From 762dc2095b73a6ebbe8298d6f20e73f830755c7b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 20 Jan 2025 00:10:57 -0500 Subject: [PATCH] Rebase to 5.4.0-126.142 patchset --- ...-accept-an-alternate-timestamp-strin.patch | 37 +- ...dge-keep-MAC-of-first-assigned-port.patch} | 4 +- ...d-Debian-wireless-regdb-certificates.patch | 1451 ----------------- ...des-for-missing-ACS-capabilities-4..patch} | 10 +- ...default-dynamic-halt-polling-growth.patch} | 4 +- ...nable-nested-virtualization-by-defau.patch | 32 + ...de-unregister_netdevice-refcount-lea.patch | 24 +- ...fortify-Do-not-cast-to-unsigned-char.patch | 30 - ...allow-unprivileged-whiteout-creation.patch | 122 ++ .../0008-SUNRPC-Fix-READ_PLUS-crasher.patch | 35 + ...sk-out-PKRU-bit-in-xfeatures-if-vCPU.patch | 135 -- ...nfs-Fix-a-use-after-free-bug-in-open.patch | 42 + ...allow-pass-through-on-broken-hardwar.patch | 43 - ...-Advertise-support-for-flush-by-ASID.patch | 37 - ...-qla2xxx-Fix-disk-failure-to-redisco.patch | 70 + ...m-seed-of-tmp_inode-after-migrating-.patch | 73 + ...rove-userspace-warnings-for-missing-.patch | 44 - ...pect-msg_namelen-0-for-recvmsg-calls.patch | 31 - ...alize-TLB-invalidates-with-GT-resets.patch | 72 + ...et-subreq-iov-iter-before-tail-clean.patch | 28 - ...UCE-iommu-intel-disable-DMAR-for-SKL.patch | 97 -- ...able-PCID-when-INVLPG-has-been-fixed.patch | 78 - debian/patches/series.linux | 23 +- 23 files changed, 498 insertions(+), 2024 deletions(-) rename debian/patches/pve/{0003-bridge-keep-MAC-of-first-assigned-port.patch => 0002-bridge-keep-MAC-of-first-assigned-port.patch} (87%) delete mode 100644 debian/patches/pve/0002-wireless-Add-Debian-wireless-regdb-certificates.patch rename debian/patches/pve/{0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch => 0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch} (95%) rename debian/patches/pve/{0005-kvm-disable-default-dynamic-halt-polling-growth.patch => 0004-kvm-disable-default-dynamic-halt-polling-growth.patch} (85%) create mode 100644 debian/patches/pve/0005-Revert-KVM-VMX-enable-nested-virtualization-by-defau.patch delete mode 100644 debian/patches/pve/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch create mode 100644 debian/patches/pve/0007-vfs-allow-unprivileged-whiteout-creation.patch create mode 100644 debian/patches/pve/0008-SUNRPC-Fix-READ_PLUS-crasher.patch delete mode 100644 debian/patches/pve/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch create mode 100644 debian/patches/pve/0009-NFSv4-pnfs-Fix-a-use-after-free-bug-in-open.patch delete mode 100644 debian/patches/pve/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch delete mode 100644 debian/patches/pve/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch create mode 100644 debian/patches/pve/0010-scsi-Revert-scsi-qla2xxx-Fix-disk-failure-to-redisco.patch create mode 100644 debian/patches/pve/0011-ext4-recover-csum-seed-of-tmp_inode-after-migrating-.patch delete mode 100644 debian/patches/pve/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch delete mode 100644 debian/patches/pve/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch create mode 100644 debian/patches/pve/0012-drm-i915-gt-Serialize-TLB-invalidates-with-GT-resets.patch delete mode 100644 debian/patches/pve/0013-netfs-reset-subreq-iov-iter-before-tail-clean.patch delete mode 100644 debian/patches/pve/0014-Revert-UBUNTU-SAUCE-iommu-intel-disable-DMAR-for-SKL.patch delete mode 100644 debian/patches/pve/0015-x86-mm-Don-t-disable-PCID-when-INVLPG-has-been-fixed.patch diff --git a/debian/patches/pve/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch b/debian/patches/pve/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch index 1963808..a7fd35c 100644 --- a/debian/patches/pve/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch +++ b/debian/patches/pve/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch @@ -17,19 +17,28 @@ $KBUILD_BUILD_TIMESTAMP. Signed-off-by: Fabian Grünbichler Signed-off-by: Thomas Lamprecht --- - init/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + scripts/mkcompile_h | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) -diff --git a/init/Makefile b/init/Makefile -index 10b652d33e872658f2d8c8ce3a0b45e9a473fd64..e4dabde27b90c12bd72c6239e15509f9a9448d80 100644 ---- a/init/Makefile -+++ b/init/Makefile -@@ -29,7 +29,7 @@ preempt-flag-$(CONFIG_PREEMPT_DYNAMIC) := PREEMPT_DYNAMIC - preempt-flag-$(CONFIG_PREEMPT_RT) := PREEMPT_RT +diff --git a/scripts/mkcompile_h b/scripts/mkcompile_h +index 06c1e9e3bc38..6e7012175600 100755 +--- a/scripts/mkcompile_h ++++ b/scripts/mkcompile_h +@@ -34,10 +34,14 @@ else + VERSION=$KBUILD_BUILD_VERSION + fi - build-version = $(or $(KBUILD_BUILD_VERSION), $(build-version-auto)) --build-timestamp = $(or $(KBUILD_BUILD_TIMESTAMP), $(build-timestamp-auto)) -+build-timestamp = $(or $(KBUILD_BUILD_VERSION_TIMESTAMP), $(KBUILD_BUILD_TIMESTAMP), $(build-timestamp-auto)) - - # Maximum length of UTS_VERSION is 64 chars - filechk_uts_version = \ +-if [ -z "$KBUILD_BUILD_TIMESTAMP" ]; then +- TIMESTAMP=`date` ++if [ -z "$KBUILD_BUILD_VERSION_TIMESTAMP" ]; then ++ if [ -z "$KBUILD_BUILD_TIMESTAMP" ]; then ++ TIMESTAMP=`date` ++ else ++ TIMESTAMP=$KBUILD_BUILD_TIMESTAMP ++ fi + else +- TIMESTAMP=$KBUILD_BUILD_TIMESTAMP ++ TIMESTAMP=$KBUILD_BUILD_VERSION_TIMESTAMP + fi + if test -z "$KBUILD_BUILD_USER"; then + LINUX_COMPILE_BY=$(whoami | sed 's/\\/\\\\/') diff --git a/debian/patches/pve/0003-bridge-keep-MAC-of-first-assigned-port.patch b/debian/patches/pve/0002-bridge-keep-MAC-of-first-assigned-port.patch similarity index 87% rename from debian/patches/pve/0003-bridge-keep-MAC-of-first-assigned-port.patch rename to debian/patches/pve/0002-bridge-keep-MAC-of-first-assigned-port.patch index efa47df..a684a53 100644 --- a/debian/patches/pve/0003-bridge-keep-MAC-of-first-assigned-port.patch +++ b/debian/patches/pve/0002-bridge-keep-MAC-of-first-assigned-port.patch @@ -19,10 +19,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c -index 75204d36d7f9062306dfc66c3c35448e16257215..1fb5ff73ec1ef3bd79960182c87a0ba312b3635d 100644 +index d174d3a566aa..885e18c72c87 100644 --- a/net/bridge/br_stp_if.c +++ b/net/bridge/br_stp_if.c -@@ -265,10 +265,7 @@ bool br_stp_recalculate_bridge_id(struct net_bridge *br) +@@ -256,10 +256,7 @@ bool br_stp_recalculate_bridge_id(struct net_bridge *br) return false; list_for_each_entry(p, &br->port_list, list) { diff --git a/debian/patches/pve/0002-wireless-Add-Debian-wireless-regdb-certificates.patch b/debian/patches/pve/0002-wireless-Add-Debian-wireless-regdb-certificates.patch deleted file mode 100644 index 274b7ff..0000000 --- a/debian/patches/pve/0002-wireless-Add-Debian-wireless-regdb-certificates.patch +++ /dev/null @@ -1,1451 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Ben Hutchings -Date: Fri, 13 Apr 2018 20:10:28 +0100 -Subject: [PATCH] wireless: Add Debian wireless-regdb certificates - -This hex dump is generated using: - -{ - for cert in debian/certs/wireless-regdb-*.pem; do - openssl x509 -in $cert -outform der; - done -} | hexdump -v -e '1/1 "0x%.2x," "\n"' > net/wireless/certs/debian.hex - -Signed-off-by: Thomas Lamprecht ---- - net/wireless/certs/debian.hex | 1426 +++++++++++++++++++++++++++++++++ - 1 file changed, 1426 insertions(+) - create mode 100644 net/wireless/certs/debian.hex - -diff --git a/net/wireless/certs/debian.hex b/net/wireless/certs/debian.hex -new file mode 100644 -index 0000000000000000000000000000000000000000..c5ab03f8c500d2f0e5b7931d5790bd22983c3660 ---- /dev/null -+++ b/net/wireless/certs/debian.hex -@@ -0,0 +1,1426 @@ -+0x30, -+0x82, -+0x02, -+0xbd, -+0x30, -+0x82, -+0x01, -+0xa5, -+0x02, -+0x14, -+0x57, -+0x7e, -+0x02, -+0x1c, -+0xb9, -+0x80, -+0xe0, -+0xe8, -+0x20, -+0x82, -+0x1b, -+0xa7, -+0xb5, -+0x4b, -+0x49, -+0x61, -+0xb8, -+0xb4, -+0xfa, -+0xdf, -+0x30, -+0x0d, -+0x06, -+0x09, -+0x2a, -+0x86, -+0x48, -+0x86, -+0xf7, -+0x0d, -+0x01, -+0x01, -+0x0b, -+0x05, -+0x00, -+0x30, -+0x1a, -+0x31, -+0x18, -+0x30, -+0x16, -+0x06, -+0x03, -+0x55, -+0x04, -+0x03, -+0x0c, -+0x0f, -+0x62, -+0x65, -+0x6e, -+0x68, -+0x40, -+0x64, -+0x65, -+0x62, -+0x69, -+0x61, -+0x6e, -+0x2e, -+0x6f, -+0x72, -+0x67, -+0x30, -+0x20, -+0x17, -+0x0d, -+0x32, -+0x30, -+0x30, -+0x31, -+0x33, -+0x30, -+0x31, -+0x33, -+0x32, -+0x36, -+0x31, -+0x33, -+0x5a, -+0x18, -+0x0f, -+0x32, -+0x31, -+0x32, -+0x30, -+0x30, -+0x31, -+0x30, -+0x36, -+0x31, -+0x33, -+0x32, -+0x36, -+0x31, -+0x33, -+0x5a, -+0x30, -+0x1a, -+0x31, -+0x18, -+0x30, -+0x16, -+0x06, -+0x03, -+0x55, -+0x04, -+0x03, -+0x0c, -+0x0f, -+0x62, -+0x65, -+0x6e, -+0x68, -+0x40, -+0x64, -+0x65, -+0x62, -+0x69, -+0x61, -+0x6e, -+0x2e, -+0x6f, -+0x72, -+0x67, -+0x30, -+0x82, -+0x01, -+0x22, -+0x30, -+0x0d, -+0x06, -+0x09, -+0x2a, -+0x86, -+0x48, -+0x86, -+0xf7, -+0x0d, -+0x01, -+0x01, -+0x01, -+0x05, -+0x00, -+0x03, -+0x82, -+0x01, -+0x0f, -+0x00, -+0x30, -+0x82, -+0x01, -+0x0a, -+0x02, -+0x82, -+0x01, -+0x01, -+0x00, -+0x9d, -+0xe1, -+0x77, -+0xa0, -+0x24, -+0xa0, -+0xd5, -+0x79, -+0x65, -+0x3a, -+0x07, -+0x90, -+0xc9, -+0xf6, -+0xa5, -+0xa6, -+0x1f, -+0x84, -+0x1c, -+0x23, -+0x07, -+0x4b, -+0x4f, -+0xa5, -+0x03, -+0xc6, -+0x0f, -+0xf7, -+0x54, -+0xd5, -+0x8b, -+0x7e, -+0x79, -+0x81, -+0x00, -+0xd2, -+0xe9, -+0x3d, -+0xf4, -+0x97, -+0xfe, -+0x84, -+0xcd, -+0x55, -+0xbd, -+0xc9, -+0x8f, -+0x21, -+0x57, -+0x88, -+0x06, -+0x39, -+0x90, -+0x66, -+0x41, -+0x26, -+0x79, -+0x2c, -+0xca, -+0x3f, -+0x95, -+0x87, -+0x01, -+0x11, -+0x2f, -+0x2f, -+0xb0, -+0xe1, -+0x0b, -+0x43, -+0xfc, -+0x5f, -+0x2f, -+0x4f, -+0x67, -+0x04, -+0xdb, -+0x4d, -+0xb7, -+0x72, -+0x4d, -+0xd1, -+0xc5, -+0x76, -+0x73, -+0x4d, -+0x91, -+0x69, -+0xb0, -+0x71, -+0x17, -+0x36, -+0xea, -+0xab, -+0x0a, -+0x3a, -+0xcd, -+0x95, -+0x9b, -+0x76, -+0x1b, -+0x8e, -+0x21, -+0x17, -+0x8f, -+0xc5, -+0x02, -+0xbf, -+0x24, -+0xc7, -+0xc0, -+0x40, -+0xb1, -+0x3b, -+0xc4, -+0x80, -+0x7c, -+0x71, -+0xa5, -+0x51, -+0xdc, -+0xf7, -+0x3a, -+0x58, -+0x7f, -+0xb1, -+0x07, -+0x81, -+0x8a, -+0x10, -+0xd1, -+0xf6, -+0x93, -+0x17, -+0x71, -+0xe0, -+0xfa, -+0x51, -+0x79, -+0x15, -+0xd4, -+0xd7, -+0x8f, -+0xad, -+0xbd, -+0x6f, -+0x38, -+0xe1, -+0x26, -+0x7d, -+0xbc, -+0xf0, -+0x3e, -+0x80, -+0x89, -+0xb4, -+0xec, -+0x8e, -+0x69, -+0x90, -+0xdb, -+0x97, -+0x8a, -+0xf0, -+0x23, -+0x23, -+0x83, -+0x82, -+0x3b, -+0x6a, -+0xb1, -+0xac, -+0xeb, -+0xe7, -+0x99, -+0x74, -+0x2a, -+0x35, -+0x8e, -+0xa9, -+0x64, -+0xfd, -+0x46, -+0x9e, -+0xe8, -+0xe5, -+0x48, -+0x61, -+0x31, -+0x6e, -+0xe6, -+0xfc, -+0x19, -+0x18, -+0x54, -+0xc3, -+0x1b, -+0x4f, -+0xd6, -+0x00, -+0x44, -+0x87, -+0x1c, -+0x37, -+0x45, -+0xea, -+0xf5, -+0xc9, -+0xcb, -+0x0f, -+0x0c, -+0x55, -+0xec, -+0xcf, -+0x6a, -+0xc2, -+0x45, -+0x26, -+0x23, -+0xa2, -+0x31, -+0x52, -+0x4d, -+0xee, -+0x21, -+0x7d, -+0xfd, -+0x58, -+0x72, -+0xc2, -+0x28, -+0xc5, -+0x8e, -+0xa9, -+0xd0, -+0xee, -+0x01, -+0x77, -+0x08, -+0xa5, -+0xf0, -+0x22, -+0x2b, -+0x47, -+0x79, -+0x2b, -+0xcf, -+0x9a, -+0x46, -+0xb5, -+0x8f, -+0xfd, -+0x64, -+0xa2, -+0xb5, -+0xed, -+0x02, -+0x03, -+0x01, -+0x00, -+0x01, -+0x30, -+0x0d, -+0x06, -+0x09, -+0x2a, -+0x86, -+0x48, -+0x86, -+0xf7, -+0x0d, -+0x01, -+0x01, -+0x0b, -+0x05, -+0x00, -+0x03, -+0x82, -+0x01, -+0x01, -+0x00, -+0x20, -+0x44, -+0xfe, -+0xa9, -+0x9e, -+0xdd, -+0x9b, -+0xea, -+0xce, -+0x25, -+0x75, -+0x08, -+0xf0, -+0x2b, -+0x53, -+0xf7, -+0x5a, -+0x36, -+0x1c, -+0x4a, -+0x23, -+0x7f, -+0xd0, -+0x41, -+0x3c, -+0x12, -+0x2b, -+0xb9, -+0x80, -+0x4e, -+0x8a, -+0x15, -+0x5d, -+0x1f, -+0x40, -+0xa7, -+0x26, -+0x28, -+0x32, -+0xc3, -+0x5b, -+0x06, -+0x28, -+0x2d, -+0x3d, -+0x08, -+0x09, -+0x1e, -+0x01, -+0xe9, -+0x67, -+0xe3, -+0x33, -+0xe6, -+0x15, -+0x45, -+0x39, -+0xee, -+0x17, -+0x83, -+0xdb, -+0x42, -+0xff, -+0x7f, -+0x35, -+0xf4, -+0xac, -+0x16, -+0xdb, -+0xba, -+0xb8, -+0x1a, -+0x20, -+0x21, -+0x41, -+0xff, -+0xf3, -+0x92, -+0xff, -+0x65, -+0x6e, -+0x29, -+0x16, -+0xd0, -+0xbf, -+0x8d, -+0xdf, -+0x48, -+0x2c, -+0x73, -+0x36, -+0x7f, -+0x22, -+0xe6, -+0xee, -+0x78, -+0xb4, -+0x63, -+0x83, -+0x0e, -+0x39, -+0xeb, -+0xaf, -+0x10, -+0x2a, -+0x90, -+0xd3, -+0xfc, -+0xe6, -+0xc3, -+0x8f, -+0x97, -+0x5b, -+0x76, -+0xbf, -+0x9b, -+0xf5, -+0x98, -+0xd2, -+0x53, -+0x06, -+0x8b, -+0xf8, -+0xa4, -+0x04, -+0x9b, -+0x1b, -+0x62, -+0x6a, -+0x9d, -+0xac, -+0xe6, -+0x4b, -+0x0d, -+0xc9, -+0xd7, -+0x56, -+0x63, -+0x15, -+0x01, -+0x38, -+0x8c, -+0xbe, -+0xf1, -+0x44, -+0xc4, -+0x38, -+0x27, -+0xe0, -+0xcf, -+0x72, -+0xd6, -+0x3d, -+0xe4, -+0xf7, -+0x4b, -+0x3b, -+0xd2, -+0xb1, -+0x0c, -+0xd5, -+0x83, -+0x6d, -+0x1e, -+0x10, -+0x04, -+0x69, -+0x29, -+0x88, -+0x69, -+0xe0, -+0x7d, -+0xd7, -+0xdb, -+0xb4, -+0x59, -+0x72, -+0x8d, -+0x9d, -+0x3c, -+0x43, -+0xaf, -+0xc6, -+0x7d, -+0xb7, -+0x21, -+0x15, -+0x52, -+0x8a, -+0xe9, -+0x9b, -+0x6b, -+0x2e, -+0xe8, -+0x27, -+0x3c, -+0x3f, -+0x2d, -+0x84, -+0xfb, -+0x9a, -+0x22, -+0x0a, -+0x9f, -+0x6a, -+0x25, -+0xe6, -+0x39, -+0xe4, -+0x74, -+0x73, -+0xb6, -+0x2a, -+0x70, -+0xaa, -+0x1d, -+0xcb, -+0xcc, -+0xd4, -+0xa0, -+0x1b, -+0x26, -+0x71, -+0x63, -+0x04, -+0xc5, -+0x12, -+0x21, -+0x48, -+0xba, -+0x92, -+0x27, -+0x06, -+0xa8, -+0x3e, -+0x6d, -+0xa1, -+0x43, -+0xa5, -+0xd2, -+0x2a, -+0xf7, -+0xca, -+0xc4, -+0x26, -+0xe8, -+0x5b, -+0x1f, -+0xe4, -+0xdc, -+0x89, -+0xdc, -+0x1f, -+0x04, -+0x79, -+0x3f, -+0x30, -+0x82, -+0x02, -+0xcd, -+0x30, -+0x82, -+0x01, -+0xb5, -+0x02, -+0x14, -+0x3a, -+0xbb, -+0xc6, -+0xec, -+0x14, -+0x6e, -+0x09, -+0xd1, -+0xb6, -+0x01, -+0x6a, -+0xb9, -+0xd6, -+0xcf, -+0x71, -+0xdd, -+0x23, -+0x3f, -+0x03, -+0x28, -+0x30, -+0x0d, -+0x06, -+0x09, -+0x2a, -+0x86, -+0x48, -+0x86, -+0xf7, -+0x0d, -+0x01, -+0x01, -+0x0b, -+0x05, -+0x00, -+0x30, -+0x22, -+0x31, -+0x20, -+0x30, -+0x1e, -+0x06, -+0x03, -+0x55, -+0x04, -+0x03, -+0x0c, -+0x17, -+0x72, -+0x6f, -+0x6d, -+0x61, -+0x69, -+0x6e, -+0x2e, -+0x70, -+0x65, -+0x72, -+0x69, -+0x65, -+0x72, -+0x40, -+0x67, -+0x6d, -+0x61, -+0x69, -+0x6c, -+0x2e, -+0x63, -+0x6f, -+0x6d, -+0x30, -+0x20, -+0x17, -+0x0d, -+0x32, -+0x30, -+0x30, -+0x32, -+0x32, -+0x34, -+0x31, -+0x39, -+0x30, -+0x31, -+0x34, -+0x34, -+0x5a, -+0x18, -+0x0f, -+0x32, -+0x31, -+0x32, -+0x30, -+0x30, -+0x31, -+0x33, -+0x31, -+0x31, -+0x39, -+0x30, -+0x31, -+0x34, -+0x34, -+0x5a, -+0x30, -+0x22, -+0x31, -+0x20, -+0x30, -+0x1e, -+0x06, -+0x03, -+0x55, -+0x04, -+0x03, -+0x0c, -+0x17, -+0x72, -+0x6f, -+0x6d, -+0x61, -+0x69, -+0x6e, -+0x2e, -+0x70, -+0x65, -+0x72, -+0x69, -+0x65, -+0x72, -+0x40, -+0x67, -+0x6d, -+0x61, -+0x69, -+0x6c, -+0x2e, -+0x63, -+0x6f, -+0x6d, -+0x30, -+0x82, -+0x01, -+0x22, -+0x30, -+0x0d, -+0x06, -+0x09, -+0x2a, -+0x86, -+0x48, -+0x86, -+0xf7, -+0x0d, -+0x01, -+0x01, -+0x01, -+0x05, -+0x00, -+0x03, -+0x82, -+0x01, -+0x0f, -+0x00, -+0x30, -+0x82, -+0x01, -+0x0a, -+0x02, -+0x82, -+0x01, -+0x01, -+0x00, -+0xf0, -+0xb8, -+0x4f, -+0x3f, -+0x70, -+0x78, -+0xf8, -+0x74, -+0x45, -+0xa2, -+0x28, -+0xaf, -+0x04, -+0x75, -+0x04, -+0xa3, -+0xf3, -+0xa7, -+0xc7, -+0x04, -+0xac, -+0xb6, -+0xe1, -+0xfc, -+0xe1, -+0xc0, -+0x3d, -+0xe0, -+0x26, -+0x90, -+0x8a, -+0x45, -+0x60, -+0xc4, -+0x75, -+0xf3, -+0x1a, -+0x33, -+0x37, -+0x56, -+0x7d, -+0x30, -+0x07, -+0x75, -+0x0e, -+0xa6, -+0x79, -+0x06, -+0x95, -+0x9d, -+0x17, -+0x3c, -+0x09, -+0xa9, -+0x7f, -+0xab, -+0x95, -+0x5d, -+0xed, -+0xe0, -+0x75, -+0x26, -+0x2f, -+0x65, -+0x65, -+0xcd, -+0x61, -+0xb1, -+0x33, -+0x27, -+0x67, -+0x41, -+0xa1, -+0x01, -+0x13, -+0xe9, -+0x13, -+0x6a, -+0x6d, -+0x4e, -+0x98, -+0xe1, -+0x9e, -+0x7b, -+0x0b, -+0x5b, -+0x44, -+0xef, -+0x68, -+0x5a, -+0x6f, -+0x7d, -+0x97, -+0xa1, -+0x33, -+0x22, -+0x97, -+0x12, -+0x21, -+0x09, -+0x8f, -+0x90, -+0xe0, -+0x25, -+0x94, -+0xdd, -+0x8a, -+0x3a, -+0xf7, -+0x4a, -+0x60, -+0x04, -+0x26, -+0x6d, -+0x00, -+0x82, -+0xe4, -+0xcf, -+0x64, -+0x1c, -+0x79, -+0x15, -+0x24, -+0xf2, -+0x42, -+0x86, -+0xf5, -+0x10, -+0x86, -+0xac, -+0x20, -+0x88, -+0x90, -+0x87, -+0xdf, -+0x8c, -+0x37, -+0x7c, -+0xbf, -+0x35, -+0xd5, -+0x6f, -+0x9f, -+0x77, -+0xc3, -+0xcd, -+0x69, -+0x25, -+0x06, -+0xc2, -+0x65, -+0x51, -+0x71, -+0x89, -+0x7f, -+0x6e, -+0x4d, -+0xe5, -+0xd5, -+0x8a, -+0x36, -+0x1a, -+0xad, -+0xc1, -+0x18, -+0xd6, -+0x14, -+0x42, -+0x87, -+0xf0, -+0x93, -+0x83, -+0xf1, -+0x99, -+0x74, -+0xc4, -+0x13, -+0xaa, -+0x3b, -+0x66, -+0x85, -+0x6f, -+0xe0, -+0xbc, -+0x5f, -+0xb6, -+0x40, -+0xa6, -+0x41, -+0x06, -+0x0a, -+0xba, -+0x0e, -+0xe9, -+0x32, -+0x44, -+0x10, -+0x39, -+0x53, -+0xcd, -+0xbf, -+0xf3, -+0xd3, -+0x26, -+0xf6, -+0xb6, -+0x2b, -+0x40, -+0x2e, -+0xb9, -+0x88, -+0xc1, -+0xf4, -+0xe3, -+0xa0, -+0x28, -+0x77, -+0x4f, -+0xba, -+0xa8, -+0xca, -+0x9c, -+0x05, -+0xba, -+0x88, -+0x96, -+0x99, -+0x54, -+0x89, -+0xa2, -+0x8d, -+0xf3, -+0x73, -+0xa1, -+0x8c, -+0x4a, -+0xa8, -+0x71, -+0xee, -+0x2e, -+0xd2, -+0x83, -+0x14, -+0x48, -+0xbd, -+0x98, -+0xc6, -+0xce, -+0xdc, -+0xa8, -+0xa3, -+0x97, -+0x2e, -+0x40, -+0x16, -+0x2f, -+0x02, -+0x03, -+0x01, -+0x00, -+0x01, -+0x30, -+0x0d, -+0x06, -+0x09, -+0x2a, -+0x86, -+0x48, -+0x86, -+0xf7, -+0x0d, -+0x01, -+0x01, -+0x0b, -+0x05, -+0x00, -+0x03, -+0x82, -+0x01, -+0x01, -+0x00, -+0x76, -+0x5d, -+0x03, -+0x3d, -+0xb6, -+0x96, -+0x00, -+0x1b, -+0x6e, -+0x0c, -+0xdd, -+0xbb, -+0xc8, -+0xdf, -+0xbc, -+0xeb, -+0x6c, -+0x01, -+0x40, -+0x1a, -+0x2b, -+0x07, -+0x60, -+0xa1, -+0x1a, -+0xe1, -+0x43, -+0x57, -+0xfa, -+0xbe, -+0xde, -+0xbb, -+0x8f, -+0x73, -+0xf3, -+0x92, -+0xa2, -+0xaa, -+0x83, -+0x01, -+0xc1, -+0x17, -+0xe4, -+0x9d, -+0x09, -+0x41, -+0xe0, -+0x32, -+0x33, -+0x97, -+0x4b, -+0xf2, -+0xdc, -+0x0f, -+0x8b, -+0xa8, -+0xb8, -+0x5a, -+0x04, -+0x86, -+0xf6, -+0x71, -+0xa1, -+0x97, -+0xd0, -+0x54, -+0x56, -+0x10, -+0x8e, -+0x54, -+0x99, -+0x0d, -+0x2a, -+0xa9, -+0xaf, -+0x1b, -+0x55, -+0x59, -+0x06, -+0x2b, -+0xa4, -+0x5f, -+0xb1, -+0x54, -+0xa6, -+0xec, -+0xc7, -+0xd6, -+0x43, -+0xee, -+0x86, -+0x2c, -+0x9b, -+0x18, -+0x9d, -+0x8f, -+0x00, -+0x82, -+0xc1, -+0x88, -+0x61, -+0x16, -+0x85, -+0x3c, -+0x17, -+0x56, -+0xfe, -+0x6a, -+0xa0, -+0x7a, -+0x68, -+0xc5, -+0x7b, -+0x3d, -+0x3c, -+0xb6, -+0x13, -+0x18, -+0x99, -+0x6d, -+0x74, -+0x65, -+0x13, -+0x67, -+0xb7, -+0xfc, -+0x5a, -+0x44, -+0x48, -+0x72, -+0xa0, -+0x73, -+0xb8, -+0xff, -+0x02, -+0x9d, -+0x7c, -+0x5b, -+0xf9, -+0x7c, -+0x75, -+0x0a, -+0x3c, -+0x81, -+0x80, -+0x3c, -+0x41, -+0xf2, -+0xd5, -+0xfa, -+0x3d, -+0x1f, -+0xe3, -+0xda, -+0x8c, -+0xa5, -+0x17, -+0x1f, -+0x53, -+0x1a, -+0x75, -+0xad, -+0x4e, -+0x11, -+0x1c, -+0x07, -+0xec, -+0x0a, -+0x69, -+0xfd, -+0x33, -+0xfa, -+0x32, -+0x7e, -+0x66, -+0xf5, -+0x29, -+0xe8, -+0x4d, -+0x8a, -+0xfa, -+0x0d, -+0x4b, -+0x68, -+0xc3, -+0x95, -+0x11, -+0xba, -+0x6f, -+0x1e, -+0x07, -+0x8c, -+0x85, -+0xc7, -+0xc7, -+0xc9, -+0xc1, -+0x30, -+0xa3, -+0x70, -+0xb0, -+0xa1, -+0xe0, -+0xd5, -+0x85, -+0x15, -+0x94, -+0x77, -+0xc1, -+0x1c, -+0x91, -+0xf1, -+0x5f, -+0x50, -+0xcd, -+0x2c, -+0x57, -+0x4b, -+0x22, -+0x4f, -+0xee, -+0x95, -+0xd7, -+0xa7, -+0xa4, -+0x59, -+0x62, -+0xae, -+0xb9, -+0xbf, -+0xd7, -+0x63, -+0x5a, -+0x04, -+0xfc, -+0x24, -+0x11, -+0xae, -+0x34, -+0x4b, -+0xf4, -+0x0c, -+0x9f, -+0x0b, -+0x59, -+0x7d, -+0x27, -+0x39, -+0x54, -+0x69, -+0x4f, -+0xfd, -+0x6e, -+0x44, -+0x9f, -+0x21, diff --git a/debian/patches/pve/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch b/debian/patches/pve/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch similarity index 95% rename from debian/patches/pve/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch rename to debian/patches/pve/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch index 41f0c7c..9d8d51e 100644 --- a/debian/patches/pve/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch +++ b/debian/patches/pve/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch @@ -55,10 +55,10 @@ Signed-off-by: Thomas Lamprecht 2 files changed, 111 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt -index 5ea6b2d54edaff9b7efa20235de92970cabcf769..e36ab4a38709f697860e785c1eb2e8c44f9f7b64 100644 +index 1520dc3ad4d2..d3db42dface6 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -4422,6 +4422,15 @@ +@@ -3489,6 +3489,15 @@ Also, it enforces the PCI Local Bus spec rule that those bits should be 0 in system reset events (useful for kexec/kdump cases). @@ -75,10 +75,10 @@ index 5ea6b2d54edaff9b7efa20235de92970cabcf769..e36ab4a38709f697860e785c1eb2e8c4 Safety option to keep boot IRQs enabled. This should never be necessary. diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c -index bf02ee61a933403deba8ba7063d1732fc3ed540e..113e93b623616d787ad1b4d7619a2921069d587b 100644 +index ff07d35046b0..81f720abe39e 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c -@@ -300,6 +300,106 @@ static int __init pci_apply_final_quirks(void) +@@ -193,6 +193,106 @@ static int __init pci_apply_final_quirks(void) } fs_initcall_sync(pci_apply_final_quirks); @@ -185,7 +185,7 @@ index bf02ee61a933403deba8ba7063d1732fc3ed540e..113e93b623616d787ad1b4d7619a2921 /* * Decoding should be disabled for a PCI device during BAR sizing to avoid * conflict. But doing so may cause problems on host bridge and perhaps other -@@ -5121,6 +5221,8 @@ static const struct pci_dev_acs_enabled { +@@ -4948,6 +5048,8 @@ static const struct pci_dev_acs_enabled { { PCI_VENDOR_ID_CAVIUM, 0xA060, pci_quirk_mf_endpoint_acs }, /* APM X-Gene */ { PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs }, diff --git a/debian/patches/pve/0005-kvm-disable-default-dynamic-halt-polling-growth.patch b/debian/patches/pve/0004-kvm-disable-default-dynamic-halt-polling-growth.patch similarity index 85% rename from debian/patches/pve/0005-kvm-disable-default-dynamic-halt-polling-growth.patch rename to debian/patches/pve/0004-kvm-disable-default-dynamic-halt-polling-growth.patch index cc9e8eb..b0151ae 100644 --- a/debian/patches/pve/0005-kvm-disable-default-dynamic-halt-polling-growth.patch +++ b/debian/patches/pve/0004-kvm-disable-default-dynamic-halt-polling-growth.patch @@ -13,10 +13,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 16f0c3566f16141af8f5cfeb5dc6b15838ff6ecc..e232b463912db788345e0d38b3128cbee30948ae 100644 +index 98edde13ec17..8344711583bc 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c -@@ -80,7 +80,7 @@ module_param(halt_poll_ns, uint, 0644); +@@ -76,7 +76,7 @@ module_param(halt_poll_ns, uint, 0644); EXPORT_SYMBOL_GPL(halt_poll_ns); /* Default doubles per-vcpu halt_poll_ns. */ diff --git a/debian/patches/pve/0005-Revert-KVM-VMX-enable-nested-virtualization-by-defau.patch b/debian/patches/pve/0005-Revert-KVM-VMX-enable-nested-virtualization-by-defau.patch new file mode 100644 index 0000000..05ae702 --- /dev/null +++ b/debian/patches/pve/0005-Revert-KVM-VMX-enable-nested-virtualization-by-defau.patch @@ -0,0 +1,32 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Lamprecht +Date: Fri, 7 Jun 2019 21:16:42 +0200 +Subject: [PATCH] Revert "KVM: VMX: enable nested virtualization by default" + +This reverts commit 1e58e5e59148916fa43444a406335a990783fb78 + +As we're not yet there, and this effectively breaks live migration +for all VMs using host or +vmx which did not manually enabled nesting + +Those which already enabled nesting manually have already breakage, +but that was something to expect. The situation will get better in +the future (probably post qemu 4.1). + +Signed-off-by: Thomas Lamprecht +--- + arch/x86/kvm/vmx/vmx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c +index 435dfebf5867..82c2afe46ebf 100644 +--- a/arch/x86/kvm/vmx/vmx.c ++++ b/arch/x86/kvm/vmx/vmx.c +@@ -103,7 +103,7 @@ module_param(enable_apicv, bool, S_IRUGO); + * VMX and be a hypervisor for its own guests. If nested=0, guests may not + * use VMX instructions. + */ +-static bool __read_mostly nested = 1; ++static bool __read_mostly nested = 0; + module_param(nested, bool, S_IRUGO); + + static u64 __read_mostly host_xss; diff --git a/debian/patches/pve/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch b/debian/patches/pve/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch index c6906db..1d129bd 100644 --- a/debian/patches/pve/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch +++ b/debian/patches/pve/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch @@ -3,26 +3,22 @@ From: Thomas Lamprecht Date: Wed, 7 Oct 2020 17:18:28 +0200 Subject: [PATCH] net: core: downgrade unregister_netdevice refcount leak from emergency to error -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Lamprecht -Signed-off-by: Fabian Grünbichler --- net/core/dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/dev.c b/net/core/dev.c -index 25f20c5cc8f55fca8c726df31d8433025e15ebb4..d0fa7a5768d555fce321533a2d46703d647d7474 100644 +index f2c6fc836f9d..8940c12333b0 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -10680,7 +10680,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list) - if (time_after(jiffies, warning_time + - READ_ONCE(netdev_unregister_timeout_secs) * HZ)) { - list_for_each_entry(dev, list, todo_list) { -- pr_emerg("unregister_netdevice: waiting for %s to become free. Usage count = %d\n", -+ pr_err("unregister_netdevice: waiting for %s to become free. Usage count = %d\n", - dev->name, netdev_refcnt_read(dev)); - ref_tracker_dir_print(&dev->refcnt_tracker, 10); - } +@@ -9368,7 +9368,7 @@ static void netdev_wait_allrefs(struct net_device *dev) + refcnt = netdev_refcnt_read(dev); + + if (refcnt && time_after(jiffies, warning_time + 10 * HZ)) { +- pr_emerg("unregister_netdevice: waiting for %s to become free. Usage count = %d\n", ++ pr_err("unregister_netdevice: waiting for %s to become free. Usage count = %d\n", + dev->name, refcnt); + warning_time = jiffies; + } diff --git a/debian/patches/pve/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch b/debian/patches/pve/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch deleted file mode 100644 index 94e9f87..0000000 --- a/debian/patches/pve/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Thomas Lamprecht -Date: Tue, 10 Jan 2023 08:52:40 +0100 -Subject: [PATCH] Revert "fortify: Do not cast to "unsigned char"" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This reverts commit 106b7a61c488d2022f44e3531ce33461c7c0685f. - -Signed-off-by: Thomas Lamprecht -Signed-off-by: Fabian Grünbichler -Signed-off-by: Thomas Lamprecht ---- - include/linux/fortify-string.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h -index 0d99bf11d260a3482bbe46e35c7553c0ccfb8b94..fe04f7f9357506baf21a0c3cc070c37f00a24d5c 100644 ---- a/include/linux/fortify-string.h -+++ b/include/linux/fortify-string.h -@@ -62,7 +62,7 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning(" - - #define __compiletime_strlen(p) \ - ({ \ -- char *__p = (char *)(p); \ -+ unsigned char *__p = (unsigned char *)(p); \ - size_t __ret = SIZE_MAX; \ - const size_t __p_size = __member_size(p); \ - if (__p_size != SIZE_MAX && \ diff --git a/debian/patches/pve/0007-vfs-allow-unprivileged-whiteout-creation.patch b/debian/patches/pve/0007-vfs-allow-unprivileged-whiteout-creation.patch new file mode 100644 index 0000000..6d1b568 --- /dev/null +++ b/debian/patches/pve/0007-vfs-allow-unprivileged-whiteout-creation.patch @@ -0,0 +1,122 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Thu, 14 May 2020 16:44:23 +0200 +Subject: [PATCH] vfs: allow unprivileged whiteout creation + +Whiteouts, unlike real device node should not require privileges to create. + +The general concern with device nodes is that opening them can have side +effects. The kernel already avoids zero major (see +Documentation/admin-guide/devices.txt). To be on the safe side the patch +explicitly forbids registering a char device with 0/0 number (see +cdev_add()). + +This guarantees that a non-O_PATH open on a whiteout will fail with ENODEV; +i.e. it won't have any side effect. + +Signed-off-by: Miklos Szeredi +(cherry picked from commit a3c751a50fe6bbe50eb7622a14b18b361804ee0c) +Signed-off-by: Thomas Lamprecht +--- + fs/char_dev.c | 3 +++ + fs/namei.c | 21 +++------------------ + include/linux/device_cgroup.h | 3 +++ + include/linux/fs.h | 6 +++++- + 4 files changed, 14 insertions(+), 19 deletions(-) + +diff --git a/fs/char_dev.c b/fs/char_dev.c +index c5e6eff5a381..ba0ded7842a7 100644 +--- a/fs/char_dev.c ++++ b/fs/char_dev.c +@@ -483,6 +483,9 @@ int cdev_add(struct cdev *p, dev_t dev, unsigned count) + p->dev = dev; + p->count = count; + ++ if (WARN_ON(dev == WHITEOUT_DEV)) ++ return -EBUSY; ++ + error = kobj_map(cdev_map, dev, count, NULL, + exact_match, exact_lock, p); + if (error) +diff --git a/fs/namei.c b/fs/namei.c +index f9c46c7abd80..a5e907558b88 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -3690,12 +3690,14 @@ EXPORT_SYMBOL(user_path_create); + + int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) + { ++ bool is_whiteout = S_ISCHR(mode) && dev == WHITEOUT_DEV; + int error = may_create(dir, dentry); + + if (error) + return error; + +- if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD)) ++ if ((S_ISCHR(mode) || S_ISBLK(mode)) && !is_whiteout && ++ !capable(CAP_MKNOD)) + return -EPERM; + + if (!dir->i_op->mknod) +@@ -4530,9 +4532,6 @@ static int do_renameat2(int olddfd, const char __user *oldname, int newdfd, + (flags & RENAME_EXCHANGE)) + return -EINVAL; + +- if ((flags & RENAME_WHITEOUT) && !capable(CAP_MKNOD)) +- return -EPERM; +- + if (flags & RENAME_EXCHANGE) + target_flags = 0; + +@@ -4668,20 +4667,6 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna + return do_renameat2(AT_FDCWD, oldname, AT_FDCWD, newname, 0); + } + +-int vfs_whiteout(struct inode *dir, struct dentry *dentry) +-{ +- int error = may_create(dir, dentry); +- if (error) +- return error; +- +- if (!dir->i_op->mknod) +- return -EPERM; +- +- return dir->i_op->mknod(dir, dentry, +- S_IFCHR | WHITEOUT_MODE, WHITEOUT_DEV); +-} +-EXPORT_SYMBOL(vfs_whiteout); +- + int readlink_copy(char __user *buffer, int buflen, const char *link) + { + int len = PTR_ERR(link); +diff --git a/include/linux/device_cgroup.h b/include/linux/device_cgroup.h +index 8557efe096dc..fc989487c273 100644 +--- a/include/linux/device_cgroup.h ++++ b/include/linux/device_cgroup.h +@@ -62,6 +62,9 @@ static inline int devcgroup_inode_mknod(int mode, dev_t dev) + if (!S_ISBLK(mode) && !S_ISCHR(mode)) + return 0; + ++ if (S_ISCHR(mode) && dev == WHITEOUT_DEV) ++ return 0; ++ + if (S_ISBLK(mode)) + type = DEVCG_DEV_BLOCK; + else +diff --git a/include/linux/fs.h b/include/linux/fs.h +index 2bd06577c02a..fc22bade5b21 100644 +--- a/include/linux/fs.h ++++ b/include/linux/fs.h +@@ -1719,7 +1719,11 @@ extern int vfs_link(struct dentry *, struct inode *, struct dentry *, struct ino + extern int vfs_rmdir(struct inode *, struct dentry *); + extern int vfs_unlink(struct inode *, struct dentry *, struct inode **); + extern int vfs_rename(struct inode *, struct dentry *, struct inode *, struct dentry *, struct inode **, unsigned int); +-extern int vfs_whiteout(struct inode *, struct dentry *); ++ ++static inline int vfs_whiteout(struct inode *dir, struct dentry *dentry) ++{ ++ return vfs_mknod(dir, dentry, S_IFCHR | WHITEOUT_MODE, WHITEOUT_DEV); ++} + + extern struct dentry *vfs_tmpfile(struct dentry *dentry, umode_t mode, + int open_flag); diff --git a/debian/patches/pve/0008-SUNRPC-Fix-READ_PLUS-crasher.patch b/debian/patches/pve/0008-SUNRPC-Fix-READ_PLUS-crasher.patch new file mode 100644 index 0000000..dee3d73 --- /dev/null +++ b/debian/patches/pve/0008-SUNRPC-Fix-READ_PLUS-crasher.patch @@ -0,0 +1,35 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chuck Lever +Date: Thu, 30 Jun 2022 16:48:18 -0400 +Subject: [PATCH] SUNRPC: Fix READ_PLUS crasher + +commit a23dd544debcda4ee4a549ec7de59e85c3c8345c upstream. + +Looks like there are still cases when "space_left - frag1bytes" can +legitimately exceed PAGE_SIZE. Ensure that xdr->end always remains +within the current encode buffer. + +Reported-by: Bruce Fields +Reported-by: Zorro Lang +Link: https://bugzilla.kernel.org/show_bug.cgi?id=216151 +Fixes: 6c254bf3b637 ("SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()") +Signed-off-by: Chuck Lever +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Thomas Lamprecht +--- + net/sunrpc/xdr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c +index cb8740d15633..daa4165f1179 100644 +--- a/net/sunrpc/xdr.c ++++ b/net/sunrpc/xdr.c +@@ -608,7 +608,7 @@ static __be32 *xdr_get_next_encode_buffer(struct xdr_stream *xdr, + */ + xdr->p = (void *)p + frag2bytes; + space_left = xdr->buf->buflen - xdr->buf->len; +- if (space_left - nbytes >= PAGE_SIZE) ++ if (space_left - frag1bytes >= PAGE_SIZE) + xdr->end = (void *)p + PAGE_SIZE; + else + xdr->end = (void *)p + space_left - frag1bytes; diff --git a/debian/patches/pve/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch b/debian/patches/pve/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch deleted file mode 100644 index 03b078c..0000000 --- a/debian/patches/pve/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch +++ /dev/null @@ -1,135 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Thomas Lamprecht -Date: Fri, 14 Jul 2023 18:10:32 +0200 -Subject: [PATCH] kvm: xsave set: mask-out PKRU bit in xfeatures if vCPU has no - support -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Fixes live-migrations & snapshot-rollback of VMs with a restricted -CPU type (e.g., qemu64) from our 5.15 based kernel (default Proxmox -VE 7.4) to the 6.2 (and future newer) of Proxmox VE 8.0. - -Previous to ad856280ddea ("x86/kvm/fpu: Limit guest user_xfeatures to -supported bits of XCR0") the PKRU bit of the host could leak into the -state from the guest, which caused trouble when migrating between -hosts with different CPUs, i.e., where the source supported it but -the target did not, causing a general protection fault when the guest -tried to use a pkru related instruction after the migration. - -But the fix, while welcome, caused a temporary out-of-sync state when -migrating such a VM from a kernel without the fix to a kernel with -the fix, as it threw of KVM when the CPUID of the guest and most of -the state doesn't report XSAVE and thus any xfeatures, but PKRU and -the related state is set as enabled, causing the vCPU to spin at 100% -without any progress forever. - -The fix could be at two sites, either in QEMU or in the kernel, I -choose the kernel as we have all the info there for a targeted -heuristic so that we don't have to adapt QEMU and qemu-server, the -latter even on both sides. - -Still, a short summary of the possible fixes and short drawbacks: -* on QEMU-side either - - clear the PKRU state in the migration saved state would be rather - complicated to implement as the vCPU is initialised way before we - have the saved xfeature state available to check what we'd need - to do, plus the user-space only gets a memory blob from ioctl - KVM_GET_XSAVE2 that it passes to KVM_SET_XSAVE ioctl, there are - no ABI guarantees, and while the struct seem stable for 5.15 to - 6.5-rc1, that doesn't has to be for future kernels, so off the - table. - - enforce that the CPUID reports PKU support even if it normally - wouldn't. While this works (tested by hard-coding it as POC) it - is a) not really nice and b) needs some interaction from - qemu-server to enable this flag as otherwise we have no good info - to decide when it's OK to do this, which means we need to adapt - both PVE 7 and 8's qemu-server and also pve-qemu, workable but - not optimal - -* on Kernel/KVM-side we can hook into the set XSAVE ioctl specific to - the KVM subsystem, which already reduces chance of regression for - all other places. There we have access to the union/struct - definitions of the saved state and thus can savely cast to that. - We also got access to the vCPU's CPUID capabilities, meaning we can - check if the XCR0 (first XSAVE Control Register) reports - that it support the PKRU feature, and if it does *NOT* but the - saved xfeatures register from XSAVE *DOES* report it, we can safely - assume that this combination is due to an migration from an older, - leaky kernel – and clear the bit in the xfeature register before - restoring it to the guest vCPU KVM state, avoiding the confusing - situation that made the vCPU spin at 100%. - This should be safe to do, as the guest vCPU CPUID never reported - support for the PKRU feature, and it's also a relatively niche and - newish feature. - -If it gains us something we can drop this patch a bit in the future -Proxmox VE 9 major release, but we should ensure that VMs that where -started before PVE 8 cannot be directly live-migrated to the release -that includes that change; so we should rather only drop it if the -maintenance burden is high. - -Signed-off-by: Thomas Lamprecht ---- - arch/x86/kvm/cpuid.c | 6 ++++++ - arch/x86/kvm/cpuid.h | 3 +++ - arch/x86/kvm/x86.c | 13 +++++++++++++ - 3 files changed, 22 insertions(+) - -diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c -index be2baf851ec7d63a2095247d828f390b9757f905..dc73965aa73b21d26b4cf039336da3ca38e89bc6 100644 ---- a/arch/x86/kvm/cpuid.c -+++ b/arch/x86/kvm/cpuid.c -@@ -290,6 +290,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent) - return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; - } - -+bool vcpu_supports_xsave_pkru(struct kvm_vcpu *vcpu) { -+ u64 guest_supported_xcr0 = cpuid_get_supported_xcr0( -+ vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent); -+ return (guest_supported_xcr0 & XFEATURE_MASK_PKRU) != 0; -+} -+ - static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *entries, - int nent) - { -diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h -index ad479cfb91bc7bc5d400d2c098536abb4d4babe5..e55eecb2f3646ff7ef63c107c5cc5481fabb8a51 100644 ---- a/arch/x86/kvm/cpuid.h -+++ b/arch/x86/kvm/cpuid.h -@@ -32,7 +32,10 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu, - bool kvm_cpuid(struct kvm_vcpu *vcpu, u32 *eax, u32 *ebx, - u32 *ecx, u32 *edx, bool exact_only); - -+bool vcpu_supports_xsave_pkru(struct kvm_vcpu *vcpu); -+ - void __init kvm_init_xstate_sizes(void); -+ - u32 xstate_required_size(u64 xstate_bv, bool compacted); - - int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu); -diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 3667ba359e63579eaff36fea92bf19a84e5df592..4d10fc1a9b4114d1e2edf133717f307043560263 100644 ---- a/arch/x86/kvm/x86.c -+++ b/arch/x86/kvm/x86.c -@@ -5633,6 +5633,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu, - if (fpstate_is_confidential(&vcpu->arch.guest_fpu)) - return vcpu->kvm->arch.has_protected_state ? -EINVAL : 0; - -+ if (!vcpu_supports_xsave_pkru(vcpu)) { -+ void *buf = guest_xsave->region; -+ union fpregs_state *ustate = buf; -+ if (ustate->xsave.header.xfeatures & XFEATURE_MASK_PKRU) { -+ printk( -+ KERN_NOTICE "clearing PKRU xfeature bit as vCPU from PID %d" -+ " reports no PKRU support - migration from fpu-leaky kernel?", -+ current->pid -+ ); -+ ustate->xsave.header.xfeatures &= ~XFEATURE_MASK_PKRU; -+ } -+ } -+ - return fpu_copy_uabi_to_guest_fpstate(&vcpu->arch.guest_fpu, - guest_xsave->region, - kvm_caps.supported_xcr0, diff --git a/debian/patches/pve/0009-NFSv4-pnfs-Fix-a-use-after-free-bug-in-open.patch b/debian/patches/pve/0009-NFSv4-pnfs-Fix-a-use-after-free-bug-in-open.patch new file mode 100644 index 0000000..acb8394 --- /dev/null +++ b/debian/patches/pve/0009-NFSv4-pnfs-Fix-a-use-after-free-bug-in-open.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Tue, 2 Aug 2022 15:48:50 -0400 +Subject: [PATCH] NFSv4/pnfs: Fix a use-after-free bug in open + +commit 2135e5d56278ffdb1c2e6d325dc6b87f669b9dac upstream. + +If someone cancels the open RPC call, then we must not try to free +either the open slot or the layoutget operation arguments, since they +are likely still in use by the hung RPC call. + +Fixes: 6949493884fe ("NFSv4: Don't hold the layoutget locks across multiple RPC calls") +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Thomas Lamprecht +--- + fs/nfs/nfs4proc.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c +index eee2d67d3ac9..831a16fec616 100644 +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -3041,12 +3041,13 @@ static int _nfs4_open_and_get_state(struct nfs4_opendata *opendata, + } + + out: +- if (opendata->lgp) { +- nfs4_lgopen_release(opendata->lgp); +- opendata->lgp = NULL; +- } +- if (!opendata->cancelled) ++ if (!opendata->cancelled) { ++ if (opendata->lgp) { ++ nfs4_lgopen_release(opendata->lgp); ++ opendata->lgp = NULL; ++ } + nfs4_sequence_free_slot(&opendata->o_res.seq_res); ++ } + return ret; + } + diff --git a/debian/patches/pve/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch b/debian/patches/pve/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch deleted file mode 100644 index eb9d96e..0000000 --- a/debian/patches/pve/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: kiler129 -Date: Mon, 18 Sep 2023 15:19:26 +0200 -Subject: [PATCH] allow opt-in to allow pass-through on broken hardware.. - -adapted from https://github.com/kiler129/relax-intel-rmrr , licensed under MIT or GPL 2.0+ - -Signed-off-by: Thomas Lamprecht ---- - drivers/iommu/intel/iommu.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c -index b857633622ea8550299554e211b84c48196bf902..5cb3b52b350c3d6bd627a29e6000ab10b58fd6e1 100644 ---- a/drivers/iommu/intel/iommu.c -+++ b/drivers/iommu/intel/iommu.c -@@ -228,6 +228,7 @@ EXPORT_SYMBOL_GPL(intel_iommu_enabled); - static int dmar_map_ipu = 1; - static int intel_iommu_superpage = 1; - static int iommu_identity_mapping; -+static int intel_relaxable_rmrr = 0; - static int iommu_skip_te_disable; - static int disable_igfx_iommu; - -@@ -290,6 +291,9 @@ static int __init intel_iommu_setup(char *str) - } else if (!strncmp(str, "tboot_noforce", 13)) { - pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n"); - intel_iommu_tboot_noforce = 1; -+ } else if (!strncmp(str, "relax_rmrr", 10)) { -+ pr_info("Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss\n"); -+ intel_relaxable_rmrr = 1; - } else { - pr_notice("Unknown option - '%s'\n", str); - } -@@ -2165,7 +2169,7 @@ static bool device_rmrr_is_relaxable(struct device *dev) - return false; - - pdev = to_pci_dev(dev); -- if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev)) -+ if (intel_relaxable_rmrr || IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev)) - return true; - else - return false; diff --git a/debian/patches/pve/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch b/debian/patches/pve/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch deleted file mode 100644 index 2c382c5..0000000 --- a/debian/patches/pve/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Sean Christopherson -Date: Wed, 18 Oct 2023 12:41:04 -0700 -Subject: [PATCH] KVM: nSVM: Advertise support for flush-by-ASID - -Advertise support for FLUSHBYASID when nested SVM is enabled, as KVM can -always emulate flushing TLB entries for a vmcb12 ASID, e.g. by running L2 -with a new, fresh ASID in vmcb02. Some modern hypervisors, e.g. VMWare -Workstation 17, require FLUSHBYASID support and will refuse to run if it's -not present. - -Punt on proper support, as "Honor L1's request to flush an ASID on nested -VMRUN" is one of the TODO items in the (incomplete) list of issues that -need to be addressed in order for KVM to NOT do a full TLB flush on every -nested SVM transition (see nested_svm_transition_tlb_flush()). - -Reported-by: Stefan Sterz -Closes: https://lkml.kernel.org/r/b9915c9c-4cf6-051a-2d91-44cc6380f455%40proxmox.com -Signed-off-by: Sean Christopherson -Signed-off-by: Stefan Sterz -Signed-off-by: Thomas Lamprecht ---- - arch/x86/kvm/svm/svm.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c -index 22513133925e0ca5a889ae6105a829af3957778c..1435e5b0a7f604bd0146b7feb5dd06a4516925a1 100644 ---- a/arch/x86/kvm/svm/svm.c -+++ b/arch/x86/kvm/svm/svm.c -@@ -5176,6 +5176,7 @@ static __init void svm_set_cpu_caps(void) - if (nested) { - kvm_cpu_cap_set(X86_FEATURE_SVM); - kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN); -+ kvm_cpu_cap_set(X86_FEATURE_FLUSHBYASID); - - /* - * KVM currently flushes TLBs on *every* nested SVM transition, diff --git a/debian/patches/pve/0010-scsi-Revert-scsi-qla2xxx-Fix-disk-failure-to-redisco.patch b/debian/patches/pve/0010-scsi-Revert-scsi-qla2xxx-Fix-disk-failure-to-redisco.patch new file mode 100644 index 0000000..046924c --- /dev/null +++ b/debian/patches/pve/0010-scsi-Revert-scsi-qla2xxx-Fix-disk-failure-to-redisco.patch @@ -0,0 +1,70 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Nilesh Javali +Date: Tue, 12 Jul 2022 22:20:36 -0700 +Subject: [PATCH] scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" + +commit 5bc7b01c513a4a9b4cfe306e8d1720cfcfd3b8a3 upstream. + +This fixes the regression of NVMe discovery failure during driver load +time. + +This reverts commit 6a45c8e137d4e2c72eecf1ac7cf64f2fdfcead99. + +Link: https://lore.kernel.org/r/20220713052045.10683-2-njavali@marvell.com +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Thomas Lamprecht +--- + drivers/scsi/qla2xxx/qla_init.c | 5 ++--- + drivers/scsi/qla2xxx/qla_nvme.c | 5 ----- + 2 files changed, 2 insertions(+), 8 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c +index 1800eb0aad1c..c662c8af6cc1 100644 +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -5422,8 +5422,6 @@ qla2x00_reg_remote_port(scsi_qla_host_t *vha, fc_port_t *fcport) + if (atomic_read(&fcport->state) == FCS_ONLINE) + return; + +- qla2x00_set_fcport_state(fcport, FCS_ONLINE); +- + rport_ids.node_name = wwn_to_u64(fcport->node_name); + rport_ids.port_name = wwn_to_u64(fcport->port_name); + rport_ids.port_id = fcport->d_id.b.domain << 16 | +@@ -5519,7 +5517,6 @@ qla2x00_update_fcport(scsi_qla_host_t *vha, fc_port_t *fcport) + qla2x00_reg_remote_port(vha, fcport); + break; + case MODE_TARGET: +- qla2x00_set_fcport_state(fcport, FCS_ONLINE); + if (!vha->vha_tgt.qla_tgt->tgt_stop && + !vha->vha_tgt.qla_tgt->tgt_stopped) + qlt_fc_port_added(vha, fcport); +@@ -5534,6 +5531,8 @@ qla2x00_update_fcport(scsi_qla_host_t *vha, fc_port_t *fcport) + break; + } + ++ qla2x00_set_fcport_state(fcport, FCS_ONLINE); ++ + if (IS_IIDMA_CAPABLE(vha->hw) && vha->hw->flags.gpsc_supported) { + if (fcport->id_changed) { + fcport->id_changed = 0; +diff --git a/drivers/scsi/qla2xxx/qla_nvme.c b/drivers/scsi/qla2xxx/qla_nvme.c +index a15af048cd82..f0de7089e9ae 100644 +--- a/drivers/scsi/qla2xxx/qla_nvme.c ++++ b/drivers/scsi/qla2xxx/qla_nvme.c +@@ -36,11 +36,6 @@ int qla_nvme_register_remote(struct scsi_qla_host *vha, struct fc_port *fcport) + (fcport->nvme_flag & NVME_FLAG_REGISTERED)) + return 0; + +- if (atomic_read(&fcport->state) == FCS_ONLINE) +- return 0; +- +- qla2x00_set_fcport_state(fcport, FCS_ONLINE); +- + fcport->nvme_flag &= ~NVME_FLAG_RESETTING; + + memset(&req, 0, sizeof(struct nvme_fc_port_info)); diff --git a/debian/patches/pve/0011-ext4-recover-csum-seed-of-tmp_inode-after-migrating-.patch b/debian/patches/pve/0011-ext4-recover-csum-seed-of-tmp_inode-after-migrating-.patch new file mode 100644 index 0000000..9c2eefa --- /dev/null +++ b/debian/patches/pve/0011-ext4-recover-csum-seed-of-tmp_inode-after-migrating-.patch @@ -0,0 +1,73 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Li Lingfeng +Date: Fri, 17 Jun 2022 14:25:15 +0800 +Subject: [PATCH] ext4: recover csum seed of tmp_inode after migrating to + extents + +[ Upstream commit 07ea7a617d6b278fb7acedb5cbe1a81ce2de7d0c ] + +When migrating to extents, the checksum seed of temporary inode +need to be replaced by inode's, otherwise the inode checksums +will be incorrect when swapping the inodes data. + +However, the temporary inode can not match it's checksum to +itself since it has lost it's own checksum seed. + +mkfs.ext4 -F /dev/sdc +mount /dev/sdc /mnt/sdc +xfs_io -fc "pwrite 4k 4k" -c "fsync" /mnt/sdc/testfile +chattr -e /mnt/sdc/testfile +chattr +e /mnt/sdc/testfile +umount /dev/sdc +fsck -fn /dev/sdc + +======== +... +Pass 1: Checking inodes, blocks, and sizes +Inode 13 passes checks, but checksum does not match inode. Fix? no +... +======== + +The fix is simple, save the checksum seed of temporary inode, and +recover it after migrating to extents. + +Fixes: e81c9302a6c3 ("ext4: set csum seed in tmp inode while migrating to extents") +Signed-off-by: Li Lingfeng +Reviewed-by: Jan Kara +Link: https://lore.kernel.org/r/20220617062515.2113438-1-lilingfeng3@huawei.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Sasha Levin +Signed-off-by: Thomas Lamprecht +--- + fs/ext4/migrate.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/fs/ext4/migrate.c b/fs/ext4/migrate.c +index c5b2ea1a9372..1faa8e4ffb9d 100644 +--- a/fs/ext4/migrate.c ++++ b/fs/ext4/migrate.c +@@ -435,7 +435,7 @@ int ext4_ext_migrate(struct inode *inode) + struct inode *tmp_inode = NULL; + struct migrate_struct lb; + unsigned long max_entries; +- __u32 goal; ++ __u32 goal, tmp_csum_seed; + uid_t owner[2]; + + /* +@@ -483,6 +483,7 @@ int ext4_ext_migrate(struct inode *inode) + * the migration. + */ + ei = EXT4_I(inode); ++ tmp_csum_seed = EXT4_I(tmp_inode)->i_csum_seed; + EXT4_I(tmp_inode)->i_csum_seed = ei->i_csum_seed; + i_size_write(tmp_inode, i_size_read(inode)); + /* +@@ -593,6 +594,7 @@ int ext4_ext_migrate(struct inode *inode) + * the inode is not visible to user space. + */ + tmp_inode->i_blocks = 0; ++ EXT4_I(tmp_inode)->i_csum_seed = tmp_csum_seed; + + /* Reset the extent details */ + ext4_ext_tree_init(handle, tmp_inode); diff --git a/debian/patches/pve/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch b/debian/patches/pve/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch deleted file mode 100644 index ecb8185..0000000 --- a/debian/patches/pve/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Thomas Lamprecht -Date: Mon, 6 Nov 2023 10:17:02 +0100 -Subject: [PATCH] revert "memfd: improve userspace warnings for missing - exec-related flags". - -This warning is telling userspace developers to pass MFD_EXEC and -MFD_NOEXEC_SEAL to memfd_create(). Commit 434ed3350f57 ("memfd: improve -userspace warnings for missing exec-related flags") made the warning more -frequent and visible in the hope that this would accelerate the fixing of -errant userspace. - -But the overall effect is to generate far too much dmesg noise. - -Fixes: 434ed3350f57 ("memfd: improve userspace warnings for missing exec-related flags") -Reported-by: Damian Tometzki -Closes: https://lkml.kernel.org/r/ZPFzCSIgZ4QuHsSC@fedora.fritz.box -Cc: Aleksa Sarai -Cc: Christian Brauner -Cc: Daniel Verkamp -Cc: Jeff Xu -Cc: Kees Cook -Cc: Shuah Khan -Cc: -Signed-off-by: Andrew Morton - (cherry picked from commit 2562d67b1bdf91c7395b0225d60fdeb26b4bc5a0) -Signed-off-by: Thomas Lamprecht ---- - mm/memfd.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/mm/memfd.c b/mm/memfd.c -index c17c3ea701a17e9f3a652e77ba60ca9c58b0ca8e..63340d874f1e4aa139b3cce8e4fffcffc0106884 100644 ---- a/mm/memfd.c -+++ b/mm/memfd.c -@@ -318,7 +318,7 @@ static int check_sysctl_memfd_noexec(unsigned int *flags) - } - - if (!(*flags & MFD_NOEXEC_SEAL) && sysctl >= MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED) { -- pr_err_ratelimited( -+ pr_warn_once( - "%s[%d]: memfd_create() requires MFD_NOEXEC_SEAL with vm.memfd_noexec=%d\n", - current->comm, task_pid_nr(current), sysctl); - return -EACCES; diff --git a/debian/patches/pve/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch b/debian/patches/pve/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch deleted file mode 100644 index 36d67f1..0000000 --- a/debian/patches/pve/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Wolfgang Bumiller -Date: Wed, 10 Apr 2024 13:21:59 +0200 -Subject: [PATCH] apparmor: expect msg_namelen=0 for recvmsg calls - -When coming from sys_recvmsg, msg->msg_namelen is explicitly set to -zero early on. (see ____sys_recvmsg in net/socket.c) -We still end up in 'map_addr' where the assumption is that addr != -NULL means addrlen has a valid size. - -This is likely not a final fix, it was suggested by jjohansen on irc -to get things going until this is resolved properly. - -Signed-off-by: Wolfgang Bumiller ---- - security/apparmor/af_inet.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/security/apparmor/af_inet.c b/security/apparmor/af_inet.c -index 57b710054a76582346f37671843f3f8d6e99331c..35f905d9b960f62fa2ecb80b5c1a8e9edecd9b5d 100644 ---- a/security/apparmor/af_inet.c -+++ b/security/apparmor/af_inet.c -@@ -766,7 +766,7 @@ int aa_inet_msg_perm(const char *op, u32 request, struct socket *sock, - /* do we need early bailout for !family ... */ - return sk_has_perm2(sock->sk, op, request, profile, ad, - map_sock_addr(sock, ADDR_LOCAL, &laddr, &ad), -- map_addr(msg->msg_name, msg->msg_namelen, 0, -+ map_addr(msg->msg_namelen == 0 ? NULL : msg->msg_name, msg->msg_namelen, 0, - ADDR_REMOTE, &raddr, &ad), - profile_remote_perm(profile, sock->sk, request, - &raddr, &laddr.maddr, &ad)); diff --git a/debian/patches/pve/0012-drm-i915-gt-Serialize-TLB-invalidates-with-GT-resets.patch b/debian/patches/pve/0012-drm-i915-gt-Serialize-TLB-invalidates-with-GT-resets.patch new file mode 100644 index 0000000..a8b431e --- /dev/null +++ b/debian/patches/pve/0012-drm-i915-gt-Serialize-TLB-invalidates-with-GT-resets.patch @@ -0,0 +1,72 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Wilson +Date: Tue, 12 Jul 2022 16:21:33 +0100 +Subject: [PATCH] drm/i915/gt: Serialize TLB invalidates with GT resets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +[ Upstream commit a1c5a7bf79c1faa5633b918b5c0666545e84c4d1 ] + +Avoid trying to invalidate the TLB in the middle of performing an +engine reset, as this may result in the reset timing out. Currently, +the TLB invalidate is only serialised by its own mutex, forgoing the +uncore lock, but we can take the uncore->lock as well to serialise +the mmio access, thereby serialising with the GDRST. + +Tested on a NUC5i7RYB, BIOS RYBDWi35.86A.0380.2019.0517.1530 with +i915 selftest/hangcheck. + +Cc: stable@vger.kernel.org # v4.4 and upper +Fixes: 7938d61591d3 ("drm/i915: Flush TLBs before releasing backing store") +Reported-by: Mauro Carvalho Chehab +Tested-by: Mauro Carvalho Chehab +Reviewed-by: Mauro Carvalho Chehab +Signed-off-by: Chris Wilson +Cc: Tvrtko Ursulin +Reviewed-by: Andi Shyti +Acked-by: Thomas Hellström +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Rodrigo Vivi +Link: https://patchwork.freedesktop.org/patch/msgid/1e59a7c45dd919a530256b9ac721ac6ea86c0677.1657639152.git.mchehab@kernel.org +(cherry picked from commit 33da97894758737895e90c909f16786052680ef4) +Signed-off-by: Rodrigo Vivi +Signed-off-by: Sasha Levin +Signed-off-by: Thomas Lamprecht +--- + drivers/gpu/drm/i915/gt/intel_gt.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/i915/gt/intel_gt.c b/drivers/gpu/drm/i915/gt/intel_gt.c +index c8c070375d29..f6d7f5d307d7 100644 +--- a/drivers/gpu/drm/i915/gt/intel_gt.c ++++ b/drivers/gpu/drm/i915/gt/intel_gt.c +@@ -339,6 +339,20 @@ void intel_gt_invalidate_tlbs(struct intel_gt *gt) + mutex_lock(>->tlb_invalidate_lock); + intel_uncore_forcewake_get(uncore, FORCEWAKE_ALL); + ++ spin_lock_irq(&uncore->lock); /* serialise invalidate with GT reset */ ++ ++ for_each_engine(engine, gt, id) { ++ struct reg_and_bit rb; ++ ++ rb = get_reg_and_bit(engine, regs == gen8_regs, regs, num); ++ if (!i915_mmio_reg_offset(rb.reg)) ++ continue; ++ ++ intel_uncore_write_fw(uncore, rb.reg, rb.bit); ++ } ++ ++ spin_unlock_irq(&uncore->lock); ++ + for_each_engine(engine, gt, id) { + /* + * HW architecture suggest typical invalidation time at 40us, +@@ -353,7 +367,6 @@ void intel_gt_invalidate_tlbs(struct intel_gt *gt) + if (!i915_mmio_reg_offset(rb.reg)) + continue; + +- intel_uncore_write_fw(uncore, rb.reg, rb.bit); + if (__intel_wait_for_register_fw(uncore, + rb.reg, rb.bit, 0, + timeout_us, timeout_ms, diff --git a/debian/patches/pve/0013-netfs-reset-subreq-iov-iter-before-tail-clean.patch b/debian/patches/pve/0013-netfs-reset-subreq-iov-iter-before-tail-clean.patch deleted file mode 100644 index d8003f9..0000000 --- a/debian/patches/pve/0013-netfs-reset-subreq-iov-iter-before-tail-clean.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Christian Ebner -Date: Wed, 2 Oct 2024 15:24:31 +0200 -Subject: [PATCH] netfs: reset subreq iov iter before tail clean - -Make sure the iter is at the correct location when cleaning up tail -bytes for incomplete read subrequests. - -Fixes: 92b6cc5d ("netfs: Add iov_iters to (sub)requests to describe various buffers") -Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219237 - -Signed-off-by: Christian Ebner ---- - fs/netfs/io.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/fs/netfs/io.c b/fs/netfs/io.c -index d6ada4eba74455aad26273a63247356a3910dc4e..500119285346be28a87698dd6ac66b5e276a6c66 100644 ---- a/fs/netfs/io.c -+++ b/fs/netfs/io.c -@@ -528,6 +528,7 @@ void netfs_subreq_terminated(struct netfs_io_subrequest *subreq, - - incomplete: - if (test_bit(NETFS_SREQ_CLEAR_TAIL, &subreq->flags)) { -+ netfs_reset_subreq_iter(rreq, subreq); - netfs_clear_unread(subreq); - subreq->transferred = subreq->len; - goto complete; diff --git a/debian/patches/pve/0014-Revert-UBUNTU-SAUCE-iommu-intel-disable-DMAR-for-SKL.patch b/debian/patches/pve/0014-Revert-UBUNTU-SAUCE-iommu-intel-disable-DMAR-for-SKL.patch deleted file mode 100644 index 24ab26d..0000000 --- a/debian/patches/pve/0014-Revert-UBUNTU-SAUCE-iommu-intel-disable-DMAR-for-SKL.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Stoiko Ivanov -Date: Mon, 25 Nov 2024 11:10:35 +0100 -Subject: [PATCH] Revert "UBUNTU: SAUCE: iommu/intel: disable DMAR for SKL - integrated gfx" - -Some of our users use the iGPU for PCI-passthrough on those -platforms, which seems broken with this commit added. -https://forum.proxmox.com/threads/.157266 - -This reverts both, commit b310f5f58c83 ("UBUNTU: SAUCE: iommu/intel: -disable DMAR for SKL integrated gfx") and also commit 252bf1619fd5 -("UBUNTU: SAUCE: iommu/intel: disable DMAR for KBL and CML integrated -gfx"). ---- - drivers/iommu/intel/iommu.c | 68 ------------------------------------- - 1 file changed, 68 deletions(-) - -diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c -index 5cb3b52b350c3d6bd627a29e6000ab10b58fd6e1..9d2de5cdaeaf5f19d7fea14a21b018033e275ac7 100644 ---- a/drivers/iommu/intel/iommu.c -+++ b/drivers/iommu/intel/iommu.c -@@ -4780,74 +4780,6 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x1632, quirk_iommu_igfx); - DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x163A, quirk_iommu_igfx); - DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x163D, quirk_iommu_igfx); - --/* SKL */ --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x1906, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x1913, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x190E, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x1915, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x1902, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x190A, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x190B, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x1917, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x1916, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x1921, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x191E, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x1912, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x191A, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x191B, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x191D, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x1923, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x1926, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x1927, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x192A, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x192B, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x192D, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x1932, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x193A, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x193B, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x193D, quirk_iommu_igfx); -- --/* KBL */ --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x5902, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x5906, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x5908, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x590A, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x590B, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x590E, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x5912, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x5913, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x5915, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x5916, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x5917, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x591A, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x591B, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x591D, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x591E, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x5921, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x5923, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x5926, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x5927, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x593B, quirk_iommu_igfx); -- --/* CML */ --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9B21, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9BA2, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9BA4, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9BA5, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9BA8, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9BAA, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9BAC, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9BC2, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9BC4, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9BC5, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9BC6, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9BC8, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9BE6, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9BF6, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9B41, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9BCA, quirk_iommu_igfx); --DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9BCC, quirk_iommu_igfx); -- - /* disable IPU dmar support */ - DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_ANY_ID, quirk_iommu_ipu); - diff --git a/debian/patches/pve/0015-x86-mm-Don-t-disable-PCID-when-INVLPG-has-been-fixed.patch b/debian/patches/pve/0015-x86-mm-Don-t-disable-PCID-when-INVLPG-has-been-fixed.patch deleted file mode 100644 index 320714f..0000000 --- a/debian/patches/pve/0015-x86-mm-Don-t-disable-PCID-when-INVLPG-has-been-fixed.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Xi Ruoyao -Date: Wed, 22 May 2024 10:06:24 +0800 -Subject: [PATCH] x86/mm: Don't disable PCID when INVLPG has been fixed by - microcode - -Per the "Processor Specification Update" documentations referred by -the intel-microcode-20240312 release note, this microcode release has -fixed the issue for all affected models. - -So don't disable PCID if the microcode is new enough. The precise -minimum microcode revision fixing the issue was provided by Pawan -Intel. - -[ dhansen: comment and changelog tweaks ] - -Signed-off-by: Xi Ruoyao -Signed-off-by: Dave Hansen -Acked-by: Pawan Gupta -Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@tip-bot2/ -Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 -Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13 -Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24 -Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/ -Link: https://lore.kernel.org/all/20240522020625.69418-1-xry111%40xry111.site - (cherry-picked from f24f669d03f884a6ef95cca84317d0f329e93961) -Signed-off-by: Thomas Lamprecht ---- - arch/x86/mm/init.c | 23 ++++++++++++++--------- - 1 file changed, 14 insertions(+), 9 deletions(-) - -diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index eb503f53c3195ca4f299593c0112dab0fb09e7dd..101725c149c4294f22e337845e01c82dfe71cde5 100644 ---- a/arch/x86/mm/init.c -+++ b/arch/x86/mm/init.c -@@ -263,28 +263,33 @@ static void __init probe_page_size_mask(void) - } - - /* -- * INVLPG may not properly flush Global entries -- * on these CPUs when PCIDs are enabled. -+ * INVLPG may not properly flush Global entries on -+ * these CPUs. New microcode fixes the issue. - */ - static const struct x86_cpu_id invlpg_miss_ids[] = { -- X86_MATCH_VFM(INTEL_ALDERLAKE, 0), -- X86_MATCH_VFM(INTEL_ALDERLAKE_L, 0), -- X86_MATCH_VFM(INTEL_ATOM_GRACEMONT, 0), -- X86_MATCH_VFM(INTEL_RAPTORLAKE, 0), -- X86_MATCH_VFM(INTEL_RAPTORLAKE_P, 0), -- X86_MATCH_VFM(INTEL_RAPTORLAKE_S, 0), -+ X86_MATCH_VFM(INTEL_ALDERLAKE, 0x2e), -+ X86_MATCH_VFM(INTEL_ALDERLAKE_L, 0x42c), -+ X86_MATCH_VFM(INTEL_ATOM_GRACEMONT, 0x11), -+ X86_MATCH_VFM(INTEL_RAPTORLAKE, 0x118), -+ X86_MATCH_VFM(INTEL_RAPTORLAKE_P, 0x4117), -+ X86_MATCH_VFM(INTEL_RAPTORLAKE_S, 0x2e), - {} - }; - - static void setup_pcid(void) - { -+ const struct x86_cpu_id *invlpg_miss_match; -+ - if (!IS_ENABLED(CONFIG_X86_64)) - return; - - if (!boot_cpu_has(X86_FEATURE_PCID)) - return; - -- if (x86_match_cpu(invlpg_miss_ids)) { -+ invlpg_miss_match = x86_match_cpu(invlpg_miss_ids); -+ -+ if (invlpg_miss_match && -+ boot_cpu_data.microcode < invlpg_miss_match->driver_data) { - pr_info("Incomplete global flushes, disabling PCID"); - setup_clear_cpu_cap(X86_FEATURE_PCID); - return; diff --git a/debian/patches/series.linux b/debian/patches/series.linux index d038dea..6bd20ed 100644 --- a/debian/patches/series.linux +++ b/debian/patches/series.linux @@ -1,15 +1,12 @@ pve/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch -pve/0002-wireless-Add-Debian-wireless-regdb-certificates.patch -pve/0003-bridge-keep-MAC-of-first-assigned-port.patch -pve/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch -pve/0005-kvm-disable-default-dynamic-halt-polling-growth.patch +pve/0002-bridge-keep-MAC-of-first-assigned-port.patch +pve/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch +pve/0004-kvm-disable-default-dynamic-halt-polling-growth.patch +pve/0005-Revert-KVM-VMX-enable-nested-virtualization-by-defau.patch pve/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch -pve/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch -pve/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch -pve/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch -pve/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch -pve/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch -pve/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch -pve/0013-netfs-reset-subreq-iov-iter-before-tail-clean.patch -pve/0014-Revert-UBUNTU-SAUCE-iommu-intel-disable-DMAR-for-SKL.patch -pve/0015-x86-mm-Don-t-disable-PCID-when-INVLPG-has-been-fixed.patch +pve/0007-vfs-allow-unprivileged-whiteout-creation.patch +pve/0008-SUNRPC-Fix-READ_PLUS-crasher.patch +pve/0009-NFSv4-pnfs-Fix-a-use-after-free-bug-in-open.patch +pve/0010-scsi-Revert-scsi-qla2xxx-Fix-disk-failure-to-redisco.patch +pve/0011-ext4-recover-csum-seed-of-tmp_inode-after-migrating-.patch +pve/0012-drm-i915-gt-Serialize-TLB-invalidates-with-GT-resets.patch