From ead7b47f4741faa5f38b0762e06116ca6e2fc104 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Oct 2024 07:54:47 -0400 Subject: [PATCH] Update patches --- ...-accept-an-alternate-timestamp-strin.patch | 2 +- ...ides-for-missing-ACS-capabilities-4..patch | 24 ++- ...-default-dynamic-halt-polling-growth.patch | 2 +- ...de-unregister_netdevice-refcount-lea.patch | 4 +- ...fortify-Do-not-cast-to-unsigned-char.patch | 2 +- ...sk-out-PKRU-bit-in-xfeatures-if-vCPU.patch | 10 +- ...allow-pass-through-on-broken-hardwar.patch | 8 +- ...Advertise-support-for-flush-by-ASID.patch} | 8 +- ...k-for-reserved-encodings-of-TLB_CONT.patch | 57 ------- ...ove-userspace-warnings-for-missing-.patch} | 2 +- ...pect-msg_namelen-0-for-recvmsg-calls.patch | 31 ++++ ...UCE-ceph-make-sure-all-the-files-suc.patch | 55 ------- ...-Improve-the-erratum-1386-workaround.patch | 79 ++++++++++ ...ix-pagecache-leak-when-do-writepages.patch | 108 +++++++++++++ ...N-array-index-out-of-bounds-for-SMU7.patch | 63 -------- ...N-array-index-out-of-bounds-for-Pola.patch | 76 --------- ...pu-pm-Don-t-use-OD-table-on-Arcturus.patch | 69 +++++++++ ...6-SUNRPC-Fix-backchannel-reply-again.patch | 58 +++++++ ...N-array-index-out-of-bounds-for-Powe.patch | 146 ------------------ ...missing-verification-for-short-frame.patch | 52 +++++++ ...missing-verification-for-short-frame.patch | 51 ++++++ ...ix-possible-NULL-pointer-dereference.patch | 101 ++++++++++++ ...n-Power-Indicator-bits-for-userspace.patch | 54 +++++++ debian/patches/series.linux | 18 ++- 24 files changed, 655 insertions(+), 425 deletions(-) rename debian/patches/pve/{0011-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch => 0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch} (89%) delete mode 100644 debian/patches/pve/0010-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch rename debian/patches/pve/{0012-revert-memfd-improve-userspace-warnings-for-missing-.patch => 0011-revert-memfd-improve-userspace-warnings-for-missing-.patch} (97%) create mode 100644 debian/patches/pve/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch delete mode 100644 debian/patches/pve/0013-Revert-UBUNTU-SAUCE-ceph-make-sure-all-the-files-suc.patch create mode 100644 debian/patches/pve/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch create mode 100644 debian/patches/pve/0014-cifs-fix-pagecache-leak-when-do-writepages.patch delete mode 100644 debian/patches/pve/0014-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch delete mode 100644 debian/patches/pve/0015-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch create mode 100644 debian/patches/pve/0015-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch create mode 100644 debian/patches/pve/0016-SUNRPC-Fix-backchannel-reply-again.patch delete mode 100644 debian/patches/pve/0016-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Powe.patch create mode 100644 debian/patches/pve/0017-tap-add-missing-verification-for-short-frame.patch create mode 100644 debian/patches/pve/0018-tun-add-missing-verification-for-short-frame.patch create mode 100644 debian/patches/pve/0019-apparmor-fix-possible-NULL-pointer-dereference.patch create mode 100644 debian/patches/pve/0020-PCI-pciehp-Retain-Power-Indicator-bits-for-userspace.patch diff --git a/debian/patches/pve/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch b/debian/patches/pve/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch index 1cdc5ee..93dba9f 100644 --- a/debian/patches/pve/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch +++ b/debian/patches/pve/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch @@ -21,7 +21,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/init/Makefile b/init/Makefile -index ec557ada3c12..72095034f338 100644 +index cbac576c57d6..479b1253fcbe 100644 --- a/init/Makefile +++ b/init/Makefile @@ -29,7 +29,7 @@ preempt-flag-$(CONFIG_PREEMPT_DYNAMIC) := PREEMPT_DYNAMIC diff --git a/debian/patches/pve/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch b/debian/patches/pve/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch index 9f69362..0ff2916 100644 --- a/debian/patches/pve/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch +++ b/debian/patches/pve/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch @@ -54,8 +54,28 @@ Signed-off-by: Thomas Lamprecht drivers/pci/quirks.c | 102 ++++++++++++++++++ 2 files changed, 111 insertions(+) +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index e58f3bbb7643..d574123d82bd 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -4403,6 +4403,15 @@ + Also, it enforces the PCI Local Bus spec + rule that those bits should be 0 in system reset + events (useful for kexec/kdump cases). ++ pci_acs_override = ++ [PCIE] Override missing PCIe ACS support for: ++ downstream ++ All downstream ports - full ACS capabilities ++ multifunction ++ Add multifunction devices - multifunction ACS subset ++ id:nnnn:nnnn ++ Specific device - full ACS capabilities ++ Specified as vid:did (vendor/device ID) in hex + noioapicquirk [APIC] Disable all boot interrupt quirks. + Safety option to keep boot IRQs enabled. This + should never be necessary. diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c -index 139df46ed306..08450329f1a3 100644 +index ce469d84ebae..4f163ef55e7b 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -287,6 +287,106 @@ static int __init pci_apply_final_quirks(void) @@ -165,7 +185,7 @@ index 139df46ed306..08450329f1a3 100644 /* * Decoding should be disabled for a PCI device during BAR sizing to avoid * conflict. But doing so may cause problems on host bridge and perhaps other -@@ -5071,6 +5171,8 @@ static const struct pci_dev_acs_enabled { +@@ -5100,6 +5200,8 @@ static const struct pci_dev_acs_enabled { { PCI_VENDOR_ID_CAVIUM, 0xA060, pci_quirk_mf_endpoint_acs }, /* APM X-Gene */ { PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs }, diff --git a/debian/patches/pve/0005-kvm-disable-default-dynamic-halt-polling-growth.patch b/debian/patches/pve/0005-kvm-disable-default-dynamic-halt-polling-growth.patch index 4bc4bd3..8d590eb 100644 --- a/debian/patches/pve/0005-kvm-disable-default-dynamic-halt-polling-growth.patch +++ b/debian/patches/pve/0005-kvm-disable-default-dynamic-halt-polling-growth.patch @@ -13,7 +13,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 5bbb5612b207..691ce10e7647 100644 +index 6a56de7ff82e..96bd40a73e0e 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -82,7 +82,7 @@ module_param(halt_poll_ns, uint, 0644); diff --git a/debian/patches/pve/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch b/debian/patches/pve/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch index 2d16ecb..50b02ce 100644 --- a/debian/patches/pve/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch +++ b/debian/patches/pve/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch @@ -14,10 +14,10 @@ Signed-off-by: Fabian Grünbichler 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/dev.c b/net/core/dev.c -index fe8c46c46505..db9ce84f2006 100644 +index a32811aebde5..15078ab81ec8 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -10298,7 +10298,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list) +@@ -10471,7 +10471,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list) if (time_after(jiffies, warning_time + READ_ONCE(netdev_unregister_timeout_secs) * HZ)) { list_for_each_entry(dev, list, todo_list) { diff --git a/debian/patches/pve/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch b/debian/patches/pve/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch index f420c8f..f6186d1 100644 --- a/debian/patches/pve/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch +++ b/debian/patches/pve/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch @@ -16,7 +16,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h -index da51a83b2829..9d9e7822eddf 100644 +index e99dbc052575..9e9cdb198b82 100644 --- a/include/linux/fortify-string.h +++ b/include/linux/fortify-string.h @@ -18,7 +18,7 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning(" diff --git a/debian/patches/pve/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch b/debian/patches/pve/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch index ea34cc7..233c666 100644 --- a/debian/patches/pve/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch +++ b/debian/patches/pve/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch @@ -78,10 +78,10 @@ Signed-off-by: Thomas Lamprecht 3 files changed, 21 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c -index 7bdc66abfc92..e2b67975869c 100644 +index ce1499732cb8..d68c04bde5ed 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c -@@ -249,6 +249,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent) +@@ -262,6 +262,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent) return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; } @@ -95,7 +95,7 @@ index 7bdc66abfc92..e2b67975869c 100644 int nent) { diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h -index b1658c0de847..12a02851ff57 100644 +index 23dbb9eb277c..07da153802e4 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -32,6 +32,8 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu, @@ -108,10 +108,10 @@ index b1658c0de847..12a02851ff57 100644 int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 7bcf1a76a6ab..aa225f430299 100644 +index 3750a0c688b7..706348cbde7c 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -5424,6 +5424,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu, +@@ -5580,6 +5580,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu, if (fpstate_is_confidential(&vcpu->arch.guest_fpu)) return 0; diff --git a/debian/patches/pve/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch b/debian/patches/pve/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch index 3d3b29c..bb8a4c9 100644 --- a/debian/patches/pve/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch +++ b/debian/patches/pve/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch @@ -11,10 +11,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c -index 656b2150643e..06fefd2a4bfa 100644 +index c4c6240d14f9..5e037a9ea6a6 100644 --- a/drivers/iommu/intel/iommu.c +++ b/drivers/iommu/intel/iommu.c -@@ -298,6 +298,7 @@ static int dmar_map_gfx = 1; +@@ -234,6 +234,7 @@ static int dmar_map_gfx = 1; static int dmar_map_ipu = 1; static int intel_iommu_superpage = 1; static int iommu_identity_mapping; @@ -22,7 +22,7 @@ index 656b2150643e..06fefd2a4bfa 100644 static int iommu_skip_te_disable; #define IDENTMAP_GFX 2 -@@ -359,6 +360,9 @@ static int __init intel_iommu_setup(char *str) +@@ -296,6 +297,9 @@ static int __init intel_iommu_setup(char *str) } else if (!strncmp(str, "tboot_noforce", 13)) { pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n"); intel_iommu_tboot_noforce = 1; @@ -32,7 +32,7 @@ index 656b2150643e..06fefd2a4bfa 100644 } else { pr_notice("Unknown option - '%s'\n", str); } -@@ -2503,7 +2507,7 @@ static bool device_rmrr_is_relaxable(struct device *dev) +@@ -2470,7 +2474,7 @@ static bool device_rmrr_is_relaxable(struct device *dev) return false; pdev = to_pci_dev(dev); diff --git a/debian/patches/pve/0011-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch b/debian/patches/pve/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch similarity index 89% rename from debian/patches/pve/0011-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch rename to debian/patches/pve/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch index d7d46c1..f248acc 100644 --- a/debian/patches/pve/0011-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch +++ b/debian/patches/pve/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch @@ -24,14 +24,14 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c -index c8466bc64b87..6154eda73d41 100644 +index cf86607bc696..e2c080780d9a 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c -@@ -4983,6 +4983,7 @@ static __init void svm_set_cpu_caps(void) +@@ -5102,6 +5102,7 @@ static __init void svm_set_cpu_caps(void) if (nested) { kvm_cpu_cap_set(X86_FEATURE_SVM); kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN); + kvm_cpu_cap_set(X86_FEATURE_FLUSHBYASID); - if (nrips) - kvm_cpu_cap_set(X86_FEATURE_NRIPS); + /* + * KVM currently flushes TLBs on *every* nested SVM transition, diff --git a/debian/patches/pve/0010-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch b/debian/patches/pve/0010-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch deleted file mode 100644 index 3b93ded..0000000 --- a/debian/patches/pve/0010-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Sean Christopherson -Date: Wed, 18 Oct 2023 12:41:03 -0700 -Subject: [PATCH] Revert "nSVM: Check for reserved encodings of TLB_CONTROL in - nested VMCB" - -Revert KVM's made-up consistency check on SVM's TLB control. The APM says -that unsupported encodings are reserved, but the APM doesn't state that -VMRUN checks for a supported encoding. Unless something is called out -in "Canonicalization and Consistency Checks" or listed as MBZ (Must Be -Zero), AMD behavior is typically to let software shoot itself in the foot. - -This reverts commit 174a921b6975ef959dd82ee9e8844067a62e3ec1. - -Fixes: 174a921b6975 ("nSVM: Check for reserved encodings of TLB_CONTROL in nested VMCB") -Reported-by: Stefan Sterz -Closes: https://lkml.kernel.org/r/b9915c9c-4cf6-051a-2d91-44cc6380f455%40proxmox.com -Cc: stable@vger.kernel.org -Signed-off-by: Sean Christopherson -Signed-off-by: Thomas Lamprecht ---- - arch/x86/kvm/svm/nested.c | 15 --------------- - 1 file changed, 15 deletions(-) - -diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c -index 36482780a42f..43481f26a34b 100644 ---- a/arch/x86/kvm/svm/nested.c -+++ b/arch/x86/kvm/svm/nested.c -@@ -247,18 +247,6 @@ static bool nested_svm_check_bitmap_pa(struct kvm_vcpu *vcpu, u64 pa, u32 size) - kvm_vcpu_is_legal_gpa(vcpu, addr + size - 1); - } - --static bool nested_svm_check_tlb_ctl(struct kvm_vcpu *vcpu, u8 tlb_ctl) --{ -- /* Nested FLUSHBYASID is not supported yet. */ -- switch(tlb_ctl) { -- case TLB_CONTROL_DO_NOTHING: -- case TLB_CONTROL_FLUSH_ALL_ASID: -- return true; -- default: -- return false; -- } --} -- - static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu, - struct vmcb_ctrl_area_cached *control) - { -@@ -278,9 +266,6 @@ static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu, - IOPM_SIZE))) - return false; - -- if (CC(!nested_svm_check_tlb_ctl(vcpu, control->tlb_ctl))) -- return false; -- - if (CC((control->int_ctl & V_NMI_ENABLE_MASK) && - !vmcb12_is_intercept(control, INTERCEPT_NMI))) { - return false; diff --git a/debian/patches/pve/0012-revert-memfd-improve-userspace-warnings-for-missing-.patch b/debian/patches/pve/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch similarity index 97% rename from debian/patches/pve/0012-revert-memfd-improve-userspace-warnings-for-missing-.patch rename to debian/patches/pve/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch index fec2af2..5df98ce 100644 --- a/debian/patches/pve/0012-revert-memfd-improve-userspace-warnings-for-missing-.patch +++ b/debian/patches/pve/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch @@ -30,7 +30,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/memfd.c b/mm/memfd.c -index 2dba2cb6f0d0..1c077e98e116 100644 +index d3a1ba4208c9..6a9de5d9105e 100644 --- a/mm/memfd.c +++ b/mm/memfd.c @@ -282,7 +282,7 @@ static int check_sysctl_memfd_noexec(unsigned int *flags) diff --git a/debian/patches/pve/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch b/debian/patches/pve/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch new file mode 100644 index 0000000..9bd7c79 --- /dev/null +++ b/debian/patches/pve/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Wolfgang Bumiller +Date: Wed, 10 Apr 2024 13:21:59 +0200 +Subject: [PATCH] apparmor: expect msg_namelen=0 for recvmsg calls + +When coming from sys_recvmsg, msg->msg_namelen is explicitly set to +zero early on. (see ____sys_recvmsg in net/socket.c) +We still end up in 'map_addr' where the assumption is that addr != +NULL means addrlen has a valid size. + +This is likely not a final fix, it was suggested by jjohansen on irc +to get things going until this is resolved properly. + +Signed-off-by: Wolfgang Bumiller +--- + security/apparmor/af_inet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/security/apparmor/af_inet.c b/security/apparmor/af_inet.c +index 57b710054a76..35f905d9b960 100644 +--- a/security/apparmor/af_inet.c ++++ b/security/apparmor/af_inet.c +@@ -766,7 +766,7 @@ int aa_inet_msg_perm(const char *op, u32 request, struct socket *sock, + /* do we need early bailout for !family ... */ + return sk_has_perm2(sock->sk, op, request, profile, ad, + map_sock_addr(sock, ADDR_LOCAL, &laddr, &ad), +- map_addr(msg->msg_name, msg->msg_namelen, 0, ++ map_addr(msg->msg_namelen == 0 ? NULL : msg->msg_name, msg->msg_namelen, 0, + ADDR_REMOTE, &raddr, &ad), + profile_remote_perm(profile, sock->sk, request, + &raddr, &laddr.maddr, &ad)); diff --git a/debian/patches/pve/0013-Revert-UBUNTU-SAUCE-ceph-make-sure-all-the-files-suc.patch b/debian/patches/pve/0013-Revert-UBUNTU-SAUCE-ceph-make-sure-all-the-files-suc.patch deleted file mode 100644 index 17f31d8..0000000 --- a/debian/patches/pve/0013-Revert-UBUNTU-SAUCE-ceph-make-sure-all-the-files-suc.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Thomas Lamprecht -Date: Tue, 7 Nov 2023 09:26:16 +0100 -Subject: [PATCH] Revert "UBUNTU: SAUCE: ceph: make sure all the files - successfully put before unmounting" - -This reverts commit a53dba9297be9597eac7b17738723bd44bac97ea, which -was an early attempt to fix a bug that was actually present in the -ceph layer, as confirmed by the original patch author [0], and fixed -actually there now [1]. - -[0]: https://lore.kernel.org/all/8443166a-7182-7777-a489-14b5dab20bd5@redhat.com/ -[1]: https://patchwork.kernel.org/project/ceph-devel/patch/20221221093031.132792-1-xiubli@redhat.com/ -Hide - -Signed-off-by: Thomas Lamprecht ---- - fs/crypto/keyring.c | 6 +----- - fs/inode.c | 5 +---- - 2 files changed, 2 insertions(+), 9 deletions(-) - -diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c -index 147b9a11c62c..7cbb1fd872ac 100644 ---- a/fs/crypto/keyring.c -+++ b/fs/crypto/keyring.c -@@ -237,11 +237,7 @@ void fscrypt_destroy_keyring(struct super_block *sb) - * with ->mk_secret. There should be no structural refs - * beyond the one associated with the active ref. - */ -- if (refcount_read(&mk->mk_active_refs) != 1) { -- printk("fscrypt_destroy_keyring: mk_active_refs = %d\n", -- refcount_read(&mk->mk_active_refs)); -- WARN_ON_ONCE(refcount_read(&mk->mk_active_refs) != 1); -- } -+ WARN_ON_ONCE(refcount_read(&mk->mk_active_refs) != 1); - WARN_ON_ONCE(refcount_read(&mk->mk_struct_refs) != 1); - WARN_ON_ONCE(!is_master_key_secret_present(&mk->mk_secret)); - wipe_master_key_secret(&mk->mk_secret); -diff --git a/fs/inode.c b/fs/inode.c -index 3b8abad427b4..67611a360031 100644 ---- a/fs/inode.c -+++ b/fs/inode.c -@@ -716,11 +716,8 @@ void evict_inodes(struct super_block *sb) - again: - spin_lock(&sb->s_inode_list_lock); - list_for_each_entry_safe(inode, next, &sb->s_inodes, i_sb_list) { -- if (atomic_read(&inode->i_count)) { -- printk("evict_inodes inode %p, i_count = %d, was skipped!\n", -- inode, atomic_read(&inode->i_count)); -+ if (atomic_read(&inode->i_count)) - continue; -- } - - spin_lock(&inode->i_lock); - if (inode->i_state & (I_NEW | I_FREEING | I_WILL_FREE)) { diff --git a/debian/patches/pve/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch b/debian/patches/pve/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch new file mode 100644 index 0000000..e3e7018 --- /dev/null +++ b/debian/patches/pve/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch @@ -0,0 +1,79 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Borislav Petkov (AMD)" +Date: Sun, 24 Mar 2024 20:51:35 +0100 +Subject: [PATCH] x86/CPU/AMD: Improve the erratum 1386 workaround + +Disable XSAVES only on machines which haven't loaded the microcode +revision containing the erratum fix. + +This will come in handy when running archaic OSes as guests. OSes whose +brilliant programmers thought that CPUID is overrated and one should not +query it but use features directly, ala shoot first, ask questions +later... but only if you're alive after the shooting. + +Signed-off-by: Borislav Petkov (AMD) +Tested-by: "Maciej S. Szmigiero" +Cc: Boris Ostrovsky +Link: https://lore.kernel.org/r/20240324200525.GBZgCHhYFsBj12PrKv@fat_crate.local +--- + arch/x86/include/asm/cpu_device_id.h | 8 ++++++++ + arch/x86/kernel/cpu/amd.c | 12 ++++++++++++ + 2 files changed, 20 insertions(+) + +diff --git a/arch/x86/include/asm/cpu_device_id.h b/arch/x86/include/asm/cpu_device_id.h +index e8e3dbe7f173..b6325ee30871 100644 +--- a/arch/x86/include/asm/cpu_device_id.h ++++ b/arch/x86/include/asm/cpu_device_id.h +@@ -288,6 +288,14 @@ struct x86_cpu_desc { + .x86_microcode_rev = (revision), \ + } + ++#define AMD_CPU_DESC(fam, model, stepping, revision) { \ ++ .x86_family = (fam), \ ++ .x86_vendor = X86_VENDOR_AMD, \ ++ .x86_model = (model), \ ++ .x86_stepping = (stepping), \ ++ .x86_microcode_rev = (revision), \ ++} ++ + extern const struct x86_cpu_id *x86_match_cpu(const struct x86_cpu_id *match); + extern bool x86_cpu_has_min_microcode_rev(const struct x86_cpu_desc *table); + +diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c +index 0838ea579eb0..ca6096dcc5c6 100644 +--- a/arch/x86/kernel/cpu/amd.c ++++ b/arch/x86/kernel/cpu/amd.c +@@ -13,6 +13,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -925,6 +926,11 @@ static void init_amd_bd(struct cpuinfo_x86 *c) + clear_rdrand_cpuid_bit(c); + } + ++static const struct x86_cpu_desc erratum_1386_microcode[] = { ++ AMD_CPU_DESC(0x17, 0x1, 0x2, 0x0800126e), ++ AMD_CPU_DESC(0x17, 0x31, 0x0, 0x08301052), ++}; ++ + static void fix_erratum_1386(struct cpuinfo_x86 *c) + { + /* +@@ -934,7 +940,13 @@ static void fix_erratum_1386(struct cpuinfo_x86 *c) + * + * Affected parts all have no supervisor XSAVE states, meaning that + * the XSAVEC instruction (which works fine) is equivalent. ++ * ++ * Clear the feature flag only on microcode revisions which ++ * don't have the fix. + */ ++ if (x86_cpu_has_min_microcode_rev(erratum_1386_microcode)) ++ return; ++ + clear_cpu_cap(c, X86_FEATURE_XSAVES); + } + diff --git a/debian/patches/pve/0014-cifs-fix-pagecache-leak-when-do-writepages.patch b/debian/patches/pve/0014-cifs-fix-pagecache-leak-when-do-writepages.patch new file mode 100644 index 0000000..495dd71 --- /dev/null +++ b/debian/patches/pve/0014-cifs-fix-pagecache-leak-when-do-writepages.patch @@ -0,0 +1,108 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Yang Erkun +Date: Tue, 25 Jun 2024 11:43:32 +0800 +Subject: [PATCH] cifs: fix pagecache leak when do writepages + +After commit f3dc1bdb6b0b("cifs: Fix writeback data corruption"), the +writepages for cifs will find all folio needed writepage with two phase. +The first folio will be found in cifs_writepages_begin, and the latter +various folios will be found in cifs_extend_writeback. + +All those will first get folio, and for normal case, once we set page +writeback and after do really write, we should put the reference, folio +found in cifs_extend_writeback do this with folio_batch_release. But the +folio found in cifs_writepages_begin never get the chance do it. And +every writepages call, we will leak a folio(found this problem while do +xfstests over cifs, the latter show that we will leak about 600M+ every +we run generic/074). + +echo 3 > /proc/sys/vm/drop_caches ; cat /proc/meminfo | grep file +Active(file): 34092 kB +Inactive(file): 176192 kB +./check generic/074 (smb v1) +... +generic/074 50s ... 53s +Ran: generic/074 +Passed all 1 tests + +echo 3 > /proc/sys/vm/drop_caches ; cat /proc/meminfo | grep file +Active(file): 35036 kB +Inactive(file): 854708 kB + +Besides, the exist path seem never handle this folio correctly, fix it too +with this patch. + +The problem does not exist in mainline since writepages path for cifs +has changed to netfs(3ee1a1fc3981 ("cifs: Cut over to using netfslib")). +It's had to backport all related change, so try fix this problem with this +single patch. + +Fixes: f3dc1bdb6b0b ("cifs: Fix writeback data corruption") +Cc: stable@kernel.org # v6.6+ +Signed-off-by: Yang Erkun +(picked from https://lore.kernel.org/linux-cifs/20240625034332.750312-1-yangerkun@huawei.com/) +Signed-off-by: Fiona Ebner +--- + fs/smb/client/file.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c +index af5c476db6e6..8aee0f520300 100644 +--- a/fs/smb/client/file.c ++++ b/fs/smb/client/file.c +@@ -2845,17 +2845,21 @@ static ssize_t cifs_write_back_from_locked_folio(struct address_space *mapping, + rc = cifs_get_writable_file(CIFS_I(inode), FIND_WR_ANY, &cfile); + if (rc) { + cifs_dbg(VFS, "No writable handle in writepages rc=%d\n", rc); ++ folio_unlock(folio); + goto err_xid; + } + + rc = server->ops->wait_mtu_credits(server, cifs_sb->ctx->wsize, + &wsize, credits); +- if (rc != 0) ++ if (rc != 0) { ++ folio_unlock(folio); + goto err_close; ++ } + + wdata = cifs_writedata_alloc(cifs_writev_complete); + if (!wdata) { + rc = -ENOMEM; ++ folio_unlock(folio); + goto err_uncredit; + } + +@@ -3002,17 +3006,22 @@ static ssize_t cifs_writepages_begin(struct address_space *mapping, + lock_again: + if (wbc->sync_mode != WB_SYNC_NONE) { + ret = folio_lock_killable(folio); +- if (ret < 0) ++ if (ret < 0) { ++ folio_put(folio); + return ret; ++ } + } else { +- if (!folio_trylock(folio)) ++ if (!folio_trylock(folio)) { ++ folio_put(folio); + goto search_again; ++ } + } + + if (folio->mapping != mapping || + !folio_test_dirty(folio)) { + start += folio_size(folio); + folio_unlock(folio); ++ folio_put(folio); + goto search_again; + } + +@@ -3042,6 +3051,7 @@ static ssize_t cifs_writepages_begin(struct address_space *mapping, + out: + if (ret > 0) + *_start = start + ret; ++ folio_put(folio); + return ret; + } + diff --git a/debian/patches/pve/0014-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch b/debian/patches/pve/0014-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch deleted file mode 100644 index e419466..0000000 --- a/debian/patches/pve/0014-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Mario Limonciello -Date: Wed, 4 Oct 2023 15:22:52 -0500 -Subject: [PATCH] drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 - -For pptable structs that use flexible array sizes, use flexible arrays. - -Suggested-by: Felix Held -Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2874 -Signed-off-by: Mario Limonciello -Acked-by: Alex Deucher -Signed-off-by: Alex Deucher -(cherry-picked from commit 760efbca74a405dc439a013a5efaa9fadc95a8c3) -Signed-off-by: Fiona Ebner ---- - drivers/gpu/drm/amd/include/pptable.h | 4 ++-- - drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h | 4 ++-- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/drivers/gpu/drm/amd/include/pptable.h b/drivers/gpu/drm/amd/include/pptable.h -index 0b6a057e0a4c..5aac8d545bdc 100644 ---- a/drivers/gpu/drm/amd/include/pptable.h -+++ b/drivers/gpu/drm/amd/include/pptable.h -@@ -78,7 +78,7 @@ typedef struct _ATOM_PPLIB_THERMALCONTROLLER - typedef struct _ATOM_PPLIB_STATE - { - UCHAR ucNonClockStateIndex; -- UCHAR ucClockStateIndices[1]; // variable-sized -+ UCHAR ucClockStateIndices[]; // variable-sized - } ATOM_PPLIB_STATE; - - -@@ -473,7 +473,7 @@ typedef struct _ATOM_PPLIB_STATE_V2 - /** - * Driver will read the first ucNumDPMLevels in this array - */ -- UCHAR clockInfoIndex[1]; -+ UCHAR clockInfoIndex[]; - } ATOM_PPLIB_STATE_V2; - - typedef struct _StateArray{ -diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h -index b0ac4d121adc..41444e27bfc0 100644 ---- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h -+++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h -@@ -179,7 +179,7 @@ typedef struct _ATOM_Tonga_MCLK_Dependency_Record { - typedef struct _ATOM_Tonga_MCLK_Dependency_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries. */ -- ATOM_Tonga_MCLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */ -+ ATOM_Tonga_MCLK_Dependency_Record entries[]; /* Dynamically allocate entries. */ - } ATOM_Tonga_MCLK_Dependency_Table; - - typedef struct _ATOM_Tonga_SCLK_Dependency_Record { -@@ -194,7 +194,7 @@ typedef struct _ATOM_Tonga_SCLK_Dependency_Record { - typedef struct _ATOM_Tonga_SCLK_Dependency_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries. */ -- ATOM_Tonga_SCLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */ -+ ATOM_Tonga_SCLK_Dependency_Record entries[]; /* Dynamically allocate entries. */ - } ATOM_Tonga_SCLK_Dependency_Table; - - typedef struct _ATOM_Polaris_SCLK_Dependency_Record { diff --git a/debian/patches/pve/0015-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch b/debian/patches/pve/0015-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch deleted file mode 100644 index dd82cd5..0000000 --- a/debian/patches/pve/0015-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Mario Limonciello -Date: Wed, 4 Oct 2023 15:46:44 -0500 -Subject: [PATCH] drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and - Tonga - -For pptable structs that use flexible array sizes, use flexible arrays. - -Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2036742 -Signed-off-by: Mario Limonciello -Acked-by: Alex Deucher -Signed-off-by: Alex Deucher -(cherry-picked from commit 0f0e59075b5c22f1e871fbd508d6e4f495048356) -Signed-off-by: Fiona Ebner ---- - .../gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h -index 41444e27bfc0..e0e40b054c08 100644 ---- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h -+++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h -@@ -164,7 +164,7 @@ typedef struct _ATOM_Tonga_State { - typedef struct _ATOM_Tonga_State_Array { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries. */ -- ATOM_Tonga_State entries[1]; /* Dynamically allocate entries. */ -+ ATOM_Tonga_State entries[]; /* Dynamically allocate entries. */ - } ATOM_Tonga_State_Array; - - typedef struct _ATOM_Tonga_MCLK_Dependency_Record { -@@ -210,7 +210,7 @@ typedef struct _ATOM_Polaris_SCLK_Dependency_Record { - typedef struct _ATOM_Polaris_SCLK_Dependency_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries. */ -- ATOM_Polaris_SCLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */ -+ ATOM_Polaris_SCLK_Dependency_Record entries[]; /* Dynamically allocate entries. */ - } ATOM_Polaris_SCLK_Dependency_Table; - - typedef struct _ATOM_Tonga_PCIE_Record { -@@ -222,7 +222,7 @@ typedef struct _ATOM_Tonga_PCIE_Record { - typedef struct _ATOM_Tonga_PCIE_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries. */ -- ATOM_Tonga_PCIE_Record entries[1]; /* Dynamically allocate entries. */ -+ ATOM_Tonga_PCIE_Record entries[]; /* Dynamically allocate entries. */ - } ATOM_Tonga_PCIE_Table; - - typedef struct _ATOM_Polaris10_PCIE_Record { -@@ -235,7 +235,7 @@ typedef struct _ATOM_Polaris10_PCIE_Record { - typedef struct _ATOM_Polaris10_PCIE_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries. */ -- ATOM_Polaris10_PCIE_Record entries[1]; /* Dynamically allocate entries. */ -+ ATOM_Polaris10_PCIE_Record entries[]; /* Dynamically allocate entries. */ - } ATOM_Polaris10_PCIE_Table; - - -@@ -252,7 +252,7 @@ typedef struct _ATOM_Tonga_MM_Dependency_Record { - typedef struct _ATOM_Tonga_MM_Dependency_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries. */ -- ATOM_Tonga_MM_Dependency_Record entries[1]; /* Dynamically allocate entries. */ -+ ATOM_Tonga_MM_Dependency_Record entries[]; /* Dynamically allocate entries. */ - } ATOM_Tonga_MM_Dependency_Table; - - typedef struct _ATOM_Tonga_Voltage_Lookup_Record { -@@ -265,7 +265,7 @@ typedef struct _ATOM_Tonga_Voltage_Lookup_Record { - typedef struct _ATOM_Tonga_Voltage_Lookup_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries. */ -- ATOM_Tonga_Voltage_Lookup_Record entries[1]; /* Dynamically allocate entries. */ -+ ATOM_Tonga_Voltage_Lookup_Record entries[]; /* Dynamically allocate entries. */ - } ATOM_Tonga_Voltage_Lookup_Table; - - typedef struct _ATOM_Tonga_Fan_Table { diff --git a/debian/patches/pve/0015-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch b/debian/patches/pve/0015-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch new file mode 100644 index 0000000..cd88e43 --- /dev/null +++ b/debian/patches/pve/0015-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch @@ -0,0 +1,69 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Ma Jun +Date: Tue, 19 Mar 2024 11:02:29 +0800 +Subject: [PATCH] drm/amdgpu/pm: Don't use OD table on Arcturus + +OD is not supported on Arcturus, so the OD table +should not be used. + +Signed-off-by: Ma Jun +Acked-by: Alex Deucher +Signed-off-by: Alex Deucher +(cherry picked from commit bc55c344b06f7e6f99eb92d393ff0a84c1532514) +Signed-off-by: Fiona Ebner +--- + .../gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 33 +++---------------- + 1 file changed, 5 insertions(+), 28 deletions(-) + +diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c +index 40ba7227cca5..0c2d04f978ac 100644 +--- a/drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c ++++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c +@@ -1283,11 +1283,8 @@ static int arcturus_get_power_limit(struct smu_context *smu, + uint32_t *max_power_limit, + uint32_t *min_power_limit) + { +- struct smu_11_0_powerplay_table *powerplay_table = +- (struct smu_11_0_powerplay_table *)smu->smu_table.power_play_table; +- struct smu_11_0_overdrive_table *od_settings = smu->od_settings; + PPTable_t *pptable = smu->smu_table.driver_pptable; +- uint32_t power_limit, od_percent_upper = 0, od_percent_lower = 0; ++ uint32_t power_limit; + + if (smu_v11_0_get_current_power_limit(smu, &power_limit)) { + /* the last hope to figure out the ppt limit */ +@@ -1303,30 +1300,10 @@ static int arcturus_get_power_limit(struct smu_context *smu, + *current_power_limit = power_limit; + if (default_power_limit) + *default_power_limit = power_limit; +- +- if (powerplay_table) { +- if (smu->od_enabled && +- od_settings->cap[SMU_11_0_ODCAP_POWER_LIMIT]) { +- od_percent_upper = le32_to_cpu(powerplay_table->overdrive_table.max[SMU_11_0_ODSETTING_POWERPERCENTAGE]); +- od_percent_lower = le32_to_cpu(powerplay_table->overdrive_table.min[SMU_11_0_ODSETTING_POWERPERCENTAGE]); +- } else if (od_settings->cap[SMU_11_0_ODCAP_POWER_LIMIT]) { +- od_percent_upper = 0; +- od_percent_lower = le32_to_cpu(powerplay_table->overdrive_table.min[SMU_11_0_ODSETTING_POWERPERCENTAGE]); +- } +- } +- +- dev_dbg(smu->adev->dev, "od percent upper:%d, od percent lower:%d (default power: %d)\n", +- od_percent_upper, od_percent_lower, power_limit); +- +- if (max_power_limit) { +- *max_power_limit = power_limit * (100 + od_percent_upper); +- *max_power_limit /= 100; +- } +- +- if (min_power_limit) { +- *min_power_limit = power_limit * (100 - od_percent_lower); +- *min_power_limit /= 100; +- } ++ if (max_power_limit) ++ *max_power_limit = power_limit; ++ if (min_power_limit) ++ *min_power_limit = power_limit; + + return 0; + } diff --git a/debian/patches/pve/0016-SUNRPC-Fix-backchannel-reply-again.patch b/debian/patches/pve/0016-SUNRPC-Fix-backchannel-reply-again.patch new file mode 100644 index 0000000..8b3242e --- /dev/null +++ b/debian/patches/pve/0016-SUNRPC-Fix-backchannel-reply-again.patch @@ -0,0 +1,58 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chuck Lever +Date: Wed, 19 Jun 2024 09:51:08 -0400 +Subject: [PATCH] SUNRPC: Fix backchannel reply, again +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +[ Upstream commit 6ddc9deacc1312762c2edd9de00ce76b00f69f7c ] + +I still see "RPC: Could not send backchannel reply error: -110" +quite often, along with slow-running tests. Debugging shows that the +backchannel is still stumbling when it has to queue a callback reply +on a busy transport. + +Note that every one of these timeouts causes a connection loss by +virtue of the xprt_conditional_disconnect() call in that arm of +call_cb_transmit_status(). + +I found that setting to_maxval is necessary to get the RPC timeout +logic to behave whenever to_exponential is not set. + +Fixes: 57331a59ac0d ("NFSv4.1: Use the nfs_client's rpc timeouts for backchannel") +Signed-off-by: Chuck Lever +Reviewed-by: Benjamin Coddington +Signed-off-by: Trond Myklebust +Signed-off-by: Sasha Levin +(cherry picked from commit bd1e42e0f2567c911d3df761cf7a33b021fdceeb) +Signed-off-by: Fabian Grünbichler +--- + net/sunrpc/svc.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c +index bd61e257cda6..bac1886f07da 100644 +--- a/net/sunrpc/svc.c ++++ b/net/sunrpc/svc.c +@@ -1546,9 +1546,11 @@ void svc_process(struct svc_rqst *rqstp) + */ + void svc_process_bc(struct rpc_rqst *req, struct svc_rqst *rqstp) + { ++ struct rpc_timeout timeout = { ++ .to_increment = 0, ++ }; + struct rpc_task *task; + int proc_error; +- struct rpc_timeout timeout; + + /* Build the svc_rqst used by the common processing routine */ + rqstp->rq_xid = req->rq_xid; +@@ -1601,6 +1603,7 @@ void svc_process_bc(struct rpc_rqst *req, struct svc_rqst *rqstp) + timeout.to_initval = req->rq_xprt->timeout->to_initval; + timeout.to_retries = req->rq_xprt->timeout->to_retries; + } ++ timeout.to_maxval = timeout.to_initval; + memcpy(&req->rq_snd_buf, &rqstp->rq_res, sizeof(req->rq_snd_buf)); + task = rpc_run_bc_task(req, &timeout); + diff --git a/debian/patches/pve/0016-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Powe.patch b/debian/patches/pve/0016-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Powe.patch deleted file mode 100644 index 6f92403..0000000 --- a/debian/patches/pve/0016-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Powe.patch +++ /dev/null @@ -1,146 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Alex Deucher -Date: Fri, 27 Oct 2023 16:40:47 -0400 -Subject: [PATCH] drm/amd: Fix UBSAN array-index-out-of-bounds for Powerplay - headers -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -For pptable structs that use flexible array sizes, use flexible arrays. - -Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2039926 -Reviewed-by: Mario Limonciello -Acked-by: Christian König -Signed-off-by: Alex Deucher -(cherry-picked from commit 49afe91370b86566857a3c2c39612cf098110885) -Signed-off-by: Fiona Ebner ---- - .../drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h | 4 ++-- - .../amd/pm/powerplay/hwmgr/vega10_pptable.h | 24 +++++++++---------- - 2 files changed, 14 insertions(+), 14 deletions(-) - -diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h -index e0e40b054c08..5ec564dbf339 100644 ---- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h -+++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h -@@ -367,7 +367,7 @@ typedef struct _ATOM_Tonga_VCE_State_Record { - typedef struct _ATOM_Tonga_VCE_State_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; -- ATOM_Tonga_VCE_State_Record entries[1]; -+ ATOM_Tonga_VCE_State_Record entries[]; - } ATOM_Tonga_VCE_State_Table; - - typedef struct _ATOM_Tonga_PowerTune_Table { -@@ -482,7 +482,7 @@ typedef struct _ATOM_Tonga_Hard_Limit_Record { - typedef struct _ATOM_Tonga_Hard_Limit_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; -- ATOM_Tonga_Hard_Limit_Record entries[1]; -+ ATOM_Tonga_Hard_Limit_Record entries[]; - } ATOM_Tonga_Hard_Limit_Table; - - typedef struct _ATOM_Tonga_GPIO_Table { -diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_pptable.h b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_pptable.h -index 9c479bd9a786..a372abcd01be 100644 ---- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_pptable.h -+++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_pptable.h -@@ -129,7 +129,7 @@ typedef struct _ATOM_Vega10_State { - typedef struct _ATOM_Vega10_State_Array { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries. */ -- ATOM_Vega10_State states[1]; /* Dynamically allocate entries. */ -+ ATOM_Vega10_State states[]; /* Dynamically allocate entries. */ - } ATOM_Vega10_State_Array; - - typedef struct _ATOM_Vega10_CLK_Dependency_Record { -@@ -169,37 +169,37 @@ typedef struct _ATOM_Vega10_GFXCLK_Dependency_Table { - typedef struct _ATOM_Vega10_MCLK_Dependency_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries. */ -- ATOM_Vega10_MCLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */ -+ ATOM_Vega10_MCLK_Dependency_Record entries[]; /* Dynamically allocate entries. */ - } ATOM_Vega10_MCLK_Dependency_Table; - - typedef struct _ATOM_Vega10_SOCCLK_Dependency_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries. */ -- ATOM_Vega10_CLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */ -+ ATOM_Vega10_CLK_Dependency_Record entries[]; /* Dynamically allocate entries. */ - } ATOM_Vega10_SOCCLK_Dependency_Table; - - typedef struct _ATOM_Vega10_DCEFCLK_Dependency_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries. */ -- ATOM_Vega10_CLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */ -+ ATOM_Vega10_CLK_Dependency_Record entries[]; /* Dynamically allocate entries. */ - } ATOM_Vega10_DCEFCLK_Dependency_Table; - - typedef struct _ATOM_Vega10_PIXCLK_Dependency_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries. */ -- ATOM_Vega10_CLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */ -+ ATOM_Vega10_CLK_Dependency_Record entries[]; /* Dynamically allocate entries. */ - } ATOM_Vega10_PIXCLK_Dependency_Table; - - typedef struct _ATOM_Vega10_DISPCLK_Dependency_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries.*/ -- ATOM_Vega10_CLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */ -+ ATOM_Vega10_CLK_Dependency_Record entries[]; /* Dynamically allocate entries. */ - } ATOM_Vega10_DISPCLK_Dependency_Table; - - typedef struct _ATOM_Vega10_PHYCLK_Dependency_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries. */ -- ATOM_Vega10_CLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */ -+ ATOM_Vega10_CLK_Dependency_Record entries[]; /* Dynamically allocate entries. */ - } ATOM_Vega10_PHYCLK_Dependency_Table; - - typedef struct _ATOM_Vega10_MM_Dependency_Record { -@@ -213,7 +213,7 @@ typedef struct _ATOM_Vega10_MM_Dependency_Record { - typedef struct _ATOM_Vega10_MM_Dependency_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries */ -- ATOM_Vega10_MM_Dependency_Record entries[1]; /* Dynamically allocate entries */ -+ ATOM_Vega10_MM_Dependency_Record entries[]; /* Dynamically allocate entries */ - } ATOM_Vega10_MM_Dependency_Table; - - typedef struct _ATOM_Vega10_PCIE_Record { -@@ -225,7 +225,7 @@ typedef struct _ATOM_Vega10_PCIE_Record { - typedef struct _ATOM_Vega10_PCIE_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries */ -- ATOM_Vega10_PCIE_Record entries[1]; /* Dynamically allocate entries. */ -+ ATOM_Vega10_PCIE_Record entries[]; /* Dynamically allocate entries. */ - } ATOM_Vega10_PCIE_Table; - - typedef struct _ATOM_Vega10_Voltage_Lookup_Record { -@@ -235,7 +235,7 @@ typedef struct _ATOM_Vega10_Voltage_Lookup_Record { - typedef struct _ATOM_Vega10_Voltage_Lookup_Table { - UCHAR ucRevId; - UCHAR ucNumEntries; /* Number of entries */ -- ATOM_Vega10_Voltage_Lookup_Record entries[1]; /* Dynamically allocate entries */ -+ ATOM_Vega10_Voltage_Lookup_Record entries[]; /* Dynamically allocate entries */ - } ATOM_Vega10_Voltage_Lookup_Table; - - typedef struct _ATOM_Vega10_Fan_Table { -@@ -329,7 +329,7 @@ typedef struct _ATOM_Vega10_VCE_State_Table - { - UCHAR ucRevId; - UCHAR ucNumEntries; -- ATOM_Vega10_VCE_State_Record entries[1]; -+ ATOM_Vega10_VCE_State_Record entries[]; - } ATOM_Vega10_VCE_State_Table; - - typedef struct _ATOM_Vega10_PowerTune_Table { -@@ -432,7 +432,7 @@ typedef struct _ATOM_Vega10_Hard_Limit_Table - { - UCHAR ucRevId; - UCHAR ucNumEntries; -- ATOM_Vega10_Hard_Limit_Record entries[1]; -+ ATOM_Vega10_Hard_Limit_Record entries[]; - } ATOM_Vega10_Hard_Limit_Table; - - typedef struct _Vega10_PPTable_Generic_SubTable_Header diff --git a/debian/patches/pve/0017-tap-add-missing-verification-for-short-frame.patch b/debian/patches/pve/0017-tap-add-missing-verification-for-short-frame.patch new file mode 100644 index 0000000..7607163 --- /dev/null +++ b/debian/patches/pve/0017-tap-add-missing-verification-for-short-frame.patch @@ -0,0 +1,52 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Si-Wei Liu +Date: Wed, 24 Jul 2024 10:04:51 -0700 +Subject: [PATCH] tap: add missing verification for short frame + +The cited commit missed to check against the validity of the frame length +in the tap_get_user_xdp() path, which could cause a corrupted skb to be +sent downstack. Even before the skb is transmitted, the +tap_get_user_xdp()-->skb_set_network_header() may assume the size is more +than ETH_HLEN. Once transmitted, this could either cause out-of-bound +access beyond the actual length, or confuse the underlayer with incorrect +or inconsistent header length in the skb metadata. + +In the alternative path, tap_get_user() already prohibits short frame which +has the length less than Ethernet header size from being transmitted. + +This is to drop any frame shorter than the Ethernet header size just like +how tap_get_user() does. + +CVE: CVE-2024-41090 +Link: https://lore.kernel.org/netdev/1717026141-25716-1-git-send-email-si-wei.liu@oracle.com/ +Fixes: 0efac27791ee ("tap: accept an array of XDP buffs through sendmsg()") +Cc: stable@vger.kernel.org +Signed-off-by: Si-Wei Liu +Signed-off-by: Dongli Zhang +Reviewed-by: Willem de Bruijn +Reviewed-by: Paolo Abeni +Reviewed-by: Jason Wang +Link: https://patch.msgid.link/20240724170452.16837-2-dongli.zhang@oracle.com +Signed-off-by: Jakub Kicinski +(cherry picked from commit ed7f2afdd0e043a397677e597ced0830b83ba0b3) +Signed-off-by: Fiona Ebner +--- + drivers/net/tap.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/net/tap.c b/drivers/net/tap.c +index 9f0495e8df4d..feeeac715c18 100644 +--- a/drivers/net/tap.c ++++ b/drivers/net/tap.c +@@ -1177,6 +1177,11 @@ static int tap_get_user_xdp(struct tap_queue *q, struct xdp_buff *xdp) + struct sk_buff *skb; + int err, depth; + ++ if (unlikely(xdp->data_end - xdp->data < ETH_HLEN)) { ++ err = -EINVAL; ++ goto err; ++ } ++ + if (q->flags & IFF_VNET_HDR) + vnet_hdr_len = READ_ONCE(q->vnet_hdr_sz); + diff --git a/debian/patches/pve/0018-tun-add-missing-verification-for-short-frame.patch b/debian/patches/pve/0018-tun-add-missing-verification-for-short-frame.patch new file mode 100644 index 0000000..4b07b09 --- /dev/null +++ b/debian/patches/pve/0018-tun-add-missing-verification-for-short-frame.patch @@ -0,0 +1,51 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Dongli Zhang +Date: Wed, 24 Jul 2024 10:04:52 -0700 +Subject: [PATCH] tun: add missing verification for short frame + +The cited commit missed to check against the validity of the frame length +in the tun_xdp_one() path, which could cause a corrupted skb to be sent +downstack. Even before the skb is transmitted, the +tun_xdp_one-->eth_type_trans() may access the Ethernet header although it +can be less than ETH_HLEN. Once transmitted, this could either cause +out-of-bound access beyond the actual length, or confuse the underlayer +with incorrect or inconsistent header length in the skb metadata. + +In the alternative path, tun_get_user() already prohibits short frame which +has the length less than Ethernet header size from being transmitted for +IFF_TAP. + +This is to drop any frame shorter than the Ethernet header size just like +how tun_get_user() does. + +CVE: CVE-2024-41091 +Inspired-by: https://lore.kernel.org/netdev/1717026141-25716-1-git-send-email-si-wei.liu@oracle.com/ +Fixes: 043d222f93ab ("tuntap: accept an array of XDP buffs through sendmsg()") +Cc: stable@vger.kernel.org +Signed-off-by: Dongli Zhang +Reviewed-by: Si-Wei Liu +Reviewed-by: Willem de Bruijn +Reviewed-by: Paolo Abeni +Reviewed-by: Jason Wang +Link: https://patch.msgid.link/20240724170452.16837-3-dongli.zhang@oracle.com +Signed-off-by: Jakub Kicinski +(cherry picked from commit 049584807f1d797fc3078b68035450a9769eb5c3) +Signed-off-by: Fiona Ebner +--- + drivers/net/tun.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/net/tun.c b/drivers/net/tun.c +index 86515f0c2b6c..e9cd3b810e2c 100644 +--- a/drivers/net/tun.c ++++ b/drivers/net/tun.c +@@ -2459,6 +2459,9 @@ static int tun_xdp_one(struct tun_struct *tun, + bool skb_xdp = false; + struct page *page; + ++ if (unlikely(datasize < ETH_HLEN)) ++ return -EINVAL; ++ + xdp_prog = rcu_dereference(tun->xdp_prog); + if (xdp_prog) { + if (gso->gso_type) { diff --git a/debian/patches/pve/0019-apparmor-fix-possible-NULL-pointer-dereference.patch b/debian/patches/pve/0019-apparmor-fix-possible-NULL-pointer-dereference.patch new file mode 100644 index 0000000..36d4297 --- /dev/null +++ b/debian/patches/pve/0019-apparmor-fix-possible-NULL-pointer-dereference.patch @@ -0,0 +1,101 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Leesoo Ahn +Date: Wed, 8 May 2024 01:12:29 +0900 +Subject: [PATCH] apparmor: fix possible NULL pointer dereference + +profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made +from __create_missing_ancestors(..) and 'ent->old' is NULL in +aa_replace_profiles(..). +In that case, it must return an error code and the code, -ENOENT represents +its state that the path of its parent is not existed yet. + +BUG: kernel NULL pointer dereference, address: 0000000000000030 +PGD 0 P4D 0 +PREEMPT SMP PTI +CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24 +Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 +RIP: 0010:aafs_create.constprop.0+0x7f/0x130 +Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae +RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 +RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 +RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 +RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 +R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 +R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 +FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 +Call Trace: + + ? show_regs+0x6d/0x80 + ? __die+0x24/0x80 + ? page_fault_oops+0x99/0x1b0 + ? kernelmode_fixup_or_oops+0xb2/0x140 + ? __bad_area_nosemaphore+0x1a5/0x2c0 + ? find_vma+0x34/0x60 + ? bad_area_nosemaphore+0x16/0x30 + ? do_user_addr_fault+0x2a2/0x6b0 + ? exc_page_fault+0x83/0x1b0 + ? asm_exc_page_fault+0x27/0x30 + ? aafs_create.constprop.0+0x7f/0x130 + ? aafs_create.constprop.0+0x51/0x130 + __aafs_profile_mkdir+0x3d6/0x480 + aa_replace_profiles+0x83f/0x1270 + policy_update+0xe3/0x180 + profile_load+0xbc/0x150 + ? rw_verify_area+0x47/0x140 + vfs_write+0x100/0x480 + ? __x64_sys_openat+0x55/0xa0 + ? syscall_exit_to_user_mode+0x86/0x260 + ksys_write+0x73/0x100 + __x64_sys_write+0x19/0x30 + x64_sys_call+0x7e/0x25c0 + do_syscall_64+0x7f/0x180 + entry_SYSCALL_64_after_hwframe+0x78/0x80 +RIP: 0033:0x7be9f211c574 +Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 +RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 +RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 +RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 +RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 +R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 +R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 + +Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas +CR2: 0000000000000030 +---[ end trace 0000000000000000 ]--- +RIP: 0010:aafs_create.constprop.0+0x7f/0x130 +Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae +RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 +RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 +RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 +RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 +R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 +R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 +FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 + +Signed-off-by: Leesoo Ahn +Signed-off-by: John Johansen +(cherry picked from commit 3dd384108d53834002be5630132ad5c3f32166ad) +Signed-off-by: Fiona Ebner +--- + security/apparmor/apparmorfs.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c +index be6c3293c9e0..822f2e6a96a7 100644 +--- a/security/apparmor/apparmorfs.c ++++ b/security/apparmor/apparmorfs.c +@@ -1921,6 +1921,10 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) + struct aa_profile *p; + p = aa_deref_parent(profile); + dent = prof_dir(p); ++ if (!dent) { ++ error = -ENOENT; ++ goto fail2; ++ } + /* adding to parent that previously didn't have children */ + dent = aafs_create_dir("profiles", dent); + if (IS_ERR(dent)) diff --git a/debian/patches/pve/0020-PCI-pciehp-Retain-Power-Indicator-bits-for-userspace.patch b/debian/patches/pve/0020-PCI-pciehp-Retain-Power-Indicator-bits-for-userspace.patch new file mode 100644 index 0000000..7f29e5c --- /dev/null +++ b/debian/patches/pve/0020-PCI-pciehp-Retain-Power-Indicator-bits-for-userspace.patch @@ -0,0 +1,54 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Blazej Kucman +Date: Mon, 22 Jul 2024 16:14:40 +0200 +Subject: [PATCH] PCI: pciehp: Retain Power Indicator bits for userspace + indicators + +The sysfs "attention" file normally controls the Slot Control Attention +Indicator with 0 (off), 1 (on), 2 (blink) settings. + +576243b3f9ea ("PCI: pciehp: Allow exclusive userspace control of +indicators") added pciehp_set_raw_indicator_status() to allow userspace to +directly control all four bits in both the Attention Indicator and the +Power Indicator fields via the "attention" file. + +This is used on Intel VMD bridges so utilities like "ledmon" can use sysfs +"attention" to control up to 16 indicators for NVMe device RAID status. + +abaaac4845a0 ("PCI: hotplug: Use FIELD_GET/PREP()") broke this by masking +the sysfs data with PCI_EXP_SLTCTL_AIC, which discards the upper two bits +intended for the Power Indicator Control field (PCI_EXP_SLTCTL_PIC). + +For NVMe devices behind an Intel VMD, ledmon settings that use the +PCI_EXP_SLTCTL_PIC bits, i.e., ATTENTION_REBUILD (0x5), ATTENTION_LOCATE +(0x7), ATTENTION_FAILURE (0xD), ATTENTION_OFF (0xF), no longer worked +correctly. + +Mask with PCI_EXP_SLTCTL_AIC | PCI_EXP_SLTCTL_PIC to retain both the +Attention Indicator and the Power Indicator bits. + +Fixes: abaaac4845a0 ("PCI: hotplug: Use FIELD_GET/PREP()") +Link: https://lore.kernel.org/r/20240722141440.7210-1-blazej.kucman@intel.com +Signed-off-by: Blazej Kucman +[bhelgaas: commit log] +Signed-off-by: Bjorn Helgaas +Cc: stable@vger.kernel.org # v6.7+ +--- + drivers/pci/hotplug/pciehp_hpc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c +index b1d0a1b3917d..9d3c249207c4 100644 +--- a/drivers/pci/hotplug/pciehp_hpc.c ++++ b/drivers/pci/hotplug/pciehp_hpc.c +@@ -485,7 +485,9 @@ int pciehp_set_raw_indicator_status(struct hotplug_slot *hotplug_slot, + struct pci_dev *pdev = ctrl_dev(ctrl); + + pci_config_pm_runtime_get(pdev); +- pcie_write_cmd_nowait(ctrl, FIELD_PREP(PCI_EXP_SLTCTL_AIC, status), ++ ++ /* Attention and Power Indicator Control bits are supported */ ++ pcie_write_cmd_nowait(ctrl, FIELD_PREP(PCI_EXP_SLTCTL_AIC | PCI_EXP_SLTCTL_PIC, status), + PCI_EXP_SLTCTL_AIC | PCI_EXP_SLTCTL_PIC); + pci_config_pm_runtime_put(pdev); + return 0; diff --git a/debian/patches/series.linux b/debian/patches/series.linux index 21035f1..ab2cdaa 100644 --- a/debian/patches/series.linux +++ b/debian/patches/series.linux @@ -7,10 +7,14 @@ pve/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch pve/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch pve/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch pve/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch -pve/0010-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch -pve/0011-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch -pve/0012-revert-memfd-improve-userspace-warnings-for-missing-.patch -#pve/0013-Revert-UBUNTU-SAUCE-ceph-make-sure-all-the-files-suc.patch -pve/0014-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch -pve/0015-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch -pve/0016-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Powe.patch +pve/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch +pve/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch +pve/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch +pve/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch +pve/0014-cifs-fix-pagecache-leak-when-do-writepages.patch +pve/0015-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch +pve/0016-SUNRPC-Fix-backchannel-reply-again.patch +pve/0017-tap-add-missing-verification-for-short-frame.patch +pve/0018-tun-add-missing-verification-for-short-frame.patch +pve/0019-apparmor-fix-possible-NULL-pointer-dereference.patch +pve/0020-PCI-pciehp-Retain-Power-Indicator-bits-for-userspace.patch