diff --git a/blacklist.conf b/blacklist.conf index 2c00547..9e83538 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -2806,3 +2806,6 @@ f192970de860d3ab90aa9e2a22853201a57bde78 # not needed de526f401284e1638d4c97cb5a4c292ac3f37655 # not needed 0e5a82efda872c2469c210957d7d4161ef8f4391 # not needed 4ba0b8187d98cb4c5e33c0e98895ac5dcb86af83 # depends on dd123e62bdedcd3a486e48e883ec63138ec2c14c, which introduces a new driver +4b9880dbf3bdba3a7c56445137c3d0e30aaa0a40 # not needed with downstream version of patch +07b050f9290ee012a407a0f64151db902a1520f5 # not needed with downstream version of patch +a494398bde273143c2352dd373cad8211f7d94b2 # not needed with downstream version of patch diff --git a/patches.suse/arm64-Discard-.note.GNU-stack-section.patch b/patches.suse/arm64-Discard-.note.GNU-stack-section.patch index d51fdec..3812125 100644 --- a/patches.suse/arm64-Discard-.note.GNU-stack-section.patch +++ b/patches.suse/arm64-Discard-.note.GNU-stack-section.patch @@ -7,6 +7,14 @@ Git-commit: 99cb0d917ffa1ab628bb67364ca9b162c07699b1 (partial - arm64 only) Patch-mainline: v6.2-rc2 References: bsc#1203693 bsc#1209798 +Note: the more general upstream solution requires at least + +4b9880dbf3bd powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT +07b050f9290e powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds +a494398bde27 s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 + +which are not applicable to the 4.12 kernel + Commit "Makefile: link with -z noexecstack --no-warn-rwx-segments: ddbd47d2219a" creates a new section .note.GNU-stack, which is not discarded by arm64. This changes the ELF layout and causes the build to fail on arm64. diff --git a/patches.suse/powerpc-Don-t-try-to-copy-PPR-for-task-with-NULL-pt_.patch b/patches.suse/powerpc-Don-t-try-to-copy-PPR-for-task-with-NULL-pt_.patch new file mode 100644 index 0000000..8f9534e --- /dev/null +++ b/patches.suse/powerpc-Don-t-try-to-copy-PPR-for-task-with-NULL-pt_.patch @@ -0,0 +1,85 @@ +From fd7276189450110ed835eb0a334e62d2f1c4e3be Mon Sep 17 00:00:00 2001 +From: Jens Axboe +Date: Sun, 26 Mar 2023 16:15:57 -0600 +Subject: [PATCH] powerpc: Don't try to copy PPR for task with NULL pt_regs + +References: bsc#1065729 +Patch-mainline: v6.3-rc5 +Git-commit: fd7276189450110ed835eb0a334e62d2f1c4e3be + +powerpc sets up PF_KTHREAD and PF_IO_WORKER with a NULL pt_regs, which +from my (arguably very short) checking is not commonly done for other +archs. This is fine, except when PF_IO_WORKER's have been created and +the task does something that causes a coredump to be generated. Then we +get this crash: + + Kernel attempted to read user page (160) - exploit attempt? (uid: 1000) + BUG: Kernel NULL pointer dereference on read at 0x00000160 + Faulting instruction address: 0xc0000000000c3a60 + Oops: Kernel access of bad area, sig: 11 [#1] + LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=32 NUMA pSeries + Modules linked in: bochs drm_vram_helper drm_kms_helper xts binfmt_misc ecb ctr syscopyarea sysfillrect cbc sysimgblt drm_ttm_helper aes_generic ttm sg libaes evdev joydev virtio_balloon vmx_crypto gf128mul drm dm_mod fuse loop configfs drm_panel_orientation_quirks ip_tables x_tables autofs4 hid_generic usbhid hid xhci_pci xhci_hcd usbcore usb_common sd_mod + CPU: 1 PID: 1982 Comm: ppc-crash Not tainted 6.3.0-rc2+ #88 + Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries + NIP: c0000000000c3a60 LR: c000000000039944 CTR: c0000000000398e0 + REGS: c0000000041833b0 TRAP: 0300 Not tainted (6.3.0-rc2+) + MSR: 800000000280b033 CR: 88082828 XER: 200400f8 + ... + NIP memcpy_power7+0x200/0x7d0 + LR ppr_get+0x64/0xb0 + Call Trace: + ppr_get+0x40/0xb0 (unreliable) + __regset_get+0x180/0x1f0 + regset_get_alloc+0x64/0x90 + elf_core_dump+0xb98/0x1b60 + do_coredump+0x1c34/0x24a0 + get_signal+0x71c/0x1410 + do_notify_resume+0x140/0x6f0 + interrupt_exit_user_prepare_main+0x29c/0x320 + interrupt_exit_user_prepare+0x6c/0xa0 + interrupt_return_srr_user+0x8/0x138 + +Because ppr_get() is trying to copy from a PF_IO_WORKER with a NULL +pt_regs. + +Check for a valid pt_regs in both ppc_get/ppr_set, and return an error +if not set. The actual error value doesn't seem to be important here, so +just pick -EINVAL. + +Fixes: fa439810cc1b ("powerpc/ptrace: Enable support for NT_PPPC_TAR, NT_PPC_PPR, NT_PPC_DSCR") +Cc: stable@vger.kernel.org # v4.8+ +Signed-off-by: Jens Axboe +[mpe: Trim oops in change log, add Fixes & Cc stable] +Signed-off-by: Michael Ellerman +Link: https://msgid.link/d9f63344-fe7c-56ae-b420-4a1a04a2ae4c@kernel.dk +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/ptrace.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c +--- a/arch/powerpc/kernel/ptrace.c ++++ b/arch/powerpc/kernel/ptrace.c +@@ -290,6 +290,9 @@ static int gpr_set(struct task_struct *target, const struct user_regset *regset, + unsigned int pos, unsigned int count, + void *kbuf, void __user *ubuf) + { ++ if (!target->thread.regs) ++ return -EINVAL; ++ + return user_regset_copyout(&pos, &count, &kbuf, &ubuf, + &target->thread.ppr, 0, sizeof(u64)); + } +@@ -297,6 +300,9 @@ static int ppr_set(struct task_struct *target, const struct user_regset *regset, + unsigned int pos, unsigned int count, + const void *kbuf, const void __user *ubuf) + { ++ if (!target->thread.regs) ++ return -EINVAL; ++ + return user_regset_copyin(&pos, &count, &kbuf, &ubuf, + &target->thread.ppr, 0, sizeof(u64)); + } +-- +2.40.0 + diff --git a/patches.suse/powerpc-Squash-lines-for-simple-wrapper-functions.patch b/patches.suse/powerpc-Squash-lines-for-simple-wrapper-functions.patch new file mode 100644 index 0000000..6427185 --- /dev/null +++ b/patches.suse/powerpc-Squash-lines-for-simple-wrapper-functions.patch @@ -0,0 +1,148 @@ +From 7f2462acb6a995f2b0005192c0ba8eb2bce08da4 Mon Sep 17 00:00:00 2001 +From: Masahiro Yamada +Date: Tue, 6 Sep 2016 20:21:50 +0900 +Subject: [PATCH] powerpc: Squash lines for simple wrapper functions + +References: bsc#1065729 +Patch-mainline: v4.14-rc1 +Git-commit: 7f2462acb6a995f2b0005192c0ba8eb2bce08da4 + +Remove unneeded variables and assignments. + +Signed-off-by: Masahiro Yamada +Signed-off-by: Michael Ellerman +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/ptrace.c | 42 +++++++------------------ + arch/powerpc/platforms/ps3/repository.c | 22 +++---------- + 2 files changed, 17 insertions(+), 47 deletions(-) + +diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c +index 660ed39e9c9a..07cd22e35405 100644 +--- a/arch/powerpc/kernel/ptrace.c ++++ b/arch/powerpc/kernel/ptrace.c +@@ -1594,11 +1594,8 @@ static int ppr_get(struct task_struct *target, + unsigned int pos, unsigned int count, + void *kbuf, void __user *ubuf) + { +- int ret; +- +- ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, +- &target->thread.ppr, 0, sizeof(u64)); +- return ret; ++ return user_regset_copyout(&pos, &count, &kbuf, &ubuf, ++ &target->thread.ppr, 0, sizeof(u64)); + } + + static int ppr_set(struct task_struct *target, +@@ -1606,11 +1603,8 @@ static int ppr_set(struct task_struct *target, + unsigned int pos, unsigned int count, + const void *kbuf, const void __user *ubuf) + { +- int ret; +- +- ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, +- &target->thread.ppr, 0, sizeof(u64)); +- return ret; ++ return user_regset_copyin(&pos, &count, &kbuf, &ubuf, ++ &target->thread.ppr, 0, sizeof(u64)); + } + + static int dscr_get(struct task_struct *target, +@@ -1618,22 +1612,16 @@ static int dscr_get(struct task_struct *target, + unsigned int pos, unsigned int count, + void *kbuf, void __user *ubuf) + { +- int ret; +- +- ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, +- &target->thread.dscr, 0, sizeof(u64)); +- return ret; ++ return user_regset_copyout(&pos, &count, &kbuf, &ubuf, ++ &target->thread.dscr, 0, sizeof(u64)); + } + static int dscr_set(struct task_struct *target, + const struct user_regset *regset, + unsigned int pos, unsigned int count, + const void *kbuf, const void __user *ubuf) + { +- int ret; +- +- ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, +- &target->thread.dscr, 0, sizeof(u64)); +- return ret; ++ return user_regset_copyin(&pos, &count, &kbuf, &ubuf, ++ &target->thread.dscr, 0, sizeof(u64)); + } + #endif + #ifdef CONFIG_PPC_BOOK3S_64 +@@ -1642,22 +1630,16 @@ static int tar_get(struct task_struct *target, + unsigned int pos, unsigned int count, + void *kbuf, void __user *ubuf) + { +- int ret; +- +- ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, +- &target->thread.tar, 0, sizeof(u64)); +- return ret; ++ return user_regset_copyout(&pos, &count, &kbuf, &ubuf, ++ &target->thread.tar, 0, sizeof(u64)); + } + static int tar_set(struct task_struct *target, + const struct user_regset *regset, + unsigned int pos, unsigned int count, + const void *kbuf, const void __user *ubuf) + { +- int ret; +- +- ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, +- &target->thread.tar, 0, sizeof(u64)); +- return ret; ++ return user_regset_copyin(&pos, &count, &kbuf, &ubuf, ++ &target->thread.tar, 0, sizeof(u64)); + } + + static int ebb_active(struct task_struct *target, +diff --git a/arch/powerpc/platforms/ps3/repository.c b/arch/powerpc/platforms/ps3/repository.c +index 814a7eaa7769..50dbaf24b1ee 100644 +--- a/arch/powerpc/platforms/ps3/repository.c ++++ b/arch/powerpc/platforms/ps3/repository.c +@@ -170,14 +170,8 @@ int ps3_repository_read_bus_str(unsigned int bus_index, const char *bus_str, + + int ps3_repository_read_bus_id(unsigned int bus_index, u64 *bus_id) + { +- int result; +- +- result = read_node(PS3_LPAR_ID_PME, +- make_first_field("bus", bus_index), +- make_field("id", 0), +- 0, 0, +- bus_id, NULL); +- return result; ++ return read_node(PS3_LPAR_ID_PME, make_first_field("bus", bus_index), ++ make_field("id", 0), 0, 0, bus_id, NULL); + } + + int ps3_repository_read_bus_type(unsigned int bus_index, +@@ -224,15 +218,9 @@ int ps3_repository_read_dev_str(unsigned int bus_index, + int ps3_repository_read_dev_id(unsigned int bus_index, unsigned int dev_index, + u64 *dev_id) + { +- int result; +- +- result = read_node(PS3_LPAR_ID_PME, +- make_first_field("bus", bus_index), +- make_field("dev", dev_index), +- make_field("id", 0), +- 0, +- dev_id, NULL); +- return result; ++ return read_node(PS3_LPAR_ID_PME, make_first_field("bus", bus_index), ++ make_field("dev", dev_index), make_field("id", 0), 0, ++ dev_id, NULL); + } + + int ps3_repository_read_dev_type(unsigned int bus_index, +-- +2.40.0 + diff --git a/patches.suse/powerpc-rtas-use-memmove-for-potentially-overlapping.patch b/patches.suse/powerpc-rtas-use-memmove-for-potentially-overlapping.patch new file mode 100644 index 0000000..e3ab7e5 --- /dev/null +++ b/patches.suse/powerpc-rtas-use-memmove-for-potentially-overlapping.patch @@ -0,0 +1,57 @@ +From 271208ee5e335cb1ad280d22784940daf7ddf820 Mon Sep 17 00:00:00 2001 +From: Nathan Lynch +Date: Mon, 6 Mar 2023 15:33:41 -0600 +Subject: [PATCH] powerpc/rtas: use memmove for potentially overlapping buffer + copy + +References: bsc#1065729 +Patch-mainline: v6.4-rc1 +Git-commit: 271208ee5e335cb1ad280d22784940daf7ddf820 + +Using memcpy() isn't safe when buf is identical to rtas_err_buf, which +can happen during boot before slab is up. Full context which may not +be obvious from the diff: + + if (altbuf) { + buf = altbuf; + } else { + buf = rtas_err_buf; + if (slab_is_available()) + buf = kmalloc(RTAS_ERROR_LOG_MAX, GFP_ATOMIC); + } + if (buf) + memcpy(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX); + +This was found by inspection and I'm not aware of it causing problems +in practice. It appears to have been introduced by commit +033ef338b6e0 ("powerpc: Merge rtas.c into arch/powerpc/kernel"); the +old ppc64 version of this code did not have this problem. + +Use memmove() instead. + +Fixes: 033ef338b6e0 ("powerpc: Merge rtas.c into arch/powerpc/kernel") +Signed-off-by: Nathan Lynch +Reviewed-by: Andrew Donnellan +Signed-off-by: Michael Ellerman +Link: https://msgid.link/20230220-rtas-queue-for-6-4-v1-2-010e4416f13f@linux.ibm.com +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/rtas.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c +index 31175b34856a..9256cfaa8b6f 100644 +--- a/arch/powerpc/kernel/rtas.c ++++ b/arch/powerpc/kernel/rtas.c +@@ -981,7 +981,7 @@ static char *__fetch_rtas_last_error(char *altbuf) + buf = kmalloc(RTAS_ERROR_LOG_MAX, GFP_ATOMIC); + } + if (buf) +- memcpy(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX); ++ memmove(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX); + } + + return buf; +-- +2.40.0 + diff --git a/series.conf b/series.conf index a2e8c96..be58d38 100644 --- a/series.conf +++ b/series.conf @@ -9530,6 +9530,7 @@ patches.suse/powerpc-xmon-Fix-display-of-SPRs.patch patches.suse/powerpc-kernel-Change-retrieval-of-pci_dn.patch patches.suse/powerpc-mm-radix-Prettify-mapped-memory-range-print-.patch + patches.suse/powerpc-Squash-lines-for-simple-wrapper-functions.patch patches.suse/powerpc-xmon-Add-ISA-v3.0-SPRs-to-SPR-dump.patch patches.suse/powerpc-conditionally-compile-platform-specific-serial-drivers.patch patches.suse/cxl-Fix-driver-use-count.patch @@ -63314,6 +63315,7 @@ patches.suse/usb-chipidea-core-fix-possible-concurrent-when-switc.patch patches.suse/s390-vfio-ap-fix-memory-leak-in-vfio_ap-device-drive.patch patches.suse/NFSv4-Fix-hangs-when-recovering-open-state-after-a-s.patch + patches.suse/powerpc-Don-t-try-to-copy-PPR-for-task-with-NULL-pt_.patch patches.suse/ring-buffer-Fix-race-while-reader-and-writer-are-on-the-same-page.patch patches.suse/ftrace-Mark-get_lock_parent_ip-__always_inline.patch patches.suse/scsi-qla2xxx-Fix-memory-leak-in-qla2x00_probe_one.patch @@ -63326,6 +63328,7 @@ patches.suse/USB-dwc3-fix-runtime-pm-imbalance-on-probe-errors.patch patches.suse/USB-dwc3-fix-runtime-pm-imbalance-on-unbind.patch patches.suse/usb-chipidea-fix-missing-goto-in-ci_hdrc_probe.patch + patches.suse/powerpc-rtas-use-memmove-for-potentially-overlapping.patch patches.suse/workqueue-Fix-hung-time-report-of-worker-pools.patch patches.suse/workqueue-Warn-when-a-new-worker-could-not-be-create.patch patches.suse/workqueue-Interrupted-create_worker-is-not-a-repeate.patch