Rebase patches to 6.8.0-49.49
This commit is contained in:
parent
7284dfd432
commit
4a3daa76d0
13 changed files with 126 additions and 250 deletions
|
@ -11,7 +11,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
||||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
|
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
|
||||||
index c4c6240d14f9..5e037a9ea6a6 100644
|
index 31ff09cc5737..9e8cdd7298d3 100644
|
||||||
--- a/drivers/iommu/intel/iommu.c
|
--- a/drivers/iommu/intel/iommu.c
|
||||||
+++ b/drivers/iommu/intel/iommu.c
|
+++ b/drivers/iommu/intel/iommu.c
|
||||||
@@ -234,6 +234,7 @@ static int dmar_map_gfx = 1;
|
@@ -234,6 +234,7 @@ static int dmar_map_gfx = 1;
|
||||||
|
|
|
@ -47,7 +47,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
||||||
1 file changed, 13 insertions(+), 3 deletions(-)
|
1 file changed, 13 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c
|
diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c
|
||||||
index af5c476db6e6..8aee0f520300 100644
|
index 438d68d681b1..dc5165b16956 100644
|
||||||
--- a/fs/smb/client/file.c
|
--- a/fs/smb/client/file.c
|
||||||
+++ b/fs/smb/client/file.c
|
+++ b/fs/smb/client/file.c
|
||||||
@@ -2845,17 +2845,21 @@ static ssize_t cifs_write_back_from_locked_folio(struct address_space *mapping,
|
@@ -2845,17 +2845,21 @@ static ssize_t cifs_write_back_from_locked_folio(struct address_space *mapping,
|
|
@ -1,79 +0,0 @@
|
||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Borislav Petkov (AMD)" <bp@alien8.de>
|
|
||||||
Date: Sun, 24 Mar 2024 20:51:35 +0100
|
|
||||||
Subject: [PATCH] x86/CPU/AMD: Improve the erratum 1386 workaround
|
|
||||||
|
|
||||||
Disable XSAVES only on machines which haven't loaded the microcode
|
|
||||||
revision containing the erratum fix.
|
|
||||||
|
|
||||||
This will come in handy when running archaic OSes as guests. OSes whose
|
|
||||||
brilliant programmers thought that CPUID is overrated and one should not
|
|
||||||
query it but use features directly, ala shoot first, ask questions
|
|
||||||
later... but only if you're alive after the shooting.
|
|
||||||
|
|
||||||
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
|
|
||||||
Tested-by: "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>
|
|
||||||
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
|
||||||
Link: https://lore.kernel.org/r/20240324200525.GBZgCHhYFsBj12PrKv@fat_crate.local
|
|
||||||
---
|
|
||||||
arch/x86/include/asm/cpu_device_id.h | 8 ++++++++
|
|
||||||
arch/x86/kernel/cpu/amd.c | 12 ++++++++++++
|
|
||||||
2 files changed, 20 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/arch/x86/include/asm/cpu_device_id.h b/arch/x86/include/asm/cpu_device_id.h
|
|
||||||
index e8e3dbe7f173..b6325ee30871 100644
|
|
||||||
--- a/arch/x86/include/asm/cpu_device_id.h
|
|
||||||
+++ b/arch/x86/include/asm/cpu_device_id.h
|
|
||||||
@@ -288,6 +288,14 @@ struct x86_cpu_desc {
|
|
||||||
.x86_microcode_rev = (revision), \
|
|
||||||
}
|
|
||||||
|
|
||||||
+#define AMD_CPU_DESC(fam, model, stepping, revision) { \
|
|
||||||
+ .x86_family = (fam), \
|
|
||||||
+ .x86_vendor = X86_VENDOR_AMD, \
|
|
||||||
+ .x86_model = (model), \
|
|
||||||
+ .x86_stepping = (stepping), \
|
|
||||||
+ .x86_microcode_rev = (revision), \
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
extern const struct x86_cpu_id *x86_match_cpu(const struct x86_cpu_id *match);
|
|
||||||
extern bool x86_cpu_has_min_microcode_rev(const struct x86_cpu_desc *table);
|
|
||||||
|
|
||||||
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
|
|
||||||
index 0838ea579eb0..ca6096dcc5c6 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/amd.c
|
|
||||||
+++ b/arch/x86/kernel/cpu/amd.c
|
|
||||||
@@ -13,6 +13,7 @@
|
|
||||||
#include <asm/apic.h>
|
|
||||||
#include <asm/cacheinfo.h>
|
|
||||||
#include <asm/cpu.h>
|
|
||||||
+#include <asm/cpu_device_id.h>
|
|
||||||
#include <asm/spec-ctrl.h>
|
|
||||||
#include <asm/smp.h>
|
|
||||||
#include <asm/numa.h>
|
|
||||||
@@ -925,6 +926,11 @@ static void init_amd_bd(struct cpuinfo_x86 *c)
|
|
||||||
clear_rdrand_cpuid_bit(c);
|
|
||||||
}
|
|
||||||
|
|
||||||
+static const struct x86_cpu_desc erratum_1386_microcode[] = {
|
|
||||||
+ AMD_CPU_DESC(0x17, 0x1, 0x2, 0x0800126e),
|
|
||||||
+ AMD_CPU_DESC(0x17, 0x31, 0x0, 0x08301052),
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
static void fix_erratum_1386(struct cpuinfo_x86 *c)
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
@@ -934,7 +940,13 @@ static void fix_erratum_1386(struct cpuinfo_x86 *c)
|
|
||||||
*
|
|
||||||
* Affected parts all have no supervisor XSAVE states, meaning that
|
|
||||||
* the XSAVEC instruction (which works fine) is equivalent.
|
|
||||||
+ *
|
|
||||||
+ * Clear the feature flag only on microcode revisions which
|
|
||||||
+ * don't have the fix.
|
|
||||||
*/
|
|
||||||
+ if (x86_cpu_has_min_microcode_rev(erratum_1386_microcode))
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
clear_cpu_cap(c, X86_FEATURE_XSAVES);
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,58 +0,0 @@
|
||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Chuck Lever <chuck.lever@oracle.com>
|
|
||||||
Date: Wed, 19 Jun 2024 09:51:08 -0400
|
|
||||||
Subject: [PATCH] SUNRPC: Fix backchannel reply, again
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
[ Upstream commit 6ddc9deacc1312762c2edd9de00ce76b00f69f7c ]
|
|
||||||
|
|
||||||
I still see "RPC: Could not send backchannel reply error: -110"
|
|
||||||
quite often, along with slow-running tests. Debugging shows that the
|
|
||||||
backchannel is still stumbling when it has to queue a callback reply
|
|
||||||
on a busy transport.
|
|
||||||
|
|
||||||
Note that every one of these timeouts causes a connection loss by
|
|
||||||
virtue of the xprt_conditional_disconnect() call in that arm of
|
|
||||||
call_cb_transmit_status().
|
|
||||||
|
|
||||||
I found that setting to_maxval is necessary to get the RPC timeout
|
|
||||||
logic to behave whenever to_exponential is not set.
|
|
||||||
|
|
||||||
Fixes: 57331a59ac0d ("NFSv4.1: Use the nfs_client's rpc timeouts for backchannel")
|
|
||||||
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
||||||
Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
|
|
||||||
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
|
|
||||||
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
||||||
(cherry picked from commit bd1e42e0f2567c911d3df761cf7a33b021fdceeb)
|
|
||||||
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
|
|
||||||
---
|
|
||||||
net/sunrpc/svc.c | 5 ++++-
|
|
||||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
|
|
||||||
index bd61e257cda6..bac1886f07da 100644
|
|
||||||
--- a/net/sunrpc/svc.c
|
|
||||||
+++ b/net/sunrpc/svc.c
|
|
||||||
@@ -1546,9 +1546,11 @@ void svc_process(struct svc_rqst *rqstp)
|
|
||||||
*/
|
|
||||||
void svc_process_bc(struct rpc_rqst *req, struct svc_rqst *rqstp)
|
|
||||||
{
|
|
||||||
+ struct rpc_timeout timeout = {
|
|
||||||
+ .to_increment = 0,
|
|
||||||
+ };
|
|
||||||
struct rpc_task *task;
|
|
||||||
int proc_error;
|
|
||||||
- struct rpc_timeout timeout;
|
|
||||||
|
|
||||||
/* Build the svc_rqst used by the common processing routine */
|
|
||||||
rqstp->rq_xid = req->rq_xid;
|
|
||||||
@@ -1601,6 +1603,7 @@ void svc_process_bc(struct rpc_rqst *req, struct svc_rqst *rqstp)
|
|
||||||
timeout.to_initval = req->rq_xprt->timeout->to_initval;
|
|
||||||
timeout.to_retries = req->rq_xprt->timeout->to_retries;
|
|
||||||
}
|
|
||||||
+ timeout.to_maxval = timeout.to_initval;
|
|
||||||
memcpy(&req->rq_snd_buf, &rqstp->rq_res, sizeof(req->rq_snd_buf));
|
|
||||||
task = rpc_run_bc_task(req, &timeout);
|
|
||||||
|
|
45
debian/patches/pve/0017-io_uring-rw-treat-EOPNOTSUPP-for-IOCB_NOWAIT-like-EA.patch
vendored
Normal file
45
debian/patches/pve/0017-io_uring-rw-treat-EOPNOTSUPP-for-IOCB_NOWAIT-like-EA.patch
vendored
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jens Axboe <axboe@kernel.dk>
|
||||||
|
Date: Tue, 10 Sep 2024 08:30:57 -0600
|
||||||
|
Subject: [PATCH] io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN
|
||||||
|
|
||||||
|
Some file systems, ocfs2 in this case, will return -EOPNOTSUPP for
|
||||||
|
an IOCB_NOWAIT read/write attempt. While this can be argued to be
|
||||||
|
correct, the usual return value for something that requires blocking
|
||||||
|
issue is -EAGAIN.
|
||||||
|
|
||||||
|
A refactoring io_uring commit dropped calling kiocb_done() for
|
||||||
|
negative return values, which is otherwise where we already do that
|
||||||
|
transformation. To ensure we catch it in both spots, check it in
|
||||||
|
__io_read() itself as well.
|
||||||
|
|
||||||
|
Reported-by: Robert Sander <r.sander@heinlein-support.de>
|
||||||
|
Link: https://fosstodon.org/@gurubert@mastodon.gurubert.de/113112431889638440
|
||||||
|
Cc: stable@vger.kernel.org
|
||||||
|
Fixes: a08d195b586a ("io_uring/rw: split io_read() into a helper")
|
||||||
|
Signed-off-by: Jens Axboe <axboe@kernel.dk>
|
||||||
|
(cherry picked from commit c0a9d496e0fece67db777bd48550376cf2960c47)
|
||||||
|
Signed-off-by: Daniel Kral <d.kral@proxmox.com>
|
||||||
|
---
|
||||||
|
io_uring/rw.c | 8 ++++++++
|
||||||
|
1 file changed, 8 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/io_uring/rw.c b/io_uring/rw.c
|
||||||
|
index c3c154790e45..ed7f67097572 100644
|
||||||
|
--- a/io_uring/rw.c
|
||||||
|
+++ b/io_uring/rw.c
|
||||||
|
@@ -825,6 +825,14 @@ static int __io_read(struct io_kiocb *req, unsigned int issue_flags)
|
||||||
|
|
||||||
|
ret = io_iter_do_read(rw, &s->iter);
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * Some file systems like to return -EOPNOTSUPP for an IOCB_NOWAIT
|
||||||
|
+ * issue, even though they should be returning -EAGAIN. To be safe,
|
||||||
|
+ * retry from blocking context for either.
|
||||||
|
+ */
|
||||||
|
+ if (ret == -EOPNOTSUPP && force_nonblock)
|
||||||
|
+ ret = -EAGAIN;
|
||||||
|
+
|
||||||
|
if (ret == -EAGAIN || (req->flags & REQ_F_REISSUE)) {
|
||||||
|
req->flags &= ~REQ_F_REISSUE;
|
||||||
|
/*
|
|
@ -1,52 +0,0 @@
|
||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Si-Wei Liu <si-wei.liu@oracle.com>
|
|
||||||
Date: Wed, 24 Jul 2024 10:04:51 -0700
|
|
||||||
Subject: [PATCH] tap: add missing verification for short frame
|
|
||||||
|
|
||||||
The cited commit missed to check against the validity of the frame length
|
|
||||||
in the tap_get_user_xdp() path, which could cause a corrupted skb to be
|
|
||||||
sent downstack. Even before the skb is transmitted, the
|
|
||||||
tap_get_user_xdp()-->skb_set_network_header() may assume the size is more
|
|
||||||
than ETH_HLEN. Once transmitted, this could either cause out-of-bound
|
|
||||||
access beyond the actual length, or confuse the underlayer with incorrect
|
|
||||||
or inconsistent header length in the skb metadata.
|
|
||||||
|
|
||||||
In the alternative path, tap_get_user() already prohibits short frame which
|
|
||||||
has the length less than Ethernet header size from being transmitted.
|
|
||||||
|
|
||||||
This is to drop any frame shorter than the Ethernet header size just like
|
|
||||||
how tap_get_user() does.
|
|
||||||
|
|
||||||
CVE: CVE-2024-41090
|
|
||||||
Link: https://lore.kernel.org/netdev/1717026141-25716-1-git-send-email-si-wei.liu@oracle.com/
|
|
||||||
Fixes: 0efac27791ee ("tap: accept an array of XDP buffs through sendmsg()")
|
|
||||||
Cc: stable@vger.kernel.org
|
|
||||||
Signed-off-by: Si-Wei Liu <si-wei.liu@oracle.com>
|
|
||||||
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
|
|
||||||
Reviewed-by: Willem de Bruijn <willemb@google.com>
|
|
||||||
Reviewed-by: Paolo Abeni <pabeni@redhat.com>
|
|
||||||
Reviewed-by: Jason Wang <jasowang@redhat.com>
|
|
||||||
Link: https://patch.msgid.link/20240724170452.16837-2-dongli.zhang@oracle.com
|
|
||||||
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
|
||||||
(cherry picked from commit ed7f2afdd0e043a397677e597ced0830b83ba0b3)
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
drivers/net/tap.c | 5 +++++
|
|
||||||
1 file changed, 5 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/drivers/net/tap.c b/drivers/net/tap.c
|
|
||||||
index 9f0495e8df4d..feeeac715c18 100644
|
|
||||||
--- a/drivers/net/tap.c
|
|
||||||
+++ b/drivers/net/tap.c
|
|
||||||
@@ -1177,6 +1177,11 @@ static int tap_get_user_xdp(struct tap_queue *q, struct xdp_buff *xdp)
|
|
||||||
struct sk_buff *skb;
|
|
||||||
int err, depth;
|
|
||||||
|
|
||||||
+ if (unlikely(xdp->data_end - xdp->data < ETH_HLEN)) {
|
|
||||||
+ err = -EINVAL;
|
|
||||||
+ goto err;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (q->flags & IFF_VNET_HDR)
|
|
||||||
vnet_hdr_len = READ_ONCE(q->vnet_hdr_sz);
|
|
||||||
|
|
28
debian/patches/pve/0018-netfs-reset-subreq-iov-iter-before-tail-clean.patch
vendored
Normal file
28
debian/patches/pve/0018-netfs-reset-subreq-iov-iter-before-tail-clean.patch
vendored
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Christian Ebner <c.ebner@proxmox.com>
|
||||||
|
Date: Wed, 2 Oct 2024 15:24:31 +0200
|
||||||
|
Subject: [PATCH] netfs: reset subreq iov iter before tail clean
|
||||||
|
|
||||||
|
Make sure the iter is at the correct location when cleaning up tail
|
||||||
|
bytes for incomplete read subrequests.
|
||||||
|
|
||||||
|
Fixes: 92b6cc5d ("netfs: Add iov_iters to (sub)requests to describe various buffers")
|
||||||
|
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219237
|
||||||
|
|
||||||
|
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
|
||||||
|
---
|
||||||
|
fs/netfs/io.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/fs/netfs/io.c b/fs/netfs/io.c
|
||||||
|
index 4261ad6c55b6..27c9e441d21e 100644
|
||||||
|
--- a/fs/netfs/io.c
|
||||||
|
+++ b/fs/netfs/io.c
|
||||||
|
@@ -516,6 +516,7 @@ void netfs_subreq_terminated(struct netfs_io_subrequest *subreq,
|
||||||
|
|
||||||
|
incomplete:
|
||||||
|
if (test_bit(NETFS_SREQ_CLEAR_TAIL, &subreq->flags)) {
|
||||||
|
+ netfs_reset_subreq_iter(rreq, subreq);
|
||||||
|
netfs_clear_unread(subreq);
|
||||||
|
subreq->transferred = subreq->len;
|
||||||
|
goto complete;
|
|
@ -1,51 +0,0 @@
|
||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Dongli Zhang <dongli.zhang@oracle.com>
|
|
||||||
Date: Wed, 24 Jul 2024 10:04:52 -0700
|
|
||||||
Subject: [PATCH] tun: add missing verification for short frame
|
|
||||||
|
|
||||||
The cited commit missed to check against the validity of the frame length
|
|
||||||
in the tun_xdp_one() path, which could cause a corrupted skb to be sent
|
|
||||||
downstack. Even before the skb is transmitted, the
|
|
||||||
tun_xdp_one-->eth_type_trans() may access the Ethernet header although it
|
|
||||||
can be less than ETH_HLEN. Once transmitted, this could either cause
|
|
||||||
out-of-bound access beyond the actual length, or confuse the underlayer
|
|
||||||
with incorrect or inconsistent header length in the skb metadata.
|
|
||||||
|
|
||||||
In the alternative path, tun_get_user() already prohibits short frame which
|
|
||||||
has the length less than Ethernet header size from being transmitted for
|
|
||||||
IFF_TAP.
|
|
||||||
|
|
||||||
This is to drop any frame shorter than the Ethernet header size just like
|
|
||||||
how tun_get_user() does.
|
|
||||||
|
|
||||||
CVE: CVE-2024-41091
|
|
||||||
Inspired-by: https://lore.kernel.org/netdev/1717026141-25716-1-git-send-email-si-wei.liu@oracle.com/
|
|
||||||
Fixes: 043d222f93ab ("tuntap: accept an array of XDP buffs through sendmsg()")
|
|
||||||
Cc: stable@vger.kernel.org
|
|
||||||
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
|
|
||||||
Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com>
|
|
||||||
Reviewed-by: Willem de Bruijn <willemb@google.com>
|
|
||||||
Reviewed-by: Paolo Abeni <pabeni@redhat.com>
|
|
||||||
Reviewed-by: Jason Wang <jasowang@redhat.com>
|
|
||||||
Link: https://patch.msgid.link/20240724170452.16837-3-dongli.zhang@oracle.com
|
|
||||||
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
|
||||||
(cherry picked from commit 049584807f1d797fc3078b68035450a9769eb5c3)
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
drivers/net/tun.c | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
|
|
||||||
index 86515f0c2b6c..e9cd3b810e2c 100644
|
|
||||||
--- a/drivers/net/tun.c
|
|
||||||
+++ b/drivers/net/tun.c
|
|
||||||
@@ -2459,6 +2459,9 @@ static int tun_xdp_one(struct tun_struct *tun,
|
|
||||||
bool skb_xdp = false;
|
|
||||||
struct page *page;
|
|
||||||
|
|
||||||
+ if (unlikely(datasize < ETH_HLEN))
|
|
||||||
+ return -EINVAL;
|
|
||||||
+
|
|
||||||
xdp_prog = rcu_dereference(tun->xdp_prog);
|
|
||||||
if (xdp_prog) {
|
|
||||||
if (gso->gso_type) {
|
|
44
debian/patches/pve/0019-x86-CPU-AMD-Clear-virtualized-VMLOAD-VMSAVE-on-Zen4-.patch
vendored
Normal file
44
debian/patches/pve/0019-x86-CPU-AMD-Clear-virtualized-VMLOAD-VMSAVE-on-Zen4-.patch
vendored
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Mario Limonciello <mario.limonciello@amd.com>
|
||||||
|
Date: Tue, 5 Nov 2024 10:02:34 -0600
|
||||||
|
Subject: [PATCH] x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client
|
||||||
|
|
||||||
|
A number of Zen4 client SoCs advertise the ability to use virtualized
|
||||||
|
VMLOAD/VMSAVE, but using these instructions is reported to be a cause
|
||||||
|
of a random host reboot.
|
||||||
|
|
||||||
|
These instructions aren't intended to be advertised on Zen4 client
|
||||||
|
so clear the capability.
|
||||||
|
|
||||||
|
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
|
||||||
|
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
|
||||||
|
Cc: stable@vger.kernel.org
|
||||||
|
Link: https://bugzilla.kernel.org/show_bug.cgi?id=219009
|
||||||
|
(cherry picked from commit a5ca1dc46a6b610dd4627d8b633d6c84f9724ef0)
|
||||||
|
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
||||||
|
---
|
||||||
|
arch/x86/kernel/cpu/amd.c | 11 +++++++++++
|
||||||
|
1 file changed, 11 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
|
||||||
|
index 1e0fe5f8ab84..ee87f997d31f 100644
|
||||||
|
--- a/arch/x86/kernel/cpu/amd.c
|
||||||
|
+++ b/arch/x86/kernel/cpu/amd.c
|
||||||
|
@@ -924,6 +924,17 @@ static void init_amd_zen4(struct cpuinfo_x86 *c)
|
||||||
|
{
|
||||||
|
if (!cpu_has(c, X86_FEATURE_HYPERVISOR))
|
||||||
|
msr_set_bit(MSR_ZEN4_BP_CFG, MSR_ZEN4_BP_CFG_SHARED_BTB_FIX_BIT);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * These Zen4 SoCs advertise support for virtualized VMLOAD/VMSAVE
|
||||||
|
+ * in some BIOS versions but they can lead to random host reboots.
|
||||||
|
+ */
|
||||||
|
+ switch (c->x86_model) {
|
||||||
|
+ case 0x18 ... 0x1f:
|
||||||
|
+ case 0x60 ... 0x7f:
|
||||||
|
+ clear_cpu_cap(c, X86_FEATURE_V_VMSAVE_VMLOAD);
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
static void init_amd_zen5(struct cpuinfo_x86 *c)
|
15
debian/patches/series.linux
vendored
15
debian/patches/series.linux
vendored
|
@ -10,11 +10,10 @@ pve/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch
|
||||||
pve/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch
|
pve/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch
|
||||||
pve/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch
|
pve/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch
|
||||||
pve/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch
|
pve/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch
|
||||||
pve/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch
|
pve/0013-cifs-fix-pagecache-leak-when-do-writepages.patch
|
||||||
pve/0014-cifs-fix-pagecache-leak-when-do-writepages.patch
|
pve/0014-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch
|
||||||
pve/0015-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch
|
pve/0015-apparmor-fix-possible-NULL-pointer-dereference.patch
|
||||||
pve/0016-SUNRPC-Fix-backchannel-reply-again.patch
|
pve/0016-PCI-pciehp-Retain-Power-Indicator-bits-for-userspace.patch
|
||||||
pve/0017-tap-add-missing-verification-for-short-frame.patch
|
pve/0017-io_uring-rw-treat-EOPNOTSUPP-for-IOCB_NOWAIT-like-EA.patch
|
||||||
pve/0018-tun-add-missing-verification-for-short-frame.patch
|
pve/0018-netfs-reset-subreq-iov-iter-before-tail-clean.patch
|
||||||
pve/0019-apparmor-fix-possible-NULL-pointer-dereference.patch
|
pve/0019-x86-CPU-AMD-Clear-virtualized-VMLOAD-VMSAVE-on-Zen4-.patch
|
||||||
pve/0020-PCI-pciehp-Retain-Power-Indicator-bits-for-userspace.patch
|
|
||||||
|
|
Loading…
Reference in a new issue