diff --git a/blacklist.conf b/blacklist.conf index 10d5cb4..6e0a91a 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -472,7 +472,6 @@ f7b16f51753a845b08e977184fb0b76b145ae0ba # clk:ti: reverting the above in 5.15.y 3de360c3fdb34fbdbaf6da3af94367d3fded95d3 # kABI break for no reason 2a735e4b5580a2a6bbd6572109b4c4f163c57462 # this requires 33fb697ec7e58c4f9b6a68d2786441189cd2df92, which is extremely risky c530a3c716b963625e43aa915e0de6b4d1ce8ad9 # PSI unused, see bsc#1204751 -4534dee941056a4ab9dca4a9e2edff28692800b2 # unimportant, scsi/appid must be set by privileged user anyway 5ec9c514d4a0e1749781c4c61485f9a69c212716 # already applied d351c90ce248601ce34fbc5ac817e3362b441b55 # already applied fdabc3f10e774ddc86ba715b9bc0c861d7e0834c # ASoC:wm8997: reverted in below @@ -751,7 +750,6 @@ fe413a074a93d56f89e322c786aad8639afe76b4 # does change a bizarre but existing be c16bdeb5a39ffa3f32b32f812831a2092d2a3061 # we don't have breaker 2863643fb8b9 9df918698408fd914493aba0b7858fef50eba63a # refactoring only 9360d035a579d95d1e76c471061b9065b18a0eb1 # unnecessary, see bsc#1207328 -be288169712f3dea0bc6b50c00b3ab53d85f1435 # performance optimization 671c11f0619e5ccb380bcf0f062f69ba95fc974a # performance optimization b860b9346e2d5667fbae2cefc571bdb6ce665b53 # a cleanup for de5012b41e5c ("s390/ftrace: implement hotpatching") which was not taken e26ef3af964acfea311403126acee8c56c89e26b # cleanup designed to break kABI @@ -819,3 +817,13 @@ f81fead027ecbb525c29d681eb95a222e76306a3 # correction in a comment only 9dba4d24cbb5524dd39ab1e08886373b17f07ff2 # breaks KABI d43b020b0f82c088ef8ff3196ef00575a97d200e # bug introduced by 4831967640916 not present 838d6d3461db0fdbf33fc5f8a69c27b50b4a46da # breaks KABI +e3ec8e0f5711d73f7e5d5c3cffdf4fad4f1487b9 # s390 kABI breakage +53ae7230918154d1f4281d7aa3aae9650436eadf # hardly relevant LLVM test fix +9de209c7d584d6e06ad92f120d83d4f27c200497 # according to the commit message it does not fix a bug +f09354ffd84eef3c88efa8ba6df05efe50cfd16a # just a message improvement +dc306186a130c6d9feb0aabc1c71b8ed1674a3bf # does not fix an actual bug +dc2ab23b992c9d5dab93b9bf01b10b10465e537e # does not fix an actual bug +9097fc793f74ef9c677f8c4aed0c24f6f07f0133 # s390 kABI breakage +ed0192bc644f3553d64a5cb461bdd0b1fbae3fdf # does not fix an actual bug +03cab65a07e083b6c1010fbc8f9b817e9aca75d9 # clang builds +659c0ce1cb9efc7f58d380ca4bb2a51ae9e30553 # keep logging unnecessary capability use (while we don't enforce LSM by default) diff --git a/patches.suse/HID-asus-use-spinlock-to-protect-concurrent-accesses.patch b/patches.suse/HID-asus-use-spinlock-to-protect-concurrent-accesses.patch index 919ad18..a25898e 100644 --- a/patches.suse/HID-asus-use-spinlock-to-protect-concurrent-accesses.patch +++ b/patches.suse/HID-asus-use-spinlock-to-protect-concurrent-accesses.patch @@ -4,7 +4,7 @@ Date: Sun, 12 Feb 2023 19:00:02 +0000 Subject: [PATCH] HID: asus: use spinlock to protect concurrent accesses Git-commit: 315c537068a13f0b5681d33dd045a912f4bece6f Patch-mainline: v6.3-rc1 -References: git-fixes +References: bsc#1208604 CVE-2023-1079 asus driver has a worker that may access data concurrently. Proct the accesses using a spinlock. diff --git a/patches.suse/HID-asus-use-spinlock-to-safely-schedule-workers.patch b/patches.suse/HID-asus-use-spinlock-to-safely-schedule-workers.patch index aee5925..1d1649a 100644 --- a/patches.suse/HID-asus-use-spinlock-to-safely-schedule-workers.patch +++ b/patches.suse/HID-asus-use-spinlock-to-safely-schedule-workers.patch @@ -4,7 +4,7 @@ Date: Sun, 12 Feb 2023 19:00:03 +0000 Subject: [PATCH] HID: asus: use spinlock to safely schedule workers Git-commit: 4ab3a086d10eeec1424f2e8a968827a6336203df Patch-mainline: v6.3-rc1 -References: git-fixes +References: bsc#1208604 CVE-2023-1079 Use spinlocks to deal with workers introducing a wrapper asus_schedule_work(), and several spinlock checks. diff --git a/patches.suse/ceph-force-updating-the-msg-pointer-in-non-split-case.patch b/patches.suse/ceph-force-updating-the-msg-pointer-in-non-split-case.patch new file mode 100644 index 0000000..69f802a --- /dev/null +++ b/patches.suse/ceph-force-updating-the-msg-pointer-in-non-split-case.patch @@ -0,0 +1,48 @@ +From: Xiubo Li +Date: Thu, 18 May 2023 09:47:23 +0800 +Subject: ceph: force updating the msg pointer in non-split case +Git-commit: 4cafd0400bcb6187c0d4ab4d4b0229a89ac4f8c2 +Patch-mainline: v6.4-rc3 +References: bsc#1211804 + +When the MClientSnap reqeust's op is not CEPH_SNAP_OP_SPLIT the +request may still contain a list of 'split_realms', and we need +to skip it anyway. Or it will be parsed as a corrupt snaptrace. + +Cc: stable@vger.kernel.org +Link: https://tracker.ceph.com/issues/61200 +Reported-by: Frank Schilder +Signed-off-by: Xiubo Li +Reviewed-by: Ilya Dryomov +Signed-off-by: Ilya Dryomov +Acked-by: Luís Henriques + +--- + fs/ceph/snap.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/fs/ceph/snap.c b/fs/ceph/snap.c +index 87007203f130..0b236ebd989f 100644 +--- a/fs/ceph/snap.c ++++ b/fs/ceph/snap.c +@@ -1111,6 +1111,19 @@ void ceph_handle_snap(struct ceph_mds_client *mdsc, + continue; + adjust_snap_realm_parent(mdsc, child, realm->ino); + } ++ } else { ++ /* ++ * In the non-split case both 'num_split_inos' and ++ * 'num_split_realms' should be 0, making this a no-op. ++ * However the MDS happens to populate 'split_realms' list ++ * in one of the UPDATE op cases by mistake. ++ * ++ * Skip both lists just in case to ensure that 'p' is ++ * positioned at the start of realm info, as expected by ++ * ceph_update_snap_trace(). ++ */ ++ p += sizeof(u64) * num_split_inos; ++ p += sizeof(u64) * num_split_realms; + } + + /* + diff --git a/patches.suse/cgroup-Homogenize-cgroup_get_from_id-return-value.patch b/patches.suse/cgroup-Homogenize-cgroup_get_from_id-return-value.patch new file mode 100644 index 0000000..b75a2e2 --- /dev/null +++ b/patches.suse/cgroup-Homogenize-cgroup_get_from_id-return-value.patch @@ -0,0 +1,80 @@ +From: =?utf-8?b?TWljaGFsIEtvdXRuw70gPG1rb3V0bnlAc3VzZS5jb20+?= +Date: Fri, 26 Aug 2022 18:52:37 +0200 +Subject: cgroup: Homogenize cgroup_get_from_id() return value +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: fa7e439cf90ba23ea473d0b7d85efd02ae6ccf94 +Patch-mainline: v6.1-rc1 +References: bsc#1205650 + +Cgroup id is user provided datum hence extend its return domain to +include possible error reason (similar to cgroup_get_from_fd()). + +This change also fixes commit d4ccaf58a847 ("bpf: Introduce cgroup +iter") that would use NULL instead of proper error handling in +d4ccaf58a847 ("bpf: Introduce cgroup iter"). + +Additionally, neither of: fc_appid_store, bpf_iter_attach_cgroup, +mem_cgroup_get_from_ino (callers of cgroup_get_from_fd) is built without +CONFIG_CGROUPS (depends via CONFIG_BLK_CGROUP, direct, transitive +CONFIG_MEMCG respectively) transitive, so drop the singular definition +not needed with !CONFIG_CGROUPS. + +Fixes: d4ccaf58a847 ("bpf: Introduce cgroup iter") +Signed-off-by: Michal Koutný +Signed-off-by: Tejun Heo +[mkoutny: drop mem_cgroup_get_from_ino() hunk] +--- + block/blk-cgroup-fc-appid.c | 4 ++-- + include/linux/cgroup.h | 5 ----- + kernel/cgroup/cgroup.c | 4 ++-- + 3 files changed, 4 insertions(+), 9 deletions(-) + +--- a/block/blk-cgroup-fc-appid.c ++++ b/block/blk-cgroup-fc-appid.c +@@ -19,8 +19,8 @@ int blkcg_set_fc_appid(char *app_id, u64 + return -EINVAL; + + cgrp = cgroup_get_from_id(cgrp_id); +- if (!cgrp) +- return -ENOENT; ++ if (IS_ERR(cgrp)) ++ return PTR_ERR(cgrp); + css = cgroup_get_e_css(cgrp, &io_cgrp_subsys); + if (!css) { + ret = -ENOENT; +--- a/include/linux/cgroup.h ++++ b/include/linux/cgroup.h +@@ -751,11 +751,6 @@ static inline bool task_under_cgroup_hie + + static inline void cgroup_path_from_kernfs_id(u64 id, char *buf, size_t buflen) + {} +- +-static inline struct cgroup *cgroup_get_from_id(u64 id) +-{ +- return NULL; +-} + #endif /* !CONFIG_CGROUPS */ + + #ifdef CONFIG_CGROUPS +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -6002,7 +6002,7 @@ void cgroup_path_from_kernfs_id(u64 id, + /* + * cgroup_get_from_id : get the cgroup associated with cgroup id + * @id: cgroup id +- * On success return the cgrp, on failure return NULL ++ * On success return the cgrp or ERR_PTR on failure + * Only cgroups within current task's cgroup NS are valid. + */ + struct cgroup *cgroup_get_from_id(u64 id) +@@ -6038,7 +6038,7 @@ put: + cgrp = NULL; + } + out: +- return cgrp; ++ return cgrp ?: ERR_PTR(-ENOENT); + } + EXPORT_SYMBOL_GPL(cgroup_get_from_id); + diff --git a/patches.suse/cgroup-Honor-caller-s-cgroup-NS-when-resolving-path.patch b/patches.suse/cgroup-Honor-caller-s-cgroup-NS-when-resolving-path.patch new file mode 100644 index 0000000..1ef4ee1 --- /dev/null +++ b/patches.suse/cgroup-Honor-caller-s-cgroup-NS-when-resolving-path.patch @@ -0,0 +1,44 @@ +From: =?utf-8?b?TWljaGFsIEtvdXRuw70gPG1rb3V0bnlAc3VzZS5jb20+?= +Date: Fri, 26 Aug 2022 18:52:35 +0200 +Subject: cgroup: Honor caller's cgroup NS when resolving path +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 74e4b956eb1cac0e4c10c240339b1bbfbc9a4c48 +Patch-mainline: v6.1-rc1 +References: bsc#1205650 + +cgroup_get_from_path() is not widely used function. Its callers presume +the path is resolved under cgroup namespace. (There is one caller +currently and resolving in init NS won't make harm (netfilter). However, +future users may be subject to different effects when resolving +globally.) +Since, there's currently no use for the global resolution, modify the +existing function to take cgroup NS into account. + +Fixes: a79a908fd2b0 ("cgroup: introduce cgroup namespaces") +Signed-off-by: Michal Koutný +Signed-off-by: Tejun Heo +--- + kernel/cgroup/cgroup.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c +index 627ff0f07da7..1c7ab4109251 100644 +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -6602,8 +6602,12 @@ struct cgroup *cgroup_get_from_path(const char *path) + { + struct kernfs_node *kn; + struct cgroup *cgrp = ERR_PTR(-ENOENT); ++ struct cgroup *root_cgrp; + +- kn = kernfs_walk_and_get(cgrp_dfl_root.cgrp.kn, path); ++ spin_lock_irq(&css_set_lock); ++ root_cgrp = current_cgns_cgroup_from_root(&cgrp_dfl_root); ++ kn = kernfs_walk_and_get(root_cgrp->kn, path); ++ spin_unlock_irq(&css_set_lock); + if (!kn) + goto out; + + diff --git a/patches.suse/cgroup-Make-cgroup_get_from_id-prettier.patch b/patches.suse/cgroup-Make-cgroup_get_from_id-prettier.patch new file mode 100644 index 0000000..b48d21f --- /dev/null +++ b/patches.suse/cgroup-Make-cgroup_get_from_id-prettier.patch @@ -0,0 +1,80 @@ +From: Tejun Heo +Date: Fri, 23 Sep 2022 07:23:06 -1000 +Subject: cgroup: Make cgroup_get_from_id() prettier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 7e1eb5437d3c3fdb61d45378579aab383cafc694 +Patch-mainline: v6.1-rc1 +References: bsc#1205650 + +After merging 836ac87d ("cgroup: fix cgroup_get_from_id") into for-6.1, its +combination with two commits in for-6.1 - 4534dee9 ("cgroup: cgroup: Honor +caller's cgroup NS when resolving cgroup id") and fa7e439c ("cgroup: +Homogenize cgroup_get_from_id() return value") - makes the gotos in the +error handling path too ugly while not adding anything of value. + +All that the gotos are saving is one extra kernfs_put() call. Let's remove +the gotos and perform error returns directly. + +Signed-off-by: Tejun Heo +Cc: Ming Lei +Cc: Michal Koutný + +Acked-by: Michal Koutný +--- + kernel/cgroup/cgroup.c | 19 ++++++++++--------- + 1 file changed, 10 insertions(+), 9 deletions(-) + +diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c +index 0d93cd17548c..c1f1ef6090da 100644 +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -6066,14 +6066,16 @@ void cgroup_path_from_kernfs_id(u64 id, char *buf, size_t buflen) + struct cgroup *cgroup_get_from_id(u64 id) + { + struct kernfs_node *kn; +- struct cgroup *cgrp = NULL, *root_cgrp; ++ struct cgroup *cgrp, *root_cgrp; + + kn = kernfs_find_and_get_node_by_id(cgrp_dfl_root.kf_root, id); + if (!kn) +- goto out; ++ return ERR_PTR(-ENOENT); + +- if (kernfs_type(kn) != KERNFS_DIR) +- goto put; ++ if (kernfs_type(kn) != KERNFS_DIR) { ++ kernfs_put(kn); ++ return ERR_PTR(-ENOENT); ++ } + + rcu_read_lock(); + +@@ -6082,21 +6084,20 @@ struct cgroup *cgroup_get_from_id(u64 id) + cgrp = NULL; + + rcu_read_unlock(); +-put: + kernfs_put(kn); + + if (!cgrp) +- goto out; ++ return ERR_PTR(-ENOENT); + + spin_lock_irq(&css_set_lock); + root_cgrp = current_cgns_cgroup_from_root(&cgrp_dfl_root); + spin_unlock_irq(&css_set_lock); + if (!cgroup_is_descendant(cgrp, root_cgrp)) { + cgroup_put(cgrp); +- cgrp = NULL; ++ return ERR_PTR(-ENOENT); + } +-out: +- return cgrp ?: ERR_PTR(-ENOENT); ++ ++ return cgrp; + } + EXPORT_SYMBOL_GPL(cgroup_get_from_id); + + diff --git a/patches.suse/cgroup-Reorganize-css_set_lock-and-kernfs-path-processing.patch b/patches.suse/cgroup-Reorganize-css_set_lock-and-kernfs-path-processing.patch new file mode 100644 index 0000000..9a181d5 --- /dev/null +++ b/patches.suse/cgroup-Reorganize-css_set_lock-and-kernfs-path-processing.patch @@ -0,0 +1,131 @@ +From: =?utf-8?b?TWljaGFsIEtvdXRuw70gPG1rb3V0bnlAc3VzZS5jb20+?= +Date: Mon, 10 Oct 2022 10:29:18 +0200 +Subject: cgroup: Reorganize css_set_lock and kernfs path processing +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 46307fd6e27a3f678a1678b02e667678c22aa8cc +Patch-mainline: v6.1-rc2 +References: bsc#1205650 + +The commit 74e4b956eb1c incorrectly wrapped kernfs_walk_and_get +(might_sleep) under css_set_lock (spinlock). css_set_lock is needed by +__cset_cgroup_from_root to ensure stable cset->cgrp_links but not for +kernfs_walk_and_get. + +We only need to make sure that the returned root_cgrp won't be freed +under us. This is given in the case of global root because it is static +(cgrp_dfl_root.cgrp). When the root_cgrp is lower in the hierarchy, it +is pinned by cgroup_ns->root_cset (and `current` task cannot switch +namespace asynchronously so ns_proxy pins cgroup_ns). + +Note this reasoning won't hold for root cgroups in v1 hierarchies, +therefore create a special-cased helper function just for the default +hierarchy. + +Fixes: 74e4b956eb1c ("cgroup: Honor caller's cgroup NS when resolving path") +Reported-by: Dan Carpenter +Signed-off-by: Michal Koutný +Signed-off-by: Tejun Heo +--- + kernel/cgroup/cgroup.c | 40 +++++++++++++++++++++++++++------------- + 1 file changed, 27 insertions(+), 13 deletions(-) + +diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c +index 764bdd5fd8d1..ecf409e3c3a7 100644 +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -1392,6 +1392,9 @@ static void cgroup_destroy_root(struct cgroup_root *root) + cgroup_free_root(root); + } + ++/* ++ * Returned cgroup is without refcount but it's valid as long as cset pins it. ++ */ + static inline struct cgroup *__cset_cgroup_from_root(struct css_set *cset, + struct cgroup_root *root) + { +@@ -1403,6 +1406,7 @@ static inline struct cgroup *__cset_cgroup_from_root(struct css_set *cset, + res_cgroup = cset->dfl_cgrp; + } else { + struct cgrp_cset_link *link; ++ lockdep_assert_held(&css_set_lock); + + list_for_each_entry(link, &cset->cgrp_links, cgrp_link) { + struct cgroup *c = link->cgrp; +@@ -1414,6 +1418,7 @@ static inline struct cgroup *__cset_cgroup_from_root(struct css_set *cset, + } + } + ++ BUG_ON(!res_cgroup); + return res_cgroup; + } + +@@ -1436,23 +1441,36 @@ current_cgns_cgroup_from_root(struct cgroup_root *root) + + rcu_read_unlock(); + +- BUG_ON(!res); + return res; + } + ++/* ++ * Look up cgroup associated with current task's cgroup namespace on the default ++ * hierarchy. ++ * ++ * Unlike current_cgns_cgroup_from_root(), this doesn't need locks: ++ * - Internal rcu_read_lock is unnecessary because we don't dereference any rcu ++ * pointers. ++ * - css_set_lock is not needed because we just read cset->dfl_cgrp. ++ * - As a bonus returned cgrp is pinned with the current because it cannot ++ * switch cgroup_ns asynchronously. ++ */ ++static struct cgroup *current_cgns_cgroup_dfl(void) ++{ ++ struct css_set *cset; ++ ++ cset = current->nsproxy->cgroup_ns->root_cset; ++ return __cset_cgroup_from_root(cset, &cgrp_dfl_root); ++} ++ + /* look up cgroup associated with given css_set on the specified hierarchy */ + static struct cgroup *cset_cgroup_from_root(struct css_set *cset, + struct cgroup_root *root) + { +- struct cgroup *res = NULL; +- + lockdep_assert_held(&cgroup_mutex); + lockdep_assert_held(&css_set_lock); + +- res = __cset_cgroup_from_root(cset, root); +- +- BUG_ON(!res); +- return res; ++ return __cset_cgroup_from_root(cset, root); + } + + /* +@@ -6105,9 +6123,7 @@ struct cgroup *cgroup_get_from_id(u64 id) + if (!cgrp) + return ERR_PTR(-ENOENT); + +- spin_lock_irq(&css_set_lock); +- root_cgrp = current_cgns_cgroup_from_root(&cgrp_dfl_root); +- spin_unlock_irq(&css_set_lock); ++ root_cgrp = current_cgns_cgroup_dfl(); + if (!cgroup_is_descendant(cgrp, root_cgrp)) { + cgroup_put(cgrp); + return ERR_PTR(-ENOENT); +@@ -6686,10 +6702,8 @@ struct cgroup *cgroup_get_from_path(const char *path) + struct cgroup *cgrp = ERR_PTR(-ENOENT); + struct cgroup *root_cgrp; + +- spin_lock_irq(&css_set_lock); +- root_cgrp = current_cgns_cgroup_from_root(&cgrp_dfl_root); ++ root_cgrp = current_cgns_cgroup_dfl(); + kn = kernfs_walk_and_get(root_cgrp->kn, path); +- spin_unlock_irq(&css_set_lock); + if (!kn) + goto out; + + diff --git a/patches.suse/cgroup-cgroup-Honor-caller-s-cgroup-NS-when-resolving-cgroup-id.patch b/patches.suse/cgroup-cgroup-Honor-caller-s-cgroup-NS-when-resolving-cgroup-id.patch new file mode 100644 index 0000000..9d7e1a7 --- /dev/null +++ b/patches.suse/cgroup-cgroup-Honor-caller-s-cgroup-NS-when-resolving-cgroup-id.patch @@ -0,0 +1,69 @@ +From: =?utf-8?b?TWljaGFsIEtvdXRuw70gPG1rb3V0bnlAc3VzZS5jb20+?= +Date: Fri, 26 Aug 2022 18:52:36 +0200 +Subject: cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 4534dee941056a4ab9dca4a9e2edff28692800b2 +Patch-mainline: v6.1-rc1 +References: bsc#1205650 + +Cgroup ids are resolved in the global scope. That may be needed sometime +(in future) but currently it violates virtual view provided through +cgroup namespaces. + +There are currently following users of the resolution: +- fc_appid_store +- bpf_iter_attach_cgroup +- mem_cgroup_get_from_ino + +None of the is a called on behalf of kernel but the resolution is made +with proper userspace context, hence the default to current->nsproxy +makes sens. (This doesn't rule out cgroup_get_from_id with cgroup NS +parameter in the future.) + +Since cgroup ids are defined on v2 hierarchy only, we simply check +existence in the cgroup namespace by looking at ancestry on the default +hierarchy. + +Fixes: 6b658c4863c1 ("scsi: cgroup: Add cgroup_get_from_id()") +Signed-off-by: Michal Koutný +Signed-off-by: Tejun Heo +--- + kernel/cgroup/cgroup.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -6003,11 +6003,12 @@ void cgroup_path_from_kernfs_id(u64 id, + * cgroup_get_from_id : get the cgroup associated with cgroup id + * @id: cgroup id + * On success return the cgrp, on failure return NULL ++ * Only cgroups within current task's cgroup NS are valid. + */ + struct cgroup *cgroup_get_from_id(u64 id) + { + struct kernfs_node *kn; +- struct cgroup *cgrp = NULL; ++ struct cgroup *cgrp = NULL, *root_cgrp; + + kn = kernfs_find_and_get_node_by_id(cgrp_dfl_root.kf_root, id); + if (!kn) +@@ -6025,6 +6026,17 @@ struct cgroup *cgroup_get_from_id(u64 id + rcu_read_unlock(); + put: + kernfs_put(kn); ++ ++ if (!cgrp) ++ goto out; ++ ++ spin_lock_irq(&css_set_lock); ++ root_cgrp = current_cgns_cgroup_from_root(&cgrp_dfl_root); ++ spin_unlock_irq(&css_set_lock); ++ if (!cgroup_is_descendant(cgrp, root_cgrp)) { ++ cgroup_put(cgrp); ++ cgrp = NULL; ++ } + out: + return cgrp; + } diff --git a/patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch b/patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch index 8a47c73..1f7ffe8 100644 --- a/patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch +++ b/patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch @@ -16,26 +16,32 @@ Signed-off-by: Ming Lei Acked-by: Mukesh Ojha Cc: stable@vger.kernel.org # v5.14+ Signed-off-by: Tejun Heo -[mkoutny: adjust context] Acked-by: Michal Koutný --- - kernel/cgroup/cgroup.c | 4 ++++ - 1 file changed, 4 insertions(+) + kernel/cgroup/cgroup.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) +diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c +index e4bb5d57f4d1..5f2090d051ac 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c -@@ -6018,9 +6018,13 @@ struct cgroup *cgroup_get_from_id(u64 id +@@ -6049,6 +6049,9 @@ struct cgroup *cgroup_get_from_id(u64 id) if (!kn) - goto out_unlock; + goto out; + if (kernfs_type(kn) != KERNFS_DIR) + goto put; + - cgrp = kn->priv; - if (cgroup_is_dead(cgrp) || !cgroup_tryget(cgrp)) + rcu_read_lock(); + + cgrp = rcu_dereference(*(void __rcu __force **)&kn->priv); +@@ -6056,7 +6059,7 @@ struct cgroup *cgroup_get_from_id(u64 id) cgrp = NULL; + + rcu_read_unlock(); +- +put: kernfs_put(kn); - out_unlock: - mutex_unlock(&cgroup_mutex); + out: + return cgrp; diff --git a/patches.suse/cgroup-reduce-dependency-on-cgroup_mutex.patch b/patches.suse/cgroup-reduce-dependency-on-cgroup_mutex.patch new file mode 100644 index 0000000..4857f65 --- /dev/null +++ b/patches.suse/cgroup-reduce-dependency-on-cgroup_mutex.patch @@ -0,0 +1,109 @@ +From: Shakeel Butt +Date: Sun, 24 Oct 2021 23:19:14 -0700 +Subject: cgroup: reduce dependency on cgroup_mutex +Git-commit: be288169712f3dea0bc6b50c00b3ab53d85f1435 +Patch-mainline: v5.16-rc1 +References: bsc#1205650 + +Currently cgroup_get_from_path() and cgroup_get_from_id() grab +cgroup_mutex before traversing the default hierarchy to find the +kernfs_node corresponding to the path/id and then extract the linked +cgroup. Since cgroup_mutex is still held, it is guaranteed that the +cgroup will be alive and the reference can be taken on it. + +However similar guarantee can be provided without depending on the +cgroup_mutex and potentially reducing avenues of cgroup_mutex contentions. +The kernfs_node's priv pointer is RCU protected pointer and with just +rcu read lock we can grab the reference on the cgroup without +cgroup_mutex. So, remove cgroup_mutex from them. + +Signed-off-by: Shakeel Butt +Signed-off-by: Tejun Heo +Acked-by: Michal Koutný +--- + kernel/cgroup/cgroup.c | 51 ++++++++++++++++++++++++++++---------------------- + 1 file changed, 29 insertions(+), 22 deletions(-) + +diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c +index 2e98db4558f2..003204c85893 100644 +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -5932,17 +5932,20 @@ struct cgroup *cgroup_get_from_id(u64 id) + struct kernfs_node *kn; + struct cgroup *cgrp = NULL; + +- mutex_lock(&cgroup_mutex); + kn = kernfs_find_and_get_node_by_id(cgrp_dfl_root.kf_root, id); + if (!kn) +- goto out_unlock; ++ goto out; ++ ++ rcu_read_lock(); + +- cgrp = kn->priv; +- if (cgroup_is_dead(cgrp) || !cgroup_tryget(cgrp)) ++ cgrp = rcu_dereference(*(void __rcu __force **)&kn->priv); ++ if (cgrp && !cgroup_tryget(cgrp)) + cgrp = NULL; ++ ++ rcu_read_unlock(); ++ + kernfs_put(kn); +-out_unlock: +- mutex_unlock(&cgroup_mutex); ++out: + return cgrp; + } + EXPORT_SYMBOL_GPL(cgroup_get_from_id); +@@ -6495,30 +6498,34 @@ struct cgroup_subsys_state *css_from_id(int id, struct cgroup_subsys *ss) + * + * Find the cgroup at @path on the default hierarchy, increment its + * reference count and return it. Returns pointer to the found cgroup on +- * success, ERR_PTR(-ENOENT) if @path doesn't exist and ERR_PTR(-ENOTDIR) +- * if @path points to a non-directory. ++ * success, ERR_PTR(-ENOENT) if @path doesn't exist or if the cgroup has already ++ * been released and ERR_PTR(-ENOTDIR) if @path points to a non-directory. + */ + struct cgroup *cgroup_get_from_path(const char *path) + { + struct kernfs_node *kn; +- struct cgroup *cgrp; +- +- mutex_lock(&cgroup_mutex); ++ struct cgroup *cgrp = ERR_PTR(-ENOENT); + + kn = kernfs_walk_and_get(cgrp_dfl_root.cgrp.kn, path); +- if (kn) { +- if (kernfs_type(kn) == KERNFS_DIR) { +- cgrp = kn->priv; +- cgroup_get_live(cgrp); +- } else { +- cgrp = ERR_PTR(-ENOTDIR); +- } +- kernfs_put(kn); +- } else { +- cgrp = ERR_PTR(-ENOENT); ++ if (!kn) ++ goto out; ++ ++ if (kernfs_type(kn) != KERNFS_DIR) { ++ cgrp = ERR_PTR(-ENOTDIR); ++ goto out_kernfs; + } + +- mutex_unlock(&cgroup_mutex); ++ rcu_read_lock(); ++ ++ cgrp = rcu_dereference(*(void __rcu __force **)&kn->priv); ++ if (!cgrp || !cgroup_tryget(cgrp)) ++ cgrp = ERR_PTR(-ENOENT); ++ ++ rcu_read_unlock(); ++ ++out_kernfs: ++ kernfs_put(kn); ++out: + return cgrp; + } + EXPORT_SYMBOL_GPL(cgroup_get_from_path); + diff --git a/patches.suse/cgroup.c-add-helper-__cset_cgroup_from_root-to-cleanup-duplicated-codes.patch b/patches.suse/cgroup.c-add-helper-__cset_cgroup_from_root-to-cleanup-duplicated-codes.patch new file mode 100644 index 0000000..a297b6c --- /dev/null +++ b/patches.suse/cgroup.c-add-helper-__cset_cgroup_from_root-to-cleanup-duplicated-codes.patch @@ -0,0 +1,103 @@ +From: Lin Feng +Date: Thu, 16 Jun 2022 18:38:30 +0800 +Subject: cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated + codes +Git-commit: e210a89f5b07680fe21d21e846e6817346c5ba3b +Patch-mainline: v6.0-rc1 +References: bsc#1203906 + +No funtionality change, but save us some lines. + +Signed-off-by: Lin Feng +Acked-by: Mukesh Ojha +Signed-off-by: Tejun Heo +Acked-by: Michal Koutný +--- + kernel/cgroup/cgroup.c | 58 +++++++++++++++++++++++--------------------------- + 1 file changed, 27 insertions(+), 31 deletions(-) + +diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c +index 90a654cb8a1e..4b67e6da6bf2 100644 +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -1376,6 +1376,31 @@ static void cgroup_destroy_root(struct cgroup_root *root) + cgroup_free_root(root); + } + ++static inline struct cgroup *__cset_cgroup_from_root(struct css_set *cset, ++ struct cgroup_root *root) ++{ ++ struct cgroup *res_cgroup = NULL; ++ ++ if (cset == &init_css_set) { ++ res_cgroup = &root->cgrp; ++ } else if (root == &cgrp_dfl_root) { ++ res_cgroup = cset->dfl_cgrp; ++ } else { ++ struct cgrp_cset_link *link; ++ ++ list_for_each_entry(link, &cset->cgrp_links, cgrp_link) { ++ struct cgroup *c = link->cgrp; ++ ++ if (c->root == root) { ++ res_cgroup = c; ++ break; ++ } ++ } ++ } ++ ++ return res_cgroup; ++} ++ + /* + * look up cgroup associated with current task's cgroup namespace on the + * specified hierarchy +@@ -1391,22 +1416,8 @@ current_cgns_cgroup_from_root(struct cgroup_root *root) + rcu_read_lock(); + + cset = current->nsproxy->cgroup_ns->root_cset; +- if (cset == &init_css_set) { +- res = &root->cgrp; +- } else if (root == &cgrp_dfl_root) { +- res = cset->dfl_cgrp; +- } else { +- struct cgrp_cset_link *link; +- +- list_for_each_entry(link, &cset->cgrp_links, cgrp_link) { +- struct cgroup *c = link->cgrp; ++ res = __cset_cgroup_from_root(cset, root); + +- if (c->root == root) { +- res = c; +- break; +- } +- } +- } + rcu_read_unlock(); + + BUG_ON(!res); +@@ -1422,22 +1433,7 @@ static struct cgroup *cset_cgroup_from_root(struct css_set *cset, + lockdep_assert_held(&cgroup_mutex); + lockdep_assert_held(&css_set_lock); + +- if (cset == &init_css_set) { +- res = &root->cgrp; +- } else if (root == &cgrp_dfl_root) { +- res = cset->dfl_cgrp; +- } else { +- struct cgrp_cset_link *link; +- +- list_for_each_entry(link, &cset->cgrp_links, cgrp_link) { +- struct cgroup *c = link->cgrp; +- +- if (c->root == root) { +- res = c; +- break; +- } +- } +- } ++ res = __cset_cgroup_from_root(cset, root); + + BUG_ON(!res); + return res; + diff --git a/patches.suse/dm-ioctl-fix-nested-locking-in-table_clear-to-remove-deadlock-concern-3b89.patch b/patches.suse/dm-ioctl-fix-nested-locking-in-table_clear-to-remove-deadlock-concern-3b89.patch new file mode 100644 index 0000000..1d762fd --- /dev/null +++ b/patches.suse/dm-ioctl-fix-nested-locking-in-table_clear-to-remove-deadlock-concern-3b89.patch @@ -0,0 +1,58 @@ +From 3d32aaa7e66d5c1479a3c31d6c2c5d45dd0d3b89 Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Mon, 17 Apr 2023 11:59:56 -0400 +Subject: [PATCH] dm ioctl: fix nested locking in table_clear() to remove + deadlock concern +Git-commit: 3d32aaa7e66d5c1479a3c31d6c2c5d45dd0d3b89 +Patch-mainline: v6.4-rc1 +References: bsc#1210806, CVE-2023-2269 + +syzkaller found the following problematic rwsem locking (with write +lock already held): + + down_read+0x9d/0x450 kernel/locking/rwsem.c:1509 + dm_get_inactive_table+0x2b/0xc0 drivers/md/dm-ioctl.c:773 + __dev_status+0x4fd/0x7c0 drivers/md/dm-ioctl.c:844 + table_clear+0x197/0x280 drivers/md/dm-ioctl.c:1537 + +In table_clear, it first acquires a write lock +https://elixir.bootlin.com/linux/v6.2/source/drivers/md/dm-ioctl.c#L1520 +down_write(&_hash_lock); + +Then before the lock is released at L1539, there is a path shown above: +table_clear -> __dev_status -> dm_get_inactive_table -> down_read +https://elixir.bootlin.com/linux/v6.2/source/drivers/md/dm-ioctl.c#L773 +down_read(&_hash_lock); + +It tries to acquire the same read lock again, resulting in the deadlock +problem. + +Fix this by moving table_clear()'s __dev_status() call to after its +up_write(&_hash_lock); + +Cc: stable@vger.kernel.org +Reported-by: Zheng Zhang +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li +--- + drivers/md/dm-ioctl.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/drivers/md/dm-ioctl.c ++++ b/drivers/md/dm-ioctl.c +@@ -1512,11 +1512,12 @@ static int table_clear(struct file *filp + hc->new_map = NULL; + } + +- param->flags &= ~DM_INACTIVE_PRESENT_FLAG; +- +- __dev_status(hc->md, param); + md = hc->md; + up_write(&_hash_lock); ++ ++ param->flags &= ~DM_INACTIVE_PRESENT_FLAG; ++ __dev_status(md, param); ++ + if (old_map) { + dm_sync_table(md); + dm_table_destroy(old_map); diff --git a/patches.suse/fuse-always-revalidate-rename-target-dentry.patch b/patches.suse/fuse-always-revalidate-rename-target-dentry.patch new file mode 100644 index 0000000..abbdd13 --- /dev/null +++ b/patches.suse/fuse-always-revalidate-rename-target-dentry.patch @@ -0,0 +1,37 @@ +From: Jiachen Zhang +Date: Wed, 28 Sep 2022 20:19:34 +0800 +Subject: fuse: always revalidate rename target dentry +Git-commit: ccc031e26afe60d2a5a3d93dabd9c978210825fb +Patch-mainline: v6.2-rc1 +References: bsc#1211808 + +The previous commit df8629af2934 ("fuse: always revalidate if exclusive +create") ensures that the dentries are revalidated on O_EXCL creates. This +commit complements it by also performing revalidation for rename target +dentries. Otherwise, a rename target file that only exists in kernel +dentry cache but not in the filesystem will result in EEXIST if +RENAME_NOREPLACE flag is used. + +Signed-off-by: Jiachen Zhang +Signed-off-by: Zhang Tianci +Signed-off-by: Miklos Szeredi +Acked-by: Luís Henriques + +--- + fs/fuse/dir.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c +index d092c7d75929..2c4b08a6ec81 100644 +--- a/fs/fuse/dir.c ++++ b/fs/fuse/dir.c +@@ -214,7 +214,7 @@ static int fuse_dentry_revalidate(struct dentry *entry, unsigned int flags) + if (inode && fuse_is_bad(inode)) + goto invalid; + else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) || +- (flags & (LOOKUP_EXCL | LOOKUP_REVAL))) { ++ (flags & (LOOKUP_EXCL | LOOKUP_REVAL | LOOKUP_RENAME_TARGET))) { + struct fuse_entry_out outarg; + FUSE_ARGS(args); + struct fuse_forget_link *forget; + diff --git a/patches.suse/fuse-fix-attr-version-comparison-in-fuse_read_update_.patch b/patches.suse/fuse-fix-attr-version-comparison-in-fuse_read_update_.patch new file mode 100644 index 0000000..5517cda --- /dev/null +++ b/patches.suse/fuse-fix-attr-version-comparison-in-fuse_read_update_.patch @@ -0,0 +1,34 @@ +From: Miklos Szeredi +Date: Fri, 22 Oct 2021 17:03:03 +0200 +Subject: fuse: fix attr version comparison in fuse_read_update_size() +Git-commit: 484ce65715b06aead8c4901f01ca32c5a240bc71 +Patch-mainline: v5.16-rc1 +References: bsc#1211807 + +A READ request returning a short count is taken as indication of EOF, and +the cached file size is modified accordingly. + +Fix the attribute version checking to allow for changes to fc->attr_version +on other inodes. + +Signed-off-by: Miklos Szeredi +Acked-by: Luís Henriques + +--- + fs/fuse/file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/fuse/file.c b/fs/fuse/file.c +index c3fd88da2a0b..ddd563fda648 100644 +--- a/fs/fuse/file.c ++++ b/fs/fuse/file.c +@@ -787,7 +787,7 @@ static void fuse_read_update_size(struct inode *inode, loff_t size, + struct fuse_inode *fi = get_fuse_inode(inode); + + spin_lock(&fi->lock); +- if (attr_ver == fi->attr_version && size < inode->i_size && ++ if (attr_ver >= fi->attr_version && size < inode->i_size && + !test_bit(FUSE_I_SIZE_UNSTABLE, &fi->state)) { + fi->attr_version = atomic64_inc_return(&fc->attr_version); + i_size_write(inode, size); + diff --git a/patches.suse/futex-Resend-potentially-swallowed-owner-death-notif.patch b/patches.suse/futex-Resend-potentially-swallowed-owner-death-notif.patch new file mode 100644 index 0000000..81015bb --- /dev/null +++ b/patches.suse/futex-Resend-potentially-swallowed-owner-death-notif.patch @@ -0,0 +1,103 @@ +From 90d758896787048fa3d4209309d4800f3920e66f Mon Sep 17 00:00:00 2001 +From: Alexey Izbyshev +Date: Sat, 12 Nov 2022 00:54:39 +0300 +Subject: [PATCH] futex: Resend potentially swallowed owner death notification +Git-commit: 90d758896787048fa3d4209309d4800f3920e66f +Patch-mainline: v6.2-rc1 +References: git-fixes + +Commit ca16d5bee598 ("futex: Prevent robust futex exit race") addressed +two cases when tasks waiting on a robust non-PI futex remained blocked +despite the futex not being owned anymore: + +* if the owner died after writing zero to the futex word, but before + waking up a waiter + +* if a task waiting on the futex was woken up, but died before updating + the futex word (effectively swallowing the notification without acting + on it) + +In the second case, the task could be woken up either by the previous +owner (after the futex word was reset to zero) or by the kernel (after +the OWNER_DIED bit was set and the TID part of the futex word was reset +to zero) if the previous owner died without the resetting the futex. + +Because the referenced commit wakes up a potential waiter only if the +whole futex word is zero, the latter subcase remains unaddressed. + +Fix this by looking only at the TID part of the futex when deciding +whether a wake up is needed. + +Fixes: ca16d5bee598 ("futex: Prevent robust futex exit race") +Signed-off-by: Alexey Izbyshev +Signed-off-by: Thomas Gleixner +Acked-by: Peter Zijlstra (Intel) +Link: https://lore.kernel.org/r/20221111215439.248185-1-izbyshev@ispras.ru +Signed-off-by: Jiri Wiesner +--- + kernel/futex/core.c | 26 +++++++++++++++++--------- + 1 file changed, 17 insertions(+), 9 deletions(-) + +diff --git a/kernel/futex/core.c b/kernel/futex/core.c +index b22ef1efe751..514e4582b863 100644 +--- a/kernel/futex/core.c ++++ b/kernel/futex/core.c +@@ -638,6 +638,7 @@ static int handle_futex_death(u32 __user *uaddr, struct task_struct *curr, + bool pi, bool pending_op) + { + u32 uval, nval, mval; ++ pid_t owner; + int err; + + /* Futex address must be 32bit aligned */ +@@ -659,6 +660,10 @@ static int handle_futex_death(u32 __user *uaddr, struct task_struct *curr, + * 2. A woken up waiter is killed before it can acquire the + * futex in user space. + * ++ * In the second case, the wake up notification could be generated ++ * by the unlock path in user space after setting the futex value ++ * to zero or by the kernel after setting the OWNER_DIED bit below. ++ * + * In both cases the TID validation below prevents a wakeup of + * potential waiters which can cause these waiters to block + * forever. +@@ -667,24 +672,27 @@ static int handle_futex_death(u32 __user *uaddr, struct task_struct *curr, + * + * 1) task->robust_list->list_op_pending != NULL + * @pending_op == true +- * 2) User space futex value == 0 ++ * 2) The owner part of user space futex value == 0 + * 3) Regular futex: @pi == false + * + * If these conditions are met, it is safe to attempt waking up a + * potential waiter without touching the user space futex value and +- * trying to set the OWNER_DIED bit. The user space futex value is +- * uncontended and the rest of the user space mutex state is +- * consistent, so a woken waiter will just take over the +- * uncontended futex. Setting the OWNER_DIED bit would create +- * inconsistent state and malfunction of the user space owner died +- * handling. ++ * trying to set the OWNER_DIED bit. If the futex value is zero, ++ * the rest of the user space mutex state is consistent, so a woken ++ * waiter will just take over the uncontended futex. Setting the ++ * OWNER_DIED bit would create inconsistent state and malfunction ++ * of the user space owner died handling. Otherwise, the OWNER_DIED ++ * bit is already set, and the woken waiter is expected to deal with ++ * this. + */ +- if (pending_op && !pi && !uval) { ++ owner = uval & FUTEX_TID_MASK; ++ ++ if (pending_op && !pi && !owner) { + futex_wake(uaddr, 1, 1, FUTEX_BITSET_MATCH_ANY); + return 0; + } + +- if ((uval & FUTEX_TID_MASK) != task_pid_vnr(curr)) ++ if (owner != task_pid_vnr(curr)) + return 0; + + /* +-- +2.35.3 + diff --git a/patches.suse/locking-rwsem-Add-__always_inline-annotation-to-__do.patch b/patches.suse/locking-rwsem-Add-__always_inline-annotation-to-__do.patch new file mode 100644 index 0000000..c4aaebe --- /dev/null +++ b/patches.suse/locking-rwsem-Add-__always_inline-annotation-to-__do.patch @@ -0,0 +1,69 @@ +From 92cc5d00a431e96e5a49c0b97e5ad4fa7536bd4b Mon Sep 17 00:00:00 2001 +From: John Stultz +Date: Wed, 3 May 2023 02:33:51 +0000 +Subject: [PATCH] locking/rwsem: Add __always_inline annotation to + __down_read_common() and inlined callers +Git-commit: 92cc5d00a431e96e5a49c0b97e5ad4fa7536bd4b +Patch-mainline: v6.4-rc2 +References: git-fixes + +Apparently despite it being marked inline, the compiler +may not inline __down_read_common() which makes it difficult +to identify the cause of lock contention, as the blocked +function in traceevents will always be listed as +__down_read_common(). + +So this patch adds __always_inline annotation to the common +function (as well as the inlined helper callers) to force it to +be inlined so the blocking function will be listed (via Wchan) +in traceevents. + +Fixes: c995e638ccbb ("locking/rwsem: Fold __down_{read,write}*()") +Reported-by: Tim Murray +Signed-off-by: John Stultz +Signed-off-by: Peter Zijlstra (Intel) +Reviewed-by: Waiman Long +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20230503023351.2832796-1-jstultz@google.com +Signed-off-by: Jiri Wiesner +--- + kernel/locking/rwsem.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/kernel/locking/rwsem.c b/kernel/locking/rwsem.c +index acb5a50309a1..9eabd585ce7a 100644 +--- a/kernel/locking/rwsem.c ++++ b/kernel/locking/rwsem.c +@@ -1240,7 +1240,7 @@ static struct rw_semaphore *rwsem_downgrade_wake(struct rw_semaphore *sem) + /* + * lock for reading + */ +-static inline int __down_read_common(struct rw_semaphore *sem, int state) ++static __always_inline int __down_read_common(struct rw_semaphore *sem, int state) + { + int ret = 0; + long count; +@@ -1258,17 +1258,17 @@ static inline int __down_read_common(struct rw_semaphore *sem, int state) + return ret; + } + +-static inline void __down_read(struct rw_semaphore *sem) ++static __always_inline void __down_read(struct rw_semaphore *sem) + { + __down_read_common(sem, TASK_UNINTERRUPTIBLE); + } + +-static inline int __down_read_interruptible(struct rw_semaphore *sem) ++static __always_inline int __down_read_interruptible(struct rw_semaphore *sem) + { + return __down_read_common(sem, TASK_INTERRUPTIBLE); + } + +-static inline int __down_read_killable(struct rw_semaphore *sem) ++static __always_inline int __down_read_killable(struct rw_semaphore *sem) + { + return __down_read_common(sem, TASK_KILLABLE); + } +-- +2.35.3 + diff --git a/patches.suse/rtmutex-Ensure-that-the-top-waiter-is-always-woken-u.patch b/patches.suse/rtmutex-Ensure-that-the-top-waiter-is-always-woken-u.patch new file mode 100644 index 0000000..f8c9f0b --- /dev/null +++ b/patches.suse/rtmutex-Ensure-that-the-top-waiter-is-always-woken-u.patch @@ -0,0 +1,124 @@ +From db370a8b9f67ae5f17e3d5482493294467784504 Mon Sep 17 00:00:00 2001 +From: Wander Lairson Costa +Date: Thu, 2 Feb 2023 09:30:20 -0300 +Subject: [PATCH] rtmutex: Ensure that the top waiter is always woken up +Git-commit: db370a8b9f67ae5f17e3d5482493294467784504 +Patch-mainline: v6.2-rc8 +References: git-fixes + +Let L1 and L2 be two spinlocks. + +Let T1 be a task holding L1 and blocked on L2. T1, currently, is the top +waiter of L2. + +Let T2 be the task holding L2. + +Let T3 be a task trying to acquire L1. + +The following events will lead to a state in which the wait queue of L2 +isn't empty, but no task actually holds the lock. + +T1 T2 T3 +== == == + + spin_lock(L1) + | raw_spin_lock(L1->wait_lock) + | rtlock_slowlock_locked(L1) + | | task_blocks_on_rt_mutex(L1, T3) + | | | orig_waiter->lock = L1 + | | | orig_waiter->task = T3 + | | | raw_spin_unlock(L1->wait_lock) + | | | rt_mutex_adjust_prio_chain(T1, L1, L2, orig_waiter, T3) + spin_unlock(L2) | | | | + | rt_mutex_slowunlock(L2) | | | | + | | raw_spin_lock(L2->wait_lock) | | | | + | | wakeup(T1) | | | | + | | raw_spin_unlock(L2->wait_lock) | | | | + | | | | waiter = T1->pi_blocked_on + | | | | waiter == rt_mutex_top_waiter(L2) + | | | | waiter->task == T1 + | | | | raw_spin_lock(L2->wait_lock) + | | | | dequeue(L2, waiter) + | | | | update_prio(waiter, T1) + | | | | enqueue(L2, waiter) + | | | | waiter != rt_mutex_top_waiter(L2) + | | | | L2->owner == NULL + | | | | wakeup(T1) + | | | | raw_spin_unlock(L2->wait_lock) +T1 wakes up +T1 != top_waiter(L2) +schedule_rtlock() + +If the deadline of T1 is updated before the call to update_prio(), and the +new deadline is greater than the deadline of the second top waiter, then +after the requeue, T1 is no longer the top waiter, and the wrong task is +woken up which will then go back to sleep because it is not the top waiter. + +This can be reproduced in PREEMPT_RT with stress-ng: + +while true; do + stress-ng --sched deadline --sched-period 1000000000 \ + --sched-runtime 800000000 --sched-deadline \ + 1000000000 --mmapfork 23 -t 20 +done + +A similar issue was pointed out by Thomas versus the cases where the top +waiter drops out early due to a signal or timeout, which is a general issue +for all regular rtmutex use cases, e.g. futex. + +The problematic code is in rt_mutex_adjust_prio_chain(): + + // Save the top waiter before dequeue/enqueue + prerequeue_top_waiter = rt_mutex_top_waiter(lock); + + rt_mutex_dequeue(lock, waiter); + waiter_update_prio(waiter, task); + rt_mutex_enqueue(lock, waiter); + + // Lock has no owner? + if (!rt_mutex_owner(lock)) { + // Top waiter changed + ----> if (prerequeue_top_waiter != rt_mutex_top_waiter(lock)) + ----> wake_up_state(waiter->task, waiter->wake_state); + +This only takes the case into account where @waiter is the new top waiter +due to the requeue operation. + +But it fails to handle the case where @waiter is not longer the top +waiter due to the requeue operation. + +Ensure that the new top waiter is woken up so in all cases so it can take +over the ownerless lock. + +[ tglx: Amend changelog, add Fixes tag ] + +Fixes: c014ef69b3ac ("locking/rtmutex: Add wake_state to rt_mutex_waiter") +Signed-off-by: Wander Lairson Costa +Signed-off-by: Thomas Gleixner +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230117172649.52465-1-wander@redhat.com +Link: https://lore.kernel.org/r/20230202123020.14844-1-wander@redhat.com +Signed-off-by: Jiri Wiesner +--- + kernel/locking/rtmutex.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/kernel/locking/rtmutex.c b/kernel/locking/rtmutex.c +index 010cf4e6d0b8..728f434de2bb 100644 +--- a/kernel/locking/rtmutex.c ++++ b/kernel/locking/rtmutex.c +@@ -901,8 +901,9 @@ static int __sched rt_mutex_adjust_prio_chain(struct task_struct *task, + * then we need to wake the new top waiter up to try + * to get the lock. + */ +- if (prerequeue_top_waiter != rt_mutex_top_waiter(lock)) +- wake_up_state(waiter->task, waiter->wake_state); ++ top_waiter = rt_mutex_top_waiter(lock); ++ if (prerequeue_top_waiter != top_waiter) ++ wake_up_state(top_waiter->task, top_waiter->wake_state); + raw_spin_unlock_irq(&lock->wait_lock); + return 0; + } +-- +2.35.3 + diff --git a/patches.suse/s390-vdso-remove-nostdlib-compiler-flag.patch b/patches.suse/s390-vdso-remove-nostdlib-compiler-flag.patch new file mode 100644 index 0000000..03065fa --- /dev/null +++ b/patches.suse/s390-vdso-remove-nostdlib-compiler-flag.patch @@ -0,0 +1,50 @@ +From: Masahiro Yamada +Date: Mon, 8 Nov 2021 01:21:11 +0900 +Subject: s390/vdso: remove -nostdlib compiler flag +Git-commit: 7b737adc10d269e7fdf714ae2caa2281b6a801cf +Patch-mainline: v5.16-rc2 +References: git-fixes bsc#1211714 + +The -nostdlib option requests the compiler to not use the standard +system startup files or libraries when linking. It is effective only +when $(CC) is used as a linker driver. + +Since commit 2b2a25845d53 ("s390/vdso: Use $(LD) instead of $(CC) to +link vDSO"), $(LD) is directly used, hence -nostdlib is unneeded. + +Signed-off-by: Masahiro Yamada +Link: https://lore.kernel.org/r/20211107162111.323701-1-masahiroy@kernel.org +Signed-off-by: Heiko Carstens +Acked-by: Miroslav Franc +--- + arch/s390/kernel/vdso32/Makefile | 2 +- + arch/s390/kernel/vdso64/Makefile | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/s390/kernel/vdso32/Makefile b/arch/s390/kernel/vdso32/Makefile +index e3e6ac5686df..245bddfe9bc0 100644 +--- a/arch/s390/kernel/vdso32/Makefile ++++ b/arch/s390/kernel/vdso32/Makefile +@@ -22,7 +22,7 @@ KBUILD_AFLAGS_32 += -m31 -s + KBUILD_CFLAGS_32 := $(filter-out -m64,$(KBUILD_CFLAGS)) + KBUILD_CFLAGS_32 += -m31 -fPIC -shared -fno-common -fno-builtin + +-LDFLAGS_vdso32.so.dbg += -fPIC -shared -nostdlib -soname=linux-vdso32.so.1 \ ++LDFLAGS_vdso32.so.dbg += -fPIC -shared -soname=linux-vdso32.so.1 \ + --hash-style=both --build-id=sha1 -melf_s390 -T + + $(targets:%=$(obj)/%.dbg): KBUILD_CFLAGS = $(KBUILD_CFLAGS_32) +diff --git a/arch/s390/kernel/vdso64/Makefile b/arch/s390/kernel/vdso64/Makefile +index 6568de236701..e7d911780935 100644 +--- a/arch/s390/kernel/vdso64/Makefile ++++ b/arch/s390/kernel/vdso64/Makefile +@@ -25,7 +25,7 @@ KBUILD_AFLAGS_64 += -m64 -s + + KBUILD_CFLAGS_64 := $(filter-out -m64,$(KBUILD_CFLAGS)) + KBUILD_CFLAGS_64 += -m64 -fPIC -shared -fno-common -fno-builtin +-ldflags-y := -fPIC -shared -nostdlib -soname=linux-vdso64.so.1 \ ++ldflags-y := -fPIC -shared -soname=linux-vdso64.so.1 \ + --hash-style=both --build-id=sha1 -T + + $(targets:%=$(obj)/%.dbg): KBUILD_CFLAGS = $(KBUILD_CFLAGS_64) + diff --git a/rpm/kernel-binary.spec.in b/rpm/kernel-binary.spec.in index 46c4872..03ec5f3 100644 --- a/rpm/kernel-binary.spec.in +++ b/rpm/kernel-binary.spec.in @@ -401,6 +401,10 @@ cd linux-%srcversion --vanilla \ %endif %_sourcedir/series.conf .. $SYMBOLS +%if 0%{?usrmerged} +# fix MODLIB so kmps install to /usr +sed -ie 's,/lib/modules/,%{kernel_module_directory}/,' linux-%kernelrelease%variant/Makefile scripts/depmod.sh +%endif cd %kernel_build_dir @@ -602,14 +606,6 @@ done %install -%if 0%{?usrmerged} -# add symlink for usrmerge so install scripts will just follow the -# link and end up placing files in /usr/lib. The link will be -# removed later and is not packaged here. -mkdir -p %{buildroot}/usr/lib -ln -s usr/lib %{buildroot}/lib -%endif - # get rid of /usr/lib/rpm/brp-strip-debug # strip removes too much from the vmlinux ELF binary export NO_BRP_STRIP_DEBUG=true @@ -934,10 +930,6 @@ if [ %CONFIG_MODULES = y ]; then fi rm -rf %{buildroot}/lib/firmware -%if 0%{?usrmerged} -# remove usrmerge aid -rm %{buildroot}/lib -%endif add_dirs_to_filelist() { sed -rn ' diff --git a/rpm/kernel-source.spec.in b/rpm/kernel-source.spec.in index 7563da1..e572a0a 100644 --- a/rpm/kernel-source.spec.in +++ b/rpm/kernel-source.spec.in @@ -225,10 +225,6 @@ find . -xtype l -delete -printf "deleted '%f'\n" if test "%srcversion" != "%kernelrelease%variant"; then mv linux-%srcversion linux-%kernelrelease%variant fi -%if 0%{?usrmerged} -# fix MODLIB so kmps install to /usr -sed -ie 's,/lib/modules/,%{kernel_module_directory}/,' linux-%kernelrelease%variant/Makefile -%endif %if %do_vanilla cp -al \ @@ -236,6 +232,10 @@ sed -ie 's,/lib/modules/,%{kernel_module_directory}/,' linux-%kernelrelease%vari cd linux-%kernelrelease-vanilla %_sourcedir/apply-patches --vanilla %_sourcedir/series.conf %my_builddir %symbols rm -f $(find . -name ".gitignore") +%if 0%{?usrmerged} +# fix MODLIB so kmps install to /usr +sed -ie 's,/lib/modules/,%{kernel_module_directory}/,' linux-%kernelrelease%variant/Makefile scripts/depmod.sh +%endif # Hardlink duplicate files automatically (from package fdupes). %fdupes $PWD cd .. @@ -248,6 +248,10 @@ rm -f $(find . -name ".gitignore") if [ -f %_sourcedir/localversion ] ; then cat %_sourcedir/localversion > localversion fi +%if 0%{?usrmerged} +# fix MODLIB so kmps install to /usr +sed -ie 's,/lib/modules/,%{kernel_module_directory}/,' linux-%kernelrelease%variant/Makefile scripts/depmod.sh +%endif # Hardlink duplicate files automatically (from package fdupes). %fdupes $PWD cd .. diff --git a/series.conf b/series.conf index af49588..884a7aa 100644 --- a/series.conf +++ b/series.conf @@ -5967,6 +5967,7 @@ patches.suse/xfs-punch-out-data-fork-delalloc-blocks-on-COW-write.patch patches.suse/workqueue-make-sysfs-of-unbound-kworker-cpumask-more.patch patches.suse/cgroup-Make-rebind_subsystems-disable-v2-controllers.patch + patches.suse/cgroup-reduce-dependency-on-cgroup_mutex.patch patches.suse/cgroup-Fix-rootcg-cpu.stat-guest-double-counting.patch patches.suse/ucounts-In-set_cred_ucounts-assume-new-ucounts-is-no.patch patches.suse/perf-qcom_l2_pmu-ACPI-Use-ACPI_COMPANION-directly.patch @@ -6950,6 +6951,7 @@ patches.suse/fs-orangefs-fix-error-return-code-of-orangefs_revali.patch patches.suse/fuse-make-sure-reclaim-doesn-t-write-the-inode.patch patches.suse/fuse-annotate-lock-in-fuse_reverse_inval_entry.patch + patches.suse/fuse-fix-attr-version-comparison-in-fuse_read_update_.patch patches.suse/virtiofs-use-strscpy-for-copying-the-queue-name.patch patches.suse/fuse-fix-page-stealing.patch patches.suse/ovl-fix-use-after-free-in-struct-ovl_aio_req.patch @@ -7397,6 +7399,7 @@ patches.suse/cifs-introduce-cifs_ses_mark_for_reconnect-helper.patch patches.suse/s390-setup-avoid-reserving-memory-above-identity-mapping patches.suse/s390-boot-simplify-and-fix-kernel-memory-layout-setup.patch + patches.suse/s390-vdso-remove-nostdlib-compiler-flag.patch patches.suse/s390-kexec-fix-return-code-handling patches.suse/s390-kexec-fix-memory-leak-of-ipl-report-buffer patches.suse/ACPI-Add-stubs-for-wakeup-handler-functions.patch @@ -14806,6 +14809,7 @@ patches.suse/Documentation-siphash-Fix-typo-in-the-name-of-offset.patch patches.suse/selftests-timers-valid-adjtimex-build-fix-for-newer-.patch patches.suse/selftests-timers-clocksource-switch-fix-passing-erro.patch + patches.suse/cgroup.c-add-helper-__cset_cgroup_from_root-to-cleanup-duplicated-codes.patch patches.suse/btrfs-send-use-boolean-types-for-current-inode-statu.patch patches.suse/btrfs-properly-flag-filesystem-with-btrfs_feature_incompat_big_metadata.patch patches.suse/btrfs-send-introduce-recorded_ref_alloc-and-recorded.patch @@ -16703,7 +16707,11 @@ patches.suse/sched-core-Introduce-sched_asym_cpucap_active.patch patches.suse/perf-x86-uncore-Add-new-Raptor-Lake-S-support.patch patches.suse/locking-rwsem-Disable-preemption-while-trying-for-rw.patch + patches.suse/cgroup-Honor-caller-s-cgroup-NS-when-resolving-path.patch + patches.suse/cgroup-cgroup-Honor-caller-s-cgroup-NS-when-resolving-cgroup-id.patch + patches.suse/cgroup-Homogenize-cgroup_get_from_id-return-value.patch patches.suse/cgroup-cpuset-Enable-update_tasks_cpumask-on-top_cpuset.patch + patches.suse/cgroup-Make-cgroup_get_from_id-prettier.patch patches.suse/livepatch-fix-race-between-fork-and-KLP-transition.patch patches.suse/livepatch-Add-a-missing-newline-character-in-klp_mod.patch patches.suse/kbuild-remove-the-target-in-signal-traps-when-interr.patch @@ -16887,6 +16895,7 @@ patches.suse/cifs-lease-key-is-uninitialized-in-two-additional-functions-when-sm.patch patches.suse/smb3-improve-SMB3-change-notification-support.patch patches.suse/clk-at91-fix-the-build-with-binutils-2.27.patch + patches.suse/cgroup-Reorganize-css_set_lock-and-kernfs-path-processing.patch patches.suse/btrfs-fix-processing-of-delayed-data-refs-during-bac.patch patches.suse/btrfs-fix-processing-of-delayed-tree-block-refs-duri.patch patches.suse/0017-dm-remove-unnecessary-assignment-statement-in-alloc_.patch @@ -17663,6 +17672,7 @@ patches.suse/thermal-core-fix-some-possible-name-leaks-in-error-p.patch patches.suse/0001-EDAC-mc_sysfs-Increase-legacy-channel-support-to-12.patch patches.suse/x86-MCE-AMD-Clear-DFR-errors-found-in-THR-handler.patch + patches.suse/futex-Resend-potentially-swallowed-owner-death-notif.patch patches.suse/perf-Fix-possible-memleak-in-pmu_dev_alloc.patch patches.suse/perf-x86-intel-uncore-Generalize-IIO-topology-support.patch patches.suse/perf-x86-intel-uncore-Introduce-UPI-topology-type.patch @@ -17733,6 +17743,7 @@ patches.suse/ext4-allocate-extended-attribute-value-in-vmalloc-ar.patch patches.suse/ext4-fix-inode-leak-in-ext4_xattr_inode_create-on-an.patch patches.suse/ext4-fix-reserved-cluster-accounting-in-__es_remove_.patch + patches.suse/fuse-always-revalidate-rename-target-dentry.patch patches.suse/NFSD-Finish-converting-the-NFSv2-GETACL-result-encod.patch patches.suse/NFSD-Finish-converting-the-NFSv3-GETACL-result-encod.patch patches.suse/nfsd-don-t-call-nfsd_file_put-from-client-states-seq.patch @@ -18784,6 +18795,7 @@ patches.suse/pinctrl-intel-Restore-the-pins-that-used-to-be-in-Di.patch patches.suse/clk-ingenic-jz4760-Update-M-N-OD-calculation-algorit.patch patches.suse/ACPI-NFIT-fix-a-potential-deadlock-during-NFIT-teard.patch + patches.suse/rtmutex-Ensure-that-the-top-waiter-is-always-woken-u.patch patches.suse/spi-dw-Fix-wrong-FIFO-level-setting-for-long-xfers.patch patches.suse/Fix-page-corruption-caused-by-racy-check-in-__free_pages.patch patches.suse/powerpc-kexec_file-fix-implicit-decl-error.patch @@ -19892,6 +19904,7 @@ patches.suse/nvmet-fix-I-O-Command-Set-specific-Identify-Controll.patch patches.suse/nvme-fix-async-event-trace-event.patch patches.suse/nvme-fcloop-fix-inconsistent-IN-HARDIRQ-W-HARDIRQ-ON.patch + patches.suse/dm-ioctl-fix-nested-locking-in-table_clear-to-remove-deadlock-concern-3b89.patch patches.suse/scsi-lpfc-Prevent-lpfc_debugfs_lockstat_write-buffer.patch patches.suse/scsi-lpfc-Reorder-freeing-of-various-DMA-buffers-and.patch patches.suse/scsi-lpfc-Fix-lockdep-warning-for-rx_monitor-lock-wh.patch @@ -20106,6 +20119,7 @@ patches.suse/drm-amdgpu-disable-sdma-ecc-irq-only-when-sdma-RAS-i.patch patches.suse/drm-amdgpu-gfx-disable-gfx9-cp_ecc_error_irq-only-wh.patch patches.suse/fbdev-arcfb-Fix-error-handling-in-arcfb_probe.patch + patches.suse/locking-rwsem-Add-__always_inline-annotation-to-__do.patch patches.suse/ARM-9296-1-HP-Jornada-7XX-fix-kernel-doc-warnings.patch patches.suse/tpm-tpm_tis-Disable-interrupts-for-more-Lenovo-devic.patch patches.suse/selftests-sgx-Add-test_encl.elf-to-TEST_FILES.patch @@ -20150,6 +20164,7 @@ patches.suse/s390-qdio-fix-do_sqbs-inline-assembly-constraint.patch patches.suse/Documentation-filesystems-sharedsubtree-add-section-.patch patches.suse/Documentation-filesystems-ramfs-rootfs-initramfs-use.patch + patches.suse/ceph-force-updating-the-msg-pointer-in-non-split-case.patch patches.suse/drm-exynos-fix-g2d_open-close-helper-function-defini.patch patches.suse/drm-msm-dp-unregister-audio-driver-during-unbind.patch patches.suse/drm-msm-dpu-Move-non-MDP_TOP-INTF_INTR-offsets-out-o.patch