diff --git a/patches.kabi/futex-Fix-inode-life-time-issue.patch b/patches.kabi/futex-Fix-inode-life-time-issue.patch index 8bc3031..fff6bbf 100644 --- a/patches.kabi/futex-Fix-inode-life-time-issue.patch +++ b/patches.kabi/futex-Fix-inode-life-time-issue.patch @@ -17,11 +17,10 @@ operation. Reviewed-by: Jan Kara Signed-off-by: Davidlohr Bueso - --- - include/linux/futex.h | 1 + - kernel/futex.c | 85 ++++++++++++++++++------------------------- - 2 files changed, 37 insertions(+), 49 deletions(-) + include/linux/futex.h | 1 + + kernel/futex.c | 110 +++++++++++++++++------------------------- + 2 files changed, 44 insertions(+), 67 deletions(-) diff --git a/include/linux/futex.h b/include/linux/futex.h index 7c5b694864cd..eb24704a04c5 100644 @@ -36,7 +35,7 @@ index 7c5b694864cd..eb24704a04c5 100644 struct { unsigned long address; diff --git a/kernel/futex.c b/kernel/futex.c -index 42b914d97ba3..d74fa3a96243 100644 +index 42b914d97ba3..a8bf2077854d 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -349,6 +349,13 @@ static inline void futex_get_mm(union futex_key *key) @@ -62,7 +61,19 @@ index 42b914d97ba3..d74fa3a96243 100644 break; case FUT_OFF_MMSHARED: futex_get_mm(key); /* implies smp_mb(); (B) */ -@@ -470,7 +477,7 @@ static void drop_futex_key_refs(union futex_key *key) +@@ -453,9 +460,8 @@ static void get_futex_key_refs(union futex_key *key) + + /* + * Drop a reference to the resource addressed by a key. +- * The hash bucket spinlock must not be held. This is +- * a no-op for private futexes, see comment in the get +- * counterpart. ++ * This is a no-op for private futexes, see comment in ++ * the get counterpart. + */ + static void drop_futex_key_refs(union futex_key *key) + { +@@ -470,10 +476,10 @@ static void drop_futex_key_refs(union futex_key *key) switch (key->both.offset & (FUT_OFF_INODE|FUT_OFF_MMSHARED)) { case FUT_OFF_INODE: @@ -70,15 +81,17 @@ index 42b914d97ba3..d74fa3a96243 100644 + fput(key->shared.filp); break; case FUT_OFF_MMSHARED: - mmdrop(key->private.mm); -@@ -635,68 +642,48 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) +- mmdrop(key->private.mm); ++ mmdrop_async(key->private.mm); + break; + } + } +@@ -635,68 +641,48 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) get_futex_key_refs(key); /* implies smp_mb(); (B) */ } else { - struct inode *inode; -+ struct mm_struct *mm = current->mm; -+ struct vm_area_struct *vma; - +- - /* - * The associated futex object in this case is the inode and - * the page->mapping must be traversed. Ordinarily this should @@ -91,12 +104,14 @@ index 42b914d97ba3..d74fa3a96243 100644 - * mapping->host can be safely accessed as being a valid inode. - */ - rcu_read_lock(); -+ put_page(page); /* undo previous gup_fast() */ ++ struct mm_struct *mm = current->mm; ++ struct vm_area_struct *vma; - if (READ_ONCE(page->mapping) != mapping) { - rcu_read_unlock(); - put_page(page); -- ++ put_page(page); /* undo previous gup_fast() */ + - goto again; - } + down_read(&mm->mmap_sem); @@ -167,6 +182,73 @@ index 42b914d97ba3..d74fa3a96243 100644 } out: +@@ -1800,6 +1786,8 @@ void requeue_futex(struct futex_q *q, struct futex_hash_bucket *hb1, + plist_add(&q->list, &hb2->chain); + q->lock_ptr = &hb2->lock; + } ++ ++ drop_futex_key_refs(&q->key); + get_futex_key_refs(key2); + q->key = *key2; + } +@@ -1822,6 +1810,7 @@ static inline + void requeue_pi_wake_futex(struct futex_q *q, union futex_key *key, + struct futex_hash_bucket *hb) + { ++ drop_futex_key_refs(&q->key); + get_futex_key_refs(key); + q->key = *key; + +@@ -1927,7 +1916,7 @@ static int futex_requeue(u32 __user *uaddr1, unsigned int flags, + u32 *cmpval, int requeue_pi) + { + union futex_key key1 = FUTEX_KEY_INIT, key2 = FUTEX_KEY_INIT; +- int drop_count = 0, task_count = 0, ret; ++ int task_count = 0, ret; + struct futex_pi_state *pi_state = NULL; + struct futex_hash_bucket *hb1, *hb2; + struct futex_q *this, *next; +@@ -2036,7 +2025,6 @@ static int futex_requeue(u32 __user *uaddr1, unsigned int flags, + */ + if (ret > 0) { + WARN_ON(pi_state); +- drop_count++; + task_count++; + /* + * If we acquired the lock, then the user space value +@@ -2148,7 +2136,6 @@ static int futex_requeue(u32 __user *uaddr1, unsigned int flags, + * doing so. + */ + requeue_pi_wake_futex(this, &key2, hb2); +- drop_count++; + continue; + } else if (ret) { + /* +@@ -2169,7 +2156,6 @@ static int futex_requeue(u32 __user *uaddr1, unsigned int flags, + } + } + requeue_futex(this, hb1, hb2, &key2); +- drop_count++; + } + + /* +@@ -2183,16 +2169,6 @@ static int futex_requeue(u32 __user *uaddr1, unsigned int flags, + double_unlock_hb(hb1, hb2); + wake_up_q(&wake_q); + hb_waiters_dec(hb2); +- +- /* +- * drop_futex_key_refs() must be called outside the spinlocks. During +- * the requeue we moved futex_q's from the hash bucket at key1 to the +- * one at key2 and updated their key pointer. We no longer need to +- * hold the references to key1. +- */ +- while (--drop_count >= 0) +- drop_futex_key_refs(&key1); +- + out_put_keys: + put_futex_key(&key2); + out_put_key1: -- 2.26.2 diff --git a/patches.suse/0001-XEN-uses-irqdesc-irq_data_common-handler_data-to-sto.patch b/patches.suse/0001-XEN-uses-irqdesc-irq_data_common-handler_data-to-sto.patch new file mode 100644 index 0000000..c106eae --- /dev/null +++ b/patches.suse/0001-XEN-uses-irqdesc-irq_data_common-handler_data-to-sto.patch @@ -0,0 +1,109 @@ +Patch-mainline: v5.9-rc3 +Git-commit: c330fb1ddc0a922f044989492b7fcca77ee1db46 +References: bsc#1065600 +From: Thomas Gleixner +Date: Tue, 25 Aug 2020 17:22:58 +0200 +Subject: [PATCH] XEN uses irqdesc::irq_data_common::handler_data to store a + per interrupt XEN data pointer which contains XEN specific information. + +handler data is meant for interrupt handlers and not for storing irq chip +specific information as some devices require handler data to store internal +per interrupt information, e.g. pinctrl/GPIO chained interrupt handlers. + +This obviously creates a conflict of interests and crashes the machine +because the XEN pointer is overwritten by the driver pointer. + +As the XEN data is not handler specific it should be stored in +irqdesc::irq_data::chip_data instead. + +A simple sed s/irq_[sg]et_handler_data/irq_[sg]et_chip_data/ cures that. + +Cc: stable@vger.kernel.org +Reported-by: Roman Shaposhnik +Signed-off-by: Thomas Gleixner +Tested-by: Roman Shaposhnik +Reviewed-by: Juergen Gross +Link: https://lore.kernel.org/r/87lfi2yckt.fsf@nanos.tec.linutronix.de +Signed-off-by: Juergen Gross +--- + drivers/xen/events/events_base.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c +index 140c7bf33a98..90b8f56fbadb 100644 +--- a/drivers/xen/events/events_base.c ++++ b/drivers/xen/events/events_base.c +@@ -156,7 +156,7 @@ int get_evtchn_to_irq(evtchn_port_t evtchn) + /* Get info for IRQ */ + struct irq_info *info_for_irq(unsigned irq) + { +- return irq_get_handler_data(irq); ++ return irq_get_chip_data(irq); + } + + /* Constructors for packed IRQ information. */ +@@ -377,7 +377,7 @@ static void xen_irq_init(unsigned irq) + info->type = IRQT_UNBOUND; + info->refcnt = -1; + +- irq_set_handler_data(irq, info); ++ irq_set_chip_data(irq, info); + + list_add_tail(&info->list, &xen_irq_list_head); + } +@@ -426,14 +426,14 @@ static int __must_check xen_allocate_irq_gsi(unsigned gsi) + + static void xen_free_irq(unsigned irq) + { +- struct irq_info *info = irq_get_handler_data(irq); ++ struct irq_info *info = irq_get_chip_data(irq); + + if (WARN_ON(!info)) + return; + + list_del(&info->list); + +- irq_set_handler_data(irq, NULL); ++ irq_set_chip_data(irq, NULL); + + WARN_ON(info->refcnt > 0); + +@@ -603,7 +603,7 @@ EXPORT_SYMBOL_GPL(xen_irq_from_gsi); + static void __unbind_from_irq(unsigned int irq) + { + int evtchn = evtchn_from_irq(irq); +- struct irq_info *info = irq_get_handler_data(irq); ++ struct irq_info *info = irq_get_chip_data(irq); + + if (info->refcnt > 0) { + info->refcnt--; +@@ -1108,7 +1108,7 @@ int bind_ipi_to_irqhandler(enum ipi_vector ipi, + + void unbind_from_irqhandler(unsigned int irq, void *dev_id) + { +- struct irq_info *info = irq_get_handler_data(irq); ++ struct irq_info *info = irq_get_chip_data(irq); + + if (WARN_ON(!info)) + return; +@@ -1142,7 +1142,7 @@ int evtchn_make_refcounted(evtchn_port_t evtchn) + if (irq == -1) + return -ENOENT; + +- info = irq_get_handler_data(irq); ++ info = irq_get_chip_data(irq); + + if (!info) + return -ENOENT; +@@ -1170,7 +1170,7 @@ int evtchn_get(evtchn_port_t evtchn) + if (irq == -1) + goto done; + +- info = irq_get_handler_data(irq); ++ info = irq_get_chip_data(irq); + + if (!info) + goto done; +-- +2.26.2 + diff --git a/patches.suse/0001-xen-events-don-t-use-chip_data-for-legacy-IRQs.patch b/patches.suse/0001-xen-events-don-t-use-chip_data-for-legacy-IRQs.patch new file mode 100644 index 0000000..b69f732 --- /dev/null +++ b/patches.suse/0001-xen-events-don-t-use-chip_data-for-legacy-IRQs.patch @@ -0,0 +1,124 @@ +Patch-mainline: v5.9-rc8 +Git-commit: 0891fb39ba67bd7ae023ea0d367297ffff010781 +References: bsc#1065600 +From: Juergen Gross +Date: Mon, 5 Oct 2020 07:39:34 +0200 +Subject: [PATCH] xen/events: don't use chip_data for legacy IRQs + +Since commit c330fb1ddc0a ("XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information.") +Xen is using the chip_data pointer for storing IRQ specific data. When +running as a HVM domain this can result in problems for legacy IRQs, as +those might use chip_data for their own purposes. + +Use a local array for this purpose in case of legacy IRQs, avoiding the +double use. + +Fixes: c330fb1ddc0a ("XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information.") +Signed-off-by: Juergen Gross +Tested-by: Stefan Bader +Reviewed-by: Boris Ostrovsky +Link: https://lore.kernel.org/r/20200930091614.13660-1-jgross@suse.com +--- +This is a backport for stable kernel 5.4.y and older +--- + drivers/xen/events/events_base.c | 29 +++++++++++++++++++++-------- + 1 file changed, 21 insertions(+), 8 deletions(-) + +diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c +index 55f2b834cf13..e402620b8920 100644 +--- a/drivers/xen/events/events_base.c ++++ b/drivers/xen/events/events_base.c +@@ -91,6 +91,8 @@ static bool (*pirq_needs_eoi)(unsigned irq); + /* Xen will never allocate port zero for any purpose. */ + #define VALID_EVTCHN(chn) ((chn) != 0) + ++static struct irq_info *legacy_info_ptrs[NR_IRQS_LEGACY]; ++ + static struct irq_chip xen_dynamic_chip; + static struct irq_chip xen_percpu_chip; + static struct irq_chip xen_pirq_chip; +@@ -155,7 +157,18 @@ int get_evtchn_to_irq(unsigned evtchn) + /* Get info for IRQ */ + struct irq_info *info_for_irq(unsigned irq) + { +- return irq_get_chip_data(irq); ++ if (irq < nr_legacy_irqs()) ++ return legacy_info_ptrs[irq]; ++ else ++ return irq_get_chip_data(irq); ++} ++ ++static void set_info_for_irq(unsigned int irq, struct irq_info *info) ++{ ++ if (irq < nr_legacy_irqs()) ++ legacy_info_ptrs[irq] = info; ++ else ++ irq_set_chip_data(irq, info); + } + + /* Constructors for packed IRQ information. */ +@@ -376,7 +389,7 @@ static void xen_irq_init(unsigned irq) + info->type = IRQT_UNBOUND; + info->refcnt = -1; + +- irq_set_chip_data(irq, info); ++ set_info_for_irq(irq, info); + + list_add_tail(&info->list, &xen_irq_list_head); + } +@@ -425,14 +438,14 @@ static int __must_check xen_allocate_irq_gsi(unsigned gsi) + + static void xen_free_irq(unsigned irq) + { +- struct irq_info *info = irq_get_chip_data(irq); ++ struct irq_info *info = info_for_irq(irq); + + if (WARN_ON(!info)) + return; + + list_del(&info->list); + +- irq_set_chip_data(irq, NULL); ++ set_info_for_irq(irq, NULL); + + WARN_ON(info->refcnt > 0); + +@@ -602,7 +615,7 @@ EXPORT_SYMBOL_GPL(xen_irq_from_gsi); + static void __unbind_from_irq(unsigned int irq) + { + int evtchn = evtchn_from_irq(irq); +- struct irq_info *info = irq_get_chip_data(irq); ++ struct irq_info *info = info_for_irq(irq); + + if (info->refcnt > 0) { + info->refcnt--; +@@ -1106,7 +1119,7 @@ int bind_ipi_to_irqhandler(enum ipi_vector ipi, + + void unbind_from_irqhandler(unsigned int irq, void *dev_id) + { +- struct irq_info *info = irq_get_chip_data(irq); ++ struct irq_info *info = info_for_irq(irq); + + if (WARN_ON(!info)) + return; +@@ -1140,7 +1153,7 @@ int evtchn_make_refcounted(unsigned int evtchn) + if (irq == -1) + return -ENOENT; + +- info = irq_get_chip_data(irq); ++ info = info_for_irq(irq); + + if (!info) + return -ENOENT; +@@ -1168,7 +1181,7 @@ int evtchn_get(unsigned int evtchn) + if (irq == -1) + goto done; + +- info = irq_get_chip_data(irq); ++ info = info_for_irq(irq); + + if (!info) + goto done; +-- +2.26.2 + diff --git a/patches.suse/NFSv4-don-t-mark-all-open-state-for-recovery-when-ha.patch b/patches.suse/NFSv4-don-t-mark-all-open-state-for-recovery-when-ha.patch new file mode 100644 index 0000000..f6d7928 --- /dev/null +++ b/patches.suse/NFSv4-don-t-mark-all-open-state-for-recovery-when-ha.patch @@ -0,0 +1,67 @@ +From: Scott Mayhew +Date: Mon, 6 May 2019 11:59:05 -0400 +Subject: [PATCH] NFSv4: don't mark all open state for recovery when handling + recallable state revoked flag +Git-commit: 8ca017c8cee3aa6a37ddf1db7fd04c54536a0ef0 +Patch-mainline: v5.2 +References: bsc#1176935 + +Only delegations and layouts can be recalled, so it shouldn't be +necessary to recover all opens when handling the status bit +SEQ4_STATUS_RECALLABLE_STATE_REVOKED. We'll still wind up calling +nfs41_open_expired() when a TEST_STATEID returns NFS4ERR_DELEG_REVOKED. + +Signed-off-by: Scott Mayhew +Reviewed-by: Trond Myklebust +Signed-off-by: Anna Schumaker +Acked-by: NeilBrown + +--- + fs/nfs/delegation.c | 12 ++++++++++++ + fs/nfs/delegation.h | 1 + + fs/nfs/nfs4state.c | 3 +-- + 3 files changed, 14 insertions(+), 2 deletions(-) + +--- a/fs/nfs/delegation.c ++++ b/fs/nfs/delegation.c +@@ -1018,6 +1018,18 @@ nfs_delegation_test_free_expired(struct + } + + /** ++ * nfs_test_expired_all_delegations - test all delegations for a client ++ * @clp: nfs_client to process ++ * ++ * Helper for handling "recallable state revoked" status from server. ++ */ ++void nfs_test_expired_all_delegations(struct nfs_client *clp) ++{ ++ nfs_mark_test_expired_all_delegations(clp); ++ nfs4_schedule_state_manager(clp); ++} ++ ++/** + * nfs_reap_expired_delegations - reap expired delegations + * @clp: nfs_client to process + * +--- a/fs/nfs/delegation.h ++++ b/fs/nfs/delegation.h +@@ -55,6 +55,7 @@ void nfs_delegation_mark_reclaim(struct + void nfs_delegation_reap_unclaimed(struct nfs_client *clp); + + void nfs_mark_test_expired_all_delegations(struct nfs_client *clp); ++void nfs_test_expired_all_delegations(struct nfs_client *clp); + void nfs_reap_expired_delegations(struct nfs_client *clp); + + /* NFSv4 delegation-related procedures */ +--- a/fs/nfs/nfs4state.c ++++ b/fs/nfs/nfs4state.c +@@ -2301,8 +2301,7 @@ static void nfs41_handle_recallable_stat + { + /* FIXME: For now, we destroy all layouts. */ + pnfs_destroy_all_layouts(clp); +- /* FIXME: For now, we test all delegations+open state+locks. */ +- nfs41_handle_some_state_revoked(clp); ++ nfs_test_expired_all_delegations(clp); + dprintk("%s: Recallable state revoked on server %s!\n", __func__, + clp->cl_hostname); + } diff --git a/patches.suse/NFSv4.1-Only-reap-expired-delegations.patch b/patches.suse/NFSv4.1-Only-reap-expired-delegations.patch index fab73c2..92225e5 100644 --- a/patches.suse/NFSv4.1-Only-reap-expired-delegations.patch +++ b/patches.suse/NFSv4.1-Only-reap-expired-delegations.patch @@ -18,8 +18,8 @@ Acked-by: NeilBrown --- a/fs/nfs/delegation.c +++ b/fs/nfs/delegation.c -@@ -991,6 +991,22 @@ void nfs_mark_test_expired_all_delegatio - rcu_read_unlock(); +@@ -1003,6 +1003,22 @@ void nfs_test_expired_all_delegations(st + nfs4_schedule_state_manager(clp); } +static void @@ -41,7 +41,7 @@ Acked-by: NeilBrown /** * nfs_reap_expired_delegations - reap expired delegations * @clp: nfs_client to process -@@ -1002,7 +1018,6 @@ void nfs_mark_test_expired_all_delegatio +@@ -1014,7 +1030,6 @@ void nfs_test_expired_all_delegations(st */ void nfs_reap_expired_delegations(struct nfs_client *clp) { @@ -49,7 +49,7 @@ Acked-by: NeilBrown struct nfs_delegation *delegation; struct nfs_server *server; struct inode *inode; -@@ -1033,11 +1048,7 @@ restart: +@@ -1045,11 +1060,7 @@ restart: nfs4_stateid_copy(&stateid, &delegation->stateid); clear_bit(NFS_DELEGATION_TEST_EXPIRED, &delegation->flags); rcu_read_unlock(); diff --git a/patches.suse/USB-gadget-f_ncm-Fix-NDP16-datagram-validation.patch b/patches.suse/USB-gadget-f_ncm-Fix-NDP16-datagram-validation.patch new file mode 100644 index 0000000..8958ab0 --- /dev/null +++ b/patches.suse/USB-gadget-f_ncm-Fix-NDP16-datagram-validation.patch @@ -0,0 +1,129 @@ +From 2b405533c2560d7878199c57d95a39151351df72 Mon Sep 17 00:00:00 2001 +From: Bryan O'Donoghue +Date: Sun, 20 Sep 2020 18:01:58 +0100 +Subject: [PATCH] USB: gadget: f_ncm: Fix NDP16 datagram validation +Git-commit: 2b405533c2560d7878199c57d95a39151351df72 +Patch-mainline: v5.9-rc8 +References: git-fixes + +commit 2b74b0a04d3e ("USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb()") +adds important bounds checking however it unfortunately also introduces a +bug with respect to section 3.3.1 of the NCM specification. + +wDatagramIndex[1] : "Byte index, in little endian, of the second datagram +described by this NDP16. If zero, then this marks the end of the sequence +of datagrams in this NDP16." + +Wdatagramlength[1]: "Byte length, in little endian, of the second datagram +described by this NDP16. If zero, then this marks the end of the sequence +of datagrams in this NDP16." + +wDatagramIndex[1] and wDatagramLength[1] respectively then may be zero but +that does not mean we should throw away the data referenced by +wDatagramIndex[0] and wDatagramLength[0] as is currently the case. + +Breaking the loop on (index2 == 0 || dg_len2 == 0) should come at the end +as was previously the case and checks for index2 and dg_len2 should be +removed since zero is valid. + +I'm not sure how much testing the above patch received but for me right now +after enumeration ping doesn't work. Reverting the commit restores ping, +scp, etc. + +The extra validation associated with wDatagramIndex[0] and +wDatagramLength[0] appears to be valid so, this change removes the incorrect +restriction on wDatagramIndex[1] and wDatagramLength[1] restoring data +processing between host and device. + +Fixes: 2b74b0a04d3e ("USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb()") +Cc: Ilja Van Sprundel +Cc: Brooke Basile +Cc: stable +Signed-off-by: Bryan O'Donoghue +Link: https://lore.kernel.org/r/20200920170158.1217068-1-bryan.odonoghue@linaro.org +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/gadget/function/f_ncm.c | 30 ++---------------------------- + 1 file changed, 2 insertions(+), 28 deletions(-) + +diff --git a/drivers/usb/gadget/function/f_ncm.c b/drivers/usb/gadget/function/f_ncm.c +index b4206b0dede5..1f638759a953 100644 +--- a/drivers/usb/gadget/function/f_ncm.c ++++ b/drivers/usb/gadget/function/f_ncm.c +@@ -1189,7 +1189,6 @@ static int ncm_unwrap_ntb(struct gether *port, + const struct ndp_parser_opts *opts = ncm->parser_opts; + unsigned crc_len = ncm->is_crc ? sizeof(uint32_t) : 0; + int dgram_counter; +- bool ndp_after_header; + + /* dwSignature */ + if (get_unaligned_le32(tmp) != opts->nth_sign) { +@@ -1216,7 +1215,6 @@ static int ncm_unwrap_ntb(struct gether *port, + } + + ndp_index = get_ncm(&tmp, opts->ndp_index); +- ndp_after_header = false; + + /* Run through all the NDP's in the NTB */ + do { +@@ -1232,8 +1230,6 @@ static int ncm_unwrap_ntb(struct gether *port, + ndp_index); + goto err; + } +- if (ndp_index == opts->nth_size) +- ndp_after_header = true; + + /* + * walk through NDP +@@ -1312,37 +1308,13 @@ static int ncm_unwrap_ntb(struct gether *port, + index2 = get_ncm(&tmp, opts->dgram_item_len); + dg_len2 = get_ncm(&tmp, opts->dgram_item_len); + +- if (index2 == 0 || dg_len2 == 0) +- break; +- + /* wDatagramIndex[1] */ +- if (ndp_after_header) { +- if (index2 < opts->nth_size + opts->ndp_size) { +- INFO(port->func.config->cdev, +- "Bad index: %#X\n", index2); +- goto err; +- } +- } else { +- if (index2 < opts->nth_size + opts->dpe_size) { +- INFO(port->func.config->cdev, +- "Bad index: %#X\n", index2); +- goto err; +- } +- } + if (index2 > block_len - opts->dpe_size) { + INFO(port->func.config->cdev, + "Bad index: %#X\n", index2); + goto err; + } + +- /* wDatagramLength[1] */ +- if ((dg_len2 < 14 + crc_len) || +- (dg_len2 > frame_max)) { +- INFO(port->func.config->cdev, +- "Bad dgram length: %#X\n", dg_len); +- goto err; +- } +- + /* + * Copy the data into a new skb. + * This ensures the truesize is correct +@@ -1359,6 +1331,8 @@ static int ncm_unwrap_ntb(struct gether *port, + ndp_len -= 2 * (opts->dgram_item_len * 2); + + dgram_counter++; ++ if (index2 == 0 || dg_len2 == 0) ++ break; + } while (ndp_len > 2 * (opts->dgram_item_len * 2)); + } while (ndp_index); + +-- +2.16.4 + diff --git a/patches.suse/ftrace-move-rcu-is-watching-check-after-recursion-check.patch b/patches.suse/ftrace-move-rcu-is-watching-check-after-recursion-check.patch new file mode 100644 index 0000000..300aa99 --- /dev/null +++ b/patches.suse/ftrace-move-rcu-is-watching-check-after-recursion-check.patch @@ -0,0 +1,57 @@ +From: "Steven Rostedt (VMware)" +Date: Tue, 29 Sep 2020 12:40:31 -0400 +Subject: ftrace: Move RCU is watching check after recursion check +Git-commit: b40341fad6cc2daa195f8090fd3348f18fff640a +Patch-mainline: v5.9-rc8 +References: git-fixes + +The first thing that the ftrace function callback helper functions should do +is to check for recursion. Peter Zijlstra found that when +"rcu_is_watching()" had its notrace removed, it caused perf function tracing +to crash. This is because the call of rcu_is_watching() is tested before +function recursion is checked and and if it is traced, it will cause an +infinite recursion loop. + +rcu_is_watching() should still stay notrace, but to prevent this should +never had crashed in the first place. The recursion prevention must be the +first thing done in callback functions. + +Link: https://lore.kernel.org/r/20200929112541.GM2628@hirez.programming.kicks-ass.net + +Cc: stable@vger.kernel.org +Cc: Paul McKenney +Fixes: c68c0fa293417 ("ftrace: Have ftrace_ops_get_func() handle RCU and PER_CPU flags too") +Acked-by: Peter Zijlstra (Intel) +Reported-by: Peter Zijlstra (Intel) +Signed-off-by: Steven Rostedt (VMware) +Acked-by: Miroslav Benes +--- + kernel/trace/ftrace.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +--- a/kernel/trace/ftrace.c ++++ b/kernel/trace/ftrace.c +@@ -5758,18 +5758,17 @@ static void ftrace_ops_assist_func(unsig + { + int bit; + +- if ((op->flags & FTRACE_OPS_FL_RCU) && !rcu_is_watching()) +- return; +- + bit = trace_test_and_set_recursion(TRACE_LIST_START, TRACE_LIST_MAX); + if (bit < 0) + return; + + preempt_disable_notrace(); + +- if (!(op->flags & FTRACE_OPS_FL_PER_CPU) || +- !ftrace_function_local_disabled(op)) { +- op->func(ip, parent_ip, op, regs); ++ if (!(op->flags & FTRACE_OPS_FL_RCU) || rcu_is_watching()) { ++ if (!(op->flags & FTRACE_OPS_FL_PER_CPU) || ++ !ftrace_function_local_disabled(op)) { ++ op->func(ip, parent_ip, op, regs); ++ } + } + + preempt_enable_notrace(); diff --git a/patches.suse/i2c-cpm-Fix-i2c_ram-structure.patch b/patches.suse/i2c-cpm-Fix-i2c_ram-structure.patch new file mode 100644 index 0000000..16284df --- /dev/null +++ b/patches.suse/i2c-cpm-Fix-i2c_ram-structure.patch @@ -0,0 +1,45 @@ +From a2bd970aa62f2f7f80fd0d212b1d4ccea5df4aed Mon Sep 17 00:00:00 2001 +From: Nicolas VINCENT +Date: Wed, 23 Sep 2020 16:08:40 +0200 +Subject: [PATCH] i2c: cpm: Fix i2c_ram structure +Git-commit: a2bd970aa62f2f7f80fd0d212b1d4ccea5df4aed +Patch-mainline: v5.9-rc8 +References: git-fixes + +the i2c_ram structure is missing the sdmatmp field mentionned in +datasheet for MPC8272 at paragraph 36.5. With this field missing, the +hardware would write past the allocated memory done through +cpm_muram_alloc for the i2c_ram structure and land in memory allocated +for the buffers descriptors corrupting the cbd_bufaddr field. Since this +field is only set during setup(), the first i2c transaction would work +and the following would send data read from an arbitrary memory +location. + +Fixes: 61045dbe9d8d ("i2c: Add support for I2C bus on Freescale CPM1/CPM2 controllers") +Signed-off-by: Nicolas VINCENT +Acked-by: Jochen Friedrich +Acked-by: Christophe Leroy +Signed-off-by: Wolfram Sang +Acked-by: Takashi Iwai + +--- + drivers/i2c/busses/i2c-cpm.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/i2c/busses/i2c-cpm.c b/drivers/i2c/busses/i2c-cpm.c +index 1213e1932ccb..24d584a1c9a7 100644 +--- a/drivers/i2c/busses/i2c-cpm.c ++++ b/drivers/i2c/busses/i2c-cpm.c +@@ -65,6 +65,9 @@ struct i2c_ram { + char res1[4]; /* Reserved */ + ushort rpbase; /* Relocation pointer */ + char res2[2]; /* Reserved */ ++ /* The following elements are only for CPM2 */ ++ char res3[4]; /* Reserved */ ++ uint sdmatmp; /* Internal */ + }; + + #define I2COM_START 0x80 +-- +2.16.4 + diff --git a/patches.suse/iommu-amd-fix-iommu-avic-not-properly-update-the-is_run-bit-in-irte b/patches.suse/iommu-amd-fix-iommu-avic-not-properly-update-the-is_run-bit-in-irte new file mode 100644 index 0000000..edc9a74 --- /dev/null +++ b/patches.suse/iommu-amd-fix-iommu-avic-not-properly-update-the-is_run-bit-in-irte @@ -0,0 +1,49 @@ +From: Suravee Suthikulpanit +Date: Thu, 12 Mar 2020 05:18:39 -0500 +Subject: iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE +Git-commit: 730ad0ede130015a773229573559e97ba0943065 +Patch-mainline: v5.6-rc6 +References: bsc#1177293 + +Commit b9c6ff94e43a ("iommu/amd: Re-factor guest virtual APIC +(de-)activation code") accidentally left out the ir_data pointer when +calling modity_irte_ga(), which causes the function amd_iommu_update_ga() +to return prematurely due to struct amd_ir_data.ref is NULL and +the "is_run" bit of IRTE does not get updated properly. + +This results in bad I/O performance since IOMMU AVIC always generate GA Log +entry and notify IOMMU driver and KVM when it receives interrupt from the +PCI pass-through device instead of directly inject interrupt to the vCPU. + +Fixes by passing ir_data when calling modify_irte_ga() as done previously. + +Fixes: b9c6ff94e43a ("iommu/amd: Re-factor guest virtual APIC (de-)activation code") +Signed-off-by: Suravee Suthikulpanit +Signed-off-by: Joerg Roedel +--- + drivers/iommu/amd_iommu.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c +index aac132bd1ef0..20cce366e951 100644 +--- a/drivers/iommu/amd_iommu.c ++++ b/drivers/iommu/amd_iommu.c +@@ -3826,7 +3826,7 @@ int amd_iommu_activate_guest_mode(void *data) + entry->lo.fields_vapic.ga_tag = ir_data->ga_tag; + + return modify_irte_ga(ir_data->irq_2_irte.devid, +- ir_data->irq_2_irte.index, entry, NULL); ++ ir_data->irq_2_irte.index, entry, ir_data); + } + EXPORT_SYMBOL(amd_iommu_activate_guest_mode); + +@@ -3852,7 +3852,7 @@ int amd_iommu_deactivate_guest_mode(void *data) + APICID_TO_IRTE_DEST_HI(cfg->dest_apicid); + + return modify_irte_ga(ir_data->irq_2_irte.devid, +- ir_data->irq_2_irte.index, entry, NULL); ++ ir_data->irq_2_irte.index, entry, ir_data); + } + EXPORT_SYMBOL(amd_iommu_deactivate_guest_mode); + + diff --git a/patches.suse/iommu-amd-fix-potential-entry-null-deref b/patches.suse/iommu-amd-fix-potential-entry-null-deref new file mode 100644 index 0000000..092468e --- /dev/null +++ b/patches.suse/iommu-amd-fix-potential-entry-null-deref @@ -0,0 +1,48 @@ +From: Joao Martins +Date: Thu, 10 Sep 2020 18:16:21 +0100 +Subject: iommu/amd: Fix potential @entry null deref +Git-commit: 14c4acc5ed22c21f9821103be7c48efdf9763584 +Patch-mainline: v5.9-rc6 +References: bsc#1177294 + +After commit 26e495f34107 ("iommu/amd: Restore IRTE.RemapEn bit after +programming IRTE"), smatch warns: + + drivers/iommu/amd/iommu.c:3870 amd_iommu_deactivate_guest_mode() + warn: variable dereferenced before check 'entry' (see line 3867) + +Fix this by moving the @valid assignment to after @entry has been checked +for NULL. + +Fixes: 26e495f34107 ("iommu/amd: Restore IRTE.RemapEn bit after programming IRTE") +Reported-by: Dan Carpenter +Signed-off-by: Joao Martins +Reviewed-by: Suravee Suthikulpanit +Cc: Suravee Suthikulpanit +Link: https://lore.kernel.org/r/20200910171621.12879-1-joao.m.martins@oracle.com +Signed-off-by: Joerg Roedel +--- + drivers/iommu/amd/iommu.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c +index 07ae8b93887e..8abe1c7ad45b 100644 +--- a/drivers/iommu/amd_iommu.c ++++ b/drivers/iommu/amd_iommu.c +@@ -3864,12 +3864,14 @@ int amd_iommu_deactivate_guest_mode(void *data) + struct amd_ir_data *ir_data = (struct amd_ir_data *)data; + struct irte_ga *entry = (struct irte_ga *) ir_data->entry; + struct irq_cfg *cfg = ir_data->cfg; +- u64 valid = entry->lo.fields_remap.valid; ++ u64 valid; + + if (!AMD_IOMMU_GUEST_IR_VAPIC(amd_iommu_guest_ir) || + !entry || !entry->lo.fields_vapic.guest_mode) + return 0; + ++ valid = entry->lo.fields_remap.valid; ++ + entry->lo.val = 0; + entry->hi.val = 0; + + diff --git a/patches.suse/iommu-amd-re-factor-guest-virtual-apic-de-activation-code b/patches.suse/iommu-amd-re-factor-guest-virtual-apic-de-activation-code new file mode 100644 index 0000000..abd4786 --- /dev/null +++ b/patches.suse/iommu-amd-re-factor-guest-virtual-apic-de-activation-code @@ -0,0 +1,189 @@ +From: "Suthikulpanit, Suravee" +Date: Tue, 23 Jul 2019 19:00:37 +0000 +Subject: iommu/amd: Re-factor guest virtual APIC (de-)activation code +Git-commit: b9c6ff94e43a0ee053e0c1d983fba1ac4953b762 +Patch-mainline: v5.4-rc1 +References: bsc#1177291 + +Re-factore the logic for activate/deactivate guest virtual APIC mode (GAM) +into helper functions, and export them for other drivers (e.g. SVM). +to support run-time activate/deactivate of SVM AVIC. + +Cc: Joerg Roedel +Signed-off-by: Suravee Suthikulpanit +Signed-off-by: Joerg Roedel +--- + drivers/iommu/amd_iommu.c | 85 ++++++++++++++++++++++++++++------------ + drivers/iommu/amd_iommu_types.h | 9 ++++ + include/linux/amd-iommu.h | 12 +++++ + 3 files changed, 82 insertions(+), 24 deletions(-) + +--- a/drivers/iommu/amd_iommu.c ++++ b/drivers/iommu/amd_iommu.c +@@ -4479,13 +4479,62 @@ static const struct irq_domain_ops amd_i + .deactivate = irq_remapping_deactivate, + }; + ++int amd_iommu_activate_guest_mode(void *data) ++{ ++ struct amd_ir_data *ir_data = (struct amd_ir_data *)data; ++ struct irte_ga *entry = (struct irte_ga *) ir_data->entry; ++ ++ if (!AMD_IOMMU_GUEST_IR_VAPIC(amd_iommu_guest_ir) || ++ !entry || entry->lo.fields_vapic.guest_mode) ++ return 0; ++ ++ entry->lo.val = 0; ++ entry->hi.val = 0; ++ ++ entry->lo.fields_vapic.guest_mode = 1; ++ entry->lo.fields_vapic.ga_log_intr = 1; ++ entry->hi.fields.ga_root_ptr = ir_data->ga_root_ptr; ++ entry->hi.fields.vector = ir_data->ga_vector; ++ entry->lo.fields_vapic.ga_tag = ir_data->ga_tag; ++ ++ return modify_irte_ga(ir_data->irq_2_irte.devid, ++ ir_data->irq_2_irte.index, entry, NULL); ++} ++EXPORT_SYMBOL(amd_iommu_activate_guest_mode); ++ ++int amd_iommu_deactivate_guest_mode(void *data) ++{ ++ struct amd_ir_data *ir_data = (struct amd_ir_data *)data; ++ struct irte_ga *entry = (struct irte_ga *) ir_data->entry; ++ struct irq_cfg *cfg = ir_data->cfg; ++ ++ if (!AMD_IOMMU_GUEST_IR_VAPIC(amd_iommu_guest_ir) || ++ !entry || !entry->lo.fields_vapic.guest_mode) ++ return 0; ++ ++ entry->lo.val = 0; ++ entry->hi.val = 0; ++ ++ entry->lo.fields_remap.dm = apic->irq_dest_mode; ++ entry->lo.fields_remap.int_type = apic->irq_delivery_mode; ++ entry->hi.fields.vector = cfg->vector; ++ entry->lo.fields_remap.destination = ++ APICID_TO_IRTE_DEST_LO(cfg->dest_apicid); ++ entry->hi.fields.destination = ++ APICID_TO_IRTE_DEST_HI(cfg->dest_apicid); ++ ++ return modify_irte_ga(ir_data->irq_2_irte.devid, ++ ir_data->irq_2_irte.index, entry, NULL); ++} ++EXPORT_SYMBOL(amd_iommu_deactivate_guest_mode); ++ + static int amd_ir_set_vcpu_affinity(struct irq_data *data, void *vcpu_info) + { ++ int ret; + struct amd_iommu *iommu; + struct amd_iommu_pi_data *pi_data = vcpu_info; + struct vcpu_data *vcpu_pi_info = pi_data->vcpu_data; + struct amd_ir_data *ir_data = data->chip_data; +- struct irte_ga *irte = (struct irte_ga *) ir_data->entry; + struct irq_2_irte *irte_info = &ir_data->irq_2_irte; + struct iommu_dev_data *dev_data = search_dev_data(irte_info->devid); + +@@ -4496,6 +4545,7 @@ static int amd_ir_set_vcpu_affinity(stru + if (!dev_data || !dev_data->use_vapic) + return 0; + ++ ir_data->cfg = irqd_cfg(data); + pi_data->ir_data = ir_data; + + /* Note: +@@ -4514,37 +4564,24 @@ static int amd_ir_set_vcpu_affinity(stru + + pi_data->prev_ga_tag = ir_data->cached_ga_tag; + if (pi_data->is_guest_mode) { +- /* Setting */ +- irte->hi.fields.ga_root_ptr = (pi_data->base >> 12); +- irte->hi.fields.vector = vcpu_pi_info->vector; +- irte->lo.fields_vapic.ga_log_intr = 1; +- irte->lo.fields_vapic.guest_mode = 1; +- irte->lo.fields_vapic.ga_tag = pi_data->ga_tag; +- +- ir_data->cached_ga_tag = pi_data->ga_tag; ++ ir_data->ga_root_ptr = (pi_data->base >> 12); ++ ir_data->ga_vector = vcpu_pi_info->vector; ++ ir_data->ga_tag = pi_data->ga_tag; ++ ret = amd_iommu_activate_guest_mode(ir_data); ++ if (!ret) ++ ir_data->cached_ga_tag = pi_data->ga_tag; + } else { +- /* Un-Setting */ +- struct irq_cfg *cfg = irqd_cfg(data); +- +- irte->hi.val = 0; +- irte->lo.val = 0; +- irte->hi.fields.vector = cfg->vector; +- irte->lo.fields_remap.guest_mode = 0; +- irte->lo.fields_remap.destination = +- APICID_TO_IRTE_DEST_LO(cfg->dest_apicid); +- irte->hi.fields.destination = +- APICID_TO_IRTE_DEST_HI(cfg->dest_apicid); +- irte->lo.fields_remap.int_type = apic->irq_delivery_mode; +- irte->lo.fields_remap.dm = apic->irq_dest_mode; ++ ret = amd_iommu_deactivate_guest_mode(ir_data); + + /* + * This communicates the ga_tag back to the caller + * so that it can do all the necessary clean up. + */ +- ir_data->cached_ga_tag = 0; ++ if (!ret) ++ ir_data->cached_ga_tag = 0; + } + +- return modify_irte_ga(irte_info->devid, irte_info->index, irte, ir_data); ++ return ret; + } + + static int amd_ir_set_affinity(struct irq_data *data, +--- a/drivers/iommu/amd_iommu_types.h ++++ b/drivers/iommu/amd_iommu_types.h +@@ -883,6 +883,15 @@ struct amd_ir_data { + struct msi_msg msi_entry; + void *entry; /* Pointer to union irte or struct irte_ga */ + void *ref; /* Pointer to the actual irte */ ++ ++ /** ++ * Store information for activate/de-activate ++ * Guest virtual APIC mode during runtime. ++ */ ++ struct irq_cfg *cfg; ++ int ga_vector; ++ int ga_root_ptr; ++ int ga_tag; + }; + + struct amd_irte_ops { +--- a/include/linux/amd-iommu.h ++++ b/include/linux/amd-iommu.h +@@ -196,6 +196,9 @@ extern int amd_iommu_register_ga_log_not + extern int + amd_iommu_update_ga(int cpu, bool is_run, void *data); + ++extern int amd_iommu_activate_guest_mode(void *data); ++extern int amd_iommu_deactivate_guest_mode(void *data); ++ + #else /* defined(CONFIG_AMD_IOMMU) && defined(CONFIG_IRQ_REMAP) */ + + static inline int +@@ -210,6 +213,15 @@ amd_iommu_update_ga(int cpu, bool is_run + return 0; + } + ++static inline int amd_iommu_activate_guest_mode(void *data) ++{ ++ return 0; ++} ++ ++static inline int amd_iommu_deactivate_guest_mode(void *data) ++{ ++ return 0; ++} + #endif /* defined(CONFIG_AMD_IOMMU) && defined(CONFIG_IRQ_REMAP) */ + + #endif /* _ASM_X86_AMD_IOMMU_H */ + diff --git a/patches.suse/iommu-amd-restore-irte-remapen-bit-after-programming-irte b/patches.suse/iommu-amd-restore-irte-remapen-bit-after-programming-irte index 1b3df1d..1876e5a 100644 --- a/patches.suse/iommu-amd-restore-irte-remapen-bit-after-programming-irte +++ b/patches.suse/iommu-amd-restore-irte-remapen-bit-after-programming-irte @@ -15,25 +15,27 @@ Reviewed-by: Joao Martins Link: https://lore.kernel.org/r/20200903093822.52012-2-suravee.suthikulpanit@amd.com Signed-off-by: Joerg Roedel --- - drivers/iommu/amd_iommu.c | 2 ++ + drivers/iommu/amd/iommu.c | 2 ++ 1 file changed, 2 insertions(+) +diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c +index ba9f3dbc5b94..967f4e96d1eb 100644 --- a/drivers/iommu/amd_iommu.c +++ b/drivers/iommu/amd_iommu.c -@@ -4646,6 +4646,7 @@ static int amd_ir_set_vcpu_affinity(stru - } else { - /* Un-Setting */ - struct irq_cfg *cfg = irqd_cfg(data); -+ u64 valid = irte->lo.fields_remap.valid; +@@ -3850,6 +3850,7 @@ int amd_iommu_deactivate_guest_mode(void *data) + struct amd_ir_data *ir_data = (struct amd_ir_data *)data; + struct irte_ga *entry = (struct irte_ga *) ir_data->entry; + struct irq_cfg *cfg = ir_data->cfg; ++ u64 valid = entry->lo.fields_remap.valid; - irte->hi.val = 0; - irte->lo.val = 0; -@@ -4657,6 +4658,7 @@ static int amd_ir_set_vcpu_affinity(stru - APICID_TO_IRTE_DEST_HI(cfg->dest_apicid); - irte->lo.fields_remap.int_type = apic->irq_delivery_mode; - irte->lo.fields_remap.dm = apic->irq_dest_mode; -+ irte->lo.fields_remap.valid = valid; + if (!AMD_IOMMU_GUEST_IR_VAPIC(amd_iommu_guest_ir) || + !entry || !entry->lo.fields_vapic.guest_mode) +@@ -3858,6 +3859,7 @@ int amd_iommu_deactivate_guest_mode(void *data) + entry->lo.val = 0; + entry->hi.val = 0; - /* - * This communicates the ga_tag back to the caller ++ entry->lo.fields_remap.valid = valid; + entry->lo.fields_remap.dm = apic->irq_dest_mode; + entry->lo.fields_remap.int_type = apic->irq_delivery_mode; + entry->hi.fields.vector = cfg->vector; diff --git a/patches.suse/iommu-amd-restore-irte-remapen-bit-for-amd_iommu_activate_guest_mode b/patches.suse/iommu-amd-restore-irte-remapen-bit-for-amd_iommu_activate_guest_mode new file mode 100644 index 0000000..38a561b --- /dev/null +++ b/patches.suse/iommu-amd-restore-irte-remapen-bit-for-amd_iommu_activate_guest_mode @@ -0,0 +1,57 @@ +From: Suravee Suthikulpanit +Date: Wed, 16 Sep 2020 11:17:20 +0000 +Subject: iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode +Git-commit: e97685abd5d711c885053d4949178f7ab9acbaef +Patch-mainline: v5.9-rc6 +References: bsc#1177295 + +Commit e52d58d54a32 ("iommu/amd: Use cmpxchg_double() when updating +128-bit IRTE") removed an assumption that modify_irte_ga always set +the valid bit, which requires the callers to set the appropriate value +for the struct irte_ga.valid bit before calling the function. + +Similar to the commit 26e495f34107 ("iommu/amd: Restore IRTE.RemapEn +bit after programming IRTE"), which is for the function +amd_iommu_deactivate_guest_mode(). + +The same change is also needed for the amd_iommu_activate_guest_mode(). +Otherwise, this could trigger IO_PAGE_FAULT for the VFIO based VMs with +AVIC enabled. + +Fixes: e52d58d54a321 ("iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE") +Reported-by: Maxim Levitsky +Signed-off-by: Suravee Suthikulpanit +Tested-by: Maxim Levitsky +Reviewed-by: Joao Martins +Reviewed-by: Maxim Levitsky +Cc: Joao Martins +Link: https://lore.kernel.org/r/20200916111720.43913-1-suravee.suthikulpanit@amd.com +Signed-off-by: Joerg Roedel +--- + drivers/iommu/amd/iommu.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c +index 8abe1c7ad45b..10e4200d3552 100644 +--- a/drivers/iommu/amd_iommu.c ++++ b/drivers/iommu/amd_iommu.c +@@ -3840,14 +3840,18 @@ int amd_iommu_activate_guest_mode(void *data) + { + struct amd_ir_data *ir_data = (struct amd_ir_data *)data; + struct irte_ga *entry = (struct irte_ga *) ir_data->entry; ++ u64 valid; + + if (!AMD_IOMMU_GUEST_IR_VAPIC(amd_iommu_guest_ir) || + !entry || entry->lo.fields_vapic.guest_mode) + return 0; + ++ valid = entry->lo.fields_vapic.valid; ++ + entry->lo.val = 0; + entry->hi.val = 0; + ++ entry->lo.fields_vapic.valid = valid; + entry->lo.fields_vapic.guest_mode = 1; + entry->lo.fields_vapic.ga_log_intr = 1; + entry->hi.fields.ga_root_ptr = ir_data->ga_root_ptr; + diff --git a/patches.suse/iommu-exynos-add-missing-put_device-call-in-exynos_iommu_of_xlate b/patches.suse/iommu-exynos-add-missing-put_device-call-in-exynos_iommu_of_xlate new file mode 100644 index 0000000..647f201 --- /dev/null +++ b/patches.suse/iommu-exynos-add-missing-put_device-call-in-exynos_iommu_of_xlate @@ -0,0 +1,45 @@ +From: Yu Kuai +Date: Fri, 18 Sep 2020 09:13:35 +0800 +Subject: iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() +Git-commit: 1a26044954a6d1f4d375d5e62392446af663be7a +Patch-mainline: v5.9-rc8 +References: bsc#1177296 + +if of_find_device_by_node() succeed, exynos_iommu_of_xlate() doesn't have +a corresponding put_device(). Thus add put_device() to fix the exception +handling for this function implementation. + +Fixes: aa759fd376fb ("iommu/exynos: Add callback for initializing devices from device tree") +Signed-off-by: Yu Kuai +Acked-by: Marek Szyprowski +Link: https://lore.kernel.org/r/20200918011335.909141-1-yukuai3@huawei.com +Signed-off-by: Joerg Roedel +--- + drivers/iommu/exynos-iommu.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/drivers/iommu/exynos-iommu.c b/drivers/iommu/exynos-iommu.c +index bad3c0ce10cb..de324b4eedfe 100644 +--- a/drivers/iommu/exynos-iommu.c ++++ b/drivers/iommu/exynos-iommu.c +@@ -1295,13 +1295,17 @@ static int exynos_iommu_of_xlate(struct device *dev, + return -ENODEV; + + data = platform_get_drvdata(sysmmu); +- if (!data) ++ if (!data) { ++ put_device(&sysmmu->dev); + return -ENODEV; ++ } + + if (!owner) { + owner = kzalloc(sizeof(*owner), GFP_KERNEL); +- if (!owner) ++ if (!owner) { ++ put_device(&sysmmu->dev); + return -ENOMEM; ++ } + + INIT_LIST_HEAD(&owner->controllers); + mutex_init(&owner->rpm_lock); + diff --git a/series.conf b/series.conf index e024f23..7f366be 100644 --- a/series.conf +++ b/series.conf @@ -49400,6 +49400,7 @@ patches.suse/NFS-make-nfs_match_client-killable.patch patches.suse/PNFS-fallback-to-MDS-if-no-deviceid-found.patch patches.suse/NFS4-Fix-v4.0-client-state-corruption-when-mount.patch + patches.suse/NFSv4-don-t-mark-all-open-state-for-recovery-when-ha.patch patches.suse/NFS-Fix-a-double-unlock-from-nfs_match-get_client.patch patches.suse/i2c-isch-remove-unnecessary-acpi-h-include.patch patches.suse/i2c-brcmstb-remove-unused-struct-member.patch @@ -51419,6 +51420,7 @@ patches.suse/regulator-lm363x-Fix-off-by-one-n_voltages-for-lm363.patch patches.suse/spi-spi-fsl-dspi-Exit-the-ISR-with-IRQ_NONE-when-it-.patch patches.suse/gpio-Move-gpiochip_lock-unlock_as_irq-to-gpio-driver.patch + patches.suse/iommu-amd-re-factor-guest-virtual-apic-de-activation-code patches.suse/iommu-amd-Override-wrong-IVRS-IOAPIC-on-Raven-Ridge-.patch patches.suse/0001-iommu-Remember-when-default-domain-type-was-set-on-k.patch patches.suse/0002-iommu-Add-helpers-to-set-get-default-domain-type.patch @@ -54174,6 +54176,7 @@ patches.suse/iommu-vt-d-quirk_ioat_snb_local_iommu-replace-warn_taint-with-pr_warn-add_taint patches.suse/iommu-vt-d-fix-the-wrong-printing-in-rhsa-parsing patches.suse/iommu-vt-d-ignore-devices-with-out-of-spec-domain-number + patches.suse/iommu-amd-fix-iommu-avic-not-properly-update-the-is_run-bit-in-irte patches.suse/efi-Fix-a-race-and-a-buffer-overflow-while-reading-e-286d3250.patch patches.suse/x86-mce-fix-logic-and-comments-around-msr_ppin_ctl.patch patches.suse/perf-amd-uncore-replace-manual-sampling-check-with-cap_no_interrupt-flag.patch @@ -55923,6 +55926,7 @@ patches.suse/PM-sleep-core-Fix-the-handling-of-pending-runtime-re.patch patches.suse/device-property-Fix-the-secondary-firmware-node-hand.patch patches.suse/hwmon-applesmc-check-status-earlier.patch + patches.suse/0001-XEN-uses-irqdesc-irq_data_common-handler_data-to-sto.patch patches.suse/i2c-core-don-t-fail-prp0001-enumeration-when-no-id-table-exist.patch patches.suse/i2c-rcar-in-slave-mode-clear-NACK-earlier.patch patches.suse/USB-yurex-Fix-bad-gfp-argument.patch @@ -56004,6 +56008,8 @@ patches.suse/drm-radeon-revert-Prefer-lower-feedback-dividers.patch patches.suse/drm-mediatek-Add-exception-handing-in-mtk_drm_probe-.patch patches.suse/drm-mediatek-Add-missing-put_device-call-in-mtk_hdmi.patch + patches.suse/iommu-amd-fix-potential-entry-null-deref + patches.suse/iommu-amd-restore-irte-remapen-bit-for-amd_iommu_activate_guest_mode patches.suse/powerpc-book3s64-radix-Fix-boot-failure-with-large-a.patch patches.suse/USB-UAS-fix-disconnect-by-unplugging-a-hub.patch patches.suse/USB-quirks-Add-USB_QUIRK_IGNORE_REMOTE_WAKEUP-quirk-.patch @@ -56024,9 +56030,14 @@ patches.suse/kvm-svm-add-a-dedicated-invd-intercept-routine.patch patches.suse/clocksource-drivers-h8300_timer8-Fix-wrong-return-va.patch patches.suse/clk-samsung-exynos4-mark-chipid-clock-as-CLK_IGNORE_.patch + patches.suse/ftrace-move-rcu-is-watching-check-after-recursion-check.patch + patches.suse/iommu-exynos-add-missing-put_device-call-in-exynos_iommu_of_xlate patches.suse/mmc-sdhci-Workaround-broken-command-queuing-on-Intel.patch patches.suse/gpio-tc35894-fix-up-tc35894-interrupt-configuration.patch patches.suse/pinctrl-mvebu-Fix-i2c-sda-definition-for-98DX3236.patch + patches.suse/i2c-cpm-Fix-i2c_ram-structure.patch + patches.suse/USB-gadget-f_ncm-Fix-NDP16-datagram-validation.patch + patches.suse/0001-xen-events-don-t-use-chip_data-for-legacy-IRQs.patch # jejb/scsi for-next patches.suse/scsi-smartpqi-identify-physical-devices-without-issuing-inquiry.patch