diff --git a/patches.suse/Convert-trailing-spaces-and-periods-in-path-components.patch b/patches.suse/Convert-trailing-spaces-and-periods-in-path-components.patch new file mode 100644 index 0000000..d20e17d --- /dev/null +++ b/patches.suse/Convert-trailing-spaces-and-periods-in-path-components.patch @@ -0,0 +1,48 @@ +From: Boris Protopopov +Date: Thu, 24 Sep 2020 00:36:38 +0000 +Subject: [PATCH] Convert trailing spaces and periods in path components +Patch-mainline: v5.10-rc1 +Git-commit: 57c176074057531b249cf522d90c22313fa74b0b +References: bsc#1179424 + +When converting trailing spaces and periods in paths, do so +for every component of the path, not just the last component. +If the conversion is not done for every path component, then +subsequent operations in directories with trailing spaces or +periods (e.g. create(), mkdir()) will fail with ENOENT. This +is because on the server, the directory will have a special +symbol in its name, and the client needs to provide the same. + +Signed-off-by: Boris Protopopov +Acked-by: Ronnie Sahlberg +Signed-off-by: Steve French +Acked-by: Aurelien Aptel +Reviewed-by: Aurelien Aptel + +--- + fs/cifs/cifs_unicode.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/fs/cifs/cifs_unicode.c b/fs/cifs/cifs_unicode.c +index 498777d859eb5..9bd03a2310328 100644 +--- a/fs/cifs/cifs_unicode.c ++++ b/fs/cifs/cifs_unicode.c +@@ -488,7 +488,13 @@ cifsConvertToUTF16(__le16 *target, const char *source, int srclen, + else if (map_chars == SFM_MAP_UNI_RSVD) { + bool end_of_string; + +- if (i == srclen - 1) ++ /** ++ * Remap spaces and periods found at the end of every ++ * component of the path. The special cases of '.' and ++ * '..' do not need to be dealt with explicitly because ++ * they are addressed in namei.c:link_path_walk(). ++ **/ ++ if ((i == srclen - 1) || (source[i+1] == '\\')) + end_of_string = true; + else + end_of_string = false; +-- +2.29.2 + + diff --git a/patches.suse/cifs-Return-the-error-from-crypt_message-when-enc-dec-key-not-found.patch b/patches.suse/cifs-Return-the-error-from-crypt_message-when-enc-dec-key-not-found.patch new file mode 100644 index 0000000..6d7c715 --- /dev/null +++ b/patches.suse/cifs-Return-the-error-from-crypt_message-when-enc-dec-key-not-found.patch @@ -0,0 +1,50 @@ +From: Shyam Prasad N +Date: Thu, 15 Oct 2020 10:41:31 -0700 +Subject: [PATCH] cifs: Return the error from crypt_message when enc/dec key + not found. +Patch-mainline: v5.10-rc1 +Git-commit: 0bd294b55a5de442370c29fa53bab17aef3ff318 +References: bsc#1179426 + + +In crypt_message, when smb2_get_enc_key returns error, we need to +return the error back to the caller. If not, we end up processing +the message further, causing a kernel oops due to unwarranted access +of memory. + +Call Trace: +smb3_receive_transform+0x120/0x870 [cifs] +cifs_demultiplex_thread+0xb53/0xc20 [cifs] +? cifs_handle_standard+0x190/0x190 [cifs] +kthread+0x116/0x130 +? kthread_park+0x80/0x80 +ret_from_fork+0x1f/0x30 + +Signed-off-by: Shyam Prasad N +Reviewed-by: Pavel Shilovsky +Reviewed-by: Ronnie Sahlberg +Cc: Stable +Signed-off-by: Steve French +Acked-by: Aurelien Aptel + +--- + fs/cifs/smb2ops.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c +index 48657ddbd75e6..0dfa832a3de07 100644 +--- a/fs/cifs/smb2ops.c ++++ b/fs/cifs/smb2ops.c +@@ -3944,7 +3944,7 @@ crypt_message(struct TCP_Server_Info *server, int num_rqst, + if (rc) { + cifs_server_dbg(VFS, "%s: Could not get %scryption key\n", __func__, + enc ? "en" : "de"); +- return 0; ++ return rc; + } + + rc = smb3_crypto_aead_allocate(server); +-- +2.29.2 + + diff --git a/patches.suse/cifs-remove-bogus-debug-code.patch b/patches.suse/cifs-remove-bogus-debug-code.patch new file mode 100644 index 0000000..f8cd66c --- /dev/null +++ b/patches.suse/cifs-remove-bogus-debug-code.patch @@ -0,0 +1,77 @@ +From: Dan Carpenter +Date: Wed, 16 Sep 2020 23:18:21 +0300 +Subject: [PATCH] cifs: remove bogus debug code +Patch-mainline: v5.10-rc1 +Git-commit: d367cb960ce88914898cbfa43645c2e43ede9465 +References: bsc#1179427 + +The "end" pointer is either NULL or it points to the next byte to parse. +If there isn't a next byte then dereferencing "end" is an off-by-one out +of bounds error. And, of course, if it's NULL that leads to an Oops. +Printing "*end" doesn't seem very useful so let's delete this code. + +Also for the last debug statement, I noticed that it should be printing +"sequence_end" instead of "end" so fix that as well. + +Reported-by: Dominik Maier +Signed-off-by: Dan Carpenter +Signed-off-by: Steve French +Acked-by: Aurelien Aptel +Reviewed-by: Aurelien Aptel + +--- + fs/cifs/asn1.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c +index 689162e2e1755..3150c19cdc2fb 100644 +--- a/fs/cifs/asn1.c ++++ b/fs/cifs/asn1.c +@@ -530,8 +530,8 @@ decode_negTokenInit(unsigned char *security_blob, int length, + return 0; + } else if ((cls != ASN1_CTX) || (con != ASN1_CON) + || (tag != ASN1_EOC)) { +- cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 0\n", +- cls, con, tag, end, *end); ++ cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p exit 0\n", ++ cls, con, tag, end); + return 0; + } + +@@ -541,8 +541,8 @@ decode_negTokenInit(unsigned char *security_blob, int length, + return 0; + } else if ((cls != ASN1_UNI) || (con != ASN1_CON) + || (tag != ASN1_SEQ)) { +- cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 1\n", +- cls, con, tag, end, *end); ++ cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p exit 1\n", ++ cls, con, tag, end); + return 0; + } + +@@ -552,8 +552,8 @@ decode_negTokenInit(unsigned char *security_blob, int length, + return 0; + } else if ((cls != ASN1_CTX) || (con != ASN1_CON) + || (tag != ASN1_EOC)) { +- cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 0\n", +- cls, con, tag, end, *end); ++ cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p exit 0\n", ++ cls, con, tag, end); + return 0; + } + +@@ -564,8 +564,8 @@ decode_negTokenInit(unsigned char *security_blob, int length, + return 0; + } else if ((cls != ASN1_UNI) || (con != ASN1_CON) + || (tag != ASN1_SEQ)) { +- cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 1\n", +- cls, con, tag, end, *end); ++ cifs_dbg(FYI, "cls = %d con = %d tag = %d sequence_end = %p exit 1\n", ++ cls, con, tag, sequence_end); + return 0; + } + +-- +2.29.2 + + diff --git a/patches.suse/docs-ABI-stable-remove-a-duplicated-documentation.patch b/patches.suse/docs-ABI-stable-remove-a-duplicated-documentation.patch new file mode 100644 index 0000000..e03d257 --- /dev/null +++ b/patches.suse/docs-ABI-stable-remove-a-duplicated-documentation.patch @@ -0,0 +1,44 @@ +From: Mauro Carvalho Chehab +Date: Fri, 30 Oct 2020 08:40:52 +0100 +Patch-mainline: v5.10-rc2 +Subject: docs: ABI: stable: remove a duplicated documentation +Git-commit: 637ae1fb5dca38649eed31f943114486bacce416 +References: git-fixes + +Perhaps due to a wrong cut-and-paste, this entry: + + What: /sys/bus/vmbus/devices//channels//cpu + +was added twice by the same patch, one following the other. + +Remove the duplication. + +Fixes: c2e5df616e1a ("vmbus: add per-channel sysfs info") +Acked-by: Wei Liu +Acked-by: Jonathan Corbet +Signed-off-by: Mauro Carvalho Chehab +Link: https://lore.kernel.org/r/091e8de5543c280ceb47edcb3ab6d0e9f3fa085b.1604042072.git.mchehab+huawei@kernel.org +Signed-off-by: Greg Kroah-Hartman +Acked-by: Olaf Hering +--- + Documentation/ABI/stable/sysfs-bus-vmbus | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/Documentation/ABI/stable/sysfs-bus-vmbus b/Documentation/ABI/stable/sysfs-bus-vmbus +index 8e8d167eca31..c27b7b89477c 100644 +--- a/Documentation/ABI/stable/sysfs-bus-vmbus ++++ b/Documentation/ABI/stable/sysfs-bus-vmbus +@@ -63,13 +63,6 @@ Contact: Stephen Hemminger + Description: VCPU (sub)channel is affinitized to + Users: tools/hv/lsvmbus and other debuggig tools + +-What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/cpu +-Date: September. 2017 +-KernelVersion: 4.14 +-Contact: Stephen Hemminger +-Description: VCPU (sub)channel is affinitized to +-Users: tools/hv/lsvmbus and other debuggig tools +- + What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/in_mask + Date: September. 2017 + KernelVersion: 4.14 diff --git a/patches.suse/efi-cper-Fix-possible-out-of-bounds-access.patch b/patches.suse/efi-cper-Fix-possible-out-of-bounds-access.patch new file mode 100644 index 0000000..a91f451 --- /dev/null +++ b/patches.suse/efi-cper-Fix-possible-out-of-bounds-access.patch @@ -0,0 +1,67 @@ +From 45b14a4ffcc1e0b5caa246638f942cbe7eaea7ad Mon Sep 17 00:00:00 2001 +From: Ross Lagerwall +Date: Mon, 28 Jan 2019 10:04:24 +0000 +Subject: [PATCH] efi: cper: Fix possible out-of-bounds access +Git-commit: 45b14a4ffcc1e0b5caa246638f942cbe7eaea7ad +Patch-mainline: v5.1-rc1 +References: git-fixes + +When checking a generic status block, we iterate over all the generic +data blocks. The loop condition only checks that the start of the +generic data block is valid (within estatus->data_length) but not the +whole block. Because the size of data blocks (excluding error data) may +vary depending on the revision and the revision is contained within the +data block, ensure that enough of the current data block is valid before +dereferencing any members otherwise an out-of-bounds access may occur if +estatus->data_length is invalid. + +This relies on the fact that struct acpi_hest_generic_data_v300 is a +superset of the earlier version. Also rework the other checks to avoid +potential underflow. + +Signed-off-by: Ross Lagerwall +Acked-by: Borislav Petkov +Tested-by: Tyler Baicar +Signed-off-by: Rafael J. Wysocki +Acked-by: Takashi Iwai + +--- + drivers/firmware/efi/cper.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c +index a7902fccdcfa..6090d25dce85 100644 +--- a/drivers/firmware/efi/cper.c ++++ b/drivers/firmware/efi/cper.c +@@ -546,19 +546,24 @@ EXPORT_SYMBOL_GPL(cper_estatus_check_header); + int cper_estatus_check(const struct acpi_hest_generic_status *estatus) + { + struct acpi_hest_generic_data *gdata; +- unsigned int data_len, gedata_len; ++ unsigned int data_len, record_size; + int rc; + + rc = cper_estatus_check_header(estatus); + if (rc) + return rc; ++ + data_len = estatus->data_length; + + apei_estatus_for_each_section(estatus, gdata) { +- gedata_len = acpi_hest_get_error_length(gdata); +- if (gedata_len > data_len - acpi_hest_get_size(gdata)) ++ if (sizeof(struct acpi_hest_generic_data) > data_len) ++ return -EINVAL; ++ ++ record_size = acpi_hest_get_record_size(gdata); ++ if (record_size > data_len) + return -EINVAL; +- data_len -= acpi_hest_get_record_size(gdata); ++ ++ data_len -= record_size; + } + if (data_len) + return -EINVAL; +-- +2.26.2 + diff --git a/patches.suse/efi-efivars-Add-missing-kobject_put-in-sysfs-entry-c.patch b/patches.suse/efi-efivars-Add-missing-kobject_put-in-sysfs-entry-c.patch new file mode 100644 index 0000000..36a0bf4 --- /dev/null +++ b/patches.suse/efi-efivars-Add-missing-kobject_put-in-sysfs-entry-c.patch @@ -0,0 +1,43 @@ +From d8bd8c6e2cfab8b78b537715255be8d7557791c0 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Fri, 22 May 2020 18:15:49 +0200 +Subject: [PATCH] efi/efivars: Add missing kobject_put() in sysfs entry creation error path +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: d8bd8c6e2cfab8b78b537715255be8d7557791c0 +Patch-mainline: v5.8-rc1 +References: git-fixes + +The documentation provided by kobject_init_and_add() clearly spells out +the need to call kobject_put() on the kobject if an error is returned. +Add this missing call to the error path. + +Cc: +Reported-by: 亿一 +Signed-off-by: Ard Biesheuvel +Acked-by: Takashi Iwai + +--- + drivers/firmware/efi/efivars.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/firmware/efi/efivars.c b/drivers/firmware/efi/efivars.c +index 78ad1ba8c987..26528a46d99e 100644 +--- a/drivers/firmware/efi/efivars.c ++++ b/drivers/firmware/efi/efivars.c +@@ -522,8 +522,10 @@ efivar_create_sysfs_entry(struct efivar_entry *new_var) + ret = kobject_init_and_add(&new_var->kobj, &efivar_ktype, + NULL, "%s", short_name); + kfree(short_name); +- if (ret) ++ if (ret) { ++ kobject_put(&new_var->kobj); + return ret; ++ } + + kobject_uevent(&new_var->kobj, KOBJ_ADD); + if (efivar_entry_add(new_var, &efivar_sysfs_list)) { +-- +2.26.2 + diff --git a/patches.suse/efi-esrt-Fix-reference-count-leak-in-esre_create_sys.patch b/patches.suse/efi-esrt-Fix-reference-count-leak-in-esre_create_sys.patch new file mode 100644 index 0000000..ddea355 --- /dev/null +++ b/patches.suse/efi-esrt-Fix-reference-count-leak-in-esre_create_sys.patch @@ -0,0 +1,39 @@ +From 4ddf4739be6e375116c375f0a68bf3893ffcee21 Mon Sep 17 00:00:00 2001 +From: Qiushi Wu +Date: Thu, 28 May 2020 13:38:04 -0500 +Subject: [PATCH] efi/esrt: Fix reference count leak in esre_create_sysfs_entry. +Git-commit: 4ddf4739be6e375116c375f0a68bf3893ffcee21 +Patch-mainline: v5.8-rc3 +References: git-fixes + +kobject_init_and_add() takes reference even when it fails. +If this function returns an error, kobject_put() must be called to +properly clean up the memory associated with the object. Previous +commit "b8eb718348b8" fixed a similar problem. + +Fixes: 0bb549052d33 ("efi: Add esrt support") +Signed-off-by: Qiushi Wu +Link: https://lore.kernel.org/r/20200528183804.4497-1-wu000273@umn.edu +Signed-off-by: Ard Biesheuvel +Acked-by: Takashi Iwai + +--- + drivers/firmware/efi/esrt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/firmware/efi/esrt.c b/drivers/firmware/efi/esrt.c +index e3d692696583..d5915272141f 100644 +--- a/drivers/firmware/efi/esrt.c ++++ b/drivers/firmware/efi/esrt.c +@@ -181,7 +181,7 @@ static int esre_create_sysfs_entry(void *esre, int entry_num) + rc = kobject_init_and_add(&entry->kobj, &esre1_ktype, NULL, + "entry%d", entry_num); + if (rc) { +- kfree(entry); ++ kobject_put(&entry->kobj); + return rc; + } + } +-- +2.26.2 + diff --git a/patches.suse/efi-provide-empty-efi_enter_virtual_mode-implementat.patch b/patches.suse/efi-provide-empty-efi_enter_virtual_mode-implementat.patch new file mode 100644 index 0000000..4b61d70 --- /dev/null +++ b/patches.suse/efi-provide-empty-efi_enter_virtual_mode-implementat.patch @@ -0,0 +1,47 @@ +From 2c547f9da0539ad1f7ef7f08c8c82036d61b011a Mon Sep 17 00:00:00 2001 +From: Andrey Konovalov +Date: Thu, 6 Aug 2020 23:25:01 -0700 +Subject: [PATCH] efi: provide empty efi_enter_virtual_mode implementation +Git-commit: 2c547f9da0539ad1f7ef7f08c8c82036d61b011a +Patch-mainline: v5.9-rc1 +References: git-fixes + +When CONFIG_EFI is not enabled, we might get an undefined reference to +efi_enter_virtual_mode() error, if this efi_enabled() call isn't inlined +into start_kernel(). This happens in particular, if start_kernel() is +annodated with __no_sanitize_address. + +Reported-by: kernel test robot +Signed-off-by: Andrey Konovalov +Signed-off-by: Andrew Morton +Acked-by: Ard Biesheuvel +Cc: Alexander Potapenko +Cc: Andrey Ryabinin +Cc: Catalin Marinas +Cc: Dmitry Vyukov +Cc: Elena Petrova +Cc: Marco Elver +Cc: Vincenzo Frascino +Cc: Walter Wu +Link: http://lkml.kernel.org/r/6514652d3a32d3ed33d6eb5c91d0af63bf0d1a0c.1596544734.git.andreyknvl@google.com +Signed-off-by: Linus Torvalds +Acked-by: Takashi Iwai + +--- + include/linux/efi.h | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -963,7 +963,11 @@ extern void *efi_get_pal_addr (void); + extern void efi_map_pal_code (void); + extern void efi_memmap_walk (efi_freemem_callback_t callback, void *arg); + extern void efi_gettimeofday (struct timespec64 *ts); ++#ifdef CONFIG_EFI + extern void efi_enter_virtual_mode (void); /* switch EFI to virtual mode, if possible */ ++#else ++static inline void efi_enter_virtual_mode (void) {} ++#endif + #ifdef CONFIG_X86 + extern void efi_late_init(void); + extern void efi_free_boot_services(void); diff --git a/patches.suse/efi-x86-Don-t-panic-or-BUG-on-non-critical-error-con.patch b/patches.suse/efi-x86-Don-t-panic-or-BUG-on-non-critical-error-con.patch new file mode 100644 index 0000000..7a209b6 --- /dev/null +++ b/patches.suse/efi-x86-Don-t-panic-or-BUG-on-non-critical-error-con.patch @@ -0,0 +1,124 @@ +From e2d68a955e49d61fd0384f23e92058dc9b79be5e Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Fri, 3 Jan 2020 12:39:46 +0100 +Subject: [PATCH] efi/x86: Don't panic or BUG() on non-critical error conditions +Git-commit: e2d68a955e49d61fd0384f23e92058dc9b79be5e +Patch-mainline: v5.6-rc1 +References: git-fixes + +The logic in __efi_enter_virtual_mode() does a number of steps in +sequence, all of which may fail in one way or the other. In most +cases, we simply print an error and disable EFI runtime services +support, but in some cases, we BUG() or panic() and bring down the +system when encountering conditions that we could easily handle in +the same way. + +While at it, replace a pointless page-to-virt-phys conversion with +one that goes straight from struct page to physical. + +Signed-off-by: Ard Biesheuvel +Cc: Andy Lutomirski +Cc: Ard Biesheuvel +Cc: Arvind Sankar +Cc: Matthew Garrett +Cc: linux-efi@vger.kernel.org +Link: https://lkml.kernel.org/r/20200103113953.9571-14-ardb@kernel.org +Signed-off-by: Ingo Molnar +Acked-by: Takashi Iwai + +--- + arch/x86/platform/efi/efi.c | 28 ++++++++++++++-------------- + arch/x86/platform/efi/efi_64.c | 9 +++++---- + 2 files changed, 19 insertions(+), 18 deletions(-) + +--- a/arch/x86/platform/efi/efi.c ++++ b/arch/x86/platform/efi/efi.c +@@ -956,16 +956,14 @@ static void __init __efi_enter_virtual_m + + if (efi_alloc_page_tables()) { + pr_err("Failed to allocate EFI page tables\n"); +- clear_bit(EFI_RUNTIME_SERVICES, &efi.flags); +- return; ++ goto err; + } + + efi_merge_regions(); + new_memmap = efi_map_regions(&count, &pg_shift); + if (!new_memmap) { + pr_err("Error reallocating memory, EFI runtime non-functional!\n"); +- clear_bit(EFI_RUNTIME_SERVICES, &efi.flags); +- return; ++ goto err; + } + + pa = __pa(new_memmap); +@@ -979,8 +977,7 @@ static void __init __efi_enter_virtual_m + + if (efi_memmap_init_late(pa, efi.memmap.desc_size * count)) { + pr_err("Failed to remap late EFI memory map\n"); +- clear_bit(EFI_RUNTIME_SERVICES, &efi.flags); +- return; ++ goto err; + } + + if (efi_enabled(EFI_DBG)) { +@@ -988,12 +985,11 @@ static void __init __efi_enter_virtual_m + efi_print_memmap(); + } + +- BUG_ON(!efi.systab); ++ if (WARN_ON(!efi.systab)) ++ goto err; + +- if (efi_setup_page_tables(pa, 1 << pg_shift)) { +- clear_bit(EFI_RUNTIME_SERVICES, &efi.flags); +- return; +- } ++ if (efi_setup_page_tables(pa, 1 << pg_shift)) ++ goto err; + + efi_sync_low_kernel_mappings(); + +@@ -1013,9 +1009,9 @@ static void __init __efi_enter_virtual_m + } + + if (status != EFI_SUCCESS) { +- pr_alert("Unable to switch EFI into virtual mode (status=%lx)!\n", +- status); +- panic("EFI call to SetVirtualAddressMap() failed!"); ++ pr_err("Unable to switch EFI into virtual mode (status=%lx)!\n", ++ status); ++ goto err; + } + + /* +@@ -1043,6 +1039,10 @@ static void __init __efi_enter_virtual_m + + /* clean DUMMY object */ + efi_delete_dummy_variable(); ++ return; ++ ++err: ++ clear_bit(EFI_RUNTIME_SERVICES, &efi.flags); + } + + void __init efi_enter_virtual_mode(void) +--- a/arch/x86/platform/efi/efi_64.c ++++ b/arch/x86/platform/efi/efi_64.c +@@ -402,11 +402,12 @@ int __init efi_setup_page_tables(unsigne + return 0; + + page = alloc_page(GFP_KERNEL|__GFP_DMA32); +- if (!page) +- panic("Unable to allocate EFI runtime stack < 4GB\n"); ++ if (!page) { ++ pr_err("Unable to allocate EFI runtime stack < 4GB\n"); ++ return 1; ++ } + +- efi_scratch.phys_stack = virt_to_phys(page_address(page)); +- efi_scratch.phys_stack += PAGE_SIZE; /* stack grows down */ ++ efi_scratch.phys_stack = page_to_phys(page + 1); /* stack grows down */ + + npages = (_etext - _text) >> PAGE_SHIFT; + text = __pa(_text); diff --git a/patches.suse/efi-x86-Ignore-the-memory-attributes-table-on-i386.patch b/patches.suse/efi-x86-Ignore-the-memory-attributes-table-on-i386.patch new file mode 100644 index 0000000..24c59a7 --- /dev/null +++ b/patches.suse/efi-x86-Ignore-the-memory-attributes-table-on-i386.patch @@ -0,0 +1,72 @@ +From dd09fad9d2caad2325a39b766ce9e79cfc690184 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Sun, 8 Mar 2020 09:08:51 +0100 +Subject: [PATCH] efi/x86: Ignore the memory attributes table on i386 +Git-commit: dd09fad9d2caad2325a39b766ce9e79cfc690184 +Patch-mainline: v5.7-rc1 +References: git-fixes + +Commit: + + 3a6b6c6fb23667fa ("efi: Make EFI_MEMORY_ATTRIBUTES_TABLE initialization common across all architectures") + +moved the call to efi_memattr_init() from ARM specific to the generic +EFI init code, in order to be able to apply the restricted permissions +described in that table on x86 as well. + +We never enabled this feature fully on i386, and so mapping and +reserving this table is pointless. However, due to the early call to +memblock_reserve(), the memory bookkeeping gets confused to the point +where it produces the splat below when we try to map the memory later +On: + + ------------[ cut here ]------------ + ioremap on RAM at 0x3f251000 - 0x3fa1afff + WARNING: CPU: 0 PID: 0 at arch/x86/mm/ioremap.c:166 __ioremap_caller ... + Modules linked in: + CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.0 #48 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015 + EIP: __ioremap_caller.constprop.0+0x249/0x260 + Code: 90 0f b7 05 4e 38 40 de 09 45 e0 e9 09 ff ff ff 90 8d 45 ec c6 05 ... + EAX: 00000029 EBX: 00000000 ECX: de59c228 EDX: 00000001 + ESI: 3f250fff EDI: 00000000 EBP: de3edf20 ESP: de3edee0 + DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00200296 + CR0: 80050033 CR2: ffd17000 CR3: 1e58c000 CR4: 00040690 + Call Trace: + ioremap_cache+0xd/0x10 + ? old_map_region+0x72/0x9d + old_map_region+0x72/0x9d + efi_map_region+0x8/0xa + efi_enter_virtual_mode+0x260/0x43b + start_kernel+0x329/0x3aa + i386_start_kernel+0xa7/0xab + startup_32_smp+0x164/0x168 + ---[ end trace e15ccf6b9f356833 ]--- + +Let's work around this by disregarding the memory attributes table +altogether on i386, which does not result in a loss of functionality +or protection, given that we never consumed the contents. + +Fixes: 3a6b6c6fb23667fa ("efi: Make EFI_MEMORY_ATTRIBUTES_TABLE ... ") +Tested-by: Arvind Sankar +Signed-off-by: Ard Biesheuvel +Signed-off-by: Ingo Molnar +Link: https://lore.kernel.org/r/20200304165917.5893-1-ardb@kernel.org +Link: https://lore.kernel.org/r/20200308080859.21568-21-ardb@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/firmware/efi/efi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/firmware/efi/efi.c ++++ b/drivers/firmware/efi/efi.c +@@ -545,7 +545,7 @@ int __init efi_config_parse_tables(void + } + } + +- if (efi_enabled(EFI_MEMMAP)) ++ if (!IS_ENABLED(CONFIG_X86_32) && efi_enabled(EFI_MEMMAP)) + efi_memattr_init(); + + /* Parse the EFI Properties table if it exists */ diff --git a/patches.suse/efi-x86-Map-the-entire-EFI-vendor-string-before-copy.patch b/patches.suse/efi-x86-Map-the-entire-EFI-vendor-string-before-copy.patch new file mode 100644 index 0000000..bc0fe49 --- /dev/null +++ b/patches.suse/efi-x86-Map-the-entire-EFI-vendor-string-before-copy.patch @@ -0,0 +1,69 @@ +From ffc2760bcf2dba0dbef74013ed73eea8310cc52c Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Fri, 3 Jan 2020 12:39:37 +0100 +Subject: [PATCH] efi/x86: Map the entire EFI vendor string before copying it +Git-commit: ffc2760bcf2dba0dbef74013ed73eea8310cc52c +Patch-mainline: v5.6-rc1 +References: git-fixes + +Fix a couple of issues with the way we map and copy the vendor string: +- we map only 2 bytes, which usually works since you get at least a + page, but if the vendor string happens to cross a page boundary, + a crash will result +- only call early_memunmap() if early_memremap() succeeded, or we will + call it with a NULL address which it doesn't like, +- while at it, switch to early_memremap_ro(), and array indexing rather + than pointer dereferencing to read the CHAR16 characters. + +Signed-off-by: Ard Biesheuvel +Cc: Andy Lutomirski +Cc: Ard Biesheuvel +Cc: Arvind Sankar +Cc: Matthew Garrett +Cc: linux-efi@vger.kernel.org +Fixes: 5b83683f32b1 ("x86: EFI runtime service support") +Link: https://lkml.kernel.org/r/20200103113953.9571-5-ardb@kernel.org +Signed-off-by: Ingo Molnar +Acked-by: Takashi Iwai + +--- + arch/x86/platform/efi/efi.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c +index d96953d9d4e7..3ce32c31bb61 100644 +--- a/arch/x86/platform/efi/efi.c ++++ b/arch/x86/platform/efi/efi.c +@@ -541,7 +541,6 @@ void __init efi_init(void) + efi_char16_t *c16; + char vendor[100] = "unknown"; + int i = 0; +- void *tmp; + + #ifdef CONFIG_X86_32 + if (boot_params.efi_info.efi_systab_hi || +@@ -566,14 +565,16 @@ void __init efi_init(void) + /* + * Show what we know for posterity + */ +- c16 = tmp = early_memremap(efi.systab->fw_vendor, 2); ++ c16 = early_memremap_ro(efi.systab->fw_vendor, ++ sizeof(vendor) * sizeof(efi_char16_t)); + if (c16) { +- for (i = 0; i < sizeof(vendor) - 1 && *c16; ++i) +- vendor[i] = *c16++; ++ for (i = 0; i < sizeof(vendor) - 1 && c16[i]; ++i) ++ vendor[i] = c16[i]; + vendor[i] = '\0'; +- } else ++ early_memunmap(c16, sizeof(vendor) * sizeof(efi_char16_t)); ++ } else { + pr_err("Could not map the firmware vendor!\n"); +- early_memunmap(tmp, 2); ++ } + + pr_info("EFI v%u.%.02u by %s\n", + efi.systab->hdr.revision >> 16, +-- +2.26.2 + diff --git a/patches.suse/efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch b/patches.suse/efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch new file mode 100644 index 0000000..1aae888 --- /dev/null +++ b/patches.suse/efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch @@ -0,0 +1,63 @@ +From ff04f3b6f2e27f8ae28a498416af2a8dd5072b43 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Wed, 25 Nov 2020 08:45:55 +0100 +Subject: [PATCH] efivarfs: revert "fix memory leak in efivarfs_create()" +Git-commit: ff04f3b6f2e27f8ae28a498416af2a8dd5072b43 +Patch-mainline: v5.10-rc6 +References: git-fixes + +The memory leak addressed by commit fe5186cf12e3 is a false positive: +all allocations are recorded in a linked list, and freed when the +filesystem is unmounted. This leads to double frees, and as reported +by David, leads to crashes if SLUB is configured to self destruct when +double frees occur. + +So drop the redundant kfree() again, and instead, mark the offending +pointer variable so the allocation is ignored by kmemleak. + +Cc: Vamshi K Sthambamkadi +Fixes: fe5186cf12e3 ("efivarfs: fix memory leak in efivarfs_create()") +Reported-by: David Laight +Signed-off-by: Ard Biesheuvel +Acked-by: Takashi Iwai + +--- + fs/efivarfs/inode.c | 2 ++ + fs/efivarfs/super.c | 1 - + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/fs/efivarfs/inode.c b/fs/efivarfs/inode.c +index 96c0c86f3fff..0297ad95eb5c 100644 +--- a/fs/efivarfs/inode.c ++++ b/fs/efivarfs/inode.c +@@ -7,6 +7,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -103,6 +104,7 @@ static int efivarfs_create(struct inode *dir, struct dentry *dentry, + var->var.VariableName[i] = '\0'; + + inode->i_private = var; ++ kmemleak_ignore(var); + + err = efivar_entry_add(var, &efivarfs_list); + if (err) +diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c +index f943fd0b0699..15880a68faad 100644 +--- a/fs/efivarfs/super.c ++++ b/fs/efivarfs/super.c +@@ -21,7 +21,6 @@ LIST_HEAD(efivarfs_list); + static void efivarfs_evict_inode(struct inode *inode) + { + clear_inode(inode); +- kfree(inode->i_private); + } + + static const struct super_operations efivarfs_ops = { +-- +2.26.2 + diff --git a/patches.suse/msft-hv-1916-Drivers-hv-vmbus-Remove-the-unused-tsc_page-from-str.patch b/patches.suse/msft-hv-1916-Drivers-hv-vmbus-Remove-the-unused-tsc_page-from-str.patch new file mode 100644 index 0000000..9d8f31a --- /dev/null +++ b/patches.suse/msft-hv-1916-Drivers-hv-vmbus-Remove-the-unused-tsc_page-from-str.patch @@ -0,0 +1,33 @@ +From: Dexuan Cui +Date: Tue, 20 Aug 2019 03:06:40 +0000 +Patch-mainline: v5.3-rc6 +Subject: Drivers: hv: vmbus: Remove the unused "tsc_page" from struct hv_context +Git-commit: 16c75963723dfd8d7ca719527052f16be7258a23 +References: git-fixes + +This field is no longer used after the commit +63ed4e0c67df ("Drivers: hv: vmbus: Consolidate all Hyper-V specific clocksource code") +, because it's replaced by the global variable +"struct ms_hyperv_tsc_page *tsc_pg;" (now, the variable is in +drivers/clocksource/hyperv_timer.c). + +Fixes: 63ed4e0c67df ("Drivers: hv: vmbus: Consolidate all Hyper-V specific clocksource code") +Signed-off-by: Dexuan Cui +Signed-off-by: Sasha Levin +Acked-by: Olaf Hering +--- + drivers/hv/hyperv_vmbus.h | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h +--- a/drivers/hv/hyperv_vmbus.h ++++ b/drivers/hv/hyperv_vmbus.h +@@ -146,8 +146,6 @@ struct hv_context { + */ + u64 guestid; + +- void *tsc_page; +- + struct hv_per_cpu_context __percpu *cpu_context; + + /* diff --git a/patches.suse/msft-hv-2172-video-hyperv_fb-Fix-the-cache-type-when-mapping-the-.patch b/patches.suse/msft-hv-2172-video-hyperv_fb-Fix-the-cache-type-when-mapping-the-.patch new file mode 100644 index 0000000..0969a98 --- /dev/null +++ b/patches.suse/msft-hv-2172-video-hyperv_fb-Fix-the-cache-type-when-mapping-the-.patch @@ -0,0 +1,57 @@ +From: Dexuan Cui +Date: Tue, 17 Nov 2020 16:03:05 -0800 +Patch-mainline: v5.10-rc6 +Subject: video: hyperv_fb: Fix the cache type when mapping the VRAM +Git-commit: 5f1251a48c17b54939d7477305e39679a565382c +References: git-fixes + +x86 Hyper-V used to essentially always overwrite the effective cache type +of guest memory accesses to WB. This was problematic in cases where there +is a physical device assigned to the VM, since that often requires that +the VM should have control over cache types. Thus, on newer Hyper-V since +2018, Hyper-V always honors the VM's cache type, but unexpectedly Linux VM +users start to complain that Linux VM's VRAM becomes very slow, and it +turns out that Linux VM should not map the VRAM uncacheable by ioremap(). +Fix this slowness issue by using ioremap_cache(). + +On ARM64, ioremap_cache() is also required as the host also maps the VRAM +cacheable, otherwise VM Connect can't display properly with ioremap() or +ioremap_wc(). + +With this change, the VRAM on new Hyper-V is as fast as regular RAM, so +it's no longer necessary to use the hacks we added to mitigate the +slowness, i.e. we no longer need to allocate physical memory and use +it to back up the VRAM in Generation-1 VM, and we also no longer need to +allocate physical memory to back up the framebuffer in a Generation-2 VM +and copy the framebuffer to the real VRAM. A further big change will +address these for v5.11. + +Fixes: 68a2d20b79b1 ("drivers/video: add Hyper-V Synthetic Video Frame Buffer Driver") +Tested-by: Boqun Feng +Signed-off-by: Dexuan Cui +Reviewed-by: Michael Kelley +Reviewed-by: Haiyang Zhang +Link: https://lore.kernel.org/r/20201118000305.24797-1-decui@microsoft.com +Signed-off-by: Wei Liu +Acked-by: Olaf Hering +--- + drivers/video/fbdev/hyperv_fb.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/drivers/video/fbdev/hyperv_fb.c b/drivers/video/fbdev/hyperv_fb.c +--- a/drivers/video/fbdev/hyperv_fb.c ++++ b/drivers/video/fbdev/hyperv_fb.c +@@ -1092,7 +1092,12 @@ static int hvfb_getmem(struct hv_device *hdev, struct fb_info *info) + goto err1; + } + +- fb_virt = ioremap(par->mem->start, screen_fb_size); ++ /* ++ * Map the VRAM cacheable for performance. This is also required for ++ * VM Connect to display properly for ARM64 Linux VM, as the host also ++ * maps the VRAM cacheable. ++ */ ++ fb_virt = ioremap_cache(par->mem->start, screen_fb_size); + if (!fb_virt) + goto err2; + diff --git a/series.conf b/series.conf index 0e14908..40504c7 100644 --- a/series.conf +++ b/series.conf @@ -47099,6 +47099,7 @@ patches.suse/cpufreq-acpi-cpufreq-Report-if-CPU-doesn-t-support-b.patch patches.suse/ACPI-APEI-Don-t-wait-to-serialise-with-oops-messages.patch patches.suse/ACPI-APEI-Switch-estatus-pool-to-use-vmalloc-memory.patch + patches.suse/efi-cper-Fix-possible-out-of-bounds-access.patch patches.suse/ACPI-video-Refactor-and-fix-dmi_is_desktop.patch patches.suse/ACPI-video-Extend-chassis-type-detection-with-a-Lunc.patch patches.suse/device-property-Fix-the-length-used-in-PROPERTY_ENTR.patch @@ -51438,6 +51439,7 @@ patches.suse/scsi-qla2xxx-Fix-gnl.l-memory-leak-on-adapter-init-f.patch patches.suse/scsi-ufs-fix-null-pointer-dereference-in-ufshcd_config_vreg_hpm patches.suse/scsi-lpfc-Mitigate-high-memory-pre-allocation-by-SCS.patch + patches.suse/msft-hv-1916-Drivers-hv-vmbus-Remove-the-unused-tsc_page-from-str.patch patches.suse/msft-hv-1920-Drivers-hv-vmbus-Fix-virt_to_hvpfn-for-X86_PAE.patch patches.suse/gpiolib-never-report-open-drain-source-lines-as-inpu.patch patches.suse/gpio-Fix-build-error-of-function-redefinition.patch @@ -53771,6 +53773,8 @@ patches.suse/msft-hv-2006-clocksource-drivers-hyper-v-Set-TSC-clocksource-as-d.patch patches.suse/irqdomain-Fix-a-memory-leak-in-irq_domain_push_irq.patch patches.suse/x86-cpu-update-cached-hle-state-on-write-to-tsx_ctrl_cpuid_clear + patches.suse/efi-x86-Map-the-entire-EFI-vendor-string-before-copy.patch + patches.suse/efi-x86-Don-t-panic-or-BUG-on-non-critical-error-con.patch patches.suse/perf-x86-amd-constrain-large-increment-per-cycle-events.patch patches.suse/perf-x86-amd-add-support-for-large-increment-per-cycle-events.patch patches.suse/x86-resctrl-check-monitoring-static-key-in-the-mbm-overflow-handler.patch @@ -54541,6 +54545,7 @@ patches.suse/objtool-add-is_static_jump-helper.patch patches.suse/objtool-add-relocation-check-for-alternative-sections.patch patches.suse/locktorture-Print-ratio-of-acquisitions-not-failures.patch + patches.suse/efi-x86-Ignore-the-memory-attributes-table-on-i386.patch patches.suse/partitions-efi-Fix-partition-name-parsing-in-GUID-pa.patch patches.suse/PCI-switchtec-Fix-init_completion-race-condition-wit.patch patches.suse/x86-devicetable-move-x86-specific-macro-out-of-generic-code.patch @@ -55250,6 +55255,7 @@ patches.suse/crypto-stm32-crc32-fix-ext4-chksum-BUG_ON.patch patches.suse/objtool-clean-instruction-state-before-each-function-validation.patch patches.suse/objtool-ignore-empty-alternatives.patch + patches.suse/efi-efivars-Add-missing-kobject_put-in-sysfs-entry-c.patch patches.suse/x86-cpu-amd-make-erratum-1054-a-legacy-erratum.patch patches.suse/drivers-perf-hisi-Fix-typo-in-events-attribute-array.patch patches.suse/lpfc_debugfs-get-rid-of-pointless-access_ok.patch @@ -55641,6 +55647,7 @@ patches.suse/cifs-smb3-Fix-data-inconsistent-when-punch-hole.patch patches.suse/sched-deadline-initialize-dl_boosted.patch patches.suse/sched-core-fix-pi-boosting-between-rt-and-deadline-tasks.patch + patches.suse/efi-esrt-Fix-reference-count-leak-in-esre_create_sys.patch patches.suse/msft-hv-2106-Drivers-hv-Change-flag-to-write-log-level-in-panic-m.patch patches.suse/0010-virtio-blk-free-vblk-vqs-in-error-path-of-virtblk_pr.patch patches.suse/nfsd-apply-umask-on-fs-without-ACL-support.patch @@ -56087,6 +56094,7 @@ patches.suse/ocfs2-change-slot-number-type-s16-to-u16.patch patches.suse/ocfs2-fix-unbalanced-locking.patch patches.suse/mm-filemap-clear-idle-flag-for-writes.patch + patches.suse/efi-provide-empty-efi_enter_virtual_mode-implementat.patch patches.suse/media-pci-ttpci-av7110-fix-possible-buffer-overflow-.patch patches.suse/media-budget-core-Improve-exception-handling-in-budg.patch patches.suse/media-omap3isp-Add-missed-v4l2_ctrl_handler_free-for.patch @@ -56691,6 +56699,9 @@ patches.suse/clk-imx8mq-fix-usdhc-parents-order.patch patches.suse/clk-bcm2835-add-missing-release-if-devm_clk_hw_regis.patch patches.suse/Werror-return-type.patch + patches.suse/Convert-trailing-spaces-and-periods-in-path-components.patch + patches.suse/cifs-Return-the-error-from-crypt_message-when-enc-dec-key-not-found.patch + patches.suse/cifs-remove-bogus-debug-code.patch patches.suse/icmp-randomize-the-global-rate-limiter.patch patches.suse/nfc-Ensure-presence-of-NFC_ATTR_FIRMWARE_NAME-attrib.patch patches.suse/ibmvnic-save-changed-mac-address-to-adapter-mac_addr.patch @@ -56738,6 +56749,7 @@ patches.suse/staging-octeon-repair-fixed-link-support.patch patches.suse/staging-octeon-Drop-on-uncorrectable-alignment-or-FC.patch patches.suse/staging-comedi-cb_pcidas-Allow-2-channel-commands-fo.patch + patches.suse/docs-ABI-stable-remove-a-duplicated-documentation.patch patches.suse/docs-ABI-sysfs-c2port-remove-a-duplicated-entry.patch patches.suse/time-Prevent-undefined-behaviour-in-timespec64_to_ns.patch patches.suse/kthread_worker-prevent-queuing-delayed-work-from-tim.patch @@ -56822,6 +56834,7 @@ patches.suse/x86-microcode-intel-check-patch-signature-before-saving-microcode-for-early-loading.patch patches.suse/efivarfs-fix-memory-leak-in-efivarfs_create.patch patches.suse/efi-x86-free-efi_pgd-with-free_pages.patch + patches.suse/msft-hv-2172-video-hyperv_fb-Fix-the-cache-type-when-mapping-the-.patch patches.suse/platform-x86-toshiba_acpi-Fix-the-wrong-variable-ass.patch patches.suse/nfc-s3fwrn5-use-signed-integer-for-parsing-GPIO-numb.patch patches.suse/batman-adv-set-.owner-to-THIS_MODULE.patch @@ -56830,6 +56843,7 @@ patches.suse/0001-usb-gadget-f_midi-Fix-memleak-in-f_midi_alloc.patch patches.suse/0002-usb-gadget-Fix-memleak-in-gadgetfs_fill_super.patch patches.suse/0003-USB-core-Fix-regression-in-Hercules-audio-card.patch + patches.suse/efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch # dhowells/linux-fs keys-uefi patches.suse/0001-KEYS-Allow-unrestricted-boot-time-addition-of-keys-t.patch