diff --git a/patches.suse/0001-s390-cio-fix-race-condition-during-online-processing.patch b/patches.suse/0001-s390-cio-fix-race-condition-during-online-processing.patch new file mode 100644 index 0000000..40378a1 --- /dev/null +++ b/patches.suse/0001-s390-cio-fix-race-condition-during-online-processing.patch @@ -0,0 +1,70 @@ +From 2d8527f2f911fab84aec04df4788c0c23af3df48 Mon Sep 17 00:00:00 2001 +From: Peter Oberparleiter +Date: Wed, 10 Apr 2024 11:46:19 +0200 +Subject: [PATCH] s390/cio: fix race condition during online processing +Patch-mainline: Not yet, patches submitted by IBM +References: bsc#1219485 + +A race condition exists in ccw_device_set_online() that can cause the +online process to fail, leaving the affected device in an inconsistent +state. As a result, subsequent attempts to set that device online fail +with return code ENODEV. + +The problem occurs when a path verification request arrives after +a wait for final device state completed, but before the result state +is evaluated. + +Fix this by ensuring that the CCW-device lock is held between +determining final state and checking result state. + +Note that since: + +commit 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers") + +path verification requests are much more likely to occur during boot, +resulting in an increased chance of this race condition occurring. + +Fixes: 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers") +Reviewed-by: Alexandra Winter +Reviewed-by: Vineeth Vijayan +Signed-off-by: Peter Oberparleiter +Signed-off-by: Alexander Gordeev +Acked-by: Miroslav Franc +--- + drivers/s390/cio/device.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/drivers/s390/cio/device.c b/drivers/s390/cio/device.c +index f95d12345d98..920f550bc313 100644 +--- a/drivers/s390/cio/device.c ++++ b/drivers/s390/cio/device.c +@@ -363,10 +363,8 @@ int ccw_device_set_online(struct ccw_device *cdev) + + spin_lock_irq(cdev->ccwlock); + ret = ccw_device_online(cdev); +- spin_unlock_irq(cdev->ccwlock); +- if (ret == 0) +- wait_event(cdev->private->wait_q, dev_fsm_final_state(cdev)); +- else { ++ if (ret) { ++ spin_unlock_irq(cdev->ccwlock); + CIO_MSG_EVENT(0, "ccw_device_online returned %d, " + "device 0.%x.%04x\n", + ret, cdev->private->dev_id.ssid, +@@ -375,7 +373,12 @@ int ccw_device_set_online(struct ccw_device *cdev) + put_device(&cdev->dev); + return ret; + } +- spin_lock_irq(cdev->ccwlock); ++ /* Wait until a final state is reached */ ++ while (!dev_fsm_final_state(cdev)) { ++ spin_unlock_irq(cdev->ccwlock); ++ wait_event(cdev->private->wait_q, dev_fsm_final_state(cdev)); ++ spin_lock_irq(cdev->ccwlock); ++ } + /* Check if online processing was successful */ + if ((cdev->private->state != DEV_STATE_ONLINE) && + (cdev->private->state != DEV_STATE_W4SENSE)) { +-- +2.43.0 + diff --git a/patches.suse/0001-s390-qdio-handle-deferred-cc1.patch b/patches.suse/0001-s390-qdio-handle-deferred-cc1.patch new file mode 100644 index 0000000..f10ba1e --- /dev/null +++ b/patches.suse/0001-s390-qdio-handle-deferred-cc1.patch @@ -0,0 +1,119 @@ +From 607638faf2ff1cede37458111496e7cc6c977f6f Mon Sep 17 00:00:00 2001 +From: Peter Oberparleiter +Date: Wed, 10 Apr 2024 11:46:18 +0200 +Subject: [PATCH] s390/qdio: handle deferred cc1 +Patch-mainline: Not yet, patches submitted by IBM +References: bsc#1219485 + +A deferred condition code 1 response indicates that I/O was not started +and should be retried. The current QDIO implementation handles a cc1 +response as I/O error, resulting in a failed QDIO setup. This can happen +for example when a path verification request arrives at the same time +as QDIO setup I/O is started. + +Fix this by retrying the QDIO setup I/O when a cc1 response is received. + +Note that since + +commit 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers") +commit 5ef1dc40ffa6 ("s390/cio: fix invalid -EBUSY on ccw_device_start") + +deferred cc1 responses are much more likely to occur. See the commit +message of the latter for more background information. + +Fixes: 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers") +Reviewed-by: Alexandra Winter +Signed-off-by: Peter Oberparleiter +Signed-off-by: Alexander Gordeev +Acked-by: Miroslav Franc +--- + drivers/s390/cio/qdio_main.c | 28 +++++++++++++++++++++++----- + 1 file changed, 23 insertions(+), 5 deletions(-) + +diff --git a/drivers/s390/cio/qdio_main.c b/drivers/s390/cio/qdio_main.c +index 3d9f0834c78b..a1cb39f4b7a2 100644 +--- a/drivers/s390/cio/qdio_main.c ++++ b/drivers/s390/cio/qdio_main.c +@@ -722,8 +722,8 @@ static void qdio_handle_activate_check(struct qdio_irq *irq_ptr, + lgr_info_log(); + } + +-static void qdio_establish_handle_irq(struct qdio_irq *irq_ptr, int cstat, +- int dstat) ++static int qdio_establish_handle_irq(struct qdio_irq *irq_ptr, int cstat, ++ int dstat, int dcc) + { + DBF_DEV_EVENT(DBF_INFO, irq_ptr, "qest irq"); + +@@ -731,15 +731,18 @@ static void qdio_establish_handle_irq(struct qdio_irq *irq_ptr, int cstat, + goto error; + if (dstat & ~(DEV_STAT_DEV_END | DEV_STAT_CHN_END)) + goto error; ++ if (dcc == 1) ++ return -EAGAIN; + if (!(dstat & DEV_STAT_DEV_END)) + goto error; + qdio_set_state(irq_ptr, QDIO_IRQ_STATE_ESTABLISHED); +- return; ++ return 0; + + error: + DBF_ERROR("%4x EQ:error", irq_ptr->schid.sch_no); + DBF_ERROR("ds: %2x cs:%2x", dstat, cstat); + qdio_set_state(irq_ptr, QDIO_IRQ_STATE_ERR); ++ return -EIO; + } + + /* qdio interrupt handler */ +@@ -748,7 +751,7 @@ void qdio_int_handler(struct ccw_device *cdev, unsigned long intparm, + { + struct qdio_irq *irq_ptr = cdev->private->qdio_data; + struct subchannel_id schid; +- int cstat, dstat; ++ int cstat, dstat, rc, dcc; + + if (!intparm || !irq_ptr) { + ccw_device_get_schid(cdev, &schid); +@@ -768,10 +771,12 @@ void qdio_int_handler(struct ccw_device *cdev, unsigned long intparm, + qdio_irq_check_sense(irq_ptr, irb); + cstat = irb->scsw.cmd.cstat; + dstat = irb->scsw.cmd.dstat; ++ dcc = scsw_cmd_is_valid_cc(&irb->scsw) ? irb->scsw.cmd.cc : 0; ++ rc = 0; + + switch (irq_ptr->state) { + case QDIO_IRQ_STATE_INACTIVE: +- qdio_establish_handle_irq(irq_ptr, cstat, dstat); ++ rc = qdio_establish_handle_irq(irq_ptr, cstat, dstat, dcc); + break; + case QDIO_IRQ_STATE_CLEANUP: + qdio_set_state(irq_ptr, QDIO_IRQ_STATE_INACTIVE); +@@ -785,12 +790,25 @@ void qdio_int_handler(struct ccw_device *cdev, unsigned long intparm, + if (cstat || dstat) + qdio_handle_activate_check(irq_ptr, intparm, cstat, + dstat); ++ else if (dcc == 1) ++ rc = -EAGAIN; + break; + case QDIO_IRQ_STATE_STOPPED: + break; + default: + WARN_ON_ONCE(1); + } ++ ++ if (rc == -EAGAIN) { ++ DBF_DEV_EVENT(DBF_INFO, irq_ptr, "qint retry"); ++ rc = ccw_device_start(cdev, irq_ptr->ccw, intparm, 0, 0); ++ if (!rc) ++ return; ++ DBF_ERROR("%4x RETRY ERR", irq_ptr->schid.sch_no); ++ DBF_ERROR("rc:%4x", rc); ++ qdio_set_state(irq_ptr, QDIO_IRQ_STATE_ERR); ++ } ++ + wake_up(&cdev->private->wait_q); + } + +-- +2.43.0 + diff --git a/patches.suse/dm-crypt-dm-verity-disable-tasklets-0a9b.patch b/patches.suse/dm-crypt-dm-verity-disable-tasklets-0a9b.patch index 341a072..fb18797 100644 --- a/patches.suse/dm-crypt-dm-verity-disable-tasklets-0a9b.patch +++ b/patches.suse/dm-crypt-dm-verity-disable-tasklets-0a9b.patch @@ -4,7 +4,7 @@ Date: Wed, 31 Jan 2024 21:57:27 +0100 Subject: [PATCH] dm-crypt, dm-verity: disable tasklets Git-commit: 0a9bab391e336489169b95cb0d4553d921302189 Patch-mainline: v6.8-rc3 -References: git-fixes +References: bsc#1222416, CVE-2024-26718 Tasklets have an inherent problem with memory corruption. The function tasklet_action_common calls tasklet_trylock, then it calls the tasklet diff --git a/patches.suse/dm-crypt-don-t-modify-the-data-when-using-authentica-50c7.patch b/patches.suse/dm-crypt-don-t-modify-the-data-when-using-authentica-50c7.patch index 6a75084..77792e9 100644 --- a/patches.suse/dm-crypt-don-t-modify-the-data-when-using-authentica-50c7.patch +++ b/patches.suse/dm-crypt-don-t-modify-the-data-when-using-authentica-50c7.patch @@ -5,7 +5,7 @@ Subject: [PATCH] dm-crypt: don't modify the data when using authenticated encryption Git-commit: 50c70240097ce41fe6bce6478b80478281e4d0f7 Patch-mainline: v6.8-rc6 -References: git-fixes +References: bsc#1222720, CVE-2024-26763 It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified [1]. So, fix this problem by diff --git a/patches.suse/dmaengine-fsl-qdma-fix-SoC-may-hang-on-16-byte-unali.patch b/patches.suse/dmaengine-fsl-qdma-fix-SoC-may-hang-on-16-byte-unali.patch index c917c64..0f52f06 100644 --- a/patches.suse/dmaengine-fsl-qdma-fix-SoC-may-hang-on-16-byte-unali.patch +++ b/patches.suse/dmaengine-fsl-qdma-fix-SoC-may-hang-on-16-byte-unali.patch @@ -4,7 +4,7 @@ Date: Thu, 1 Feb 2024 16:50:07 -0500 Subject: [PATCH] dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Git-commit: 9d739bccf261dd93ec1babf82f5c5d71dd4caa3e Patch-mainline: v6.8-rc7 -References: git-fixes +References: git-fixes CVE-2024-26790 bsc#1222784 There is chip (ls1028a) errata: diff --git a/patches.suse/md-Don-t-ignore-read-only-array-in-md_check_recovery-55a4.patch b/patches.suse/md-Don-t-ignore-read-only-array-in-md_check_recovery-55a4.patch index 8529192..dd4c989 100644 --- a/patches.suse/md-Don-t-ignore-read-only-array-in-md_check_recovery-55a4.patch +++ b/patches.suse/md-Don-t-ignore-read-only-array-in-md_check_recovery-55a4.patch @@ -4,7 +4,7 @@ Date: Thu, 1 Feb 2024 17:25:47 +0800 Subject: [PATCH] md: Don't ignore read-only array in md_check_recovery() Git-commit: 55a48ad2db64737f7ffc0407634218cc6e4c513b Patch-mainline: v6.8-rc2 -References: bsc#1219596 +References: bsc#1219596, bsc#1222527, CVE-2024-26757 Usually if the array is not read-write, md_check_recovery() won't register new sync_thread in the first place. And if the array is diff --git a/patches.suse/md-Don-t-register-sync_thread-for-reshape-directly-ad39.patch b/patches.suse/md-Don-t-register-sync_thread-for-reshape-directly-ad39.patch index 16e5e6b..d1e4adc 100644 --- a/patches.suse/md-Don-t-register-sync_thread-for-reshape-directly-ad39.patch +++ b/patches.suse/md-Don-t-register-sync_thread-for-reshape-directly-ad39.patch @@ -4,7 +4,7 @@ Date: Thu, 1 Feb 2024 17:25:49 +0800 Subject: [PATCH] md: Don't register sync_thread for reshape directly Git-commit: ad39c08186f8a0f221337985036ba86731d6aafe Patch-mainline: v6.8-rc2 -References: bsc#1219596 +References: bsc#1219596, bsc#1222531, CVE-2024-26756 Currently, if reshape is interrupted, then reassemble the array will register sync_thread directly from pers->run(), in this case diff --git a/patches.suse/mmc-mmci-stm32-fix-DMA-API-overlapping-mappings-warn.patch b/patches.suse/mmc-mmci-stm32-fix-DMA-API-overlapping-mappings-warn.patch index 31c678c..257029e 100644 --- a/patches.suse/mmc-mmci-stm32-fix-DMA-API-overlapping-mappings-warn.patch +++ b/patches.suse/mmc-mmci-stm32-fix-DMA-API-overlapping-mappings-warn.patch @@ -4,7 +4,7 @@ Date: Wed, 7 Feb 2024 15:39:51 +0100 Subject: [PATCH] mmc: mmci: stm32: fix DMA API overlapping mappings warning Git-commit: 6b1ba3f9040be5efc4396d86c9752cdc564730be Patch-mainline: v6.8-rc7 -References: git-fixes +References: git-fixes CVE-2024-26787 bsc#1222781 Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: diff --git a/patches.suse/mptcp-fix-rcv-buffer-auto-tuning.patch b/patches.suse/mptcp-fix-rcv-buffer-auto-tuning.patch index 3a2394b..50ff857 100644 --- a/patches.suse/mptcp-fix-rcv-buffer-auto-tuning.patch +++ b/patches.suse/mptcp-fix-rcv-buffer-auto-tuning.patch @@ -4,7 +4,7 @@ Date: Thu, 20 Jul 2023 20:47:50 +0200 Subject: [PATCH] mptcp: fix rcv buffer auto-tuning Git-commit: b8dc6d6ce93142ccd4c976003bb6c25d63aac2ce Patch-mainline: v6.6-rc1 -References: bsc#1220419 +References: bsc#1220419 bsc#1222656 The MPTCP code uses the assumption that the tcp_win_from_space() helper does not use any TCP-specific field, and thus works correctly operating @@ -30,6 +30,10 @@ Acked-by: Soheil Hassas Yeganeh Link: https://lore.kernel.org/r/20230720-upstream-net-next-20230720-mptcp-fix-rcv-buffer-auto-tuning-v1-1-175ef12b8380@tessares.net Signed-off-by: Jakub Kicinski Signed-off-by: Jiri Wiesner + +Note: This patch had to be reverted due to a performance regression in +HTML traffic, bsc#1222656. The chunk introducing scaling_ratio had to be +retained because it is part of the kABI. --- include/net/tcp.h | 20 +++++++++++++++----- net/mptcp/protocol.c | 15 +++++++-------- @@ -37,107 +41,6 @@ Signed-off-by: Jiri Wiesner net/mptcp/subflow.c | 2 +- 4 files changed, 30 insertions(+), 15 deletions(-) ---- a/include/net/tcp.h -+++ b/include/net/tcp.h -@@ -1432,22 +1432,32 @@ void tcp_select_initial_window(const str - __u32 *window_clamp, int wscale_ok, - __u8 *rcv_wscale, __u32 init_rcv_wnd); - --static inline int tcp_win_from_space(const struct sock *sk, int space) -+static inline int __tcp_win_from_space(u8 scaling_ratio, int space) - { -- s64 scaled_space = (s64)space * tcp_sk(sk)->scaling_ratio; -+ s64 scaled_space = (s64)space * scaling_ratio; - - return scaled_space >> TCP_RMEM_TO_WIN_SCALE; - } - --/* inverse of tcp_win_from_space() */ --static inline int tcp_space_from_win(const struct sock *sk, int win) -+static inline int tcp_win_from_space(const struct sock *sk, int space) -+{ -+ return __tcp_win_from_space(tcp_sk(sk)->scaling_ratio, space); -+} -+ -+/* inverse of __tcp_win_from_space() */ -+static inline int __tcp_space_from_win(u8 scaling_ratio, int win) - { - u64 val = (u64)win << TCP_RMEM_TO_WIN_SCALE; - -- do_div(val, tcp_sk(sk)->scaling_ratio); -+ do_div(val, scaling_ratio); - return val; - } - -+static inline int tcp_space_from_win(const struct sock *sk, int win) -+{ -+ return __tcp_space_from_win(tcp_sk(sk)->scaling_ratio, win); -+} -+ - static inline void tcp_scaling_ratio_init(struct sock *sk) - { - /* Assume a conservative default of 1200 bytes of payload per 4K page. ---- a/net/mptcp/protocol.c -+++ b/net/mptcp/protocol.c -@@ -90,6 +90,7 @@ static int __mptcp_socket_create(struct - if (err) - return err; - -+ msk->scaling_ratio = tcp_sk(ssock->sk)->scaling_ratio; - WRITE_ONCE(msk->first, ssock->sk); - WRITE_ONCE(msk->subflow, ssock); - subflow = mptcp_subflow_ctx(ssock->sk); -@@ -1881,6 +1882,7 @@ static void mptcp_rcv_space_adjust(struc - { - struct mptcp_subflow_context *subflow; - struct sock *sk = (struct sock *)msk; -+ u8 scaling_ratio = U8_MAX; - u32 time, advmss = 1; - u64 rtt_us, mstamp; - -@@ -1911,9 +1913,11 @@ static void mptcp_rcv_space_adjust(struc - - rtt_us = max(sf_rtt_us, rtt_us); - advmss = max(sf_advmss, advmss); -+ scaling_ratio = min(tp->scaling_ratio, scaling_ratio); - } - - msk->rcvq_space.rtt_us = rtt_us; -+ msk->scaling_ratio = scaling_ratio; - if (time < (rtt_us >> 3) || rtt_us == 0) - return; - -@@ -1922,8 +1926,8 @@ static void mptcp_rcv_space_adjust(struc - - if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_moderate_rcvbuf) && - !(sk->sk_userlocks & SOCK_RCVBUF_LOCK)) { -- int rcvmem, rcvbuf; - u64 rcvwin, grow; -+ int rcvbuf; - - rcvwin = ((u64)msk->rcvq_space.copied << 1) + 16 * advmss; - -@@ -1932,18 +1936,13 @@ static void mptcp_rcv_space_adjust(struc - do_div(grow, msk->rcvq_space.space); - rcvwin += (grow << 1); - -- rcvmem = SKB_TRUESIZE(advmss + MAX_TCP_HEADER); -- while (tcp_win_from_space(sk, rcvmem) < advmss) -- rcvmem += 128; -- -- do_div(rcvwin, advmss); -- rcvbuf = min_t(u64, rcvwin * rcvmem, -+ rcvbuf = min_t(u64, __tcp_space_from_win(scaling_ratio, rcvwin), - READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[2])); - - if (rcvbuf > sk->sk_rcvbuf) { - u32 window_clamp; - -- window_clamp = tcp_win_from_space(sk, rcvbuf); -+ window_clamp = __tcp_win_from_space(scaling_ratio, rcvbuf); - WRITE_ONCE(sk->sk_rcvbuf, rcvbuf); - - /* Make subflows follow along. If we do not do this, we --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -317,6 +317,7 @@ struct mptcp_sock { @@ -148,30 +51,3 @@ Signed-off-by: Jiri Wiesner u32 setsockopt_seq; char ca_name[TCP_CA_NAME_MAX]; -@@ -345,9 +346,14 @@ static inline int __mptcp_rmem(const str - return atomic_read(&sk->sk_rmem_alloc) - READ_ONCE(mptcp_sk(sk)->rmem_released); - } - -+static inline int mptcp_win_from_space(const struct sock *sk, int space) -+{ -+ return __tcp_win_from_space(mptcp_sk(sk)->scaling_ratio, space); -+} -+ - static inline int __mptcp_space(const struct sock *sk) - { -- return tcp_win_from_space(sk, READ_ONCE(sk->sk_rcvbuf) - __mptcp_rmem(sk)); -+ return mptcp_win_from_space(sk, READ_ONCE(sk->sk_rcvbuf) - __mptcp_rmem(sk)); - } - - static inline struct mptcp_data_frag *mptcp_send_head(const struct sock *sk) ---- a/net/mptcp/subflow.c -+++ b/net/mptcp/subflow.c -@@ -1358,7 +1358,7 @@ void mptcp_space(const struct sock *ssk, - const struct sock *sk = subflow->conn; - - *space = __mptcp_space(sk); -- *full_space = tcp_full_space(sk); -+ *full_space = mptcp_win_from_space(sk, READ_ONCE(sk->sk_rcvbuf)); - } - - void __mptcp_error_report(struct sock *sk) diff --git a/patches.suse/s390-cio-fix-invalid-EBUSY-on-ccw_device_start.patch b/patches.suse/s390-cio-fix-invalid-EBUSY-on-ccw_device_start.patch index 596d74d..d079814 100644 --- a/patches.suse/s390-cio-fix-invalid-EBUSY-on-ccw_device_start.patch +++ b/patches.suse/s390-cio-fix-invalid-EBUSY-on-ccw_device_start.patch @@ -3,7 +3,7 @@ Date: Wed, 14 Feb 2024 16:06:28 +0100 Subject: s390/cio: fix invalid -EBUSY on ccw_device_start Git-commit: 5ef1dc40ffa6a6cb968b0fdc43c3a61727a9e950 Patch-mainline: v6.8-rc6 -References: git-fixes bsc#1220360 +References: git-fixes bsc#1220360 bsc#1219485 The s390 common I/O layer (CIO) returns an unexpected -EBUSY return code when drivers try to start I/O while a path-verification (PV) process is diff --git a/patches.suse/s390-qeth-handle-deferred-cc1.patch b/patches.suse/s390-qeth-handle-deferred-cc1.patch new file mode 100644 index 0000000..94868cd --- /dev/null +++ b/patches.suse/s390-qeth-handle-deferred-cc1.patch @@ -0,0 +1,112 @@ +From: Alexandra Winter +Date: Thu, 21 Mar 2024 12:53:37 +0100 +Subject: s390/qeth: handle deferred cc1 +Git-commit: afb373ff3f54c9d909efc7f810dc80a9742807b2 +Patch-mainline: v6.9-rc2 +References: bsc#1219485 git-fixes + +The IO subsystem expects a driver to retry a ccw_device_start, when the +subsequent interrupt response block (irb) contains a deferred +condition code 1. + +Symptoms before this commit: +On the read channel we always trigger the next read anyhow, so no +different behaviour here. +On the write channel we may experience timeout errors, because the +expected reply will never be received without the retry. +Other callers of qeth_send_control_data() may wrongly assume that the ccw +was successful, which may cause problems later. + +Note that since +commit 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers") +and +commit 5ef1dc40ffa6 ("s390/cio: fix invalid -EBUSY on ccw_device_start") +deferred CC1s are much more likely to occur. See the commit message of the +latter for more background information. + +Fixes: 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers") +Signed-off-by: Alexandra Winter +Co-developed-by: Thorsten Winkler +Signed-off-by: Thorsten Winkler +Reviewed-by: Peter Oberparleiter +Link: https://lore.kernel.org/r/20240321115337.3564694-1-wintera@linux.ibm.com +Signed-off-by: Jakub Kicinski +Acked-by: Miroslav Franc +--- + drivers/s390/net/qeth_core_main.c | 38 ++++++++++++++++++++++++++++++++++++-- + 1 file changed, 36 insertions(+), 2 deletions(-) + +diff --git a/drivers/s390/net/qeth_core_main.c b/drivers/s390/net/qeth_core_main.c +index a0cce6872075..f0b8b709649f 100644 +--- a/drivers/s390/net/qeth_core_main.c ++++ b/drivers/s390/net/qeth_core_main.c +@@ -1179,6 +1179,20 @@ static int qeth_check_irb_error(struct qeth_card *card, struct ccw_device *cdev, + } + } + ++/** ++ * qeth_irq() - qeth interrupt handler ++ * @cdev: ccw device ++ * @intparm: expect pointer to iob ++ * @irb: Interruption Response Block ++ * ++ * In the good path: ++ * corresponding qeth channel is locked with last used iob as active_cmd. ++ * But this function is also called for error interrupts. ++ * ++ * Caller ensures that: ++ * Interrupts are disabled; ccw device lock is held; ++ * ++ */ + static void qeth_irq(struct ccw_device *cdev, unsigned long intparm, + struct irb *irb) + { +@@ -1220,11 +1234,10 @@ static void qeth_irq(struct ccw_device *cdev, unsigned long intparm, + iob = (struct qeth_cmd_buffer *) (addr_t)intparm; + } + +- qeth_unlock_channel(card, channel); +- + rc = qeth_check_irb_error(card, cdev, irb); + if (rc) { + /* IO was terminated, free its resources. */ ++ qeth_unlock_channel(card, channel); + if (iob) + qeth_cancel_cmd(iob, rc); + return; +@@ -1268,6 +1281,7 @@ static void qeth_irq(struct ccw_device *cdev, unsigned long intparm, + rc = qeth_get_problem(card, cdev, irb); + if (rc) { + card->read_or_write_problem = 1; ++ qeth_unlock_channel(card, channel); + if (iob) + qeth_cancel_cmd(iob, rc); + qeth_clear_ipacmd_list(card); +@@ -1276,6 +1290,26 @@ static void qeth_irq(struct ccw_device *cdev, unsigned long intparm, + } + } + ++ if (scsw_cmd_is_valid_cc(&irb->scsw) && irb->scsw.cmd.cc == 1 && iob) { ++ /* channel command hasn't started: retry. ++ * active_cmd is still set to last iob ++ */ ++ QETH_CARD_TEXT(card, 2, "irqcc1"); ++ rc = ccw_device_start_timeout(cdev, __ccw_from_cmd(iob), ++ (addr_t)iob, 0, 0, iob->timeout); ++ if (rc) { ++ QETH_DBF_MESSAGE(2, ++ "ccw retry on %x failed, rc = %i\n", ++ CARD_DEVID(card), rc); ++ QETH_CARD_TEXT_(card, 2, " err%d", rc); ++ qeth_unlock_channel(card, channel); ++ qeth_cancel_cmd(iob, rc); ++ } ++ return; ++ } ++ ++ qeth_unlock_channel(card, channel); ++ + if (iob) { + /* sanity check: */ + if (irb->scsw.cmd.count > iob->length) { + diff --git a/patches.suse/spi-hisi-sfc-v3xx-Return-IRQ_NONE-if-no-interrupts-w.patch b/patches.suse/spi-hisi-sfc-v3xx-Return-IRQ_NONE-if-no-interrupts-w.patch index 4ca2fc2..4d003e5 100644 --- a/patches.suse/spi-hisi-sfc-v3xx-Return-IRQ_NONE-if-no-interrupts-w.patch +++ b/patches.suse/spi-hisi-sfc-v3xx-Return-IRQ_NONE-if-no-interrupts-w.patch @@ -4,7 +4,7 @@ Date: Tue, 23 Jan 2024 15:11:49 +0800 Subject: [PATCH] spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Git-commit: de8b6e1c231a95abf95ad097b993d34b31458ec9 Patch-mainline: v6.8-rc2 -References: git-fixes +References: git-fixes CVE-2024-26776 bsc#1222764 Return IRQ_NONE from the interrupt handler when no interrupt was detected. Because an empty interrupt will cause a null pointer error: diff --git a/patches.suse/tcp-get-rid-of-sysctl_tcp_adv_win_scale.patch b/patches.suse/tcp-get-rid-of-sysctl_tcp_adv_win_scale.patch index c8e1ee9..61d6c30 100644 --- a/patches.suse/tcp-get-rid-of-sysctl_tcp_adv_win_scale.patch +++ b/patches.suse/tcp-get-rid-of-sysctl_tcp_adv_win_scale.patch @@ -4,7 +4,7 @@ Date: Mon, 17 Jul 2023 15:29:17 +0000 Subject: [PATCH] tcp: get rid of sysctl_tcp_adv_win_scale Git-commit: dfa2f0483360d4d6f2324405464c9f281156bd87 Patch-mainline: v6.6-rc1 -References: bsc#1220419 +References: bsc#1220419 bsc#1222656 With modern NIC drivers shifting to full page allocations per received frame, we face the following issue: @@ -38,6 +38,11 @@ Acked-by: Soheil Hassas Yeganeh Link: https://lore.kernel.org/r/20230717152917.751987-1-edumazet@google.com Signed-off-by: Jakub Kicinski Signed-off-by: Jiri Wiesner + +Note: This patch had to be reverted due to a performance regression in +HTML traffic, bsc#1222656. The chunk introducing scaling_ratio had to be +retained because it is part of the kABI and later patches expect this +member to be available. --- Documentation/networking/ip-sysctl.rst | 1 + include/linux/tcp.h | 4 +++- @@ -47,31 +52,10 @@ Signed-off-by: Jiri Wiesner net/ipv4/tcp_input.c | 19 ++++++++++++------- 6 files changed, 43 insertions(+), 18 deletions(-) -diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst -index 4a010a7cde7f..82f2117cf2b3 100644 ---- a/Documentation/networking/ip-sysctl.rst -+++ b/Documentation/networking/ip-sysctl.rst -@@ -321,6 +321,7 @@ tcp_abort_on_overflow - BOOLEAN - option can harm clients of your server. - - tcp_adv_win_scale - INTEGER -+ Obsolete since linux-6.6 - Count buffering overhead as bytes/2^tcp_adv_win_scale - (if tcp_adv_win_scale > 0) or bytes-bytes/2^(-tcp_adv_win_scale), - if it is <= 0. diff --git a/include/linux/tcp.h b/include/linux/tcp.h index b4c08ac86983..fbcb0ce13171 100644 --- a/include/linux/tcp.h +++ b/include/linux/tcp.h -@@ -172,6 +172,8 @@ static inline struct tcp_request_sock *tcp_rsk(const struct request_sock *req) - return (struct tcp_request_sock *)req; - } - -+#define TCP_RMEM_TO_WIN_SCALE 8 -+ - struct tcp_sock { - /* inet_connection_sock has to be the first member of tcp_sock */ - struct inet_connection_sock inet_conn; @@ -238,7 +240,7 @@ struct tcp_sock { u32 window_clamp; /* Maximal window to advertise */ @@ -81,136 +65,6 @@ index b4c08ac86983..fbcb0ce13171 100644 /* Information of the most recently (s)acked skb */ struct tcp_rack { u64 mstamp; /* (Re)sent time of the skb */ -diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h -index f00374718159..7a41c4791536 100644 ---- a/include/net/netns/ipv4.h -+++ b/include/net/netns/ipv4.h -@@ -152,7 +152,7 @@ struct netns_ipv4 { - u8 sysctl_tcp_abort_on_overflow; - u8 sysctl_tcp_fack; /* obsolete */ - int sysctl_tcp_max_reordering; -- int sysctl_tcp_adv_win_scale; -+ int sysctl_tcp_adv_win_scale; /* obsolete */ - u8 sysctl_tcp_dsack; - u8 sysctl_tcp_app_win; - u8 sysctl_tcp_frto; -diff --git a/include/net/tcp.h b/include/net/tcp.h -index 226bce6d1e8c..2104a71c75ba 100644 ---- a/include/net/tcp.h -+++ b/include/net/tcp.h -@@ -1434,11 +1434,27 @@ void tcp_select_initial_window(const struct sock *sk, int __space, - - static inline int tcp_win_from_space(const struct sock *sk, int space) - { -- int tcp_adv_win_scale = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_adv_win_scale); -+ s64 scaled_space = (s64)space * tcp_sk(sk)->scaling_ratio; - -- return tcp_adv_win_scale <= 0 ? -- (space>>(-tcp_adv_win_scale)) : -- space - (space>>tcp_adv_win_scale); -+ return scaled_space >> TCP_RMEM_TO_WIN_SCALE; -+} -+ -+/* inverse of tcp_win_from_space() */ -+static inline int tcp_space_from_win(const struct sock *sk, int win) -+{ -+ u64 val = (u64)win << TCP_RMEM_TO_WIN_SCALE; -+ -+ do_div(val, tcp_sk(sk)->scaling_ratio); -+ return val; -+} -+ -+static inline void tcp_scaling_ratio_init(struct sock *sk) -+{ -+ /* Assume a conservative default of 1200 bytes of payload per 4K page. -+ * This may be adjusted later in tcp_measure_rcv_mss(). -+ */ -+ tcp_sk(sk)->scaling_ratio = (1200 << TCP_RMEM_TO_WIN_SCALE) / -+ SKB_TRUESIZE(4096); - } - - /* Note: caller must be prepared to deal with negative returns */ -diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c -index e03e08745308..88f4ebab12ac 100644 ---- a/net/ipv4/tcp.c -+++ b/net/ipv4/tcp.c -@@ -457,6 +457,7 @@ void tcp_init_sock(struct sock *sk) - - WRITE_ONCE(sk->sk_sndbuf, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_wmem[1])); - WRITE_ONCE(sk->sk_rcvbuf, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[1])); -+ tcp_scaling_ratio_init(sk); - - set_bit(SOCK_SUPPORT_ZC, &sk->sk_socket->flags); - sk_sockets_allocated_inc(sk); -@@ -1700,7 +1701,7 @@ EXPORT_SYMBOL(tcp_peek_len); - /* Make sure sk_rcvbuf is big enough to satisfy SO_RCVLOWAT hint */ - int tcp_set_rcvlowat(struct sock *sk, int val) - { -- int cap; -+ int space, cap; - - if (sk->sk_userlocks & SOCK_RCVBUF_LOCK) - cap = sk->sk_rcvbuf >> 1; -@@ -1715,10 +1716,10 @@ int tcp_set_rcvlowat(struct sock *sk, int val) - if (sk->sk_userlocks & SOCK_RCVBUF_LOCK) - return 0; - -- val <<= 1; -- if (val > sk->sk_rcvbuf) { -- WRITE_ONCE(sk->sk_rcvbuf, val); -- tcp_sk(sk)->window_clamp = tcp_win_from_space(sk, val); -+ space = tcp_space_from_win(sk, val); -+ if (space > sk->sk_rcvbuf) { -+ WRITE_ONCE(sk->sk_rcvbuf, space); -+ tcp_sk(sk)->window_clamp = val; - } - return 0; - } -diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index 57c8af1859c1..3cd92035e090 100644 ---- a/net/ipv4/tcp_input.c -+++ b/net/ipv4/tcp_input.c -@@ -237,6 +237,16 @@ static void tcp_measure_rcv_mss(struct sock *sk, const struct sk_buff *skb) - */ - len = skb_shinfo(skb)->gso_size ? : skb->len; - if (len >= icsk->icsk_ack.rcv_mss) { -+ /* Note: divides are still a bit expensive. -+ * For the moment, only adjust scaling_ratio -+ * when we update icsk_ack.rcv_mss. -+ */ -+ if (unlikely(len != icsk->icsk_ack.rcv_mss)) { -+ u64 val = (u64)skb->len << TCP_RMEM_TO_WIN_SCALE; -+ -+ do_div(val, skb->truesize); -+ tcp_sk(sk)->scaling_ratio = val ? val : 1; -+ } - icsk->icsk_ack.rcv_mss = min_t(unsigned int, len, - tcp_sk(sk)->advmss); - /* Account for possibly-removed options */ -@@ -727,8 +737,8 @@ void tcp_rcv_space_adjust(struct sock *sk) - - if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_moderate_rcvbuf) && - !(sk->sk_userlocks & SOCK_RCVBUF_LOCK)) { -- int rcvmem, rcvbuf; - u64 rcvwin, grow; -+ int rcvbuf; - - /* minimal window to cope with packet losses, assuming - * steady state. Add some cushion because of small variations. -@@ -740,12 +750,7 @@ void tcp_rcv_space_adjust(struct sock *sk) - do_div(grow, tp->rcvq_space.space); - rcvwin += (grow << 1); - -- rcvmem = SKB_TRUESIZE(tp->advmss + MAX_TCP_HEADER); -- while (tcp_win_from_space(sk, rcvmem) < tp->advmss) -- rcvmem += 128; -- -- do_div(rcvwin, tp->advmss); -- rcvbuf = min_t(u64, rcvwin * rcvmem, -+ rcvbuf = min_t(u64, tcp_space_from_win(sk, rcvwin), - READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[2])); - if (rcvbuf > sk->sk_rcvbuf) { - WRITE_ONCE(sk->sk_rcvbuf, rcvbuf); -- 2.35.3 diff --git a/patches.suse/tcp-reorganize-tcp_sock-fast-path-variables.patch b/patches.suse/tcp-reorganize-tcp_sock-fast-path-variables.patch index f1c5c8f..3ba8129 100644 --- a/patches.suse/tcp-reorganize-tcp_sock-fast-path-variables.patch +++ b/patches.suse/tcp-reorganize-tcp_sock-fast-path-variables.patch @@ -42,7 +42,7 @@ Signed-off-by: Jiri Wiesner --- a/include/linux/tcp.h +++ b/include/linux/tcp.h @@ -175,23 +175,121 @@ static inline struct tcp_request_sock *t - #define TCP_RMEM_TO_WIN_SCALE 8 + } struct tcp_sock { + /* Cacheline organization can be found documented in diff --git a/patches.suse/udp-Avoid-call-to-compute_score-on-multiple-sites.patch b/patches.suse/udp-Avoid-call-to-compute_score-on-multiple-sites.patch new file mode 100644 index 0000000..71219fd --- /dev/null +++ b/patches.suse/udp-Avoid-call-to-compute_score-on-multiple-sites.patch @@ -0,0 +1,163 @@ +From 50aee97d15113b95a68848db1f0cb2a6c09f753a Mon Sep 17 00:00:00 2001 +From: Gabriel Krisman Bertazi +Date: Fri, 12 Apr 2024 17:20:04 -0400 +Subject: [PATCH] udp: Avoid call to compute_score on multiple sites +Git-commit: 50aee97d15113b95a68848db1f0cb2a6c09f753a +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git +References: bsc#1220709 + +We've observed a 7-12% performance regression in iperf3 UDP ipv4 and +ipv6 tests with multiple sockets on Zen3 cpus, which we traced back to +commit f0ea27e7bfe1 ("udp: re-score reuseport groups when connected +sockets are present"). The failing tests were those that would spawn +UDP sockets per-cpu on systems that have a high number of cpus. + +Unsurprisingly, it is not caused by the extra re-scoring of the reused +socket, but due to the compiler no longer inlining compute_score, once +it has the extra call site in udp4_lib_lookup2. This is augmented by +the "Safe RET" mitigation for SRSO, needed in our Zen3 cpus. + +We could just explicitly inline it, but compute_score() is quite a large +function, around 300b. Inlining in two sites would almost double +udp4_lib_lookup2, which is a silly thing to do just to workaround a +mitigation. Instead, this patch shuffles the code a bit to avoid the +multiple calls to compute_score. Since it is a static function used in +one spot, the compiler can safely fold it in, as it did before, without +increasing the text size. + +With this patch applied I ran my original iperf3 testcases. The failing +cases all looked like this (ipv4): + iperf3 -c 127.0.0.1 --udp -4 -f K -b $R -l 8920 -t 30 -i 5 -P 64 -O 2 + +where $R is either 1G/10G/0 (max, unlimited). I ran 3 times each. +baseline is v6.9-rc3. harmean == harmonic mean; CV == coefficient of +variation. + +ipv4: + 1G 10G MAX + HARMEAN (CV) HARMEAN (CV) HARMEAN (CV) +baseline 1743852.66(0.0208) 1725933.02(0.0167) 1705203.78(0.0386) +patched 1968727.61(0.0035) 1962283.22(0.0195) 1923853.50(0.0256) + +ipv6: + 1G 10G MAX + HARMEAN (CV) HARMEAN (CV) HARMEAN (CV) +baseline 1729020.03(0.0028) 1691704.49(0.0243) 1692251.34(0.0083) +patched 1900422.19(0.0067) 1900968.01(0.0067) 1568532.72(0.1519) + +This restores the performance we had before the change above with this +benchmark. We obviously don't expect any real impact when mitigations +are disabled, but just to be sure it also doesn't regresses: + +mitigations=off ipv4: + 1G 10G MAX + HARMEAN (CV) HARMEAN (CV) HARMEAN (CV) +baseline 3230279.97(0.0066) 3229320.91(0.0060) 2605693.19(0.0697) +patched 3242802.36(0.0073) 3239310.71(0.0035) 2502427.19(0.0882) + +Cc: Lorenz Bauer +Fixes: f0ea27e7bfe1 ("udp: re-score reuseport groups when connected sockets are present") +Signed-off-by: Gabriel Krisman Bertazi +Reviewed-by: Kuniyuki Iwashima +Reviewed-by: Willem de Bruijn +Signed-off-by: David S. Miller +--- + net/ipv4/udp.c | 21 ++++++++++++++++----- + net/ipv6/udp.c | 20 ++++++++++++++++---- + 2 files changed, 32 insertions(+), 9 deletions(-) + +diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c +index 7613daa339b0..944922172c98 100644 +--- a/net/ipv4/udp.c ++++ b/net/ipv4/udp.c +@@ -427,15 +427,21 @@ static struct sock *udp4_lib_lookup2(struct net *net, + { + struct sock *sk, *result; + int score, badness; ++ bool need_rescore; + + result = NULL; + badness = 0; + udp_portaddr_for_each_entry_rcu(sk, &hslot2->head) { +- score = compute_score(sk, net, saddr, sport, +- daddr, hnum, dif, sdif); ++ need_rescore = false; ++rescore: ++ score = compute_score(need_rescore ? result : sk, net, saddr, ++ sport, daddr, hnum, dif, sdif); + if (score > badness) { + badness = score; + ++ if (need_rescore) ++ continue; ++ + if (sk->sk_state == TCP_ESTABLISHED) { + result = sk; + continue; +@@ -456,9 +462,14 @@ static struct sock *udp4_lib_lookup2(struct net *net, + if (IS_ERR(result)) + continue; + +- badness = compute_score(result, net, saddr, sport, +- daddr, hnum, dif, sdif); +- ++ /* compute_score is too long of a function to be ++ * inlined, and calling it again here yields ++ * measureable overhead for some ++ * workloads. Work around it by jumping ++ * backwards to rescore 'result'. ++ */ ++ need_rescore = true; ++ goto rescore; + } + } + return result; +diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c +index a9466f881f1b..9914e73f4785 100644 +--- a/net/ipv6/udp.c ++++ b/net/ipv6/udp.c +@@ -169,15 +169,21 @@ static struct sock *udp6_lib_lookup2(struct net *net, + { + struct sock *sk, *result; + int score, badness; ++ bool need_rescore; + + result = NULL; + badness = -1; + udp_portaddr_for_each_entry_rcu(sk, &hslot2->head) { +- score = compute_score(sk, net, saddr, sport, +- daddr, hnum, dif, sdif); ++ need_rescore = false; ++rescore: ++ score = compute_score(need_rescore ? result : sk, net, saddr, ++ sport, daddr, hnum, dif, sdif); + if (score > badness) { + badness = score; + ++ if (need_rescore) ++ continue; ++ + if (sk->sk_state == TCP_ESTABLISHED) { + result = sk; + continue; +@@ -198,8 +204,14 @@ static struct sock *udp6_lib_lookup2(struct net *net, + if (IS_ERR(result)) + continue; + +- badness = compute_score(sk, net, saddr, sport, +- daddr, hnum, dif, sdif); ++ /* compute_score is too long of a function to be ++ * inlined, and calling it again here yields ++ * measureable overhead for some ++ * workloads. Work around it by jumping ++ * backwards to rescore 'result'. ++ */ ++ need_rescore = true; ++ goto rescore; + } + } + return result; +-- +2.44.0 + diff --git a/series.conf b/series.conf index 8d75e3c..f8f071a 100644 --- a/series.conf +++ b/series.conf @@ -20059,6 +20059,7 @@ patches.suse/kbuild-Use-fmin-function-alignment-when-available.patch patches.suse/net-sched-Add-module-alias-for-sch_fq_pie.patch patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch + patches.suse/s390-qeth-handle-deferred-cc1.patch patches.suse/scsi-lpfc-Correct-size-for-wqe-for-memset.patch patches.suse/scsi-lpfc-Correct-size-for-cmdwqe-rspwqe-for-memset.patch patches.suse/scsi-qla2xxx-Prevent-command-send-on-chip-reset.patch @@ -20085,6 +20086,9 @@ patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.1.patch patches.suse/scsi-lpfc-Copyright-updates-for-14.4.0.1-patches.patch + # netdev/net-next main + patches.suse/udp-Avoid-call-to-compute_score-on-multiple-sites.patch + ######################################################## # end of sorted patches ######################################################## @@ -20159,6 +20163,8 @@ # s390x patches.suse/s390-Once-the-discipline-is-associated-with-the-device-de.patch + patches.suse/0001-s390-qdio-handle-deferred-cc1.patch + patches.suse/0001-s390-cio-fix-race-condition-during-online-processing.patch # ppc64 patches.suse/powerpc-tm-Flip-the-HTM-switch-default-to-disabled.patch