fh; +@@ -1894,7 +1896,7 @@ static struct nfs4_opendata *nfs4_open_r + struct nfs4_opendata *opendata; + + opendata = nfs4_opendata_alloc(ctx->dentry, state->owner, 0, 0, +- NULL, NULL, claim, GFP_NOFS); ++ NULL, claim, GFP_NOFS); + if (opendata == NULL) + return ERR_PTR(-ENOMEM); + opendata->state = state; +@@ -2834,8 +2836,7 @@ out: + static int _nfs4_do_open(struct inode *dir, + struct nfs_open_context *ctx, + int flags, +- struct iattr *sattr, +- struct nfs4_label *label, ++ const struct nfs4_open_createattrs *c, + int *opened) + { + struct nfs4_state_owner *sp; +@@ -2847,6 +2848,8 @@ static int _nfs4_do_open(struct inode *d + struct nfs4_threshold **ctx_th = &ctx->mdsthreshold; + fmode_t fmode = ctx->mode & (FMODE_READ|FMODE_WRITE|FMODE_EXEC); + enum open_claim_type4 claim = NFS4_OPEN_CLAIM_NULL; ++ struct iattr *sattr = c->sattr; ++ struct nfs4_label *label = c->label; + struct nfs4_label *olabel = NULL; + int status; + +@@ -2865,8 +2868,8 @@ static int _nfs4_do_open(struct inode *d + status = -ENOMEM; + if (d_really_is_positive(dentry)) + claim = NFS4_OPEN_CLAIM_FH; +- opendata = nfs4_opendata_alloc(dentry, sp, fmode, flags, sattr, +- label, claim, GFP_KERNEL); ++ opendata = nfs4_opendata_alloc(dentry, sp, fmode, flags, ++ c, claim, GFP_KERNEL); + if (opendata == NULL) + goto err_put_state_owner; + +@@ -2947,10 +2950,18 @@ static struct nfs4_state *nfs4_do_open(s + struct nfs_server *server = NFS_SERVER(dir); + struct nfs4_exception exception = { }; + struct nfs4_state *res; ++ struct nfs4_open_createattrs c = { ++ .label = label, ++ .sattr = sattr, ++ .verf = { ++ [0] = (__u32)jiffies, ++ [1] = (__u32)current->pid, ++ }, ++ }; + int status; + + do { +- status = _nfs4_do_open(dir, ctx, flags, sattr, label, opened); ++ status = _nfs4_do_open(dir, ctx, flags, &c, opened); + res = ctx->state; + trace_nfs4_open_file(ctx, flags, status); + if (status == 0) diff --git a/patches.suse/NFSv4-Fix-return-value-in-nfs_finish_open.patch b/patches.suse/NFSv4-Fix-return-value-in-nfs_finish_open.patch new file mode 100644 index 0000000..34bb7c5 --- /dev/null +++ b/patches.suse/NFSv4-Fix-return-value-in-nfs_finish_open.patch @@ -0,0 +1,33 @@ +From: Trond Myklebust +Date: Fri, 9 Aug 2019 12:15:07 -0400 +Subject: [PATCH] NFSv4: Fix return value in nfs_finish_open() +Git-commit: 9821421a291b548ef4369c6998745baa36ddecd5 +Patch-mainline: v5.3 +References: git-fixes + +If the file turns out to be of the wrong type after opening, we want +to revalidate the path and retry, so return EOPENSTALE rather than +ESTALE. + +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/dir.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/fs/nfs/dir.c ++++ b/fs/nfs/dir.c +@@ -1522,8 +1522,10 @@ static int nfs_finish_open(struct nfs_op + err = finish_open(file, dentry, do_open, opened); + if (err) + goto out; +- nfs_file_set_open_context(file, ctx); +- ++ if (S_ISREG(file->f_path.dentry->d_inode->i_mode)) ++ nfs_file_set_open_context(file, ctx); ++ else ++ err = -EOPENSTALE; + out: + return err; + } diff --git a/patches.suse/NFSv4-Fix-return-values-for-nfs4_file_open.patch b/patches.suse/NFSv4-Fix-return-values-for-nfs4_file_open.patch new file mode 100644 index 0000000..fce0da1 --- /dev/null +++ b/patches.suse/NFSv4-Fix-return-values-for-nfs4_file_open.patch @@ -0,0 +1,45 @@ +From: Trond Myklebust +Date: Fri, 9 Aug 2019 15:03:11 -0400 +Subject: [PATCH] NFSv4: Fix return values for nfs4_file_open() +Git-commit: 90cf500e338ab3f3c0f126ba37e36fb6a9058441 +Patch-mainline: v5.3 +References: git-fixes + +Currently, we are translating RPC level errors such as timeouts, +as well as interrupts etc into EOPENSTALE, which forces a single +replay of the open attempt. What we actually want to do is +force the replay only in the cases where the returned error +indicates that the file may have changed on the server. + +So the fix is to spell out the exact set of errors where we want +to return EOPENSTALE. + +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/nfs4file.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/fs/nfs/nfs4file.c ++++ b/fs/nfs/nfs4file.c +@@ -75,13 +75,13 @@ nfs4_file_open(struct inode *inode, stru + if (IS_ERR(inode)) { + err = PTR_ERR(inode); + switch (err) { +- case -EPERM: +- case -EACCES: +- case -EDQUOT: +- case -ENOSPC: +- case -EROFS: +- goto out_put_ctx; + default: ++ goto out_put_ctx; ++ case -ENOENT: ++ case -ESTALE: ++ case -EISDIR: ++ case -ENOTDIR: ++ case -ELOOP: + goto out_drop; + } + } diff --git a/patches.suse/NFSv4-expose-nfs_parse_server_name-function.patch b/patches.suse/NFSv4-expose-nfs_parse_server_name-function.patch new file mode 100644 index 0000000..504e6bc --- /dev/null +++ b/patches.suse/NFSv4-expose-nfs_parse_server_name-function.patch @@ -0,0 +1,43 @@ +From: Olga Kornievskaia +Date: Thu, 9 Dec 2021 14:53:32 -0500 +Subject: [PATCH] NFSv4 expose nfs_parse_server_name function +Git-commit: f5b27cc6761e27ee6387a24df1a99ca77b360fea +Patch-mainline: v5.17 +References: git-fixes + +Make nfs_parse_server_name available outside of nfs4namespace.c. + +Signed-off-by: Olga Kornievskaia +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/nfs4_fs.h | 3 ++- + fs/nfs/nfs4namespace.c | 4 ++-- + 2 files changed, 4 insertions(+), 3 deletions(-) + +--- a/fs/nfs/nfs4_fs.h ++++ b/fs/nfs/nfs4_fs.h +@@ -242,7 +242,8 @@ struct vfsmount *nfs4_submount(struct nf + struct nfs_fh *, struct nfs_fattr *); + int nfs4_replace_transport(struct nfs_server *server, + const struct nfs4_fs_locations *locations); +- ++size_t nfs_parse_server_name(char *string, size_t len, struct sockaddr *sa, ++ size_t salen, struct net *net); + /* nfs4proc.c */ + extern int nfs4_handle_exception(struct nfs_server *, int, struct nfs4_exception *); + extern int nfs4_call_sync(struct rpc_clnt *, struct nfs_server *, +--- a/fs/nfs/nfs4namespace.c ++++ b/fs/nfs/nfs4namespace.c +@@ -120,8 +120,8 @@ static int nfs4_validate_fspath(struct d + return 0; + } + +-static size_t nfs_parse_server_name(char *string, size_t len, +- struct sockaddr *sa, size_t salen, struct net *net) ++size_t nfs_parse_server_name(char *string, size_t len, struct sockaddr *sa, ++ size_t salen, struct net *net) + { + ssize_t ret; + diff --git a/patches.suse/NFSv4-only-print-the-label-when-its-queried.patch b/patches.suse/NFSv4-only-print-the-label-when-its-queried.patch new file mode 100644 index 0000000..e8202a7 --- /dev/null +++ b/patches.suse/NFSv4-only-print-the-label-when-its-queried.patch @@ -0,0 +1,36 @@ +From: Olga Kornievskaia +Date: Mon, 29 Nov 2021 15:33:56 -0500 +Subject: [PATCH] NFSv4 only print the label when its queried +Git-commit: 2c52c8376db7160a1dd8a681c61c9258405ef143 +Patch-mainline: v5.17 +References: git-fixes + +When the bitmask of the attributes doesn't include the security label, +don't bother printing it. Since the label might not be null terminated, +adjust the printing format accordingly. + +Signed-off-by: Olga Kornievskaia +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/nfs4xdr.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/fs/nfs/nfs4xdr.c ++++ b/fs/nfs/nfs4xdr.c +@@ -4183,10 +4183,11 @@ static int decode_attr_security_label(st + } else + printk(KERN_WARNING "%s: label too long (%u)!\n", + __func__, len); ++ if (label && label->label) ++ dprintk("%s: label=%.*s, len=%d, PI=%d, LFS=%d\n", ++ __func__, label->len, (char *)label->label, ++ label->len, label->pi, label->lfs); + } +- if (label && label->label) +- dprintk("%s: label=%s, len=%d, PI=%d, LFS=%d\n", __func__, +- (char *)label->label, label->len, label->pi, label->lfs); + return status; + + out_overflow: diff --git a/patches.suse/NFSv4-pNFS-Always-return-layout-stats-on-layout-retu.patch b/patches.suse/NFSv4-pNFS-Always-return-layout-stats-on-layout-retu.patch new file mode 100644 index 0000000..9ad7b11 --- /dev/null +++ b/patches.suse/NFSv4-pNFS-Always-return-layout-stats-on-layout-retu.patch @@ -0,0 +1,90 @@ +From: Trond Myklebust +Date: Wed, 24 Aug 2022 16:56:48 -0400 +Subject: [PATCH] NFSv4/pNFS: Always return layout stats on layout return for + flexfiles +Git-commit: 90377158bd2d2acd20e6131e84c234d715b7aa42 +Patch-mainline: v6.1 +References: git-fixes + +We want to ensure that the server never misses the layout stats when +we're closing the file, so that it knows whether or not to update its +internal state. Otherwise, if we were racing with a layout stat, we +might cause the server to invalidate its layout before the layout stat +got processed. + +Fixes: 06946c6a3d8b ("pNFS/flexfiles: Only send layoutstats updates for mirrors that were updated") +Signed-off-by: Trond Myklebust +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/flexfilelayout/flexfilelayout.c | 24 +++++++++++++++++------- + 1 file changed, 17 insertions(+), 7 deletions(-) + +--- a/fs/nfs/flexfilelayout/flexfilelayout.c ++++ b/fs/nfs/flexfilelayout/flexfilelayout.c +@@ -27,14 +27,19 @@ + #define FF_LAYOUT_POLL_RETRY_MAX (15*HZ) + #define FF_LAYOUTRETURN_MAXERR 20 + ++enum nfs4_ff_op_type { ++ NFS4_FF_OP_LAYOUTSTATS, ++ NFS4_FF_OP_LAYOUTRETURN, ++}; + + static struct group_info *ff_zero_group; + + static void ff_layout_read_record_layoutstats_done(struct rpc_task *task, + struct nfs_pgio_header *hdr); +-static int ff_layout_mirror_prepare_stats(struct pnfs_layout_hdr *lo, ++static int ++ff_layout_mirror_prepare_stats(struct pnfs_layout_hdr *lo, + struct nfs42_layoutstat_devinfo *devinfo, +- int dev_limit); ++ int dev_limit, enum nfs4_ff_op_type type); + static void ff_layout_encode_ff_layoutupdate(struct xdr_stream *xdr, + const struct nfs42_layoutstat_devinfo *devinfo, + struct nfs4_ff_layout_mirror *mirror); +@@ -2108,8 +2113,9 @@ ff_layout_prepare_layoutreturn(struct nf + FF_LAYOUTRETURN_MAXERR); + + spin_lock(&args->inode->i_lock); +- ff_args->num_dev = ff_layout_mirror_prepare_stats(&ff_layout->generic_hdr, +- &ff_args->devinfo[0], ARRAY_SIZE(ff_args->devinfo)); ++ ff_args->num_dev = ff_layout_mirror_prepare_stats( ++ &ff_layout->generic_hdr, &ff_args->devinfo[0], ++ ARRAY_SIZE(ff_args->devinfo), NFS4_FF_OP_LAYOUTRETURN); + spin_unlock(&args->inode->i_lock); + + args->ld_private->ops = &layoutreturn_ops; +@@ -2302,7 +2308,7 @@ static const struct nfs4_xdr_opaque_ops + static int + ff_layout_mirror_prepare_stats(struct pnfs_layout_hdr *lo, + struct nfs42_layoutstat_devinfo *devinfo, +- int dev_limit) ++ int dev_limit, enum nfs4_ff_op_type type) + { + struct nfs4_flexfile_layout *ff_layout = FF_LAYOUT_FROM_HDR(lo); + struct nfs4_ff_layout_mirror *mirror; +@@ -2314,7 +2320,9 @@ ff_layout_mirror_prepare_stats(struct pn + break; + if (IS_ERR_OR_NULL(mirror->mirror_ds)) + continue; +- if (!test_and_clear_bit(NFS4_FF_MIRROR_STAT_AVAIL, &mirror->flags)) ++ if (!test_and_clear_bit(NFS4_FF_MIRROR_STAT_AVAIL, ++ &mirror->flags) && ++ type != NFS4_FF_OP_LAYOUTRETURN) + continue; + /* mirror refcount put in cleanup_layoutstats */ + if (!atomic_inc_not_zero(&mirror->ref)) +@@ -2353,7 +2361,9 @@ ff_layout_prepare_layoutstats(struct nfs + spin_lock(&args->inode->i_lock); + ff_layout = FF_LAYOUT_FROM_HDR(NFS_I(args->inode)->layout); + args->num_dev = ff_layout_mirror_prepare_stats(&ff_layout->generic_hdr, +- &args->devinfo[0], dev_count); ++ &args->devinfo[0], ++ dev_count, ++ NFS4_FF_OP_LAYOUTSTATS); + spin_unlock(&args->inode->i_lock); + if (!args->num_dev) { + kfree(args->devinfo); diff --git a/patches.suse/NFSv4-pNFS-Fix-another-issue-with-a-list-iterator-po.patch b/patches.suse/NFSv4-pNFS-Fix-another-issue-with-a-list-iterator-po.patch index 20d3447..ddee872 100644 --- a/patches.suse/NFSv4-pNFS-Fix-another-issue-with-a-list-iterator-po.patch +++ b/patches.suse/NFSv4-pNFS-Fix-another-issue-with-a-list-iterator-po.patch @@ -34,7 +34,7 @@ Acked-by: NeilBrown @@ -351,11 +351,10 @@ __be32 nfs4_callback_devicenotify(struct void *dummy, struct cb_process_state *cps) { - int i; + uint32_t i; + const struct pnfs_layoutdriver_type *ld = NULL; __be32 res = 0; - struct nfs_client *clp = cps->clp; diff --git a/patches.suse/NFSv4-remove-zero-number-of-fs_locations-entries-err.patch b/patches.suse/NFSv4-remove-zero-number-of-fs_locations-entries-err.patch new file mode 100644 index 0000000..21aa21f --- /dev/null +++ b/patches.suse/NFSv4-remove-zero-number-of-fs_locations-entries-err.patch @@ -0,0 +1,42 @@ +From: Olga Kornievskaia +Date: Thu, 9 Dec 2021 14:53:29 -0500 +Subject: [PATCH] NFSv4 remove zero number of fs_locations entries error check +Git-commit: 90e12a3191040bd3854d3e236c35921e4e92a044 +Patch-mainline: v5.17 +References: git-fixes + +Remove the check for the zero length fs_locations reply in the +xdr decoding, and instead check for that in the migration code. + +Signed-off-by: Olga Kornievskaia +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/nfs4state.c | 3 +++ + fs/nfs/nfs4xdr.c | 2 -- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/fs/nfs/nfs4state.c ++++ b/fs/nfs/nfs4state.c +@@ -2008,6 +2008,9 @@ static int nfs4_try_migration(struct nfs + } + + result = -NFS4ERR_NXIO; ++ if (!locations->nlocations) ++ goto out; ++ + if (!(locations->fattr.valid & NFS_ATTR_FATTR_V4_LOCATIONS)) { + dprintk("<-- %s: No fs_locations data, migration skipped\n", + __func__); +--- a/fs/nfs/nfs4xdr.c ++++ b/fs/nfs/nfs4xdr.c +@@ -3642,8 +3642,6 @@ static int decode_attr_fs_locations(stru + if (unlikely(!p)) + goto out_overflow; + n = be32_to_cpup(p); +- if (n <= 0) +- goto out_eio; + for (res->nlocations = 0; res->nlocations < n; res->nlocations++) { + u32 m; + struct nfs4_fs_location *loc; diff --git a/patches.suse/NFSv4.1-Fix-uninitialised-variable-in-devicenotify.patch b/patches.suse/NFSv4.1-Fix-uninitialised-variable-in-devicenotify.patch new file mode 100644 index 0000000..6a8c9c6 --- /dev/null +++ b/patches.suse/NFSv4.1-Fix-uninitialised-variable-in-devicenotify.patch @@ -0,0 +1,96 @@ +From: Trond Myklebust +Date: Mon, 3 Jan 2022 14:50:16 -0500 +Subject: [PATCH] NFSv4.1: Fix uninitialised variable in devicenotify +Git-commit: b05bf5c63b326ce1da84ef42498d8e0e292e694c +Patch-mainline: v5.17 +References: git-fixes + +When decode_devicenotify_args() exits with no entries, we need to +ensure that the struct cb_devicenotifyargs is initialised to +{ 0, NULL } in order to avoid problems in +nfs4_callback_devicenotify(). + +Reported-by: +Signed-off-by: Trond Myklebust +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/callback.h | 2 +- + fs/nfs/callback_proc.c | 2 +- + fs/nfs/callback_xdr.c | 18 +++++++++--------- + 3 files changed, 11 insertions(+), 11 deletions(-) + +--- a/fs/nfs/callback.h ++++ b/fs/nfs/callback.h +@@ -171,7 +171,7 @@ struct cb_devicenotifyitem { + }; + + struct cb_devicenotifyargs { +- int ndevs; ++ uint32_t ndevs; + struct cb_devicenotifyitem *devs; + }; + +--- a/fs/nfs/callback_proc.c ++++ b/fs/nfs/callback_proc.c +@@ -350,7 +350,7 @@ static void pnfs_recall_all_layouts(stru + __be32 nfs4_callback_devicenotify(struct cb_devicenotifyargs *args, + void *dummy, struct cb_process_state *cps) + { +- int i; ++ uint32_t i; + __be32 res = 0; + struct nfs_client *clp = cps->clp; + struct nfs_server *server = NULL; +--- a/fs/nfs/callback_xdr.c ++++ b/fs/nfs/callback_xdr.c +@@ -264,11 +264,9 @@ __be32 decode_devicenotify_args(struct s + struct xdr_stream *xdr, + struct cb_devicenotifyargs *args) + { ++ uint32_t tmp, n, i; + __be32 *p; + __be32 status = 0; +- u32 tmp; +- int n, i; +- args->ndevs = 0; + + /* Num of device notifications */ + p = read_buf(xdr, sizeof(uint32_t)); +@@ -277,7 +275,7 @@ __be32 decode_devicenotify_args(struct s + goto out; + } + n = ntohl(*p++); +- if (n <= 0) ++ if (n == 0) + goto out; + if (n > ULONG_MAX / sizeof(*args->devs)) { + status = htonl(NFS4ERR_BADXDR); +@@ -335,19 +333,21 @@ __be32 decode_devicenotify_args(struct s + dev->cbd_immediate = 0; + } + +- args->ndevs++; +- + dprintk("%s: type %d layout 0x%x immediate %d\n", + __func__, dev->cbd_notify_type, dev->cbd_layout_type, + dev->cbd_immediate); + } ++ args->ndevs = n; ++ dprintk("%s: ndevs %d\n", __func__, args->ndevs); ++ return 0; ++err: ++ kfree(args->devs); + out: ++ args->devs = NULL; ++ args->ndevs = 0; + dprintk("%s: status %d ndevs %d\n", + __func__, ntohl(status), args->ndevs); + return status; +-err: +- kfree(args->devs); +- goto out; + } + + static __be32 decode_sessionid(struct xdr_stream *xdr, diff --git a/patches.suse/NFSv4.1-Handle-RECLAIM_COMPLETE-trunking-errors.patch b/patches.suse/NFSv4.1-Handle-RECLAIM_COMPLETE-trunking-errors.patch new file mode 100644 index 0000000..b340da1 --- /dev/null +++ b/patches.suse/NFSv4.1-Handle-RECLAIM_COMPLETE-trunking-errors.patch @@ -0,0 +1,29 @@ +From: Trond Myklebust +Date: Sun, 16 Oct 2022 14:44:32 -0400 +Subject: [PATCH] NFSv4.1: Handle RECLAIM_COMPLETE trunking errors +Git-commit: 5d917cba3201e5c25059df96c29252fd99c4f6a7 +Patch-mainline: v6.1 +References: git-fixes + +If RECLAIM_COMPLETE sets the NFS4CLNT_BIND_CONN_TO_SESSION flag, then we +need to loop back in order to handle it. + +Fixes: 0048fdd06614 ("NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION") +Signed-off-by: Trond Myklebust +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/nfs4state.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/nfs/nfs4state.c ++++ b/fs/nfs/nfs4state.c +@@ -2513,6 +2513,7 @@ static void nfs4_state_manager(struct nf + if (status < 0) + goto out_error; + nfs4_state_end_reclaim_reboot(clp); ++ continue; + } + + /* Detect expired delegations... */ diff --git a/patches.suse/NFSv4.1-We-must-always-send-RECLAIM_COMPLETE-after-a.patch b/patches.suse/NFSv4.1-We-must-always-send-RECLAIM_COMPLETE-after-a.patch new file mode 100644 index 0000000..f4b5960 --- /dev/null +++ b/patches.suse/NFSv4.1-We-must-always-send-RECLAIM_COMPLETE-after-a.patch @@ -0,0 +1,30 @@ +From: Trond Myklebust +Date: Sun, 16 Oct 2022 14:44:33 -0400 +Subject: [PATCH] NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot +Git-commit: e59679f2b7e522ecad99974e5636291ffd47c184 +Patch-mainline: v6.1 +References: git-fixes + +Currently, we are only guaranteed to send RECLAIM_COMPLETE if we have +open state to recover. Fix the client to always send RECLAIM_COMPLETE +after setting up the lease. + +Fixes: fce5c838e133 ("nfs41: RECLAIM_COMPLETE functionality") +Signed-off-by: Trond Myklebust +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/nfs4state.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/nfs/nfs4state.c ++++ b/fs/nfs/nfs4state.c +@@ -1679,6 +1679,7 @@ static void nfs4_state_mark_reclaim_help + + static void nfs4_state_start_reclaim_reboot(struct nfs_client *clp) + { ++ set_bit(NFS4CLNT_RECLAIM_REBOOT, &clp->cl_state); + /* Mark all delegations for reclaim */ + nfs_delegation_mark_reclaim(clp); + nfs4_state_mark_reclaim_helper(clp, nfs4_state_mark_reclaim_reboot); diff --git a/patches.suse/NFSv4.1-handle-ERR_DELAY-error-reclaiming-locking-st.patch b/patches.suse/NFSv4.1-handle-ERR_DELAY-error-reclaiming-locking-st.patch new file mode 100644 index 0000000..f30e077 --- /dev/null +++ b/patches.suse/NFSv4.1-handle-ERR_DELAY-error-reclaiming-locking-st.patch @@ -0,0 +1,39 @@ +From: Olga Kornievskaia +Date: Thu, 20 Aug 2020 18:52:43 -0400 +Subject: [PATCH] NFSv4.1 handle ERR_DELAY error reclaiming locking state on + delegation recall +Git-commit: 3d7a9520f0c3e6a68b6de8c5812fc8b6d7a52626 +Patch-mainline: v5.9 +References: git-fixes + +A client should be able to handle getting an ERR_DELAY error +while doing a LOCK call to reclaim state due to delegation being +recalled. This is a transient error that can happen due to server +moving its volumes and invalidating its file location cache and +upon reference to it during the LOCK call needing to do an +expensive lookup (leading to an ERR_DELAY error on a PUTFH). + +Signed-off-by: Olga Kornievskaia +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/nfs4proc.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -6848,7 +6848,12 @@ int nfs4_lock_delegation_recall(struct f + err = nfs4_set_lock_state(state, fl); + if (err != 0) + return err; +- err = _nfs4_do_setlk(state, F_SETLK, fl, NFS_LOCK_NEW); ++ do { ++ err = _nfs4_do_setlk(state, F_SETLK, fl, NFS_LOCK_NEW); ++ if (err != -NFS4ERR_DELAY) ++ break; ++ ssleep(1); ++ } while (err == -NFS4ERR_DELAY); + return nfs4_handle_delegation_recall_error(server, state, stateid, fl, err); + } + diff --git a/patches.suse/NFSv4.2-Clear-FATTR4_WORD2_SECURITY_LABEL-when-done-.patch b/patches.suse/NFSv4.2-Clear-FATTR4_WORD2_SECURITY_LABEL-when-done-.patch new file mode 100644 index 0000000..daf537c --- /dev/null +++ b/patches.suse/NFSv4.2-Clear-FATTR4_WORD2_SECURITY_LABEL-when-done-.patch @@ -0,0 +1,36 @@ +From: Trond Myklebust +Date: Tue, 18 Oct 2022 16:44:47 -0400 +Subject: [PATCH] NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding +Git-commit: eef7314caf2d73a94b68ba293cd105154d3a664e +Patch-mainline: v6.2 +References: git-fixes + +We need to clear the FATTR4_WORD2_SECURITY_LABEL bitmap flag +irrespective of whether or not the label is too long. + +Fixes: aa9c2669626c ("NFS: Client implementation of Labeled-NFS") +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/nfs4xdr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfs/nfs4xdr.c ++++ b/fs/nfs/nfs4xdr.c +@@ -4165,6 +4165,7 @@ static int decode_attr_security_label(st + p = xdr_inline_decode(xdr, len); + if (unlikely(!p)) + goto out_overflow; ++ bitmap[2] &= ~FATTR4_WORD2_SECURITY_LABEL; + if (len < NFS4_MAXLABELLEN) { + if (label) { + if (label->len) { +@@ -4177,7 +4178,6 @@ static int decode_attr_security_label(st + label->lfs = lfs; + status = NFS_ATTR_FATTR_V4_SECURITY_LABEL; + } +- bitmap[2] &= ~FATTR4_WORD2_SECURITY_LABEL; + } else + printk(KERN_WARNING "%s: label too long (%u)!\n", + __func__, len); diff --git a/patches.suse/NFSv4.2-Fix-a-memory-stomp-in-decode_attr_security_l.patch b/patches.suse/NFSv4.2-Fix-a-memory-stomp-in-decode_attr_security_l.patch new file mode 100644 index 0000000..1327633 --- /dev/null +++ b/patches.suse/NFSv4.2-Fix-a-memory-stomp-in-decode_attr_security_l.patch @@ -0,0 +1,37 @@ +From: Trond Myklebust +Date: Tue, 18 Oct 2022 18:21:14 -0400 +Subject: [PATCH] NFSv4.2: Fix a memory stomp in decode_attr_security_label +Git-commit: 43c1031f7110967c240cb6e922adcfc4b8899183 +Patch-mainline: v6.2 +References: git-fixes + +We must not change the value of label->len if it is zero, since that +indicates we stored a label. + +Fixes: b4487b935452 ("nfs: Fix getxattr kernel panic and memory overflow") +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/nfs4xdr.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +--- a/fs/nfs/nfs4xdr.c ++++ b/fs/nfs/nfs4xdr.c +@@ -4167,12 +4167,10 @@ static int decode_attr_security_label(st + goto out_overflow; + bitmap[2] &= ~FATTR4_WORD2_SECURITY_LABEL; + if (len < NFS4_MAXLABELLEN) { +- if (label) { +- if (label->len) { +- if (label->len < len) +- return -ERANGE; +- memcpy(label->label, p, len); +- } ++ if (label && label->len) { ++ if (label->len < len) ++ return -ERANGE; ++ memcpy(label->label, p, len); + label->len = len; + label->pi = pi; + label->lfs = lfs; diff --git a/patches.suse/NFSv4.2-Fix-initialisation-of-struct-nfs4_label.patch b/patches.suse/NFSv4.2-Fix-initialisation-of-struct-nfs4_label.patch new file mode 100644 index 0000000..934c0e9 --- /dev/null +++ b/patches.suse/NFSv4.2-Fix-initialisation-of-struct-nfs4_label.patch @@ -0,0 +1,77 @@ +From: Trond Myklebust +Date: Wed, 19 Oct 2022 13:12:11 -0400 +Subject: [PATCH] NFSv4.2: Fix initialisation of struct nfs4_label +Git-commit: c528f70f504434eaff993a5ddd52203a2010d51f +Patch-mainline: v6.2 +References: git-fixes + +The call to nfs4_label_init_security() should return a fully initialised +label. + +Fixes: aa9c2669626c ("NFS: Client implementation of Labeled-NFS") +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/nfs4proc.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -120,6 +120,11 @@ nfs4_label_init_security(struct inode *d + if (nfs_server_capable(dir, NFS_CAP_SECURITY_LABEL) == 0) + return NULL; + ++ label->lfs = 0; ++ label->pi = 0; ++ label->len = 0; ++ label->label = NULL; ++ + err = security_dentry_init_security(dentry, sattr->ia_mode, + &dentry->d_name, (void **)&label->label, &label->len); + if (err == 0) +@@ -3522,7 +3527,7 @@ nfs4_atomic_open(struct inode *dir, stru + int open_flags, struct iattr *attr, int *opened) + { + struct nfs4_state *state; +- struct nfs4_label l = {0, 0, 0, NULL}, *label = NULL; ++ struct nfs4_label l, *label; + + label = nfs4_label_init_security(dir, ctx->dentry, attr, &l); + +@@ -4223,7 +4228,7 @@ nfs4_proc_create(struct inode *dir, stru + int flags) + { + struct nfs_server *server = NFS_SERVER(dir); +- struct nfs4_label l, *ilabel = NULL; ++ struct nfs4_label l, *ilabel; + struct nfs_open_context *ctx; + struct nfs4_state *state; + int status = 0; +@@ -4510,7 +4515,7 @@ static int nfs4_proc_symlink(struct inod + struct page *page, unsigned int len, struct iattr *sattr) + { + struct nfs4_exception exception = { }; +- struct nfs4_label l, *label = NULL; ++ struct nfs4_label l, *label; + int err; + + label = nfs4_label_init_security(dir, dentry, sattr, &l); +@@ -4549,7 +4554,7 @@ static int nfs4_proc_mkdir(struct inode + { + struct nfs_server *server = NFS_SERVER(dir); + struct nfs4_exception exception = { }; +- struct nfs4_label l, *label = NULL; ++ struct nfs4_label l, *label; + int err; + + label = nfs4_label_init_security(dir, dentry, sattr, &l); +@@ -4666,7 +4671,7 @@ static int nfs4_proc_mknod(struct inode + { + struct nfs_server *server = NFS_SERVER(dir); + struct nfs4_exception exception = { }; +- struct nfs4_label l, *label = NULL; ++ struct nfs4_label l, *label; + int err; + + label = nfs4_label_init_security(dir, dentry, sattr, &l); diff --git a/patches.suse/NFSv4.2-Fixup-CLONE-dest-file-size-for-zero-length-c.patch b/patches.suse/NFSv4.2-Fixup-CLONE-dest-file-size-for-zero-length-c.patch new file mode 100644 index 0000000..bedd054 --- /dev/null +++ b/patches.suse/NFSv4.2-Fixup-CLONE-dest-file-size-for-zero-length-c.patch @@ -0,0 +1,35 @@ +From: Benjamin Coddington +Date: Thu, 13 Oct 2022 11:58:01 -0400 +Subject: [PATCH] NFSv4.2: Fixup CLONE dest file size for zero-length count +Git-commit: 038efb6348ce96228f6828354cb809c22a661681 +Patch-mainline: v6.1 +References: git-fixes + +When holding a delegation, the NFS client optimizes away setting the +attributes of a file from the GETATTR in the compound after CLONE, and for +a zero-length CLONE we will end up setting the inode's size to zero in +nfs42_copy_dest_done(). Handle this case by computing the resulting count +from the server's reported size after CLONE's GETATTR. + +Suggested-by: Trond Myklebust +Signed-off-by: Benjamin Coddington +Fixes: 94d202d5ca39 ("NFSv42: Copy offload should update the file size when appropriate") +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/nfs42proc.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/fs/nfs/nfs42proc.c ++++ b/fs/nfs/nfs42proc.c +@@ -561,6 +561,9 @@ static int _nfs42_proc_clone(struct rpc_ + status = nfs4_call_sync(server->client, server, msg, + &args.seq_args, &res.seq_res, 0); + if (status == 0) { ++ /* a zero-length count means clone to EOF in src */ ++ if (count == 0 && res.dst_fattr->valid & NFS_ATTR_FATTR_SIZE) ++ count = nfs_size_to_loff_t(res.dst_fattr->size) - dst_offset; + nfs42_copy_dest_done(dst_inode, dst_offset, count); + status = nfs_post_op_update_inode(dst_inode, res.dst_fattr); + } diff --git a/patches.suse/NFSv4.x-Fail-client-initialisation-if-state-manager-.patch b/patches.suse/NFSv4.x-Fail-client-initialisation-if-state-manager-.patch new file mode 100644 index 0000000..81b82cd --- /dev/null +++ b/patches.suse/NFSv4.x-Fail-client-initialisation-if-state-manager-.patch @@ -0,0 +1,32 @@ +From: Trond Myklebust +Date: Tue, 6 Dec 2022 12:42:59 -0500 +Subject: [PATCH] NFSv4.x: Fail client initialisation if state manager thread + can't run +Git-commit: b4e4f66901658fae0614dea5bf91062a5387eda7 +Patch-mainline: v6.2 +References: git-fixes + +If the state manager thread fails to start, then we should just mark the +client initialisation as failed so that other processes or threads don't +get stuck in nfs_wait_client_init_complete(). + +Reported-by: ChenXiaoSong +Fixes: 4697bd5e9419 ("NFSv4: Fix a race in the net namespace mount notification") +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/nfs4state.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/nfs/nfs4state.c ++++ b/fs/nfs/nfs4state.c +@@ -1214,6 +1214,8 @@ void nfs4_schedule_state_manager(struct + if (IS_ERR(task)) { + printk(KERN_ERR "%s: kthread_run: %ld\n", + __func__, PTR_ERR(task)); ++ if (!nfs_client_init_is_complete(clp)) ++ nfs_mark_client_ready(clp, PTR_ERR(task)); + nfs4_clear_state_manager_bit(clp); + nfs_put_client(clp); + module_put(THIS_MODULE); diff --git a/patches.suse/NFSv4.x-fix-lock-recovery-during-delegation-recall.patch b/patches.suse/NFSv4.x-fix-lock-recovery-during-delegation-recall.patch new file mode 100644 index 0000000..7b3373c --- /dev/null +++ b/patches.suse/NFSv4.x-fix-lock-recovery-during-delegation-recall.patch @@ -0,0 +1,51 @@ +From: Olga Kornievskaia +Date: Thu, 4 Oct 2018 14:45:00 -0400 +Subject: [PATCH] NFSv4.x: fix lock recovery during delegation recall +Git-commit: 44f411c353bf6d98d5a34f8f1b8605d43b2e50b8 +Patch-mainline: v4.20 +References: git-fixes + +Running "./nfstest_delegation --runtest recall26" uncovers that +client doesn't recover the lock when we have an appending open, +where the initial open got a write delegation. + +Instead of checking for the passed in open context against +the file lock's open context. Check that the state is the same. + +Signed-off-by: Olga Kornievskaia +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/delegation.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/fs/nfs/delegation.c ++++ b/fs/nfs/delegation.c +@@ -92,7 +92,7 @@ int nfs4_check_delegation(struct inode * + return nfs4_do_check_delegation(inode, flags, false); + } + +-static int nfs_delegation_claim_locks(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid) ++static int nfs_delegation_claim_locks(struct nfs4_state *state, const nfs4_stateid *stateid) + { + struct inode *inode = state->inode; + struct file_lock *fl; +@@ -107,7 +107,7 @@ static int nfs_delegation_claim_locks(st + spin_lock(&flctx->flc_lock); + restart: + list_for_each_entry(fl, list, fl_list) { +- if (nfs_file_open_context(fl->fl_file) != ctx) ++ if (nfs_file_open_context(fl->fl_file)->state != state) + continue; + spin_unlock(&flctx->flc_lock); + status = nfs4_lock_delegation_recall(fl, state, stateid); +@@ -154,7 +154,7 @@ again: + seq = raw_seqcount_begin(&sp->so_reclaim_seqcount); + err = nfs4_open_delegation_recall(ctx, state, stateid, type); + if (!err) +- err = nfs_delegation_claim_locks(ctx, state, stateid); ++ err = nfs_delegation_claim_locks(state, stateid); + if (!err && read_seqcount_retry(&sp->so_reclaim_seqcount, seq)) + err = -EAGAIN; + mutex_unlock(&sp->so_delegreturn_mutex); diff --git a/patches.suse/SUNRPC-Don-t-call-__UDPX_INC_STATS-from-a-preemptibl.patch b/patches.suse/SUNRPC-Don-t-call-__UDPX_INC_STATS-from-a-preemptibl.patch new file mode 100644 index 0000000..c088bbc --- /dev/null +++ b/patches.suse/SUNRPC-Don-t-call-__UDPX_INC_STATS-from-a-preemptibl.patch @@ -0,0 +1,60 @@ +From: Trond Myklebust +Date: Fri, 9 Feb 2018 09:39:42 -0500 +Subject: [PATCH] SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible + context +Git-commit: 0afa6b4412988019db14c6bfb8c6cbdf120ca9ad +Patch-mainline: v4.16 +References: git-fixes + +Calling __UDPX_INC_STATS() from a preemptible context leads to a +warning of the form: + + BUG: using __this_cpu_add() in preemptible [00000000] code: kworker/u5:0/31 + caller is xs_udp_data_receive_workfn+0x194/0x270 + CPU: 1 PID: 31 Comm: kworker/u5:0 Not tainted 4.15.0-rc8-00076-g90ea9f1 #2 + Workqueue: xprtiod xs_udp_data_receive_workfn + Call Trace: + dump_stack+0x85/0xc1 + check_preemption_disabled+0xce/0xe0 + xs_udp_data_receive_workfn+0x194/0x270 + process_one_work+0x318/0x620 + worker_thread+0x20a/0x390 + ? process_one_work+0x620/0x620 + kthread+0x120/0x130 + ? __kthread_bind_mask+0x60/0x60 + ret_from_fork+0x24/0x30 + +Since we're taking a spinlock in those functions anyway, let's fix the +issue by moving the call so that it occurs under the spinlock. + +Reported-by: kernel test robot +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + net/sunrpc/xprtsock.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/sunrpc/xprtsock.c ++++ b/net/sunrpc/xprtsock.c +@@ -1069,18 +1069,18 @@ static void xs_udp_data_read_skb(struct + + /* Suck it into the iovec, verify checksum if not done by hw. */ + if (csum_partial_copy_to_xdr(&rovr->rq_private_buf, skb)) { +- __UDPX_INC_STATS(sk, UDP_MIB_INERRORS); + spin_lock(&xprt->recv_lock); ++ __UDPX_INC_STATS(sk, UDP_MIB_INERRORS); + goto out_unpin; + } + +- __UDPX_INC_STATS(sk, UDP_MIB_INDATAGRAMS); + + spin_lock_bh(&xprt->transport_lock); + xprt_adjust_cwnd(xprt, task, copied); + spin_unlock_bh(&xprt->transport_lock); + spin_lock(&xprt->recv_lock); + xprt_complete_rqst(task, copied); ++ __UDPX_INC_STATS(sk, UDP_MIB_INDATAGRAMS); + out_unpin: + xprt_unpin_rqst(rovr); + out_unlock: diff --git a/patches.suse/SUNRPC-Don-t-leak-netobj-memory-when-gss_read_proxy_.patch b/patches.suse/SUNRPC-Don-t-leak-netobj-memory-when-gss_read_proxy_.patch new file mode 100644 index 0000000..85f6e0e --- /dev/null +++ b/patches.suse/SUNRPC-Don-t-leak-netobj-memory-when-gss_read_proxy_.patch @@ -0,0 +1,46 @@ +From: Chuck Lever +Date: Sat, 26 Nov 2022 15:55:18 -0500 +Subject: [PATCH] SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() + fails +Git-commit: da522b5fe1a5f8b7c20a0023e87b52a150e53bf5 +Patch-mainline: v6.2 +References: git-fixes + +Fixes: 030d794bf498 ("SUNRPC: Use gssproxy upcall for server RPCGSS authentication.") +Signed-off-by: Chuck Lever +Cc: +Reviewed-by: Jeff Layton +Acked-by: NeilBrown + +--- + net/sunrpc/auth_gss/svcauth_gss.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/net/sunrpc/auth_gss/svcauth_gss.c ++++ b/net/sunrpc/auth_gss/svcauth_gss.c +@@ -1080,18 +1080,23 @@ static int gss_read_proxy_verf(struct sv + return res; + + inlen = svc_getnl(argv); +- if (inlen > (argv->iov_len + rqstp->rq_arg.page_len)) ++ if (inlen > (argv->iov_len + rqstp->rq_arg.page_len)) { ++ kfree(in_handle->data); + return SVC_DENIED; ++ } + + pages = DIV_ROUND_UP(inlen, PAGE_SIZE); + in_token->pages = kcalloc(pages, sizeof(struct page *), GFP_KERNEL); +- if (!in_token->pages) ++ if (!in_token->pages) { ++ kfree(in_handle->data); + return SVC_DENIED; ++ } + in_token->page_base = 0; + in_token->page_len = inlen; + for (i = 0; i < pages; i++) { + in_token->pages[i] = alloc_page(GFP_KERNEL); + if (!in_token->pages[i]) { ++ kfree(in_handle->data); + gss_free_in_token_pages(in_token); + return SVC_DENIED; + } diff --git a/patches.suse/SUNRPC-Fix-a-bogus-get-put-in-generic_key_to_expire.patch b/patches.suse/SUNRPC-Fix-a-bogus-get-put-in-generic_key_to_expire.patch new file mode 100644 index 0000000..58308aa --- /dev/null +++ b/patches.suse/SUNRPC-Fix-a-bogus-get-put-in-generic_key_to_expire.patch @@ -0,0 +1,31 @@ +From: Trond Myklebust +Date: Mon, 12 Nov 2018 16:06:51 -0500 +Subject: [PATCH] SUNRPC: Fix a bogus get/put in generic_key_to_expire() +Git-commit: e3d5e573a54dabdc0f9f3cb039d799323372b251 +Patch-mainline: v4.20 +References: git-fixes + +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + net/sunrpc/auth_generic.c | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +--- a/net/sunrpc/auth_generic.c ++++ b/net/sunrpc/auth_generic.c +@@ -295,13 +295,7 @@ static bool generic_key_to_expire(struct + { + struct auth_cred *acred = &container_of(cred, struct generic_cred, + gc_base)->acred; +- bool ret; +- +- get_rpccred(cred); +- ret = test_bit(RPC_CRED_KEY_EXPIRE_SOON, &acred->ac_flags); +- put_rpccred(cred); +- +- return ret; ++ return test_bit(RPC_CRED_KEY_EXPIRE_SOON, &acred->ac_flags); + } + + static const struct rpc_credops generic_credops = { diff --git a/patches.suse/SUNRPC-Fix-a-compile-warning-for-cmpxchg64.patch b/patches.suse/SUNRPC-Fix-a-compile-warning-for-cmpxchg64.patch new file mode 100644 index 0000000..79a5bef --- /dev/null +++ b/patches.suse/SUNRPC-Fix-a-compile-warning-for-cmpxchg64.patch @@ -0,0 +1,24 @@ +From: Trond Myklebust +Date: Thu, 18 Oct 2018 17:03:56 -0400 +Subject: [PATCH] SUNRPC: Fix a compile warning for cmpxchg64() +Git-commit: e732f4485a150492b286f3efc06f9b34dd6b9995 +Patch-mainline: v4.20 +References: git-fixes + +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + net/sunrpc/auth_gss/gss_krb5_seal.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/sunrpc/auth_gss/gss_krb5_seal.c ++++ b/net/sunrpc/auth_gss/gss_krb5_seal.c +@@ -63,6 +63,7 @@ + #include + #include + #include ++#include + + #if IS_ENABLED(CONFIG_SUNRPC_DEBUG) + # define RPCDBG_FACILITY RPCDBG_AUTH diff --git a/patches.suse/SUNRPC-Fix-a-race-with-XPRT_CONNECTING.patch b/patches.suse/SUNRPC-Fix-a-race-with-XPRT_CONNECTING.patch new file mode 100644 index 0000000..fc93e8b --- /dev/null +++ b/patches.suse/SUNRPC-Fix-a-race-with-XPRT_CONNECTING.patch @@ -0,0 +1,41 @@ +From: Trond Myklebust +Date: Mon, 17 Dec 2018 17:38:51 -0500 +Subject: [PATCH] SUNRPC: Fix a race with XPRT_CONNECTING +Git-commit: cf76785d30712d90185455e752337acdb53d2a5d +Patch-mainline: v4.20 +References: git-fixes + +Ensure that we clear XPRT_CONNECTING before releasing the XPRT_LOCK so that +we don't have races between the (asynchronous) socket setup code and +tasks in xprt_connect(). + +Signed-off-by: Trond Myklebust +Tested-by: Chuck Lever +Acked-by: NeilBrown + +--- + net/sunrpc/xprtsock.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/sunrpc/xprtsock.c ++++ b/net/sunrpc/xprtsock.c +@@ -2244,8 +2244,8 @@ static void xs_udp_setup_socket(struct w + trace_rpc_socket_connect(xprt, sock, 0); + status = 0; + out: +- xprt_unlock_connect(xprt, transport); + xprt_clear_connecting(xprt); ++ xprt_unlock_connect(xprt, transport); + xprt_wake_pending_tasks(xprt, status); + } + +@@ -2470,8 +2470,8 @@ static void xs_tcp_setup_socket(struct w + } + status = -EAGAIN; + out: +- xprt_unlock_connect(xprt, transport); + xprt_clear_connecting(xprt); ++ xprt_unlock_connect(xprt, transport); + xprt_wake_pending_tasks(xprt, status); + } + diff --git a/patches.suse/SUNRPC-Fix-missing-release-socket-in-rpc_sockname.patch b/patches.suse/SUNRPC-Fix-missing-release-socket-in-rpc_sockname.patch new file mode 100644 index 0000000..0df9868 --- /dev/null +++ b/patches.suse/SUNRPC-Fix-missing-release-socket-in-rpc_sockname.patch @@ -0,0 +1,31 @@ +From: Wang ShaoBo +Date: Thu, 24 Nov 2022 17:23:42 +0800 +Subject: [PATCH] SUNRPC: Fix missing release socket in rpc_sockname() +Git-commit: 50fa355bc0d75911fe9d5072a5ba52cdb803aff7 +Patch-mainline: v6.2 +References: git-fixes + +socket dynamically created is not released when getting an unintended +address family type in rpc_sockname(), direct to out_release for calling +sock_release(). + +Fixes: 2e738fdce22f ("SUNRPC: Add API to acquire source address") +Signed-off-by: Wang ShaoBo +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + net/sunrpc/clnt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/sunrpc/clnt.c ++++ b/net/sunrpc/clnt.c +@@ -1361,7 +1361,7 @@ static int rpc_sockname(struct net *net, + break; + default: + err = -EAFNOSUPPORT; +- goto out; ++ goto out_release; + } + if (err < 0) { + dprintk("RPC: can't bind UDP socket (%d)\n", err); diff --git a/patches.suse/SUNRPC-Handle-0-length-opaque-XDR-object-data-proper.patch b/patches.suse/SUNRPC-Handle-0-length-opaque-XDR-object-data-proper.patch new file mode 100644 index 0000000..39bf042 --- /dev/null +++ b/patches.suse/SUNRPC-Handle-0-length-opaque-XDR-object-data-proper.patch @@ -0,0 +1,73 @@ +From: Dave Wysochanski +Date: Thu, 21 Jan 2021 16:17:24 -0500 +Subject: [PATCH] SUNRPC: Handle 0 length opaque XDR object data properly +Git-commit: e4a7d1f7707eb44fd953a31dd59eff82009d879c +Patch-mainline: v5.11 +References: git-fixes + +When handling an auth_gss downcall, it's possible to get 0-length +opaque object for the acceptor. In the case of a 0-length XDR +object, make sure simple_get_netobj() fills in dest->data = NULL, +and does not continue to kmemdup() which will set +dest->data = ZERO_SIZE_PTR for the acceptor. + +The trace event code can handle NULL but not ZERO_SIZE_PTR for a +string, and so without this patch the rpcgss_context trace event +will crash the kernel as follows: + +[ 162.887992] BUG: kernel NULL pointer dereference, address: 0000000000000010 +[ 162.898693] #PF: supervisor read access in kernel mode +[ 162.900830] #PF: error_code(0x0000) - not-present page +[ 162.902940] PGD 0 P4D 0 +[ 162.904027] Oops: 0000 [#1] SMP PTI +[ 162.905493] CPU: 4 PID: 4321 Comm: rpc.gssd Kdump: loaded Not tainted 5.10.0 #133 +[ 162.908548] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 +[ 162.910978] RIP: 0010:strlen+0x0/0x20 +[ 162.912505] Code: 48 89 f9 74 09 48 83 c1 01 80 39 00 75 f7 31 d2 44 0f b6 04 16 44 88 04 11 48 83 c2 01 45 84 c0 75 ee c3 0f 1f 80 00 00 00 00 <80> 3f 00 74 10 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 31 +[ 162.920101] RSP: 0018:ffffaec900c77d90 EFLAGS: 00010202 +[ 162.922263] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000fffde697 +[ 162.925158] RDX: 000000000000002f RSI: 0000000000000080 RDI: 0000000000000010 +[ 162.928073] RBP: 0000000000000010 R08: 0000000000000e10 R09: 0000000000000000 +[ 162.930976] R10: ffff8e698a590cb8 R11: 0000000000000001 R12: 0000000000000e10 +[ 162.933883] R13: 00000000fffde697 R14: 000000010034d517 R15: 0000000000070028 +[ 162.936777] FS: 00007f1e1eb93700(0000) GS:ffff8e6ab7d00000(0000) knlGS:0000000000000000 +[ 162.940067] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 162.942417] CR2: 0000000000000010 CR3: 0000000104eba000 CR4: 00000000000406e0 +[ 162.945300] Call Trace: +[ 162.946428] trace_event_raw_event_rpcgss_context+0x84/0x140 [auth_rpcgss] +[ 162.949308] ? __kmalloc_track_caller+0x35/0x5a0 +[ 162.951224] ? gss_pipe_downcall+0x3a3/0x6a0 [auth_rpcgss] +[ 162.953484] gss_pipe_downcall+0x585/0x6a0 [auth_rpcgss] +[ 162.955953] rpc_pipe_write+0x58/0x70 [sunrpc] +[ 162.957849] vfs_write+0xcb/0x2c0 +[ 162.959264] ksys_write+0x68/0xe0 +[ 162.960706] do_syscall_64+0x33/0x40 +[ 162.962238] entry_SYSCALL_64_after_hwframe+0x44/0xa9 +[ 162.964346] RIP: 0033:0x7f1e1f1e57df + +Signed-off-by: Dave Wysochanski +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + net/sunrpc/auth_gss/auth_gss_internal.h | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +--- a/net/sunrpc/auth_gss/auth_gss_internal.h ++++ b/net/sunrpc/auth_gss/auth_gss_internal.h +@@ -34,9 +34,12 @@ simple_get_netobj(const void *p, const v + q = (const void *)((const char *)p + len); + if (unlikely(q > end || q < p)) + return ERR_PTR(-EFAULT); +- dest->data = kmemdup(p, len, GFP_NOFS); +- if (unlikely(dest->data == NULL)) +- return ERR_PTR(-ENOMEM); ++ if (len) { ++ dest->data = kmemdup(p, len, GFP_NOFS); ++ if (unlikely(dest->data == NULL)) ++ return ERR_PTR(-ENOMEM); ++ } else ++ dest->data = NULL; + dest->len = len; + return q; + } diff --git a/patches.suse/SUNRPC-Move-simple_get_bytes-and-simple_get_netobj-i.patch b/patches.suse/SUNRPC-Move-simple_get_bytes-and-simple_get_netobj-i.patch new file mode 100644 index 0000000..08161d3 --- /dev/null +++ b/patches.suse/SUNRPC-Move-simple_get_bytes-and-simple_get_netobj-i.patch @@ -0,0 +1,177 @@ +From: Dave Wysochanski +Date: Thu, 21 Jan 2021 16:17:23 -0500 +Subject: [PATCH] SUNRPC: Move simple_get_bytes and simple_get_netobj into + private header +Git-commit: ba6dfce47c4d002d96cd02a304132fca76981172 +Patch-mainline: v5.11 +References: git-fixes + +Remove duplicated helper functions to parse opaque XDR objects +and place inside new file net/sunrpc/auth_gss/auth_gss_internal.h. +In the new file carry the license and copyright from the source file +net/sunrpc/auth_gss/auth_gss.c. Finally, update the comment inside +include/linux/sunrpc/xdr.h since lockd is not the only user of +struct xdr_netobj. + +Signed-off-by: Dave Wysochanski +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + include/linux/sunrpc/xdr.h | 3 -- + net/sunrpc/auth_gss/auth_gss.c | 30 ---------------------- + net/sunrpc/auth_gss/auth_gss_internal.h | 42 ++++++++++++++++++++++++++++++++ + net/sunrpc/auth_gss/gss_krb5_mech.c | 31 +---------------------- + 4 files changed, 46 insertions(+), 60 deletions(-) + create mode 100644 net/sunrpc/auth_gss/auth_gss_internal.h + +--- a/include/linux/sunrpc/xdr.h ++++ b/include/linux/sunrpc/xdr.h +@@ -23,8 +23,7 @@ + #define XDR_QUADLEN(l) (((l) + 3) >> 2) + + /* +- * Generic opaque `network object.' At the kernel level, this type +- * is used only by lockd. ++ * Generic opaque `network object.' + */ + #define XDR_MAX_NETOBJ 1024 + struct xdr_netobj { +--- a/net/sunrpc/auth_gss/auth_gss.c ++++ b/net/sunrpc/auth_gss/auth_gss.c +@@ -53,6 +53,7 @@ + #include + #include + ++#include "auth_gss_internal.h" + #include "../netns.h" + + static const struct rpc_authops authgss_ops; +@@ -147,35 +148,6 @@ gss_cred_set_ctx(struct rpc_cred *cred, + clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags); + } + +-static const void * +-simple_get_bytes(const void *p, const void *end, void *res, size_t len) +-{ +- const void *q = (const void *)((const char *)p + len); +- if (unlikely(q > end || q < p)) +- return ERR_PTR(-EFAULT); +- memcpy(res, p, len); +- return q; +-} +- +-static inline const void * +-simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest) +-{ +- const void *q; +- unsigned int len; +- +- p = simple_get_bytes(p, end, &len, sizeof(len)); +- if (IS_ERR(p)) +- return p; +- q = (const void *)((const char *)p + len); +- if (unlikely(q > end || q < p)) +- return ERR_PTR(-EFAULT); +- dest->data = kmemdup(p, len, GFP_NOFS); +- if (unlikely(dest->data == NULL)) +- return ERR_PTR(-ENOMEM); +- dest->len = len; +- return q; +-} +- + static struct gss_cl_ctx * + gss_cred_get_ctx(struct rpc_cred *cred) + { +--- /dev/null ++++ b/net/sunrpc/auth_gss/auth_gss_internal.h +@@ -0,0 +1,42 @@ ++// SPDX-License-Identifier: BSD-3-Clause ++/* ++ * linux/net/sunrpc/auth_gss/auth_gss_internal.h ++ * ++ * Internal definitions for RPCSEC_GSS client authentication ++ * ++ * Copyright (c) 2000 The Regents of the University of Michigan. ++ * All rights reserved. ++ * ++ */ ++#include ++#include ++#include ++ ++static inline const void * ++simple_get_bytes(const void *p, const void *end, void *res, size_t len) ++{ ++ const void *q = (const void *)((const char *)p + len); ++ if (unlikely(q > end || q < p)) ++ return ERR_PTR(-EFAULT); ++ memcpy(res, p, len); ++ return q; ++} ++ ++static inline const void * ++simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest) ++{ ++ const void *q; ++ unsigned int len; ++ ++ p = simple_get_bytes(p, end, &len, sizeof(len)); ++ if (IS_ERR(p)) ++ return p; ++ q = (const void *)((const char *)p + len); ++ if (unlikely(q > end || q < p)) ++ return ERR_PTR(-EFAULT); ++ dest->data = kmemdup(p, len, GFP_NOFS); ++ if (unlikely(dest->data == NULL)) ++ return ERR_PTR(-ENOMEM); ++ dest->len = len; ++ return q; ++} +--- a/net/sunrpc/auth_gss/gss_krb5_mech.c ++++ b/net/sunrpc/auth_gss/gss_krb5_mech.c +@@ -46,6 +46,8 @@ + #include + #include + ++#include "auth_gss_internal.h" ++ + #if IS_ENABLED(CONFIG_SUNRPC_DEBUG) + # define RPCDBG_FACILITY RPCDBG_AUTH + #endif +@@ -187,35 +189,6 @@ get_gss_krb5_enctype(int etype) + return NULL; + } + +-static const void * +-simple_get_bytes(const void *p, const void *end, void *res, int len) +-{ +- const void *q = (const void *)((const char *)p + len); +- if (unlikely(q > end || q < p)) +- return ERR_PTR(-EFAULT); +- memcpy(res, p, len); +- return q; +-} +- +-static const void * +-simple_get_netobj(const void *p, const void *end, struct xdr_netobj *res) +-{ +- const void *q; +- unsigned int len; +- +- p = simple_get_bytes(p, end, &len, sizeof(len)); +- if (IS_ERR(p)) +- return p; +- q = (const void *)((const char *)p + len); +- if (unlikely(q > end || q < p)) +- return ERR_PTR(-EFAULT); +- res->data = kmemdup(p, len, GFP_NOFS); +- if (unlikely(res->data == NULL)) +- return ERR_PTR(-ENOMEM); +- res->len = len; +- return q; +-} +- + static inline const void * + get_key(const void *p, const void *end, + struct krb5_ctx *ctx, struct crypto_skcipher **res) diff --git a/patches.suse/SUNRPC-call_alloc-async-tasks-mustn-t-block-waiting-.patch b/patches.suse/SUNRPC-call_alloc-async-tasks-mustn-t-block-waiting-.patch index d6114f9..d260ca9 100644 --- a/patches.suse/SUNRPC-call_alloc-async-tasks-mustn-t-block-waiting-.patch +++ b/patches.suse/SUNRPC-call_alloc-async-tasks-mustn-t-block-waiting-.patch @@ -2,7 +2,8 @@ From: NeilBrown Date: Wed, 27 Oct 2021 15:26:10 +1100 Subject: [PATCH] SUNRPC/call_alloc: async tasks mustn't block waiting for memory -Patch-mainline: Not yet - undergoing review +Patch-mainline: v5.18 +Git-commit: c487216bec83b0c5a8803e5c61433d33ad7b104d References: bsc#1191876 bsc#1192866 When memory is short, new worker threads cannot be created and we depend diff --git a/patches.suse/SUNRPC-drop-pointless-static-qualifier-in-xdr_get_ne.patch b/patches.suse/SUNRPC-drop-pointless-static-qualifier-in-xdr_get_ne.patch new file mode 100644 index 0000000..d02c491 --- /dev/null +++ b/patches.suse/SUNRPC-drop-pointless-static-qualifier-in-xdr_get_ne.patch @@ -0,0 +1,31 @@ +From: YueHaibing +Date: Thu, 8 Nov 2018 02:04:57 +0000 +Subject: [PATCH] SUNRPC: drop pointless static qualifier in + xdr_get_next_encode_buffer() +Git-commit: 025911a5f4e36955498ed50806ad1b02f0f76288 +Patch-mainline: v4.20 +References: git-fixes + +There is no need to have the '__be32 *p' variable static since new value +always be assigned before use it. + +Signed-off-by: YueHaibing +Cc: stable@vger.kernel.org +Signed-off-by: J. Bruce Fields +Acked-by: NeilBrown + +--- + net/sunrpc/xdr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/sunrpc/xdr.c ++++ b/net/sunrpc/xdr.c +@@ -512,7 +512,7 @@ EXPORT_SYMBOL_GPL(xdr_commit_encode); + static __be32 *xdr_get_next_encode_buffer(struct xdr_stream *xdr, + size_t nbytes) + { +- static __be32 *p; ++ __be32 *p; + int space_left; + int frag1bytes, frag2bytes; + diff --git a/patches.suse/SUNRPC-improve-swap-handling-scheduling-and-PF_MEMAL.patch b/patches.suse/SUNRPC-improve-swap-handling-scheduling-and-PF_MEMAL.patch index 08399ed..b87d224 100644 --- a/patches.suse/SUNRPC-improve-swap-handling-scheduling-and-PF_MEMAL.patch +++ b/patches.suse/SUNRPC-improve-swap-handling-scheduling-and-PF_MEMAL.patch @@ -50,7 +50,7 @@ Acked-by: NeilBrown --- a/fs/nfs/write.c +++ b/fs/nfs/write.c -@@ -1413,6 +1413,8 @@ static void nfs_initiate_write(struct nf +@@ -1410,6 +1410,8 @@ static void nfs_initiate_write(struct nf { int priority = flush_task_priority(how); @@ -61,7 +61,7 @@ Acked-by: NeilBrown --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c -@@ -1061,8 +1061,6 @@ void rpc_task_set_client(struct rpc_task +@@ -1086,8 +1086,6 @@ void rpc_task_set_client(struct rpc_task task->tk_flags |= RPC_TASK_SOFT; if (clnt->cl_noretranstimeo) task->tk_flags |= RPC_TASK_NO_RETRANS_TIMEOUT; @@ -136,7 +136,7 @@ Acked-by: NeilBrown if (size <= RPC_BUFFER_MAXSIZE) --- a/net/sunrpc/xprt.c +++ b/net/sunrpc/xprt.c -@@ -993,6 +993,9 @@ bool xprt_prepare_transmit(struct rpc_ta +@@ -987,6 +987,9 @@ bool xprt_prepare_transmit(struct rpc_ta task->tk_status = -EAGAIN; goto out_unlock; } @@ -148,7 +148,7 @@ Acked-by: NeilBrown spin_unlock_bh(&xprt->transport_lock); --- a/net/sunrpc/xprtrdma/transport.c +++ b/net/sunrpc/xprtrdma/transport.c -@@ -257,13 +257,17 @@ xprt_rdma_connect_worker(struct work_str +@@ -261,13 +261,17 @@ xprt_rdma_connect_worker(struct work_str struct rpcrdma_xprt *r_xprt = container_of(work, struct rpcrdma_xprt, rx_connect_worker.work); struct rpc_xprt *xprt = &r_xprt->rx_xprt; @@ -166,7 +166,7 @@ Acked-by: NeilBrown xprt_clear_connecting(xprt); } -@@ -667,8 +671,6 @@ xprt_rdma_allocate(struct rpc_task *task +@@ -671,8 +675,6 @@ xprt_rdma_allocate(struct rpc_task *task flags = RPCRDMA_DEF_GFP; if (RPC_IS_ASYNC(task)) flags = GFP_NOWAIT | __GFP_NOWARN; @@ -177,7 +177,7 @@ Acked-by: NeilBrown goto out_fail; --- a/net/sunrpc/xprtsock.c +++ b/net/sunrpc/xprtsock.c -@@ -2224,7 +2224,10 @@ static void xs_udp_setup_socket(struct w +@@ -2227,7 +2227,10 @@ static void xs_udp_setup_socket(struct w struct rpc_xprt *xprt = &transport->xprt; struct socket *sock = transport->sock; int status = -EIO; @@ -188,15 +188,15 @@ Acked-by: NeilBrown sock = xs_create_sock(xprt, transport, xs_addr(xprt)->sa_family, SOCK_DGRAM, IPPROTO_UDP, false); -@@ -2244,6 +2247,7 @@ out: - xprt_unlock_connect(xprt, transport); +@@ -2247,6 +2250,7 @@ out: xprt_clear_connecting(xprt); + xprt_unlock_connect(xprt, transport); xprt_wake_pending_tasks(xprt, status); + current_restore_flags(pflags, PF_MEMALLOC); } /** -@@ -2415,7 +2419,10 @@ static void xs_tcp_setup_socket(struct w +@@ -2416,7 +2420,10 @@ static void xs_tcp_setup_socket(struct w struct socket *sock = transport->sock; struct rpc_xprt *xprt = &transport->xprt; int status = -EIO; @@ -207,7 +207,7 @@ Acked-by: NeilBrown if (!sock) { sock = xs_create_sock(xprt, transport, xs_addr(xprt)->sa_family, SOCK_STREAM, -@@ -2451,7 +2458,7 @@ static void xs_tcp_setup_socket(struct w +@@ -2452,7 +2459,7 @@ static void xs_tcp_setup_socket(struct w case -EINPROGRESS: case -EALREADY: xprt_unlock_connect(xprt, transport); @@ -216,9 +216,9 @@ Acked-by: NeilBrown case -EINVAL: /* Happens, for instance, if the user specified a link * local IPv6 address without a scope-id. -@@ -2474,6 +2481,8 @@ out: - xprt_unlock_connect(xprt, transport); +@@ -2475,6 +2482,8 @@ out: xprt_clear_connecting(xprt); + xprt_unlock_connect(xprt, transport); xprt_wake_pending_tasks(xprt, status); +out_restore: + current_restore_flags(pflags, PF_MEMALLOC); diff --git a/patches.suse/SUNRPC-stop-printk-reading-past-end-of-string.patch b/patches.suse/SUNRPC-stop-printk-reading-past-end-of-string.patch new file mode 100644 index 0000000..47ca876 --- /dev/null +++ b/patches.suse/SUNRPC-stop-printk-reading-past-end-of-string.patch @@ -0,0 +1,33 @@ +From: "J. Bruce Fields" +Date: Sat, 5 Sep 2020 10:03:26 -0400 +Subject: [PATCH] SUNRPC: stop printk reading past end of string +Git-commit: 8c6b6c793ed32b8f9770ebcdf1ba99af423c303b +Patch-mainline: v5.9 +References: git-fixes + +Since p points at raw xdr data, there's no guarantee that it's NULL +terminated, so we should give a length. And probably escape any special +characters too. + +Reported-by: Zhi Li +Signed-off-by: J. Bruce Fields +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + net/sunrpc/rpcb_clnt.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/sunrpc/rpcb_clnt.c ++++ b/net/sunrpc/rpcb_clnt.c +@@ -975,8 +975,8 @@ static int rpcb_dec_getaddr(struct rpc_r + p = xdr_inline_decode(xdr, len); + if (unlikely(p == NULL)) + goto out_fail; +- dprintk("RPC: %5u RPCB_%s reply: %s\n", req->rq_task->tk_pid, +- req->rq_task->tk_msg.rpc_proc->p_name, (char *)p); ++ dprintk("RPC: %5u RPCB_%s reply: %*pE\n", req->rq_task->tk_pid, ++ req->rq_task->tk_msg.rpc_proc->p_name, len, (char *)p); + + if (rpc_uaddr2sockaddr(req->rq_xprt->xprt_net, (char *)p, len, + sap, sizeof(address)) == 0) diff --git a/patches.suse/arm64-Fix-minor-issues-with-the-dcache_by_line_op-macro.patch b/patches.suse/arm64-Fix-minor-issues-with-the-dcache_by_line_op-macro.patch new file mode 100644 index 0000000..c3b424c --- /dev/null +++ b/patches.suse/arm64-Fix-minor-issues-with-the-dcache_by_line_op-macro.patch @@ -0,0 +1,88 @@ +From: Will Deacon +Date: Mon, 10 Dec 2018 13:39:48 +0000 +Subject: arm64: Fix minor issues with the dcache_by_line_op macro +Git-commit: 33309ecda0070506c49182530abe7728850ebe78 +Patch-mainline: v5.0-rc1 +References: git-fixes + +The dcache_by_line_op macro suffers from a couple of small problems: + +First, the GAS directives that are currently being used rely on +assembler behavior that is not documented, and probably not guaranteed +to produce the correct behavior going forward. As a result, we end up +with some undefined symbols in cache.o: + +$ nm arch/arm64/mm/cache.o + ... + U civac + ... + U cvac + U cvap + U cvau + +This is due to the fact that the comparisons used to select the +operation type in the dcache_by_line_op macro are comparing symbols +not strings, and even though it seems that GAS is doing the right +thing here (undefined symbols by the same name are equal to each +other), it seems unwise to rely on this. + +Second, when patching in a DC CVAP instruction on CPUs that support it, +the fallback path consists of a DC CVAU instruction which may be +affected by CPU errata that require ARM64_WORKAROUND_CLEAN_CACHE. + +Solve these issues by unrolling the various maintenance routines and +using the conditional directives that are documented as operating on +strings. To avoid the complexity of nested alternatives, we move the +DC CVAP patching to __clean_dcache_area_pop, falling back to a branch +to __clean_dcache_area_poc if DCPOP is not supported by the CPU. + +Reported-by: Ard Biesheuvel +Suggested-by: Robin Murphy +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/include/asm/assembler.h | 24 ++++++++++++++++++------ + 1 file changed, 18 insertions(+), 6 deletions(-) + +--- a/arch/arm64/include/asm/assembler.h ++++ b/arch/arm64/include/asm/assembler.h +@@ -406,21 +406,33 @@ alternative_endif + * size: size of the region + * Corrupts: kaddr, size, tmp1, tmp2 + */ ++ .macro __dcache_op_workaround_clean_cache, op, kaddr ++alternative_if_not ARM64_WORKAROUND_CLEAN_CACHE ++ dc \op, \kaddr ++alternative_else ++ dc civac, \kaddr ++alternative_endif ++ .endm ++ + .macro dcache_by_line_op op, domain, kaddr, size, tmp1, tmp2 + dcache_line_size \tmp1, \tmp2 + add \size, \kaddr, \size + sub \tmp2, \tmp1, #1 + bic \kaddr, \kaddr, \tmp2 + 9998: +- .if (\op == cvau || \op == cvac) +-alternative_if_not ARM64_WORKAROUND_CLEAN_CACHE +- dc \op, \kaddr +-alternative_else +- dc civac, \kaddr +-alternative_endif ++ .ifc \op, cvau ++ __dcache_op_workaround_clean_cache \op, \kaddr ++ .else ++ .ifc \op, cvac ++ __dcache_op_workaround_clean_cache \op, \kaddr ++ .else ++ .ifc \op, cvap ++ sys 3, c7, c12, 1, \kaddr // dc cvap + .else + dc \op, \kaddr + .endif ++ .endif ++ .endif + add \kaddr, \kaddr, \tmp1 + cmp \kaddr, \size + b.lo 9998b diff --git a/patches.suse/arm64-alternative-Use-true-and-false-for-boolean-values.patch b/patches.suse/arm64-alternative-Use-true-and-false-for-boolean-values.patch new file mode 100644 index 0000000..a3d0af3 --- /dev/null +++ b/patches.suse/arm64-alternative-Use-true-and-false-for-boolean-values.patch @@ -0,0 +1,34 @@ +From: "Gustavo A. R. Silva" +Date: Tue, 7 Aug 2018 18:59:57 -0500 +Subject: arm64: alternative: Use true and false for boolean values +Git-commit: 3c4d9137eefecf273a520d392071ffc9df0a9a7a +Patch-mainline: v4.19-rc1 +References: git-fixes + +Return statements in functions returning bool should use true or false +instead of an integer value. This code was detected with the help of +Coccinelle. + +Signed-off-by: Gustavo A. R. Silva +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/kernel/alternative.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm64/kernel/alternative.c ++++ b/arch/arm64/kernel/alternative.c +@@ -47,11 +47,11 @@ static bool branch_insn_requires_update( + unsigned long replptr; + + if (kernel_text_address(pc)) +- return 1; ++ return true; + + replptr = (unsigned long)ALT_REPL_PTR(alt); + if (pc >= replptr && pc <= (replptr + alt->alt_len)) +- return 0; ++ return false; + + /* + * Branching into *another* alternate sequence is doomed, and diff --git a/patches.suse/arm64-cmpwait-Clear-event-register-before-arming-exclusive-monitor.patch b/patches.suse/arm64-cmpwait-Clear-event-register-before-arming-exclusive-monitor.patch new file mode 100644 index 0000000..102993b --- /dev/null +++ b/patches.suse/arm64-cmpwait-Clear-event-register-before-arming-exclusive-monitor.patch @@ -0,0 +1,34 @@ +From: Will Deacon +Date: Mon, 30 Apr 2018 13:56:32 +0100 +Subject: arm64: cmpwait: Clear event register before arming exclusive monitor +Git-commit: 1cfc63b5ae60fe7e01773f38132f98d8b13a99a0 +Patch-mainline: v4.18-rc1 +References: git-fixes + +When waiting for a cacheline to change state in cmpwait, we may immediately +wake-up the first time around the outer loop if the event register was +already set (for example, because of the event stream). + +Avoid these spurious wakeups by explicitly clearing the event register +before loading the cacheline and setting the exclusive monitor. + +Signed-off-by: Will Deacon +Signed-off-by: Catalin Marinas +Acked-by: Ivan T. Ivanov +--- + arch/arm64/include/asm/cmpxchg.h | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/arch/arm64/include/asm/cmpxchg.h ++++ b/arch/arm64/include/asm/cmpxchg.h +@@ -229,7 +229,9 @@ static inline void __cmpwait_case_##name + unsigned long tmp; \ + \ + asm volatile( \ +- " ldxr" #sz "\t%" #w "[tmp], %[v]\n" \ ++ " sevl\n" \ ++ " wfe\n" \ ++ " ldxr" #sz "\t%" #w "[tmp], %[v]\n" \ + " eor %" #w "[tmp], %" #w "[tmp], %" #w "[val]\n" \ + " cbnz %" #w "[tmp], 1f\n" \ + " wfe\n" \ diff --git a/patches.suse/arm64-fix-possible-spectre-v1-in-ptrace_hbp_get_event.patch b/patches.suse/arm64-fix-possible-spectre-v1-in-ptrace_hbp_get_event.patch new file mode 100644 index 0000000..3f45227 --- /dev/null +++ b/patches.suse/arm64-fix-possible-spectre-v1-in-ptrace_hbp_get_event.patch @@ -0,0 +1,56 @@ +From: Mark Rutland +Date: Wed, 25 Apr 2018 17:13:40 +0100 +Subject: arm64: fix possible spectre-v1 in ptrace_hbp_get_event() +Git-commit: 19791a7ca674fb3009bb068260e852a2f05b605c +Patch-mainline: v4.17-rc3 +References: git-fixes + +It's possible for userspace to control idx. Sanitize idx when using it +as an array index. + +Found by smatch. + +Signed-off-by: Mark Rutland +Cc: Catalin Marinas +Cc: Will Deacon +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/kernel/ptrace.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +--- a/arch/arm64/kernel/ptrace.c ++++ b/arch/arm64/kernel/ptrace.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -249,15 +250,20 @@ static struct perf_event *ptrace_hbp_get + + switch (note_type) { + case NT_ARM_HW_BREAK: +- if (idx < ARM_MAX_BRP) +- bp = tsk->thread.debug.hbp_break[idx]; ++ if (idx >= ARM_MAX_BRP) ++ goto out; ++ idx = array_index_nospec(idx, ARM_MAX_BRP); ++ bp = tsk->thread.debug.hbp_break[idx]; + break; + case NT_ARM_HW_WATCH: +- if (idx < ARM_MAX_WRP) +- bp = tsk->thread.debug.hbp_watch[idx]; ++ if (idx >= ARM_MAX_WRP) ++ goto out; ++ idx = array_index_nospec(idx, ARM_MAX_WRP); ++ bp = tsk->thread.debug.hbp_watch[idx]; + break; + } + ++out: + return bp; + } + diff --git a/patches.suse/arm64-fix-possible-spectre-v1-write-in-ptrace_hbp_set_event.patch b/patches.suse/arm64-fix-possible-spectre-v1-write-in-ptrace_hbp_set_event.patch new file mode 100644 index 0000000..1075dda --- /dev/null +++ b/patches.suse/arm64-fix-possible-spectre-v1-write-in-ptrace_hbp_set_event.patch @@ -0,0 +1,54 @@ +From: Mark Rutland +Date: Tue, 10 Jul 2018 19:01:22 +0100 +Subject: arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() +Git-commit: 14d6e289a89780377f8bb09de8926d3c62d763cd +Patch-mainline: v4.19-rc1 +References: git-fixes + +It's possible for userspace to control idx. Sanitize idx when using it +as an array index, to inhibit the potential spectre-v1 write gadget. + +Found by smatch. + +Signed-off-by: Mark Rutland +Cc: Catalin Marinas +Cc: Will Deacon +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/kernel/ptrace.c | 19 +++++++++++-------- + 1 file changed, 11 insertions(+), 8 deletions(-) + +--- a/arch/arm64/kernel/ptrace.c ++++ b/arch/arm64/kernel/ptrace.c +@@ -276,19 +276,22 @@ static int ptrace_hbp_set_event(unsigned + + switch (note_type) { + case NT_ARM_HW_BREAK: +- if (idx < ARM_MAX_BRP) { +- tsk->thread.debug.hbp_break[idx] = bp; +- err = 0; +- } ++ if (idx >= ARM_MAX_BRP) ++ goto out; ++ idx = array_index_nospec(idx, ARM_MAX_BRP); ++ tsk->thread.debug.hbp_break[idx] = bp; ++ err = 0; + break; + case NT_ARM_HW_WATCH: +- if (idx < ARM_MAX_WRP) { +- tsk->thread.debug.hbp_watch[idx] = bp; +- err = 0; +- } ++ if (idx >= ARM_MAX_WRP) ++ goto out; ++ idx = array_index_nospec(idx, ARM_MAX_WRP); ++ tsk->thread.debug.hbp_watch[idx] = bp; ++ err = 0; + break; + } + ++out: + return err; + } + diff --git a/patches.suse/arm64-ftrace-don-t-adjust-the-LR-value.patch b/patches.suse/arm64-ftrace-don-t-adjust-the-LR-value.patch new file mode 100644 index 0000000..0d93c8b --- /dev/null +++ b/patches.suse/arm64-ftrace-don-t-adjust-the-LR-value.patch @@ -0,0 +1,48 @@ +From: Mark Rutland +Date: Thu, 15 Nov 2018 22:42:01 +0000 +Subject: arm64: ftrace: don't adjust the LR value +Git-commit: 6e803e2e6e367db9a0d6ecae1bd24bb5752011bd +Patch-mainline: v5.0-rc1 +References: git-fixes + +The core ftrace code requires that when it is handed the PC of an +instrumented function, this PC is the address of the instrumented +instruction. This is necessary so that the core ftrace code can identify +the specific instrumentation site. Since the instrumented function will +be a BL, the address of the instrumented function is LR - 4 at entry to +the ftrace code. + +This fixup is applied in the mcount_get_pc and mcount_get_pc0 helpers, +which acquire the PC of the instrumented function. + +The mcount_get_lr helper is used to acquire the LR of the instrumented +function, whose value does not require this adjustment, and cannot be +adjusted to anything meaningful. No adjustment of this value is made on +other architectures, including arm. However, arm64 adjusts this value by +4. + +This patch brings arm64 in line with other architectures and removes the +adjustment of the LR value. + +Signed-off-by: Mark Rutland +Cc: AKASHI Takahiro +Cc: Ard Biesheuvel +Cc: Catalin Marinas +Cc: Torsten Duwe +Cc: Will Deacon +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/kernel/entry-ftrace.S | 1 - + 1 file changed, 1 deletion(-) + +--- a/arch/arm64/kernel/entry-ftrace.S ++++ b/arch/arm64/kernel/entry-ftrace.S +@@ -79,7 +79,6 @@ + .macro mcount_get_lr reg + ldr \reg, [x29] + ldr \reg, [\reg, #8] +- mcount_adjust_addr \reg, \reg + .endm + + .macro mcount_get_lr_addr reg diff --git a/patches.suse/arm64-io-Ensure-calls-to-delay-routines-are-ordered-against-prior-readX.patch b/patches.suse/arm64-io-Ensure-calls-to-delay-routines-are-ordered-against-prior-readX.patch new file mode 100644 index 0000000..0bcf3b2 --- /dev/null +++ b/patches.suse/arm64-io-Ensure-calls-to-delay-routines-are-ordered-against-prior-readX.patch @@ -0,0 +1,94 @@ +From: Will Deacon +Date: Wed, 7 Nov 2018 23:06:15 +0000 +Subject: arm64: io: Ensure calls to delay routines are ordered against prior + readX() +Git-commit: 6460d32014717686d3b7963595950ba2c6d1bb5e +Patch-mainline: v5.0-rc1 +References: git-fixes + +A relatively standard idiom for ensuring that a pair of MMIO writes to a +device arrive at that device with a specified minimum delay between them +is as follows: + + writel_relaxed(42, dev_base + CTL1); + readl(dev_base + CTL1); + udelay(10); + writel_relaxed(42, dev_base + CTL2); + +the intention being that the read-back from the device will push the +prior write to CTL1, and the udelay will hold up the write to CTL1 until +at least 10us have elapsed. + +Unfortunately, on arm64 where the underlying delay loop is implemented +as a read of the architected counter, the CPU does not guarantee +ordering from the readl() to the delay loop and therefore the delay loop +could in theory be speculated and not provide the desired interval +between the two writes. + +Fix this in a similar manner to PowerPC by introducing a dummy control +dependency on the output of readX() which, combined with the ISB in the +read of the architected counter, guarantees that a subsequent delay loop +can not be executed until the readX() has returned its result. + +Cc: Benjamin Herrenschmidt +Cc: Arnd Bergmann +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/include/asm/io.h | 31 +++++++++++++++++++++++-------- + 1 file changed, 23 insertions(+), 8 deletions(-) + +--- a/arch/arm64/include/asm/io.h ++++ b/arch/arm64/include/asm/io.h +@@ -104,7 +104,22 @@ static inline u64 __raw_readq(const vola + } + + /* IO barriers */ +-#define __iormb() rmb() ++#define __iormb(v) \ ++({ \ ++ unsigned long tmp; \ ++ \ ++ rmb(); \ ++ \ ++ /* \ ++ * Create a dummy control dependency from the IO read to any \ ++ * later instructions. This ensures that a subsequent call to \ ++ * udelay() will be ordered due to the ISB in get_cycles(). \ ++ */ \ ++ asm volatile("eor %0, %1, %1\n" \ ++ "cbnz %0, ." \ ++ : "=r" (tmp) : "r" (v) : "memory"); \ ++}) ++ + #define __iowmb() wmb() + + #define mmiowb() do { } while (0) +@@ -129,10 +144,10 @@ static inline u64 __raw_readq(const vola + * following Normal memory access. Writes are ordered relative to any prior + * Normal memory access. + */ +-#define readb(c) ({ u8 __v = readb_relaxed(c); __iormb(); __v; }) +-#define readw(c) ({ u16 __v = readw_relaxed(c); __iormb(); __v; }) +-#define readl(c) ({ u32 __v = readl_relaxed(c); __iormb(); __v; }) +-#define readq(c) ({ u64 __v = readq_relaxed(c); __iormb(); __v; }) ++#define readb(c) ({ u8 __v = readb_relaxed(c); __iormb(__v); __v; }) ++#define readw(c) ({ u16 __v = readw_relaxed(c); __iormb(__v); __v; }) ++#define readl(c) ({ u32 __v = readl_relaxed(c); __iormb(__v); __v; }) ++#define readq(c) ({ u64 __v = readq_relaxed(c); __iormb(__v); __v; }) + + #define writeb(v,c) ({ __iowmb(); writeb_relaxed((v),(c)); }) + #define writew(v,c) ({ __iowmb(); writew_relaxed((v),(c)); }) +@@ -183,9 +198,9 @@ extern void __iomem *ioremap_cache(phys_ + /* + * io{read,write}{16,32,64}be() macros + */ +-#define ioread16be(p) ({ __u16 __v = be16_to_cpu((__force __be16)__raw_readw(p)); __iormb(); __v; }) +-#define ioread32be(p) ({ __u32 __v = be32_to_cpu((__force __be32)__raw_readl(p)); __iormb(); __v; }) +-#define ioread64be(p) ({ __u64 __v = be64_to_cpu((__force __be64)__raw_readq(p)); __iormb(); __v; }) ++#define ioread16be(p) ({ __u16 __v = be16_to_cpu((__force __be16)__raw_readw(p)); __iormb(__v); __v; }) ++#define ioread32be(p) ({ __u32 __v = be32_to_cpu((__force __be32)__raw_readl(p)); __iormb(__v); __v; }) ++#define ioread64be(p) ({ __u64 __v = be64_to_cpu((__force __be64)__raw_readq(p)); __iormb(__v); __v; }) + + #define iowrite16be(v,p) ({ __iowmb(); __raw_writew((__force __u16)cpu_to_be16(v), p); }) + #define iowrite32be(v,p) ({ __iowmb(); __raw_writel((__force __u32)cpu_to_be32(v), p); }) diff --git a/patches.suse/arm64-io-Ensure-value-passed-to-__iormb-is-held-in-a-64-bit-register.patch b/patches.suse/arm64-io-Ensure-value-passed-to-__iormb-is-held-in-a-64-bit-register.patch new file mode 100644 index 0000000..c75107b --- /dev/null +++ b/patches.suse/arm64-io-Ensure-value-passed-to-__iormb-is-held-in-a-64-bit-register.patch @@ -0,0 +1,48 @@ +From: Will Deacon +Date: Thu, 29 Nov 2018 16:31:04 +0000 +Subject: arm64: io: Ensure value passed to __iormb() is held in a 64-bit + register +Git-commit: 1b57ec8c75279b873639eb44a215479236f93481 +Patch-mainline: v5.0-rc1 +References: git-fixes + +As of commit 6460d3201471 ("arm64: io: Ensure calls to delay routines +are ordered against prior readX()"), MMIO reads smaller than 64 bits +fail to compile under clang because we end up mixing 32-bit and 64-bit +register operands for the same data processing instruction: + +./include/asm-generic/io.h:695:9: warning: value size does not match register size specified by the constraint and modifier [-Wasm-operand-widths] + return readb(addr); + ^ +./arch/arm64/include/asm/io.h:147:58: note: expanded from macro 'readb' + ^ +./include/asm-generic/io.h:695:9: note: use constraint modifier "w" +./arch/arm64/include/asm/io.h:147:50: note: expanded from macro 'readb' + ^ +./arch/arm64/include/asm/io.h:118:24: note: expanded from macro '__iormb' + asm volatile("eor %0, %1, %1\n" \ + ^ + +Fix the build by casting the macro argument to 'unsigned long' when used +as an input to the inline asm. + +Reported-by: Nick Desaulniers +Reported-by: Nathan Chancellor +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/include/asm/io.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/arm64/include/asm/io.h ++++ b/arch/arm64/include/asm/io.h +@@ -117,7 +117,8 @@ static inline u64 __raw_readq(const vola + */ \ + asm volatile("eor %0, %1, %1\n" \ + "cbnz %0, ." \ +- : "=r" (tmp) : "r" (v) : "memory"); \ ++ : "=r" (tmp) : "r" ((unsigned long)(v)) \ ++ : "memory"); \ + }) + + #define __iowmb() wmb() diff --git a/patches.suse/arm64-jump_label.h-use-asm_volatile_goto-macro-instead-of-asm-goto.patch b/patches.suse/arm64-jump_label.h-use-asm_volatile_goto-macro-instead-of-asm-goto.patch new file mode 100644 index 0000000..e35ab9e --- /dev/null +++ b/patches.suse/arm64-jump_label.h-use-asm_volatile_goto-macro-instead-of-asm-goto.patch @@ -0,0 +1,42 @@ +From: Miguel Ojeda +Date: Sun, 9 Sep 2018 17:47:31 +0200 +Subject: arm64: jump_label.h: use asm_volatile_goto macro instead of "asm + goto" +Git-commit: 13aceef06adfaf93d52e01e28a8bc8a0ad471d83 +Patch-mainline: v4.19-rc4 +References: git-fixes + +All other uses of "asm goto" go through asm_volatile_goto, which avoids +a miscompile when using GCC < 4.8.2. Replace our open-coded "asm goto" +statements with the asm_volatile_goto macro to avoid issues with older +toolchains. + +Cc: Catalin Marinas +Reviewed-by: Nick Desaulniers +Signed-off-by: Miguel Ojeda +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/include/asm/jump_label.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm64/include/asm/jump_label.h ++++ b/arch/arm64/include/asm/jump_label.h +@@ -28,7 +28,7 @@ + + static __always_inline bool arch_static_branch(struct static_key *key, bool branch) + { +- asm goto("1: nop\n\t" ++ asm_volatile_goto("1: nop\n\t" + ".pushsection __jump_table, \"aw\"\n\t" + ".align 3\n\t" + ".quad 1b, %l[l_yes], %c0\n\t" +@@ -42,7 +42,7 @@ l_yes: + + static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch) + { +- asm goto("1: b %l[l_yes]\n\t" ++ asm_volatile_goto("1: b %l[l_yes]\n\t" + ".pushsection __jump_table, \"aw\"\n\t" + ".align 3\n\t" + ".quad 1b, %l[l_yes], %c0\n\t" diff --git a/patches.suse/arm64-kvm-consistently-handle-host-HCR_EL2-flags.patch b/patches.suse/arm64-kvm-consistently-handle-host-HCR_EL2-flags.patch new file mode 100644 index 0000000..cdc0ab4 --- /dev/null +++ b/patches.suse/arm64-kvm-consistently-handle-host-HCR_EL2-flags.patch @@ -0,0 +1,72 @@ +From: Mark Rutland +Date: Fri, 7 Dec 2018 18:39:21 +0000 +Subject: arm64/kvm: consistently handle host HCR_EL2 flags +Git-commit: 4eaed6aa2c628101246bcabc91b203bfac1193f8 +Patch-mainline: v5.0-rc1 +References: git-fixes + +In KVM we define the configuration of HCR_EL2 for a VHE HOST in +HCR_HOST_VHE_FLAGS, but we don't have a similar definition for the +non-VHE host flags, and open-code HCR_RW. Further, in head.S we +open-code the flags for VHE and non-VHE configurations. + +In future, we're going to want to configure more flags for the host, so +lets add a HCR_HOST_NVHE_FLAGS defintion, and consistently use both +HCR_HOST_VHE_FLAGS and HCR_HOST_NVHE_FLAGS in the kvm code and head.S. + +We now use mov_q to generate the HCR_EL2 value, as we use when +configuring other registers in head.S. + +Reviewed-by: Marc Zyngier +Reviewed-by: Richard Henderson +Signed-off-by: Mark Rutland +Signed-off-by: Kristina Martsenko +Reviewed-by: Christoffer Dall +Cc: Catalin Marinas +Cc: Marc Zyngier +Cc: Will Deacon +Cc: kvmarm@lists.cs.columbia.edu +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/include/asm/kvm_arm.h | 1 + + arch/arm64/kernel/head.S | 5 ++--- + arch/arm64/kvm/hyp/switch.c | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +--- a/arch/arm64/include/asm/kvm_arm.h ++++ b/arch/arm64/include/asm/kvm_arm.h +@@ -86,6 +86,7 @@ + HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW | HCR_TLOR | \ + HCR_FMO | HCR_IMO) + #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF) ++#define HCR_HOST_NVHE_FLAGS (HCR_RW) + #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) + + /* TCR_EL2 Registers bits */ +--- a/arch/arm64/kernel/head.S ++++ b/arch/arm64/kernel/head.S +@@ -446,10 +446,9 @@ ENTRY(el2_setup) + #endif + + /* Hyp configuration. */ +- mov x0, #HCR_RW // 64-bit EL1 ++ mov_q x0, HCR_HOST_NVHE_FLAGS + cbz x2, set_hcr +- orr x0, x0, #HCR_TGE // Enable Host Extensions +- orr x0, x0, #HCR_E2H ++ mov_q x0, HCR_HOST_VHE_FLAGS + set_hcr: + msr hcr_el2, x0 + isb +--- a/arch/arm64/kvm/hyp/switch.c ++++ b/arch/arm64/kvm/hyp/switch.c +@@ -144,7 +144,7 @@ static void __hyp_text __deactivate_trap + mdcr_el2 |= MDCR_EL2_E2PB_MASK << MDCR_EL2_E2PB_SHIFT; + + write_sysreg(mdcr_el2, mdcr_el2); +- write_sysreg(HCR_RW, hcr_el2); ++ write_sysreg(HCR_HOST_NVHE_FLAGS, hcr_el2); + write_sysreg(CPTR_EL2_DEFAULT, cptr_el2); + } + diff --git a/patches.suse/arm64-make-secondary_start_kernel-notrace.patch b/patches.suse/arm64-make-secondary_start_kernel-notrace.patch new file mode 100644 index 0000000..c627956 --- /dev/null +++ b/patches.suse/arm64-make-secondary_start_kernel-notrace.patch @@ -0,0 +1,37 @@ +From: Zhizhou Zhang +Date: Tue, 12 Jun 2018 17:07:37 +0800 +Subject: arm64: make secondary_start_kernel() notrace +Git-commit: b154886f7892499d0d3054026e19dfb9a731df61 +Patch-mainline: v4.18-rc2 +References: git-fixes + +We can't call function trace hook before setup percpu offset. +When entering secondary_start_kernel(), percpu offset has not +been initialized. So this lead hotplug malfunction. +Here is the flow to reproduce this bug: + +echo 0 > /sys/devices/system/cpu/cpu1/online +echo function > /sys/kernel/debug/tracing/current_tracer +echo 1 > /sys/kernel/debug/tracing/tracing_on +echo 1 > /sys/devices/system/cpu/cpu1/online + +Acked-by: Mark Rutland +Tested-by: Suzuki K Poulose +Signed-off-by: Zhizhou Zhang +Signed-off-by: Catalin Marinas +Acked-by: Ivan T. Ivanov +--- + arch/arm64/kernel/smp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm64/kernel/smp.c ++++ b/arch/arm64/kernel/smp.c +@@ -179,7 +179,7 @@ int __cpu_up(unsigned int cpu, struct ta + * This is the secondary CPU boot entry. We're using this CPUs + * idle thread stack, but a set of temporary page tables. + */ +-asmlinkage void secondary_start_kernel(void) ++asmlinkage notrace void secondary_start_kernel(void) + { + struct mm_struct *mm = &init_mm; + unsigned int cpu; diff --git a/patches.suse/arm64-makefile-fix-build-of-.i-file-in-external-module-case.patch b/patches.suse/arm64-makefile-fix-build-of-.i-file-in-external-module-case.patch new file mode 100644 index 0000000..9cd294a --- /dev/null +++ b/patches.suse/arm64-makefile-fix-build-of-.i-file-in-external-module-case.patch @@ -0,0 +1,50 @@ +From: Victor Kamensky +Date: Tue, 30 Oct 2018 16:37:10 -0700 +Subject: arm64: makefile fix build of .i file in external module case +Git-commit: 98356eb0ae499c63e78073ccedd9a5fc5c563288 +Patch-mainline: v4.20-rc1 +References: git-fixes + +After 'a66649dab350 arm64: fix vdso-offsets.h dependency' if +one will try to build .i file in case of external kernel module, +build fails complaining that prepare0 target is missing. This +issue came up with SystemTap when it tries to build variety +of .i files for its own generated kernel modules trying to +figure given kernel features/capabilities. + +The issue is that prepare0 is defined in top level Makefile +only if KBUILD_EXTMOD is not defined. .i file rule depends +on prepare and in case KBUILD_EXTMOD defined top level Makefile +contains empty rule for prepare. But after mentioned commit +arch/arm64/Makefile would introduce dependency on prepare0 +through its own prepare target. + +Fix it to put proper ifdef KBUILD_EXTMOD around code introduced +by mentioned commit. It matches what top level Makefile does. + +Acked-by: Kevin Brodsky +Signed-off-by: Victor Kamensky +Signed-off-by: Catalin Marinas +Acked-by: Ivan T. Ivanov +--- + arch/arm64/Makefile | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/arm64/Makefile ++++ b/arch/arm64/Makefile +@@ -137,6 +137,7 @@ archclean: + $(Q)$(MAKE) $(clean)=$(boot) + $(Q)$(MAKE) $(clean)=$(boot)/dts + ++ifeq ($(KBUILD_EXTMOD),) + # We need to generate vdso-offsets.h before compiling certain files in kernel/. + # In order to do that, we should use the archprepare target, but we can't since + # asm-offsets.h is included in some files used to generate vdso-offsets.h, and +@@ -146,6 +147,7 @@ archclean: + prepare: vdso_prepare + vdso_prepare: prepare0 + $(Q)$(MAKE) $(build)=arch/arm64/kernel/vdso include/generated/vdso-offsets.h ++endif + + define archhelp + echo '* Image.gz - Compressed kernel image (arch/$(ARCH)/boot/Image.gz)' diff --git a/patches.suse/arm64-ptrace-remove-addr_limit-manipulation.patch b/patches.suse/arm64-ptrace-remove-addr_limit-manipulation.patch new file mode 100644 index 0000000..a1b4b6c --- /dev/null +++ b/patches.suse/arm64-ptrace-remove-addr_limit-manipulation.patch @@ -0,0 +1,63 @@ +From: Mark Rutland +Date: Tue, 24 Apr 2018 13:11:22 +0100 +Subject: arm64: ptrace: remove addr_limit manipulation +Git-commit: 59275a0c037ed6fabd6354730f1e3104264ab719 +Patch-mainline: v4.17-rc3 +References: git-fixes + +We transiently switch to KERNEL_DS in compat_ptrace_gethbpregs() and +compat_ptrace_sethbpregs(), but in either case this is pointless as we +don't perform any uaccess during this window. + +let's rip out the redundant addr_limit manipulation. + +Acked-by: Catalin Marinas +Signed-off-by: Mark Rutland +Cc: Will Deacon +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/kernel/ptrace.c | 6 ------ + 1 file changed, 6 deletions(-) + +--- a/arch/arm64/kernel/ptrace.c ++++ b/arch/arm64/kernel/ptrace.c +@@ -1452,9 +1452,7 @@ static int compat_ptrace_gethbpregs(stru + { + int ret; + u32 kdata; +- mm_segment_t old_fs = get_fs(); + +- set_fs(KERNEL_DS); + /* Watchpoint */ + if (num < 0) { + ret = compat_ptrace_hbp_get(NT_ARM_HW_WATCH, tsk, num, &kdata); +@@ -1465,7 +1463,6 @@ static int compat_ptrace_gethbpregs(stru + } else { + ret = compat_ptrace_hbp_get(NT_ARM_HW_BREAK, tsk, num, &kdata); + } +- set_fs(old_fs); + + if (!ret) + ret = put_user(kdata, data); +@@ -1478,7 +1475,6 @@ static int compat_ptrace_sethbpregs(stru + { + int ret; + u32 kdata = 0; +- mm_segment_t old_fs = get_fs(); + + if (num == 0) + return 0; +@@ -1487,12 +1483,10 @@ static int compat_ptrace_sethbpregs(stru + if (ret) + return ret; + +- set_fs(KERNEL_DS); + if (num < 0) + ret = compat_ptrace_hbp_set(NT_ARM_HW_WATCH, tsk, num, &kdata); + else + ret = compat_ptrace_hbp_set(NT_ARM_HW_BREAK, tsk, num, &kdata); +- set_fs(old_fs); + + return ret; + } diff --git a/patches.suse/arm64-rockchip-Force-CONFIG_PM-on-Rockchip-systems.patch b/patches.suse/arm64-rockchip-Force-CONFIG_PM-on-Rockchip-systems.patch new file mode 100644 index 0000000..02e91b8 --- /dev/null +++ b/patches.suse/arm64-rockchip-Force-CONFIG_PM-on-Rockchip-systems.patch @@ -0,0 +1,32 @@ +From: Marc Zyngier +Date: Fri, 24 Aug 2018 16:06:35 +0100 +Subject: arm64: rockchip: Force CONFIG_PM on Rockchip systems +Git-commit: 7db7a8f5638a2ffe0c0c0d55b5186b6191fd6af7 +Patch-mainline: v4.19-rc1 +References: git-fixes + +A number of the Rockchip-specific drivers (IOMMU, display controllers) +are now assuming that CONFIG_PM is set, and may completely misbehave +if that's not the case. + +Since there is hardly any reason for this configuration option not +to be selected anyway, let's require it (in the same way Tegra already +does). + +Signed-off-by: Marc Zyngier +Signed-off-by: Olof Johansson +Acked-by: Ivan T. Ivanov +--- + arch/arm64/Kconfig.platforms | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/arm64/Kconfig.platforms ++++ b/arch/arm64/Kconfig.platforms +@@ -136,6 +136,7 @@ config ARCH_ROCKCHIP + select GPIOLIB + select PINCTRL + select PINCTRL_ROCKCHIP ++ select PM + select ROCKCHIP_TIMER + help + This enables support for the ARMv8 based Rockchip chipsets, diff --git a/patches.suse/arm64-smp-Handle-errors-reported-by-the-firmware.patch b/patches.suse/arm64-smp-Handle-errors-reported-by-the-firmware.patch new file mode 100644 index 0000000..bcabf7b --- /dev/null +++ b/patches.suse/arm64-smp-Handle-errors-reported-by-the-firmware.patch @@ -0,0 +1,32 @@ +From: Suzuki K Poulose +Date: Mon, 10 Dec 2018 18:07:33 +0000 +Subject: arm64: smp: Handle errors reported by the firmware +Git-commit: f357b3a7e17af7736d67d8267edc1ed3d1dd9391 +Patch-mainline: v5.0-rc1 +References: git-fixes + +The __cpu_up() routine ignores the errors reported by the firmware +for a CPU bringup operation and looks for the error status set by the +booting CPU. If the CPU never entered the kernel, we could end up +in assuming stale error status, which otherwise would have been +set/cleared appropriately by the booting CPU. + +Reported-by: Steve Capper +Cc: Will Deacon +Signed-off-by: Suzuki K Poulose +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/kernel/smp.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/arm64/kernel/smp.c ++++ b/arch/arm64/kernel/smp.c +@@ -141,6 +141,7 @@ int __cpu_up(unsigned int cpu, struct ta + } + } else { + pr_err("CPU%u: failed to boot: %d\n", cpu, ret); ++ return ret; + } + + secondary_data.task = NULL; diff --git a/patches.suse/flexfiles-enforce-per-mirror-stateid-only-for-v4-DSe.patch b/patches.suse/flexfiles-enforce-per-mirror-stateid-only-for-v4-DSe.patch new file mode 100644 index 0000000..a97c49f --- /dev/null +++ b/patches.suse/flexfiles-enforce-per-mirror-stateid-only-for-v4-DSe.patch @@ -0,0 +1,40 @@ +From: Tigran Mkrtchyan +Date: Mon, 26 Nov 2018 18:35:14 +0100 +Subject: [PATCH] flexfiles: enforce per-mirror stateid only for v4 DSes +Git-commit: 320f35b7bf8cccf1997ca3126843535e1b95e9c4 +Patch-mainline: v4.20 +References: git-fixes + +Since commit bb21ce0ad227 we always enforce per-mirror stateid. +However, this makes sense only for v4+ servers. + +Signed-off-by: Tigran Mkrtchyan +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/flexfilelayout/flexfilelayout.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/fs/nfs/flexfilelayout/flexfilelayout.c ++++ b/fs/nfs/flexfilelayout/flexfilelayout.c +@@ -1761,7 +1761,8 @@ ff_layout_read_pagelist(struct nfs_pgio_ + if (fh) + hdr->args.fh = fh; + +- if (!nfs4_ff_layout_select_ds_stateid(lseg, idx, &hdr->args.stateid)) ++ if (vers == 4 && ++ !nfs4_ff_layout_select_ds_stateid(lseg, idx, &hdr->args.stateid)) + goto out_failed; + + /* +@@ -1826,7 +1827,8 @@ ff_layout_write_pagelist(struct nfs_pgio + if (fh) + hdr->args.fh = fh; + +- if (!nfs4_ff_layout_select_ds_stateid(lseg, idx, &hdr->args.stateid)) ++ if (vers == 4 && ++ !nfs4_ff_layout_select_ds_stateid(lseg, idx, &hdr->args.stateid)) + goto out_failed; + + /* diff --git a/patches.suse/flexfiles-use-per-mirror-specified-stateid-for-IO.patch b/patches.suse/flexfiles-use-per-mirror-specified-stateid-for-IO.patch new file mode 100644 index 0000000..2dca471 --- /dev/null +++ b/patches.suse/flexfiles-use-per-mirror-specified-stateid-for-IO.patch @@ -0,0 +1,121 @@ +From: Tigran Mkrtchyan +Date: Wed, 21 Nov 2018 12:25:41 +0100 +Subject: [PATCH] flexfiles: use per-mirror specified stateid for IO +Git-commit: bb21ce0ad227b69ec0f83279297ee44232105d96 +Patch-mainline: v4.20 +References: git-fixes + +rfc8435 says: + + For tight coupling, ffds_stateid provides the stateid to be used by + the client to access the file. + +However current implementation replaces per-mirror provided stateid with +by open or lock stateid. + +Ensure that per-mirror stateid is used by ff_layout_write_prepare_v4 and +nfs4_ff_layout_prepare_ds. + +Signed-off-by: Tigran Mkrtchyan +Signed-off-by: Rick Macklem +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/flexfilelayout/flexfilelayout.c | 21 +++++++++------------ + fs/nfs/flexfilelayout/flexfilelayout.h | 4 ++++ + fs/nfs/flexfilelayout/flexfilelayoutdev.c | 19 +++++++++++++++++++ + 3 files changed, 32 insertions(+), 12 deletions(-) + +--- a/fs/nfs/flexfilelayout/flexfilelayout.c ++++ b/fs/nfs/flexfilelayout/flexfilelayout.c +@@ -1401,12 +1401,7 @@ static void ff_layout_read_prepare_v4(st + task)) + return; + +- if (ff_layout_read_prepare_common(task, hdr)) +- return; +- +- if (nfs4_set_rw_stateid(&hdr->args.stateid, hdr->args.context, +- hdr->args.lock_context, FMODE_READ) == -EIO) +- rpc_exit(task, -EIO); /* lost lock, terminate I/O */ ++ ff_layout_read_prepare_common(task, hdr); + } + + static void ff_layout_read_call_done(struct rpc_task *task, void *data) +@@ -1575,12 +1570,7 @@ static void ff_layout_write_prepare_v4(s + task)) + return; + +- if (ff_layout_write_prepare_common(task, hdr)) +- return; +- +- if (nfs4_set_rw_stateid(&hdr->args.stateid, hdr->args.context, +- hdr->args.lock_context, FMODE_WRITE) == -EIO) +- rpc_exit(task, -EIO); /* lost lock, terminate I/O */ ++ ff_layout_write_prepare_common(task, hdr); + } + + static void ff_layout_write_call_done(struct rpc_task *task, void *data) +@@ -1770,6 +1760,10 @@ ff_layout_read_pagelist(struct nfs_pgio_ + fh = nfs4_ff_layout_select_ds_fh(lseg, idx); + if (fh) + hdr->args.fh = fh; ++ ++ if (!nfs4_ff_layout_select_ds_stateid(lseg, idx, &hdr->args.stateid)) ++ goto out_failed; ++ + /* + * Note that if we ever decide to split across DSes, + * then we may need to handle dense-like offsets. +@@ -1832,6 +1826,9 @@ ff_layout_write_pagelist(struct nfs_pgio + if (fh) + hdr->args.fh = fh; + ++ if (!nfs4_ff_layout_select_ds_stateid(lseg, idx, &hdr->args.stateid)) ++ goto out_failed; ++ + /* + * Note that if we ever decide to split across DSes, + * then we may need to handle dense-like offsets. +--- a/fs/nfs/flexfilelayout/flexfilelayout.h ++++ b/fs/nfs/flexfilelayout/flexfilelayout.h +@@ -219,6 +219,10 @@ unsigned int ff_layout_fetch_ds_ioerr(st + unsigned int maxnum); + struct nfs_fh * + nfs4_ff_layout_select_ds_fh(struct pnfs_layout_segment *lseg, u32 mirror_idx); ++int ++nfs4_ff_layout_select_ds_stateid(struct pnfs_layout_segment *lseg, ++ u32 mirror_idx, ++ nfs4_stateid *stateid); + + struct nfs4_pnfs_ds * + nfs4_ff_layout_prepare_ds(struct pnfs_layout_segment *lseg, u32 ds_idx, +--- a/fs/nfs/flexfilelayout/flexfilelayoutdev.c ++++ b/fs/nfs/flexfilelayout/flexfilelayoutdev.c +@@ -368,6 +368,25 @@ out: + return fh; + } + ++int ++nfs4_ff_layout_select_ds_stateid(struct pnfs_layout_segment *lseg, ++ u32 mirror_idx, ++ nfs4_stateid *stateid) ++{ ++ struct nfs4_ff_layout_mirror *mirror = FF_LAYOUT_COMP(lseg, mirror_idx); ++ ++ if (!ff_layout_mirror_valid(lseg, mirror, false)) { ++ pr_err_ratelimited("NFS: %s: No data server for mirror offset index %d\n", ++ __func__, mirror_idx); ++ goto out; ++ } ++ ++ nfs4_stateid_copy(stateid, &mirror->stateid); ++ return 1; ++out: ++ return 0; ++} ++ + /** + * nfs4_ff_layout_prepare_ds - prepare a DS connection for an RPC call + * @lseg: the layout segment we're operating on diff --git a/patches.suse/fs-nfs-Fix-possible-null-pointer-dereferences-in-enc.patch b/patches.suse/fs-nfs-Fix-possible-null-pointer-dereferences-in-enc.patch new file mode 100644 index 0000000..71bc3c6 --- /dev/null +++ b/patches.suse/fs-nfs-Fix-possible-null-pointer-dereferences-in-enc.patch @@ -0,0 +1,41 @@ +From: Jia-Ju Bai +Date: Fri, 26 Jul 2019 15:48:53 +0800 +Subject: [PATCH] fs: nfs: Fix possible null-pointer dereferences in + encode_attrs() +Git-commit: e2751463eaa6f9fec8fea80abbdc62dbc487b3c5 +Patch-mainline: v5.4 +References: git-fixes + +In encode_attrs(), there is an if statement on line 1145 to check +whether label is NULL: + if (label && (attrmask[2] & FATTR4_WORD2_SECURITY_LABEL)) + +When label is NULL, it is used on lines 1178-1181: + *p++ = cpu_to_be32(label->lfs); + *p++ = cpu_to_be32(label->pi); + *p++ = cpu_to_be32(label->len); + p = xdr_encode_opaque_fixed(p, label->label, label->len); + +To fix these bugs, label is checked before being used. + +These bugs are found by a static analysis tool STCheck written by us. + +Signed-off-by: Jia-Ju Bai +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/nfs4xdr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfs/nfs4xdr.c ++++ b/fs/nfs/nfs4xdr.c +@@ -1118,7 +1118,7 @@ static void encode_attrs(struct xdr_stre + } else + *p++ = cpu_to_be32(NFS4_SET_TO_SERVER_TIME); + } +- if (bmval[2] & FATTR4_WORD2_SECURITY_LABEL) { ++ if (label && (bmval[2] & FATTR4_WORD2_SECURITY_LABEL)) { + *p++ = cpu_to_be32(label->lfs); + *p++ = cpu_to_be32(label->pi); + *p++ = cpu_to_be32(label->len); diff --git a/patches.suse/ibmveth-Always-stop-tx-queues-during-close.patch b/patches.suse/ibmveth-Always-stop-tx-queues-during-close.patch new file mode 100644 index 0000000..30ffc14 --- /dev/null +++ b/patches.suse/ibmveth-Always-stop-tx-queues-during-close.patch @@ -0,0 +1,154 @@ +From 127b7218bfdd60205cfe2fa3f06d95e85a2650ed Mon Sep 17 00:00:00 2001 +From: Nick Child +Date: Thu, 20 Oct 2022 16:40:52 -0500 +Subject: [PATCH] ibmveth: Always stop tx queues during close + +References: bsc#1065729 +Patch-mainline: v6.2-rc1 +Git-commit: 127b7218bfdd60205cfe2fa3f06d95e85a2650ed + +netif_stop_all_queues must be called before calling H_FREE_LOGICAL_LAN. +As a result, we can remove the pool_config field from the ibmveth +adapter structure. + +Some device configuration changes call ibmveth_close in order to free +the current resources held by the device. These functions then make +their changes and call ibmveth_open to reallocate and reserve resources +for the device. + +Prior to this commit, the flag pool_config was used to tell ibmveth_close +that it should not halt the transmit queue. pool_config was introduced in +commit 860f242eb534 ("[PATCH] ibmveth change buffer pools dynamically") +to avoid interrupting the tx flow when making rx config changes. Since +then, other commits adopted this approach, even if making tx config +changes. + +The issue with this approach was that the hypervisor freed all of +the devices control structures after the hcall H_FREE_LOGICAL_LAN +was performed but the transmit queues were never stopped. So the higher +layers in the network stack would continue transmission but any +H_SEND_LOGICAL_LAN hcall would fail with H_PARAMETER until the +hypervisor's structures for the device were allocated with the +H_REGISTER_LOGICAL_LAN hcall in ibmveth_open. This resulted in +no real networking harm but did cause several of these error +messages to be logged: "h_send_logical_lan failed with rc=-4" + +So, instead of trying to keep the transmit queues alive during network +configuration changes, just stop the queues, make necessary changes then +restart the queues. + +Signed-off-by: Nick Child +Signed-off-by: David S. Miller +Acked-by: Michal Suchanek +--- + drivers/net/ethernet/ibm/ibmveth.c | 18 +----------------- + drivers/net/ethernet/ibm/ibmveth.h | 1 - + 2 files changed, 1 insertion(+), 18 deletions(-) + +diff --git a/drivers/net/ethernet/ibm/ibmveth.c b/drivers/net/ethernet/ibm/ibmveth.c +--- a/drivers/net/ethernet/ibm/ibmveth.c ++++ b/drivers/net/ethernet/ibm/ibmveth.c +@@ -690,8 +690,7 @@ static int ibmveth_close(struct net_device *netdev) + + napi_disable(&adapter->napi); + +- if (!adapter->pool_config) +- netif_stop_queue(netdev); ++ netif_stop_queue(netdev); + + h_vio_signal(adapter->vdev->unit_address, VIO_IRQ_DISABLE); + +@@ -799,9 +798,7 @@ static int ibmveth_set_csum_offload(struct net_device *dev, u32 data) + + if (netif_running(dev)) { + restart = 1; +- adapter->pool_config = 1; + ibmveth_close(dev); +- adapter->pool_config = 0; + } + + set_attr = 0; +@@ -883,9 +880,7 @@ static int ibmveth_set_tso(struct net_device *dev, u32 data) + + if (netif_running(dev)) { + restart = 1; +- adapter->pool_config = 1; + ibmveth_close(dev); +- adapter->pool_config = 0; + } + + set_attr = 0; +@@ -1535,9 +1530,7 @@ static int ibmveth_change_mtu(struct net_device *dev, int new_mtu) + only the buffer pools necessary to hold the new MTU */ + if (netif_running(adapter->netdev)) { + need_restart = 1; +- adapter->pool_config = 1; + ibmveth_close(adapter->netdev); +- adapter->pool_config = 0; + } + + /* Look for an active buffer pool that can hold the new MTU */ +@@ -1701,7 +1694,6 @@ static int ibmveth_probe(struct vio_dev *dev, const struct vio_device_id *id) + adapter->vdev = dev; + adapter->netdev = netdev; + adapter->mcastFilterSize = be32_to_cpu(*mcastFilterSize_p); +- adapter->pool_config = 0; + ibmveth_init_link_settings(netdev); + + netif_napi_add(netdev, &adapter->napi, ibmveth_poll, 16); +@@ -1841,9 +1833,7 @@ static ssize_t veth_pool_store(struct kobject *kobj, struct attribute *attr, + return -ENOMEM; + } + pool->active = 1; +- adapter->pool_config = 1; + ibmveth_close(netdev); +- adapter->pool_config = 0; + if ((rc = ibmveth_open(netdev))) + return rc; + } else { +@@ -1869,10 +1859,8 @@ static ssize_t veth_pool_store(struct kobject *kobj, struct attribute *attr, + } + + if (netif_running(netdev)) { +- adapter->pool_config = 1; + ibmveth_close(netdev); + pool->active = 0; +- adapter->pool_config = 0; + if ((rc = ibmveth_open(netdev))) + return rc; + } +@@ -1883,9 +1871,7 @@ static ssize_t veth_pool_store(struct kobject *kobj, struct attribute *attr, + return -EINVAL; + } else { + if (netif_running(netdev)) { +- adapter->pool_config = 1; + ibmveth_close(netdev); +- adapter->pool_config = 0; + pool->size = value; + if ((rc = ibmveth_open(netdev))) + return rc; +@@ -1898,9 +1884,7 @@ static ssize_t veth_pool_store(struct kobject *kobj, struct attribute *attr, + return -EINVAL; + } else { + if (netif_running(netdev)) { +- adapter->pool_config = 1; + ibmveth_close(netdev); +- adapter->pool_config = 0; + pool->buff_size = value; + if ((rc = ibmveth_open(netdev))) + return rc; +diff --git a/drivers/net/ethernet/ibm/ibmveth.h b/drivers/net/ethernet/ibm/ibmveth.h +index daf6f615c03f..4f8357187292 100644 +--- a/drivers/net/ethernet/ibm/ibmveth.h ++++ b/drivers/net/ethernet/ibm/ibmveth.h +@@ -146,7 +146,6 @@ struct ibmveth_adapter { + dma_addr_t filter_list_dma; + struct ibmveth_buff_pool rx_buff_pool[IBMVETH_NUM_BUFF_POOLS]; + struct ibmveth_rx_q rx_queue; +- int pool_config; + int rx_csum; + int large_send; + bool is_active_trunk; +-- +2.35.3 + diff --git a/patches.suse/lockd-fix-decoding-of-TEST-results.patch b/patches.suse/lockd-fix-decoding-of-TEST-results.patch new file mode 100644 index 0000000..72c800c --- /dev/null +++ b/patches.suse/lockd-fix-decoding-of-TEST-results.patch @@ -0,0 +1,90 @@ +From: "J. Bruce Fields" +Date: Mon, 26 Nov 2018 11:36:52 -0500 +Subject: [PATCH] lockd: fix decoding of TEST results +Git-commit: b8db159239b3f51e2b909859935cc25cb3ff3eed +Patch-mainline: v5.0 +References: git-fixes + +We fail to advance the read pointer when reading the stat.oh field that +identifies the lock-holder in a TEST result. + +This turns out not to matter if the server is knfsd, which always +returns a zero-length field. But other servers (Ganesha is an example) +may not do this. The result is bad values in fcntl F_GETLK results. + +Fix this. + +Signed-off-by: J. Bruce Fields +Acked-by: NeilBrown + +--- + fs/lockd/clnt4xdr.c | 22 ++++++---------------- + fs/lockd/clntxdr.c | 22 ++++++---------------- + 2 files changed, 12 insertions(+), 32 deletions(-) + +--- a/fs/lockd/clnt4xdr.c ++++ b/fs/lockd/clnt4xdr.c +@@ -127,24 +127,14 @@ static void encode_netobj(struct xdr_str + static int decode_netobj(struct xdr_stream *xdr, + struct xdr_netobj *obj) + { +- u32 length; +- __be32 *p; ++ ssize_t ret; + +- p = xdr_inline_decode(xdr, 4); +- if (unlikely(p == NULL)) +- goto out_overflow; +- length = be32_to_cpup(p++); +- if (unlikely(length > XDR_MAX_NETOBJ)) +- goto out_size; +- obj->len = length; +- obj->data = (u8 *)p; ++ ret = xdr_stream_decode_opaque_inline(xdr, (void *)&obj->data, ++ XDR_MAX_NETOBJ); ++ if (unlikely(ret < 0)) ++ return -EIO; ++ obj->len = ret; + return 0; +-out_size: +- dprintk("NFS: returned netobj was too long: %u\n", length); +- return -EIO; +-out_overflow: +- print_overflow_msg(__func__, xdr); +- return -EIO; + } + + /* +--- a/fs/lockd/clntxdr.c ++++ b/fs/lockd/clntxdr.c +@@ -124,24 +124,14 @@ static void encode_netobj(struct xdr_str + static int decode_netobj(struct xdr_stream *xdr, + struct xdr_netobj *obj) + { +- u32 length; +- __be32 *p; ++ ssize_t ret; + +- p = xdr_inline_decode(xdr, 4); +- if (unlikely(p == NULL)) +- goto out_overflow; +- length = be32_to_cpup(p++); +- if (unlikely(length > XDR_MAX_NETOBJ)) +- goto out_size; +- obj->len = length; +- obj->data = (u8 *)p; ++ ret = xdr_stream_decode_opaque_inline(xdr, (void *)&obj->data, ++ XDR_MAX_NETOBJ); ++ if (unlikely(ret < 0)) ++ return -EIO; ++ obj->len = ret; + return 0; +-out_size: +- dprintk("NFS: returned netobj was too long: %u\n", length); +- return -EIO; +-out_overflow: +- print_overflow_msg(__func__, xdr); +- return -EIO; + } + + /* diff --git a/patches.suse/media-Don-t-let-tvp5150_get_vbi-go-out-of-vbi_ram_de.patch b/patches.suse/media-Don-t-let-tvp5150_get_vbi-go-out-of-vbi_ram_de.patch new file mode 100644 index 0000000..036fc03 --- /dev/null +++ b/patches.suse/media-Don-t-let-tvp5150_get_vbi-go-out-of-vbi_ram_de.patch @@ -0,0 +1,280 @@ +From 3dd6b560dc5d59e7cb6dbda6e85dc9af7925fcf8 Mon Sep 17 00:00:00 2001 +From: Mauro Carvalho Chehab +Date: Mon, 19 Feb 2018 13:23:39 -0500 +Subject: [PATCH] media: Don't let tvp5150_get_vbi() go out of vbi_ram_default + array +Git-commit: 3dd6b560dc5d59e7cb6dbda6e85dc9af7925fcf8 +References: git-fixes +Patch-mainline: v4.16-rc4 + +As pointed by Dan, possible values for bits[3:0] of te Line Mode Registers +can range from 0x0 to 0xf, but the check logic allow values ranging +from 0x0 to 0xe. + +As static arrays are initialized with zero, using a value without +an explicit initializer at the array won't cause any harm. + +Reported-by: Dan Carpenter +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Oliver Neukum +--- + drivers/media/i2c/tvp5150.c | 88 +++++++++++++++++++------------------ + 1 file changed, 45 insertions(+), 43 deletions(-) + +diff --git a/drivers/media/i2c/tvp5150.c b/drivers/media/i2c/tvp5150.c +index 3c1851984b90..2476d812f669 100644 +--- a/drivers/media/i2c/tvp5150.c ++++ b/drivers/media/i2c/tvp5150.c +@@ -505,80 +505,77 @@ static struct i2c_vbi_ram_value vbi_ram_default[] = + /* FIXME: Current api doesn't handle all VBI types, those not + yet supported are placed under #if 0 */ + #if 0 +- {0x010, /* Teletext, SECAM, WST System A */ ++ [0] = {0x010, /* Teletext, SECAM, WST System A */ + {V4L2_SLICED_TELETEXT_SECAM,6,23,1}, + { 0xaa, 0xaa, 0xff, 0xff, 0xe7, 0x2e, 0x20, 0x26, + 0xe6, 0xb4, 0x0e, 0x00, 0x00, 0x00, 0x10, 0x00 } + }, + #endif +- {0x030, /* Teletext, PAL, WST System B */ ++ [1] = {0x030, /* Teletext, PAL, WST System B */ + {V4L2_SLICED_TELETEXT_B,6,22,1}, + { 0xaa, 0xaa, 0xff, 0xff, 0x27, 0x2e, 0x20, 0x2b, + 0xa6, 0x72, 0x10, 0x00, 0x00, 0x00, 0x10, 0x00 } + }, + #if 0 +- {0x050, /* Teletext, PAL, WST System C */ ++ [2] = {0x050, /* Teletext, PAL, WST System C */ + {V4L2_SLICED_TELETEXT_PAL_C,6,22,1}, + { 0xaa, 0xaa, 0xff, 0xff, 0xe7, 0x2e, 0x20, 0x22, + 0xa6, 0x98, 0x0d, 0x00, 0x00, 0x00, 0x10, 0x00 } + }, +- {0x070, /* Teletext, NTSC, WST System B */ ++ [3] = {0x070, /* Teletext, NTSC, WST System B */ + {V4L2_SLICED_TELETEXT_NTSC_B,10,21,1}, + { 0xaa, 0xaa, 0xff, 0xff, 0x27, 0x2e, 0x20, 0x23, + 0x69, 0x93, 0x0d, 0x00, 0x00, 0x00, 0x10, 0x00 } + }, +- {0x090, /* Tetetext, NTSC NABTS System C */ ++ [4] = {0x090, /* Tetetext, NTSC NABTS System C */ + {V4L2_SLICED_TELETEXT_NTSC_C,10,21,1}, + { 0xaa, 0xaa, 0xff, 0xff, 0xe7, 0x2e, 0x20, 0x22, + 0x69, 0x93, 0x0d, 0x00, 0x00, 0x00, 0x15, 0x00 } + }, +- {0x0b0, /* Teletext, NTSC-J, NABTS System D */ ++ [5] = {0x0b0, /* Teletext, NTSC-J, NABTS System D */ + {V4L2_SLICED_TELETEXT_NTSC_D,10,21,1}, + { 0xaa, 0xaa, 0xff, 0xff, 0xa7, 0x2e, 0x20, 0x23, + 0x69, 0x93, 0x0d, 0x00, 0x00, 0x00, 0x10, 0x00 } + }, +- {0x0d0, /* Closed Caption, PAL/SECAM */ ++ [6] = {0x0d0, /* Closed Caption, PAL/SECAM */ + {V4L2_SLICED_CAPTION_625,22,22,1}, + { 0xaa, 0x2a, 0xff, 0x3f, 0x04, 0x51, 0x6e, 0x02, + 0xa6, 0x7b, 0x09, 0x00, 0x00, 0x00, 0x27, 0x00 } + }, + #endif +- {0x0f0, /* Closed Caption, NTSC */ ++ [7] = {0x0f0, /* Closed Caption, NTSC */ + {V4L2_SLICED_CAPTION_525,21,21,1}, + { 0xaa, 0x2a, 0xff, 0x3f, 0x04, 0x51, 0x6e, 0x02, + 0x69, 0x8c, 0x09, 0x00, 0x00, 0x00, 0x27, 0x00 } + }, +- {0x110, /* Wide Screen Signal, PAL/SECAM */ ++ [8] = {0x110, /* Wide Screen Signal, PAL/SECAM */ + {V4L2_SLICED_WSS_625,23,23,1}, + { 0x5b, 0x55, 0xc5, 0xff, 0x00, 0x71, 0x6e, 0x42, + 0xa6, 0xcd, 0x0f, 0x00, 0x00, 0x00, 0x3a, 0x00 } + }, + #if 0 +- {0x130, /* Wide Screen Signal, NTSC C */ ++ [9] = {0x130, /* Wide Screen Signal, NTSC C */ + {V4L2_SLICED_WSS_525,20,20,1}, + { 0x38, 0x00, 0x3f, 0x00, 0x00, 0x71, 0x6e, 0x43, + 0x69, 0x7c, 0x08, 0x00, 0x00, 0x00, 0x39, 0x00 } + }, +- {0x150, /* Vertical Interval Timecode (VITC), PAL/SECAM */ ++ [10] = {0x150, /* Vertical Interval Timecode (VITC), PAL/SECAM */ + {V4l2_SLICED_VITC_625,6,22,0}, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x8f, 0x6d, 0x49, + 0xa6, 0x85, 0x08, 0x00, 0x00, 0x00, 0x4c, 0x00 } + }, +- {0x170, /* Vertical Interval Timecode (VITC), NTSC */ ++ [11] = {0x170, /* Vertical Interval Timecode (VITC), NTSC */ + {V4l2_SLICED_VITC_525,10,20,0}, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x8f, 0x6d, 0x49, + 0x69, 0x94, 0x08, 0x00, 0x00, 0x00, 0x4c, 0x00 } + }, + #endif +- {0x190, /* Video Program System (VPS), PAL */ ++ [12] = {0x190, /* Video Program System (VPS), PAL */ + {V4L2_SLICED_VPS,16,16,0}, + { 0xaa, 0xaa, 0xff, 0xff, 0xba, 0xce, 0x2b, 0x0d, + 0xa6, 0xda, 0x0b, 0x00, 0x00, 0x00, 0x60, 0x00 } + }, + /* 0x1d0 User programmable */ +- +- /* End of struct */ +- { (u16)-1 } + }; + + static int tvp5150_write_inittab(struct v4l2_subdev *sd, +@@ -591,10 +588,10 @@ static int tvp5150_write_inittab(struct v4l2_subdev *sd, + return 0; + } + +-static int tvp5150_vdp_init(struct v4l2_subdev *sd, +- const struct i2c_vbi_ram_value *regs) ++static int tvp5150_vdp_init(struct v4l2_subdev *sd) + { + unsigned int i; ++ int j; + + /* Disable Full Field */ + tvp5150_write(sd, TVP5150_FULL_FIELD_ENA, 0); +@@ -604,14 +601,17 @@ static int tvp5150_vdp_init(struct v4l2_subdev *sd, + tvp5150_write(sd, i, 0xff); + + /* Load Ram Table */ +- while (regs->reg != (u16)-1) { ++ for (j = 0; j < ARRAY_SIZE(vbi_ram_default); j++) { ++ const struct i2c_vbi_ram_value *regs = &vbi_ram_default[j]; ++ ++ if (!regs->type.vbi_type) ++ continue; ++ + tvp5150_write(sd, TVP5150_CONF_RAM_ADDR_HIGH, regs->reg >> 8); + tvp5150_write(sd, TVP5150_CONF_RAM_ADDR_LOW, regs->reg); + + for (i = 0; i < 16; i++) + tvp5150_write(sd, TVP5150_VDP_CONF_RAM_DATA, regs->values[i]); +- +- regs++; + } + return 0; + } +@@ -620,19 +620,23 @@ static int tvp5150_vdp_init(struct v4l2_subdev *sd, + static int tvp5150_g_sliced_vbi_cap(struct v4l2_subdev *sd, + struct v4l2_sliced_vbi_cap *cap) + { +- const struct i2c_vbi_ram_value *regs = vbi_ram_default; +- int line; ++ int line, i; + + dev_dbg_lvl(sd->dev, 1, debug, "g_sliced_vbi_cap\n"); + memset(cap, 0, sizeof *cap); + +- while (regs->reg != (u16)-1 ) { +- for (line=regs->type.ini_line;line<=regs->type.end_line;line++) { ++ for (i = 0; i < ARRAY_SIZE(vbi_ram_default); i++) { ++ const struct i2c_vbi_ram_value *regs = &vbi_ram_default[i]; ++ ++ if (!regs->type.vbi_type) ++ continue; ++ ++ for (line = regs->type.ini_line; ++ line <= regs->type.end_line; ++ line++) { + cap->service_lines[0][line] |= regs->type.vbi_type; + } + cap->service_set |= regs->type.vbi_type; +- +- regs++; + } + return 0; + } +@@ -651,14 +655,13 @@ static int tvp5150_g_sliced_vbi_cap(struct v4l2_subdev *sd, + * MSB = field2 + */ + static int tvp5150_set_vbi(struct v4l2_subdev *sd, +- const struct i2c_vbi_ram_value *regs, + unsigned int type,u8 flags, int line, + const int fields) + { + struct tvp5150 *decoder = to_tvp5150(sd); + v4l2_std_id std = decoder->norm; + u8 reg; +- int pos = 0; ++ int i, pos = 0; + + if (std == V4L2_STD_ALL) { + dev_err(sd->dev, "VBI can't be configured without knowing number of lines\n"); +@@ -671,19 +674,19 @@ static int tvp5150_set_vbi(struct v4l2_subdev *sd, + if (line < 6 || line > 27) + return 0; + +- while (regs->reg != (u16)-1) { ++ for (i = 0; i < ARRAY_SIZE(vbi_ram_default); i++) { ++ const struct i2c_vbi_ram_value *regs = &vbi_ram_default[i]; ++ ++ if (!regs->type.vbi_type) ++ continue; ++ + if ((type & regs->type.vbi_type) && + (line >= regs->type.ini_line) && + (line <= regs->type.end_line)) + break; +- +- regs++; + pos++; + } + +- if (regs->reg == (u16)-1) +- return 0; +- + type = pos | (flags & 0xf0); + reg = ((line - 6) << 1) + TVP5150_LINE_MODE_INI; + +@@ -696,8 +699,7 @@ static int tvp5150_set_vbi(struct v4l2_subdev *sd, + return type; + } + +-static int tvp5150_get_vbi(struct v4l2_subdev *sd, +- const struct i2c_vbi_ram_value *regs, int line) ++static int tvp5150_get_vbi(struct v4l2_subdev *sd, int line) + { + struct tvp5150 *decoder = to_tvp5150(sd); + v4l2_std_id std = decoder->norm; +@@ -726,8 +728,8 @@ static int tvp5150_get_vbi(struct v4l2_subdev *sd, + return 0; + } + pos = ret & 0x0f; +- if (pos < 0x0f) +- type |= regs[pos].type.vbi_type; ++ if (pos < ARRAY_SIZE(vbi_ram_default)) ++ type |= vbi_ram_default[pos].type.vbi_type; + } + + return type; +@@ -788,7 +790,7 @@ static int tvp5150_reset(struct v4l2_subdev *sd, u32 val) + tvp5150_write_inittab(sd, tvp5150_init_default); + + /* Initializes VDP registers */ +- tvp5150_vdp_init(sd, vbi_ram_default); ++ tvp5150_vdp_init(sd); + + /* Selects decoder input */ + tvp5150_selmux(sd); +@@ -1121,8 +1123,8 @@ static int tvp5150_s_sliced_fmt(struct v4l2_subdev *sd, struct v4l2_sliced_vbi_f + for (i = 0; i <= 23; i++) { + svbi->service_lines[1][i] = 0; + svbi->service_lines[0][i] = +- tvp5150_set_vbi(sd, vbi_ram_default, +- svbi->service_lines[0][i], 0xf0, i, 3); ++ tvp5150_set_vbi(sd, svbi->service_lines[0][i], ++ 0xf0, i, 3); + } + /* Enables FIFO */ + tvp5150_write(sd, TVP5150_FIFO_OUT_CTRL, 1); +@@ -1148,7 +1150,7 @@ static int tvp5150_g_sliced_fmt(struct v4l2_subdev *sd, struct v4l2_sliced_vbi_f + + for (i = 0; i <= 23; i++) { + svbi->service_lines[0][i] = +- tvp5150_get_vbi(sd, vbi_ram_default, i); ++ tvp5150_get_vbi(sd, i); + mask |= svbi->service_lines[0][i]; + } + svbi->service_set = mask; +-- +2.35.3 + diff --git a/patches.suse/media-i2c-tvp5150-remove-useless-variable-assignment.patch b/patches.suse/media-i2c-tvp5150-remove-useless-variable-assignment.patch new file mode 100644 index 0000000..991e542 --- /dev/null +++ b/patches.suse/media-i2c-tvp5150-remove-useless-variable-assignment.patch @@ -0,0 +1,83 @@ +From b3d930aaf74f8b248edd7cfe7f35caefeff785bd Mon Sep 17 00:00:00 2001 +From: "Gustavo A. R. Silva" +Date: Fri, 23 Jun 2017 19:37:00 -0300 +Subject: [PATCH] media: i2c: tvp5150: remove useless variable assignment in + tvp5150_set_vbi() +Git-commit: b3d930aaf74f8b248edd7cfe7f35caefeff785bd +References: git-fixes +Patch-mainline: v4.13-rc4 + +Value assigned to variable _type_ at line 678 is overwritten at line 688 +before it can be used. This makes such variable assignment useless. + +Remove this variable assignment and fix some coding style issues. + +Addresses-Coverity-ID: 1226968 + +Signed-off-by: Gustavo A. R. Silva +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Oliver Neukum +--- + drivers/media/i2c/tvp5150.c | 25 +++++++++++-------------- + 1 file changed, 11 insertions(+), 14 deletions(-) + +diff --git a/drivers/media/i2c/tvp5150.c b/drivers/media/i2c/tvp5150.c +index 9da4bf4f2c7a..7b79a7498751 100644 +--- a/drivers/media/i2c/tvp5150.c ++++ b/drivers/media/i2c/tvp5150.c +@@ -659,7 +659,7 @@ static int tvp5150_set_vbi(struct v4l2_subdev *sd, + struct tvp5150 *decoder = to_tvp5150(sd); + v4l2_std_id std = decoder->norm; + u8 reg; +- int pos=0; ++ int pos = 0; + + if (std == V4L2_STD_ALL) { + dev_err(sd->dev, "VBI can't be configured without knowing number of lines\n"); +@@ -669,33 +669,30 @@ static int tvp5150_set_vbi(struct v4l2_subdev *sd, + line += 3; + } + +- if (line<6||line>27) ++ if (line < 6 || line > 27) + return 0; + +- while (regs->reg != (u16)-1 ) { ++ while (regs->reg != (u16)-1) { + if ((type & regs->type.vbi_type) && +- (line>=regs->type.ini_line) && +- (line<=regs->type.end_line)) { +- type=regs->type.vbi_type; ++ (line >= regs->type.ini_line) && ++ (line <= regs->type.end_line)) + break; +- } + + regs++; + pos++; + } ++ + if (regs->reg == (u16)-1) + return 0; + +- type=pos | (flags & 0xf0); +- reg=((line-6)<<1)+TVP5150_LINE_MODE_INI; ++ type = pos | (flags & 0xf0); ++ reg = ((line - 6) << 1) + TVP5150_LINE_MODE_INI; + +- if (fields&1) { ++ if (fields & 1) + tvp5150_write(sd, reg, type); +- } + +- if (fields&2) { +- tvp5150_write(sd, reg+1, type); +- } ++ if (fields & 2) ++ tvp5150_write(sd, reg + 1, type); + + return type; + } +-- +2.35.3 + diff --git a/patches.suse/memcg-Fix-possible-use-after-free-in-memcg_write_event_control.patch b/patches.suse/memcg-Fix-possible-use-after-free-in-memcg_write_event_control.patch new file mode 100644 index 0000000..660ad59 --- /dev/null +++ b/patches.suse/memcg-Fix-possible-use-after-free-in-memcg_write_event_control.patch @@ -0,0 +1,113 @@ +From: Tejun Heo +Date: Wed, 7 Dec 2022 16:53:15 -1000 +Subject: memcg: Fix possible use-after-free in memcg_write_event_control() +Git-commit: fbf8321238bac04368f57af572e05a9c01347a0b +Patch-mainline: v6.1 +References: bsc#1206344 + +memcg_write_event_control() accesses the dentry->d_name of the specified +control fd to route the write call. As a cgroup interface file can't be +renamed, it's safe to access d_name as long as the specified file is a +regular cgroup file. Also, as these cgroup interface files can't be +removed before the directory, it's safe to access the parent too. + +Prior to 347c4a874710 ("memcg: remove cgroup_event->cft"), there was a +call to __file_cft() which verified that the specified file is a regular +cgroupfs file before further accesses. The cftype pointer returned from +__file_cft() was no longer necessary and the commit inadvertently +dropped the file type check with it allowing any file to slip through. +With the invarients broken, the d_name and parent accesses can now race +against renames and removals of arbitrary files and cause +use-after-free's. + +Fix the bug by resurrecting the file type check in __file_cft(). Now +that cgroupfs is implemented through kernfs, checking the file +operations needs to go through a layer of indirection. Instead, let's +check the superblock and dentry type. + +Signed-off-by: Tejun Heo +Fixes: 347c4a874710 ("memcg: remove cgroup_event->cft") +Cc: stable@kernel.org # v3.14+ +Reported-by: Jann Horn +Acked-by: Johannes Weiner +Acked-by: Roman Gushchin +Signed-off-by: Linus Torvalds +Acked-by: Michal Koutný +--- + include/linux/cgroup.h | 1 + + kernel/cgroup/cgroup-internal.h | 1 - + mm/memcontrol.c | 15 +++++++++++++-- + 3 files changed, 14 insertions(+), 3 deletions(-) + +diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h +index 528bd44b59e2..2b7d077de7ef 100644 +--- a/include/linux/cgroup.h ++++ b/include/linux/cgroup.h +@@ -68,6 +68,7 @@ struct css_task_iter { + struct list_head iters_node; /* css_set->task_iters */ + }; + ++extern struct file_system_type cgroup_fs_type; + extern struct cgroup_root cgrp_dfl_root; + extern struct css_set init_css_set; + +diff --git a/kernel/cgroup/cgroup-internal.h b/kernel/cgroup/cgroup-internal.h +index fd4020835ec6..367b0a42ada9 100644 +--- a/kernel/cgroup/cgroup-internal.h ++++ b/kernel/cgroup/cgroup-internal.h +@@ -167,7 +167,6 @@ struct cgroup_mgctx { + extern spinlock_t css_set_lock; + extern struct cgroup_subsys *cgroup_subsys[]; + extern struct list_head cgroup_roots; +-extern struct file_system_type cgroup_fs_type; + + /* iterate across the hierarchies */ + #define for_each_root(root) \ +diff --git a/mm/memcontrol.c b/mm/memcontrol.c +index a1a35c12635e..266a1ab05434 100644 +--- a/mm/memcontrol.c ++++ b/mm/memcontrol.c +@@ -4832,6 +4832,7 @@ static ssize_t memcg_write_event_control(struct kernfs_open_file *of, + unsigned int efd, cfd; + struct fd efile; + struct fd cfile; ++ struct dentry *cdentry; + const char *name; + char *endp; + int ret; +@@ -4885,6 +4886,16 @@ static ssize_t memcg_write_event_control(struct kernfs_open_file *of, + if (ret < 0) + goto out_put_cfile; + ++ /* ++ * The control file must be a regular cgroup1 file. As a regular cgroup ++ * file can't be renamed, it's safe to access its name afterwards. ++ */ ++ cdentry = cfile.file->f_path.dentry; ++ if (cdentry->d_sb->s_type != &cgroup_fs_type || !d_is_reg(cdentry)) { ++ ret = -EINVAL; ++ goto out_put_cfile; ++ } ++ + /* + * Determine the event callbacks and set them in @event. This used + * to be done via struct cftype but cgroup core no longer knows +@@ -4893,7 +4904,7 @@ static ssize_t memcg_write_event_control(struct kernfs_open_file *of, + * + * DO NOT ADD NEW FILES. + */ +- name = cfile.file->f_path.dentry->d_name.name; ++ name = cdentry->d_name.name; + + if (!strcmp(name, "memory.usage_in_bytes")) { + event->register_event = mem_cgroup_usage_register_event; +@@ -4917,7 +4928,7 @@ static ssize_t memcg_write_event_control(struct kernfs_open_file *of, + * automatically removed on cgroup destruction but the removal is + * asynchronous, so take an extra ref on @css. + */ +- cfile_css = css_tryget_online_from_dir(cfile.file->f_path.dentry->d_parent, ++ cfile_css = css_tryget_online_from_dir(cdentry->d_parent, + &memory_cgrp_subsys); + ret = -EINVAL; + if (IS_ERR(cfile_css)) + diff --git a/patches.suse/net-sunrpc-Fix-off-by-one-issues-in-rpc_ntop6.patch b/patches.suse/net-sunrpc-Fix-off-by-one-issues-in-rpc_ntop6.patch new file mode 100644 index 0000000..869f059 --- /dev/null +++ b/patches.suse/net-sunrpc-Fix-off-by-one-issues-in-rpc_ntop6.patch @@ -0,0 +1,39 @@ +From: Fedor Tokarev +Date: Sat, 28 Mar 2020 14:56:55 +0300 +Subject: [PATCH] net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' +Git-commit: 118917d696dc59fd3e1741012c2f9db2294bed6f +Patch-mainline: v5.8 +References: git-fixes + +Fix off-by-one issues in 'rpc_ntop6': + - 'snprintf' returns the number of characters which would have been + written if enough space had been available, excluding the terminating + null byte. Thus, a return value of 'sizeof(scopebuf)' means that the + last character was dropped. + - 'strcat' adds a terminating null byte to the string, thus if len == + buflen, the null byte is written past the end of the buffer. + +Signed-off-by: Fedor Tokarev +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + net/sunrpc/addr.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/sunrpc/addr.c ++++ b/net/sunrpc/addr.c +@@ -81,11 +81,11 @@ static size_t rpc_ntop6(const struct soc + + rc = snprintf(scopebuf, sizeof(scopebuf), "%c%u", + IPV6_SCOPE_DELIMITER, sin6->sin6_scope_id); +- if (unlikely((size_t)rc > sizeof(scopebuf))) ++ if (unlikely((size_t)rc >= sizeof(scopebuf))) + return 0; + + len += rc; +- if (unlikely(len > buflen)) ++ if (unlikely(len >= buflen)) + return 0; + + strcat(buf, scopebuf); diff --git a/patches.suse/net-sunrpc-clnt-Fix-xps-refcount-imbalance-on-the-er.patch b/patches.suse/net-sunrpc-clnt-Fix-xps-refcount-imbalance-on-the-er.patch new file mode 100644 index 0000000..9e0f4d8 --- /dev/null +++ b/patches.suse/net-sunrpc-clnt-Fix-xps-refcount-imbalance-on-the-er.patch @@ -0,0 +1,29 @@ +From: Lin Yi +Date: Mon, 10 Jun 2019 10:16:56 +0800 +Subject: [PATCH] net :sunrpc :clnt :Fix xps refcount imbalance on the error + path +Git-commit: b96226148491505318228ac52624956bd98f9e0c +Patch-mainline: v5.2 +References: git-fixes + +rpc_clnt_add_xprt take a reference to struct rpc_xprt_switch, but forget +to release it before return, may lead to a memory leak. + +Signed-off-by: Lin Yi +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + net/sunrpc/clnt.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/sunrpc/clnt.c ++++ b/net/sunrpc/clnt.c +@@ -2839,6 +2839,7 @@ int rpc_clnt_add_xprt(struct rpc_clnt *c + xprt = xprt_iter_xprt(&clnt->cl_xpi); + if (xps == NULL || xprt == NULL) { + rcu_read_unlock(); ++ xprt_switch_put(xps); + return -EAGAIN; + } + resvport = xprt->resvport; diff --git a/patches.suse/net-usb-cdc_ncm-don-t-spew-notifications.patch b/patches.suse/net-usb-cdc_ncm-don-t-spew-notifications.patch new file mode 100644 index 0000000..90711e5 --- /dev/null +++ b/patches.suse/net-usb-cdc_ncm-don-t-spew-notifications.patch @@ -0,0 +1,111 @@ +From de658a195ee23ca6aaffe197d1d2ea040beea0a2 Mon Sep 17 00:00:00 2001 +From: Grant Grundler +Date: Tue, 19 Jan 2021 17:12:08 -0800 +Subject: [PATCH] net: usb: cdc_ncm: don't spew notifications +Git-commit: de658a195ee23ca6aaffe197d1d2ea040beea0a2 +References: git-fixes +Patch-mainline: v5.11-rc5 + +RTL8156 sends notifications about every 32ms. +Only display/log notifications when something changes. + +This issue has been reported by others: + https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1832472 + https://lkml.org/lkml/2020/8/27/1083 + +... +[785962.779840] usb 1-1: new high-speed USB device number 5 using xhci_hcd +[785962.929944] usb 1-1: New USB device found, idVendor=0bda, idProduct=8156, bcdDevice=30.00 +[785962.929949] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=6 +[785962.929952] usb 1-1: Product: USB 10/100/1G/2.5G LAN +[785962.929954] usb 1-1: Manufacturer: Realtek +[785962.929956] usb 1-1: SerialNumber: 000000001 +[785962.991755] usbcore: registered new interface driver cdc_ether +[785963.017068] cdc_ncm 1-1:2.0: MAC-Address: 00:24:27:88:08:15 +[785963.017072] cdc_ncm 1-1:2.0: setting rx_max = 16384 +[785963.017169] cdc_ncm 1-1:2.0: setting tx_max = 16384 +[785963.017682] cdc_ncm 1-1:2.0 usb0: register 'cdc_ncm' at usb-0000:00:14.0-1, CDC NCM, 00:24:27:88:08:15 +[785963.019211] usbcore: registered new interface driver cdc_ncm +[785963.023856] usbcore: registered new interface driver cdc_wdm +[785963.025461] usbcore: registered new interface driver cdc_mbim +[785963.038824] cdc_ncm 1-1:2.0 enx002427880815: renamed from usb0 +[785963.089586] cdc_ncm 1-1:2.0 enx002427880815: network connection: disconnected +[785963.121673] cdc_ncm 1-1:2.0 enx002427880815: network connection: disconnected +[785963.153682] cdc_ncm 1-1:2.0 enx002427880815: network connection: disconnected +... + +This is about 2KB per second and will overwrite all contents of a 1MB +dmesg buffer in under 10 minutes rendering them useless for debugging +many kernel problems. + +This is also an extra 180 MB/day in /var/logs (or 1GB per week) rendering +the majority of those logs useless too. + +When the link is up (expected state), spew amount is >2x higher: +... +[786139.600992] cdc_ncm 2-1:2.0 enx002427880815: network connection: connected +[786139.632997] cdc_ncm 2-1:2.0 enx002427880815: 2500 mbit/s downlink 2500 mbit/s uplink +[786139.665097] cdc_ncm 2-1:2.0 enx002427880815: network connection: connected +[786139.697100] cdc_ncm 2-1:2.0 enx002427880815: 2500 mbit/s downlink 2500 mbit/s uplink +[786139.729094] cdc_ncm 2-1:2.0 enx002427880815: network connection: connected +[786139.761108] cdc_ncm 2-1:2.0 enx002427880815: 2500 mbit/s downlink 2500 mbit/s uplink +... + +Chrome OS cannot support RTL8156 until this is fixed. + +Signed-off-by: Grant Grundler +Reviewed-by: Hayes Wang +Link: https://lore.kernel.org/r/20210120011208.3768105-1-grundler@chromium.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/cdc_ncm.c | 12 +++++++++++- + include/linux/usb/usbnet.h | 2 ++ + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c +index 5a78848db93f..291e76d32abe 100644 +--- a/drivers/net/usb/cdc_ncm.c ++++ b/drivers/net/usb/cdc_ncm.c +@@ -1827,6 +1827,15 @@ cdc_ncm_speed_change(struct usbnet *dev, + uint32_t rx_speed = le32_to_cpu(data->DLBitRRate); + uint32_t tx_speed = le32_to_cpu(data->ULBitRate); + ++ /* if the speed hasn't changed, don't report it. ++ * RTL8156 shipped before 2021 sends notification about every 32ms. ++ */ ++ if (dev->rx_speed == rx_speed && dev->tx_speed == tx_speed) ++ return; ++ ++ dev->rx_speed = rx_speed; ++ dev->tx_speed = tx_speed; ++ + /* + * Currently the USB-NET API does not support reporting the actual + * device speed. Do print it instead. +@@ -1867,7 +1876,8 @@ static void cdc_ncm_status(struct usbnet *dev, struct urb *urb) + * USB_CDC_NOTIFY_NETWORK_CONNECTION notification shall be + * sent by device after USB_CDC_NOTIFY_SPEED_CHANGE. + */ +- usbnet_link_change(dev, !!event->wValue, 0); ++ if (netif_carrier_ok(dev->net) != !!event->wValue) ++ usbnet_link_change(dev, !!event->wValue, 0); + break; + + case USB_CDC_NOTIFY_SPEED_CHANGE: +diff --git a/include/linux/usb/usbnet.h b/include/linux/usb/usbnet.h +index 88a7673894d5..cfbfd6fe01df 100644 +--- a/include/linux/usb/usbnet.h ++++ b/include/linux/usb/usbnet.h +@@ -81,6 +81,8 @@ struct usbnet { + # define EVENT_LINK_CHANGE 11 + # define EVENT_SET_RX_MODE 12 + # define EVENT_NO_IP_ALIGN 13 ++ u32 rx_speed; /* in bps - NOT Mbps */ ++ u32 tx_speed; /* in bps - NOT Mbps */ + }; + + static inline struct usb_driver *driver_of(struct usb_interface *intf) +-- +2.35.3 + diff --git a/patches.suse/net-usb-qmi_wwan-Set-DTR-quirk-for-MR400.patch b/patches.suse/net-usb-qmi_wwan-Set-DTR-quirk-for-MR400.patch new file mode 100644 index 0000000..ecd0617 --- /dev/null +++ b/patches.suse/net-usb-qmi_wwan-Set-DTR-quirk-for-MR400.patch @@ -0,0 +1,38 @@ +From df8d85d8c69d6837817e54dcb73c84a8b5a13877 Mon Sep 17 00:00:00 2001 +From: Filip Moc +Date: Tue, 17 Nov 2020 18:36:31 +0100 +Subject: [PATCH] net: usb: qmi_wwan: Set DTR quirk for MR400 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: df8d85d8c69d6837817e54dcb73c84a8b5a13877 +References: git-fixes +Patch-mainline: v5.10-rc5 + +LTE module MR400 embedded in TL-MR6400 v4 requires DTR to be set. + +Signed-off-by: Filip Moc +Acked-by: Bjørn Mork +Link: https://lore.kernel.org/r/20201117173631.GA550981@moc6.cz +Signed-off-by: Jakub Kicinski +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/qmi_wwan.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c +index 581ed51abb53..fc378ff56775 100644 +--- a/drivers/net/usb/qmi_wwan.c ++++ b/drivers/net/usb/qmi_wwan.c +@@ -1070,7 +1070,7 @@ static const struct usb_device_id products[] = { + {QMI_FIXED_INTF(0x05c6, 0x9011, 4)}, + {QMI_FIXED_INTF(0x05c6, 0x9021, 1)}, + {QMI_FIXED_INTF(0x05c6, 0x9022, 2)}, +- {QMI_FIXED_INTF(0x05c6, 0x9025, 4)}, /* Alcatel-sbell ASB TL131 TDD LTE (China Mobile) */ ++ {QMI_QUIRK_SET_DTR(0x05c6, 0x9025, 4)}, /* Alcatel-sbell ASB TL131 TDD LTE (China Mobile) */ + {QMI_FIXED_INTF(0x05c6, 0x9026, 3)}, + {QMI_FIXED_INTF(0x05c6, 0x902e, 5)}, + {QMI_FIXED_INTF(0x05c6, 0x9031, 5)}, +-- +2.35.3 + diff --git a/patches.suse/net-usb-qmi_wwan-add-Quectel-EM160R-GL.patch b/patches.suse/net-usb-qmi_wwan-add-Quectel-EM160R-GL.patch new file mode 100644 index 0000000..992abf0 --- /dev/null +++ b/patches.suse/net-usb-qmi_wwan-add-Quectel-EM160R-GL.patch @@ -0,0 +1,64 @@ +From cfd82dfc9799c53ef109343a23af006a0f6860a9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= +Date: Wed, 30 Dec 2020 16:24:51 +0100 +Subject: [PATCH] net: usb: qmi_wwan: add Quectel EM160R-GL +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: cfd82dfc9799c53ef109343a23af006a0f6860a9 +References: git-fixes +Patch-mainline: v5.11-rc3 + +New modem using ff/ff/30 for QCDM, ff/00/00 for AT and NMEA, +and ff/ff/ff for RMNET/QMI. + +T: Bus=02 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=5000 MxCh= 0 +D: Ver= 3.20 Cls=ef(misc ) Sub=02 Prot=01 MxPS= 9 #Cfgs= 1 +P: Vendor=2c7c ProdID=0620 Rev= 4.09 +S: Manufacturer=Quectel +S: Product=EM160R-GL +S: SerialNumber=e31cedc1 +C:* #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=896mA +I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=(none) +E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) +E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms +E: Ad=82(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) +E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms +E: Ad=84(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) +E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms +E: Ad=86(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=04(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) +E: Ad=88(I) Atr=03(Int.) MxPS= 8 Ivl=32ms +E: Ad=8e(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=0f(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms + +Signed-off-by: Bjørn Mork +Link: https://lore.kernel.org/r/20201230152451.245271-1-bjorn@mork.no +Signed-off-by: Jakub Kicinski +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/qmi_wwan.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c +index d166c321ee9b..af19513a9f75 100644 +--- a/drivers/net/usb/qmi_wwan.c ++++ b/drivers/net/usb/qmi_wwan.c +@@ -1013,6 +1013,7 @@ static const struct usb_device_id products[] = { + {QMI_MATCH_FF_FF_FF(0x2c7c, 0x0125)}, /* Quectel EC25, EC20 R2.0 Mini PCIe */ + {QMI_MATCH_FF_FF_FF(0x2c7c, 0x0306)}, /* Quectel EP06/EG06/EM06 */ + {QMI_MATCH_FF_FF_FF(0x2c7c, 0x0512)}, /* Quectel EG12/EM12 */ ++ {QMI_MATCH_FF_FF_FF(0x2c7c, 0x0620)}, /* Quectel EM160R-GL */ + {QMI_MATCH_FF_FF_FF(0x2c7c, 0x0800)}, /* Quectel RM500Q-GL */ + + /* 3. Combined interface devices matching on interface number */ +-- +2.35.3 + diff --git a/patches.suse/net-usb-qmi_wwan-restore-mtu-min-max-values-after-ra.patch b/patches.suse/net-usb-qmi_wwan-restore-mtu-min-max-values-after-ra.patch new file mode 100644 index 0000000..9311e69 --- /dev/null +++ b/patches.suse/net-usb-qmi_wwan-restore-mtu-min-max-values-after-ra.patch @@ -0,0 +1,51 @@ +From eae7172f8141eb98e64e6e81acc9e9d5b2add127 Mon Sep 17 00:00:00 2001 +From: Daniele Palmas +Date: Fri, 21 Feb 2020 14:17:05 +0100 +Subject: [PATCH] net: usb: qmi_wwan: restore mtu min/max values after raw_ip + switch +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: eae7172f8141eb98e64e6e81acc9e9d5b2add127 +References: git-fixes +Patch-mainline: v5.6-rc4 + +usbnet creates network interfaces with min_mtu = 0 and +max_mtu = ETH_MAX_MTU. + +These values are not modified by qmi_wwan when the network interface +is created initially, allowing, for example, to set mtu greater than 1500. + +When a raw_ip switch is done (raw_ip set to 'Y', then set to 'N') the mtu +values for the network interface are set through ether_setup, with +min_mtu = ETH_MIN_MTU and max_mtu = ETH_DATA_LEN, not allowing anymore to +set mtu greater than 1500 (error: mtu greater than device maximum). + +The patch restores the original min/max mtu values set by usbnet after a +raw_ip switch. + +Signed-off-by: Daniele Palmas +Acked-by: Bjørn Mork +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/qmi_wwan.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c +index 3b7a3b8a5e06..5754bb6ca0ee 100644 +--- a/drivers/net/usb/qmi_wwan.c ++++ b/drivers/net/usb/qmi_wwan.c +@@ -337,6 +337,9 @@ static void qmi_wwan_netdev_setup(struct net_device *net) + netdev_dbg(net, "mode: raw IP\n"); + } else if (!net->header_ops) { /* don't bother if already set */ + ether_setup(net); ++ /* Restoring min/max mtu values set originally by usbnet */ ++ net->min_mtu = 0; ++ net->max_mtu = ETH_MAX_MTU; + clear_bit(EVENT_NO_IP_ALIGN, &dev->flags); + netdev_dbg(net, "mode: Ethernet\n"); + } +-- +2.35.3 + diff --git a/patches.suse/nfs-Fix-NULL-pointer-dereference-of-dev_name.patch b/patches.suse/nfs-Fix-NULL-pointer-dereference-of-dev_name.patch new file mode 100644 index 0000000..18dea49 --- /dev/null +++ b/patches.suse/nfs-Fix-NULL-pointer-dereference-of-dev_name.patch @@ -0,0 +1,52 @@ +From: Yao Liu +Date: Mon, 28 Jan 2019 19:44:14 +0800 +Subject: [PATCH] nfs: Fix NULL pointer dereference of dev_name +Git-commit: 80ff00172407e0aad4b10b94ef0816fc3e7813cb +Patch-mainline: v5.0 +References: git-fixes + +There is a NULL pointer dereference of dev_name in nfs_parse_devname() + +The oops looks something like: + + BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 + ... + RIP: 0010:nfs_fs_mount+0x3b6/0xc20 [nfs] + ... + Call Trace: + ? ida_alloc_range+0x34b/0x3d0 + ? nfs_clone_super+0x80/0x80 [nfs] + ? nfs_free_parsed_mount_data+0x60/0x60 [nfs] + mount_fs+0x52/0x170 + ? __init_waitqueue_head+0x3b/0x50 + vfs_kern_mount+0x6b/0x170 + do_mount+0x216/0xdc0 + ksys_mount+0x83/0xd0 + __x64_sys_mount+0x25/0x30 + do_syscall_64+0x65/0x220 + entry_SYSCALL_64_after_hwframe+0x49/0xbe + +Fix this by adding a NULL check on dev_name + +Signed-off-by: Yao Liu +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/super.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/fs/nfs/super.c ++++ b/fs/nfs/super.c +@@ -1953,6 +1953,11 @@ static int nfs_parse_devname(const char + size_t len; + char *end; + ++ if (unlikely(!dev_name || !*dev_name)) { ++ dfprintk(MOUNT, "NFS: device name not specified\n"); ++ return -EINVAL; ++ } ++ + /* Is the host name protected with square brakcets? */ + if (*dev_name == '[') { + end = strchr(++dev_name, ']'); diff --git a/patches.suse/nfs-fix-PNFS_FLEXFILE_LAYOUT-Kconfig-default.patch b/patches.suse/nfs-fix-PNFS_FLEXFILE_LAYOUT-Kconfig-default.patch new file mode 100644 index 0000000..ed10b17 --- /dev/null +++ b/patches.suse/nfs-fix-PNFS_FLEXFILE_LAYOUT-Kconfig-default.patch @@ -0,0 +1,30 @@ +From: Timo Rothenpieler +Date: Tue, 23 Feb 2021 15:19:01 +0100 +Subject: [PATCH] nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default +Git-commit: a0590473c5e6c4ef17c3132ad08fbad170f72d55 +Patch-mainline: v5.12 +References: git-fixes + +This follows what was done in 8c2fabc6542d9d0f8b16bd1045c2eda59bdcde13. +With the default being m, it's impossible to build the module into the +kernel. + +Signed-off-by: Timo Rothenpieler +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfs/Kconfig ++++ b/fs/nfs/Kconfig +@@ -127,7 +127,7 @@ config PNFS_BLOCK + config PNFS_FLEXFILE_LAYOUT + tristate + depends on NFS_V4_1 && NFS_V3 +- default m ++ default NFS_V4 + + config NFS_V4_1_IMPLEMENTATION_ID_DOMAIN + string "NFSv4.1 Implementation ID Domain" diff --git a/patches.suse/nfs-nfs4clinet-check-the-return-value-of-kstrdup.patch b/patches.suse/nfs-nfs4clinet-check-the-return-value-of-kstrdup.patch new file mode 100644 index 0000000..064df6a --- /dev/null +++ b/patches.suse/nfs-nfs4clinet-check-the-return-value-of-kstrdup.patch @@ -0,0 +1,34 @@ +From: Xiaoke Wang +Date: Fri, 17 Dec 2021 01:01:33 +0800 +Subject: [PATCH] nfs: nfs4clinet: check the return value of kstrdup() +Git-commit: fbd2057e5329d3502a27491190237b6be52a1cb6 +Patch-mainline: v5.17 +References: git-fixes + +kstrdup() returns NULL when some internal memory errors happen, it is +better to check the return value of it so to catch the memory error in +time. + +Signed-off-by: Xiaoke Wang +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/nfs4client.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/fs/nfs/nfs4client.c ++++ b/fs/nfs/nfs4client.c +@@ -1258,8 +1258,11 @@ int nfs4_update_server(struct nfs_server + } + nfs_put_client(clp); + +- if (server->nfs_client->cl_hostname == NULL) ++ if (server->nfs_client->cl_hostname == NULL) { + server->nfs_client->cl_hostname = kstrdup(hostname, GFP_KERNEL); ++ if (server->nfs_client->cl_hostname == NULL) ++ return -ENOMEM; ++ } + nfs_server_insert_lists(server); + + return nfs_probe_destination(server); diff --git a/patches.suse/nfs-we-don-t-support-removing-system.nfs4_acl.patch b/patches.suse/nfs-we-don-t-support-removing-system.nfs4_acl.patch new file mode 100644 index 0000000..a1f6ab6 --- /dev/null +++ b/patches.suse/nfs-we-don-t-support-removing-system.nfs4_acl.patch @@ -0,0 +1,34 @@ +From: "J. Bruce Fields" +Date: Thu, 28 Jan 2021 17:36:38 -0500 +Subject: [PATCH] nfs: we don't support removing system.nfs4_acl +Git-commit: 4f8be1f53bf615102d103c0509ffa9596f65b718 +Patch-mainline: v5.12 +References: git-fixes + +The NFSv4 protocol doesn't have any notion of reomoving an attribute, so +removexattr(path,"system.nfs4_acl") doesn't make sense. + +There's no documented return value. Arguably it could be EOPNOTSUPP but +I'm a little worried an application might take that to mean that we +don't support ACLs or xattrs. How about EINVAL? + +Signed-off-by: J. Bruce Fields +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/nfs4proc.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -5378,6 +5378,9 @@ static int __nfs4_proc_set_acl(struct in + unsigned int npages = DIV_ROUND_UP(buflen, PAGE_SIZE); + int ret, i; + ++ /* You can't remove system.nfs4_acl: */ ++ if (buflen == 0) ++ return -EINVAL; + if (!nfs4_server_supports_acls(server)) + return -EOPNOTSUPP; + if (npages > ARRAY_SIZE(pages)) diff --git a/patches.suse/nfs4-Fix-kmemleak-when-allocate-slot-failed.patch b/patches.suse/nfs4-Fix-kmemleak-when-allocate-slot-failed.patch new file mode 100644 index 0000000..18eecd2 --- /dev/null +++ b/patches.suse/nfs4-Fix-kmemleak-when-allocate-slot-failed.patch @@ -0,0 +1,48 @@ +From: Zhang Xiaoxu +Date: Thu, 20 Oct 2022 11:20:54 +0800 +Subject: [PATCH] nfs4: Fix kmemleak when allocate slot failed +Git-commit: 7e8436728e22181c3f12a5dbabd35ed3a8b8c593 +Patch-mainline: v6.1 +References: git-fixes + +If one of the slot allocate failed, should cleanup all the other +allocated slots, otherwise, the allocated slots will leak: + + unreferenced object 0xffff8881115aa100 (size 64): + comm ""mount.nfs"", pid 679, jiffies 4294744957 (age 115.037s) + hex dump (first 32 bytes): + 00 cc 19 73 81 88 ff ff 00 a0 5a 11 81 88 ff ff ...s......Z..... + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + backtrace: + [<000000007a4c434a>] nfs4_find_or_create_slot+0x8e/0x130 + [<000000005472a39c>] nfs4_realloc_slot_table+0x23f/0x270 + [<00000000cd8ca0eb>] nfs40_init_client+0x4a/0x90 + [<00000000128486db>] nfs4_init_client+0xce/0x270 + [<000000008d2cacad>] nfs4_set_client+0x1a2/0x2b0 + [<000000000e593b52>] nfs4_create_server+0x300/0x5f0 + [<00000000e4425dd2>] nfs4_try_get_tree+0x65/0x110 + [<00000000d3a6176f>] vfs_get_tree+0x41/0xf0 + [<0000000016b5ad4c>] path_mount+0x9b3/0xdd0 + [<00000000494cae71>] __x64_sys_mount+0x190/0x1d0 + [<000000005d56bdec>] do_syscall_64+0x35/0x80 + [<00000000687c9ae4>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 + +Fixes: abf79bb341bf ("NFS: Add a slot table to struct nfs_client for NFSv4.0 transport blocking") +Signed-off-by: Zhang Xiaoxu +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/nfs4client.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/nfs/nfs4client.c ++++ b/fs/nfs/nfs4client.c +@@ -326,6 +326,7 @@ int nfs40_init_client(struct nfs_client + ret = nfs4_setup_slot_table(tbl, NFS4_MAX_SLOT_TABLE, + "NFSv4.0 transport Slot table"); + if (ret) { ++ nfs4_shutdown_slot_table(tbl); + kfree(tbl); + return ret; + } diff --git a/patches.suse/nfsd-Fix-svc_xprt-refcnt-leak-when-setup-callback-cl.patch b/patches.suse/nfsd-Fix-svc_xprt-refcnt-leak-when-setup-callback-cl.patch new file mode 100644 index 0000000..7f179c0 --- /dev/null +++ b/patches.suse/nfsd-Fix-svc_xprt-refcnt-leak-when-setup-callback-cl.patch @@ -0,0 +1,39 @@ +From: Xiyu Yang +Date: Mon, 25 May 2020 22:15:41 +0800 +Subject: [PATCH] nfsd: Fix svc_xprt refcnt leak when setup callback client + failed +Git-commit: a4abc6b12eb1f7a533c2e7484cfa555454ff0977 +Patch-mainline: v5.8 +References: git-fixes + +nfsd4_process_cb_update() invokes svc_xprt_get(), which increases the +refcount of the "c->cn_xprt". + +The reference counting issue happens in one exception handling path of +nfsd4_process_cb_update(). When setup callback client failed, the +function forgets to decrease the refcnt increased by svc_xprt_get(), +causing a refcnt leak. + +Fix this issue by calling svc_xprt_put() when setup callback client +failed. + +Signed-off-by: Xiyu Yang +Signed-off-by: Xin Tan +Signed-off-by: J. Bruce Fields +Acked-by: NeilBrown + +--- + fs/nfsd/nfs4callback.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/nfsd/nfs4callback.c ++++ b/fs/nfsd/nfs4callback.c +@@ -1153,6 +1153,8 @@ static void nfsd4_process_cb_update(stru + err = setup_callback_client(clp, &conn, ses); + if (err) { + nfsd4_mark_cb_down(clp, err); ++ if (c) ++ svc_xprt_put(c->cn_xprt); + return; + } + } diff --git a/patches.suse/nfsd-Return-EPERM-not-EACCES-in-some-SETATTR-cases.patch b/patches.suse/nfsd-Return-EPERM-not-EACCES-in-some-SETATTR-cases.patch new file mode 100644 index 0000000..4440824 --- /dev/null +++ b/patches.suse/nfsd-Return-EPERM-not-EACCES-in-some-SETATTR-cases.patch @@ -0,0 +1,51 @@ +From: zhengbin +Date: Fri, 30 Nov 2018 16:04:25 +0800 +Subject: [PATCH] nfsd: Return EPERM, not EACCES, in some SETATTR cases +Git-commit: 255fbca65137e25b12bced18ec9a014dc77ecda0 +Patch-mainline: v5.0 +References: git-fixes + +As the man(2) page for utime/utimes states, EPERM is returned when the +second parameter of utime or utimes is not NULL, the caller's effective UID +does not match the owner of the file, and the caller is not privileged. + +However, in a NFS directory mounted from knfsd, it will return EACCES +(from nfsd_setattr-> fh_verify->nfsd_permission). This patch fixes +that. + +Signed-off-by: zhengbin +Signed-off-by: J. Bruce Fields +Acked-by: NeilBrown + +--- + fs/nfsd/vfs.c | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +--- a/fs/nfsd/vfs.c ++++ b/fs/nfsd/vfs.c +@@ -395,10 +395,23 @@ nfsd_setattr(struct svc_rqst *rqstp, str + bool get_write_count; + bool size_change = (iap->ia_valid & ATTR_SIZE); + +- if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_SIZE)) ++ if (iap->ia_valid & ATTR_SIZE) { + accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE; +- if (iap->ia_valid & ATTR_SIZE) + ftype = S_IFREG; ++ } ++ ++ /* ++ * If utimes(2) and friends are called with times not NULL, we should ++ * not set NFSD_MAY_WRITE bit. Otherwise fh_verify->nfsd_permission ++ * will return EACCESS, when the caller's effective UID does not match ++ * the owner of the file, and the caller is not privileged. In this ++ * situation, we should return EPERM(notify_change will return this). ++ */ ++ if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME)) { ++ accmode |= NFSD_MAY_OWNER_OVERRIDE; ++ if (!(iap->ia_valid & (ATTR_ATIME_SET | ATTR_MTIME_SET))) ++ accmode |= NFSD_MAY_WRITE; ++ } + + /* Callers that do fh_verify should do the fh_want_write: */ + get_write_count = !fhp->fh_dentry; diff --git a/patches.suse/nfsd-allow-fh_want_write-to-be-called-twice.patch b/patches.suse/nfsd-allow-fh_want_write-to-be-called-twice.patch new file mode 100644 index 0000000..1f8dcec --- /dev/null +++ b/patches.suse/nfsd-allow-fh_want_write-to-be-called-twice.patch @@ -0,0 +1,47 @@ +From: "J. Bruce Fields" +Date: Fri, 12 Apr 2019 16:37:30 -0400 +Subject: [PATCH] nfsd: allow fh_want_write to be called twice +Git-commit: 0b8f62625dc309651d0efcb6a6247c933acd8b45 +Patch-mainline: v5.2 +References: git-fixes + +A fuzzer recently triggered lockdep warnings about potential sb_writers +deadlocks caused by fh_want_write(). + +Looks like we aren't careful to pair each fh_want_write() with an +fh_drop_write(). + +It's not normally a problem since fh_put() will call fh_drop_write() for +us. And was OK for NFSv3 where we'd do one operation that might call +fh_want_write(), and then put the filehandle. + +But an NFSv4 protocol fuzzer can do weird things like call unlink twice +in a compound, and then we get into trouble. + +I'm a little worried about this approach of just leaving everything to +fh_put(). But I think there are probably a lot of +fh_want_write()/fh_drop_write() imbalances so for now I think we need it +to be more forgiving. + +Signed-off-by: J. Bruce Fields +Acked-by: NeilBrown + +--- + fs/nfsd/vfs.h | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/fs/nfsd/vfs.h ++++ b/fs/nfsd/vfs.h +@@ -116,8 +116,11 @@ void nfsd_put_raparams(struct file *fil + + static inline int fh_want_write(struct svc_fh *fh) + { +- int ret = mnt_want_write(fh->fh_export->ex_path.mnt); ++ int ret; + ++ if (fh->fh_want_write) ++ return 0; ++ ret = mnt_want_write(fh->fh_export->ex_path.mnt); + if (!ret) + fh->fh_want_write = true; + return ret; diff --git a/patches.suse/nfsd-fix-a-warning-in-__cld_pipe_upcall.patch b/patches.suse/nfsd-fix-a-warning-in-__cld_pipe_upcall.patch new file mode 100644 index 0000000..0a1acb2 --- /dev/null +++ b/patches.suse/nfsd-fix-a-warning-in-__cld_pipe_upcall.patch @@ -0,0 +1,83 @@ +From: Scott Mayhew +Date: Tue, 6 Nov 2018 13:35:08 -0500 +Subject: [PATCH] nfsd: fix a warning in __cld_pipe_upcall() +Git-commit: b493fd31c0b89d9453917e977002de58bebc3802 +Patch-mainline: v5.0 +References: git-fixes + +__cld_pipe_upcall() emits a "do not call blocking ops when +!TASK_RUNNING" warning due to the dput() call in rpc_queue_upcall(). +Fix it by using a completion instead of hand coding the wait. + +Signed-off-by: Scott Mayhew +Signed-off-by: J. Bruce Fields +Acked-by: NeilBrown + +--- + fs/nfsd/nfs4recover.c | 17 ++++++----------- + 1 file changed, 6 insertions(+), 11 deletions(-) + +--- a/fs/nfsd/nfs4recover.c ++++ b/fs/nfsd/nfs4recover.c +@@ -661,7 +661,7 @@ struct cld_net { + struct cld_upcall { + struct list_head cu_list; + struct cld_net *cu_net; +- struct task_struct *cu_task; ++ struct completion cu_done; + struct cld_msg cu_msg; + }; + +@@ -670,23 +670,18 @@ __cld_pipe_upcall(struct rpc_pipe *pipe, + { + int ret; + struct rpc_pipe_msg msg; ++ struct cld_upcall *cup = container_of(cmsg, struct cld_upcall, cu_msg); + + memset(&msg, 0, sizeof(msg)); + msg.data = cmsg; + msg.len = sizeof(*cmsg); + +- /* +- * Set task state before we queue the upcall. That prevents +- * wake_up_process in the downcall from racing with schedule. +- */ +- set_current_state(TASK_UNINTERRUPTIBLE); + ret = rpc_queue_upcall(pipe, &msg); + if (ret < 0) { +- set_current_state(TASK_RUNNING); + goto out; + } + +- schedule(); ++ wait_for_completion(&cup->cu_done); + + if (msg.errno < 0) + ret = msg.errno; +@@ -753,7 +748,7 @@ cld_pipe_downcall(struct file *filp, con + if (copy_from_user(&cup->cu_msg, src, mlen) != 0) + return -EFAULT; + +- wake_up_process(cup->cu_task); ++ complete(&cup->cu_done); + return mlen; + } + +@@ -768,7 +763,7 @@ cld_pipe_destroy_msg(struct rpc_pipe_msg + if (msg->errno >= 0) + return; + +- wake_up_process(cup->cu_task); ++ complete(&cup->cu_done); + } + + static const struct rpc_pipe_ops cld_upcall_ops = { +@@ -899,7 +894,7 @@ restart_search: + goto restart_search; + } + } +- new->cu_task = current; ++ init_completion(&new->cu_done); + new->cu_msg.cm_vers = CLD_UPCALL_VERSION; + put_unaligned(cn->cn_xid++, &new->cu_msg.cm_xid); + new->cu_net = cn; diff --git a/patches.suse/nfsd-fix-wrong-check-in-write_v4_end_grace.patch b/patches.suse/nfsd-fix-wrong-check-in-write_v4_end_grace.patch new file mode 100644 index 0000000..1eadf39 --- /dev/null +++ b/patches.suse/nfsd-fix-wrong-check-in-write_v4_end_grace.patch @@ -0,0 +1,33 @@ +From: Yihao Wu +Date: Wed, 6 Mar 2019 21:03:50 +0800 +Subject: [PATCH] nfsd: fix wrong check in write_v4_end_grace() +Git-commit: dd838821f0a29781b185cd8fb8e48d5c177bd838 +Patch-mainline: v5.1 +References: git-fixes + +Commit 62a063b8e7d1 "nfsd4: fix crash on writing v4_end_grace before +nfsd startup" is trying to fix a NULL dereference issue, but it +mistakenly checks if the nfsd server is started. So fix it. + +Fixes: 62a063b8e7d1 "nfsd4: fix crash on writing v4_end_grace before nfsd startup" +Cc: stable@vger.kernel.org +Reviewed-by: Joseph Qi +Signed-off-by: Yihao Wu +Signed-off-by: J. Bruce Fields +Acked-by: NeilBrown + +--- + fs/nfsd/nfsctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfsd/nfsctl.c ++++ b/fs/nfsd/nfsctl.c +@@ -1126,7 +1126,7 @@ static ssize_t write_v4_end_grace(struct + case 'Y': + case 'y': + case '1': +- if (nn->nfsd_serv) ++ if (!nn->nfsd_serv) + return -EBUSY; + nfsd4_end_grace(nn); + break; diff --git a/patches.suse/nfsd4-fix-crash-on-writing-v4_end_grace-before-nfsd-.patch b/patches.suse/nfsd4-fix-crash-on-writing-v4_end_grace-before-nfsd-.patch new file mode 100644 index 0000000..870460c --- /dev/null +++ b/patches.suse/nfsd4-fix-crash-on-writing-v4_end_grace-before-nfsd-.patch @@ -0,0 +1,36 @@ +From: "J. Bruce Fields" +Date: Tue, 27 Nov 2018 15:54:17 -0500 +Subject: [PATCH] nfsd4: fix crash on writing v4_end_grace before nfsd startup +Git-commit: 62a063b8e7d1db684db3f207261a466fa3194e72 +Patch-mainline: v5.0 +References: git-fixes + +Anatoly Trosinenko reports that this: + +1) Checkout fresh master Linux branch (tested with commit e195ca6cb) +2) Copy x84_64-config-4.14 to .config, then enable NFS server v4 and build +3) From `kvm-xfstests shell`: + +results in NULL dereference in locks_end_grace. + +Check that nfsd has been started before trying to end the grace period. + +Reported-by: Anatoly Trosinenko +Signed-off-by: J. Bruce Fields +Acked-by: NeilBrown + +--- + fs/nfsd/nfsctl.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/nfsd/nfsctl.c ++++ b/fs/nfsd/nfsctl.c +@@ -1126,6 +1126,8 @@ static ssize_t write_v4_end_grace(struct + case 'Y': + case 'y': + case '1': ++ if (nn->nfsd_serv) ++ return -EBUSY; + nfsd4_end_grace(nn); + break; + default: diff --git a/patches.suse/pNFS-NFSv4-Try-to-return-invalid-layout-in-pnfs_layo.patch b/patches.suse/pNFS-NFSv4-Try-to-return-invalid-layout-in-pnfs_layo.patch new file mode 100644 index 0000000..17590ba --- /dev/null +++ b/patches.suse/pNFS-NFSv4-Try-to-return-invalid-layout-in-pnfs_layo.patch @@ -0,0 +1,45 @@ +From: Trond Myklebust +Date: Thu, 21 Jan 2021 17:11:42 -0500 +Subject: [PATCH] pNFS/NFSv4: Try to return invalid layout in + pnfs_layout_process() +Git-commit: 08bd8dbe88825760e953759d7ec212903a026c75 +Patch-mainline: v5.11 +References: git-fixes + +If the server returns a new stateid that does not match the one in our +cache, then try to return the one we hold instead of just invalidating +it on the client side. This ensures that both client and server will +agree that the stateid is invalid. + +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + fs/nfs/pnfs.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/fs/nfs/pnfs.c ++++ b/fs/nfs/pnfs.c +@@ -2026,7 +2026,13 @@ pnfs_layout_process(struct nfs4_layoutge + * We got an entirely new state ID. Mark all segments for the + * inode invalid, and retry the layoutget + */ +- pnfs_mark_layout_stateid_invalid(lo, &free_me); ++ struct pnfs_layout_range range = { ++ .iomode = IOMODE_ANY, ++ .length = NFS4_MAX_UINT64, ++ }; ++ pnfs_set_plh_return_info(lo, IOMODE_ANY, 0); ++ pnfs_mark_matching_lsegs_return(lo, &lo->plh_return_segs, ++ &range, 0); + goto out_forget; + } + +@@ -2047,7 +2053,6 @@ out_forget: + NFS_SERVER(ino)->pnfs_curr_ld->free_lseg(lseg); + if (!pnfs_layout_is_valid(lo)) + nfs_commit_inode(ino, 0); +- pnfs_free_lseg_list(&free_me); + return ERR_PTR(-EAGAIN); + } + diff --git a/patches.suse/powerpc-64-Init-jump-labels-before-parse_early_param.patch b/patches.suse/powerpc-64-Init-jump-labels-before-parse_early_param.patch new file mode 100644 index 0000000..4706eb4 --- /dev/null +++ b/patches.suse/powerpc-64-Init-jump-labels-before-parse_early_param.patch @@ -0,0 +1,64 @@ +From ca829e05d3d4f728810cc5e4b468d9ebc7745eb3 Mon Sep 17 00:00:00 2001 +From: Zhouyi Zhou +Date: Tue, 26 Jul 2022 09:57:47 +0800 +Subject: [PATCH] powerpc/64: Init jump labels before parse_early_param() + +References: bsc#1065729 +Patch-mainline: v6.0-rc1 +Git-commit: ca829e05d3d4f728810cc5e4b468d9ebc7745eb3 + +On 64-bit, calling jump_label_init() in setup_feature_keys() is too +late because static keys may be used in subroutines of +parse_early_param() which is again subroutine of early_init_devtree(). + +For example booting with "threadirqs": + + static_key_enable_cpuslocked(): static key '0xc000000002953260' used before call to jump_label_init() + WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:166 static_key_enable_cpuslocked+0xfc/0x120 + ... + NIP static_key_enable_cpuslocked+0xfc/0x120 + LR static_key_enable_cpuslocked+0xf8/0x120 + Call Trace: + static_key_enable_cpuslocked+0xf8/0x120 (unreliable) + static_key_enable+0x30/0x50 + setup_forced_irqthreads+0x28/0x40 + do_early_param+0xa0/0x108 + parse_args+0x290/0x4e0 + parse_early_options+0x48/0x5c + parse_early_param+0x58/0x84 + early_init_devtree+0xd4/0x518 + early_setup+0xb4/0x214 + +So call jump_label_init() just before parse_early_param() in +early_init_devtree(). + +Suggested-by: Michael Ellerman +Signed-off-by: Zhouyi Zhou +[mpe: Add call trace to change log and minor wording edits.] +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220726015747.11754-1-zhouzhouyi@gmail.com +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/prom.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/arch/powerpc/kernel/prom.c b/arch/powerpc/kernel/prom.c +--- a/arch/powerpc/kernel/prom.c ++++ b/arch/powerpc/kernel/prom.c +@@ -752,6 +752,13 @@ void __init early_init_devtree(void *params) + of_scan_flat_dt(early_init_dt_scan_root, NULL); + of_scan_flat_dt(early_init_dt_scan_memory_ppc, NULL); + ++ /* ++ * As generic code authors expect to be able to use static keys ++ * in early_param() handlers, we initialize the static keys just ++ * before parsing early params (it's fine to call jump_label_init() ++ * more than once). ++ */ ++ jump_label_init(); + parse_early_param(); + + /* make sure we've parsed cmdline for mem= before this */ +-- +2.35.3 + diff --git a/patches.suse/powerpc-64-module-REL32-relocation-range-check.patch b/patches.suse/powerpc-64-module-REL32-relocation-range-check.patch new file mode 100644 index 0000000..da1bfba --- /dev/null +++ b/patches.suse/powerpc-64-module-REL32-relocation-range-check.patch @@ -0,0 +1,50 @@ +From b851ba02a6f3075f0f99c60c4bc30a4af80cf428 Mon Sep 17 00:00:00 2001 +From: Nicholas Piggin +Date: Wed, 29 Aug 2018 21:56:56 +1000 +Subject: [PATCH] powerpc/64/module: REL32 relocation range check + +References: bsc#1065729 +Patch-mainline: v4.20-rc1 +Git-commit: b851ba02a6f3075f0f99c60c4bc30a4af80cf428 + +The recent module relocation overflow crash demonstrated that we +have no range checking on REL32 relative relocations. This patch +implements a basic check, the same kernel that previously oopsed +and rebooted now continues with some of these errors when loading +the module: + + module_64: x_tables: REL32 527703503449812 out of range! + +Possibly other relocations (ADDR32, REL16, TOC16, etc.) should also have +overflow checks. + +Signed-off-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/module_64.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/arch/powerpc/kernel/module_64.c b/arch/powerpc/kernel/module_64.c +index 2c53de9f3b6a..8661eea78503 100644 +--- a/arch/powerpc/kernel/module_64.c ++++ b/arch/powerpc/kernel/module_64.c +@@ -680,7 +680,14 @@ int apply_relocate_add(Elf64_Shdr *sechdrs, + + case R_PPC64_REL32: + /* 32 bits relative (used by relative exception tables) */ +- *(u32 *)location = value - (unsigned long)location; ++ /* Convert value to relative */ ++ value -= (unsigned long)location; ++ if (value + 0x80000000 > 0xffffffff) { ++ pr_err("%s: REL32 %li out of range!\n", ++ me->name, (long int)value); ++ return -ENOEXEC; ++ } ++ *(u32 *)location = value; + break; + + case R_PPC64_TOCSAVE: +-- +2.35.3 + diff --git a/patches.suse/powerpc-64s-hash-Fix-stab_rr-off-by-one-initializati.patch b/patches.suse/powerpc-64s-hash-Fix-stab_rr-off-by-one-initializati.patch new file mode 100644 index 0000000..ceda2ef --- /dev/null +++ b/patches.suse/powerpc-64s-hash-Fix-stab_rr-off-by-one-initializati.patch @@ -0,0 +1,36 @@ +From 09b4438db13fa83b6219aee5993711a2aa2a0c64 Mon Sep 17 00:00:00 2001 +From: Nicholas Piggin +Date: Sat, 15 Sep 2018 01:30:45 +1000 +Subject: [PATCH] powerpc/64s/hash: Fix stab_rr off by one initialization + +References: bsc#1065729 +Patch-mainline: v4.20-rc1 +Git-commit: 09b4438db13fa83b6219aee5993711a2aa2a0c64 + +This causes SLB alloation to start 1 beyond the start of the SLB. +There is no real problem because after it wraps it stats behaving +properly, it's just surprisig to see when looking at SLB traces. + +Signed-off-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/mm/slb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/mm/slb.c b/arch/powerpc/mm/slb.c +index e941189d9bd6..07ece013856b 100644 +--- a/arch/powerpc/mm/slb.c ++++ b/arch/powerpc/mm/slb.c +@@ -425,7 +425,7 @@ void slb_initialize(void) + #endif + } + +- get_paca()->stab_rr = SLB_NUM_BOLTED; ++ get_paca()->stab_rr = SLB_NUM_BOLTED - 1; + + lflags = SLB_VSID_KERNEL | linear_llp; + vflags = SLB_VSID_KERNEL | vmalloc_llp; +-- +2.35.3 + diff --git a/patches.suse/powerpc-64s-pgtable-fix-an-undefined-behaviour.patch b/patches.suse/powerpc-64s-pgtable-fix-an-undefined-behaviour.patch new file mode 100644 index 0000000..4111366 --- /dev/null +++ b/patches.suse/powerpc-64s-pgtable-fix-an-undefined-behaviour.patch @@ -0,0 +1,79 @@ +From c2e929b18cea6cbf71364f22d742d9aad7f4677a Mon Sep 17 00:00:00 2001 +From: Qian Cai +Date: Thu, 5 Mar 2020 23:48:52 -0500 +Subject: [PATCH] powerpc/64s/pgtable: fix an undefined behaviour + +References: bsc#1065729 +Patch-mainline: v5.8-rc1 +Git-commit: c2e929b18cea6cbf71364f22d742d9aad7f4677a + +Booting a power9 server with hash MMU could trigger an undefined +behaviour because pud_offset(p4d, 0) will do, + +0 >> (PAGE_SHIFT:16 + PTE_INDEX_SIZE:8 + H_PMD_INDEX_SIZE:10) + +Fix it by converting pud_index() and friends to static inline +functions. + +UBSAN: shift-out-of-bounds in arch/powerpc/mm/ptdump/ptdump.c:282:15 +shift exponent 34 is too large for 32-bit type 'int' +CPU: 6 PID: 1 Comm: swapper/0 Not tainted 5.6.0-rc4-next-20200303+ #13 +Call Trace: +dump_stack+0xf4/0x164 (unreliable) +ubsan_epilogue+0x18/0x78 +__ubsan_handle_shift_out_of_bounds+0x160/0x21c +walk_pagetables+0x2cc/0x700 +walk_pud at arch/powerpc/mm/ptdump/ptdump.c:282 +(inlined by) walk_pagetables at arch/powerpc/mm/ptdump/ptdump.c:311 +ptdump_check_wx+0x8c/0xf0 +mark_rodata_ro+0x48/0x80 +kernel_init+0x74/0x194 +ret_from_kernel_thread+0x5c/0x74 + +Suggested-by: Christophe Leroy +Signed-off-by: Qian Cai +Signed-off-by: Michael Ellerman +Reviewed-by: Christophe Leroy +Link: https://lore.kernel.org/r/20200306044852.3236-1-cai@lca.pw +Acked-by: Michal Suchanek +--- + arch/powerpc/include/asm/book3s/64/pgtable.h | 23 ++++++++++++++++---- + 1 file changed, 19 insertions(+), 4 deletions(-) + +diff --git a/arch/powerpc/include/asm/book3s/64/pgtable.h b/arch/powerpc/include/asm/book3s/64/pgtable.h +index e1f551159f7d..ec17fc343be0 100644 +--- a/arch/powerpc/include/asm/book3s/64/pgtable.h ++++ b/arch/powerpc/include/asm/book3s/64/pgtable.h +@@ -1003,10 +1003,25 @@ extern struct page *pgd_page(pgd_t pgd); + #define pud_page_vaddr(pud) __va(pud_val(pud) & ~PUD_MASKED_BITS) + #define pgd_page_vaddr(pgd) __va(pgd_val(pgd) & ~PGD_MASKED_BITS) + +-#define pgd_index(address) (((address) >> (PGDIR_SHIFT)) & (PTRS_PER_PGD - 1)) +-#define pud_index(address) (((address) >> (PUD_SHIFT)) & (PTRS_PER_PUD - 1)) +-#define pmd_index(address) (((address) >> (PMD_SHIFT)) & (PTRS_PER_PMD - 1)) +-#define pte_index(address) (((address) >> (PAGE_SHIFT)) & (PTRS_PER_PTE - 1)) ++static inline unsigned long pgd_index(unsigned long address) ++{ ++ return (address >> PGDIR_SHIFT) & (PTRS_PER_PGD - 1); ++} ++ ++static inline unsigned long pud_index(unsigned long address) ++{ ++ return (address >> PUD_SHIFT) & (PTRS_PER_PUD - 1); ++} ++ ++static inline unsigned long pmd_index(unsigned long address) ++{ ++ return (address >> PMD_SHIFT) & (PTRS_PER_PMD - 1); ++} ++ ++static inline unsigned long pte_index(unsigned long address) ++{ ++ return (address >> PAGE_SHIFT) & (PTRS_PER_PTE - 1); ++} + + /* + * Find an entry in a page-table-directory. We combine the address region +-- +2.35.3 + diff --git a/patches.suse/powerpc-Add-a-framework-for-user-access-tracking.patch b/patches.suse/powerpc-Add-a-framework-for-user-access-tracking.patch index e416a11..db8446d 100644 --- a/patches.suse/powerpc-Add-a-framework-for-user-access-tracking.patch +++ b/patches.suse/powerpc-Add-a-framework-for-user-access-tracking.patch @@ -51,9 +51,10 @@ Acked-by: Michal Suchanek create mode 100644 arch/powerpc/include/asm/kup.h diff --git a/arch/powerpc/include/asm/futex.h b/arch/powerpc/include/asm/futex.h +index 2a7b01f97a56..1eabc20dddd3 100644 --- a/arch/powerpc/include/asm/futex.h +++ b/arch/powerpc/include/asm/futex.h -@@ -34,6 +34,7 @@ static inline int arch_futex_atomic_op_i +@@ -35,6 +35,7 @@ static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval, { int oldval = 0, ret; @@ -61,15 +62,15 @@ diff --git a/arch/powerpc/include/asm/futex.h b/arch/powerpc/include/asm/futex.h pagefault_disable(); switch (op) { -@@ -61,6 +62,7 @@ static inline int arch_futex_atomic_op_i - if (!ret) - *oval = oldval; +@@ -61,6 +62,7 @@ static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval, + + *oval = oldval; + prevent_write_to_user(uaddr, sizeof(*uaddr)); return ret; } -@@ -74,6 +76,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, +@@ -74,6 +76,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) return -EFAULT; @@ -77,7 +78,7 @@ diff --git a/arch/powerpc/include/asm/futex.h b/arch/powerpc/include/asm/futex.h __asm__ __volatile__ ( PPC_ATOMIC_ENTRY_BARRIER "1: lwarx %1,0,%3 # futex_atomic_cmpxchg_inatomic\n\ -@@ -94,6 +97,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, +@@ -94,6 +97,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, : "cc", "memory"); *uval = prev; diff --git a/patches.suse/powerpc-Force-inlining-of-cpu_has_feature-to-avoid-b.patch b/patches.suse/powerpc-Force-inlining-of-cpu_has_feature-to-avoid-b.patch new file mode 100644 index 0000000..a931a34 --- /dev/null +++ b/patches.suse/powerpc-Force-inlining-of-cpu_has_feature-to-avoid-b.patch @@ -0,0 +1,59 @@ +From eed5fae00593ab9d261a0c1ffc1bdb786a87a55a Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Wed, 10 Mar 2021 12:10:34 +0000 +Subject: [PATCH] powerpc: Force inlining of cpu_has_feature() to avoid build + failure + +References: bsc#1065729 +Patch-mainline: v5.12-rc4 +Git-commit: eed5fae00593ab9d261a0c1ffc1bdb786a87a55a + +The code relies on constant folding of cpu_has_feature() based +on possible and always true values as defined per +CPU_FTRS_ALWAYS and CPU_FTRS_POSSIBLE. + +Build failure is encountered with for instance +book3e_all_defconfig on kisskb in the AMDGPU driver which uses +cpu_has_feature(CPU_FTR_VSX_COMP) to decide whether calling +kernel_enable_vsx() or not. + +The failure is due to cpu_has_feature() not being inlined with +that configuration with gcc 4.9. + +In the same way as commit acdad8fb4a15 ("powerpc: Force inlining of +mmu_has_feature to fix build failure"), for inlining of +cpu_has_feature(). + +Signed-off-by: Christophe Leroy +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/b231dfa040ce4cc37f702f5c3a595fdeabfe0462.1615378209.git.christophe.leroy@csgroup.eu +Acked-by: Michal Suchanek +--- + arch/powerpc/include/asm/cpu_has_feature.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/powerpc/include/asm/cpu_has_feature.h b/arch/powerpc/include/asm/cpu_has_feature.h +index 7897d16e0990..727d4b321937 100644 +--- a/arch/powerpc/include/asm/cpu_has_feature.h ++++ b/arch/powerpc/include/asm/cpu_has_feature.h +@@ -7,7 +7,7 @@ + #include + #include + +-static inline bool early_cpu_has_feature(unsigned long feature) ++static __always_inline bool early_cpu_has_feature(unsigned long feature) + { + return !!((CPU_FTRS_ALWAYS & feature) || + (CPU_FTRS_POSSIBLE & cur_cpu_spec->cpu_features & feature)); +@@ -46,7 +46,7 @@ static __always_inline bool cpu_has_feature(unsigned long feature) + return static_branch_likely(&cpu_feature_keys[i]); + } + #else +-static inline bool cpu_has_feature(unsigned long feature) ++static __always_inline bool cpu_has_feature(unsigned long feature) + { + return early_cpu_has_feature(feature); + } +-- +2.35.3 + diff --git a/patches.suse/powerpc-boot-Disable-vector-instructions.patch b/patches.suse/powerpc-boot-Disable-vector-instructions.patch new file mode 100644 index 0000000..dfbdc88 --- /dev/null +++ b/patches.suse/powerpc-boot-Disable-vector-instructions.patch @@ -0,0 +1,43 @@ +From e8e132e6885962582784b6fa16a80d07ea739c0f Mon Sep 17 00:00:00 2001 +From: Joel Stanley +Date: Wed, 10 Oct 2018 13:15:22 +1030 +Subject: [PATCH] powerpc/boot: Disable vector instructions + +References: bsc#1065729 +Patch-mainline: v4.20-rc1 +Git-commit: e8e132e6885962582784b6fa16a80d07ea739c0f + +This will avoid auto-vectorisation when building with higher +optimisation levels. + +We don't know if the machine can support VSX and even if it's present +it's probably not going to be enabled at this point in boot. + +These flag were both added prior to GCC 4.6 which is the minimum +compiler version supported by upstream, thanks to Segher for the +details. + +Signed-off-by: Joel Stanley +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/boot/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/powerpc/boot/Makefile b/arch/powerpc/boot/Makefile +--- a/arch/powerpc/boot/Makefile ++++ b/arch/powerpc/boot/Makefile +@@ -32,8 +32,8 @@ else + compress-$(CONFIG_KERNEL_XZ) := CONFIG_KERNEL_XZ + + BOOTCFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \ +- -fno-strict-aliasing -Os -msoft-float -pipe \ +- -fomit-frame-pointer -fno-builtin -fPIC -nostdinc \ ++ -fno-strict-aliasing -Os -msoft-float -mno-altivec -mno-vsx \ ++ -pipe -fomit-frame-pointer -fno-builtin -fPIC -nostdinc \ + -D$(compress-y) + + BOOTCC := $(CC) +-- +2.35.3 + diff --git a/patches.suse/powerpc-boot-Explicitly-disable-usage-of-SPE-instruc.patch b/patches.suse/powerpc-boot-Explicitly-disable-usage-of-SPE-instruc.patch new file mode 100644 index 0000000..1cb0d07 --- /dev/null +++ b/patches.suse/powerpc-boot-Explicitly-disable-usage-of-SPE-instruc.patch @@ -0,0 +1,36 @@ +From 110a58b9f91c66f743c01a2c217243d94c899c23 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pali=20Roh=C3=A1r?= +Date: Sat, 27 Aug 2022 15:44:54 +0200 +Subject: [PATCH] powerpc/boot: Explicitly disable usage of SPE instructions +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +References: bsc#1065729 +Patch-mainline: v6.1-rc1 +Git-commit: 110a58b9f91c66f743c01a2c217243d94c899c23 + +uImage boot wrapper should not use SPE instructions, like kernel itself. +Boot wrapper has already disabled Altivec and VSX instructions but not SPE. +Options -mno-spe and -mspe=no already set when compilation of kernel, but +not when compiling uImage wrapper yet. Fix it. + +Cc: stable@vger.kernel.org +Signed-off-by: Pali Rohár +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220827134454.17365-1-pali@kernel.org +Acked-by: Michal Suchanek +--- + arch/powerpc/boot/Makefile | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/powerpc/boot/Makefile ++++ b/arch/powerpc/boot/Makefile +@@ -24,6 +24,7 @@ compress-$(CONFIG_KERNEL_XZ) := CONFIG + + BOOTCFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \ + -fno-strict-aliasing -Os -msoft-float -mno-altivec -mno-vsx \ ++ $(call cc-option,-mno-spe) $(call cc-option,-mspe=no) \ + -pipe -fomit-frame-pointer -fno-builtin -fPIC -nostdinc \ + -D$(compress-y) + diff --git a/patches.suse/powerpc-boot-Expose-Kconfig-symbols-to-wrapper.patch b/patches.suse/powerpc-boot-Expose-Kconfig-symbols-to-wrapper.patch index 9d44f07..590383f 100644 --- a/patches.suse/powerpc-boot-Expose-Kconfig-symbols-to-wrapper.patch +++ b/patches.suse/powerpc-boot-Expose-Kconfig-symbols-to-wrapper.patch @@ -1,4 +1,4 @@ -From a295dcdf5fc8e497c628d20fcb8cff74e97fd7b0 Mon Sep 17 00:00:00 2001 +From 5e9dcb6188a40e604e66dc30fab30c2be89aa1cc Mon Sep 17 00:00:00 2001 From: Joel Stanley Date: Wed, 10 Oct 2018 09:58:02 +1030 Subject: [PATCH] powerpc/boot: Expose Kconfig symbols to wrapper @@ -26,20 +26,20 @@ Acked-by: Michal Suchanek 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/boot/.gitignore b/arch/powerpc/boot/.gitignore -index 84774ccba1c2..d9ad26259e8f 100644 +index f92d0530ceb1..32034a0cc554 100644 --- a/arch/powerpc/boot/.gitignore +++ b/arch/powerpc/boot/.gitignore -@@ -45,4 +45,5 @@ fdt_sw.c +@@ -44,4 +44,5 @@ fdt_sw.c fdt_wip.c libfdt.h libfdt_internal.h +autoconf.h diff --git a/arch/powerpc/boot/Makefile b/arch/powerpc/boot/Makefile -index 1a4609ce60f8..f8d0c31840eb 100644 +index 0fb96c26136f..5d5ab6ee48e0 100644 --- a/arch/powerpc/boot/Makefile +++ b/arch/powerpc/boot/Makefile -@@ -176,9 +176,14 @@ $(obj)/empty.c: +@@ -197,9 +197,14 @@ $(obj)/empty.c: $(obj)/zImage.coff.lds $(obj)/zImage.ps3.lds : $(obj)/%: $(srctree)/$(src)/%.S $(Q)cp $< $@ @@ -54,9 +54,9 @@ index 1a4609ce60f8..f8d0c31840eb 100644 + autoconf.h empty.c zImage.coff.lds zImage.ps3.lds zImage.lds quiet_cmd_bootcc = BOOTCC $@ - cmd_bootcc = $(CROSS32CC) -Wp,-MD,$(depfile) $(BOOTCFLAGS) -c -o $@ $< + cmd_bootcc = $(BOOTCC) -Wp,-MD,$(depfile) $(BOOTCFLAGS) -c -o $@ $< diff --git a/arch/powerpc/boot/serial.c b/arch/powerpc/boot/serial.c -index 7b5c02b1afd0..b793562e8410 100644 +index 48e3743faedf..f045f8494bf9 100644 --- a/arch/powerpc/boot/serial.c +++ b/arch/powerpc/boot/serial.c @@ -18,6 +18,7 @@ @@ -68,5 +68,5 @@ index 7b5c02b1afd0..b793562e8410 100644 static int serial_open(void) { -- -2.19.2 +2.35.3 diff --git a/patches.suse/powerpc-boot-Fix-64-bit-boot-wrapper-build-with-non-.patch b/patches.suse/powerpc-boot-Fix-64-bit-boot-wrapper-build-with-non-.patch new file mode 100644 index 0000000..012ea21 --- /dev/null +++ b/patches.suse/powerpc-boot-Fix-64-bit-boot-wrapper-build-with-non-.patch @@ -0,0 +1,86 @@ +From 65c5ec11c25eff6ba6e9b1cbfff014875fddd1e0 Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Wed, 26 Jul 2017 23:19:04 +1000 +Subject: [PATCH] powerpc/boot: Fix 64-bit boot wrapper build with non-biarch + compiler +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +References: bsc#1065729 +Patch-mainline: v4.13-rc4 +Git-commit: 65c5ec11c25eff6ba6e9b1cbfff014875fddd1e0 + +Historically the boot wrapper was always built 32-bit big endian, even +for 64-bit kernels. That was because old firmwares didn't necessarily +support booting a 64-bit image. Because of that arch/powerpc/boot/Makefile +uses CROSS32CC for compilation. + +However when we added 64-bit little endian support, we also added +support for building the boot wrapper 64-bit. However we kept using +CROSS32CC, because in most cases it is just CC and everything works. + +However if the user doesn't specify CROSS32_COMPILE (which no one ever +does AFAIK), and CC is *not* biarch (32/64-bit capable), then CROSS32CC +becomes just "gcc". On native systems that is probably OK, but if we're +cross building it definitely isn't, leading to eg: + + gcc ... -m64 -mlittle-endian -mabi=elfv2 ... arch/powerpc/boot/cpm-serial.c + gcc: error: unrecognized argument in option ‘-mabi=elfv2’ + gcc: error: unrecognized command line option ‘-mlittle-endian’ + make: *** [zImage] Error 2 + +To fix it, stop using CROSS32CC, because we may or may not be building +32-bit. Instead setup a BOOTCC, which defaults to CC, and only use +CROSS32_COMPILE if it's set and we're building for 32-bit. + +Fixes: 147c05168fc8 ("powerpc/boot: Add support for 64bit little endian wrapper") +Signed-off-by: Michael Ellerman +Reviewed-by: Cyril Bur +Acked-by: Michal Suchanek +--- + arch/powerpc/boot/Makefile | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/arch/powerpc/boot/Makefile b/arch/powerpc/boot/Makefile +index a7814a7b1523..6f952fe1f084 100644 +--- a/arch/powerpc/boot/Makefile ++++ b/arch/powerpc/boot/Makefile +@@ -25,12 +25,20 @@ compress-$(CONFIG_KERNEL_XZ) := CONFIG_KERNEL_XZ + BOOTCFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \ + -fno-strict-aliasing -Os -msoft-float -pipe \ + -fomit-frame-pointer -fno-builtin -fPIC -nostdinc \ +- -isystem $(shell $(CROSS32CC) -print-file-name=include) \ + -D$(compress-y) + ++BOOTCC := $(CC) + ifdef CONFIG_PPC64_BOOT_WRAPPER + BOOTCFLAGS += -m64 ++else ++BOOTCFLAGS += -m32 ++ifdef CROSS32_COMPILE ++ BOOTCC := $(CROSS32_COMPILE)gcc ++endif + endif ++ ++BOOTCFLAGS += -isystem $(shell $(BOOTCC) -print-file-name=include) ++ + ifdef CONFIG_CPU_BIG_ENDIAN + BOOTCFLAGS += -mbig-endian + else +@@ -183,10 +191,10 @@ clean-files := $(zlib-) $(zlibheader-) $(zliblinuxheader-) \ + empty.c zImage.coff.lds zImage.ps3.lds zImage.lds + + quiet_cmd_bootcc = BOOTCC $@ +- cmd_bootcc = $(CROSS32CC) -Wp,-MD,$(depfile) $(BOOTCFLAGS) -c -o $@ $< ++ cmd_bootcc = $(BOOTCC) -Wp,-MD,$(depfile) $(BOOTCFLAGS) -c -o $@ $< + + quiet_cmd_bootas = BOOTAS $@ +- cmd_bootas = $(CROSS32CC) -Wp,-MD,$(depfile) $(BOOTAFLAGS) -c -o $@ $< ++ cmd_bootas = $(BOOTCC) -Wp,-MD,$(depfile) $(BOOTAFLAGS) -c -o $@ $< + + quiet_cmd_bootar = BOOTAR $@ + cmd_bootar = $(CROSS32AR) -cr$(KBUILD_ARFLAGS) $@.$$$$ $(filter-out FORCE,$^); mv $@.$$$$ $@ +-- +2.35.3 + diff --git a/patches.suse/powerpc-boot-Fix-missing-check-of-lseek-return-value.patch b/patches.suse/powerpc-boot-Fix-missing-check-of-lseek-return-value.patch new file mode 100644 index 0000000..6ed8307 --- /dev/null +++ b/patches.suse/powerpc-boot-Fix-missing-check-of-lseek-return-value.patch @@ -0,0 +1,38 @@ +From 5d085ec04a000fefb5182d3b03ee46ca96d8389b Mon Sep 17 00:00:00 2001 +From: Bo YU +Date: Tue, 30 Oct 2018 09:21:55 -0400 +Subject: [PATCH] powerpc/boot: Fix missing check of lseek() return value + +References: bsc#1065729 +Patch-mainline: v5.2-rc1 +Git-commit: 5d085ec04a000fefb5182d3b03ee46ca96d8389b + +This is detected by Coverity scan: CID: 1440481 + +Signed-off-by: Bo YU +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/boot/addnote.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/arch/powerpc/boot/addnote.c b/arch/powerpc/boot/addnote.c +index 9d9f6f334d3c..3da3e2b1b51b 100644 +--- a/arch/powerpc/boot/addnote.c ++++ b/arch/powerpc/boot/addnote.c +@@ -223,7 +223,11 @@ main(int ac, char **av) + PUT_16(E_PHNUM, np + 2); + + /* write back */ +- lseek(fd, (long) 0, SEEK_SET); ++ i = lseek(fd, (long) 0, SEEK_SET); ++ if (i < 0) { ++ perror("lseek"); ++ exit(1); ++ } + i = write(fd, buf, n); + if (i < 0) { + perror("write"); +-- +2.35.3 + diff --git a/patches.suse/powerpc-boot-Fixup-device-tree-on-little-endian.patch b/patches.suse/powerpc-boot-Fixup-device-tree-on-little-endian.patch new file mode 100644 index 0000000..052f385 --- /dev/null +++ b/patches.suse/powerpc-boot-Fixup-device-tree-on-little-endian.patch @@ -0,0 +1,243 @@ +From c93f80849bdd9b45d834053ae1336e28f0026c84 Mon Sep 17 00:00:00 2001 +From: Benjamin Herrenschmidt +Date: Fri, 18 Jun 2021 13:49:00 +1000 +Subject: [PATCH] powerpc/boot: Fixup device-tree on little endian + +References: bsc#1065729 +Patch-mainline: v5.14-rc1 +Git-commit: c93f80849bdd9b45d834053ae1336e28f0026c84 + +This fixes the core devtree.c functions and the ns16550 UART backend. + +Signed-off-by: Benjamin Herrenschmidt +Signed-off-by: Paul Mackerras +Reviewed-by: Segher Boessenkool +Acked-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/YMwXrPT8nc4YUdJ9@thinks.paulus.ozlabs.org +Acked-by: Michal Suchanek +--- + arch/powerpc/boot/devtree.c | 59 +++++++++++++++++++++---------------- + arch/powerpc/boot/ns16550.c | 9 ++++-- + 2 files changed, 41 insertions(+), 27 deletions(-) + +diff --git a/arch/powerpc/boot/devtree.c b/arch/powerpc/boot/devtree.c +index 5d91036ad626..58fbcfcc98c9 100644 +--- a/arch/powerpc/boot/devtree.c ++++ b/arch/powerpc/boot/devtree.c +@@ -13,6 +13,7 @@ + #include "string.h" + #include "stdio.h" + #include "ops.h" ++#include "of.h" + + void dt_fixup_memory(u64 start, u64 size) + { +@@ -23,21 +24,25 @@ void dt_fixup_memory(u64 start, u64 size) + root = finddevice("/"); + if (getprop(root, "#address-cells", &naddr, sizeof(naddr)) < 0) + naddr = 2; ++ else ++ naddr = be32_to_cpu(naddr); + if (naddr < 1 || naddr > 2) + fatal("Can't cope with #address-cells == %d in /\n\r", naddr); + + if (getprop(root, "#size-cells", &nsize, sizeof(nsize)) < 0) + nsize = 1; ++ else ++ nsize = be32_to_cpu(nsize); + if (nsize < 1 || nsize > 2) + fatal("Can't cope with #size-cells == %d in /\n\r", nsize); + + i = 0; + if (naddr == 2) +- memreg[i++] = start >> 32; +- memreg[i++] = start & 0xffffffff; ++ memreg[i++] = cpu_to_be32(start >> 32); ++ memreg[i++] = cpu_to_be32(start & 0xffffffff); + if (nsize == 2) +- memreg[i++] = size >> 32; +- memreg[i++] = size & 0xffffffff; ++ memreg[i++] = cpu_to_be32(size >> 32); ++ memreg[i++] = cpu_to_be32(size & 0xffffffff); + + memory = finddevice("/memory"); + if (! memory) { +@@ -45,9 +50,9 @@ void dt_fixup_memory(u64 start, u64 size) + setprop_str(memory, "device_type", "memory"); + } + +- printf("Memory <- <0x%x", memreg[0]); ++ printf("Memory <- <0x%x", be32_to_cpu(memreg[0])); + for (i = 1; i < (naddr + nsize); i++) +- printf(" 0x%x", memreg[i]); ++ printf(" 0x%x", be32_to_cpu(memreg[i])); + printf("> (%ldMB)\n\r", (unsigned long)(size >> 20)); + + setprop(memory, "reg", memreg, (naddr + nsize)*sizeof(u32)); +@@ -65,10 +70,10 @@ void dt_fixup_cpu_clocks(u32 cpu, u32 tb, u32 bus) + printf("CPU bus-frequency <- 0x%x (%dMHz)\n\r", bus, MHZ(bus)); + + while ((devp = find_node_by_devtype(devp, "cpu"))) { +- setprop_val(devp, "clock-frequency", cpu); +- setprop_val(devp, "timebase-frequency", tb); ++ setprop_val(devp, "clock-frequency", cpu_to_be32(cpu)); ++ setprop_val(devp, "timebase-frequency", cpu_to_be32(tb)); + if (bus > 0) +- setprop_val(devp, "bus-frequency", bus); ++ setprop_val(devp, "bus-frequency", cpu_to_be32(bus)); + } + + timebase_period_ns = 1000000000 / tb; +@@ -80,7 +85,7 @@ void dt_fixup_clock(const char *path, u32 freq) + + if (devp) { + printf("%s: clock-frequency <- %x (%dMHz)\n\r", path, freq, MHZ(freq)); +- setprop_val(devp, "clock-frequency", freq); ++ setprop_val(devp, "clock-frequency", cpu_to_be32(freq)); + } + } + +@@ -133,8 +138,12 @@ void dt_get_reg_format(void *node, u32 *naddr, u32 *nsize) + { + if (getprop(node, "#address-cells", naddr, 4) != 4) + *naddr = 2; ++ else ++ *naddr = be32_to_cpu(*naddr); + if (getprop(node, "#size-cells", nsize, 4) != 4) + *nsize = 1; ++ else ++ *nsize = be32_to_cpu(*nsize); + } + + static void copy_val(u32 *dest, u32 *src, int naddr) +@@ -163,9 +172,9 @@ static int add_reg(u32 *reg, u32 *add, int naddr) + int i, carry = 0; + + for (i = MAX_ADDR_CELLS - 1; i >= MAX_ADDR_CELLS - naddr; i--) { +- u64 tmp = (u64)reg[i] + add[i] + carry; ++ u64 tmp = (u64)be32_to_cpu(reg[i]) + be32_to_cpu(add[i]) + carry; + carry = tmp >> 32; +- reg[i] = (u32)tmp; ++ reg[i] = cpu_to_be32((u32)tmp); + } + + return !carry; +@@ -180,18 +189,18 @@ static int compare_reg(u32 *reg, u32 *range, u32 *rangesize) + u32 end; + + for (i = 0; i < MAX_ADDR_CELLS; i++) { +- if (reg[i] < range[i]) ++ if (be32_to_cpu(reg[i]) < be32_to_cpu(range[i])) + return 0; +- if (reg[i] > range[i]) ++ if (be32_to_cpu(reg[i]) > be32_to_cpu(range[i])) + break; + } + + for (i = 0; i < MAX_ADDR_CELLS; i++) { +- end = range[i] + rangesize[i]; ++ end = be32_to_cpu(range[i]) + be32_to_cpu(rangesize[i]); + +- if (reg[i] < end) ++ if (be32_to_cpu(reg[i]) < end) + break; +- if (reg[i] > end) ++ if (be32_to_cpu(reg[i]) > end) + return 0; + } + +@@ -240,7 +249,6 @@ static int dt_xlate(void *node, int res, int reglen, unsigned long *addr, + return 0; + + dt_get_reg_format(parent, &naddr, &nsize); +- + if (nsize > 2) + return 0; + +@@ -252,10 +260,10 @@ static int dt_xlate(void *node, int res, int reglen, unsigned long *addr, + + copy_val(last_addr, prop_buf + offset, naddr); + +- ret_size = prop_buf[offset + naddr]; ++ ret_size = be32_to_cpu(prop_buf[offset + naddr]); + if (nsize == 2) { + ret_size <<= 32; +- ret_size |= prop_buf[offset + naddr + 1]; ++ ret_size |= be32_to_cpu(prop_buf[offset + naddr + 1]); + } + + for (;;) { +@@ -278,7 +286,6 @@ static int dt_xlate(void *node, int res, int reglen, unsigned long *addr, + + offset = find_range(last_addr, prop_buf, prev_naddr, + naddr, prev_nsize, buflen / 4); +- + if (offset < 0) + return 0; + +@@ -296,8 +303,7 @@ static int dt_xlate(void *node, int res, int reglen, unsigned long *addr, + if (naddr > 2) + return 0; + +- ret_addr = ((u64)last_addr[2] << 32) | last_addr[3]; +- ++ ret_addr = ((u64)be32_to_cpu(last_addr[2]) << 32) | be32_to_cpu(last_addr[3]); + if (sizeof(void *) == 4 && + (ret_addr >= 0x100000000ULL || ret_size > 0x100000000ULL || + ret_addr + ret_size > 0x100000000ULL)) +@@ -350,11 +356,14 @@ int dt_is_compatible(void *node, const char *compat) + int dt_get_virtual_reg(void *node, void **addr, int nres) + { + unsigned long xaddr; +- int n; ++ int n, i; + + n = getprop(node, "virtual-reg", addr, nres * 4); +- if (n > 0) ++ if (n > 0) { ++ for (i = 0; i < n/4; i ++) ++ ((u32 *)addr)[i] = be32_to_cpu(((u32 *)addr)[i]); + return n / 4; ++ } + + for (n = 0; n < nres; n++) { + if (!dt_xlate_reg(node, n, &xaddr, NULL)) +diff --git a/arch/powerpc/boot/ns16550.c b/arch/powerpc/boot/ns16550.c +index b0da4466d419..f16d2be1d0f3 100644 +--- a/arch/powerpc/boot/ns16550.c ++++ b/arch/powerpc/boot/ns16550.c +@@ -15,6 +15,7 @@ + #include "stdio.h" + #include "io.h" + #include "ops.h" ++#include "of.h" + + #define UART_DLL 0 /* Out: Divisor Latch Low */ + #define UART_DLM 1 /* Out: Divisor Latch High */ +@@ -58,16 +59,20 @@ int ns16550_console_init(void *devp, struct serial_console_data *scdp) + int n; + u32 reg_offset; + +- if (dt_get_virtual_reg(devp, (void **)®_base, 1) < 1) ++ if (dt_get_virtual_reg(devp, (void **)®_base, 1) < 1) { ++ printf("virt reg parse fail...\r\n"); + return -1; ++ } + + n = getprop(devp, "reg-offset", ®_offset, sizeof(reg_offset)); + if (n == sizeof(reg_offset)) +- reg_base += reg_offset; ++ reg_base += be32_to_cpu(reg_offset); + + n = getprop(devp, "reg-shift", ®_shift, sizeof(reg_shift)); + if (n != sizeof(reg_shift)) + reg_shift = 0; ++ else ++ reg_shift = be32_to_cpu(reg_shift); + + scdp->open = ns16550_open; + scdp->putc = ns16550_putc; +-- +2.35.3 + diff --git a/patches.suse/powerpc-crashkernel-Take-mem-option-into-account.patch b/patches.suse/powerpc-crashkernel-Take-mem-option-into-account.patch new file mode 100644 index 0000000..283150a --- /dev/null +++ b/patches.suse/powerpc-crashkernel-Take-mem-option-into-account.patch @@ -0,0 +1,81 @@ +From be5470e0c285a68dc3afdea965032f5ddc8269d7 Mon Sep 17 00:00:00 2001 +From: Pingfan Liu +Date: Wed, 1 Apr 2020 22:00:44 +0800 +Subject: [PATCH] powerpc/crashkernel: Take "mem=" option into account + +References: bsc#1065729 +Patch-mainline: v5.8-rc1 +Git-commit: be5470e0c285a68dc3afdea965032f5ddc8269d7 + +'mem=" option is an easy way to put high pressure on memory during +some test. Hence after applying the memory limit, instead of total +mem, the actual usable memory should be considered when reserving mem +for crashkernel. Otherwise the boot up may experience OOM issue. + +E.g. it would reserve 4G prior to the change and 512M afterward, if +passing +crashkernel="2G-4G:384M,4G-16G:512M,16G-64G:1G,64G-128G:2G,128G-:4G", +and mem=5G on a 256G machine. + +This issue is powerpc specific because it puts higher priority on +fadump and kdump reservation than on "mem=". Referring the following +code: + if (fadump_reserve_mem() == 0) + reserve_crashkernel(); + ... + /* Ensure that total memory size is page-aligned. */ + limit = ALIGN(memory_limit ?: memblock_phys_mem_size(), PAGE_SIZE); + memblock_enforce_memory_limit(limit); + +While on other arches, the effect of "mem=" takes a higher priority +and pass through memblock_phys_mem_size() before calling +reserve_crashkernel(). + +Signed-off-by: Pingfan Liu +Reviewed-by: Hari Bathini +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/1585749644-4148-1-git-send-email-kernelfans@gmail.com +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/machine_kexec.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/arch/powerpc/kernel/machine_kexec.c b/arch/powerpc/kernel/machine_kexec.c +index 078fe3d76feb..56da5eb2b923 100644 +--- a/arch/powerpc/kernel/machine_kexec.c ++++ b/arch/powerpc/kernel/machine_kexec.c +@@ -115,11 +115,12 @@ void machine_kexec(struct kimage *image) + + void __init reserve_crashkernel(void) + { +- unsigned long long crash_size, crash_base; ++ unsigned long long crash_size, crash_base, total_mem_sz; + int ret; + ++ total_mem_sz = memory_limit ? memory_limit : memblock_phys_mem_size(); + /* use common parsing */ +- ret = parse_crashkernel(boot_command_line, memblock_phys_mem_size(), ++ ret = parse_crashkernel(boot_command_line, total_mem_sz, + &crash_size, &crash_base); + if (ret == 0 && crash_size > 0) { + crashk_res.start = crash_base; +@@ -178,6 +179,7 @@ void __init reserve_crashkernel(void) + /* Crash kernel trumps memory limit */ + if (memory_limit && memory_limit <= crashk_res.end) { + memory_limit = crashk_res.end + 1; ++ total_mem_sz = memory_limit; + printk("Adjusted memory limit for crashkernel, now 0x%llx\n", + memory_limit); + } +@@ -186,7 +188,7 @@ void __init reserve_crashkernel(void) + "for crashkernel (System RAM: %ldMB)\n", + (unsigned long)(crash_size >> 20), + (unsigned long)(crashk_res.start >> 20), +- (unsigned long)(memblock_phys_mem_size() >> 20)); ++ (unsigned long)(total_mem_sz >> 20)); + + if (!memblock_is_region_memory(crashk_res.start, crash_size) || + memblock_reserve(crashk_res.start, crash_size)) { +-- +2.35.3 + diff --git a/patches.suse/powerpc-disable_fixed_phb_option.patch b/patches.suse/powerpc-disable_fixed_phb_option.patch index a45e9f3..2dfcb5f 100644 --- a/patches.suse/powerpc-disable_fixed_phb_option.patch +++ b/patches.suse/powerpc-disable_fixed_phb_option.patch @@ -31,9 +31,9 @@ Acked-by: Jean Delvare +} +early_param("disable_fixed_phb", parse_disable_fixed_phb); + - /* - * This function should run under locking protection, specifically - * hose_spinlock. + static int get_phb_number(struct device_node *dn) + { + int ret, phb_id = -1; @@ -83,6 +91,9 @@ static int get_phb_number(struct device_ u32 prop_32; u64 prop; @@ -46,7 +46,7 @@ Acked-by: Jean Delvare * the respective device-tree properties. Firstly, try powernv by @@ -101,6 +112,7 @@ static int get_phb_number(struct device_ if ((phb_id >= 0) && !test_and_set_bit(phb_id, phb_bitmap)) - return phb_id; + goto out_unlock; + dynamic: /* diff --git a/patches.suse/powerpc-eeh-Fix-possible-null-deref-in-eeh_dump_dev_.patch b/patches.suse/powerpc-eeh-Fix-possible-null-deref-in-eeh_dump_dev_.patch new file mode 100644 index 0000000..4ff071b --- /dev/null +++ b/patches.suse/powerpc-eeh-Fix-possible-null-deref-in-eeh_dump_dev_.patch @@ -0,0 +1,40 @@ +From f9bc28aedfb5bbd572d2d365f3095c1becd7209b Mon Sep 17 00:00:00 2001 +From: Sam Bobroff +Date: Wed, 12 Sep 2018 11:23:20 +1000 +Subject: [PATCH] powerpc/eeh: Fix possible null deref in eeh_dump_dev_log() + +References: bsc#1065729 +Patch-mainline: v4.20-rc1 +Git-commit: f9bc28aedfb5bbd572d2d365f3095c1becd7209b + +If an error occurs during an unplug operation, it's possible for +eeh_dump_dev_log() to be called when edev->pdn is null, which +currently leads to dereferencing a null pointer. + +Handle this by skipping the error log for those devices. + +Signed-off-by: Sam Bobroff +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/eeh.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/arch/powerpc/kernel/eeh.c b/arch/powerpc/kernel/eeh.c +--- a/arch/powerpc/kernel/eeh.c ++++ b/arch/powerpc/kernel/eeh.c +@@ -169,6 +169,11 @@ static size_t eeh_dump_dev_log(struct eeh_dev *edev, char *buf, size_t len) + int n = 0, l = 0; + char buffer[128]; + ++ if (!pdn) { ++ pr_warn("EEH: Note: No error log for absent device.\n"); ++ return 0; ++ } ++ + n += scnprintf(buf+n, len-n, "%04x:%02x:%02x.%01x\n", + edev->phb->global_number, pdn->busno, + PCI_SLOT(pdn->devfn), PCI_FUNC(pdn->devfn)); +-- +2.35.3 + diff --git a/patches.suse/powerpc-eeh-Fix-use-of-EEH_PE_KEEP-on-wrong-field.patch b/patches.suse/powerpc-eeh-Fix-use-of-EEH_PE_KEEP-on-wrong-field.patch new file mode 100644 index 0000000..7d95be0 --- /dev/null +++ b/patches.suse/powerpc-eeh-Fix-use-of-EEH_PE_KEEP-on-wrong-field.patch @@ -0,0 +1,44 @@ +From 473af09b56dc4be68e4af33220ceca6be67aa60d Mon Sep 17 00:00:00 2001 +From: Sam Bobroff +Date: Wed, 12 Sep 2018 11:23:22 +1000 +Subject: [PATCH] powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field + +References: bsc#1065729 +Patch-mainline: v4.20-rc1 +Git-commit: 473af09b56dc4be68e4af33220ceca6be67aa60d + +eeh_add_to_parent_pe() sometimes removes the EEH_PE_KEEP flag, but it +incorrectly removes it from pe->type, instead of pe->state. + +However, rather than clearing it from the correct field, remove it. +Inspection of the code shows that it can't ever have had any effect +(even if it had been cleared from the correct field), because the +field is never tested after it is cleared by the statement in +question. + +The clear statement was added by commit 807a827d4e74 ("powerpc/eeh: +Keep PE during hotplug"), but it didn't explain why it was necessary. + +Signed-off-by: Sam Bobroff +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/eeh_pe.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/kernel/eeh_pe.c b/arch/powerpc/kernel/eeh_pe.c +index 1b238ecc553e..210d239a9395 100644 +--- a/arch/powerpc/kernel/eeh_pe.c ++++ b/arch/powerpc/kernel/eeh_pe.c +@@ -379,7 +379,7 @@ int eeh_add_to_parent_pe(struct eeh_dev *edev) + while (parent) { + if (!(parent->type & EEH_PE_INVALID)) + break; +- parent->type &= ~(EEH_PE_INVALID | EEH_PE_KEEP); ++ parent->type &= ~EEH_PE_INVALID; + parent = parent->parent; + } + +-- +2.35.3 + diff --git a/patches.suse/powerpc-eeh-Only-dump-stack-once-if-an-MMIO-loop-is-.patch b/patches.suse/powerpc-eeh-Only-dump-stack-once-if-an-MMIO-loop-is-.patch new file mode 100644 index 0000000..9f338ba --- /dev/null +++ b/patches.suse/powerpc-eeh-Only-dump-stack-once-if-an-MMIO-loop-is-.patch @@ -0,0 +1,48 @@ +From 4e0942c0302b5ad76b228b1a7b8c09f658a1d58a Mon Sep 17 00:00:00 2001 +From: Oliver O'Halloran +Date: Wed, 16 Oct 2019 12:25:36 +1100 +Subject: [PATCH] powerpc/eeh: Only dump stack once if an MMIO loop is detected + +References: bsc#1065729 +Patch-mainline: v5.6-rc1 +Git-commit: 4e0942c0302b5ad76b228b1a7b8c09f658a1d58a + +Many drivers don't check for errors when they get a 0xFFs response from an +MMIO load. As a result after an EEH event occurs a driver can get stuck in +a polling loop unless it some kind of internal timeout logic. + +Currently EEH tries to detect and report stuck drivers by dumping a stack +trace after eeh_dev_check_failure() is called EEH_MAX_FAILS times on an +already frozen PE. The value of EEH_MAX_FAILS was chosen so that a dump +would occur every few seconds if the driver was spinning in a loop. This +results in a lot of spurious stack traces in the kernel log. + +Fix this by limiting it to printing one stack trace for each PE freeze. If +the driver is truely stuck the kernel's hung task detector is better suited +to reporting the probelm anyway. + +Signed-off-by: Oliver O'Halloran +Reviewed-by: Sam Bobroff +Tested-by: Sam Bobroff +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20191016012536.22588-1-oohall@gmail.com +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/eeh.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/kernel/eeh.c b/arch/powerpc/kernel/eeh.c +--- a/arch/powerpc/kernel/eeh.c ++++ b/arch/powerpc/kernel/eeh.c +@@ -503,7 +503,7 @@ int eeh_dev_check_failure(struct eeh_dev *edev) + rc = 1; + if (pe->state & EEH_PE_ISOLATED) { + pe->check_count++; +- if (pe->check_count % EEH_MAX_FAILS == 0) { ++ if (pe->check_count == EEH_MAX_FAILS) { + pdn = eeh_dev_to_pdn(edev); + if (pdn->node) + location = of_get_property(pdn->node, "ibm,loc-code", NULL); +-- +2.35.3 + diff --git a/patches.suse/powerpc-futex-Fix-warning-oldval-may-be-used-uniniti.patch b/patches.suse/powerpc-futex-Fix-warning-oldval-may-be-used-uniniti.patch new file mode 100644 index 0000000..4003ec4 --- /dev/null +++ b/patches.suse/powerpc-futex-Fix-warning-oldval-may-be-used-uniniti.patch @@ -0,0 +1,51 @@ +From 38a0d0cdb46d3f91534e5b9839ec2d67be14c59d Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Wed, 14 Aug 2019 09:25:52 +0000 +Subject: [PATCH] powerpc/futex: Fix warning: 'oldval' may be used + uninitialized in this function + +References: bsc#1065729 +Patch-mainline: v5.4-rc1 +Git-commit: 38a0d0cdb46d3f91534e5b9839ec2d67be14c59d + +We see warnings such as: + kernel/futex.c: In function 'do_futex': + kernel/futex.c:1676:17: warning: 'oldval' may be used uninitialized in this function [-Wmaybe-uninitialized] + return oldval == cmparg; + ^ + kernel/futex.c:1651:6: note: 'oldval' was declared here + int oldval, ret; + ^ + +This is because arch_futex_atomic_op_inuser() only sets *oval if ret +is 0 and GCC doesn't see that it will only use it when ret is 0. + +Anyway, the non-zero ret path is an error path that won't suffer from +setting *oval, and as *oval is a local var in futex_atomic_op_inuser() +it will have no impact. + +Signed-off-by: Christophe Leroy +[mpe: reword change log slightly] +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/86b72f0c134367b214910b27b9a6dd3321af93bb.1565774657.git.christophe.leroy@c-s.fr +Acked-by: Michal Suchanek +--- + arch/powerpc/include/asm/futex.h | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/arch/powerpc/include/asm/futex.h b/arch/powerpc/include/asm/futex.h +--- a/arch/powerpc/include/asm/futex.h ++++ b/arch/powerpc/include/asm/futex.h +@@ -60,8 +60,7 @@ static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval, + + pagefault_enable(); + +- if (!ret) +- *oval = oldval; ++ *oval = oldval; + + return ret; + } +-- +2.35.3 + diff --git a/patches.suse/powerpc-improve-handling-of-unrecoverable-system-res.patch b/patches.suse/powerpc-improve-handling-of-unrecoverable-system-res.patch new file mode 100644 index 0000000..5f94dbb --- /dev/null +++ b/patches.suse/powerpc-improve-handling-of-unrecoverable-system-res.patch @@ -0,0 +1,42 @@ +From 11cb0a25f71818ca7ab4856548ecfd83c169aa4d Mon Sep 17 00:00:00 2001 +From: Nicholas Piggin +Date: Sat, 30 Jan 2021 23:08:35 +1000 +Subject: [PATCH] powerpc: improve handling of unrecoverable system reset + +References: bsc#1065729 +Patch-mainline: v5.12-rc1 +Git-commit: 11cb0a25f71818ca7ab4856548ecfd83c169aa4d + +If an unrecoverable system reset hits in process context, the system +does not have to panic. Similar to machine check, call nmi_exit() +before die(). + +Signed-off-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20210130130852.2952424-26-npiggin@gmail.com +Fixes: 2b4f3ac56426 ("powerpc: Mark system reset as an NMI with nmi_enter/exit()") +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/traps.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c +index 3a8699995a77..f70d3f6174c8 100644 +--- a/arch/powerpc/kernel/traps.c ++++ b/arch/powerpc/kernel/traps.c +@@ -503,8 +503,11 @@ void system_reset_exception(struct pt_regs *regs) + die("Unrecoverable nested System Reset", regs, SIGABRT); + #endif + /* Must die if the interrupt is not recoverable */ +- if (!(regs->msr & MSR_RI)) ++ if (!(regs->msr & MSR_RI)) { ++ /* For the reason explained in die_mce, nmi_exit before die */ ++ nmi_exit(); + die("Unrecoverable System Reset", regs, SIGABRT); ++ } + + if (saved_hsrrs) { + mtspr(SPRN_HSRR0, hsrr0); +-- +2.35.3 + diff --git a/patches.suse/powerpc-iommu-Avoid-derefence-before-pointer-check.patch b/patches.suse/powerpc-iommu-Avoid-derefence-before-pointer-check.patch new file mode 100644 index 0000000..982d7d7 --- /dev/null +++ b/patches.suse/powerpc-iommu-Avoid-derefence-before-pointer-check.patch @@ -0,0 +1,40 @@ +From 984ecdd68de0fa1f63ce205d6c19ef5a7bc67b40 Mon Sep 17 00:00:00 2001 +From: Breno Leitao +Date: Tue, 21 Aug 2018 15:44:48 -0300 +Subject: [PATCH] powerpc/iommu: Avoid derefence before pointer check + +References: bsc#1065729 +Patch-mainline: v4.20-rc1 +Git-commit: 984ecdd68de0fa1f63ce205d6c19ef5a7bc67b40 + +The tbl pointer is being derefenced by IOMMU_PAGE_SIZE prior the check +if it is not NULL. + +Just moving the dereference code to after the check, where there will +be guarantee that 'tbl' will not be NULL. + +Signed-off-by: Breno Leitao +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/iommu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/kernel/iommu.c b/arch/powerpc/kernel/iommu.c +index af7a20dc6e09..80b6caaa9b92 100644 +--- a/arch/powerpc/kernel/iommu.c ++++ b/arch/powerpc/kernel/iommu.c +@@ -785,9 +785,9 @@ dma_addr_t iommu_map_page(struct device *dev, struct iommu_table *tbl, + + vaddr = page_address(page) + offset; + uaddr = (unsigned long)vaddr; +- npages = iommu_num_pages(uaddr, size, IOMMU_PAGE_SIZE(tbl)); + + if (tbl) { ++ npages = iommu_num_pages(uaddr, size, IOMMU_PAGE_SIZE(tbl)); + align = 0; + if (tbl->it_page_shift < PAGE_SHIFT && size >= PAGE_SIZE && + ((unsigned long)vaddr & ~PAGE_MASK) == 0) +-- +2.35.3 + diff --git a/patches.suse/powerpc-mm-Make-NULL-pointer-deferences-explicit-on-.patch b/patches.suse/powerpc-mm-Make-NULL-pointer-deferences-explicit-on-.patch new file mode 100644 index 0000000..a7c4384 --- /dev/null +++ b/patches.suse/powerpc-mm-Make-NULL-pointer-deferences-explicit-on-.patch @@ -0,0 +1,63 @@ +From 49a502ea23bf9dec47f8f3c3960909ff409cd1bb Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Fri, 14 Dec 2018 15:23:33 +0000 +Subject: [PATCH] powerpc/mm: Make NULL pointer deferences explicit on bad page + faults. + +References: bsc#1065729 +Patch-mainline: v5.0-rc1 +Git-commit: 49a502ea23bf9dec47f8f3c3960909ff409cd1bb + +As several other arches including x86, this patch makes it explicit +that a bad page fault is a NULL pointer dereference when the fault +address is lower than PAGE_SIZE + +In the mean time, this page makes all bad_page_fault() messages +shorter so that they remain on one single line. And it prefixes them +by "BUG: " so that they get easily grepped. + +Signed-off-by: Christophe Leroy +[mpe: Avoid pr_cont()] +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/mm/fault.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c +--- a/arch/powerpc/mm/fault.c ++++ b/arch/powerpc/mm/fault.c +@@ -650,21 +650,22 @@ void bad_page_fault(struct pt_regs *regs, unsigned long address, int sig) + switch (regs->trap) { + case 0x300: + case 0x380: +- printk(KERN_ALERT "Unable to handle kernel paging request for " +- "data at address 0x%08lx\n", regs->dar); ++ pr_alert("BUG: %s at 0x%08lx\n", ++ regs->dar < PAGE_SIZE ? "Kernel NULL pointer dereference" : ++ "Unable to handle kernel data access", regs->dar); + break; + case 0x400: + case 0x480: +- printk(KERN_ALERT "Unable to handle kernel paging request for " +- "instruction fetch\n"); ++ pr_alert("BUG: Unable to handle kernel instruction fetch%s", ++ regs->nip < PAGE_SIZE ? " (NULL pointer?)\n" : "\n"); + break; + case 0x600: +- printk(KERN_ALERT "Unable to handle kernel paging request for " +- "unaligned access at address 0x%08lx\n", regs->dar); ++ pr_alert("BUG: Unable to handle kernel unaligned access at 0x%08lx\n", ++ regs->dar); + break; + default: +- printk(KERN_ALERT "Unable to handle kernel paging request for " +- "unknown fault\n"); ++ pr_alert("BUG: Unable to handle unknown paging fault at 0x%08lx\n", ++ regs->dar); + break; + } + printk(KERN_ALERT "Faulting instruction address: 0x%08lx\n", +-- +2.35.3 + diff --git a/patches.suse/powerpc-pci-Fix-get_phb_number-locking.patch b/patches.suse/powerpc-pci-Fix-get_phb_number-locking.patch new file mode 100644 index 0000000..ee6e0cc --- /dev/null +++ b/patches.suse/powerpc-pci-Fix-get_phb_number-locking.patch @@ -0,0 +1,112 @@ +From 8d48562a2729742f767b0fdd994d6b2a56a49c63 Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Mon, 15 Aug 2022 16:55:23 +1000 +Subject: [PATCH] powerpc/pci: Fix get_phb_number() locking + +References: bsc#1065729 +Patch-mainline: v6.0-rc2 +Git-commit: 8d48562a2729742f767b0fdd994d6b2a56a49c63 + +The recent change to get_phb_number() causes a DEBUG_ATOMIC_SLEEP +warning on some systems: + + BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580 + in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper + preempt_count: 1, expected: 0 + RCU nest depth: 0, expected: 0 + 1 lock held by swapper/1: + #0: c157efb0 (hose_spinlock){+.+.}-{2:2}, at: pcibios_alloc_controller+0x64/0x220 + Preemption disabled at: + [<00000000>] 0x0 + CPU: 0 PID: 1 Comm: swapper Not tainted 5.19.0-yocto-standard+ #1 + Call Trace: + [d101dc90] [c073b264] dump_stack_lvl+0x50/0x8c (unreliable) + [d101dcb0] [c0093b70] __might_resched+0x258/0x2a8 + [d101dcd0] [c0d3e634] __mutex_lock+0x6c/0x6ec + [d101dd50] [c0a84174] of_alias_get_id+0x50/0xf4 + [d101dd80] [c002ec78] pcibios_alloc_controller+0x1b8/0x220 + [d101ddd0] [c140c9dc] pmac_pci_init+0x198/0x784 + [d101de50] [c140852c] discover_phbs+0x30/0x4c + [d101de60] [c0007fd4] do_one_initcall+0x94/0x344 + [d101ded0] [c1403b40] kernel_init_freeable+0x1a8/0x22c + [d101df10] [c00086e0] kernel_init+0x34/0x160 + [d101df30] [c001b334] ret_from_kernel_thread+0x5c/0x64 + +This is because pcibios_alloc_controller() holds hose_spinlock but +of_alias_get_id() takes of_mutex which can sleep. + +The hose_spinlock protects the phb_bitmap, and also the hose_list, but +it doesn't need to be held while get_phb_number() calls the OF routines, +because those are only looking up information in the device tree. + +So fix it by having get_phb_number() take the hose_spinlock itself, only +where required, and then dropping the lock before returning. +pcibios_alloc_controller() then needs to take the lock again before the +list_add() but that's safe, the order of the list is not important. + +Fixes: 0fe1e96fef0a ("powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias") +Reported-by: Guenter Roeck +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220815065550.1303620-1-mpe@ellerman.id.au +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/pci-common.c | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +diff --git a/arch/powerpc/kernel/pci-common.c b/arch/powerpc/kernel/pci-common.c +--- a/arch/powerpc/kernel/pci-common.c ++++ b/arch/powerpc/kernel/pci-common.c +@@ -68,10 +68,6 @@ void __init set_pci_dma_ops(const struct dma_map_ops *dma_ops) + } + EXPORT_SYMBOL(get_pci_dma_ops); + +-/* +- * This function should run under locking protection, specifically +- * hose_spinlock. +- */ + static int get_phb_number(struct device_node *dn) + { + int ret, phb_id = -1; +@@ -108,18 +104,23 @@ static int get_phb_number(struct device_node *dn) + if (!ret) + phb_id = (int)(prop & (MAX_PHBS - 1)); + ++ spin_lock(&hose_spinlock); ++ + /* We need to be sure to not use the same PHB number twice. */ + if ((phb_id >= 0) && !test_and_set_bit(phb_id, phb_bitmap)) +- return phb_id; ++ goto out_unlock; + + /* + * If not pseries nor powernv, or if fixed PHB numbering tried to add + * the same PHB number twice, then fallback to dynamic PHB numbering. + */ + phb_id = find_first_zero_bit(phb_bitmap, MAX_PHBS); + BUG_ON(phb_id >= MAX_PHBS); + set_bit(phb_id, phb_bitmap); + ++out_unlock: ++ spin_unlock(&hose_spinlock); ++ + return phb_id; + } + +@@ -127,10 +128,13 @@ struct pci_controller *pcibios_alloc_controller(struct device_node *dev) + phb = zalloc_maybe_bootmem(sizeof(struct pci_controller), GFP_KERNEL); + if (phb == NULL) + return NULL; +- spin_lock(&hose_spinlock); ++ + phb->global_number = get_phb_number(dev); ++ ++ spin_lock(&hose_spinlock); + list_add_tail(&phb->list_node, &hose_list); + spin_unlock(&hose_spinlock); ++ + phb->dn = dev; + phb->is_dynamic = slab_is_available(); + #ifdef CONFIG_PPC64 +-- +2.35.3 + diff --git a/patches.suse/powerpc-pci-of-Fix-OF-flags-parsing-for-64bit-BARs.patch b/patches.suse/powerpc-pci-of-Fix-OF-flags-parsing-for-64bit-BARs.patch new file mode 100644 index 0000000..994de97 --- /dev/null +++ b/patches.suse/powerpc-pci-of-Fix-OF-flags-parsing-for-64bit-BARs.patch @@ -0,0 +1,67 @@ +From df5be5be8735ef2ae80d5ae1f2453cd81a035c4b Mon Sep 17 00:00:00 2001 +From: Alexey Kardashevskiy +Date: Wed, 5 Jun 2019 13:38:14 +1000 +Subject: [PATCH] powerpc/pci/of: Fix OF flags parsing for 64bit BARs + +References: bsc#1065729 +Patch-mainline: v5.3-rc1 +Git-commit: df5be5be8735ef2ae80d5ae1f2453cd81a035c4b + +When the firmware does PCI BAR resource allocation, it passes the assigned +addresses and flags (prefetch/64bit/...) via the "reg" property of +a PCI device device tree node so the kernel does not need to do +resource allocation. + +The flags are stored in resource::flags - the lower byte stores +PCI_BASE_ADDRESS_SPACE/etc bits and the other bytes are IORESOURCE_IO/etc. +Some flags from PCI_BASE_ADDRESS_xxx and IORESOURCE_xxx are duplicated, +such as PCI_BASE_ADDRESS_MEM_PREFETCH/PCI_BASE_ADDRESS_MEM_TYPE_64/etc. +When parsing the "reg" property, we copy the prefetch flag but we skip +on PCI_BASE_ADDRESS_MEM_TYPE_64 which leaves the flags out of sync. + +The missing IORESOURCE_MEM_64 flag comes into play under 2 conditions: +1. we remove PCI_PROBE_ONLY for pseries (by hacking pSeries_setup_arch() +or by passing "/chosen/linux,pci-probe-only"); +2. we request resource alignment (by passing pci=resource_alignment= +via the kernel cmd line to request PAGE_SIZE alignment or defining +ppc_md.pcibios_default_alignment which returns anything but 0). Note that +the alignment requests are ignored if PCI_PROBE_ONLY is enabled. + +With 1) and 2), the generic PCI code in the kernel unconditionally +decides to: +- reassign the BARs in pci_specified_resource_alignment() (works fine) +- write new BARs to the device - this fails for 64bit BARs as the generic +code looks at IORESOURCE_MEM_64 (not set) and writes only lower 32bits +of the BAR and leaves the upper 32bit unmodified which breaks BAR mapping +in the hypervisor. + +This fixes the issue by copying the flag. This is useful if we want to +enforce certain BAR alignment per platform as handling subpage sized BARs +is proven to cause problems with hotplug (SLOF already aligns BARs to 64k). + +Signed-off-by: Alexey Kardashevskiy +Reviewed-by: Sam Bobroff +Reviewed-by: Oliver O'Halloran +Reviewed-by: Shawn Anastasio +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/pci_of_scan.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/arch/powerpc/kernel/pci_of_scan.c b/arch/powerpc/kernel/pci_of_scan.c +index 24191ea2d9a7..64ad92016b63 100644 +--- a/arch/powerpc/kernel/pci_of_scan.c ++++ b/arch/powerpc/kernel/pci_of_scan.c +@@ -45,6 +45,8 @@ unsigned int pci_parse_of_flags(u32 addr0, int bridge) + if (addr0 & 0x02000000) { + flags = IORESOURCE_MEM | PCI_BASE_ADDRESS_SPACE_MEMORY; + flags |= (addr0 >> 22) & PCI_BASE_ADDRESS_MEM_TYPE_64; ++ if (flags & PCI_BASE_ADDRESS_MEM_TYPE_64) ++ flags |= IORESOURCE_MEM_64; + flags |= (addr0 >> 28) & PCI_BASE_ADDRESS_MEM_TYPE_1M; + if (addr0 & 0x40000000) + flags |= IORESOURCE_PREFETCH +-- +2.35.3 + diff --git a/patches.suse/powerpc-perf-callchain-validate-kernel-stack-pointer.patch b/patches.suse/powerpc-perf-callchain-validate-kernel-stack-pointer.patch new file mode 100644 index 0000000..df8d0b3 --- /dev/null +++ b/patches.suse/powerpc-perf-callchain-validate-kernel-stack-pointer.patch @@ -0,0 +1,46 @@ +From 32c5209214bd8d4f8c4e9d9b630ef4c671f58e79 Mon Sep 17 00:00:00 2001 +From: Nicholas Piggin +Date: Sun, 27 Nov 2022 22:49:28 +1000 +Subject: [PATCH] powerpc/perf: callchain validate kernel stack pointer bounds + +References: bsc#1065729 +Patch-mainline: v6.2-rc1 +Git-commit: 32c5209214bd8d4f8c4e9d9b630ef4c671f58e79 + +The interrupt frame detection and loads from the hypothetical pt_regs +are not bounds-checked. The next-frame validation only bounds-checks +STACK_FRAME_OVERHEAD, which does not include the pt_regs. Add another +test for this. + +The user could set r1 to be equal to the address matching the first +interrupt frame - STACK_INT_FRAME_SIZE, which is in the previous page +due to the kernel redzone, and induce the kernel to load the marker from +there. Possibly this could cause a crash at least. If the user could +induce the previous page to contain a valid marker, then it might be +able to direct perf to read specific memory addresses in a way that +could be transmitted back to the user in the perf data. + +Fixes: 20002ded4d93 ("perf_counter: powerpc: Add callchain support") +Signed-off-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20221127124942.1665522-4-npiggin@gmail.com +Acked-by: Michal Suchanek +--- + arch/powerpc/perf/callchain.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/powerpc/perf/callchain.c b/arch/powerpc/perf/callchain.c +index 082f6d0308a47..8718289c051dd 100644 +--- a/arch/powerpc/perf/callchain.c ++++ b/arch/powerpc/perf/callchain.c +@@ -61,6 +61,7 @@ perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *re + next_sp = fp[0]; + + if (next_sp == sp + STACK_INT_FRAME_SIZE && ++ validate_sp(sp, current, STACK_INT_FRAME_SIZE) && + fp[STACK_FRAME_MARKER] == STACK_FRAME_REGS_MARKER) { + /* + * This looks like an interrupt frame for an +-- +2.35.3 + diff --git a/patches.suse/powerpc-powernv-add-missing-of_node_put.patch b/patches.suse/powerpc-powernv-add-missing-of_node_put.patch new file mode 100644 index 0000000..f74dd2d --- /dev/null +++ b/patches.suse/powerpc-powernv-add-missing-of_node_put.patch @@ -0,0 +1,59 @@ +From 7d405a939ca960162eb30c1475759cb2fdf38f8c Mon Sep 17 00:00:00 2001 +From: Julia Lawall +Date: Fri, 20 Nov 2015 20:33:21 +0000 +Subject: [PATCH] powerpc/powernv: add missing of_node_put + +References: bsc#1065729 +Patch-mainline: v5.17-rc1 +Git-commit: 7d405a939ca960162eb30c1475759cb2fdf38f8c + +for_each_compatible_node performs an of_node_get on each iteration, so +a break out of the loop requires an of_node_put. + +A simplified version of the semantic patch that fixes this problem is as +follows (http://coccinelle.lip6.fr): + +// +@@ +local idexpression n; +expression e; +@@ + + for_each_compatible_node(n,...) { + ... +( + of_node_put(n); +| + e = n +| ++ of_node_put(n); +? break; +) + ... + } +... when != n +// + +Signed-off-by: Julia Lawall +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/1448051604-25256-4-git-send-email-Julia.Lawall@lip6.fr +Acked-by: Michal Suchanek +--- + arch/powerpc/platforms/powernv/opal-lpc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/powerpc/platforms/powernv/opal-lpc.c b/arch/powerpc/platforms/powernv/opal-lpc.c +index 1e5d51db40f8..5390c888db16 100644 +--- a/arch/powerpc/platforms/powernv/opal-lpc.c ++++ b/arch/powerpc/platforms/powernv/opal-lpc.c +@@ -396,6 +396,7 @@ void __init opal_lpc_init(void) + if (!of_get_property(np, "primary", NULL)) + continue; + opal_lpc_chip_id = of_get_ibm_chip_id(np); ++ of_node_put(np); + break; + } + if (opal_lpc_chip_id < 0) +-- +2.35.3 + diff --git a/patches.suse/powerpc-powernv-eeh-npu-Fix-uninitialized-variables-.patch b/patches.suse/powerpc-powernv-eeh-npu-Fix-uninitialized-variables-.patch new file mode 100644 index 0000000..af7b24a --- /dev/null +++ b/patches.suse/powerpc-powernv-eeh-npu-Fix-uninitialized-variables-.patch @@ -0,0 +1,85 @@ +From c20577014f85f36d4e137d3d52a1f61225b4a3d2 Mon Sep 17 00:00:00 2001 +From: Alexey Kardashevskiy +Date: Mon, 19 Nov 2018 15:25:17 +1100 +Subject: [PATCH] powerpc/powernv/eeh/npu: Fix uninitialized variables in + opal_pci_eeh_freeze_status + +References: bsc#1065729 +Patch-mainline: v5.0-rc1 +Git-commit: c20577014f85f36d4e137d3d52a1f61225b4a3d2 + +The current implementation of the OPAL_PCI_EEH_FREEZE_STATUS call in +skiboot's NPU driver does not touch the pci_error_type parameter so +it might have garbage but the powernv code analyzes it nevertheless. + +This initializes pcierr and fstate to zero in all call sites. + +Signed-off-by: Alexey Kardashevskiy +Reviewed-by: Sam Bobroff +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/platforms/powernv/eeh-powernv.c | 8 ++++---- + arch/powerpc/platforms/powernv/pci-ioda.c | 4 ++-- + arch/powerpc/platforms/powernv/pci.c | 4 ++-- + 3 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/arch/powerpc/platforms/powernv/eeh-powernv.c b/arch/powerpc/platforms/powernv/eeh-powernv.c +index abc0be7507c8..f38078976c5d 100644 +--- a/arch/powerpc/platforms/powernv/eeh-powernv.c ++++ b/arch/powerpc/platforms/powernv/eeh-powernv.c +@@ -564,8 +564,8 @@ static void pnv_eeh_get_phb_diag(struct eeh_pe *pe) + static int pnv_eeh_get_phb_state(struct eeh_pe *pe) + { + struct pnv_phb *phb = pe->phb->private_data; +- u8 fstate; +- __be16 pcierr; ++ u8 fstate = 0; ++ __be16 pcierr = 0; + s64 rc; + int result = 0; + +@@ -603,8 +603,8 @@ static int pnv_eeh_get_phb_state(struct eeh_pe *pe) + static int pnv_eeh_get_pe_state(struct eeh_pe *pe) + { + struct pnv_phb *phb = pe->phb->private_data; +- u8 fstate; +- __be16 pcierr; ++ u8 fstate = 0; ++ __be16 pcierr = 0; + s64 rc; + int result; + +diff --git a/arch/powerpc/platforms/powernv/pci-ioda.c b/arch/powerpc/platforms/powernv/pci-ioda.c +index 3d2d8fa1f87b..9ee7a30e7bad 100644 +--- a/arch/powerpc/platforms/powernv/pci-ioda.c ++++ b/arch/powerpc/platforms/powernv/pci-ioda.c +@@ -602,8 +602,8 @@ static int pnv_ioda_unfreeze_pe(struct pnv_phb *phb, int pe_no, int opt) + static int pnv_ioda_get_pe_state(struct pnv_phb *phb, int pe_no) + { + struct pnv_ioda_pe *slave, *pe; +- u8 fstate, state; +- __be16 pcierr; ++ u8 fstate = 0, state; ++ __be16 pcierr = 0; + s64 rc; + + /* Sanity check on PE number */ +diff --git a/arch/powerpc/platforms/powernv/pci.c b/arch/powerpc/platforms/powernv/pci.c +index 13aef2323bbc..db230a35609b 100644 +--- a/arch/powerpc/platforms/powernv/pci.c ++++ b/arch/powerpc/platforms/powernv/pci.c +@@ -602,8 +602,8 @@ static void pnv_pci_handle_eeh_config(struct pnv_phb *phb, u32 pe_no) + static void pnv_pci_config_check_eeh(struct pci_dn *pdn) + { + struct pnv_phb *phb = pdn->phb->private_data; +- u8 fstate; +- __be16 pcierr; ++ u8 fstate = 0; ++ __be16 pcierr = 0; + unsigned int pe_no; + s64 rc; + +-- +2.35.3 + diff --git a/patches.suse/powerpc-powernv-iov-Ensure-the-pdn-for-VFs-always-co.patch b/patches.suse/powerpc-powernv-iov-Ensure-the-pdn-for-VFs-always-co.patch new file mode 100644 index 0000000..6eba7e3 --- /dev/null +++ b/patches.suse/powerpc-powernv-iov-Ensure-the-pdn-for-VFs-always-co.patch @@ -0,0 +1,165 @@ +From 3b5b9997b331e77ce967eba2c4bc80dc3134a7fe Mon Sep 17 00:00:00 2001 +From: Oliver O'Halloran +Date: Mon, 28 Oct 2019 19:54:22 +1100 +Subject: [PATCH] powerpc/powernv/iov: Ensure the pdn for VFs always contains a + valid PE number + +References: bsc#1065729 +Patch-mainline: v5.6-rc1 +Git-commit: 3b5b9997b331e77ce967eba2c4bc80dc3134a7fe + +On pseries there is a bug with adding hotplugged devices to an IOMMU +group. For a number of dumb reasons fixing that bug first requires +re-working how VFs are configured on PowerNV. For background, on +PowerNV we use the pcibios_sriov_enable() hook to do two things: + + 1. Create a pci_dn structure for each of the VFs, and + 2. Configure the PHB's internal BARs so the MMIO range for each VF + maps to a unique PE. + +Roughly speaking a PE is the hardware counterpart to a Linux IOMMU +group since all the devices in a PE share the same IOMMU table. A PE +also defines the set of devices that should be isolated in response to +a PCI error (i.e. bad DMA, UR/CA, AER events, etc). When isolated all +MMIO and DMA traffic to and from devicein the PE is blocked by the +root complex until the PE is recovered by the OS. + +The requirement to block MMIO causes a giant headache because the P8 +PHB generally uses a fixed mapping between MMIO addresses and PEs. As +a result we need to delay configuring the IOMMU groups for device +until after MMIO resources are assigned. For physical devices (i.e. +non-VFs) the PE assignment is done in pcibios_setup_bridge() which is +called immediately after the MMIO resources for downstream +devices (and the bridge's windows) are assigned. For VFs the setup is +more complicated because: + + a) pcibios_setup_bridge() is not called again when VFs are activated, and + b) The pci_dev for VFs are created by generic code which runs after + pcibios_sriov_enable() is called. + +The work around for this is a two step process: + + 1. A fixup in pcibios_add_device() is used to initialised the cached + pe_number in pci_dn, then + 2. A bus notifier then adds the device to the IOMMU group for the PE + specified in pci_dn->pe_number. + +A side effect fixing the pseries bug mentioned in the first paragraph +is moving the fixup out of pcibios_add_device() and into +pcibios_bus_add_device(), which is called much later. This results in +step 2. failing because pci_dn->pe_number won't be initialised when +the bus notifier is run. + +We can fix this by removing the need for the fixup. The PE for a VF is +known before the VF is even scanned so we can initialise +pci_dn->pe_number pcibios_sriov_enable() instead. Unfortunately, +moving the initialisation causes two problems: + + 1. We trip the WARN_ON() in the current fixup code, and + 2. The EEH core clears pdn->pe_number when recovering a VF and + relies on the fixup to correctly re-set it. + +The only justification for either of these is a comment in +eeh_rmv_device() suggesting that pdn->pe_number *must* be set to +IODA_INVALID_PE in order for the VF to be scanned. However, this +comment appears to have no basis in reality. Both bugs can be fixed by +just deleting the code. + +Tested-by: Alexey Kardashevskiy +Reviewed-by: Alexey Kardashevskiy +Signed-off-by: Oliver O'Halloran +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20191028085424.12006-1-oohall@gmail.com +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/eeh_driver.c | 6 ------ + arch/powerpc/platforms/powernv/pci-ioda.c | 19 +++++++++++++++---- + arch/powerpc/platforms/powernv/pci.c | 4 ---- + 3 files changed, 15 insertions(+), 14 deletions(-) + +diff --git a/arch/powerpc/kernel/eeh_driver.c b/arch/powerpc/kernel/eeh_driver.c +--- a/arch/powerpc/kernel/eeh_driver.c ++++ b/arch/powerpc/kernel/eeh_driver.c +@@ -525,12 +525,6 @@ static void eeh_rmv_device(struct eeh_dev *edev, void *userdata) + + pci_iov_remove_virtfn(edev->physfn, pdn->vf_index); + edev->pdev = NULL; +- +- /* +- * We have to set the VF PE number to invalid one, which is +- * required to plug the VF successfully. +- */ +- pdn->pe_number = IODA_INVALID_PE; + #endif + if (rmv_data) + list_add(&edev->rmv_list, &rmv_data->edev_list); +diff --git a/arch/powerpc/platforms/powernv/pci-ioda.c b/arch/powerpc/platforms/powernv/pci-ioda.c +--- a/arch/powerpc/platforms/powernv/pci-ioda.c ++++ b/arch/powerpc/platforms/powernv/pci-ioda.c +@@ -1558,6 +1558,10 @@ static void pnv_ioda_setup_vf_PE(struct pci_dev *pdev, u16 num_vfs) + + /* Reserve PE for each VF */ + for (vf_index = 0; vf_index < num_vfs; vf_index++) { ++ int vf_devfn = pci_iov_virtfn_devfn(pdev, vf_index); ++ int vf_bus = pci_iov_virtfn_bus(pdev, vf_index); ++ struct pci_dn *vf_pdn; ++ + if (pdn->m64_single_mode) + pe_num = pdn->pe_num_map[vf_index]; + else +@@ -1570,13 +1574,11 @@ static void pnv_ioda_setup_vf_PE(struct pci_dev *pdev, u16 num_vfs) + pe->pbus = NULL; + pe->parent_dev = pdev; + pe->mve_number = -1; +- pe->rid = (pci_iov_virtfn_bus(pdev, vf_index) << 8) | +- pci_iov_virtfn_devfn(pdev, vf_index); ++ pe->rid = (vf_bus << 8) | vf_devfn; + + pe_info(pe, "VF %04d:%02d:%02d.%d associated with PE#%x\n", + hose->global_number, pdev->bus->number, +- PCI_SLOT(pci_iov_virtfn_devfn(pdev, vf_index)), +- PCI_FUNC(pci_iov_virtfn_devfn(pdev, vf_index)), pe_num); ++ PCI_SLOT(vf_devfn), PCI_FUNC(vf_devfn), pe_num); + + if (pnv_ioda_configure_pe(phb, pe)) { + /* XXX What do we do here ? */ +@@ -1590,6 +1592,15 @@ static void pnv_ioda_setup_vf_PE(struct pci_dev *pdev, u16 num_vfs) + list_add_tail(&pe->list, &phb->ioda.pe_list); + mutex_unlock(&phb->ioda.pe_list_mutex); + ++ /* associate this pe to it's pdn */ ++ list_for_each_entry(vf_pdn, &pdn->parent->child_list, list) { ++ if (vf_pdn->busno == vf_bus && ++ vf_pdn->devfn == vf_devfn) { ++ vf_pdn->pe_number = pe_num; ++ break; ++ } ++ } ++ + pnv_pci_ioda2_setup_dma_pe(phb, pe); + } + } +diff --git a/arch/powerpc/platforms/powernv/pci.c b/arch/powerpc/platforms/powernv/pci.c +index c0bea75ac27b..e8e58a2cccdd 100644 +--- a/arch/powerpc/platforms/powernv/pci.c ++++ b/arch/powerpc/platforms/powernv/pci.c +@@ -816,16 +816,12 @@ void pnv_pci_dma_dev_setup(struct pci_dev *pdev) + struct pnv_phb *phb = hose->private_data; + #ifdef CONFIG_PCI_IOV + struct pnv_ioda_pe *pe; +- struct pci_dn *pdn; + + /* Fix the VF pdn PE number */ + if (pdev->is_virtfn) { +- pdn = pci_get_pdn(pdev); +- WARN_ON(pdn->pe_number != IODA_INVALID_PE); + list_for_each_entry(pe, &phb->ioda.pe_list, list) { + if (pe->rid == ((pdev->bus->number << 8) | + (pdev->devfn & 0xff))) { +- pdn->pe_number = pe->pe_number; + pe->pdev = pdev; + break; + } +-- +2.35.3 + diff --git a/patches.suse/powerpc-powernv-opal_put_chars-partial-write-fix.patch b/patches.suse/powerpc-powernv-opal_put_chars-partial-write-fix.patch new file mode 100644 index 0000000..abb8776 --- /dev/null +++ b/patches.suse/powerpc-powernv-opal_put_chars-partial-write-fix.patch @@ -0,0 +1,42 @@ +From bd90284cc6c1c9e8e48c8eadd0c79574fcce0b81 Mon Sep 17 00:00:00 2001 +From: Nicholas Piggin +Date: Tue, 1 May 2018 00:55:44 +1000 +Subject: [PATCH] powerpc/powernv: opal_put_chars partial write fix + +References: bsc#1065729 +Patch-mainline: v4.19-rc1 +Git-commit: bd90284cc6c1c9e8e48c8eadd0c79574fcce0b81 + +The intention here is to consume and discard the remaining buffer +upon error. This works if there has not been a previous partial write. +If there has been, then total_len is no longer total number of bytes +to copy. total_len is always "bytes left to copy", so it should be +added to written bytes. + +This code may not be exercised any more if partial writes will not be +hit, but this is a small bugfix before a larger change. + +Reviewed-by: Benjamin Herrenschmidt +Signed-off-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/platforms/powernv/opal.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/platforms/powernv/opal.c b/arch/powerpc/platforms/powernv/opal.c +index 0d539c661748..371e33ecc547 100644 +--- a/arch/powerpc/platforms/powernv/opal.c ++++ b/arch/powerpc/platforms/powernv/opal.c +@@ -388,7 +388,7 @@ int opal_put_chars(uint32_t vtermno, const char *data, int total_len) + /* Closed or other error drop */ + if (rc != OPAL_SUCCESS && rc != OPAL_BUSY && + rc != OPAL_BUSY_EVENT) { +- written = total_len; ++ written += total_len; + break; + } + if (rc == OPAL_SUCCESS) { +-- +2.35.3 + diff --git a/patches.suse/powerpc-powernv-smp-Fix-spurious-DBG-warning.patch b/patches.suse/powerpc-powernv-smp-Fix-spurious-DBG-warning.patch new file mode 100644 index 0000000..4279c54 --- /dev/null +++ b/patches.suse/powerpc-powernv-smp-Fix-spurious-DBG-warning.patch @@ -0,0 +1,55 @@ +From f6bac19cf65c5be21d14a0c9684c8f560f2096dd Mon Sep 17 00:00:00 2001 +From: Oliver O'Halloran +Date: Tue, 4 Aug 2020 10:54:05 +1000 +Subject: [PATCH] powerpc/powernv/smp: Fix spurious DBG() warning +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +References: bsc#1065729 +Patch-mainline: v5.10-rc1 +Git-commit: f6bac19cf65c5be21d14a0c9684c8f560f2096dd + +When building with W=1 we get the following warning: + + arch/powerpc/platforms/powernv/smp.c: In function ‘pnv_smp_cpu_kill_self’: + arch/powerpc/platforms/powernv/smp.c:276:16: error: suggest braces around + empty body in an ‘if’ statement [-Werror=empty-body] + 276 | cpu, srr1); + | ^ + cc1: all warnings being treated as errors + +The full context is this block: + + if (srr1 && !generic_check_cpu_restart(cpu)) + DBG("CPU%d Unexpected exit while offline srr1=%lx!\n", + cpu, srr1); + +When building with DEBUG undefined DBG() expands to nothing and GCC emits +the warning due to the lack of braces around an empty statement. + +Signed-off-by: Oliver O'Halloran +Reviewed-by: Joel Stanley +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20200804005410.146094-2-oohall@gmail.com +Acked-by: Michal Suchanek +--- + arch/powerpc/platforms/powernv/smp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/platforms/powernv/smp.c b/arch/powerpc/platforms/powernv/smp.c +index b2ba3e95bda7..bbf361f23ae8 100644 +--- a/arch/powerpc/platforms/powernv/smp.c ++++ b/arch/powerpc/platforms/powernv/smp.c +@@ -43,7 +43,7 @@ + #include + #define DBG(fmt...) udbg_printf(fmt) + #else +-#define DBG(fmt...) ++#define DBG(fmt...) do { } while (0) + #endif + + static void pnv_smp_setup_cpu(int cpu) +-- +2.35.3 + diff --git a/patches.suse/powerpc-pseries-Fix-node-leak-in-update_lmb_associat.patch b/patches.suse/powerpc-pseries-Fix-node-leak-in-update_lmb_associat.patch new file mode 100644 index 0000000..784f0dc --- /dev/null +++ b/patches.suse/powerpc-pseries-Fix-node-leak-in-update_lmb_associat.patch @@ -0,0 +1,37 @@ +From 47918bc68b7427e961035949cc1501a864578a69 Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Tue, 27 Nov 2018 19:16:44 +1100 +Subject: [PATCH] powerpc/pseries: Fix node leak in + update_lmb_associativity_index() + +References: bsc#1065729 +Patch-mainline: v5.0-rc1 +Git-commit: 47918bc68b7427e961035949cc1501a864578a69 + +In update_lmb_associativity_index() we lookup dr_node using +of_find_node_by_path() which takes a reference for us. In the +non-error case we forget to drop the reference. Note that +find_aa_index() does modify properties of the node, but doesn't need +an extra reference held once it's returned. + +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/platforms/pseries/hotplug-memory.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/powerpc/platforms/pseries/hotplug-memory.c b/arch/powerpc/platforms/pseries/hotplug-memory.c +index be8a6db3558e..d291b618a559 100644 +--- a/arch/powerpc/platforms/pseries/hotplug-memory.c ++++ b/arch/powerpc/platforms/pseries/hotplug-memory.c +@@ -197,6 +197,7 @@ static int update_lmb_associativity_index(struct drmem_lmb *lmb) + + found = find_aa_index(dr_node, ala_prop, lmb_assoc, &aa_index); + ++ of_node_put(dr_node); + dlpar_free_cc_nodes(lmb_node); + + if (!found) { +-- +2.35.3 + diff --git a/patches.suse/powerpc-pseries-Mark-accumulate_stolen_time-as-notra.patch b/patches.suse/powerpc-pseries-Mark-accumulate_stolen_time-as-notra.patch new file mode 100644 index 0000000..91a8676 --- /dev/null +++ b/patches.suse/powerpc-pseries-Mark-accumulate_stolen_time-as-notra.patch @@ -0,0 +1,51 @@ +From eb8e20f89093b64f48975c74ccb114e6775cee22 Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Sun, 13 Oct 2019 21:23:51 +1100 +Subject: [PATCH] powerpc/pseries: Mark accumulate_stolen_time() as notrace + +References: bsc#1065729 +Patch-mainline: v5.5-rc1 +Git-commit: eb8e20f89093b64f48975c74ccb114e6775cee22 + +accumulate_stolen_time() is called prior to interrupt state being +reconciled, which can trip the warning in arch_local_irq_restore(): + + WARNING: CPU: 5 PID: 1017 at arch/powerpc/kernel/irq.c:258 .arch_local_irq_restore+0x9c/0x130 + ... + NIP .arch_local_irq_restore+0x9c/0x130 + LR .rb_start_commit+0x38/0x80 + Call Trace: + .ring_buffer_lock_reserve+0xe4/0x620 + .trace_function+0x44/0x210 + .function_trace_call+0x148/0x170 + .ftrace_ops_no_ops+0x180/0x1d0 + ftrace_call+0x4/0x8 + .accumulate_stolen_time+0x1c/0xb0 + decrementer_common+0x124/0x160 + +For now just mark it as notrace. We may change the ordering to call it +after interrupt state has been reconciled, but that is a larger +change. + +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20191024055932.27940-1-mpe@ellerman.id.au +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/time.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/kernel/time.c b/arch/powerpc/kernel/time.c +--- a/arch/powerpc/kernel/time.c ++++ b/arch/powerpc/kernel/time.c +@@ -232,7 +232,7 @@ static u64 scan_dispatch_log(u64 stop_tb) + * Accumulate stolen time by scanning the dispatch trace log. + * Called on entry from user mode. + */ +-void accumulate_stolen_time(void) ++void notrace accumulate_stolen_time(void) + { + u64 sst, ust; + u8 save_soft_enabled = local_paca->soft_enabled; +-- +2.35.3 + diff --git a/patches.suse/powerpc-pseries-Stop-calling-printk-in-rtas_stop_sel.patch b/patches.suse/powerpc-pseries-Stop-calling-printk-in-rtas_stop_sel.patch new file mode 100644 index 0000000..954b9b0 --- /dev/null +++ b/patches.suse/powerpc-pseries-Stop-calling-printk-in-rtas_stop_sel.patch @@ -0,0 +1,72 @@ +From ed8029d7b472369a010a1901358567ca3b6dbb0d Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Sun, 18 Apr 2021 23:54:13 +1000 +Subject: [PATCH] powerpc/pseries: Stop calling printk in rtas_stop_self() + +References: bsc#1065729 +Patch-mainline: v5.13-rc1 +Git-commit: ed8029d7b472369a010a1901358567ca3b6dbb0d + +RCU complains about us calling printk() from an offline CPU: + + ============================= + WARNING: suspicious RCU usage + 5.12.0-rc7-02874-g7cf90e481cb8 #1 Not tainted + ----------------------------- + kernel/locking/lockdep.c:3568 RCU-list traversed in non-reader section!! + + other info that might help us debug this: + + RCU used illegally from offline CPU! + rcu_scheduler_active = 2, debug_locks = 1 + no locks held by swapper/0/0. + + stack backtrace: + CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.12.0-rc7-02874-g7cf90e481cb8 #1 + Call Trace: + dump_stack+0xec/0x144 (unreliable) + lockdep_rcu_suspicious+0x124/0x144 + __lock_acquire+0x1098/0x28b0 + lock_acquire+0x128/0x600 + _raw_spin_lock_irqsave+0x6c/0xc0 + down_trylock+0x2c/0x70 + __down_trylock_console_sem+0x60/0x140 + vprintk_emit+0x1a8/0x4b0 + vprintk_func+0xcc/0x200 + printk+0x40/0x54 + pseries_cpu_offline_self+0xc0/0x120 + arch_cpu_idle_dead+0x54/0x70 + do_idle+0x174/0x4a0 + cpu_startup_entry+0x38/0x40 + rest_init+0x268/0x388 + start_kernel+0x748/0x790 + start_here_common+0x1c/0x614 + +Which happens because by the time we get to rtas_stop_self() we are +already offline. In addition the message can be spammy, and is not that +helpful for users, so remove it. + +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20210418135413.1204031-1-mpe@ellerman.id.au +Acked-by: Michal Suchanek +--- + arch/powerpc/platforms/pseries/hotplug-cpu.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/arch/powerpc/platforms/pseries/hotplug-cpu.c b/arch/powerpc/platforms/pseries/hotplug-cpu.c +index c230ab550aa9..7e970f81d8ff 100644 +--- a/arch/powerpc/platforms/pseries/hotplug-cpu.c ++++ b/arch/powerpc/platforms/pseries/hotplug-cpu.c +@@ -47,9 +47,6 @@ static void rtas_stop_self(void) + + BUG_ON(rtas_stop_self_token == RTAS_UNKNOWN_SERVICE); + +- printk("cpu %u (hwid %u) Ready to die...\n", +- smp_processor_id(), hard_smp_processor_id()); +- + rtas_call_unlocked(&args, rtas_stop_self_token, 0, 1, NULL); + + panic("Alas, I survived.\n"); +-- +2.35.3 + diff --git a/patches.suse/powerpc-pseries-add-of_node_put-in-dlpar_detach_node.patch b/patches.suse/powerpc-pseries-add-of_node_put-in-dlpar_detach_node.patch new file mode 100644 index 0000000..a9b3423 --- /dev/null +++ b/patches.suse/powerpc-pseries-add-of_node_put-in-dlpar_detach_node.patch @@ -0,0 +1,47 @@ +From 5b3f5c408d8cc59b87e47f1ab9803dbd006e4a91 Mon Sep 17 00:00:00 2001 +From: Frank Rowand +Date: Thu, 4 Oct 2018 20:27:16 -0700 +Subject: [PATCH] powerpc/pseries: add of_node_put() in dlpar_detach_node() + +References: bsc#1065729 +Patch-mainline: v5.0-rc1 +Git-commit: 5b3f5c408d8cc59b87e47f1ab9803dbd006e4a91 + +The previous commit, "of: overlay: add missing of_node_get() in +__of_attach_node_sysfs" added a missing of_node_get() to +__of_attach_node_sysfs(). This results in a refcount imbalance +for nodes attached with dlpar_attach_node(). The calling sequence +from dlpar_attach_node() to __of_attach_node_sysfs() is: + + dlpar_attach_node() + of_attach_node() + __of_attach_node_sysfs() + +For more detailed description of the node refcount, see +commit 68baf692c435 ("powerpc/pseries: Fix of_node_put() underflow +during DLPAR remove"). + +Tested-by: Alan Tull +Acked-by: Michael Ellerman +Signed-off-by: Frank Rowand +Acked-by: Michal Suchanek +--- + arch/powerpc/platforms/pseries/dlpar.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/arch/powerpc/platforms/pseries/dlpar.c b/arch/powerpc/platforms/pseries/dlpar.c +index 7625546caefd..17958043e7f7 100644 +--- a/arch/powerpc/platforms/pseries/dlpar.c ++++ b/arch/powerpc/platforms/pseries/dlpar.c +@@ -270,6 +270,8 @@ int dlpar_detach_node(struct device_node *dn) + if (rc) + return rc; + ++ of_node_put(dn); ++ + return 0; + } + +-- +2.35.3 + diff --git a/patches.suse/powerpc-pseries-cmm-Implement-release-function-for-s.patch b/patches.suse/powerpc-pseries-cmm-Implement-release-function-for-s.patch new file mode 100644 index 0000000..b8ed004 --- /dev/null +++ b/patches.suse/powerpc-pseries-cmm-Implement-release-function-for-s.patch @@ -0,0 +1,53 @@ +From 7d8212747435c534c8d564fbef4541a463c976ff Mon Sep 17 00:00:00 2001 +From: David Hildenbrand +Date: Thu, 31 Oct 2019 15:29:22 +0100 +Subject: [PATCH] powerpc/pseries/cmm: Implement release() function for sysfs + device + +References: bsc#1065729 +Patch-mainline: v5.5-rc1 +Git-commit: 7d8212747435c534c8d564fbef4541a463c976ff + +When unloading the module, one gets + ------------[ cut here ]------------ + Device 'cmm0' does not have a release() function, it is broken and must be fixed. See Documentation/kobject.txt. + WARNING: CPU: 0 PID: 19308 at drivers/base/core.c:1244 .device_release+0xcc/0xf0 + ... + +We only have one static fake device. There is nothing to do when +releasing the device (via cmm_exit()). + +Signed-off-by: David Hildenbrand +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20191031142933.10779-2-david@redhat.com +Acked-by: Michal Suchanek +--- + arch/powerpc/platforms/pseries/cmm.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/arch/powerpc/platforms/pseries/cmm.c b/arch/powerpc/platforms/pseries/cmm.c +index b33251d75927..572651a5c87b 100644 +--- a/arch/powerpc/platforms/pseries/cmm.c ++++ b/arch/powerpc/platforms/pseries/cmm.c +@@ -411,6 +411,10 @@ static struct bus_type cmm_subsys = { + .dev_name = "cmm", + }; + ++static void cmm_release_device(struct device *dev) ++{ ++} ++ + /** + * cmm_sysfs_register - Register with sysfs + * +@@ -426,6 +430,7 @@ static int cmm_sysfs_register(struct device *dev) + + dev->id = 0; + dev->bus = &cmm_subsys; ++ dev->release = cmm_release_device; + + if ((rc = device_register(dev))) + goto subsys_unregister; +-- +2.35.3 + diff --git a/patches.suse/powerpc-pseries-eeh-use-correct-API-for-error-log-si.patch b/patches.suse/powerpc-pseries-eeh-use-correct-API-for-error-log-si.patch new file mode 100644 index 0000000..c94e672 --- /dev/null +++ b/patches.suse/powerpc-pseries-eeh-use-correct-API-for-error-log-si.patch @@ -0,0 +1,48 @@ +From 9aafbfa5f57a4b75bafd3bed0191e8429c5fa618 Mon Sep 17 00:00:00 2001 +From: Nathan Lynch +Date: Fri, 18 Nov 2022 09:07:43 -0600 +Subject: [PATCH] powerpc/pseries/eeh: use correct API for error log size + +References: bsc#1065729 +Patch-mainline: v6.2-rc1 +Git-commit: 9aafbfa5f57a4b75bafd3bed0191e8429c5fa618 + +rtas-error-log-max is not the name of an RTAS function, so rtas_token() +is not the appropriate API for retrieving its value. We already have +rtas_get_error_log_max() which returns a sensible value if the property +is absent for any reason, so use that instead. + +Fixes: 8d633291b4fc ("powerpc/eeh: pseries platform EEH error log retrieval") +Signed-off-by: Nathan Lynch +[mpe: Drop no-longer possible error handling as noticed by ajd] +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20221118150751.469393-6-nathanl@linux.ibm.com +Acked-by: Michal Suchanek +--- + arch/powerpc/platforms/pseries/eeh_pseries.c | 11 +---------- + 1 file changed, 1 insertion(+), 10 deletions(-) + +diff --git a/arch/powerpc/platforms/pseries/eeh_pseries.c b/arch/powerpc/platforms/pseries/eeh_pseries.c +--- a/arch/powerpc/platforms/pseries/eeh_pseries.c ++++ b/arch/powerpc/platforms/pseries/eeh_pseries.c +@@ -848,16 +848,7 @@ static int __init eeh_pseries_init(void) + + /* Initialize error log lock and size */ + spin_lock_init(&slot_errbuf_lock); +- eeh_error_buf_size = rtas_token("rtas-error-log-max"); +- if (eeh_error_buf_size == RTAS_UNKNOWN_SERVICE) { +- pr_info("%s: unknown EEH error log size\n", +- __func__); +- eeh_error_buf_size = 1024; +- } else if (eeh_error_buf_size > RTAS_ERROR_LOG_MAX) { +- pr_info("%s: EEH error log size %d exceeds the maximal %d\n", +- __func__, eeh_error_buf_size, RTAS_ERROR_LOG_MAX); +- eeh_error_buf_size = RTAS_ERROR_LOG_MAX; +- } ++ eeh_error_buf_size = rtas_get_error_log_max(); + + /* Set EEH probe mode */ + eeh_add_flag(EEH_PROBE_MODE_DEVTREE | EEH_ENABLE_IO_FOR_LOG); +-- +2.35.3 + diff --git a/patches.suse/powerpc-pseries-hvconsole-Fix-stack-overread-via-udb.patch b/patches.suse/powerpc-pseries-hvconsole-Fix-stack-overread-via-udb.patch new file mode 100644 index 0000000..9184c1b --- /dev/null +++ b/patches.suse/powerpc-pseries-hvconsole-Fix-stack-overread-via-udb.patch @@ -0,0 +1,116 @@ +From 934bda59f286d0221f1a3ebab7f5156a996cc37d Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 3 Jun 2019 16:56:57 +1000 +Subject: [PATCH] powerpc/pseries/hvconsole: Fix stack overread via udbg + +References: bsc#1065729 +Patch-mainline: v5.3-rc1 +Git-commit: 934bda59f286d0221f1a3ebab7f5156a996cc37d + +While developing KASAN for 64-bit book3s, I hit the following stack +over-read. + +It occurs because the hypercall to put characters onto the terminal +takes 2 longs (128 bits/16 bytes) of characters at a time, and so +hvc_put_chars() would unconditionally copy 16 bytes from the argument +buffer, regardless of supplied length. However, udbg_hvc_putc() can +call hvc_put_chars() with a single-byte buffer, leading to the error. + + ================================================================== + BUG: KASAN: stack-out-of-bounds in hvc_put_chars+0xdc/0x110 + Read of size 8 at addr c0000000023e7a90 by task swapper/0 + + CPU: 0 PID: 0 Comm: swapper Not tainted 5.2.0-rc2-next-20190528-02824-g048a6ab4835b #113 + Call Trace: + dump_stack+0x104/0x154 (unreliable) + print_address_description+0xa0/0x30c + __kasan_report+0x20c/0x224 + kasan_report+0x18/0x30 + __asan_report_load8_noabort+0x24/0x40 + hvc_put_chars+0xdc/0x110 + hvterm_raw_put_chars+0x9c/0x110 + udbg_hvc_putc+0x154/0x200 + udbg_write+0xf0/0x240 + console_unlock+0x868/0xd30 + register_console+0x970/0xe90 + register_early_udbg_console+0xf8/0x114 + setup_arch+0x108/0x790 + start_kernel+0x104/0x784 + start_here_common+0x1c/0x534 + + Memory state around the buggy address: + c0000000023e7980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + c0000000023e7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 + >c0000000023e7a80: f1 f1 01 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 + ^ + c0000000023e7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + c0000000023e7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + ================================================================== + +Document that a 16-byte buffer is requred, and provide it in udbg. + +Signed-off-by: Daniel Axtens +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/platforms/pseries/hvconsole.c | 2 +- + drivers/tty/hvc/hvc_vio.c | 16 +++++++++++++++- + 2 files changed, 16 insertions(+), 2 deletions(-) + +diff --git a/arch/powerpc/platforms/pseries/hvconsole.c b/arch/powerpc/platforms/pseries/hvconsole.c +index 74da18de853a..73ec15cd2708 100644 +--- a/arch/powerpc/platforms/pseries/hvconsole.c ++++ b/arch/powerpc/platforms/pseries/hvconsole.c +@@ -62,7 +62,7 @@ EXPORT_SYMBOL(hvc_get_chars); + * @vtermno: The vtermno or unit_address of the adapter from which the data + * originated. + * @buf: The character buffer that contains the character data to send to +- * firmware. ++ * firmware. Must be at least 16 bytes, even if count is less than 16. + * @count: Send this number of characters. + */ + int hvc_put_chars(uint32_t vtermno, const char *buf, int count) +diff --git a/drivers/tty/hvc/hvc_vio.c b/drivers/tty/hvc/hvc_vio.c +index 6de6d4a1a221..7af54d6ed5b8 100644 +--- a/drivers/tty/hvc/hvc_vio.c ++++ b/drivers/tty/hvc/hvc_vio.c +@@ -107,6 +107,14 @@ static int hvterm_raw_get_chars(uint32_t vtermno, char *buf, int count) + return got; + } + ++/** ++ * hvterm_raw_put_chars: send characters to firmware for given vterm adapter ++ * @vtermno: The virtual terminal number. ++ * @buf: The characters to send. Because of the underlying hypercall in ++ * hvc_put_chars(), this buffer must be at least 16 bytes long, even if ++ * you are sending fewer chars. ++ * @count: number of chars to send. ++ */ + static int hvterm_raw_put_chars(uint32_t vtermno, const char *buf, int count) + { + struct hvterm_priv *pv = hvterm_privs[vtermno]; +@@ -219,6 +227,7 @@ static const struct hv_ops hvterm_hvsi_ops = { + static void udbg_hvc_putc(char c) + { + int count = -1; ++ unsigned char bounce_buffer[16]; + + if (!hvterm_privs[0]) + return; +@@ -229,7 +238,12 @@ static void udbg_hvc_putc(char c) + do { + switch(hvterm_privs[0]->proto) { + case HV_PROTOCOL_RAW: +- count = hvterm_raw_put_chars(0, &c, 1); ++ /* ++ * hvterm_raw_put_chars requires at least a 16-byte ++ * buffer, so go via the bounce buffer ++ */ ++ bounce_buffer[0] = c; ++ count = hvterm_raw_put_chars(0, bounce_buffer, 1); + break; + case HV_PROTOCOL_HVSI: + count = hvterm_hvsi_put_chars(0, &c, 1); +-- +2.35.3 + diff --git a/patches.suse/powerpc-pseries-unregister-VPA-when-hot-unplugging-a.patch b/patches.suse/powerpc-pseries-unregister-VPA-when-hot-unplugging-a.patch new file mode 100644 index 0000000..6994621 --- /dev/null +++ b/patches.suse/powerpc-pseries-unregister-VPA-when-hot-unplugging-a.patch @@ -0,0 +1,51 @@ +From f6aa37c51ec0d053ee34c235bfe0e666618a3baf Mon Sep 17 00:00:00 2001 +From: Laurent Dufour +Date: Mon, 14 Nov 2022 17:01:50 +0100 +Subject: [PATCH] powerpc/pseries: unregister VPA when hot unplugging a CPU + +References: bsc#1205695 ltc#200603 +Patch-mainline: v6.2-rc1 +Git-commit: f6aa37c51ec0d053ee34c235bfe0e666618a3baf + +The VPA should unregister when offlining a CPU. Otherwise there could be +a short window where 2 CPUs could share the same VPA. + +This happens because the hypervisor is still keeping the VPA attached to +the vCPU even if it became offline. + +Here is a potential situation: + 1. remove proc A, + 2. add proc B. If proc B gets proc A's place in cpu_present_mask, then + it registers proc A's VPAs. + 3. If proc B is then re-added to the LP, its threads are sharing VPAs + with proc A briefly as they come online. + +As the hypervisor may check for the VPA's yield_count field oddity, it +may detect an unexpected value and kill the LPAR. + +Suggested-by: Nathan Lynch +Signed-off-by: Laurent Dufour +Reviewed-by: Nathan Lynch +[mpe: s/cpu_present_map/cpu_present_mask/ in change log] +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20221114160150.13554-1-ldufour@linux.ibm.com +Acked-by: Michal Suchanek +--- + arch/powerpc/platforms/pseries/hotplug-cpu.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/powerpc/platforms/pseries/hotplug-cpu.c b/arch/powerpc/platforms/pseries/hotplug-cpu.c +index e0a7ac5db15d9..090ae5a1e0f5e 100644 +--- a/arch/powerpc/platforms/pseries/hotplug-cpu.c ++++ b/arch/powerpc/platforms/pseries/hotplug-cpu.c +@@ -70,6 +70,7 @@ static void pseries_cpu_offline_self(void) + xics_teardown_cpu(); + + unregister_slb_shadow(hwcpu); ++ unregister_vpa(hwcpu); + rtas_stop_self(); + + /* Should never get here... */ +-- +2.35.3 + diff --git a/patches.suse/powerpc-rtas-avoid-device-tree-lookups-in-rtas_os_te.patch b/patches.suse/powerpc-rtas-avoid-device-tree-lookups-in-rtas_os_te.patch new file mode 100644 index 0000000..31cec64 --- /dev/null +++ b/patches.suse/powerpc-rtas-avoid-device-tree-lookups-in-rtas_os_te.patch @@ -0,0 +1,77 @@ +From ed2213bfb192ab51f09f12e9b49b5d482c6493f3 Mon Sep 17 00:00:00 2001 +From: Nathan Lynch +Date: Fri, 18 Nov 2022 09:07:41 -0600 +Subject: [PATCH] powerpc/rtas: avoid device tree lookups in rtas_os_term() + +References: bsc#1065729 +Patch-mainline: v6.2-rc1 +Git-commit: ed2213bfb192ab51f09f12e9b49b5d482c6493f3 + +rtas_os_term() is called during panic. Its behavior depends on a couple +of conditions in the /rtas node of the device tree, the traversal of +which entails locking and local IRQ state changes. If the kernel panics +while devtree_lock is held, rtas_os_term() as currently written could +hang. + +Instead of discovering the relevant characteristics at panic time, +cache them in file-static variables at boot. Note the lookup for +"ibm,extended-os-term" is converted to of_property_read_bool() since it +is a boolean property, not an RTAS function token. + +Signed-off-by: Nathan Lynch +Reviewed-by: Nicholas Piggin +Reviewed-by: Andrew Donnellan +[mpe: Incorporate suggested change from Nick] +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20221118150751.469393-4-nathanl@linux.ibm.com +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/rtas.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c +index c12dd5ed5e00..db43cbdcc74c 100644 +--- a/arch/powerpc/kernel/rtas.c ++++ b/arch/powerpc/kernel/rtas.c +@@ -947,6 +947,7 @@ void __noreturn rtas_halt(void) + + /* Must be in the RMO region, so we place it here */ + static char rtas_os_term_buf[2048]; ++static s32 ibm_os_term_token = RTAS_UNKNOWN_SERVICE; + + void rtas_os_term(char *str) + { +@@ -958,14 +959,13 @@ void rtas_os_term(char *str) + * this property may terminate the partition which we want to avoid + * since it interferes with panic_timeout. + */ +- if (RTAS_UNKNOWN_SERVICE == rtas_token("ibm,os-term") || +- RTAS_UNKNOWN_SERVICE == rtas_token("ibm,extended-os-term")) ++ if (ibm_os_term_token == RTAS_UNKNOWN_SERVICE) + return; + + snprintf(rtas_os_term_buf, 2048, "OS panic: %s", str); + + do { +- status = rtas_call(rtas_token("ibm,os-term"), 1, 1, NULL, ++ status = rtas_call(ibm_os_term_token, 1, 1, NULL, + __pa(rtas_os_term_buf)); + } while (rtas_busy_delay(status)); + +@@ -1335,6 +1335,13 @@ void __init rtas_initialize(void) + no_entry = of_property_read_u32(rtas.dev, "linux,rtas-entry", &entry); + rtas.entry = no_entry ? rtas.base : entry; + ++ /* ++ * Discover these now to avoid device tree lookups in the ++ * panic path. ++ */ ++ if (of_property_read_bool(rtas.dev, "ibm,extended-os-term")) ++ ibm_os_term_token = rtas_token("ibm,os-term"); ++ + /* If RTAS was found, allocate the RMO buffer for it and look for + * the stop-self token if any + */ +-- +2.35.3 + diff --git a/patches.suse/powerpc-rtas-avoid-scheduling-in-rtas_os_term.patch b/patches.suse/powerpc-rtas-avoid-scheduling-in-rtas_os_term.patch new file mode 100644 index 0000000..930e320 --- /dev/null +++ b/patches.suse/powerpc-rtas-avoid-scheduling-in-rtas_os_term.patch @@ -0,0 +1,67 @@ +From 6c606e57eecc37d6b36d732b1ff7e55b7dc32dd4 Mon Sep 17 00:00:00 2001 +From: Nathan Lynch +Date: Fri, 18 Nov 2022 09:07:42 -0600 +Subject: [PATCH] powerpc/rtas: avoid scheduling in rtas_os_term() + +References: bsc#1065729 +Patch-mainline: v6.2-rc1 +Git-commit: 6c606e57eecc37d6b36d732b1ff7e55b7dc32dd4 + +It's unsafe to use rtas_busy_delay() to handle a busy status from +the ibm,os-term RTAS function in rtas_os_term(): + +Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b +BUG: sleeping function called from invalid context at arch/powerpc/kernel/rtas.c:618 +in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1, name: swapper/0 +preempt_count: 2, expected: 0 +CPU: 7 PID: 1 Comm: swapper/0 Tainted: G D 6.0.0-rc5-02182-gf8553a572277-dirty #9 +Call Trace: +[c000000007b8f000] [c000000001337110] dump_stack_lvl+0xb4/0x110 (unreliable) +[c000000007b8f040] [c0000000002440e4] __might_resched+0x394/0x3c0 +[c000000007b8f0e0] [c00000000004f680] rtas_busy_delay+0x120/0x1b0 +[c000000007b8f100] [c000000000052d04] rtas_os_term+0xb8/0xf4 +[c000000007b8f180] [c0000000001150fc] pseries_panic+0x50/0x68 +[c000000007b8f1f0] [c000000000036354] ppc_panic_platform_handler+0x34/0x50 +[c000000007b8f210] [c0000000002303c4] notifier_call_chain+0xd4/0x1c0 +[c000000007b8f2b0] [c0000000002306cc] atomic_notifier_call_chain+0xac/0x1c0 +[c000000007b8f2f0] [c0000000001d62b8] panic+0x228/0x4d0 +[c000000007b8f390] [c0000000001e573c] do_exit+0x140c/0x1420 +[c000000007b8f480] [c0000000001e586c] make_task_dead+0xdc/0x200 + +Use rtas_busy_delay_time() instead, which signals without side effects +whether to attempt the ibm,os-term RTAS call again. + +Signed-off-by: Nathan Lynch +Reviewed-by: Nicholas Piggin +Reviewed-by: Andrew Donnellan +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20221118150751.469393-5-nathanl@linux.ibm.com +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/rtas.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c +index db43cbdcc74c..f21b39fcaf99 100644 +--- a/arch/powerpc/kernel/rtas.c ++++ b/arch/powerpc/kernel/rtas.c +@@ -964,10 +964,15 @@ void rtas_os_term(char *str) + + snprintf(rtas_os_term_buf, 2048, "OS panic: %s", str); + ++ /* ++ * Keep calling as long as RTAS returns a "try again" status, ++ * but don't use rtas_busy_delay(), which potentially ++ * schedules. ++ */ + do { + status = rtas_call(ibm_os_term_token, 1, 1, NULL, + __pa(rtas_os_term_buf)); +- } while (rtas_busy_delay(status)); ++ } while (rtas_busy_delay_time(status)); + + if (status != 0) + printk(KERN_EMERG "ibm,os-term call failed %d\n", status); +-- +2.35.3 + diff --git a/patches.suse/powerpc-smp-Set-numa-node-before-updating-mask.patch b/patches.suse/powerpc-smp-Set-numa-node-before-updating-mask.patch new file mode 100644 index 0000000..7439095 --- /dev/null +++ b/patches.suse/powerpc-smp-Set-numa-node-before-updating-mask.patch @@ -0,0 +1,89 @@ +From 6980d13f0dd189846887bbbfa43793d9a41768d3 Mon Sep 17 00:00:00 2001 +From: Srikar Dronamraju +Date: Thu, 1 Apr 2021 21:12:00 +0530 +Subject: [PATCH] powerpc/smp: Set numa node before updating mask + +References: bsc#1065729 +Patch-mainline: v5.13-rc1 +Git-commit: 6980d13f0dd189846887bbbfa43793d9a41768d3 + +Geethika reported a trace when doing a dlpar CPU add. + +------------[ cut here ]------------ +WARNING: CPU: 152 PID: 1134 at kernel/sched/topology.c:2057 +CPU: 152 PID: 1134 Comm: kworker/152:1 Not tainted 5.12.0-rc5-master #5 +Workqueue: events cpuset_hotplug_workfn +NIP: c0000000001cfc14 LR: c0000000001cfc10 CTR: c0000000007e3420 +REGS: c0000034a08eb260 TRAP: 0700 Not tainted (5.12.0-rc5-master+) +MSR: 8000000000029033 CR: 28828422 XER: 00000020 +CFAR: c0000000001fd888 IRQMASK: 0 #012GPR00: c0000000001cfc10 +c0000034a08eb500 c000000001f35400 0000000000000027 #012GPR04: +c0000035abaa8010 c0000035abb30a00 0000000000000027 c0000035abaa8018 +#012GPR08: 0000000000000023 c0000035abaaef48 00000035aa540000 +c0000035a49dffe8 #012GPR12: 0000000028828424 c0000035bf1a1c80 +0000000000000497 0000000000000004 #012GPR16: c00000000347a258 +0000000000000140 c00000000203d468 c000000001a1a490 #012GPR20: +c000000001f9c160 c0000034adf70920 c0000034aec9fd20 0000000100087bd3 +#012GPR24: 0000000100087bd3 c0000035b3de09f8 0000000000000030 +c0000035b3de09f8 #012GPR28: 0000000000000028 c00000000347a280 +c0000034aefe0b00 c0000000010a2a68 +NIP [c0000000001cfc14] build_sched_domains+0x6a4/0x1500 +LR [c0000000001cfc10] build_sched_domains+0x6a0/0x1500 +Call Trace: +[c0000034a08eb500] [c0000000001cfc10] build_sched_domains+0x6a0/0x1500 (unreliable) +[c0000034a08eb640] [c0000000001d1e6c] partition_sched_domains_locked+0x3ec/0x530 +[c0000034a08eb6e0] [c0000000002936d4] rebuild_sched_domains_locked+0x524/0xbf0 +[c0000034a08eb7e0] [c000000000296bb0] rebuild_sched_domains+0x40/0x70 +[c0000034a08eb810] [c000000000296e74] cpuset_hotplug_workfn+0x294/0xe20 +[c0000034a08ebc30] [c000000000178dd0] process_one_work+0x300/0x670 +[c0000034a08ebd10] [c0000000001791b8] worker_thread+0x78/0x520 +[c0000034a08ebda0] [c000000000185090] kthread+0x1a0/0x1b0 +[c0000034a08ebe10] [c00000000000ccec] ret_from_kernel_thread+0x5c/0x70 +Instruction dump: +7d2903a6 4e800421 e8410018 7f67db78 7fe6fb78 7f45d378 7f84e378 7c681b78 +3c62ff1a 3863c6f8 4802dc35 60000000 <0fe00000> 3920fff4 f9210070 e86100a0 +---[ end trace 532d9066d3d4d7ec ]--- + +Some of the per-CPU masks use cpu_cpu_mask as a filter to limit the search +for related CPUs. On a dlpar add of a CPU, update cpu_cpu_mask before +updating the per-CPU masks. This will ensure the cpu_cpu_mask is updated +correctly before its used in setting the masks. Setting the numa_node will +ensure that when cpu_cpu_mask() gets called, the correct node number is +used. This code movement helped fix the above call trace. + +Reported-by: Geetika Moolchandani +Signed-off-by: Srikar Dronamraju +Reviewed-by: Nathan Lynch +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20210401154200.150077-1-srikar@linux.vnet.ibm.com +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/smp.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c +--- a/arch/powerpc/kernel/smp.c ++++ b/arch/powerpc/kernel/smp.c +@@ -1563,6 +1563,9 @@ void start_secondary(void *unused) + + vdso_getcpu_init(); + #endif ++ set_numa_node(numa_cpu_lookup_table[cpu]); ++ set_numa_mem(local_memory_node(numa_cpu_lookup_table[cpu])); ++ + /* Update topology CPU masks */ + add_cpu_to_masks(cpu); + +@@ -1581,9 +1584,6 @@ void start_secondary(void *unused) + if (!cpumask_equal(cpu_l2_cache_mask(cpu), sibling_mask(cpu))) + shared_caches = true; + +- set_numa_node(numa_cpu_lookup_table[cpu]); +- set_numa_mem(local_memory_node(numa_cpu_lookup_table[cpu])); +- + smp_wmb(); + notify_cpu_starting(cpu); + set_cpu_online(cpu, true); +-- +2.35.3 + diff --git a/patches.suse/powerpc-sriov-Remove-VF-eeh_dev-state-when-disabling.patch b/patches.suse/powerpc-sriov-Remove-VF-eeh_dev-state-when-disabling.patch new file mode 100644 index 0000000..381440a --- /dev/null +++ b/patches.suse/powerpc-sriov-Remove-VF-eeh_dev-state-when-disabling.patch @@ -0,0 +1,57 @@ +From 1fb4124ca9d456656a324f1ee29b7bf942f59ac8 Mon Sep 17 00:00:00 2001 +From: Oliver O'Halloran +Date: Wed, 21 Aug 2019 16:26:53 +1000 +Subject: [PATCH] powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV + +References: bsc#1065729 +Patch-mainline: v5.6-rc1 +Git-commit: 1fb4124ca9d456656a324f1ee29b7bf942f59ac8 + +When disabling virtual functions on an SR-IOV adapter we currently do not +correctly remove the EEH state for the now-dead virtual functions. When +removing the pci_dn that was created for the VF when SR-IOV was enabled +we free the corresponding eeh_dev without removing it from the child device +list of the eeh_pe that contained it. This can result in crashes due to the +use-after-free. + +Signed-off-by: Oliver O'Halloran +Reviewed-by: Sam Bobroff +Tested-by: Sam Bobroff +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20190821062655.19735-1-oohall@gmail.com +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/pci_dn.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/arch/powerpc/kernel/pci_dn.c b/arch/powerpc/kernel/pci_dn.c +index 9524009ca1ae..d876eda92609 100644 +--- a/arch/powerpc/kernel/pci_dn.c ++++ b/arch/powerpc/kernel/pci_dn.c +@@ -244,9 +244,22 @@ void remove_dev_pci_data(struct pci_dev *pdev) + continue; + + #ifdef CONFIG_EEH +- /* Release EEH device for the VF */ ++ /* ++ * Release EEH state for this VF. The PCI core ++ * has already torn down the pci_dev for this VF, but ++ * we're responsible to removing the eeh_dev since it ++ * has the same lifetime as the pci_dn that spawned it. ++ */ + edev = pdn_to_eeh_dev(pdn); + if (edev) { ++ /* ++ * We allocate pci_dn's for the totalvfs count, ++ * but only only the vfs that were activated ++ * have a configured PE. ++ */ ++ if (edev->pe) ++ eeh_rmv_from_parent_pe(edev); ++ + pdn->edev = NULL; + kfree(edev); + } +-- +2.35.3 + diff --git a/patches.suse/powerpc-sysdev-add-missing-iounmap-on-error-in-mpic_.patch b/patches.suse/powerpc-sysdev-add-missing-iounmap-on-error-in-mpic_.patch new file mode 100644 index 0000000..1e76af0 --- /dev/null +++ b/patches.suse/powerpc-sysdev-add-missing-iounmap-on-error-in-mpic_.patch @@ -0,0 +1,40 @@ +From ffa1797040c5da391859a9556be7b735acbe1242 Mon Sep 17 00:00:00 2001 +From: Qinglang Miao +Date: Wed, 28 Oct 2020 17:15:51 +0800 +Subject: [PATCH] powerpc: sysdev: add missing iounmap() on error in + mpic_msgr_probe() + +References: bsc#1065729 +Patch-mainline: v5.11-rc1 +Git-commit: ffa1797040c5da391859a9556be7b735acbe1242 + +I noticed that iounmap() of msgr_block_addr before return from +mpic_msgr_probe() in the error handling case is missing. So use +devm_ioremap() instead of just ioremap() when remapping the message +register block, so the mapping will be automatically released on +probe failure. + +Signed-off-by: Qinglang Miao +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20201028091551.136400-1-miaoqinglang@huawei.com +Acked-by: Michal Suchanek +--- + arch/powerpc/sysdev/mpic_msgr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/sysdev/mpic_msgr.c b/arch/powerpc/sysdev/mpic_msgr.c +index f6b253e2be40..36ec0bdd8b63 100644 +--- a/arch/powerpc/sysdev/mpic_msgr.c ++++ b/arch/powerpc/sysdev/mpic_msgr.c +@@ -191,7 +191,7 @@ static int mpic_msgr_probe(struct platform_device *dev) + + /* IO map the message register block. */ + of_address_to_resource(np, 0, &rsrc); +- msgr_block_addr = ioremap(rsrc.start, resource_size(&rsrc)); ++ msgr_block_addr = devm_ioremap(&dev->dev, rsrc.start, resource_size(&rsrc)); + if (!msgr_block_addr) { + dev_err(&dev->dev, "Failed to iomap MPIC message registers"); + return -EFAULT; +-- +2.35.3 + diff --git a/patches.suse/powerpc-time-Fix-clockevent_decrementer-initalisatio.patch b/patches.suse/powerpc-time-Fix-clockevent_decrementer-initalisatio.patch new file mode 100644 index 0000000..afe6060 --- /dev/null +++ b/patches.suse/powerpc-time-Fix-clockevent_decrementer-initalisatio.patch @@ -0,0 +1,50 @@ +From b4d16ab58c41ff0125822464bdff074cebd0fe47 Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Wed, 17 Oct 2018 23:39:41 +1100 +Subject: [PATCH] powerpc/time: Fix clockevent_decrementer initalisation for PR + KVM + +References: bsc#1065729 +Patch-mainline: v4.20-rc1 +Git-commit: b4d16ab58c41ff0125822464bdff074cebd0fe47 + +In the recent commit 8b78fdb045de ("powerpc/time: Use +clockevents_register_device(), fixing an issue with large +decrementer") we changed the way we initialise the decrementer +clockevent(s). + +We no longer initialise the mult & shift values of +decrementer_clockevent itself. + +This has the effect of breaking PR KVM, because it uses those values +in kvmppc_emulate_dec(). The symptom is guest kernels spin forever +mid-way through boot. + +For now fix it by assigning back to decrementer_clockevent the mult +and shift values. + +Fixes: 8b78fdb045de ("powerpc/time: Use clockevents_register_device(), fixing an issue with large decrementer") +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/time.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/arch/powerpc/kernel/time.c b/arch/powerpc/kernel/time.c +index 40868f3ee113..68e8f963d108 100644 +--- a/arch/powerpc/kernel/time.c ++++ b/arch/powerpc/kernel/time.c +@@ -989,6 +989,10 @@ static void register_decrementer_clockevent(int cpu) + + printk_once(KERN_DEBUG "clockevent: %s mult[%x] shift[%d] cpu[%d]\n", + dec->name, dec->mult, dec->shift, cpu); ++ ++ /* Set values for KVM, see kvm_emulate_dec() */ ++ decrementer_clockevent.mult = dec->mult; ++ decrementer_clockevent.shift = dec->shift; + } + + static void enable_large_decrementer(void) +-- +2.35.3 + diff --git a/patches.suse/powerpc-time-Use-clockevents_register_device-fixing-.patch b/patches.suse/powerpc-time-Use-clockevents_register_device-fixing-.patch new file mode 100644 index 0000000..c4f2629 --- /dev/null +++ b/patches.suse/powerpc-time-Use-clockevents_register_device-fixing-.patch @@ -0,0 +1,62 @@ +From 8b78fdb045de60a4eb35460092bbd3cffa925353 Mon Sep 17 00:00:00 2001 +From: Anton Blanchard +Date: Tue, 2 Oct 2018 09:01:04 +1000 +Subject: [PATCH] powerpc/time: Use clockevents_register_device(), fixing an + issue with large decrementer + +References: bsc#1065729 +Patch-mainline: v4.20-rc1 +Git-commit: 8b78fdb045de60a4eb35460092bbd3cffa925353 + +We currently cap the decrementer clockevent at 4 seconds, even on systems +with large decrementer support. Fix this by converting the code to use +clockevents_register_device() which calculates the upper bound based on +the max_delta passed in. + +Signed-off-by: Anton Blanchard +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/time.c | 17 +++-------------- + 1 file changed, 3 insertions(+), 14 deletions(-) + +diff --git a/arch/powerpc/kernel/time.c b/arch/powerpc/kernel/time.c +index 70f145e02487..6a1f0a084ca3 100644 +--- a/arch/powerpc/kernel/time.c ++++ b/arch/powerpc/kernel/time.c +@@ -984,10 +984,10 @@ static void register_decrementer_clockevent(int cpu) + *dec = decrementer_clockevent; + dec->cpumask = cpumask_of(cpu); + ++ clockevents_config_and_register(dec, ppc_tb_freq, 2, decrementer_max); ++ + printk_once(KERN_DEBUG "clockevent: %s mult[%x] shift[%d] cpu[%d]\n", + dec->name, dec->mult, dec->shift, cpu); +- +- clockevents_register_device(dec); + } + + static void enable_large_decrementer(void) +@@ -1035,18 +1035,7 @@ static void __init set_decrementer_max(void) + + static void __init init_decrementer_clockevent(void) + { +- int cpu = smp_processor_id(); +- +- clockevents_calc_mult_shift(&decrementer_clockevent, ppc_tb_freq, 4); +- +- decrementer_clockevent.max_delta_ns = +- clockevent_delta2ns(decrementer_max, &decrementer_clockevent); +- decrementer_clockevent.max_delta_ticks = decrementer_max; +- decrementer_clockevent.min_delta_ns = +- clockevent_delta2ns(2, &decrementer_clockevent); +- decrementer_clockevent.min_delta_ticks = 2; +- +- register_decrementer_clockevent(cpu); ++ register_decrementer_clockevent(smp_processor_id()); + } + + void secondary_cpu_time_init(void) +-- +2.35.3 + diff --git a/patches.suse/powerpc-traps-Fix-the-message-printed-when-stack-ove.patch b/patches.suse/powerpc-traps-Fix-the-message-printed-when-stack-ove.patch new file mode 100644 index 0000000..24084f7 --- /dev/null +++ b/patches.suse/powerpc-traps-Fix-the-message-printed-when-stack-ove.patch @@ -0,0 +1,45 @@ +From 9bf3d3c4e4fd82c7174f4856df372ab2a71005b9 Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Tue, 29 Jan 2019 16:37:55 +0000 +Subject: [PATCH] powerpc/traps: Fix the message printed when stack overflows + +References: bsc#1065729 +Patch-mainline: v5.1-rc1 +Git-commit: 9bf3d3c4e4fd82c7174f4856df372ab2a71005b9 + +Today's message is useless: + + [ 42.253267] Kernel stack overflow in process (ptrval), r1=c65500b0 + +This patch fixes it: + + [ 66.905235] Kernel stack overflow in process sh[356], r1=c65560b0 + +Fixes: ad67b74d2469 ("printk: hash addresses printed with %p") +Cc: stable@vger.kernel.org # v4.15+ +Signed-off-by: Christophe Leroy +[mpe: Use task_pid_nr()] +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/traps.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c +index 5e917a84f949..040b60293613 100644 +--- a/arch/powerpc/kernel/traps.c ++++ b/arch/powerpc/kernel/traps.c +@@ -1535,8 +1535,8 @@ void alignment_exception(struct pt_regs *regs) + + void StackOverflow(struct pt_regs *regs) + { +- printk(KERN_CRIT "Kernel stack overflow in process %p, r1=%lx\n", +- current, regs->gpr[1]); ++ pr_crit("Kernel stack overflow in process %s[%d], r1=%lx\n", ++ current->comm, task_pid_nr(current), regs->gpr[1]); + debugger(regs); + show_regs(regs); + panic("kernel stack overflow"); +-- +2.35.3 + diff --git a/patches.suse/powerpc-xive-Add-a-check-for-memory-allocation-failu.patch b/patches.suse/powerpc-xive-Add-a-check-for-memory-allocation-failu.patch new file mode 100644 index 0000000..422c2e4 --- /dev/null +++ b/patches.suse/powerpc-xive-Add-a-check-for-memory-allocation-failu.patch @@ -0,0 +1,39 @@ +From fd3806562f450a6189c31e0d2cb9cd4b208dcf2d Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Thu, 1 Aug 2019 10:32:42 +0200 +Subject: [PATCH] powerpc/xive: Add a check for memory allocation failure + +References: fate#322438 git-fixes +Patch-mainline: v5.4-rc1 +Git-commit: fd3806562f450a6189c31e0d2cb9cd4b208dcf2d + +The result of this kzalloc is not checked. Add a check and corresponding +error handling code. + +Signed-off-by: Christophe JAILLET +Reviewed-by: Greg Kurz +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/cc53462734dfeaf15b6bad0e626b483de18656b4.1564647619.git.christophe.jaillet@wanadoo.fr +Acked-by: Michal Suchanek +--- + arch/powerpc/sysdev/xive/spapr.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/arch/powerpc/sysdev/xive/spapr.c b/arch/powerpc/sysdev/xive/spapr.c +index b4f5eb9e0f82..52198131c75e 100644 +--- a/arch/powerpc/sysdev/xive/spapr.c ++++ b/arch/powerpc/sysdev/xive/spapr.c +@@ -53,6 +53,10 @@ static int xive_irq_bitmap_add(int base, int count) + xibm->base = base; + xibm->count = count; + xibm->bitmap = kzalloc(xibm->count, GFP_KERNEL); ++ if (!xibm->bitmap) { ++ kfree(xibm); ++ return -ENOMEM; ++ } + list_add(&xibm->list, &xive_irq_bitmaps); + + pr_info("Using IRQ range [%x-%x]", xibm->base, +-- +2.35.3 + diff --git a/patches.suse/powerpc-xive-Move-a-dereference-below-a-NULL-test.patch b/patches.suse/powerpc-xive-Move-a-dereference-below-a-NULL-test.patch new file mode 100644 index 0000000..096208b --- /dev/null +++ b/patches.suse/powerpc-xive-Move-a-dereference-below-a-NULL-test.patch @@ -0,0 +1,42 @@ +From cd5ff94577e004e0a4457e70d0ef3a030f4010b8 Mon Sep 17 00:00:00 2001 +From: zhong jiang +Date: Wed, 26 Sep 2018 20:09:32 +0800 +Subject: [PATCH] powerpc/xive: Move a dereference below a NULL test + +References: bsc#1065729 +Patch-mainline: v4.20-rc1 +Git-commit: cd5ff94577e004e0a4457e70d0ef3a030f4010b8 + +Move the dereference of xc below the NULL test. + +Signed-off-by: zhong jiang +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/sysdev/xive/common.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/arch/powerpc/sysdev/xive/common.c b/arch/powerpc/sysdev/xive/common.c +index 959a2a62f233..9824074ec1b5 100644 +--- a/arch/powerpc/sysdev/xive/common.c ++++ b/arch/powerpc/sysdev/xive/common.c +@@ -1010,12 +1010,13 @@ static void xive_ipi_eoi(struct irq_data *d) + { + struct xive_cpu *xc = __this_cpu_read(xive_cpu); + +- DBG_VERBOSE("IPI eoi: irq=%d [0x%lx] (HW IRQ 0x%x) pending=%02x\n", +- d->irq, irqd_to_hwirq(d), xc->hw_ipi, xc->pending_prio); +- + /* Handle possible race with unplug and drop stale IPIs */ + if (!xc) + return; ++ ++ DBG_VERBOSE("IPI eoi: irq=%d [0x%lx] (HW IRQ 0x%x) pending=%02x\n", ++ d->irq, irqd_to_hwirq(d), xc->hw_ipi, xc->pending_prio); ++ + xive_do_source_eoi(xc->hw_ipi, &xc->ipi_data); + xive_do_queue_eoi(xc); + } +-- +2.35.3 + diff --git a/patches.suse/powerpc-xive-add-missing-iounmap-in-error-path-in-xi.patch b/patches.suse/powerpc-xive-add-missing-iounmap-in-error-path-in-xi.patch new file mode 100644 index 0000000..5780040 --- /dev/null +++ b/patches.suse/powerpc-xive-add-missing-iounmap-in-error-path-in-xi.patch @@ -0,0 +1,41 @@ +From 8b49670f3bb3f10cd4d5a6dca17f5a31b173ecdc Mon Sep 17 00:00:00 2001 +From: Yang Yingliang +Date: Mon, 17 Oct 2022 11:23:33 +0800 +Subject: [PATCH] powerpc/xive: add missing iounmap() in error path in + xive_spapr_populate_irq_data() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +References: fate#322438 git-fixes +Patch-mainline: v6.2-rc1 +Git-commit: 8b49670f3bb3f10cd4d5a6dca17f5a31b173ecdc + +If remapping 'data->trig_page' fails, the 'data->eoi_mmio' need be unmapped +before returning from xive_spapr_populate_irq_data(). + +Fixes: eac1e731b59e ("powerpc/xive: guest exploitation of the XIVE interrupt controller") +Signed-off-by: Yang Yingliang +Reviewed-by: Cédric Le Goater +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20221017032333.1852406-1-yangyingliang@huawei.com +Acked-by: Michal Suchanek +--- + arch/powerpc/sysdev/xive/spapr.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/powerpc/sysdev/xive/spapr.c b/arch/powerpc/sysdev/xive/spapr.c +index e2c8f93b535ba..e454192643910 100644 +--- a/arch/powerpc/sysdev/xive/spapr.c ++++ b/arch/powerpc/sysdev/xive/spapr.c +@@ -439,6 +439,7 @@ static int xive_spapr_populate_irq_data(u32 hw_irq, struct xive_irq_data *data) + + data->trig_mmio = ioremap(data->trig_page, 1u << data->esb_shift); + if (!data->trig_mmio) { ++ iounmap(data->eoi_mmio); + pr_err("Failed to map trigger page for irq 0x%x\n", hw_irq); + return -ENOMEM; + } +-- +2.35.3 + diff --git a/patches.suse/powerpc-xive-spapr-correct-bitmap-allocation-size.patch b/patches.suse/powerpc-xive-spapr-correct-bitmap-allocation-size.patch new file mode 100644 index 0000000..5961a2a --- /dev/null +++ b/patches.suse/powerpc-xive-spapr-correct-bitmap-allocation-size.patch @@ -0,0 +1,112 @@ +From 19fc5bb93c6bbdce8292b4d7eed04e2fa118d2fe Mon Sep 17 00:00:00 2001 +From: Nathan Lynch +Date: Thu, 23 Jun 2022 13:25:09 -0500 +Subject: [PATCH] powerpc/xive/spapr: correct bitmap allocation size +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +References: fate#322438 git-fixes +Patch-mainline: v5.19-rc5 +Git-commit: 19fc5bb93c6bbdce8292b4d7eed04e2fa118d2fe + +kasan detects access beyond the end of the xibm->bitmap allocation: + +BUG: KASAN: slab-out-of-bounds in _find_first_zero_bit+0x40/0x140 +Read of size 8 at addr c00000001d1d0118 by task swapper/0/1 + +CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc2-00001-g90df023b36dd #28 +Call Trace: +[c00000001d98f770] [c0000000012baab8] dump_stack_lvl+0xac/0x108 (unreliable) +[c00000001d98f7b0] [c00000000068faac] print_report+0x37c/0x710 +[c00000001d98f880] [c0000000006902c0] kasan_report+0x110/0x354 +[c00000001d98f950] [c000000000692324] __asan_load8+0xa4/0xe0 +[c00000001d98f970] [c0000000011c6ed0] _find_first_zero_bit+0x40/0x140 +[c00000001d98f9b0] [c0000000000dbfbc] xive_spapr_get_ipi+0xcc/0x260 +[c00000001d98fa70] [c0000000000d6d28] xive_setup_cpu_ipi+0x1e8/0x450 +[c00000001d98fb30] [c000000004032a20] pSeries_smp_probe+0x5c/0x118 +[c00000001d98fb60] [c000000004018b44] smp_prepare_cpus+0x944/0x9ac +[c00000001d98fc90] [c000000004009f9c] kernel_init_freeable+0x2d4/0x640 +[c00000001d98fd90] [c0000000000131e8] kernel_init+0x28/0x1d0 +[c00000001d98fe10] [c00000000000cd54] ret_from_kernel_thread+0x5c/0x64 + +Allocated by task 0: + kasan_save_stack+0x34/0x70 + __kasan_kmalloc+0xb4/0xf0 + __kmalloc+0x268/0x540 + xive_spapr_init+0x4d0/0x77c + pseries_init_irq+0x40/0x27c + init_IRQ+0x44/0x84 + start_kernel+0x2a4/0x538 + start_here_common+0x1c/0x20 + +The buggy address belongs to the object at c00000001d1d0118 + which belongs to the cache kmalloc-8 of size 8 +The buggy address is located 0 bytes inside of + 8-byte region [c00000001d1d0118, c00000001d1d0120) + +The buggy address belongs to the physical page: +page:c00c000000074740 refcount:1 mapcount:0 mapping:0000000000000000 index:0xc00000001d1d0558 pfn:0x1d1d +flags: 0x7ffff000000200(slab|node=0|zone=0|lastcpupid=0x7ffff) +raw: 007ffff000000200 c00000001d0003c8 c00000001d0003c8 c00000001d010480 +raw: c00000001d1d0558 0000000001e1000a 00000001ffffffff 0000000000000000 +page dumped because: kasan: bad access detected + +Memory state around the buggy address: + c00000001d1d0000: fc 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc + c00000001d1d0080: fc fc 00 fc fc fc fc fc fc fc fc fc fc fc fc fc +>c00000001d1d0100: fc fc fc 02 fc fc fc fc fc fc fc fc fc fc fc fc + ^ + c00000001d1d0180: fc fc fc fc 04 fc fc fc fc fc fc fc fc fc fc fc + c00000001d1d0200: fc fc fc fc fc 04 fc fc fc fc fc fc fc fc fc fc + +This happens because the allocation uses the wrong unit (bits) when it +should pass (BITS_TO_LONGS(count) * sizeof(long)) or equivalent. With small +numbers of bits, the allocated object can be smaller than sizeof(long), +which results in invalid accesses. + +Use bitmap_zalloc() to allocate and initialize the irq bitmap, paired with +bitmap_free() for consistency. + +Signed-off-by: Nathan Lynch +Reviewed-by: Cédric Le Goater +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220623182509.3985625-1-nathanl@linux.ibm.com +Fixes: eac1e731b59e ("powerpc/xive: guest exploitation of the XIVE interrupt controller") +Acked-by: Michal Suchanek +--- + arch/powerpc/sysdev/xive/spapr.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/arch/powerpc/sysdev/xive/spapr.c b/arch/powerpc/sysdev/xive/spapr.c +--- a/arch/powerpc/sysdev/xive/spapr.c ++++ b/arch/powerpc/sysdev/xive/spapr.c +@@ -15,6 +15,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -57,7 +58,7 @@ static int __init xive_irq_bitmap_add(int base, int count) + spin_lock_init(&xibm->lock); + xibm->base = base; + xibm->count = count; +- xibm->bitmap = kzalloc(xibm->count, GFP_KERNEL); ++ xibm->bitmap = bitmap_zalloc(xibm->count, GFP_KERNEL); + if (!xibm->bitmap) { + kfree(xibm); + return -ENOMEM; +@@ -75,7 +76,7 @@ static void xive_irq_bitmap_remove_all(void) + + list_for_each_entry_safe(xibm, tmp, &xive_irq_bitmaps, list) { + list_del(&xibm->list); +- kfree(xibm->bitmap); ++ bitmap_free(xibm->bitmap); + kfree(xibm); + } + } +-- +2.35.3 + diff --git a/patches.suse/powerpc-xmon-fix-dump_segments.patch b/patches.suse/powerpc-xmon-fix-dump_segments.patch new file mode 100644 index 0000000..460bc5f --- /dev/null +++ b/patches.suse/powerpc-xmon-fix-dump_segments.patch @@ -0,0 +1,35 @@ +From 32c8c4c621897199e690760c2d57054f8b84b6e6 Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Fri, 16 Nov 2018 17:31:08 +0000 +Subject: [PATCH] powerpc/xmon: fix dump_segments() + +References: bsc#1065729 +Patch-mainline: v5.0-rc1 +Git-commit: 32c8c4c621897199e690760c2d57054f8b84b6e6 + +mfsrin() takes segment num from bits 31-28 (IBM bits 0-3). + +Signed-off-by: Christophe Leroy +[mpe: Clarify bit numbering] +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/xmon/xmon.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/xmon/xmon.c b/arch/powerpc/xmon/xmon.c +index 372f4d80bcd6..757b8499aba2 100644 +--- a/arch/powerpc/xmon/xmon.c ++++ b/arch/powerpc/xmon/xmon.c +@@ -3504,7 +3504,7 @@ void dump_segments(void) + + printf("sr0-15 ="); + for (i = 0; i < 16; ++i) +- printf(" %x", mfsrin(i)); ++ printf(" %x", mfsrin(i << 28)); + printf("\n"); + } + #endif +-- +2.35.3 + diff --git a/patches.suse/rndis_host-increase-sleep-time-in-the-query-response.patch b/patches.suse/rndis_host-increase-sleep-time-in-the-query-response.patch new file mode 100644 index 0000000..0aef4e7 --- /dev/null +++ b/patches.suse/rndis_host-increase-sleep-time-in-the-query-response.patch @@ -0,0 +1,48 @@ +From 4202c9fdf03d79dedaa94b2c4cf574f25793d669 Mon Sep 17 00:00:00 2001 +From: Olympia Giannou +Date: Fri, 11 Sep 2020 14:17:24 +0000 +Subject: [PATCH] rndis_host: increase sleep time in the query-response loop +Git-commit: 4202c9fdf03d79dedaa94b2c4cf574f25793d669 +References: git-fixes +Patch-mainline: v5.9-rc7 + +Some WinCE devices face connectivity issues via the NDIS interface. They +fail to register, resulting in -110 timeout errors and failures during the +probe procedure. + +In this kind of WinCE devices, the Windows-side ndis driver needs quite +more time to be loaded and configured, so that the linux rndis host queries +to them fail to be responded correctly on time. + +More specifically, when INIT is called on the WinCE side - no other +requests can be served by the Client and this results in a failed QUERY +afterwards. + +The increase of the waiting time on the side of the linux rndis host in +the command-response loop leaves the INIT process to complete and respond +to a QUERY, which comes afterwards. The WinCE devices with this special +"feature" in their ndis driver are satisfied by this fix. + +Signed-off-by: Olympia Giannou +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/rndis_host.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/usb/rndis_host.c b/drivers/net/usb/rndis_host.c +index bd9c07888ebb..6fa7a009a24a 100644 +--- a/drivers/net/usb/rndis_host.c ++++ b/drivers/net/usb/rndis_host.c +@@ -201,7 +201,7 @@ int rndis_command(struct usbnet *dev, struct rndis_msg_hdr *buf, int buflen) + dev_dbg(&info->control->dev, + "rndis response error, code %d\n", retval); + } +- msleep(20); ++ msleep(40); + } + dev_dbg(&info->control->dev, "rndis response timeout\n"); + return -ETIMEDOUT; +-- +2.35.3 + diff --git a/patches.suse/rpc-fix-NULL-dereference-on-kmalloc-failure.patch b/patches.suse/rpc-fix-NULL-dereference-on-kmalloc-failure.patch new file mode 100644 index 0000000..7497ea5 --- /dev/null +++ b/patches.suse/rpc-fix-NULL-dereference-on-kmalloc-failure.patch @@ -0,0 +1,58 @@ +From: "J. Bruce Fields" +Date: Tue, 2 Mar 2021 10:48:38 -0500 +Subject: [PATCH] rpc: fix NULL dereference on kmalloc failure +Git-commit: 0ddc942394013f08992fc379ca04cffacbbe3dae +Patch-mainline: v5.12 +References: git-fixes + +I think this is unlikely but possible: + +svc_authenticate sets rq_authop and calls svcauth_gss_accept. The +kmalloc(sizeof(*svcdata), GFP_KERNEL) fails, leaving rq_auth_data NULL, +and returning SVC_DENIED. + +This causes svc_process_common to go to err_bad_auth, and eventually +call svc_authorise. That calls ->release == svcauth_gss_release, which +tries to dereference rq_auth_data. + +Signed-off-by: J. Bruce Fields +Link: https://lore.kernel.org/linux-nfs/3F1B347F-B809-478F-A1E9-0BE98E22B0F0@oracle.com/T/#t +Signed-off-by: Chuck Lever +Acked-by: NeilBrown + +--- + net/sunrpc/auth_gss/svcauth_gss.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +--- a/net/sunrpc/auth_gss/svcauth_gss.c ++++ b/net/sunrpc/auth_gss/svcauth_gss.c +@@ -1756,11 +1756,14 @@ static int + svcauth_gss_release(struct svc_rqst *rqstp) + { + struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data; +- struct rpc_gss_wire_cred *gc = &gsd->clcred; ++ struct rpc_gss_wire_cred *gc; + struct xdr_buf *resbuf = &rqstp->rq_res; + int stat = -EINVAL; + struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id); + ++ if (!gsd) ++ goto out; ++ gc = &gsd->clcred; + if (gc->gc_proc != RPC_GSS_PROC_DATA) + goto out; + /* Release can be called twice, but we only wrap once. */ +@@ -1801,10 +1804,10 @@ out_err: + if (rqstp->rq_cred.cr_group_info) + put_group_info(rqstp->rq_cred.cr_group_info); + rqstp->rq_cred.cr_group_info = NULL; +- if (gsd->rsci) ++ if (gsd && gsd->rsci) { + cache_put(&gsd->rsci->h, sn->rsc_cache); +- gsd->rsci = NULL; +- ++ gsd->rsci = NULL; ++ } + return stat; + } + diff --git a/patches.suse/rpc-fix-gss_svc_init-cleanup-on-failure.patch b/patches.suse/rpc-fix-gss_svc_init-cleanup-on-failure.patch new file mode 100644 index 0000000..6a78d49 --- /dev/null +++ b/patches.suse/rpc-fix-gss_svc_init-cleanup-on-failure.patch @@ -0,0 +1,28 @@ +From: "J. Bruce Fields" +Date: Thu, 12 Aug 2021 16:41:42 -0400 +Subject: [PATCH] rpc: fix gss_svc_init cleanup on failure +Git-commit: 5a4753446253a427c0ff1e433b9c4933e5af207c +Patch-mainline: v5.15 +References: git-fixes + +The failure case here should be rare, but it's obviously wrong. + +Signed-off-by: J. Bruce Fields +Signed-off-by: Chuck Lever +Acked-by: NeilBrown + +--- + net/sunrpc/auth_gss/svcauth_gss.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/sunrpc/auth_gss/svcauth_gss.c ++++ b/net/sunrpc/auth_gss/svcauth_gss.c +@@ -1904,7 +1904,7 @@ gss_svc_init_net(struct net *net) + goto out2; + return 0; + out2: +- destroy_use_gss_proxy_proc_entry(net); ++ rsi_cache_destroy_net(net); + out1: + rsc_cache_destroy_net(net); + return rv; diff --git a/patches.suse/scsi-qla2xxx-Fix-crash-when-I-O-abort-times-out.patch b/patches.suse/scsi-qla2xxx-Fix-crash-when-I-O-abort-times-out.patch new file mode 100644 index 0000000..e706ead --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Fix-crash-when-I-O-abort-times-out.patch @@ -0,0 +1,92 @@ +From: Arun Easi +Date: Tue, 29 Nov 2022 01:26:34 -0800 +Subject: scsi: qla2xxx: Fix crash when I/O abort times out +Patch-mainline: v6.2-rc1 +Git-commit: 68ad83188d782b2ecef2e41ac245d27e0710fe8e +References: jsc#PED-568 + +While performing CPU hotplug, a crash with the following stack was seen: + +Call Trace: + qla24xx_process_response_queue+0x42a/0x970 [qla2xxx] + qla2x00_start_nvme_mq+0x3a2/0x4b0 [qla2xxx] + qla_nvme_post_cmd+0x166/0x240 [qla2xxx] + nvme_fc_start_fcp_op.part.0+0x119/0x2e0 [nvme_fc] + blk_mq_dispatch_rq_list+0x17b/0x610 + __blk_mq_sched_dispatch_requests+0xb0/0x140 + blk_mq_sched_dispatch_requests+0x30/0x60 + __blk_mq_run_hw_queue+0x35/0x90 + __blk_mq_delay_run_hw_queue+0x161/0x180 + blk_execute_rq+0xbe/0x160 + __nvme_submit_sync_cmd+0x16f/0x220 [nvme_core] + nvmf_connect_admin_queue+0x11a/0x170 [nvme_fabrics] + nvme_fc_create_association.cold+0x50/0x3dc [nvme_fc] + nvme_fc_connect_ctrl_work+0x19/0x30 [nvme_fc] + process_one_work+0x1e8/0x3c0 + +On abort timeout, completion was called without checking if the I/O was +already completed. + +Verify that I/O and abort request are indeed outstanding before attempting +completion. + +Fixes: 71c80b75ce8f ("scsi: qla2xxx: Do command completion on abort timeout") +Reported-by: Marco Patalano +Tested-by: Marco Patalano +Cc: stable@vger.kernel.org +Signed-off-by: Arun Easi +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20221129092634.15347-1-njavali@marvell.com +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_init.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -111,6 +111,7 @@ static void qla24xx_abort_iocb_timeout(v + struct qla_qpair *qpair = sp->qpair; + u32 handle; + unsigned long flags; ++ int sp_found = 0, cmdsp_found = 0; + + if (sp->cmd_sp) + ql_dbg(ql_dbg_async, sp->vha, 0x507c, +@@ -125,18 +126,21 @@ static void qla24xx_abort_iocb_timeout(v + spin_lock_irqsave(qpair->qp_lock_ptr, flags); + for (handle = 1; handle < qpair->req->num_outstanding_cmds; handle++) { + if (sp->cmd_sp && (qpair->req->outstanding_cmds[handle] == +- sp->cmd_sp)) ++ sp->cmd_sp)) { + qpair->req->outstanding_cmds[handle] = NULL; ++ cmdsp_found = 1; ++ } + + /* removing the abort */ + if (qpair->req->outstanding_cmds[handle] == sp) { + qpair->req->outstanding_cmds[handle] = NULL; ++ sp_found = 1; + break; + } + } + spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + +- if (sp->cmd_sp) { ++ if (cmdsp_found && sp->cmd_sp) { + /* + * This done function should take care of + * original command ref: INIT +@@ -144,8 +148,10 @@ static void qla24xx_abort_iocb_timeout(v + sp->cmd_sp->done(sp->cmd_sp, QLA_OS_TIMER_EXPIRED); + } + +- abt->u.abt.comp_status = cpu_to_le16(CS_TIMEOUT); +- sp->done(sp, QLA_OS_TIMER_EXPIRED); ++ if (sp_found) { ++ abt->u.abt.comp_status = cpu_to_le16(CS_TIMEOUT); ++ sp->done(sp, QLA_OS_TIMER_EXPIRED); ++ } + } + + static void qla24xx_abort_sp_done(srb_t *sp, int res) diff --git a/patches.suse/scsi-qla2xxx-Fix-set-but-not-used-variable-warnings.patch b/patches.suse/scsi-qla2xxx-Fix-set-but-not-used-variable-warnings.patch new file mode 100644 index 0000000..08dcc77 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Fix-set-but-not-used-variable-warnings.patch @@ -0,0 +1,133 @@ +From: Bart Van Assche +Date: Mon, 31 Oct 2022 15:48:18 -0700 +Subject: scsi: qla2xxx: Fix set-but-not-used variable warnings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Patch-mainline: v6.2-rc1 +Git-commit: 4fb2169d66b837a2986f569f5d5b81f79e6e4a4c +References: jsc#PED-568 + +Fix the following two compiler warnings: + +drivers/scsi/qla2xxx/qla_init.c: In function ‘qla24xx_async_abort_cmd’: +drivers/scsi/qla2xxx/qla_init.c:171:17: warning: variable ‘bail’ set but not used [-Wunused-but-set-variable] + 171 | uint8_t bail; + | ^~~~ +drivers/scsi/qla2xxx/qla_init.c: In function ‘qla2x00_async_tm_cmd’: +drivers/scsi/qla2xxx/qla_init.c:2023:17: warning: variable ‘bail’ set but not used [-Wunused-but-set-variable] + 2023 | uint8_t bail; + | ^~~~ + +Cc: Arun Easi +Cc: Giridhar Malavali +Fixes: feafb7b1714c ("[SCSI] qla2xxx: Fix vport delete issues") +Signed-off-by: Bart Van Assche +Link: https://lore.kernel.org/r/20221031224818.2607882-1-bvanassche@acm.org +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_def.h | 22 +++++++++++----------- + drivers/scsi/qla2xxx/qla_init.c | 6 ++---- + drivers/scsi/qla2xxx/qla_inline.h | 4 +--- + drivers/scsi/qla2xxx/qla_os.c | 4 +--- + 4 files changed, 15 insertions(+), 21 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -5137,17 +5137,17 @@ struct secure_flash_update_block_pk { + (test_bit(ISP_ABORT_NEEDED, &ha->dpc_flags) || \ + test_bit(LOOP_RESYNC_NEEDED, &ha->dpc_flags)) + +-#define QLA_VHA_MARK_BUSY(__vha, __bail) do { \ +- atomic_inc(&__vha->vref_count); \ +- mb(); \ +- if (__vha->flags.delete_progress) { \ +- atomic_dec(&__vha->vref_count); \ +- wake_up(&__vha->vref_waitq); \ +- __bail = 1; \ +- } else { \ +- __bail = 0; \ +- } \ +-} while (0) ++static inline bool qla_vha_mark_busy(scsi_qla_host_t *vha) ++{ ++ atomic_inc(&vha->vref_count); ++ mb(); ++ if (vha->flags.delete_progress) { ++ atomic_dec(&vha->vref_count); ++ wake_up(&vha->vref_waitq); ++ return true; ++ } ++ return false; ++} + + #define QLA_VHA_MARK_NOT_BUSY(__vha) do { \ + atomic_dec(&__vha->vref_count); \ +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -169,7 +169,6 @@ int qla24xx_async_abort_cmd(srb_t *cmd_s + struct srb_iocb *abt_iocb; + srb_t *sp; + int rval = QLA_FUNCTION_FAILED; +- uint8_t bail; + + /* ref: INIT for ABTS command */ + sp = qla2xxx_get_qpair_sp(cmd_sp->vha, cmd_sp->qpair, cmd_sp->fcport, +@@ -177,7 +176,7 @@ int qla24xx_async_abort_cmd(srb_t *cmd_s + if (!sp) + return QLA_MEMORY_ALLOC_FAILED; + +- QLA_VHA_MARK_BUSY(vha, bail); ++ qla_vha_mark_busy(vha); + abt_iocb = &sp->u.iocb_cmd; + sp->type = SRB_ABT_CMD; + sp->name = "abort"; +@@ -2023,14 +2022,13 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, + struct srb_iocb *tm_iocb; + srb_t *sp; + int rval = QLA_FUNCTION_FAILED; +- uint8_t bail; + + /* ref: INIT */ + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL); + if (!sp) + goto done; + +- QLA_VHA_MARK_BUSY(vha, bail); ++ qla_vha_mark_busy(vha); + sp->type = SRB_TM_CMD; + sp->name = "tmf"; + qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha), +--- a/drivers/scsi/qla2xxx/qla_inline.h ++++ b/drivers/scsi/qla2xxx/qla_inline.h +@@ -226,11 +226,9 @@ static inline srb_t * + qla2x00_get_sp(scsi_qla_host_t *vha, fc_port_t *fcport, gfp_t flag) + { + srb_t *sp = NULL; +- uint8_t bail; + struct qla_qpair *qpair; + +- QLA_VHA_MARK_BUSY(vha, bail); +- if (unlikely(bail)) ++ if (unlikely(qla_vha_mark_busy(vha))) + return NULL; + + qpair = vha->hw->base_qpair; +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -5075,13 +5075,11 @@ struct qla_work_evt * + qla2x00_alloc_work(struct scsi_qla_host *vha, enum qla_work_type type) + { + struct qla_work_evt *e; +- uint8_t bail; + + if (test_bit(UNLOADING, &vha->dpc_flags)) + return NULL; + +- QLA_VHA_MARK_BUSY(vha, bail); +- if (bail) ++ if (qla_vha_mark_busy(vha)) + return NULL; + + e = kzalloc(sizeof(struct qla_work_evt), GFP_ATOMIC); diff --git a/patches.suse/scsi-qla2xxx-Initialize-vha-unknown_atio_-list-work-.patch b/patches.suse/scsi-qla2xxx-Initialize-vha-unknown_atio_-list-work-.patch new file mode 100644 index 0000000..f07c18f --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Initialize-vha-unknown_atio_-list-work-.patch @@ -0,0 +1,36 @@ +From: Gleb Chesnokov +Date: Tue, 15 Nov 2022 12:38:08 +0300 +Subject: scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV + hosts +Patch-mainline: v6.2-rc1 +Git-commit: 95da5e58172cd3c58b82cb01e6cd157b6c5eabe9 +References: jsc#PED-568 + +Initialization of vha->unknown_atio_list and vha->unknown_atio_work only +happens for base_vha in qlt_probe_one_stage1(). But there is no +initialization for NPIV hosts that are created in qla24xx_vport_create(). + +This causes a crash when trying to access these NPIV host fields. + +Fix this by adding initialization to qla_vport_create(). + +Signed-off-by: Gleb Chesnokov +Link: https://lore.kernel.org/r/376c89a2-a9ac-bcf9-bf0f-dfe89a02fd4b@scst.dev +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_target.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/scsi/qla2xxx/qla_target.c ++++ b/drivers/scsi/qla2xxx/qla_target.c +@@ -6751,6 +6751,9 @@ qlt_vport_create(struct scsi_qla_host *v + mutex_init(&vha->vha_tgt.tgt_mutex); + mutex_init(&vha->vha_tgt.tgt_host_action_mutex); + ++ INIT_LIST_HEAD(&vha->unknown_atio_list); ++ INIT_DELAYED_WORK(&vha->unknown_atio_work, qlt_unknown_atio_work_fn); ++ + qlt_clear_mode(vha); + + /* diff --git a/patches.suse/scsi-qla2xxx-Remove-duplicate-of-vha-iocb_work-initi.patch b/patches.suse/scsi-qla2xxx-Remove-duplicate-of-vha-iocb_work-initi.patch new file mode 100644 index 0000000..7653948 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Remove-duplicate-of-vha-iocb_work-initi.patch @@ -0,0 +1,34 @@ +From: Gleb Chesnokov +Date: Tue, 15 Nov 2022 12:38:05 +0300 +Subject: scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization +Patch-mainline: v6.2-rc1 +Git-commit: 3620e174d260adf88fa6511e8a20831cbddc4b66 +References: jsc#PED-568 + +Commit 9b3e0f4d4147 ("scsi: qla2xxx: Move work element processing out of +DPC thread") introduced the initialization of vha->iocb_work in +qla2x00_create_host() function. + +This initialization is also called from qla2x00_probe_one() function, just +after qla2x00_create_host(). + +Hence remove this duplicate call since it has already been called before. + +Signed-off-by: Gleb Chesnokov +Link: https://lore.kernel.org/r/822b3823-f344-67d6-30f1-16e31cf68eed@scst.dev +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_os.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -3283,7 +3283,6 @@ qla2x00_probe_one(struct pci_dev *pdev, + host->max_cmd_len, host->max_channel, host->max_lun, + host->transportt, sht->vendor_id); + +- INIT_WORK(&base_vha->iocb_work, qla2x00_iocb_work_fn); + INIT_WORK(&ha->heartbeat_work, qla_heartbeat_work_fn); + + /* Set up the irqs */ diff --git a/patches.suse/scsi-qla2xxx-Remove-unused-variable-found_devs.patch b/patches.suse/scsi-qla2xxx-Remove-unused-variable-found_devs.patch new file mode 100644 index 0000000..0009b3c --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Remove-unused-variable-found_devs.patch @@ -0,0 +1,45 @@ +From: Colin Ian King +Date: Tue, 1 Nov 2022 10:47:33 +0000 +Subject: scsi: qla2xxx: Remove unused variable 'found_devs' +Patch-mainline: v6.2-rc1 +Git-commit: e137b81d30e7ef8ec27a77c3b2cbbad52845872a +References: jsc#PED-568 + +Variable 'found_devs' is just being incremented and it's never used +anywhere else. Remove it. + +Signed-off-by: Colin Ian King +Link: https://lore.kernel.org/r/20221101104733.30363-1-colin.i.king@gmail.com +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_init.c | 4 ---- + 1 file changed, 4 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -5545,7 +5545,6 @@ static int + qla2x00_configure_local_loop(scsi_qla_host_t *vha) + { + int rval, rval2; +- int found_devs; + int found; + fc_port_t *fcport, *new_fcport; + uint16_t index; +@@ -5560,7 +5559,6 @@ qla2x00_configure_local_loop(scsi_qla_ho + if (N2N_TOPO(ha)) + return qla2x00_configure_n2n_loop(vha); + +- found_devs = 0; + new_fcport = NULL; + entries = MAX_FIBRE_DEVICES_LOOP; + +@@ -5719,8 +5717,6 @@ qla2x00_configure_local_loop(scsi_qla_ho + + /* Base iIDMA settings on HBA port speed. */ + fcport->fp_speed = ha->link_data_rate; +- +- found_devs++; + } + + list_for_each_entry(fcport, &vha->vp_fcports, list) { diff --git a/patches.suse/sunrpc-Fix-connect-metrics.patch b/patches.suse/sunrpc-Fix-connect-metrics.patch new file mode 100644 index 0000000..331d701 --- /dev/null +++ b/patches.suse/sunrpc-Fix-connect-metrics.patch @@ -0,0 +1,113 @@ +From: Chuck Lever +Date: Mon, 1 Oct 2018 14:25:36 -0400 +Subject: [PATCH] sunrpc: Fix connect metrics +Git-commit: 3968a8a5310404c2f0b9e4d9f28cab13a12bc4fd +Patch-mainline: v4.20 +References: git-fixes + +For TCP, the logic in xprt_connect_status is currently never invoked +to record a successful connection. Commit 2a4919919a97 ("SUNRPC: +Return EAGAIN instead of ENOTCONN when waking up xprt->pending") +changed the way TCP xprt's are awoken after a connect succeeds. + +Instead, change connection-oriented transports to bump connect_count +and compute connect_time the moment that XPRT_CONNECTED is set. + +Signed-off-by: Chuck Lever +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + net/sunrpc/xprt.c | 14 ++++---------- + net/sunrpc/xprtrdma/transport.c | 6 +++++- + net/sunrpc/xprtsock.c | 10 ++++++---- + 3 files changed, 15 insertions(+), 15 deletions(-) + +--- a/net/sunrpc/xprt.c ++++ b/net/sunrpc/xprt.c +@@ -796,17 +796,11 @@ void xprt_connect(struct rpc_task *task) + + static void xprt_connect_status(struct rpc_task *task) + { +- struct rpc_xprt *xprt = task->tk_rqstp->rq_xprt; +- +- if (task->tk_status == 0) { +- xprt->stat.connect_count++; +- xprt->stat.connect_time += (long)jiffies - xprt->stat.connect_start; ++ switch (task->tk_status) { ++ case 0: + dprintk("RPC: %5u xprt_connect_status: connection established\n", + task->tk_pid); +- return; +- } +- +- switch (task->tk_status) { ++ break; + case -ECONNREFUSED: + case -ECONNRESET: + case -ECONNABORTED: +@@ -823,7 +817,7 @@ static void xprt_connect_status(struct r + default: + dprintk("RPC: %5u xprt_connect_status: error %d connecting to " + "server %s\n", task->tk_pid, -task->tk_status, +- xprt->servername); ++ task->tk_rqstp->rq_xprt->servername); + task->tk_status = -EIO; + } + } +--- a/net/sunrpc/xprtrdma/transport.c ++++ b/net/sunrpc/xprtrdma/transport.c +@@ -242,8 +242,12 @@ rpcrdma_connect_worker(struct work_struc + + spin_lock_bh(&xprt->transport_lock); + if (ep->rep_connected > 0) { +- if (!xprt_test_and_set_connected(xprt)) ++ if (!xprt_test_and_set_connected(xprt)) { ++ xprt->stat.connect_count++; ++ xprt->stat.connect_time += (long)jiffies - ++ xprt->stat.connect_start; + xprt_wake_pending_tasks(xprt, 0); ++ } + } else { + if (xprt_test_and_clear_connected(xprt)) + xprt_wake_pending_tasks(xprt, -ENOTCONN); +--- a/net/sunrpc/xprtsock.c ++++ b/net/sunrpc/xprtsock.c +@@ -1603,6 +1603,9 @@ static void xs_tcp_state_change(struct s + clear_bit(XPRT_SOCK_CONNECTING, &transport->sock_state); + xprt_clear_connecting(xprt); + ++ xprt->stat.connect_count++; ++ xprt->stat.connect_time += (long)jiffies - ++ xprt->stat.connect_start; + xprt_wake_pending_tasks(xprt, -EAGAIN); + } + spin_unlock(&xprt->transport_lock); +@@ -2026,8 +2029,6 @@ static int xs_local_finish_connecting(st + } + + /* Tell the socket layer to start connecting... */ +- xprt->stat.connect_count++; +- xprt->stat.connect_start = jiffies; + return kernel_connect(sock, xs_addr(xprt), xprt->addrlen, 0); + } + +@@ -2059,6 +2060,9 @@ static int xs_local_setup_socket(struct + case 0: + dprintk("RPC: xprt %p connected to %s\n", + xprt, xprt->address_strings[RPC_DISPLAY_ADDR]); ++ xprt->stat.connect_count++; ++ xprt->stat.connect_time += (long)jiffies - ++ xprt->stat.connect_start; + xprt_set_connected(xprt); + case -ENOBUFS: + break; +@@ -2383,8 +2387,6 @@ static int xs_tcp_finish_connecting(stru + xs_set_memalloc(xprt); + + /* Tell the socket layer to start connecting... */ +- xprt->stat.connect_count++; +- xprt->stat.connect_start = jiffies; + set_bit(XPRT_SOCK_CONNECTING, &transport->sock_state); + ret = kernel_connect(sock, xs_addr(xprt), xprt->addrlen, O_NONBLOCK); + switch (ret) { diff --git a/patches.suse/sunrpc-don-t-mark-uninitialised-items-as-VALID.patch b/patches.suse/sunrpc-don-t-mark-uninitialised-items-as-VALID.patch new file mode 100644 index 0000000..22b7c77 --- /dev/null +++ b/patches.suse/sunrpc-don-t-mark-uninitialised-items-as-VALID.patch @@ -0,0 +1,55 @@ +From: NeilBrown +Date: Fri, 5 Apr 2019 11:34:40 +1100 +Subject: [PATCH] sunrpc: don't mark uninitialised items as VALID. +Git-commit: d58431eacb226222430940134d97bfd72f292fcd +Patch-mainline: v5.1 +References: git-fixes + +A recent commit added a call to cache_fresh_locked() +when an expired item was found. +The call sets the CACHE_VALID flag, so it is important +that the item actually is valid. +There are two ways it could be valid: +1/ If ->update has been called to fill in relevant content +2/ if CACHE_NEGATIVE is set, to say that content doesn't exist. + +An expired item that is waiting for an update will be neither. +Setting CACHE_VALID will mean that a subsequent call to cache_put() +will be likely to dereference uninitialised pointers. + +So we must make sure the item is valid, and we already have code to do +that in try_to_negate_entry(). This takes the hash lock and so cannot +be used directly, so take out the two lines that we need and use them. + +Now cache_fresh_locked() is certain to be called only on +a valid item. + +Cc: stable@kernel.org # 2.6.35 +Fixes: 4ecd55ea0742 ("sunrpc: fix cache_head leak due to queued request") +Signed-off-by: NeilBrown +Signed-off-by: J. Bruce Fields +Acked-by: NeilBrown + +--- + net/sunrpc/cache.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/net/sunrpc/cache.c ++++ b/net/sunrpc/cache.c +@@ -55,6 +55,7 @@ static void cache_init(struct cache_head + h->last_refresh = now; + } + ++static inline int cache_is_valid(struct cache_head *h); + static void cache_fresh_locked(struct cache_head *head, time_t expiry, + struct cache_detail *detail); + static void cache_fresh_unlocked(struct cache_head *head, +@@ -101,6 +102,8 @@ struct cache_head *sunrpc_cache_lookup(s + if (cache_is_expired(detail, tmp)) { + hlist_del_init(&tmp->cache_list); + detail->entries --; ++ if (cache_is_valid(tmp) == -EAGAIN) ++ set_bit(CACHE_NEGATIVE, &tmp->flags); + cache_fresh_locked(tmp, 0, detail); + freeme = tmp; + break; diff --git a/patches.suse/sunrpc-fix-cache_head-leak-due-to-queued-request.patch b/patches.suse/sunrpc-fix-cache_head-leak-due-to-queued-request.patch new file mode 100644 index 0000000..70845f5 --- /dev/null +++ b/patches.suse/sunrpc-fix-cache_head-leak-due-to-queued-request.patch @@ -0,0 +1,68 @@ +From: Vasily Averin +Date: Wed, 28 Nov 2018 11:45:57 +0300 +Subject: [PATCH] sunrpc: fix cache_head leak due to queued request +Git-commit: 4ecd55ea074217473f94cfee21bb72864d39f8d7 +Patch-mainline: v5.0 +References: git-fixes + +After commit d202cce8963d, an expired cache_head can be removed from the +cache_detail's hash. + +However, the expired cache_head may be waiting for a reply from a +previously submitted request. Such a cache_head has an increased +refcounter and therefore it won't be freed after cache_put(freeme). + +Because the cache_head was removed from the hash it cannot be found +during cache_clean() and can be leaked forever, together with stalled +cache_request and other taken resources. + +In our case we noticed it because an entry in the export cache was +holding a reference on a filesystem. + +Fixes d202cce8963d ("sunrpc: never return expired entries in sunrpc_cache_lookup") + +Cc: Pavel Tikhomirov +Cc: stable@kernel.org # 2.6.35 +Signed-off-by: Vasily Averin +Reviewed-by: NeilBrown +Signed-off-by: J. Bruce Fields +Acked-by: NeilBrown + +--- + net/sunrpc/cache.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/net/sunrpc/cache.c ++++ b/net/sunrpc/cache.c +@@ -55,6 +55,11 @@ static void cache_init(struct cache_head + h->last_refresh = now; + } + ++static void cache_fresh_locked(struct cache_head *head, time_t expiry, ++ struct cache_detail *detail); ++static void cache_fresh_unlocked(struct cache_head *head, ++ struct cache_detail *detail); ++ + struct cache_head *sunrpc_cache_lookup(struct cache_detail *detail, + struct cache_head *key, int hash) + { +@@ -96,6 +101,7 @@ struct cache_head *sunrpc_cache_lookup(s + if (cache_is_expired(detail, tmp)) { + hlist_del_init(&tmp->cache_list); + detail->entries --; ++ cache_fresh_locked(tmp, 0, detail); + freeme = tmp; + break; + } +@@ -111,8 +117,10 @@ struct cache_head *sunrpc_cache_lookup(s + cache_get(new); + write_unlock(&detail->hash_lock); + +- if (freeme) ++ if (freeme) { ++ cache_fresh_unlocked(freeme, detail); + cache_put(freeme, detail); ++ } + return new; + } + EXPORT_SYMBOL_GPL(sunrpc_cache_lookup); diff --git a/patches.suse/sunrpc-fix-crash-when-cache_head-become-valid-before.patch b/patches.suse/sunrpc-fix-crash-when-cache_head-become-valid-before.patch new file mode 100644 index 0000000..b1ea077 --- /dev/null +++ b/patches.suse/sunrpc-fix-crash-when-cache_head-become-valid-before.patch @@ -0,0 +1,120 @@ +From: Pavel Tikhomirov +Date: Tue, 1 Oct 2019 11:03:59 +0300 +Subject: [PATCH] sunrpc: fix crash when cache_head become valid before update +Git-commit: 5fcaf6982d1167f1cd9b264704f6d1ef4c505d54 +Patch-mainline: v5.5 +References: git-fixes + +I was investigating a crash in our Virtuozzo7 kernel which happened in +in svcauth_unix_set_client. I found out that we access m_client field +in ip_map structure, which was received from sunrpc_cache_lookup (we +have a bit older kernel, now the code is in sunrpc_cache_add_entry), and +these field looks uninitialized (m_client == 0x74 don't look like a +pointer) but in the cache_head in flags we see 0x1 which is CACHE_VALID. + +It looks like the problem appeared from our previous fix to sunrpc (1): +commit 4ecd55ea0742 ("sunrpc: fix cache_head leak due to queued +request") + +And we've also found a patch already fixing our patch (2): +commit d58431eacb22 ("sunrpc: don't mark uninitialised items as VALID.") + +Though the crash is eliminated, I think the core of the problem is not +completely fixed: + +Neil in the patch (2) makes cache_head CACHE_NEGATIVE, before +cache_fresh_locked which was added in (1) to fix crash. These way +cache_is_valid won't say the cache is valid anymore and in +svcauth_unix_set_client the function cache_check will return error +instead of 0, and we don't count entry as initialized. + +But it looks like we need to remove cache_fresh_locked completely in +Sunrpc_cache_lookup: + +In (1) we've only wanted to make cache_fresh_unlocked->cache_dequeue so +that cache_requests with no readers also release corresponding +cache_head, to fix their leak. We with Vasily were not sure if +cache_fresh_locked and cache_fresh_unlocked should be used in pair or +not, so we've guessed to use them in pair. + +Now we see that we don't want the CACHE_VALID bit set here by +cache_fresh_locked, as "valid" means "initialized" and there is no +initialization in sunrpc_cache_add_entry. Both expiry_time and +last_refresh are not used in cache_fresh_unlocked code-path and also not +required for the initial fix. + +So to conclude cache_fresh_locked was called by mistake, and we can just +safely remove it instead of crutching it with CACHE_NEGATIVE. It looks +ideologically better for me. Hope I don't miss something here. + +Here is our crash backtrace: +[13108726.326291] BUG: unable to handle kernel NULL pointer dereference at 0000000000000074 +[13108726.326365] IP: [] svcauth_unix_set_client+0x2ab/0x520 [sunrpc] +[13108726.326448] PGD 0 +[13108726.326468] Oops: 0002 [#1] SMP +[13108726.326497] Modules linked in: nbd isofs xfs loop kpatch_cumulative_81_0_r1(O) xt_physdev nfnetlink_queue bluetooth rfkill ip6table_nat nf_nat_ipv6 ip_vs_wrr ip_vs_wlc ip_vs_sh nf_conntrack_netlink ip_vs_sed ip_vs_pe_sip nf_conntrack_sip ip_vs_nq ip_vs_lc ip_vs_lblcr ip_vs_lblc ip_vs_ftp ip_vs_dh nf_nat_ftp nf_conntrack_ftp iptable_raw xt_recent nf_log_ipv6 xt_hl ip6t_rt nf_log_ipv4 nf_log_common xt_LOG xt_limit xt_TCPMSS xt_tcpmss vxlan ip6_udp_tunnel udp_tunnel xt_statistic xt_NFLOG nfnetlink_log dummy xt_mark xt_REDIRECT nf_nat_redirect raw_diag udp_diag tcp_diag inet_diag netlink_diag af_packet_diag unix_diag rpcsec_gss_krb5 xt_addrtype ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 ebtable_nat ebtable_broute nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_mangle ip6table_raw nfsv4 +[13108726.327173] dns_resolver cls_u32 binfmt_misc arptable_filter arp_tables ip6table_filter ip6_tables devlink fuse_kio_pcs ipt_MASQUERADE nf_nat_masquerade_ipv4 xt_nat iptable_nat nf_nat_ipv4 xt_comment nf_conntrack_ipv4 nf_defrag_ipv4 xt_wdog_tmo xt_multiport bonding xt_set xt_conntrack iptable_filter iptable_mangle kpatch(O) ebtable_filter ebt_among ebtables ip_set_hash_ip ip_set nfnetlink vfat fat skx_edac intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass fuse pcspkr ses enclosure joydev sg mei_me hpwdt hpilo lpc_ich mei ipmi_si shpchp ipmi_devintf ipmi_msghandler xt_ipvs acpi_power_meter ip_vs_rr nfsv3 nfsd auth_rpcgss nfs_acl nfs lockd grace fscache nf_nat cls_fw sch_htb sch_cbq sch_sfq ip_vs em_u32 nf_conntrack tun br_netfilter veth overlay ip6_vzprivnet ip6_vznetstat ip_vznetstat +[13108726.327817] ip_vzprivnet vziolimit vzevent vzlist vzstat vznetstat vznetdev vzmon vzdev bridge pio_kaio pio_nfs pio_direct pfmt_raw pfmt_ploop1 ploop ip_tables ext4 mbcache jbd2 sd_mod crc_t10dif crct10dif_generic mgag200 i2c_algo_bit drm_kms_helper scsi_transport_iscsi 8021q syscopyarea sysfillrect garp sysimgblt fb_sys_fops mrp stp ttm llc bnx2x crct10dif_pclmul crct10dif_common crc32_pclmul crc32c_intel drm dm_multipath ghash_clmulni_intel uas aesni_intel lrw gf128mul glue_helper ablk_helper cryptd tg3 smartpqi scsi_transport_sas mdio libcrc32c i2c_core usb_storage ptp pps_core wmi sunrpc dm_mirror dm_region_hash dm_log dm_mod [last unloaded: kpatch_cumulative_82_0_r1] +[13108726.328403] CPU: 35 PID: 63742 Comm: nfsd ve: 51332 Kdump: loaded Tainted: G W O ------------ 3.10.0-862.20.2.vz7.73.29 #1 73.29 +[13108726.328491] Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 10/02/2018 +[13108726.328554] task: ffffa0a6a41b1160 ti: ffffa0c2a74bc000 task.ti: ffffa0c2a74bc000 +[13108726.328610] RIP: 0010:[] [] svcauth_unix_set_client+0x2ab/0x520 [sunrpc] +[13108726.328706] RSP: 0018:ffffa0c2a74bfd80 EFLAGS: 00010246 +[13108726.328750] RAX: 0000000000000001 RBX: ffffa0a6183ae000 RCX: 0000000000000000 +[13108726.328811] RDX: 0000000000000074 RSI: 0000000000000286 RDI: ffffa0c2a74bfcf0 +[13108726.328864] RBP: ffffa0c2a74bfe00 R08: ffffa0bab8c22960 R09: 0000000000000001 +[13108726.328916] R10: 0000000000000001 R11: 0000000000000001 R12: ffffa0a32aa7f000 +[13108726.328969] R13: ffffa0a6183afac0 R14: ffffa0c233d88d00 R15: ffffa0c2a74bfdb4 +[13108726.329022] FS: 0000000000000000(0000) GS:ffffa0e17f9c0000(0000) knlGS:0000000000000000 +[13108726.329081] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[13108726.332311] CR2: 0000000000000074 CR3: 00000026a1b28000 CR4: 00000000007607e0 +[13108726.334606] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[13108726.336754] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[13108726.338908] PKRU: 00000000 +[13108726.341047] Call Trace: +[13108726.343074] [] ? groups_alloc+0x34/0x110 +[13108726.344837] [] svc_set_client+0x24/0x30 [sunrpc] +[13108726.346631] [] svc_process_common+0x241/0x710 [sunrpc] +[13108726.348332] [] svc_process+0x103/0x190 [sunrpc] +[13108726.350016] [] nfsd+0xdf/0x150 [nfsd] +[13108726.351735] [] ? nfsd_destroy+0x80/0x80 [nfsd] +[13108726.353459] [] kthread+0xd1/0xe0 +[13108726.355195] [] ? create_kthread+0x60/0x60 +[13108726.356896] [] ret_from_fork_nospec_begin+0x7/0x21 +[13108726.358577] [] ? create_kthread+0x60/0x60 +[13108726.360240] Code: 4c 8b 45 98 0f 8e 2e 01 00 00 83 f8 fe 0f 84 76 fe ff ff 85 c0 0f 85 2b 01 00 00 49 8b 50 40 b8 01 00 00 00 48 89 93 d0 1a 00 00 0f c1 02 83 c0 01 83 f8 01 0f 8e 53 02 00 00 49 8b 44 24 38 +[13108726.363769] RIP [] svcauth_unix_set_client+0x2ab/0x520 [sunrpc] +[13108726.365530] RSP +[13108726.367179] CR2: 0000000000000074 + +Fixes: d58431eacb22 ("sunrpc: don't mark uninitialised items as VALID.") +Signed-off-by: Pavel Tikhomirov +Acked-by: NeilBrown +Signed-off-by: J. Bruce Fields + +--- + net/sunrpc/cache.c | 6 ------ + 1 file changed, 6 deletions(-) + +--- a/net/sunrpc/cache.c ++++ b/net/sunrpc/cache.c +@@ -55,9 +55,6 @@ static void cache_init(struct cache_head + h->last_refresh = now; + } + +-static inline int cache_is_valid(struct cache_head *h); +-static void cache_fresh_locked(struct cache_head *head, time_t expiry, +- struct cache_detail *detail); + static void cache_fresh_unlocked(struct cache_head *head, + struct cache_detail *detail); + +@@ -102,9 +99,6 @@ struct cache_head *sunrpc_cache_lookup(s + if (cache_is_expired(detail, tmp)) { + hlist_del_init(&tmp->cache_list); + detail->entries --; +- if (cache_is_valid(tmp) == -EAGAIN) +- set_bit(CACHE_NEGATIVE, &tmp->flags); +- cache_fresh_locked(tmp, 0, detail); + freeme = tmp; + break; + } diff --git a/patches.suse/svcrdma-Ignore-source-port-when-computing-DRC-hash.patch b/patches.suse/svcrdma-Ignore-source-port-when-computing-DRC-hash.patch new file mode 100644 index 0000000..2836dd7 --- /dev/null +++ b/patches.suse/svcrdma-Ignore-source-port-when-computing-DRC-hash.patch @@ -0,0 +1,52 @@ +From: Chuck Lever +Date: Tue, 11 Jun 2019 11:01:16 -0400 +Subject: [PATCH] svcrdma: Ignore source port when computing DRC hash +Git-commit: 1e091c3bbf51d34d5d96337a59ce5ab2ac3ba2cc +Patch-mainline: v5.2 +References: git-fixes + +The DRC appears to be effectively empty after an RPC/RDMA transport +reconnect. The problem is that each connection uses a different +source port, which defeats the DRC hash. + +Clients always have to disconnect before they send retransmissions +to reset the connection's credit accounting, thus every retransmit +on NFS/RDMA will miss the DRC. + +An NFS/RDMA client's IP source port is meaningless for RDMA +transports. The transport layer typically sets the source port value +on the connection to a random ephemeral port. The server already +ignores it for the "secure port" check. See commit 16e4d93f6de7 +("nfsd: Ignore client's source port on RDMA transports"). + +The Linux NFS server's DRC resolves XID collisions from the same +source IP address by using the checksum of the first 200 bytes of +the RPC call header. + +Signed-off-by: Chuck Lever +Cc: stable@vger.kernel.org # v4.14+ +Signed-off-by: J. Bruce Fields +Acked-by: NeilBrown + +--- + net/sunrpc/xprtrdma/svc_rdma_transport.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/net/sunrpc/xprtrdma/svc_rdma_transport.c ++++ b/net/sunrpc/xprtrdma/svc_rdma_transport.c +@@ -270,9 +270,14 @@ static void handle_connect_req(struct rd + /* Save client advertised inbound read limit for use later in accept. */ + newxprt->sc_ord = param->initiator_depth; + +- /* Set the local and remote addresses in the transport */ + sa = (struct sockaddr *)&newxprt->sc_cm_id->route.addr.dst_addr; + svc_xprt_set_remote(&newxprt->sc_xprt, sa, svc_addr_len(sa)); ++ /* The remote port is arbitrary and not under the control of the ++ * client ULP. Set it to a fixed value so that the DRC continues ++ * to be effective after a reconnect. ++ */ ++ rpc_set_port((struct sockaddr *)&newxprt->sc_xprt.xpt_remote, 0); ++ + sa = (struct sockaddr *)&newxprt->sc_cm_id->route.addr.src_addr; + svc_xprt_set_local(&newxprt->sc_xprt, sa, svc_addr_len(sa)); + diff --git a/patches.suse/usb-dwc3-gadget-Fix-OTG-events-when-gadget-driver-is.patch b/patches.suse/usb-dwc3-gadget-Fix-OTG-events-when-gadget-driver-is.patch new file mode 100644 index 0000000..81bb0d7 --- /dev/null +++ b/patches.suse/usb-dwc3-gadget-Fix-OTG-events-when-gadget-driver-is.patch @@ -0,0 +1,48 @@ +From 169e3b68cadb5775daca009ced4faf01ffd97dcf Mon Sep 17 00:00:00 2001 +From: Roger Quadros +Date: Thu, 10 Jan 2019 17:04:28 +0200 +Subject: [PATCH] usb: dwc3: gadget: Fix OTG events when gadget driver isn't + loaded +Git-commit: 169e3b68cadb5775daca009ced4faf01ffd97dcf +References: git-fixes +Patch-mainline: v5.1-rc1 + +On v3.10a in dual-role mode, if port is in device mode +and gadget driver isn't loaded, the OTG event interrupts don't +come through. + +It seems that if the core is configured to be OTG2.0 only, +then we can't leave the DCFG.DEVSPD at Super-speed (default) +if we expect OTG to work properly. It must be set to High-speed. + +Fix this issue by configuring DCFG.DEVSPD to the supported +maximum speed at gadget init. Device tree still needs to provide +correct supported maximum speed for this to work. + +This issue wasn't present on v2.40a but is seen on v3.10a. +It doesn't cause any side effects on v2.40a. + +Signed-off-by: Roger Quadros +Signed-off-by: Sekhar Nori +Signed-off-by: Felipe Balbi +Signed-off-by: Oliver Neukum +--- + drivers/usb/dwc3/gadget.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c +index bed2ff42780b..d478d46847b6 100644 +--- a/drivers/usb/dwc3/gadget.c ++++ b/drivers/usb/dwc3/gadget.c +@@ -3339,6 +3339,8 @@ int dwc3_gadget_init(struct dwc3 *dwc) + goto err4; + } + ++ dwc3_gadget_set_speed(&dwc->gadget, dwc->maximum_speed); ++ + return 0; + + err4: +-- +2.39.0 + diff --git a/patches.suse/xprtrdma-treat-all-calls-not-a-bcall-when-bc_serv-is.patch b/patches.suse/xprtrdma-treat-all-calls-not-a-bcall-when-bc_serv-is.patch new file mode 100644 index 0000000..ad24d41 --- /dev/null +++ b/patches.suse/xprtrdma-treat-all-calls-not-a-bcall-when-bc_serv-is.patch @@ -0,0 +1,67 @@ +From: Kinglong Mee +Date: Sun, 22 May 2022 20:36:48 +0800 +Subject: [PATCH] xprtrdma: treat all calls not a bcall when bc_serv is NULL +Git-commit: 11270e7ca268e8d61b5d9e5c3a54bd1550642c9c +Patch-mainline: v5.19 +References: git-fixes + +When a rdma server returns a fault format reply, nfs v3 client may +treats it as a bcall when bc service is not exist. + +The debug message at rpcrdma_bc_receive_call are, + +[56579.837169] RPC: rpcrdma_bc_receive_call: callback XID +00000001, length=20 +[56579.837174] RPC: rpcrdma_bc_receive_call: 00 00 00 01 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 04 + +After that, rpcrdma_bc_receive_call will meets NULL pointer as, + +[ 226.057890] BUG: unable to handle kernel NULL pointer dereference at +00000000000000c8 +... +[ 226.058704] RIP: 0010:_raw_spin_lock+0xc/0x20 +... +[ 226.059732] Call Trace: +[ 226.059878] rpcrdma_bc_receive_call+0x138/0x327 [rpcrdma] +[ 226.060011] __ib_process_cq+0x89/0x170 [ib_core] +[ 226.060092] ib_cq_poll_work+0x26/0x80 [ib_core] +[ 226.060257] process_one_work+0x1a7/0x360 +[ 226.060367] ? create_worker+0x1a0/0x1a0 +[ 226.060440] worker_thread+0x30/0x390 +[ 226.060500] ? create_worker+0x1a0/0x1a0 +[ 226.060574] kthread+0x116/0x130 +[ 226.060661] ? kthread_flush_work_fn+0x10/0x10 +[ 226.060724] ret_from_fork+0x35/0x40 +... + +Signed-off-by: Kinglong Mee +Reviewed-by: Chuck Lever +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + net/sunrpc/xprtrdma/rpc_rdma.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/net/sunrpc/xprtrdma/rpc_rdma.c ++++ b/net/sunrpc/xprtrdma/rpc_rdma.c +@@ -980,6 +980,7 @@ static bool + rpcrdma_is_bcall(struct rpcrdma_xprt *r_xprt, struct rpcrdma_rep *rep) + #if defined(CONFIG_SUNRPC_BACKCHANNEL) + { ++ struct rpc_xprt *xprt = &r_xprt->rx_xprt; + struct xdr_stream *xdr = &rep->rr_stream; + __be32 *p; + +@@ -1003,6 +1004,10 @@ rpcrdma_is_bcall(struct rpcrdma_xprt *r_ + if (*p != cpu_to_be32(RPC_CALL)) + return false; + ++ /* No bc service. */ ++ if (xprt->bc_serv == NULL) ++ return false; ++ + /* Now that we are sure this is a backchannel call, + * advance to the RPC header. + */ diff --git a/series.conf b/series.conf index 7afecb8..1b7f4fc 100644 --- a/series.conf +++ b/series.conf @@ -6002,6 +6002,7 @@ patches.suse/0009-mailbox-pcc-Fix-crash-when-request-PCC-channel-0.patch patches.suse/0001-ipc-add-missing-container_of-s-for-randstruct.patch patches.suse/powerpc-mm-Fix-pmd-pte_devmap-on-non-leaf-entries.patch + patches.suse/powerpc-boot-Fix-64-bit-boot-wrapper-build-with-non-.patch patches.suse/0003-powerpc-83xx-mpc832x_rdb-fix-of_irq_to_resource-erro.patch patches.suse/powerpc-perf-POWER9-PMU-stops-after-idle-workaround.patch patches.suse/0715-drm-amdgpu-use-list_del_init-in-amdgpu_mn_unregister @@ -6038,6 +6039,7 @@ patches.suse/gpio-tegra-fix-unbalanced-chained_irq_enter-exit patches.suse/media-Revert-media-et8ek8-Export-OF-device-ID-as-mod.patch patches.suse/media-rainshadow-cec-avoid-Wmaybe-uninitialized-warn2.patch + patches.suse/media-i2c-tvp5150-remove-useless-variable-assignment.patch patches.suse/0001-media-cec-notifier-small-improvements.patch patches.suse/ext4-fix-dir_nlink-behaviour.patch patches.suse/xfs-fix-per-inode-dax-flag-inheritance.patch @@ -16643,6 +16645,7 @@ patches.suse/SUNRPC-Fix-parsing-failure-in-trace-points-with-XIDs.patch patches.suse/sunrpc-Fix-rpc_task_begin-trace-point.patch patches.suse/NFSv4-Fix-OPEN-CLOSE-race.patch + patches.suse/NFSv4-Fix-open-create-exclusive-when-the-server-rebo.patch patches.suse/NFS-Fix-a-typo-in-nfs_rename.patch patches.suse/NFSv4-Retry-CLOSE-and-DELEGRETURN-on-NFS4ERR_OLD_STA.patch patches.suse/NFSv4-Don-t-try-to-CLOSE-if-the-stateid-other-field-.patch @@ -24396,6 +24399,7 @@ patches.suse/0013-xprtrdma-Fix-BUG-after-a-device-removal.patch patches.suse/Make-the-xprtiod-workqueue-unbounded.patch patches.suse/fix-parallelism-for-rpc-tasks.patch + patches.suse/SUNRPC-Don-t-call-__UDPX_INC_STATS-from-a-preemptibl.patch patches.suse/netfilter-ipv6-nf_defrag-Kill-frag-queue-on-RFC2460-.patch patches.suse/netfilter-xt_cgroup-initialize-info-priv-in-cgroup_m.patch patches.suse/netfilter-xt_RATEEST-acquire-xt_rateest_mutex-for-ha.patch @@ -25093,6 +25097,7 @@ patches.suse/media-au0828-add-VIDEO_V4L2-dependency patches.suse/media-m88ds3103-don-t-call-a-non-initalized-function patches.suse/media-dmxdev-fix-error-code-for-invalid-ioctls + patches.suse/media-Don-t-let-tvp5150_get_vbi-go-out-of-vbi_ram_de.patch patches.suse/dax-direct_access-does-not-sleep-anymore.patch patches.suse/dax-fix-vma_is_fsdax-helper.patch patches.suse/vfio-disable-filesystem-dax-page-pinning.patch @@ -30357,8 +30362,10 @@ patches.suse/libceph-reschedule-a-tick-in-finish_hunting.patch patches.suse/libceph-validate-con-state-at-the-top-of-try_write.patch patches.suse/0025-arm64-add-sentinel-to-kpti_safe_list.patch + patches.suse/arm64-ptrace-remove-addr_limit-manipulation.patch patches.suse/arm64-kernel-rename-module_emit_adrp_veneer-module_e.patch patches.suse/arm64-only-advance-singlestep-for-user-instruction-traps.patch + patches.suse/arm64-fix-possible-spectre-v1-in-ptrace_hbp_get_event.patch patches.suse/KVM-arm-arm64-Close-VMID-generation-race.patch patches.suse/arm-arm64-KVM-Add-PSCI-version-selection-API.patch patches.suse/kvm-apic-Flush-TLB-after-APIC-mode-address-change-if.patch @@ -34382,6 +34389,7 @@ patches.suse/0336-mtd-spi-nor-fsl-quadspi-add-support-for-ls2080a-ls10.patch patches.suse/iommu-vt-d-ratelimit-each-dmar-fault-printing patches.suse/0004-Revert-arm64-Increase-the-max-granular-size.patch + patches.suse/arm64-cmpwait-Clear-event-register-before-arming-exclusive-monitor.patch patches.suse/0007-drivers-base-cacheinfo-move-cache_setup_of_node.patch patches.suse/0008-drivers-base-cacheinfo-setup-DT-cache-properties-ear.patch patches.suse/0009-cacheinfo-rename-of_node-to-fw_token.patch @@ -35256,6 +35264,7 @@ patches.suse/arm64-Introduce-sysreg_clear_set.patch patches.suse/kvm-enforce-error-in-ioctl-for-compat-tasks-when-kvm_compat patches.suse/0017-arm64-dma-mapping-clear-buffers-allocated-with-FORCE.patch + patches.suse/arm64-make-secondary_start_kernel-notrace.patch patches.suse/0001-arm64-kpti-Use-early_param-for-kpti-command-line-opt.patch patches.suse/0020-arm64-mm-Ensure-writes-to-swapper-are-ordered-wrt-su.patch patches.suse/powerpc-64s-radix-Fix-MADV_-FREE-DONTNEED-TLB-flush-.patch @@ -36680,6 +36689,7 @@ patches.suse/arm64-move-SCTLR_EL-1-2-assertions-to-asm-sysreg.h.patch patches.suse/arm64-kill-config_sctlr_el1.patch patches.suse/arm64-kill-change_cpacr.patch + patches.suse/arm64-fix-possible-spectre-v1-write-in-ptrace_hbp_set_event.patch patches.suse/0008-arm64-export-memblock_reserve-d-regions-via-proc-iom.patch patches.suse/drivers-acpi-add-dependency-of-EFI-for-arm64.patch patches.suse/efi-arm-preserve-early-mapping-of-UEFI-memory-map-lo.patch @@ -36695,6 +36705,7 @@ patches.suse/0087-arm64-perf-Clean-up-armv8pmu_select_counter.patch patches.suse/0088-arm64-perf-Disable-PMU-while-processing-counter-over.patch patches.suse/0089-arm64-perf-Add-support-for-chaining-event-counters.patch + patches.suse/arm64-alternative-Use-true-and-false-for-boolean-values.patch patches.suse/xen-balloon-fix-balloon-initialization-for-PVH-Dom0.patch patches.suse/security-check-for-kstrdup-failure-in-lsm_append.patch patches.suse/audit-Fix-extended-comparison-of-GID-EGID.patch @@ -39487,6 +39498,7 @@ patches.suse/powerpc-tm-Update-function-prototype-comment.patch patches.suse/powerpc-tm-Remove-struct-thread_info-param-from-tm_r.patch patches.suse/powerpc-powernv-opal-dump-Use-IRQ_HANDLED-instead-of.patch + patches.suse/powerpc-powernv-opal_put_chars-partial-write-fix.patch patches.suse/powerpc-pseries-fix-EEH-recovery-of-some-IOV-devices.patch patches.suse/powerpc-powernv-Fix-concurrency-issue-with-npu-mmio_.patch patches.suse/powerpc-pseries-Avoid-using-the-size-greater-than-RT.patch @@ -40413,6 +40425,7 @@ patches.suse/blk-wbt-fix-has-sleeper-queueing-check.patch patches.suse/scripts-modpost-check-memory-allocation-results.patch patches.suse/reset-imx7-Fix-always-writing-bits-as-0.patch + patches.suse/arm64-rockchip-Force-CONFIG_PM-on-Rockchip-systems.patch patches.suse/libnvdimm-introduce-locked-dimm-capacity-support.patch patches.suse/acpi-nfit-prefer-dsm-over-lsr-for-namespace-label-reads.patch patches.suse/tools-testing-nvdimm-make-dsm-failure-code-injection-an-override.patch @@ -40844,6 +40857,7 @@ patches.suse/usb-gadget-fotg210-udc-Fix-memory-leak-of-fotg210-ep.patch patches.suse/usb-gadget-udc-renesas_usb3-fix-maxpacket-size-of-ep.patch patches.suse/Revert-cdc-acm-implement-put_char-and-flush_chars.patch + patches.suse/arm64-jump_label.h-use-asm_volatile_goto-macro-instead-of-asm-goto.patch patches.suse/asm-generic-io-Fix-ioport_map-for-CONFIG_GENERIC_IOM.patch patches.suse/0001-xen-manage-don-t-complain-about-an-empty-value-in-co.patch patches.suse/xen-avoid-crash-in-disable_hotplug_cpu.patch @@ -43412,9 +43426,12 @@ patches.suse/NFS-Fix-dentry-revalidation-on-NFSv4-lookup.patch patches.suse/NFS-Refactor-nfs_lookup_revalidate.patch patches.suse/NFSv4-Fix-lookup-revalidate-of-regular-files.patch + patches.suse/NFSv4.x-fix-lock-recovery-during-delegation-recall.patch + patches.suse/SUNRPC-Fix-a-compile-warning-for-cmpxchg64.patch patches.suse/nfs-Fix-a-missed-page-unlock-after-pg_doio.patch patches.suse/sunrpc-safely-reallow-resvport-min-max-inversion.patch patches.suse/xprtrdma-Reset-credit-grant-properly-after-a-disconn.patch + patches.suse/sunrpc-Fix-connect-metrics.patch patches.suse/xprtrdma-Squelch-a-sparse-warning.patch patches.suse/powerpc-tm-Fix-HFSCR-bit-for-no-suspend-case.patch patches.suse/powerpc-powernv-Don-t-select-the-cpufreq-governors.patch @@ -43422,11 +43439,13 @@ patches.suse/powerpc-pseries-mm-Introducing-FW_FEATURE_BLOCK_REMO.patch patches.suse/powerpc-pseries-mm-factorize-PTE-slot-computation.patch patches.suse/powerpc-pseries-mm-call-H_BLOCK_REMOVE.patch + patches.suse/powerpc-iommu-Avoid-derefence-before-pointer-check.patch patches.suse/powerpc-pseries-Define-MCE-error-event-section.patch patches.suse/powerpc-pseries-Flush-SLB-contents-on-SLB-MCE-errors.patch patches.suse/powerpc-pseries-Display-machine-check-error-details.patch patches.suse/powerpc-pseries-Dump-the-SLB-contents-on-SLB-MCE-err.patch patches.suse/powernv-pseries-consolidate-code-for-mce-early-handl.patch + patches.suse/powerpc-64s-hash-Fix-stab_rr-off-by-one-initializati.patch patches.suse/powerpc-consolidate-mno-sched-epilog-into-FTRACE-fla.patch patches.suse/powerpc-avoid-mno-sched-epilog-on-GCC-4.9-and-newer.patch patches.suse/powerpc-pseries-memory-hotplug-Only-update-DT-once-p.patch @@ -43437,14 +43456,19 @@ patches.suse/powerpc-Convert-to-using-pOFn-instead-of-device_node.patch patches.suse/powerpc-pseries-Fix-DTL-buffer-registration.patch patches.suse/powerpc-pseries-Fix-how-we-iterate-over-the-DTL-entr.patch + patches.suse/powerpc-xive-Move-a-dereference-below-a-NULL-test.patch patches.suse/powerpc-tm-Remove-msr_tm_active.patch patches.suse/powerpc-tm-Print-64-bits-MSR.patch patches.suse/powerpc-64s-consolidate-MCE-counter-increment.patch patches.suse/powerpc-tm-Reformat-comments.patch + patches.suse/powerpc-time-Use-clockevents_register_device-fixing-.patch patches.suse/powerpc-64s-hash-Do-not-use-PPC_INVALIDATE_ERAT-on-C.patch patches.suse/powerpc-process-Fix-sparse-address-space-warnings.patch patches.suse/powerpc-boot-Expose-Kconfig-symbols-to-wrapper.patch patches.suse/powerpc-boot-Fix-opal-console-in-boot-wrapper.patch + patches.suse/powerpc-boot-Disable-vector-instructions.patch + patches.suse/powerpc-eeh-Fix-possible-null-deref-in-eeh_dump_dev_.patch + patches.suse/powerpc-eeh-Fix-use-of-EEH_PE_KEEP-on-wrong-field.patch patches.suse/powerpc-pseries-memory-hotplug-Fix-return-value-type.patch patches.suse/powerpc-pseries-mobility-Extend-start-stop-topology-.patch patches.suse/powerpc-Detect-the-presence-of-big-cores-via-ibm-thr.patch @@ -43455,10 +43479,12 @@ patches.suse/powerpc-64-Interrupts-save-PPR-on-stack-rather-than-.patch patches.suse/powerpc-pseries-PAPR-persistent-memory-support.patch patches.suse/powerpc-pseries-Add-driver-for-PAPR-SCM-regions.patch + patches.suse/powerpc-time-Fix-clockevent_decrementer-initalisatio.patch patches.suse/powerpc-pseries-Export-raw-per-CPU-VPA-data-via-debu.patch patches.suse/powerpc-mm-Add-missing-tracepoint-for-tlbie.patch patches.suse/powerpc-mm-radix-Display-if-mappings-are-exec-or-not.patch patches.suse/powerpc-mm-Fix-page-table-dump-to-work-on-Radix.patch + patches.suse/powerpc-64-module-REL32-relocation-range-check.patch patches.suse/powerpc-traps-restore-recoverability-of-machine_chec.patch patches.suse/net-udp-fix-handling-of-CHECKSUM_COMPLETE-packets.patch patches.suse/net-hns3-Fix-for-warning-uninitialized-symbol-hw_err.patch @@ -43997,6 +44023,7 @@ patches.suse/CIFS-Add-direct-I-O-functions-to-file_operations.patch patches.suse/cifs-don-t-dereference-smb_file_target-before-null-c.patch patches.suse/cifs-fix-signed-unsigned-mismatch-on-aio_read-patch.patch + patches.suse/arm64-makefile-fix-build-of-.i-file-in-external-module-case.patch patches.suse/soc-ti-QMSS-Fix-usage-of-irq_set_affinity_hint.patch patches.suse/x86-cpufeatures-enumerate-movdiri-instruction.patch patches.suse/x86-cpufeatures-enumerate-movdir64b-instruction.patch @@ -44138,8 +44165,10 @@ patches.suse/scsi-qla2xxx-Initialize-port-speed-to-avoid-setting-.patch patches.suse/sunrpc-correct-the-computation-for-page_ptr-when-tru.patch patches.suse/nfsd-COPY-and-CLONE-operations-require-the-saved-fil.patch + patches.suse/SUNRPC-drop-pointless-static-qualifier-in-xdr_get_ne.patch patches.suse/cpufreq-imx6q-add-return-value-check-for-voltage-sca.patch patches.suse/NFSv4-Don-t-exit-the-state-manager-without-clearing-.patch + patches.suse/SUNRPC-Fix-a-bogus-get-put-in-generic_key_to_expire.patch patches.suse/pinctrl-meson-fix-pinconf-bias-disable.patch patches.suse/fuse-fix-leaked-notify-reply.patch patches.suse/fuse-fix-possibly-missed-wake-up-after-abort.patch @@ -44309,6 +44338,7 @@ patches.suse/HID-uhid-forbid-UHID_CREATE-under-KERNEL_DS-or-eleva.patch patches.suse/HID-multitouch-Add-pointstick-support-for-Cirque-Tou.patch patches.suse/hid-add-quirk-for-primax-pixart-oem-mice.patch + patches.suse/flexfiles-use-per-mirror-specified-stateid-for-IO.patch patches.suse/hwmon-ina2xx-Fix-NULL-id-pointer-in-probe.patch patches.suse/hwmon-raspberrypi-Fix-initial-notify.patch patches.suse/hwmon-ina2xx-Fix-current-value-calculation.patch @@ -44522,6 +44552,7 @@ patches.suse/uprobes-fix-kernel-oops-with-delayed_uprobe_remove.patch patches.suse/ARM-8814-1-mm-improve-fix-ARM-v7_dma_inv_range-unali.patch patches.suse/ARM-8815-1-V7M-align-v7m_dma_inv_range-with-v7-count.patch + patches.suse/flexfiles-enforce-per-mirror-stateid-only-for-v4-DSe.patch patches.suse/nfs-don-t-dirty-kernel-pages-read-by-direct-io.patch patches.suse/SUNRPC-Fix-leak-of-krb5p-encode-pages.patch patches.suse/SUNRPC-Fix-a-potential-race-in-xprt_connect.patch @@ -44708,6 +44739,7 @@ patches.suse/uapi-linux-blkzoned.h-fix-BLKGETZONESZ-and-BLKGETNRZ.patch patches.suse/kvm-fix-uaf-in-nested-posted-interrupt-processing patches.suse/kvm-x86-Add-AMD-s-EX_CFG-to-the-list-of-ignored-MSRs.patch + patches.suse/SUNRPC-Fix-a-race-with-XPRT_CONNECTING.patch patches.suse/sctp-initialize-sin6_flowinfo-for-ipv6-addrs-in-sctp.patch patches.suse/ipv4-Fix-potential-Spectre-v1-vulnerability.patch patches.suse/ibmvnic-Convert-reset-work-item-mutex-to-spin-lock.patch @@ -45152,15 +45184,21 @@ patches.suse/timekeeping-Use-proper-seqcount-initializer.patch patches.suse/clocksource-drivers-integrator-ap-Add-missing-of_nod.patch patches.suse/0001-x86-speculation-l1tf-Drop-the-swap-storage-limit-res.patch + patches.suse/arm64-io-Ensure-calls-to-delay-routines-are-ordered-against-prior-readX.patch + patches.suse/arm64-io-Ensure-value-passed-to-__iormb-is-held-in-a-64-bit-register.patch patches.suse/arm64-drop-linker-script-hack-to-hide-__efistub_-symbols.patch + patches.suse/arm64-ftrace-don-t-adjust-the-LR-value.patch patches.suse/arm64-relocatable-fix-inconsistencies-in-linker-script-and-options.patch patches.suse/arm64-capabilities-Merge-entries-for-ARM64_WORKAROUN.patch patches.suse/arm64-capabilities-Merge-duplicate-Cavium-erratum-en.patch patches.suse/arm64-cmpxchg-Use-K-instead-of-L-for-ll-sc-immediate-constraint.patch + patches.suse/arm64-Fix-minor-issues-with-the-dcache_by_line_op-macro.patch + patches.suse/arm64-smp-Handle-errors-reported-by-the-firmware.patch patches.suse/0002-perf-arm_spe-handle-devm_kasprintf-failure.patch patches.suse/0002-Documentation-perf-Add-documentation-for-ThunderX2-P.patch patches.suse/0001-drivers-perf-Add-Cavium-ThunderX2-SoC-UNCORE-PMU-dri.patch patches.suse/arm64-kpti-Whitelist-Cortex-A-CPUs-that-don-t-implem.patch + patches.suse/arm64-kvm-consistently-handle-host-HCR_EL2-flags.patch patches.suse/kprobes-x86-xen-blacklist-non-attachable-xen-interru.patch patches.suse/xen-pciback-Check-dev_data-before-using-it.patch patches.suse/kvm-nvmx-set-vm-instruction-error-for-vmptrld-of-unbacked-page @@ -45221,6 +45259,7 @@ patches.suse/powerpc-64s-Include-cpu-header.patch patches.suse/powerpc-Use-device_type-helpers-to-access-the-node-t.patch patches.suse/powerpc-xmon-Fix-invocation-inside-lock-region.patch + patches.suse/powerpc-xmon-fix-dump_segments.patch patches.suse/powerpc-perf-Fix-thresholding-counter-data-for-unkno.patch patches.suse/powerpc-perf-Update-perf_regs-structure-to-include-S.patch patches.suse/powerpc-perf-Cleanup-cache_sel-bits-comment.patch @@ -45228,10 +45267,12 @@ patches.suse/powerpc-perf-Add-constraints-for-power9-l2-l3-bus-ev.patch patches.suse/powerpc-perf-Remove-l2-bus-events-from-HW-cache-even.patch patches.suse/0001-raid6-ppc-Fix-build-for-clang.patch + patches.suse/powerpc-mm-Make-NULL-pointer-deferences-explicit-on-.patch patches.suse/powerpc-fsl-Fix-spectre_v2-mitigations-reporting.patch patches.suse/powerpc-fsl-Add-nospectre_v2-command-line-argument.patch patches.suse/powerpc-fsl-Update-Spectre-v2-reporting.patch patches.suse/powerpc-powernv-ioda-Allocate-indirect-TCE-levels-of.patch + patches.suse/powerpc-powernv-eeh-npu-Fix-uninitialized-variables-.patch patches.suse/powerpc-fadump-Reservationless-firmware-assisted-dum.patch patches.suse/powerpc-fadump-Throw-proper-error-message-on-fadump-.patch patches.suse/powerpc-fadump-Do-not-allow-hot-remove-memory-from-f.patch @@ -45241,6 +45282,7 @@ patches.suse/powerpc-tm-Unset-MSR-TS-if-not-recheckpointing.patch patches.suse/powerpc-pkeys-Fix-handling-of-pkey-state-across-fork.patch patches.suse/powerpc-pseries-iommu-Use-memory-nodes-in-max-RAM-ad.patch + patches.suse/powerpc-pseries-Fix-node-leak-in-update_lmb_associat.patch patches.suse/powerpc-Fix-HMIs-on-big-endian-with-CONFIG_RELOCATAB.patch patches.suse/pstore-ram-Do-not-treat-empty-buffers-as-valid.patch patches.suse/pstore-Convert-buf_lock-to-semaphore.patch @@ -45999,6 +46041,7 @@ patches.suse/gpio-vf610-add-optional-clock-support.patch patches.suse/gpiolib-Fix-return-value-of-gpio_to_desc-stub-if-GPI.patch patches.suse/gpio-raspberrypi-exp-decrease-refcount-on-firmware-dt-node.patch + patches.suse/powerpc-pseries-add-of_node_put-in-dlpar_detach_node.patch patches.suse/power-supply-olpc_battery-correct-the-temperature-un.patch patches.suse/power-supply-charger-manager-Fix-incorrect-return-va.patch patches.suse/0001-usb-typec-tcpm-charge-current-handling-for-sink-duri.patch @@ -46166,9 +46209,15 @@ patches.suse/cifs-update-internal-module-version-number.patch patches.suse/net-9p-include-trans_common.h-to-fix-missing-prototy.patch patches.suse/9p-net-put-a-lower-bound-on-msize.patch + patches.suse/lockd-fix-decoding-of-TEST-results.patch + patches.suse/nfsd4-fix-crash-on-writing-v4_end_grace-before-nfsd-.patch + patches.suse/nfsd-fix-a-warning-in-__cld_pipe_upcall.patch + patches.suse/sunrpc-fix-cache_head-leak-due-to-queued-request.patch + patches.suse/nfsd-Return-EPERM-not-EACCES-in-some-SETATTR-cases.patch patches.suse/sunrpc-use-SVC_NET-in-svcauth_gss_-functions.patch patches.suse/sunrpc-use-after-free-in-svc_process_common.patch patches.suse/cred-allow-get_cred-and-put_cred-to-be-given-NULL.patch + patches.suse/NFS-nfs_compare_mount_options-always-compare-auth-fl.patch patches.suse/sunrpc-handle-ENOMEM-in-rpcb_getport_async.patch patches.suse/clk-imx8qxp-make-the-name-of-clock-id-generic.patch patches.suse/drbd-narrow-rcu_read_lock-in-drbd_sync_handshake.patch @@ -46623,6 +46672,7 @@ patches.suse/ALSA-usb-audio-Add-Opus-3-to-quirks-for-native-DSD-s.patch patches.suse/ALSA-pcm-Fix-tight-loop-of-OSS-capture-stream.patch patches.suse/ALSA-hda-realtek-Fixed-hp_pin-no-value.patch + patches.suse/nfs-Fix-NULL-pointer-dereference-of-dev_name.patch patches.suse/NFS-Fix-up-return-value-on-fatal-errors-in-nfs_page_.patch patches.suse/gfs2-Revert-Fix-loop-in-gfs2_rbm_find.patch patches.suse/ARM-cns3xxx-Fix-writing-to-wrong-PCI-config-register.patch @@ -47474,6 +47524,7 @@ patches.suse/0001-USB-Consolidate-LPM-checks-to-avoid-enabling-LPM-twi.patch patches.suse/0001-usbip-Fix-vhci_urb_enqueue-URB-null-transfer-buffer-.patch patches.suse/usb-handle-warm-reset-port-requests-on-hub-resume.patch + patches.suse/usb-dwc3-gadget-Fix-OTG-events-when-gadget-driver-is.patch patches.suse/usb-f_fs-Avoid-crash-due-to-out-of-scope-stack-ptr-a.patch patches.suse/usb-phy-twl6030-usb-fix-possible-use-after-free-on-r.patch patches.suse/cdc-wdm-pass-return-value-of-recover_from_urb_loss.patch @@ -47516,6 +47567,7 @@ patches.suse/powerpc-powernv-Remove-never-used-pnv_power9_force_s.patch patches.suse/powerpc-powernv-npu-Remove-obsolete-comment-about-TC.patch patches.suse/powerpc-pseries-Perform-full-re-add-of-CPU-for-topol.patch + patches.suse/powerpc-traps-Fix-the-message-printed-when-stack-ove.patch patches.suse/powerpc-perf-add-mem-access-events-to-sysfs.patch patches.suse/powerpc-64s-clear-on-stack-exception-marker-upon-exception-return.patch patches.suse/powerpc-livepatch-relax-reliable-stack-tracer-checks-for-first-frame.patch @@ -48068,6 +48120,7 @@ patches.suse/jbd2-fix-compile-warning-when-using-JBUFFER_TRACE.patch patches.suse/nfsd-fix-performance-limiting-session-calculation.patch patches.suse/nfsd-fix-memory-corruption-caused-by-readdir.patch + patches.suse/nfsd-fix-wrong-check-in-write_v4_end_grace.patch patches.suse/ubifs-Reject-unsupported-ioctl-flags-explicitly.patch patches.suse/acpi-nfit-Fix-bus-command-validation.patch patches.suse/libnvdimm-label-clear-updating-flag-after-label-set-update.patch @@ -48733,6 +48786,7 @@ patches.suse/ALSA-hda-realtek-add-two-more-pin-configuration-sets.patch patches.suse/bfq-update-internal-depth-state-when-queue-depth-changes patches.suse/scsi-core-set-result-when-the-command-cannot-be-dispatched + patches.suse/sunrpc-don-t-mark-uninitialised-items-as-VALID.patch patches.suse/nfsd-Don-t-release-the-callback-slot-unless-it-was-a.patch patches.suse/ipv4-set-the-tcp_min_rtt_wlen-range-from-0-to-one-da.patch patches.suse/mlxsw-spectrum-Put-MC-TCs-into-DWRR-mode.patch @@ -49923,6 +49977,7 @@ patches.suse/powerpc-tm-Avoid-machine-crash-on-rt_sigreturn.patch patches.suse/powerpc-mm-Move-book3s64-specifics-in-subdirectory-m.patch patches.suse/powerpc-security-Show-powerpc_security_features-in-d.patch + patches.suse/powerpc-boot-Fix-missing-check-of-lseek-return-value.patch patches.suse/powerpc-perf-init-pmu-from-core-book3s.patch patches.suse/powerpc-perf-Add-generic-compat-mode-pmu-driver.patch patches.suse/powerpc-perf-Remove-PM_BR_CMPL_ALT-from-power9-event.patch @@ -50047,6 +50102,7 @@ patches.suse/ftrace-x86_64-emulate-call-function-while-updating-in-breakpoint-handler.patch patches.suse/tracing-fix-partial-reading-of-trace-event-s-id-file.patch patches.suse/SUNRPC-nfs-Fix-return-value-for-nfs4_callback_compou.patch + patches.suse/nfsd-allow-fh_want_write-to-be-called-twice.patch patches.suse/0001-xenbus-drop-useless-LIST_HEAD-in-xenbus_write_watch-.patch patches.suse/power-supply-axp288_charger-Fix-unchecked-return-val.patch patches.suse/power-supply-max14656-fix-potential-use-before-alloc.patch @@ -50527,6 +50583,7 @@ patches.suse/drm-vmwgfx-fix-a-warning-due-to-missing-dma_parms.patch patches.suse/drm-return-EFAULT-if-copy_to_user-fails.patch patches.suse/drm-i915-gvt-ignore-unexpected-pvinfo-write.patch + patches.suse/net-sunrpc-clnt-Fix-xps-refcount-imbalance-on-the-er.patch patches.suse/IB-hfi1-Validate-fault-injection-opcode-user-input.patch patches.suse/IB-hfi1-Close-PSM-sdma_progress-sleep-window.patch patches.suse/IB-hfi1-Avoid-hardlockup-with-flushlist_lock.patch @@ -50609,6 +50666,7 @@ patches.suse/drm-etnaviv-add-missing-failure-path-to-destroy-suba.patch patches.suse/drm-imx-notify-drm-core-before-sending-event-during-.patch patches.suse/drm-imx-only-send-event-on-crtc-disable-if-kept-disa.patch + patches.suse/svcrdma-Ignore-source-port-when-computing-DRC-hash.patch patches.suse/nfsd-Fix-overflow-causing-non-working-mounts-on-1-TB.patch patches.suse/kvm-x86-degrade-warn-to-pr_warn_ratelimited patches.suse/kvm-lapic-fix-pending-interrupt-in-irr-blocked-by-software-disable-lapic @@ -51233,12 +51291,14 @@ patches.suse/sunhv-Fix-device-naming-inconsistency-between-sunhv_.patch patches.suse/powerpc-pseries-dlpar-Fix-a-missing-check-in-dlpar_p.patch patches.suse/powerpc-pseries-Fix-xive-off-command-line.patch + patches.suse/powerpc-pseries-hvconsole-Fix-stack-overread-via-udb.patch patches.suse/powerpc-pseries-Fix-oops-in-hotplug-memory-notifier.patch patches.suse/powerpc-cacheinfo-add-cacheinfo_teardown-cacheinfo_r.patch patches.suse/powerpc-pseries-mobility-prevent-cpu-hotplug-during-.patch patches.suse/powerpc-pseries-mobility-rebuild-cacheinfo-hierarchy.patch patches.suse/powerpc-64-mark-start_here_multiplatform-as-__ref.patch patches.suse/powerpc-watchpoint-Restore-NV-GPRs-while-returning-f.patch + patches.suse/powerpc-pci-of-Fix-OF-flags-parsing-for-64bit-BARs.patch patches.suse/powerpc-rtas-retry-when-cpu-offline-races-with-suspe.patch patches.suse/powerpc-64s-Rename-PPC_INVALIDATE_ERAT-to-PPC_ISA_3_.patch patches.suse/powerpc-64s-radix-keep-kernel-ERAT-over-local-proces.patch @@ -51966,11 +52026,16 @@ patches.suse/ALSA-line6-Fix-memory-leak-at-line6_init_pcm-error-p.patch patches.suse/ALSA-usb-audio-Check-mixer-unit-bitmap-yet-more-stri.patch patches.suse/ALSA-seq-Fix-potential-concurrent-access-to-the-dele.patch + patches.suse/NFSv4-Fix-return-values-for-nfs4_file_open.patch + patches.suse/NFSv4-Fix-return-value-in-nfs_finish_open.patch patches.suse/NFSv4-pnfs-Fix-a-page-lock-leak-in-nfs_pageio_resend.patch patches.suse/NFS-Ensure-O_DIRECT-reports-an-error-if-the-bytes-re.patch + patches.suse/NFS-Fix-initialisation-of-I-O-result-struct-in-nfs_p.patch patches.suse/NFS-On-fatal-writeback-errors-we-need-to-call-nfs_in.patch patches.suse/pNFS-flexfiles-Turn-off-soft-RPC-calls.patch patches.suse/SUNRPC-Handle-connection-breakages-correctly-in-call.patch + patches.suse/NFSv2-Fix-eof-handling.patch + patches.suse/NFSv2-Fix-write-regression.patch patches.suse/cifs-set-domainName-when-a-domain-key-is-used-in-multiuser.patch patches.suse/cifs-Use-kzfree-to-zero-out-the-password.patch patches.suse/cifs-replace-various-strncpy-with-strscpy-and-similar.patch @@ -52498,12 +52563,14 @@ patches.suse/powerpc-rtas-Unexport-rtas_online_cpus_mask-rtas_off.patch patches.suse/PCI-rpaphp-Avoid-a-sometimes-uninitialized-warning.patch patches.suse/powerpc-powernv-Restrict-OPAL-symbol-map-to-only-be-.patch + patches.suse/powerpc-xive-Add-a-check-for-memory-allocation-failu.patch patches.suse/powerpc-pseries-Fix-cpu_hotplug_lock-acquisition-in-.patch patches.suse/powerpc-powernv-ioda-Fix-race-in-TCE-level-allocatio.patch patches.suse/powerpc-powernv-ioda2-Allocate-TCE-table-levels-on-d.patch patches.suse/powerpc-xmon-Check-for-HV-mode-when-dumping-XIVE-inf.patch patches.suse/powerpc-xive-Fix-dump-of-XIVE-interrupt-under-pserie.patch patches.suse/powerpc-xmon-Add-a-dump-of-all-XIVE-interrupts.patch + patches.suse/powerpc-futex-Fix-warning-oldval-may-be-used-uniniti.patch patches.suse/powerpc-64s-radix-Fix-memory-hotplug-section-page-ta.patch patches.suse/powerpc-64s-radix-Fix-memory-hot-unplug-page-table-s.patch patches.suse/powerpc-rtas-use-device-model-APIs-and-serialization.patch @@ -52777,6 +52844,7 @@ patches.suse/s390-cio-avoid-calling-strlen-on-null-pointer patches.suse/s390-cio-exclude-subchannels-with-no-parent-from-pseudo-check patches.suse/binfmt_elf-Do-not-move-brk-for-INTERP-less-ET_EXEC.patch + patches.suse/fs-nfs-Fix-possible-null-pointer-dereferences-in-enc.patch patches.suse/pNFS-Ensure-we-do-clear-the-return-on-close-layout-s.patch patches.suse/NFSv4-Handle-NFS4ERR_OLD_STATEID-in-CLOSE-OPEN_DOWNG.patch patches.suse/0001-drm-atomic-Take-the-atomic-toys-away-from-X.patch @@ -53821,6 +53889,7 @@ patches.suse/ext2-check-err-when-partial-NULL.patch patches.suse/powerpc-papr_scm-Fix-an-off-by-one-check-in-papr_scm.patch patches.suse/powerpc-pkeys-remove-unused-pkey_allows_readwrite.patch + patches.suse/powerpc-pseries-Mark-accumulate_stolen_time-as-notra.patch patches.suse/powerpc-pseries-Don-t-opencode-HPTE_V_BOLTED.patch patches.suse/powerpc-pseries-Don-t-fail-hash-page-table-insert-fo.patch patches.suse/powerpc-book3s64-hash-Use-secondary-hash-for-bolted-.patch @@ -53843,6 +53912,7 @@ patches.suse/PCI-rpaphp-Annotate-and-correctly-byte-swap-DRC-prop.patch patches.suse/PCI-rpaphp-Correctly-match-ibm-my-drc-index-to-drc-n.patch patches.suse/powerpc-pseries-Enable-support-for-ibm-drc-info-prop.patch + patches.suse/powerpc-pseries-cmm-Implement-release-function-for-s.patch patches.suse/powerpc-security-Fix-wrong-message-when-RFI-Flush-is.patch patches.suse/powerpc-64s-Fix-debugfs_simple_attr.cocci-warnings.patch patches.suse/powerpc-pseries-Drop-pointless-static-qualifier-in-v.patch @@ -54086,6 +54156,7 @@ patches.suse/powerpc-archrandom-fix-arch_get_random_seed_int.patch patches.suse/NFSv4.x-Drop-the-slot-if-nfs4_delegreturn_prepare-wa.patch patches.suse/nfsd4-fix-up-replay_matches_cache.patch + patches.suse/sunrpc-fix-crash-when-cache_head-become-valid-before.patch patches.suse/SUNRPC-Fix-svcauth_gss_proxy_init.patch patches.suse/nfsd-Ensure-CLONE-persists-data-and-metadata-changes.patch patches.suse/Input-goodix-add-upside-down-quirk-for-Teclast-X89-t.patch @@ -54870,9 +54941,12 @@ patches.suse/rtc-hym8563-Return-EINVAL-if-the-time-is-known-to-be.patch patches.suse/rtc-cmos-Stop-using-shared-IRQ.patch patches.suse/remoteproc-Initialize-rproc_class-before-use.patch + patches.suse/powerpc-powernv-iov-Ensure-the-pdn-for-VFs-always-co.patch patches.suse/powerpc-pseries-Allow-not-having-ibm-hypertas-functi.patch patches.suse/powerpc-xmon-don-t-access-ASDR-in-VMs.patch patches.suse/powerpc-pseries-Advance-pfn-if-section-is-not-presen.patch + patches.suse/powerpc-sriov-Remove-VF-eeh_dev-state-when-disabling.patch + patches.suse/powerpc-eeh-Only-dump-stack-once-if-an-MMIO-loop-is-.patch patches.suse/powerpc-papr_scm-Don-t-enable-direct-map-for-a-regio.patch patches.suse/powerpc-pseries-vio-Fix-iommu_table-use-after-free-r.patch patches.suse/powerpc-papr_scm-Fix-leaking-bus_desc.provider_name-.patch @@ -55132,6 +55206,7 @@ patches.suse/0001-HID-hiddev-Fix-race-in-in-hiddev_disconnect.patch patches.suse/vhost-check-docket-sk_family-instead-of-call-getname.patch patches.suse/ipv4-ensure-rcu_read_lock-in-cipso_v4_error.patch + patches.suse/net-usb-qmi_wwan-restore-mtu-min-max-values-after-ra.patch patches.suse/msft-hv-2027-hv_netvsc-Fix-unwanted-wakeup-in-netvsc_attach.patch patches.suse/net-phy-Avoid-multiple-suspends.patch patches.suse/net-ll_temac-Fix-race-condition-causing-TX-hang.patch @@ -55795,6 +55870,8 @@ patches.suse/mlxsw-spectrum_flower-Do-not-stop-at-FLOW_ACTION_VLA.patch patches.suse/net-dsa-bcm_sf2-Ensure-correct-sub-node-is-parsed.patch patches.suse/NFSv4-pnfs-Return-valid-stateids-in-nfs_layout_find_.patch + patches.suse/NFS-direct.c-Fix-memory-leak-of-dreq-when-nfs_get_lo.patch + patches.suse/NFS-Fix-memory-leaks-in-nfs_pageio_stop_mirroring.patch patches.suse/0001-mm-memory_hotplug.c-only-respect-mem-parameter-durin.patch patches.suse/include-linux-swapops-h-correct-guards-for-non_swap_entry.patch patches.suse/mfd-dln2-Fix-sanity-checking-for-endpoints.patch @@ -56451,8 +56528,10 @@ patches.suse/powerpc-traps-Do-not-trace-system-reset.patch patches.suse/powerpc-traps-Make-unrecoverable-NMIs-die-instead-of.patch patches.suse/powerpc-64s-Fix-early_init_mmu-section-mismatch.patch + patches.suse/powerpc-64s-pgtable-fix-an-undefined-behaviour.patch patches.suse/powerpc-xive-Clear-the-page-tables-for-the-ESB-IO-ma.patch patches.suse/input-i8042-Remove-special-PowerPC-handling.patch + patches.suse/powerpc-crashkernel-Take-mem-option-into-account.patch patches.suse/powerpc-kernel-Enables-memory-hot-remove-after-reboo.patch patches.suse/powerpc-64s-Don-t-init-FSCR_DSCR-in-__init_FSCR.patch patches.suse/powerpc-64s-Don-t-let-DT-CPU-features-set-FSCR_DSCR.patch @@ -56631,7 +56710,9 @@ patches.suse/ACPI-PM-Avoid-using-power-resources-if-there-are-non.patch patches.suse/sunrpc-svcauth_gss_register_pseudoflavor-must-reject.patch patches.suse/sunrpc-clean-up-properly-in-gss_mech_unregister.patch + patches.suse/nfsd-Fix-svc_xprt-refcnt-leak-when-setup-callback-cl.patch patches.suse/crypto-cavium-nitrox-Fix-nitrox_get_first_device-whe.patch + patches.suse/net-sunrpc-Fix-off-by-one-issues-in-rpc_ntop6.patch patches.suse/drm-sun4i-hdmi-ddc-clk-Fix-size-of-m-divider.patch patches.suse/ALSA-usb-audio-Fix-inconsistent-card-PM-state-after-.patch patches.suse/ALSA-usb-audio-Add-vendor-product-and-profile-name-f.patch @@ -57673,6 +57754,8 @@ patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.4.patch patches.suse/scsi-libsas-set-data_dir-as-dma_none-if-libata-marks-qc-as-nodata patches.suse/scsi-mpt3sas-Don-t-call-disable_irq-from-IRQ-poll-handler.patch + patches.suse/NFSv4.1-handle-ERR_DELAY-error-reclaiming-locking-st.patch + patches.suse/SUNRPC-stop-printk-reading-past-end-of-string.patch patches.suse/RDMA-rxe-Fix-the-parent-sysfs-read-when-the-interfac.patch patches.suse/RDMA-rxe-Fix-memleak-in-rxe_mem_init_user.patch patches.suse/RDMA-rxe-Fix-panic-when-calling-kmem_cache_create.patch @@ -57755,6 +57838,7 @@ patches.suse/net-DCB-Validate-DCB_ATTR_DCB_BUFFER-argument.patch patches.suse/i40e-fix-return-of-uninitialized-aq_ret-in-i40e_set_.patch patches.suse/i40e-always-propagate-error-value-in-i40e_set_vsi_pr.patch + patches.suse/rndis_host-increase-sleep-time-in-the-query-response.patch patches.suse/tipc-use-skb_unshare-instead-in-tipc_buf_append.patch patches.suse/ipv4-Update-exception-handling-for-multipath-routes-.patch patches.suse/geneve-add-transport-ports-in-route-lookup-for-genev.patch @@ -58178,6 +58262,7 @@ patches.suse/powerpc-pseries-Fix-missing-of_node_put-in-rng_init.patch patches.suse/powerpc-icp-hv-Fix-missing-of_node_put-in-success-pa.patch patches.suse/cxl-Rework-error-message-for-incompatible-slots.patch + patches.suse/powerpc-powernv-smp-Fix-spurious-DBG-warning.patch patches.suse/powerpc-powernv-Staticify-functions-without-prototyp.patch patches.suse/powerpc-hwirq-Remove-stale-forward-irq_chip-declarat.patch patches.suse/powerpc-irq-Drop-forward-declaration-of-struct-irqac.patch @@ -58505,6 +58590,7 @@ patches.suse/qed-fix-error-return-code-in-qed_iwarp_ll2_start.patch patches.suse/net-b44-fix-error-return-code-in-b44_init_one.patch patches.suse/inet_diag-Fix-error-path-to-cancel-the-meseage-in-in.patch + patches.suse/net-usb-qmi_wwan-Set-DTR-quirk-for-MR400.patch patches.suse/mlxsw-core-Use-variable-timeout-for-EMAD-retries.patch patches.suse/page_frag-Recover-from-memory-pressure.patch patches.suse/net-mlx5-Add-handling-of-port-type-in-rule-deletion.patch @@ -58945,6 +59031,7 @@ patches.suse/NFS-switch-nfsiod-to-be-an-UNBOUND-workqueue.patch patches.suse/module-delay-kobject-uevent-until-after-module-init-.patch patches.suse/powerpc-64-Set-up-a-kernel-stack-for-secondaries-bef.patch + patches.suse/powerpc-sysdev-add-missing-iounmap-on-error-in-mpic_.patch patches.suse/Revert-powerpc-pseries-hotplug-cpu-Remove-double-fre.patch patches.suse/powerpc-perf-Use-the-address-from-SIAR-register-to-s.patch patches.suse/powerpc-perf-Use-regs-nip-when-SIAR-is-zero.patch @@ -59045,12 +59132,14 @@ patches.suse/virtio_net-Fix-recursive-call-to-cpus_read_lock.patch patches.suse/net-ethernet-Fix-memleak-in-ethoc_probe.patch patches.suse/ibmvnic-continue-fatal-error-reset-after-passive-ini.patch + patches.suse/CDC-NCM-remove-connected-log-message.patch patches.suse/net-ethernet-ti-cpts-fix-ethtool-output-when-no-ptp_.patch patches.suse/tun-fix-return-value-when-the-number-of-iovs-exceeds.patch patches.suse/net-mvpp2-fix-pkt-coalescing-int-threshold-configura.patch patches.suse/net-hns-fix-return-value-check-in-__lb_other_process.patch patches.suse/net-hdlc_ppp-Fix-issues-when-mod_timer-is-called-whi.patch patches.suse/ibmvnic-fix-NULL-pointer-dereference.patch + patches.suse/net-usb-qmi_wwan-add-Quectel-EM160R-GL.patch patches.suse/ALSA-hda-via-Fix-runtime-PM-for-Clevo-W35xSS.patch patches.suse/btrfs-correctly-calculate-item-size-used-when-item-key-collision-happens.patch patches.suse/btrfs-qgroup-don-t-try-to-wait-flushing-if-we-re-alr.patch @@ -59135,6 +59224,7 @@ patches.suse/spi-cadence-cache-reference-clock-rate-during-probe.patch patches.suse/nfsd4-readdirplus-shouldn-t-return-parent-of-export.patch patches.suse/02-tcp-fix-potential-use-after-free-due-to-double-kfree.patch + patches.suse/net-usb-cdc_ncm-don-t-spew-notifications.patch patches.suse/can-dev-can_restart-fix-use-after-free-bug.patch patches.suse/can-vxcan-vxcan_xmit-fix-use-after-free-bug.patch patches.suse/btrfs-send-fix-invalid-clone-operations-when-cloning-from-the-same-file-and-root.patch @@ -59190,6 +59280,9 @@ patches.suse/nvme-multipath-Early-exit-if-no-path-is-available.patch patches.suse/scsi-qla2xxx-Fix-description-for-parameter-ql2xenfor.patch patches.suse/pNFS-NFSv4-Fix-a-layout-segment-leak-in-pnfs_layout_.patch + patches.suse/pNFS-NFSv4-Try-to-return-invalid-layout-in-pnfs_layo.patch + patches.suse/SUNRPC-Move-simple_get_bytes-and-simple_get_netobj-i.patch + patches.suse/SUNRPC-Handle-0-length-opaque-XDR-object-data-proper.patch patches.suse/leds-trigger-fix-potential-deadlock-with-libata.patch patches.suse/ibmvnic-device-remove-has-higher-precedence-over-res.patch patches.suse/net-sched-replaced-invalid-qdisc-tree-flush-helper-i.patch @@ -59429,6 +59522,7 @@ patches.suse/powerpc-pseries-ras-Make-init_ras_hotplug_IRQ-static.patch patches.suse/powerpc-pmem-Include-pmem-prototypes.patch patches.suse/KVM-PPC-Book3S-HV-Context-tracking-exit-guest-contex.patch + patches.suse/powerpc-improve-handling-of-unrecoverable-system-res.patch patches.suse/powerpc-add-interrupt_cond_local_irq_enable-helper.patch patches.suse/powerpc-pseries-dlpar-handle-ibm-configure-connector.patch patches.suse/module-harden-ELF-info-handling.patch @@ -59551,9 +59645,12 @@ patches.suse/block-rsxx-fix-error-return-code-of-rsxx_pci_probe.patch patches.suse/block-Discard-page-cache-of-zone-reset-target-range.patch patches.suse/nvme-fc-fix-racing-controller-reset-and-create-assoc.patch + patches.suse/nfs-fix-PNFS_FLEXFILE_LAYOUT-Kconfig-default.patch + patches.suse/NFS-Correct-size-calculation-for-create-reply-length.patch patches.suse/NFS-Don-t-revalidate-the-directory-permissions-on-a-.patch patches.suse/NFS-Don-t-gratuitously-clear-the-inode-cache-when-lo.patch patches.suse/NFSv4.2-fix-return-value-of-_nfs4_get_security_label.patch + patches.suse/nfs-we-don-t-support-removing-system.nfs4_acl.patch patches.suse/usb-gadget-f_uac2-always-increase-endpoint-max_packe.patch patches.suse/usbip-fix-stub_dev-to-check-for-stream-socket.patch patches.suse/usbip-fix-vhci_hcd-to-check-for-stream-socket.patch @@ -59585,6 +59682,7 @@ patches.suse/svcrdma-disable-timeouts-on-rdma-backchannel.patch patches.suse/NFSD-Repair-misuse-of-sv_lock-in-5.10.16-rt30.patch patches.suse/sunrpc-fix-refcount-leak-for-rpc-auth-modules.patch + patches.suse/rpc-fix-NULL-dereference-on-kmalloc-failure.patch patches.suse/fuse-fix-live-lock-in-fuse_iget.patch patches.suse/0001-btrfs-track-qgroup-released-data-in-own-variable-in-.patch patches.suse/0002-btrfs-fix-qgroup-data-rsv-leak-caused-by-falloc-fail.patch @@ -59599,6 +59697,7 @@ patches.suse/cifs-update-new-ACE-pointer-after-populate_new_aces-.patch patches.suse/cifs-Fix-preauth-hash-corruption.patch patches.suse/cifs-fix-allocation-size-on-newly-created-files.patch + patches.suse/powerpc-Force-inlining-of-cpu_has_feature-to-avoid-b.patch patches.suse/PCI-rpadlpar-Fix-potential-drc_name-corruption-in-st.patch patches.suse/kernel-fs-Introduce-and-use-set_restart_fn-and-arch_.patch patches.suse/x86-introduce-ts_compat_restart-to-fix-get_nr_restart_syscall.patch @@ -60063,7 +60162,9 @@ patches.suse/powerpc-perf-Fix-PMU-constraint-check-for-EBB-events.patch patches.suse/powerpc-mm-Add-cond_resched-while-removing-hpte-mapp.patch patches.suse/powerpc-pseries-extract-host-bridge-from-pci_bus-pri.patch + patches.suse/powerpc-smp-Set-numa-node-before-updating-mask.patch patches.suse/powerpc-pseries-Add-shutdown-to-vio_driver-and-vio_b.patch + patches.suse/powerpc-pseries-Stop-calling-printk-in-rtas_stop_sel.patch patches.suse/drm-i915-gvt-Fix-error-code-in-intel_gvt_init_device.patch patches.suse/ALSA-hdsp-don-t-disable-if-not-enabled.patch patches.suse/ALSA-hdspm-don-t-disable-if-not-enabled.patch @@ -60598,6 +60699,7 @@ patches.suse/lib-decompressors-remove-set-but-not-used-variabled-.patch patches.suse/mwifiex-re-fix-for-unaligned-accesses.patch patches.suse/powerpc-powernv-Fix-machine-check-reporting-of-async.patch + patches.suse/powerpc-boot-Fixup-device-tree-on-little-endian.patch patches.suse/powerpc-papr_scm-Properly-handle-UUID-types-and-API.patch patches.suse/powerpc-bpf-Use-bctrl-for-making-function-calls.patch patches.suse/powerpc-pseries-dlpar-use-rtas_get_sensor.patch @@ -60713,6 +60815,7 @@ patches.suse/nfs-fix-acl-memory-leak-of-posix_acl_create.patch patches.suse/SUNRPC-Fix-the-batch-tasks-count-wraparound.patch patches.suse/SUNRPC-Should-wake-up-the-privileged-task-firstly.patch + patches.suse/NFS-nfs_find_open_context-may-only-select-open-files.patch patches.suse/NFSv4-pNFS-Don-t-call-_nfs4_pnfs_v3_ds_connect-multi.patch patches.suse/ext4-use-ext4_grp_locked_error-in-mb_find_extent.patch patches.suse/virtio_console-Assure-used-length-from-device-is-lim.patch @@ -60930,6 +61033,7 @@ patches.suse/9p-migrate-from-sync_inode-to-filemap_fdatawrite_wbc.patch patches.suse/btrfs-reduce-the-preemptive-flushing-threshold-to-90.patch patches.suse/btrfs-do-not-do-preemptive-flushing-if-the-majority-is-global-rsv.patch + patches.suse/rpc-fix-gss_svc_init-cleanup-on-failure.patch patches.suse/PCI-PM-Enable-PME-if-it-can-be-signaled-from-D3cold.patch patches.suse/mmc-dw_mmc-Fix-issue-with-uninitialized-dma_slave_co.patch patches.suse/mmc-moxart-Fix-issue-with-uninitialized-dma_slave_co.patch @@ -61217,6 +61321,7 @@ patches.suse/i40e-Fix-freeing-of-uninitialized-misc-IRQ-vector.patch patches.suse/bpf-Fix-integer-overflow-in-prealloc_elems_and_freel.patch patches.suse/nfsd4-Handle-the-NFSv4-READDIR-dircount-hint-being-z.patch + patches.suse/NFSD-Keep-existing-listeners-on-portlist-error.patch patches.suse/usb-typec-tcpm-handle-SRC_STARTUP-state-if-cc-change.patch patches.suse/USB-cdc-acm-fix-racy-tty-buffer-accesses.patch patches.suse/USB-cdc-acm-fix-break-reporting.patch @@ -61397,6 +61502,7 @@ patches.suse/scsi-lpfc-Allow-fabric-node-recovery-if-recovery-is-.patch patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.3.patch patches.suse/ocfs2-do-not-zero-pages-beyond-i_size.patch + patches.suse/0001-memcg-kmem-further-deprecate-kmem.limit_in_bytes.patch patches.suse/0002-PCI-Do-not-enable-AtomicOps-on-VFs.patch patches.suse/msft-hv-2452-PCI-hv-Remove-unnecessary-use-of-hx.patch patches.suse/s390-cio-make-ccw_device_dma_-more-robust @@ -61652,6 +61758,7 @@ patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.4.patch patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch patches.suse/scsi-sr-Don-t-use-GFP_DMA.patch + patches.suse/powerpc-powernv-add-missing-of_node_put.patch patches.suse/powerpc-prom_init-Fix-improper-check-of-prom_getprop.patch patches.suse/char-mwave-Adjust-io-port-register-size.patch patches.suse/drm-amdkfd-Check-for-null-pointer-after-calling-kmem.patch @@ -61677,8 +61784,13 @@ patches.suse/cifs-alloc_path_with_tree_prefix-do-not-append-sep-if-the-path-is.patch patches.suse/cifs-fix-the-cifs_reconnect-path-for-DFS.patch patches.suse/drm-i915-Flush-TLBs-before-releasing-backing-store.patch + patches.suse/NFSv4-only-print-the-label-when-its-queried.patch + patches.suse/nfs-nfs4clinet-check-the-return-value-of-kstrdup.patch + patches.suse/NFSv4.1-Fix-uninitialised-variable-in-devicenotify.patch patches.suse/NFSv4-Handle-case-where-the-lookup-of-a-directory-fa.patch patches.suse/NFSv4-nfs_atomic_open-can-race-when-looking-up-a-non.patch + patches.suse/NFSv4-remove-zero-number-of-fs_locations-entries-err.patch + patches.suse/NFSv4-expose-nfs_parse_server_name-function.patch patches.suse/drm-vmwgfx-Fix-stale-file-descriptors-on-failed-user.patch patches.suse/phylib-fix-potential-use-after-free.patch patches.suse/i40e-Increase-delay-to-1-s-after-global-EMP-reset.patch @@ -61941,6 +62053,9 @@ patches.suse/netfilter-nf_conntrack_tcp-preserve-liberal-flag-in-.patch patches.suse/ptrace-Check-PTRACE_O_SUSPEND_SECCOMP-permission-on-.patch patches.suse/NFS-Return-valid-errors-from-nfs2-3_decode_dirent.patch + patches.suse/SUNRPC-call_alloc-async-tasks-mustn-t-block-waiting-.patch + patches.suse/NFS-swap-IO-handling-is-slightly-different-for-O_DIR.patch + patches.suse/NFS-swap-out-must-always-use-STABLE-writes.patch patches.suse/SUNRPC-avoid-race-between-mod_timer-and-del_timer_sy.patch patches.suse/NFSv4.1-don-t-retry-BIND_CONN_TO_SESSION-on-session-.patch patches.suse/NFSv4-pNFS-Fix-another-issue-with-a-list-iterator-po.patch @@ -62126,6 +62241,7 @@ patches.suse/tracing-Fix-return-value-of-trace_pid_write.patch patches.suse/video-fbdev-clcdfb-Fix-refcount-leak-in-clcdfb_of_vr.patch patches.suse/NFS-Further-fixes-to-the-writeback-error-handling.patch + patches.suse/xprtrdma-treat-all-calls-not-a-bcall-when-bc_serv-is.patch patches.suse/netfilter-nf_tables-disallow-non-stateful-expression.patch patches.suse/net-sched-fixed-barrier-to-prevent-skbuff-sticking-i.patch patches.suse/0004-md-bcache-check-the-return-value-of-kzalloc-in-detac.patch @@ -62192,6 +62308,7 @@ patches.suse/net-rose-fix-UAF-bugs-caused-by-timer-handler.patch patches.suse/0006-dm-raid-fix-accesses-beyond-end-of-raid-member-array.patch patches.suse/dm-raid-fix-KASAN-warning-in-raid5_add_disks.patch + patches.suse/powerpc-xive-spapr-correct-bitmap-allocation-size.patch patches.suse/SUNRPC-Fix-READ_PLUS-crasher.patch patches.suse/xen-blkfront-fix-leaking-data-in-shared-pages.patch patches.suse/xen-netfront-fix-leaking-data-in-shared-pages.patch @@ -62328,6 +62445,7 @@ patches.suse/powerpc-powernv-kvm-Use-darn-for-H_RANDOM-on-Power9.patch patches.suse/powerpc-powernv-rename-remaining-rng-powernv_-functi.patch patches.suse/powerpc-xive-Fix-refcount-leak-in-xive_get_max_prio.patch + patches.suse/powerpc-64-Init-jump-labels-before-parse_early_param.patch patches.suse/s390-crash-fix-incorrect-number-of-bytes-to-copy-to-user-space patches.suse/s390-zcore-fix-race-when-reading-from-hardware-system-area patches.suse/0005-video-fbdev-amba-clcd-Fix-refcount-leak-bugs.patch @@ -62366,6 +62484,7 @@ patches.suse/cifs-Do-not-use-tcon-cfid-directly-use-the-cfid-we-get-from-open_.patch patches.suse/xen-xenbus-fix-return-type-in-xenbus_file_read.patch patches.suse/net_sched-cls_route-disallow-handle-of-0.patch + patches.suse/powerpc-pci-Fix-get_phb_number-locking.patch patches.suse/s390-hypfs-avoid-error-message-under-KVM.patch patches.suse/cifs-remove-unused-server-parameter-from-calc_smb_size-.patch patches.suse/cifs-remove-useless-parameter-is_fsctl-from-SMB2_ioctl-.patch @@ -62418,6 +62537,7 @@ patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv3-Rdir.patch patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv2-R.patch patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv3-R.patch + patches.suse/NFSD-Return-nfserr_serverfault-if-splice_ok-but-buf-.patch patches.suse/NFSD-Cap-rsize_bop-result-based-on-send-buffer-size.patch patches.suse/mISDN-fix-use-after-free-bugs-in-l1oip-timer-handler.patch patches.suse/bnx2x-fix-potential-memory-leak-in-bnx2x_tpa_stop.patch @@ -62448,6 +62568,7 @@ patches.suse/powerpc-pci_dn-Add-missing-of_node_put.patch patches.suse/powerpc-powernv-add-missing-of_node_put-in-opal_expo.patch patches.suse/powerpc-mm-64s-Drop-pgd_huge.patch + patches.suse/powerpc-boot-Explicitly-disable-usage-of-SPE-instruc.patch patches.suse/livepatch-fix-race-between-fork-and-KLP-transition.patch patches.suse/livepatch-Add-a-missing-newline-character-in-klp_mod.patch patches.suse/tracing-Disable-interrupt-or-preemption-before-acquiring-arch_spinlock_t.patch @@ -62466,6 +62587,7 @@ patches.suse/nilfs2-fix-NULL-pointer-dereference-at-nilfs_bmap_lo.patch patches.suse/nilfs2-fix-leak-of-nilfs_root-in-case-of-writer-thre.patch patches.suse/xen-gntdev-Prevent-leaking-grants.patch + patches.suse/NFSv4-pNFS-Always-return-layout-stats-on-layout-retu.patch patches.suse/ftrace-Fix-char-print-issue-in-print_ip_ins.patch patches.suse/msft-hv-2671-hv_netvsc-Fix-race-between-VF-offering-and-VF-associ.patch patches.suse/0001-ipv6-ping-fix-wrong-checksum-for-large-frames.patch @@ -62479,6 +62601,10 @@ patches.suse/0020-rbd-fix-possible-memory-leak-in-rbd_sysfs_init.patch patches.suse/scsi-qla2xxx-Fix-serialization-of-DCBX-TLV-data-requ.patch patches.suse/scsi-qla2xxx-Use-transport-defined-speed-mask-for-su.patch + patches.suse/NFSv4.1-Handle-RECLAIM_COMPLETE-trunking-errors.patch + patches.suse/NFSv4.1-We-must-always-send-RECLAIM_COMPLETE-after-a.patch + patches.suse/NFSv4.2-Fixup-CLONE-dest-file-size-for-zero-length-c.patch + patches.suse/nfs4-Fix-kmemleak-when-allocate-slot-failed.patch patches.suse/Bluetooth-L2CAP-Fix-use-after-free-caused-by-l2cap_r.patch patches.suse/Bluetooth-L2CAP-Fix-accepting-connection-request-for.patch patches.suse/Bluetooth-L2CAP-Fix-attempting-to-access-uninitializ.patch @@ -62504,7 +62630,28 @@ patches.suse/proc-proc_skip_spaces-shouldn-t-think-it-is-working-.patch patches.suse/xen-netback-Ensure-protocol-headers-don-t-fall-in-th.patch patches.suse/xen-netback-don-t-call-kfree_skb-with-interrupts-dis.patch + patches.suse/memcg-Fix-possible-use-after-free-in-memcg_write_event_control.patch patches.suse/Bluetooth-hci_qca-Fix-the-teardown-problem-for-real.patch + patches.suse/SUNRPC-Don-t-leak-netobj-memory-when-gss_read_proxy_.patch + patches.suse/NFSv4.2-Clear-FATTR4_WORD2_SECURITY_LABEL-when-done-.patch + patches.suse/NFSv4.2-Fix-a-memory-stomp-in-decode_attr_security_l.patch + patches.suse/NFSv4.2-Fix-initialisation-of-struct-nfs4_label.patch + patches.suse/NFSv4-Fix-a-deadlock-between-nfs4_open_recover_helpe.patch + patches.suse/NFS-Fix-an-Oops-in-nfs_d_automount.patch + patches.suse/SUNRPC-Fix-missing-release-socket-in-rpc_sockname.patch + patches.suse/NFSv4.x-Fail-client-initialisation-if-state-manager-.patch + patches.suse/ibmveth-Always-stop-tx-queues-during-close.patch + patches.suse/scsi-qla2xxx-Fix-set-but-not-used-variable-warnings.patch + patches.suse/scsi-qla2xxx-Remove-unused-variable-found_devs.patch + patches.suse/scsi-qla2xxx-Remove-duplicate-of-vha-iocb_work-initi.patch + patches.suse/scsi-qla2xxx-Initialize-vha-unknown_atio_-list-work-.patch + patches.suse/powerpc-xive-add-missing-iounmap-in-error-path-in-xi.patch + patches.suse/powerpc-perf-callchain-validate-kernel-stack-pointer.patch + patches.suse/powerpc-pseries-unregister-VPA-when-hot-unplugging-a.patch + patches.suse/powerpc-rtas-avoid-device-tree-lookups-in-rtas_os_te.patch + patches.suse/powerpc-rtas-avoid-scheduling-in-rtas_os_term.patch + patches.suse/powerpc-pseries-eeh-use-correct-API-for-error-log-si.patch + patches.suse/scsi-qla2xxx-Fix-crash-when-I-O-abort-times-out.patch # dhowells/linux-fs keys-uefi patches.suse/0001-KEYS-Allow-unrestricted-boot-time-addition-of-keys-t.patch @@ -62530,7 +62677,6 @@ patches.suse/proc-Avoid-mixing-integer-types-in-mem_rw.patch patches.suse/crypto_ccp-fix_resource_leaks_in_ccp_run_aes_gcm_cmd.patch patches.suse/SUNRPC-auth-async-tasks-mustn-t-block-waiting-for-me.patch - patches.suse/SUNRPC-call_alloc-async-tasks-mustn-t-block-waiting-.patch patches.suse/SUNRPC-improve-swap-handling-scheduling-and-PF_MEMAL.patch patches.suse/SUNRPC-xprt-async-tasks-mustn-t-block-waiting-for-me.patch patches.suse/net-tipc-validate-domain-record-count-on-input.patch @@ -62925,6 +63071,7 @@ patches.suse/sunrpc-gss-timeout.patch patches.suse/SUNRPC-change-locking-for-xs_swap_enable-disable.patch patches.suse/nfs-access-cache-no-negative.patch + patches.suse/NFS-Handle-missing-attributes-in-OPEN.patch ######################################################## # Overlayfs @@ -63532,6 +63679,7 @@ patches.kabi/kABI-Fix-after-adding-trace_iterator.wait_index.patch patches.kabi/suse-hv-struct-vmbus_channel.patch patches.kabi/kABI-mitigate-new-ufs_stats-field.patch + patches.kabi/move-new-members-of-struct-usbnet-to-end.patch ######################################################## # You'd better have a good reason for adding a patch