Update patches
This commit is contained in:
parent
212a6dc1cc
commit
ead7b47f47
24 changed files with 655 additions and 425 deletions
|
@ -21,7 +21,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/init/Makefile b/init/Makefile
|
diff --git a/init/Makefile b/init/Makefile
|
||||||
index ec557ada3c12..72095034f338 100644
|
index cbac576c57d6..479b1253fcbe 100644
|
||||||
--- a/init/Makefile
|
--- a/init/Makefile
|
||||||
+++ b/init/Makefile
|
+++ b/init/Makefile
|
||||||
@@ -29,7 +29,7 @@ preempt-flag-$(CONFIG_PREEMPT_DYNAMIC) := PREEMPT_DYNAMIC
|
@@ -29,7 +29,7 @@ preempt-flag-$(CONFIG_PREEMPT_DYNAMIC) := PREEMPT_DYNAMIC
|
||||||
|
|
|
@ -54,8 +54,28 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
||||||
drivers/pci/quirks.c | 102 ++++++++++++++++++
|
drivers/pci/quirks.c | 102 ++++++++++++++++++
|
||||||
2 files changed, 111 insertions(+)
|
2 files changed, 111 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
||||||
|
index e58f3bbb7643..d574123d82bd 100644
|
||||||
|
--- a/Documentation/admin-guide/kernel-parameters.txt
|
||||||
|
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
||||||
|
@@ -4403,6 +4403,15 @@
|
||||||
|
Also, it enforces the PCI Local Bus spec
|
||||||
|
rule that those bits should be 0 in system reset
|
||||||
|
events (useful for kexec/kdump cases).
|
||||||
|
+ pci_acs_override =
|
||||||
|
+ [PCIE] Override missing PCIe ACS support for:
|
||||||
|
+ downstream
|
||||||
|
+ All downstream ports - full ACS capabilities
|
||||||
|
+ multifunction
|
||||||
|
+ Add multifunction devices - multifunction ACS subset
|
||||||
|
+ id:nnnn:nnnn
|
||||||
|
+ Specific device - full ACS capabilities
|
||||||
|
+ Specified as vid:did (vendor/device ID) in hex
|
||||||
|
noioapicquirk [APIC] Disable all boot interrupt quirks.
|
||||||
|
Safety option to keep boot IRQs enabled. This
|
||||||
|
should never be necessary.
|
||||||
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
|
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
|
||||||
index 139df46ed306..08450329f1a3 100644
|
index ce469d84ebae..4f163ef55e7b 100644
|
||||||
--- a/drivers/pci/quirks.c
|
--- a/drivers/pci/quirks.c
|
||||||
+++ b/drivers/pci/quirks.c
|
+++ b/drivers/pci/quirks.c
|
||||||
@@ -287,6 +287,106 @@ static int __init pci_apply_final_quirks(void)
|
@@ -287,6 +287,106 @@ static int __init pci_apply_final_quirks(void)
|
||||||
|
@ -165,7 +185,7 @@ index 139df46ed306..08450329f1a3 100644
|
||||||
/*
|
/*
|
||||||
* Decoding should be disabled for a PCI device during BAR sizing to avoid
|
* Decoding should be disabled for a PCI device during BAR sizing to avoid
|
||||||
* conflict. But doing so may cause problems on host bridge and perhaps other
|
* conflict. But doing so may cause problems on host bridge and perhaps other
|
||||||
@@ -5071,6 +5171,8 @@ static const struct pci_dev_acs_enabled {
|
@@ -5100,6 +5200,8 @@ static const struct pci_dev_acs_enabled {
|
||||||
{ PCI_VENDOR_ID_CAVIUM, 0xA060, pci_quirk_mf_endpoint_acs },
|
{ PCI_VENDOR_ID_CAVIUM, 0xA060, pci_quirk_mf_endpoint_acs },
|
||||||
/* APM X-Gene */
|
/* APM X-Gene */
|
||||||
{ PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs },
|
{ PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs },
|
||||||
|
|
|
@ -13,7 +13,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
|
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
|
||||||
index 5bbb5612b207..691ce10e7647 100644
|
index 6a56de7ff82e..96bd40a73e0e 100644
|
||||||
--- a/virt/kvm/kvm_main.c
|
--- a/virt/kvm/kvm_main.c
|
||||||
+++ b/virt/kvm/kvm_main.c
|
+++ b/virt/kvm/kvm_main.c
|
||||||
@@ -82,7 +82,7 @@ module_param(halt_poll_ns, uint, 0644);
|
@@ -82,7 +82,7 @@ module_param(halt_poll_ns, uint, 0644);
|
||||||
|
|
|
@ -14,10 +14,10 @@ Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/net/core/dev.c b/net/core/dev.c
|
diff --git a/net/core/dev.c b/net/core/dev.c
|
||||||
index fe8c46c46505..db9ce84f2006 100644
|
index a32811aebde5..15078ab81ec8 100644
|
||||||
--- a/net/core/dev.c
|
--- a/net/core/dev.c
|
||||||
+++ b/net/core/dev.c
|
+++ b/net/core/dev.c
|
||||||
@@ -10298,7 +10298,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
|
@@ -10471,7 +10471,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
|
||||||
if (time_after(jiffies, warning_time +
|
if (time_after(jiffies, warning_time +
|
||||||
READ_ONCE(netdev_unregister_timeout_secs) * HZ)) {
|
READ_ONCE(netdev_unregister_timeout_secs) * HZ)) {
|
||||||
list_for_each_entry(dev, list, todo_list) {
|
list_for_each_entry(dev, list, todo_list) {
|
||||||
|
|
|
@ -16,7 +16,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
|
diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
|
||||||
index da51a83b2829..9d9e7822eddf 100644
|
index e99dbc052575..9e9cdb198b82 100644
|
||||||
--- a/include/linux/fortify-string.h
|
--- a/include/linux/fortify-string.h
|
||||||
+++ b/include/linux/fortify-string.h
|
+++ b/include/linux/fortify-string.h
|
||||||
@@ -18,7 +18,7 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning("
|
@@ -18,7 +18,7 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning("
|
||||||
|
|
|
@ -78,10 +78,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
||||||
3 files changed, 21 insertions(+)
|
3 files changed, 21 insertions(+)
|
||||||
|
|
||||||
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
|
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
|
||||||
index 7bdc66abfc92..e2b67975869c 100644
|
index ce1499732cb8..d68c04bde5ed 100644
|
||||||
--- a/arch/x86/kvm/cpuid.c
|
--- a/arch/x86/kvm/cpuid.c
|
||||||
+++ b/arch/x86/kvm/cpuid.c
|
+++ b/arch/x86/kvm/cpuid.c
|
||||||
@@ -249,6 +249,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent)
|
@@ -262,6 +262,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent)
|
||||||
return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0;
|
return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -95,7 +95,7 @@ index 7bdc66abfc92..e2b67975869c 100644
|
||||||
int nent)
|
int nent)
|
||||||
{
|
{
|
||||||
diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
|
diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
|
||||||
index b1658c0de847..12a02851ff57 100644
|
index 23dbb9eb277c..07da153802e4 100644
|
||||||
--- a/arch/x86/kvm/cpuid.h
|
--- a/arch/x86/kvm/cpuid.h
|
||||||
+++ b/arch/x86/kvm/cpuid.h
|
+++ b/arch/x86/kvm/cpuid.h
|
||||||
@@ -32,6 +32,8 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
|
@@ -32,6 +32,8 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
|
||||||
|
@ -108,10 +108,10 @@ index b1658c0de847..12a02851ff57 100644
|
||||||
|
|
||||||
int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu);
|
int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu);
|
||||||
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
||||||
index 7bcf1a76a6ab..aa225f430299 100644
|
index 3750a0c688b7..706348cbde7c 100644
|
||||||
--- a/arch/x86/kvm/x86.c
|
--- a/arch/x86/kvm/x86.c
|
||||||
+++ b/arch/x86/kvm/x86.c
|
+++ b/arch/x86/kvm/x86.c
|
||||||
@@ -5424,6 +5424,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
|
@@ -5580,6 +5580,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
|
||||||
if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
|
if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
|
|
@ -11,10 +11,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
||||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
|
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
|
||||||
index 656b2150643e..06fefd2a4bfa 100644
|
index c4c6240d14f9..5e037a9ea6a6 100644
|
||||||
--- a/drivers/iommu/intel/iommu.c
|
--- a/drivers/iommu/intel/iommu.c
|
||||||
+++ b/drivers/iommu/intel/iommu.c
|
+++ b/drivers/iommu/intel/iommu.c
|
||||||
@@ -298,6 +298,7 @@ static int dmar_map_gfx = 1;
|
@@ -234,6 +234,7 @@ static int dmar_map_gfx = 1;
|
||||||
static int dmar_map_ipu = 1;
|
static int dmar_map_ipu = 1;
|
||||||
static int intel_iommu_superpage = 1;
|
static int intel_iommu_superpage = 1;
|
||||||
static int iommu_identity_mapping;
|
static int iommu_identity_mapping;
|
||||||
|
@ -22,7 +22,7 @@ index 656b2150643e..06fefd2a4bfa 100644
|
||||||
static int iommu_skip_te_disable;
|
static int iommu_skip_te_disable;
|
||||||
|
|
||||||
#define IDENTMAP_GFX 2
|
#define IDENTMAP_GFX 2
|
||||||
@@ -359,6 +360,9 @@ static int __init intel_iommu_setup(char *str)
|
@@ -296,6 +297,9 @@ static int __init intel_iommu_setup(char *str)
|
||||||
} else if (!strncmp(str, "tboot_noforce", 13)) {
|
} else if (!strncmp(str, "tboot_noforce", 13)) {
|
||||||
pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n");
|
pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n");
|
||||||
intel_iommu_tboot_noforce = 1;
|
intel_iommu_tboot_noforce = 1;
|
||||||
|
@ -32,7 +32,7 @@ index 656b2150643e..06fefd2a4bfa 100644
|
||||||
} else {
|
} else {
|
||||||
pr_notice("Unknown option - '%s'\n", str);
|
pr_notice("Unknown option - '%s'\n", str);
|
||||||
}
|
}
|
||||||
@@ -2503,7 +2507,7 @@ static bool device_rmrr_is_relaxable(struct device *dev)
|
@@ -2470,7 +2474,7 @@ static bool device_rmrr_is_relaxable(struct device *dev)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
pdev = to_pci_dev(dev);
|
pdev = to_pci_dev(dev);
|
||||||
|
|
|
@ -24,14 +24,14 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
||||||
1 file changed, 1 insertion(+)
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
|
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
|
||||||
index c8466bc64b87..6154eda73d41 100644
|
index cf86607bc696..e2c080780d9a 100644
|
||||||
--- a/arch/x86/kvm/svm/svm.c
|
--- a/arch/x86/kvm/svm/svm.c
|
||||||
+++ b/arch/x86/kvm/svm/svm.c
|
+++ b/arch/x86/kvm/svm/svm.c
|
||||||
@@ -4983,6 +4983,7 @@ static __init void svm_set_cpu_caps(void)
|
@@ -5102,6 +5102,7 @@ static __init void svm_set_cpu_caps(void)
|
||||||
if (nested) {
|
if (nested) {
|
||||||
kvm_cpu_cap_set(X86_FEATURE_SVM);
|
kvm_cpu_cap_set(X86_FEATURE_SVM);
|
||||||
kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN);
|
kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN);
|
||||||
+ kvm_cpu_cap_set(X86_FEATURE_FLUSHBYASID);
|
+ kvm_cpu_cap_set(X86_FEATURE_FLUSHBYASID);
|
||||||
|
|
||||||
if (nrips)
|
/*
|
||||||
kvm_cpu_cap_set(X86_FEATURE_NRIPS);
|
* KVM currently flushes TLBs on *every* nested SVM transition,
|
|
@ -1,57 +0,0 @@
|
||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Sean Christopherson <seanjc@google.com>
|
|
||||||
Date: Wed, 18 Oct 2023 12:41:03 -0700
|
|
||||||
Subject: [PATCH] Revert "nSVM: Check for reserved encodings of TLB_CONTROL in
|
|
||||||
nested VMCB"
|
|
||||||
|
|
||||||
Revert KVM's made-up consistency check on SVM's TLB control. The APM says
|
|
||||||
that unsupported encodings are reserved, but the APM doesn't state that
|
|
||||||
VMRUN checks for a supported encoding. Unless something is called out
|
|
||||||
in "Canonicalization and Consistency Checks" or listed as MBZ (Must Be
|
|
||||||
Zero), AMD behavior is typically to let software shoot itself in the foot.
|
|
||||||
|
|
||||||
This reverts commit 174a921b6975ef959dd82ee9e8844067a62e3ec1.
|
|
||||||
|
|
||||||
Fixes: 174a921b6975 ("nSVM: Check for reserved encodings of TLB_CONTROL in nested VMCB")
|
|
||||||
Reported-by: Stefan Sterz <s.sterz@proxmox.com>
|
|
||||||
Closes: https://lkml.kernel.org/r/b9915c9c-4cf6-051a-2d91-44cc6380f455%40proxmox.com
|
|
||||||
Cc: stable@vger.kernel.org
|
|
||||||
Signed-off-by: Sean Christopherson <seanjc@google.com>
|
|
||||||
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/x86/kvm/svm/nested.c | 15 ---------------
|
|
||||||
1 file changed, 15 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
|
|
||||||
index 36482780a42f..43481f26a34b 100644
|
|
||||||
--- a/arch/x86/kvm/svm/nested.c
|
|
||||||
+++ b/arch/x86/kvm/svm/nested.c
|
|
||||||
@@ -247,18 +247,6 @@ static bool nested_svm_check_bitmap_pa(struct kvm_vcpu *vcpu, u64 pa, u32 size)
|
|
||||||
kvm_vcpu_is_legal_gpa(vcpu, addr + size - 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
-static bool nested_svm_check_tlb_ctl(struct kvm_vcpu *vcpu, u8 tlb_ctl)
|
|
||||||
-{
|
|
||||||
- /* Nested FLUSHBYASID is not supported yet. */
|
|
||||||
- switch(tlb_ctl) {
|
|
||||||
- case TLB_CONTROL_DO_NOTHING:
|
|
||||||
- case TLB_CONTROL_FLUSH_ALL_ASID:
|
|
||||||
- return true;
|
|
||||||
- default:
|
|
||||||
- return false;
|
|
||||||
- }
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
|
|
||||||
struct vmcb_ctrl_area_cached *control)
|
|
||||||
{
|
|
||||||
@@ -278,9 +266,6 @@ static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
|
|
||||||
IOPM_SIZE)))
|
|
||||||
return false;
|
|
||||||
|
|
||||||
- if (CC(!nested_svm_check_tlb_ctl(vcpu, control->tlb_ctl)))
|
|
||||||
- return false;
|
|
||||||
-
|
|
||||||
if (CC((control->int_ctl & V_NMI_ENABLE_MASK) &&
|
|
||||||
!vmcb12_is_intercept(control, INTERCEPT_NMI))) {
|
|
||||||
return false;
|
|
|
@ -30,7 +30,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/mm/memfd.c b/mm/memfd.c
|
diff --git a/mm/memfd.c b/mm/memfd.c
|
||||||
index 2dba2cb6f0d0..1c077e98e116 100644
|
index d3a1ba4208c9..6a9de5d9105e 100644
|
||||||
--- a/mm/memfd.c
|
--- a/mm/memfd.c
|
||||||
+++ b/mm/memfd.c
|
+++ b/mm/memfd.c
|
||||||
@@ -282,7 +282,7 @@ static int check_sysctl_memfd_noexec(unsigned int *flags)
|
@@ -282,7 +282,7 @@ static int check_sysctl_memfd_noexec(unsigned int *flags)
|
31
debian/patches/pve/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch
vendored
Normal file
31
debian/patches/pve/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch
vendored
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||||
|
Date: Wed, 10 Apr 2024 13:21:59 +0200
|
||||||
|
Subject: [PATCH] apparmor: expect msg_namelen=0 for recvmsg calls
|
||||||
|
|
||||||
|
When coming from sys_recvmsg, msg->msg_namelen is explicitly set to
|
||||||
|
zero early on. (see ____sys_recvmsg in net/socket.c)
|
||||||
|
We still end up in 'map_addr' where the assumption is that addr !=
|
||||||
|
NULL means addrlen has a valid size.
|
||||||
|
|
||||||
|
This is likely not a final fix, it was suggested by jjohansen on irc
|
||||||
|
to get things going until this is resolved properly.
|
||||||
|
|
||||||
|
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||||
|
---
|
||||||
|
security/apparmor/af_inet.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/security/apparmor/af_inet.c b/security/apparmor/af_inet.c
|
||||||
|
index 57b710054a76..35f905d9b960 100644
|
||||||
|
--- a/security/apparmor/af_inet.c
|
||||||
|
+++ b/security/apparmor/af_inet.c
|
||||||
|
@@ -766,7 +766,7 @@ int aa_inet_msg_perm(const char *op, u32 request, struct socket *sock,
|
||||||
|
/* do we need early bailout for !family ... */
|
||||||
|
return sk_has_perm2(sock->sk, op, request, profile, ad,
|
||||||
|
map_sock_addr(sock, ADDR_LOCAL, &laddr, &ad),
|
||||||
|
- map_addr(msg->msg_name, msg->msg_namelen, 0,
|
||||||
|
+ map_addr(msg->msg_namelen == 0 ? NULL : msg->msg_name, msg->msg_namelen, 0,
|
||||||
|
ADDR_REMOTE, &raddr, &ad),
|
||||||
|
profile_remote_perm(profile, sock->sk, request,
|
||||||
|
&raddr, &laddr.maddr, &ad));
|
|
@ -1,55 +0,0 @@
|
||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|
||||||
Date: Tue, 7 Nov 2023 09:26:16 +0100
|
|
||||||
Subject: [PATCH] Revert "UBUNTU: SAUCE: ceph: make sure all the files
|
|
||||||
successfully put before unmounting"
|
|
||||||
|
|
||||||
This reverts commit a53dba9297be9597eac7b17738723bd44bac97ea, which
|
|
||||||
was an early attempt to fix a bug that was actually present in the
|
|
||||||
ceph layer, as confirmed by the original patch author [0], and fixed
|
|
||||||
actually there now [1].
|
|
||||||
|
|
||||||
[0]: https://lore.kernel.org/all/8443166a-7182-7777-a489-14b5dab20bd5@redhat.com/
|
|
||||||
[1]: https://patchwork.kernel.org/project/ceph-devel/patch/20221221093031.132792-1-xiubli@redhat.com/
|
|
||||||
Hide
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|
||||||
---
|
|
||||||
fs/crypto/keyring.c | 6 +-----
|
|
||||||
fs/inode.c | 5 +----
|
|
||||||
2 files changed, 2 insertions(+), 9 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c
|
|
||||||
index 147b9a11c62c..7cbb1fd872ac 100644
|
|
||||||
--- a/fs/crypto/keyring.c
|
|
||||||
+++ b/fs/crypto/keyring.c
|
|
||||||
@@ -237,11 +237,7 @@ void fscrypt_destroy_keyring(struct super_block *sb)
|
|
||||||
* with ->mk_secret. There should be no structural refs
|
|
||||||
* beyond the one associated with the active ref.
|
|
||||||
*/
|
|
||||||
- if (refcount_read(&mk->mk_active_refs) != 1) {
|
|
||||||
- printk("fscrypt_destroy_keyring: mk_active_refs = %d\n",
|
|
||||||
- refcount_read(&mk->mk_active_refs));
|
|
||||||
- WARN_ON_ONCE(refcount_read(&mk->mk_active_refs) != 1);
|
|
||||||
- }
|
|
||||||
+ WARN_ON_ONCE(refcount_read(&mk->mk_active_refs) != 1);
|
|
||||||
WARN_ON_ONCE(refcount_read(&mk->mk_struct_refs) != 1);
|
|
||||||
WARN_ON_ONCE(!is_master_key_secret_present(&mk->mk_secret));
|
|
||||||
wipe_master_key_secret(&mk->mk_secret);
|
|
||||||
diff --git a/fs/inode.c b/fs/inode.c
|
|
||||||
index 3b8abad427b4..67611a360031 100644
|
|
||||||
--- a/fs/inode.c
|
|
||||||
+++ b/fs/inode.c
|
|
||||||
@@ -716,11 +716,8 @@ void evict_inodes(struct super_block *sb)
|
|
||||||
again:
|
|
||||||
spin_lock(&sb->s_inode_list_lock);
|
|
||||||
list_for_each_entry_safe(inode, next, &sb->s_inodes, i_sb_list) {
|
|
||||||
- if (atomic_read(&inode->i_count)) {
|
|
||||||
- printk("evict_inodes inode %p, i_count = %d, was skipped!\n",
|
|
||||||
- inode, atomic_read(&inode->i_count));
|
|
||||||
+ if (atomic_read(&inode->i_count))
|
|
||||||
continue;
|
|
||||||
- }
|
|
||||||
|
|
||||||
spin_lock(&inode->i_lock);
|
|
||||||
if (inode->i_state & (I_NEW | I_FREEING | I_WILL_FREE)) {
|
|
79
debian/patches/pve/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch
vendored
Normal file
79
debian/patches/pve/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch
vendored
Normal file
|
@ -0,0 +1,79 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Borislav Petkov (AMD)" <bp@alien8.de>
|
||||||
|
Date: Sun, 24 Mar 2024 20:51:35 +0100
|
||||||
|
Subject: [PATCH] x86/CPU/AMD: Improve the erratum 1386 workaround
|
||||||
|
|
||||||
|
Disable XSAVES only on machines which haven't loaded the microcode
|
||||||
|
revision containing the erratum fix.
|
||||||
|
|
||||||
|
This will come in handy when running archaic OSes as guests. OSes whose
|
||||||
|
brilliant programmers thought that CPUID is overrated and one should not
|
||||||
|
query it but use features directly, ala shoot first, ask questions
|
||||||
|
later... but only if you're alive after the shooting.
|
||||||
|
|
||||||
|
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
|
||||||
|
Tested-by: "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>
|
||||||
|
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
||||||
|
Link: https://lore.kernel.org/r/20240324200525.GBZgCHhYFsBj12PrKv@fat_crate.local
|
||||||
|
---
|
||||||
|
arch/x86/include/asm/cpu_device_id.h | 8 ++++++++
|
||||||
|
arch/x86/kernel/cpu/amd.c | 12 ++++++++++++
|
||||||
|
2 files changed, 20 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/arch/x86/include/asm/cpu_device_id.h b/arch/x86/include/asm/cpu_device_id.h
|
||||||
|
index e8e3dbe7f173..b6325ee30871 100644
|
||||||
|
--- a/arch/x86/include/asm/cpu_device_id.h
|
||||||
|
+++ b/arch/x86/include/asm/cpu_device_id.h
|
||||||
|
@@ -288,6 +288,14 @@ struct x86_cpu_desc {
|
||||||
|
.x86_microcode_rev = (revision), \
|
||||||
|
}
|
||||||
|
|
||||||
|
+#define AMD_CPU_DESC(fam, model, stepping, revision) { \
|
||||||
|
+ .x86_family = (fam), \
|
||||||
|
+ .x86_vendor = X86_VENDOR_AMD, \
|
||||||
|
+ .x86_model = (model), \
|
||||||
|
+ .x86_stepping = (stepping), \
|
||||||
|
+ .x86_microcode_rev = (revision), \
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
extern const struct x86_cpu_id *x86_match_cpu(const struct x86_cpu_id *match);
|
||||||
|
extern bool x86_cpu_has_min_microcode_rev(const struct x86_cpu_desc *table);
|
||||||
|
|
||||||
|
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
|
||||||
|
index 0838ea579eb0..ca6096dcc5c6 100644
|
||||||
|
--- a/arch/x86/kernel/cpu/amd.c
|
||||||
|
+++ b/arch/x86/kernel/cpu/amd.c
|
||||||
|
@@ -13,6 +13,7 @@
|
||||||
|
#include <asm/apic.h>
|
||||||
|
#include <asm/cacheinfo.h>
|
||||||
|
#include <asm/cpu.h>
|
||||||
|
+#include <asm/cpu_device_id.h>
|
||||||
|
#include <asm/spec-ctrl.h>
|
||||||
|
#include <asm/smp.h>
|
||||||
|
#include <asm/numa.h>
|
||||||
|
@@ -925,6 +926,11 @@ static void init_amd_bd(struct cpuinfo_x86 *c)
|
||||||
|
clear_rdrand_cpuid_bit(c);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static const struct x86_cpu_desc erratum_1386_microcode[] = {
|
||||||
|
+ AMD_CPU_DESC(0x17, 0x1, 0x2, 0x0800126e),
|
||||||
|
+ AMD_CPU_DESC(0x17, 0x31, 0x0, 0x08301052),
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
static void fix_erratum_1386(struct cpuinfo_x86 *c)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
@@ -934,7 +940,13 @@ static void fix_erratum_1386(struct cpuinfo_x86 *c)
|
||||||
|
*
|
||||||
|
* Affected parts all have no supervisor XSAVE states, meaning that
|
||||||
|
* the XSAVEC instruction (which works fine) is equivalent.
|
||||||
|
+ *
|
||||||
|
+ * Clear the feature flag only on microcode revisions which
|
||||||
|
+ * don't have the fix.
|
||||||
|
*/
|
||||||
|
+ if (x86_cpu_has_min_microcode_rev(erratum_1386_microcode))
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
clear_cpu_cap(c, X86_FEATURE_XSAVES);
|
||||||
|
}
|
||||||
|
|
108
debian/patches/pve/0014-cifs-fix-pagecache-leak-when-do-writepages.patch
vendored
Normal file
108
debian/patches/pve/0014-cifs-fix-pagecache-leak-when-do-writepages.patch
vendored
Normal file
|
@ -0,0 +1,108 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Yang Erkun <yangerkun@huawei.com>
|
||||||
|
Date: Tue, 25 Jun 2024 11:43:32 +0800
|
||||||
|
Subject: [PATCH] cifs: fix pagecache leak when do writepages
|
||||||
|
|
||||||
|
After commit f3dc1bdb6b0b("cifs: Fix writeback data corruption"), the
|
||||||
|
writepages for cifs will find all folio needed writepage with two phase.
|
||||||
|
The first folio will be found in cifs_writepages_begin, and the latter
|
||||||
|
various folios will be found in cifs_extend_writeback.
|
||||||
|
|
||||||
|
All those will first get folio, and for normal case, once we set page
|
||||||
|
writeback and after do really write, we should put the reference, folio
|
||||||
|
found in cifs_extend_writeback do this with folio_batch_release. But the
|
||||||
|
folio found in cifs_writepages_begin never get the chance do it. And
|
||||||
|
every writepages call, we will leak a folio(found this problem while do
|
||||||
|
xfstests over cifs, the latter show that we will leak about 600M+ every
|
||||||
|
we run generic/074).
|
||||||
|
|
||||||
|
echo 3 > /proc/sys/vm/drop_caches ; cat /proc/meminfo | grep file
|
||||||
|
Active(file): 34092 kB
|
||||||
|
Inactive(file): 176192 kB
|
||||||
|
./check generic/074 (smb v1)
|
||||||
|
...
|
||||||
|
generic/074 50s ... 53s
|
||||||
|
Ran: generic/074
|
||||||
|
Passed all 1 tests
|
||||||
|
|
||||||
|
echo 3 > /proc/sys/vm/drop_caches ; cat /proc/meminfo | grep file
|
||||||
|
Active(file): 35036 kB
|
||||||
|
Inactive(file): 854708 kB
|
||||||
|
|
||||||
|
Besides, the exist path seem never handle this folio correctly, fix it too
|
||||||
|
with this patch.
|
||||||
|
|
||||||
|
The problem does not exist in mainline since writepages path for cifs
|
||||||
|
has changed to netfs(3ee1a1fc3981 ("cifs: Cut over to using netfslib")).
|
||||||
|
It's had to backport all related change, so try fix this problem with this
|
||||||
|
single patch.
|
||||||
|
|
||||||
|
Fixes: f3dc1bdb6b0b ("cifs: Fix writeback data corruption")
|
||||||
|
Cc: stable@kernel.org # v6.6+
|
||||||
|
Signed-off-by: Yang Erkun <yangerkun@huawei.com>
|
||||||
|
(picked from https://lore.kernel.org/linux-cifs/20240625034332.750312-1-yangerkun@huawei.com/)
|
||||||
|
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
||||||
|
---
|
||||||
|
fs/smb/client/file.c | 16 +++++++++++++---
|
||||||
|
1 file changed, 13 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c
|
||||||
|
index af5c476db6e6..8aee0f520300 100644
|
||||||
|
--- a/fs/smb/client/file.c
|
||||||
|
+++ b/fs/smb/client/file.c
|
||||||
|
@@ -2845,17 +2845,21 @@ static ssize_t cifs_write_back_from_locked_folio(struct address_space *mapping,
|
||||||
|
rc = cifs_get_writable_file(CIFS_I(inode), FIND_WR_ANY, &cfile);
|
||||||
|
if (rc) {
|
||||||
|
cifs_dbg(VFS, "No writable handle in writepages rc=%d\n", rc);
|
||||||
|
+ folio_unlock(folio);
|
||||||
|
goto err_xid;
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = server->ops->wait_mtu_credits(server, cifs_sb->ctx->wsize,
|
||||||
|
&wsize, credits);
|
||||||
|
- if (rc != 0)
|
||||||
|
+ if (rc != 0) {
|
||||||
|
+ folio_unlock(folio);
|
||||||
|
goto err_close;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
wdata = cifs_writedata_alloc(cifs_writev_complete);
|
||||||
|
if (!wdata) {
|
||||||
|
rc = -ENOMEM;
|
||||||
|
+ folio_unlock(folio);
|
||||||
|
goto err_uncredit;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -3002,17 +3006,22 @@ static ssize_t cifs_writepages_begin(struct address_space *mapping,
|
||||||
|
lock_again:
|
||||||
|
if (wbc->sync_mode != WB_SYNC_NONE) {
|
||||||
|
ret = folio_lock_killable(folio);
|
||||||
|
- if (ret < 0)
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ folio_put(folio);
|
||||||
|
return ret;
|
||||||
|
+ }
|
||||||
|
} else {
|
||||||
|
- if (!folio_trylock(folio))
|
||||||
|
+ if (!folio_trylock(folio)) {
|
||||||
|
+ folio_put(folio);
|
||||||
|
goto search_again;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
if (folio->mapping != mapping ||
|
||||||
|
!folio_test_dirty(folio)) {
|
||||||
|
start += folio_size(folio);
|
||||||
|
folio_unlock(folio);
|
||||||
|
+ folio_put(folio);
|
||||||
|
goto search_again;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -3042,6 +3051,7 @@ static ssize_t cifs_writepages_begin(struct address_space *mapping,
|
||||||
|
out:
|
||||||
|
if (ret > 0)
|
||||||
|
*_start = start + ret;
|
||||||
|
+ folio_put(folio);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
|
@ -1,63 +0,0 @@
|
||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Mario Limonciello <mario.limonciello@amd.com>
|
|
||||||
Date: Wed, 4 Oct 2023 15:22:52 -0500
|
|
||||||
Subject: [PATCH] drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
|
|
||||||
|
|
||||||
For pptable structs that use flexible array sizes, use flexible arrays.
|
|
||||||
|
|
||||||
Suggested-by: Felix Held <felix.held@amd.com>
|
|
||||||
Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2874
|
|
||||||
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
|
|
||||||
Acked-by: Alex Deucher <alexander.deucher@amd.com>
|
|
||||||
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
||||||
(cherry-picked from commit 760efbca74a405dc439a013a5efaa9fadc95a8c3)
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
drivers/gpu/drm/amd/include/pptable.h | 4 ++--
|
|
||||||
drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h | 4 ++--
|
|
||||||
2 files changed, 4 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/drivers/gpu/drm/amd/include/pptable.h b/drivers/gpu/drm/amd/include/pptable.h
|
|
||||||
index 0b6a057e0a4c..5aac8d545bdc 100644
|
|
||||||
--- a/drivers/gpu/drm/amd/include/pptable.h
|
|
||||||
+++ b/drivers/gpu/drm/amd/include/pptable.h
|
|
||||||
@@ -78,7 +78,7 @@ typedef struct _ATOM_PPLIB_THERMALCONTROLLER
|
|
||||||
typedef struct _ATOM_PPLIB_STATE
|
|
||||||
{
|
|
||||||
UCHAR ucNonClockStateIndex;
|
|
||||||
- UCHAR ucClockStateIndices[1]; // variable-sized
|
|
||||||
+ UCHAR ucClockStateIndices[]; // variable-sized
|
|
||||||
} ATOM_PPLIB_STATE;
|
|
||||||
|
|
||||||
|
|
||||||
@@ -473,7 +473,7 @@ typedef struct _ATOM_PPLIB_STATE_V2
|
|
||||||
/**
|
|
||||||
* Driver will read the first ucNumDPMLevels in this array
|
|
||||||
*/
|
|
||||||
- UCHAR clockInfoIndex[1];
|
|
||||||
+ UCHAR clockInfoIndex[];
|
|
||||||
} ATOM_PPLIB_STATE_V2;
|
|
||||||
|
|
||||||
typedef struct _StateArray{
|
|
||||||
diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
|
|
||||||
index b0ac4d121adc..41444e27bfc0 100644
|
|
||||||
--- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
|
|
||||||
+++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
|
|
||||||
@@ -179,7 +179,7 @@ typedef struct _ATOM_Tonga_MCLK_Dependency_Record {
|
|
||||||
typedef struct _ATOM_Tonga_MCLK_Dependency_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries. */
|
|
||||||
- ATOM_Tonga_MCLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */
|
|
||||||
+ ATOM_Tonga_MCLK_Dependency_Record entries[]; /* Dynamically allocate entries. */
|
|
||||||
} ATOM_Tonga_MCLK_Dependency_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Tonga_SCLK_Dependency_Record {
|
|
||||||
@@ -194,7 +194,7 @@ typedef struct _ATOM_Tonga_SCLK_Dependency_Record {
|
|
||||||
typedef struct _ATOM_Tonga_SCLK_Dependency_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries. */
|
|
||||||
- ATOM_Tonga_SCLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */
|
|
||||||
+ ATOM_Tonga_SCLK_Dependency_Record entries[]; /* Dynamically allocate entries. */
|
|
||||||
} ATOM_Tonga_SCLK_Dependency_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Polaris_SCLK_Dependency_Record {
|
|
|
@ -1,76 +0,0 @@
|
||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Mario Limonciello <mario.limonciello@amd.com>
|
|
||||||
Date: Wed, 4 Oct 2023 15:46:44 -0500
|
|
||||||
Subject: [PATCH] drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and
|
|
||||||
Tonga
|
|
||||||
|
|
||||||
For pptable structs that use flexible array sizes, use flexible arrays.
|
|
||||||
|
|
||||||
Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2036742
|
|
||||||
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
|
|
||||||
Acked-by: Alex Deucher <alexander.deucher@amd.com>
|
|
||||||
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
||||||
(cherry-picked from commit 0f0e59075b5c22f1e871fbd508d6e4f495048356)
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
.../gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h | 12 ++++++------
|
|
||||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
|
|
||||||
index 41444e27bfc0..e0e40b054c08 100644
|
|
||||||
--- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
|
|
||||||
+++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
|
|
||||||
@@ -164,7 +164,7 @@ typedef struct _ATOM_Tonga_State {
|
|
||||||
typedef struct _ATOM_Tonga_State_Array {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries. */
|
|
||||||
- ATOM_Tonga_State entries[1]; /* Dynamically allocate entries. */
|
|
||||||
+ ATOM_Tonga_State entries[]; /* Dynamically allocate entries. */
|
|
||||||
} ATOM_Tonga_State_Array;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Tonga_MCLK_Dependency_Record {
|
|
||||||
@@ -210,7 +210,7 @@ typedef struct _ATOM_Polaris_SCLK_Dependency_Record {
|
|
||||||
typedef struct _ATOM_Polaris_SCLK_Dependency_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries. */
|
|
||||||
- ATOM_Polaris_SCLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */
|
|
||||||
+ ATOM_Polaris_SCLK_Dependency_Record entries[]; /* Dynamically allocate entries. */
|
|
||||||
} ATOM_Polaris_SCLK_Dependency_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Tonga_PCIE_Record {
|
|
||||||
@@ -222,7 +222,7 @@ typedef struct _ATOM_Tonga_PCIE_Record {
|
|
||||||
typedef struct _ATOM_Tonga_PCIE_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries. */
|
|
||||||
- ATOM_Tonga_PCIE_Record entries[1]; /* Dynamically allocate entries. */
|
|
||||||
+ ATOM_Tonga_PCIE_Record entries[]; /* Dynamically allocate entries. */
|
|
||||||
} ATOM_Tonga_PCIE_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Polaris10_PCIE_Record {
|
|
||||||
@@ -235,7 +235,7 @@ typedef struct _ATOM_Polaris10_PCIE_Record {
|
|
||||||
typedef struct _ATOM_Polaris10_PCIE_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries. */
|
|
||||||
- ATOM_Polaris10_PCIE_Record entries[1]; /* Dynamically allocate entries. */
|
|
||||||
+ ATOM_Polaris10_PCIE_Record entries[]; /* Dynamically allocate entries. */
|
|
||||||
} ATOM_Polaris10_PCIE_Table;
|
|
||||||
|
|
||||||
|
|
||||||
@@ -252,7 +252,7 @@ typedef struct _ATOM_Tonga_MM_Dependency_Record {
|
|
||||||
typedef struct _ATOM_Tonga_MM_Dependency_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries. */
|
|
||||||
- ATOM_Tonga_MM_Dependency_Record entries[1]; /* Dynamically allocate entries. */
|
|
||||||
+ ATOM_Tonga_MM_Dependency_Record entries[]; /* Dynamically allocate entries. */
|
|
||||||
} ATOM_Tonga_MM_Dependency_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Tonga_Voltage_Lookup_Record {
|
|
||||||
@@ -265,7 +265,7 @@ typedef struct _ATOM_Tonga_Voltage_Lookup_Record {
|
|
||||||
typedef struct _ATOM_Tonga_Voltage_Lookup_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries. */
|
|
||||||
- ATOM_Tonga_Voltage_Lookup_Record entries[1]; /* Dynamically allocate entries. */
|
|
||||||
+ ATOM_Tonga_Voltage_Lookup_Record entries[]; /* Dynamically allocate entries. */
|
|
||||||
} ATOM_Tonga_Voltage_Lookup_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Tonga_Fan_Table {
|
|
69
debian/patches/pve/0015-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch
vendored
Normal file
69
debian/patches/pve/0015-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch
vendored
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ma Jun <Jun.Ma2@amd.com>
|
||||||
|
Date: Tue, 19 Mar 2024 11:02:29 +0800
|
||||||
|
Subject: [PATCH] drm/amdgpu/pm: Don't use OD table on Arcturus
|
||||||
|
|
||||||
|
OD is not supported on Arcturus, so the OD table
|
||||||
|
should not be used.
|
||||||
|
|
||||||
|
Signed-off-by: Ma Jun <Jun.Ma2@amd.com>
|
||||||
|
Acked-by: Alex Deucher <alexander.deucher@amd.com>
|
||||||
|
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
||||||
|
(cherry picked from commit bc55c344b06f7e6f99eb92d393ff0a84c1532514)
|
||||||
|
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
||||||
|
---
|
||||||
|
.../gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 33 +++----------------
|
||||||
|
1 file changed, 5 insertions(+), 28 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c
|
||||||
|
index 40ba7227cca5..0c2d04f978ac 100644
|
||||||
|
--- a/drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c
|
||||||
|
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c
|
||||||
|
@@ -1283,11 +1283,8 @@ static int arcturus_get_power_limit(struct smu_context *smu,
|
||||||
|
uint32_t *max_power_limit,
|
||||||
|
uint32_t *min_power_limit)
|
||||||
|
{
|
||||||
|
- struct smu_11_0_powerplay_table *powerplay_table =
|
||||||
|
- (struct smu_11_0_powerplay_table *)smu->smu_table.power_play_table;
|
||||||
|
- struct smu_11_0_overdrive_table *od_settings = smu->od_settings;
|
||||||
|
PPTable_t *pptable = smu->smu_table.driver_pptable;
|
||||||
|
- uint32_t power_limit, od_percent_upper = 0, od_percent_lower = 0;
|
||||||
|
+ uint32_t power_limit;
|
||||||
|
|
||||||
|
if (smu_v11_0_get_current_power_limit(smu, &power_limit)) {
|
||||||
|
/* the last hope to figure out the ppt limit */
|
||||||
|
@@ -1303,30 +1300,10 @@ static int arcturus_get_power_limit(struct smu_context *smu,
|
||||||
|
*current_power_limit = power_limit;
|
||||||
|
if (default_power_limit)
|
||||||
|
*default_power_limit = power_limit;
|
||||||
|
-
|
||||||
|
- if (powerplay_table) {
|
||||||
|
- if (smu->od_enabled &&
|
||||||
|
- od_settings->cap[SMU_11_0_ODCAP_POWER_LIMIT]) {
|
||||||
|
- od_percent_upper = le32_to_cpu(powerplay_table->overdrive_table.max[SMU_11_0_ODSETTING_POWERPERCENTAGE]);
|
||||||
|
- od_percent_lower = le32_to_cpu(powerplay_table->overdrive_table.min[SMU_11_0_ODSETTING_POWERPERCENTAGE]);
|
||||||
|
- } else if (od_settings->cap[SMU_11_0_ODCAP_POWER_LIMIT]) {
|
||||||
|
- od_percent_upper = 0;
|
||||||
|
- od_percent_lower = le32_to_cpu(powerplay_table->overdrive_table.min[SMU_11_0_ODSETTING_POWERPERCENTAGE]);
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- dev_dbg(smu->adev->dev, "od percent upper:%d, od percent lower:%d (default power: %d)\n",
|
||||||
|
- od_percent_upper, od_percent_lower, power_limit);
|
||||||
|
-
|
||||||
|
- if (max_power_limit) {
|
||||||
|
- *max_power_limit = power_limit * (100 + od_percent_upper);
|
||||||
|
- *max_power_limit /= 100;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (min_power_limit) {
|
||||||
|
- *min_power_limit = power_limit * (100 - od_percent_lower);
|
||||||
|
- *min_power_limit /= 100;
|
||||||
|
- }
|
||||||
|
+ if (max_power_limit)
|
||||||
|
+ *max_power_limit = power_limit;
|
||||||
|
+ if (min_power_limit)
|
||||||
|
+ *min_power_limit = power_limit;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
58
debian/patches/pve/0016-SUNRPC-Fix-backchannel-reply-again.patch
vendored
Normal file
58
debian/patches/pve/0016-SUNRPC-Fix-backchannel-reply-again.patch
vendored
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Chuck Lever <chuck.lever@oracle.com>
|
||||||
|
Date: Wed, 19 Jun 2024 09:51:08 -0400
|
||||||
|
Subject: [PATCH] SUNRPC: Fix backchannel reply, again
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
[ Upstream commit 6ddc9deacc1312762c2edd9de00ce76b00f69f7c ]
|
||||||
|
|
||||||
|
I still see "RPC: Could not send backchannel reply error: -110"
|
||||||
|
quite often, along with slow-running tests. Debugging shows that the
|
||||||
|
backchannel is still stumbling when it has to queue a callback reply
|
||||||
|
on a busy transport.
|
||||||
|
|
||||||
|
Note that every one of these timeouts causes a connection loss by
|
||||||
|
virtue of the xprt_conditional_disconnect() call in that arm of
|
||||||
|
call_cb_transmit_status().
|
||||||
|
|
||||||
|
I found that setting to_maxval is necessary to get the RPC timeout
|
||||||
|
logic to behave whenever to_exponential is not set.
|
||||||
|
|
||||||
|
Fixes: 57331a59ac0d ("NFSv4.1: Use the nfs_client's rpc timeouts for backchannel")
|
||||||
|
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
||||||
|
Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
|
||||||
|
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
|
||||||
|
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||||||
|
(cherry picked from commit bd1e42e0f2567c911d3df761cf7a33b021fdceeb)
|
||||||
|
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
|
||||||
|
---
|
||||||
|
net/sunrpc/svc.c | 5 ++++-
|
||||||
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
|
||||||
|
index bd61e257cda6..bac1886f07da 100644
|
||||||
|
--- a/net/sunrpc/svc.c
|
||||||
|
+++ b/net/sunrpc/svc.c
|
||||||
|
@@ -1546,9 +1546,11 @@ void svc_process(struct svc_rqst *rqstp)
|
||||||
|
*/
|
||||||
|
void svc_process_bc(struct rpc_rqst *req, struct svc_rqst *rqstp)
|
||||||
|
{
|
||||||
|
+ struct rpc_timeout timeout = {
|
||||||
|
+ .to_increment = 0,
|
||||||
|
+ };
|
||||||
|
struct rpc_task *task;
|
||||||
|
int proc_error;
|
||||||
|
- struct rpc_timeout timeout;
|
||||||
|
|
||||||
|
/* Build the svc_rqst used by the common processing routine */
|
||||||
|
rqstp->rq_xid = req->rq_xid;
|
||||||
|
@@ -1601,6 +1603,7 @@ void svc_process_bc(struct rpc_rqst *req, struct svc_rqst *rqstp)
|
||||||
|
timeout.to_initval = req->rq_xprt->timeout->to_initval;
|
||||||
|
timeout.to_retries = req->rq_xprt->timeout->to_retries;
|
||||||
|
}
|
||||||
|
+ timeout.to_maxval = timeout.to_initval;
|
||||||
|
memcpy(&req->rq_snd_buf, &rqstp->rq_res, sizeof(req->rq_snd_buf));
|
||||||
|
task = rpc_run_bc_task(req, &timeout);
|
||||||
|
|
|
@ -1,146 +0,0 @@
|
||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Alex Deucher <alexander.deucher@amd.com>
|
|
||||||
Date: Fri, 27 Oct 2023 16:40:47 -0400
|
|
||||||
Subject: [PATCH] drm/amd: Fix UBSAN array-index-out-of-bounds for Powerplay
|
|
||||||
headers
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
For pptable structs that use flexible array sizes, use flexible arrays.
|
|
||||||
|
|
||||||
Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2039926
|
|
||||||
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
|
|
||||||
Acked-by: Christian König <christian.koenig@amd.com>
|
|
||||||
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
||||||
(cherry-picked from commit 49afe91370b86566857a3c2c39612cf098110885)
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
.../drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h | 4 ++--
|
|
||||||
.../amd/pm/powerplay/hwmgr/vega10_pptable.h | 24 +++++++++----------
|
|
||||||
2 files changed, 14 insertions(+), 14 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
|
|
||||||
index e0e40b054c08..5ec564dbf339 100644
|
|
||||||
--- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
|
|
||||||
+++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
|
|
||||||
@@ -367,7 +367,7 @@ typedef struct _ATOM_Tonga_VCE_State_Record {
|
|
||||||
typedef struct _ATOM_Tonga_VCE_State_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries;
|
|
||||||
- ATOM_Tonga_VCE_State_Record entries[1];
|
|
||||||
+ ATOM_Tonga_VCE_State_Record entries[];
|
|
||||||
} ATOM_Tonga_VCE_State_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Tonga_PowerTune_Table {
|
|
||||||
@@ -482,7 +482,7 @@ typedef struct _ATOM_Tonga_Hard_Limit_Record {
|
|
||||||
typedef struct _ATOM_Tonga_Hard_Limit_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries;
|
|
||||||
- ATOM_Tonga_Hard_Limit_Record entries[1];
|
|
||||||
+ ATOM_Tonga_Hard_Limit_Record entries[];
|
|
||||||
} ATOM_Tonga_Hard_Limit_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Tonga_GPIO_Table {
|
|
||||||
diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_pptable.h b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_pptable.h
|
|
||||||
index 9c479bd9a786..a372abcd01be 100644
|
|
||||||
--- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_pptable.h
|
|
||||||
+++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_pptable.h
|
|
||||||
@@ -129,7 +129,7 @@ typedef struct _ATOM_Vega10_State {
|
|
||||||
typedef struct _ATOM_Vega10_State_Array {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries. */
|
|
||||||
- ATOM_Vega10_State states[1]; /* Dynamically allocate entries. */
|
|
||||||
+ ATOM_Vega10_State states[]; /* Dynamically allocate entries. */
|
|
||||||
} ATOM_Vega10_State_Array;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Vega10_CLK_Dependency_Record {
|
|
||||||
@@ -169,37 +169,37 @@ typedef struct _ATOM_Vega10_GFXCLK_Dependency_Table {
|
|
||||||
typedef struct _ATOM_Vega10_MCLK_Dependency_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries. */
|
|
||||||
- ATOM_Vega10_MCLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */
|
|
||||||
+ ATOM_Vega10_MCLK_Dependency_Record entries[]; /* Dynamically allocate entries. */
|
|
||||||
} ATOM_Vega10_MCLK_Dependency_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Vega10_SOCCLK_Dependency_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries. */
|
|
||||||
- ATOM_Vega10_CLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */
|
|
||||||
+ ATOM_Vega10_CLK_Dependency_Record entries[]; /* Dynamically allocate entries. */
|
|
||||||
} ATOM_Vega10_SOCCLK_Dependency_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Vega10_DCEFCLK_Dependency_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries. */
|
|
||||||
- ATOM_Vega10_CLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */
|
|
||||||
+ ATOM_Vega10_CLK_Dependency_Record entries[]; /* Dynamically allocate entries. */
|
|
||||||
} ATOM_Vega10_DCEFCLK_Dependency_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Vega10_PIXCLK_Dependency_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries. */
|
|
||||||
- ATOM_Vega10_CLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */
|
|
||||||
+ ATOM_Vega10_CLK_Dependency_Record entries[]; /* Dynamically allocate entries. */
|
|
||||||
} ATOM_Vega10_PIXCLK_Dependency_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Vega10_DISPCLK_Dependency_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries.*/
|
|
||||||
- ATOM_Vega10_CLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */
|
|
||||||
+ ATOM_Vega10_CLK_Dependency_Record entries[]; /* Dynamically allocate entries. */
|
|
||||||
} ATOM_Vega10_DISPCLK_Dependency_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Vega10_PHYCLK_Dependency_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries. */
|
|
||||||
- ATOM_Vega10_CLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */
|
|
||||||
+ ATOM_Vega10_CLK_Dependency_Record entries[]; /* Dynamically allocate entries. */
|
|
||||||
} ATOM_Vega10_PHYCLK_Dependency_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Vega10_MM_Dependency_Record {
|
|
||||||
@@ -213,7 +213,7 @@ typedef struct _ATOM_Vega10_MM_Dependency_Record {
|
|
||||||
typedef struct _ATOM_Vega10_MM_Dependency_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries */
|
|
||||||
- ATOM_Vega10_MM_Dependency_Record entries[1]; /* Dynamically allocate entries */
|
|
||||||
+ ATOM_Vega10_MM_Dependency_Record entries[]; /* Dynamically allocate entries */
|
|
||||||
} ATOM_Vega10_MM_Dependency_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Vega10_PCIE_Record {
|
|
||||||
@@ -225,7 +225,7 @@ typedef struct _ATOM_Vega10_PCIE_Record {
|
|
||||||
typedef struct _ATOM_Vega10_PCIE_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries */
|
|
||||||
- ATOM_Vega10_PCIE_Record entries[1]; /* Dynamically allocate entries. */
|
|
||||||
+ ATOM_Vega10_PCIE_Record entries[]; /* Dynamically allocate entries. */
|
|
||||||
} ATOM_Vega10_PCIE_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Vega10_Voltage_Lookup_Record {
|
|
||||||
@@ -235,7 +235,7 @@ typedef struct _ATOM_Vega10_Voltage_Lookup_Record {
|
|
||||||
typedef struct _ATOM_Vega10_Voltage_Lookup_Table {
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries; /* Number of entries */
|
|
||||||
- ATOM_Vega10_Voltage_Lookup_Record entries[1]; /* Dynamically allocate entries */
|
|
||||||
+ ATOM_Vega10_Voltage_Lookup_Record entries[]; /* Dynamically allocate entries */
|
|
||||||
} ATOM_Vega10_Voltage_Lookup_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Vega10_Fan_Table {
|
|
||||||
@@ -329,7 +329,7 @@ typedef struct _ATOM_Vega10_VCE_State_Table
|
|
||||||
{
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries;
|
|
||||||
- ATOM_Vega10_VCE_State_Record entries[1];
|
|
||||||
+ ATOM_Vega10_VCE_State_Record entries[];
|
|
||||||
} ATOM_Vega10_VCE_State_Table;
|
|
||||||
|
|
||||||
typedef struct _ATOM_Vega10_PowerTune_Table {
|
|
||||||
@@ -432,7 +432,7 @@ typedef struct _ATOM_Vega10_Hard_Limit_Table
|
|
||||||
{
|
|
||||||
UCHAR ucRevId;
|
|
||||||
UCHAR ucNumEntries;
|
|
||||||
- ATOM_Vega10_Hard_Limit_Record entries[1];
|
|
||||||
+ ATOM_Vega10_Hard_Limit_Record entries[];
|
|
||||||
} ATOM_Vega10_Hard_Limit_Table;
|
|
||||||
|
|
||||||
typedef struct _Vega10_PPTable_Generic_SubTable_Header
|
|
52
debian/patches/pve/0017-tap-add-missing-verification-for-short-frame.patch
vendored
Normal file
52
debian/patches/pve/0017-tap-add-missing-verification-for-short-frame.patch
vendored
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Si-Wei Liu <si-wei.liu@oracle.com>
|
||||||
|
Date: Wed, 24 Jul 2024 10:04:51 -0700
|
||||||
|
Subject: [PATCH] tap: add missing verification for short frame
|
||||||
|
|
||||||
|
The cited commit missed to check against the validity of the frame length
|
||||||
|
in the tap_get_user_xdp() path, which could cause a corrupted skb to be
|
||||||
|
sent downstack. Even before the skb is transmitted, the
|
||||||
|
tap_get_user_xdp()-->skb_set_network_header() may assume the size is more
|
||||||
|
than ETH_HLEN. Once transmitted, this could either cause out-of-bound
|
||||||
|
access beyond the actual length, or confuse the underlayer with incorrect
|
||||||
|
or inconsistent header length in the skb metadata.
|
||||||
|
|
||||||
|
In the alternative path, tap_get_user() already prohibits short frame which
|
||||||
|
has the length less than Ethernet header size from being transmitted.
|
||||||
|
|
||||||
|
This is to drop any frame shorter than the Ethernet header size just like
|
||||||
|
how tap_get_user() does.
|
||||||
|
|
||||||
|
CVE: CVE-2024-41090
|
||||||
|
Link: https://lore.kernel.org/netdev/1717026141-25716-1-git-send-email-si-wei.liu@oracle.com/
|
||||||
|
Fixes: 0efac27791ee ("tap: accept an array of XDP buffs through sendmsg()")
|
||||||
|
Cc: stable@vger.kernel.org
|
||||||
|
Signed-off-by: Si-Wei Liu <si-wei.liu@oracle.com>
|
||||||
|
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
|
||||||
|
Reviewed-by: Willem de Bruijn <willemb@google.com>
|
||||||
|
Reviewed-by: Paolo Abeni <pabeni@redhat.com>
|
||||||
|
Reviewed-by: Jason Wang <jasowang@redhat.com>
|
||||||
|
Link: https://patch.msgid.link/20240724170452.16837-2-dongli.zhang@oracle.com
|
||||||
|
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
||||||
|
(cherry picked from commit ed7f2afdd0e043a397677e597ced0830b83ba0b3)
|
||||||
|
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
||||||
|
---
|
||||||
|
drivers/net/tap.c | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/drivers/net/tap.c b/drivers/net/tap.c
|
||||||
|
index 9f0495e8df4d..feeeac715c18 100644
|
||||||
|
--- a/drivers/net/tap.c
|
||||||
|
+++ b/drivers/net/tap.c
|
||||||
|
@@ -1177,6 +1177,11 @@ static int tap_get_user_xdp(struct tap_queue *q, struct xdp_buff *xdp)
|
||||||
|
struct sk_buff *skb;
|
||||||
|
int err, depth;
|
||||||
|
|
||||||
|
+ if (unlikely(xdp->data_end - xdp->data < ETH_HLEN)) {
|
||||||
|
+ err = -EINVAL;
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (q->flags & IFF_VNET_HDR)
|
||||||
|
vnet_hdr_len = READ_ONCE(q->vnet_hdr_sz);
|
||||||
|
|
51
debian/patches/pve/0018-tun-add-missing-verification-for-short-frame.patch
vendored
Normal file
51
debian/patches/pve/0018-tun-add-missing-verification-for-short-frame.patch
vendored
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dongli Zhang <dongli.zhang@oracle.com>
|
||||||
|
Date: Wed, 24 Jul 2024 10:04:52 -0700
|
||||||
|
Subject: [PATCH] tun: add missing verification for short frame
|
||||||
|
|
||||||
|
The cited commit missed to check against the validity of the frame length
|
||||||
|
in the tun_xdp_one() path, which could cause a corrupted skb to be sent
|
||||||
|
downstack. Even before the skb is transmitted, the
|
||||||
|
tun_xdp_one-->eth_type_trans() may access the Ethernet header although it
|
||||||
|
can be less than ETH_HLEN. Once transmitted, this could either cause
|
||||||
|
out-of-bound access beyond the actual length, or confuse the underlayer
|
||||||
|
with incorrect or inconsistent header length in the skb metadata.
|
||||||
|
|
||||||
|
In the alternative path, tun_get_user() already prohibits short frame which
|
||||||
|
has the length less than Ethernet header size from being transmitted for
|
||||||
|
IFF_TAP.
|
||||||
|
|
||||||
|
This is to drop any frame shorter than the Ethernet header size just like
|
||||||
|
how tun_get_user() does.
|
||||||
|
|
||||||
|
CVE: CVE-2024-41091
|
||||||
|
Inspired-by: https://lore.kernel.org/netdev/1717026141-25716-1-git-send-email-si-wei.liu@oracle.com/
|
||||||
|
Fixes: 043d222f93ab ("tuntap: accept an array of XDP buffs through sendmsg()")
|
||||||
|
Cc: stable@vger.kernel.org
|
||||||
|
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
|
||||||
|
Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com>
|
||||||
|
Reviewed-by: Willem de Bruijn <willemb@google.com>
|
||||||
|
Reviewed-by: Paolo Abeni <pabeni@redhat.com>
|
||||||
|
Reviewed-by: Jason Wang <jasowang@redhat.com>
|
||||||
|
Link: https://patch.msgid.link/20240724170452.16837-3-dongli.zhang@oracle.com
|
||||||
|
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
||||||
|
(cherry picked from commit 049584807f1d797fc3078b68035450a9769eb5c3)
|
||||||
|
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
||||||
|
---
|
||||||
|
drivers/net/tun.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
|
||||||
|
index 86515f0c2b6c..e9cd3b810e2c 100644
|
||||||
|
--- a/drivers/net/tun.c
|
||||||
|
+++ b/drivers/net/tun.c
|
||||||
|
@@ -2459,6 +2459,9 @@ static int tun_xdp_one(struct tun_struct *tun,
|
||||||
|
bool skb_xdp = false;
|
||||||
|
struct page *page;
|
||||||
|
|
||||||
|
+ if (unlikely(datasize < ETH_HLEN))
|
||||||
|
+ return -EINVAL;
|
||||||
|
+
|
||||||
|
xdp_prog = rcu_dereference(tun->xdp_prog);
|
||||||
|
if (xdp_prog) {
|
||||||
|
if (gso->gso_type) {
|
101
debian/patches/pve/0019-apparmor-fix-possible-NULL-pointer-dereference.patch
vendored
Normal file
101
debian/patches/pve/0019-apparmor-fix-possible-NULL-pointer-dereference.patch
vendored
Normal file
|
@ -0,0 +1,101 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Leesoo Ahn <lsahn@ooseel.net>
|
||||||
|
Date: Wed, 8 May 2024 01:12:29 +0900
|
||||||
|
Subject: [PATCH] apparmor: fix possible NULL pointer dereference
|
||||||
|
|
||||||
|
profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made
|
||||||
|
from __create_missing_ancestors(..) and 'ent->old' is NULL in
|
||||||
|
aa_replace_profiles(..).
|
||||||
|
In that case, it must return an error code and the code, -ENOENT represents
|
||||||
|
its state that the path of its parent is not existed yet.
|
||||||
|
|
||||||
|
BUG: kernel NULL pointer dereference, address: 0000000000000030
|
||||||
|
PGD 0 P4D 0
|
||||||
|
PREEMPT SMP PTI
|
||||||
|
CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24
|
||||||
|
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014
|
||||||
|
RIP: 0010:aafs_create.constprop.0+0x7f/0x130
|
||||||
|
Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae
|
||||||
|
RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246
|
||||||
|
RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000
|
||||||
|
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
|
||||||
|
RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000
|
||||||
|
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10
|
||||||
|
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
|
||||||
|
FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000
|
||||||
|
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
|
||||||
|
CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0
|
||||||
|
Call Trace:
|
||||||
|
<TASK>
|
||||||
|
? show_regs+0x6d/0x80
|
||||||
|
? __die+0x24/0x80
|
||||||
|
? page_fault_oops+0x99/0x1b0
|
||||||
|
? kernelmode_fixup_or_oops+0xb2/0x140
|
||||||
|
? __bad_area_nosemaphore+0x1a5/0x2c0
|
||||||
|
? find_vma+0x34/0x60
|
||||||
|
? bad_area_nosemaphore+0x16/0x30
|
||||||
|
? do_user_addr_fault+0x2a2/0x6b0
|
||||||
|
? exc_page_fault+0x83/0x1b0
|
||||||
|
? asm_exc_page_fault+0x27/0x30
|
||||||
|
? aafs_create.constprop.0+0x7f/0x130
|
||||||
|
? aafs_create.constprop.0+0x51/0x130
|
||||||
|
__aafs_profile_mkdir+0x3d6/0x480
|
||||||
|
aa_replace_profiles+0x83f/0x1270
|
||||||
|
policy_update+0xe3/0x180
|
||||||
|
profile_load+0xbc/0x150
|
||||||
|
? rw_verify_area+0x47/0x140
|
||||||
|
vfs_write+0x100/0x480
|
||||||
|
? __x64_sys_openat+0x55/0xa0
|
||||||
|
? syscall_exit_to_user_mode+0x86/0x260
|
||||||
|
ksys_write+0x73/0x100
|
||||||
|
__x64_sys_write+0x19/0x30
|
||||||
|
x64_sys_call+0x7e/0x25c0
|
||||||
|
do_syscall_64+0x7f/0x180
|
||||||
|
entry_SYSCALL_64_after_hwframe+0x78/0x80
|
||||||
|
RIP: 0033:0x7be9f211c574
|
||||||
|
Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89
|
||||||
|
RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
|
||||||
|
RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574
|
||||||
|
RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004
|
||||||
|
RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000
|
||||||
|
R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80
|
||||||
|
R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30
|
||||||
|
</TASK>
|
||||||
|
Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas
|
||||||
|
CR2: 0000000000000030
|
||||||
|
---[ end trace 0000000000000000 ]---
|
||||||
|
RIP: 0010:aafs_create.constprop.0+0x7f/0x130
|
||||||
|
Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae
|
||||||
|
RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246
|
||||||
|
RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000
|
||||||
|
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
|
||||||
|
RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000
|
||||||
|
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10
|
||||||
|
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
|
||||||
|
FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000
|
||||||
|
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
|
||||||
|
CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0
|
||||||
|
|
||||||
|
Signed-off-by: Leesoo Ahn <lsahn@ooseel.net>
|
||||||
|
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
||||||
|
(cherry picked from commit 3dd384108d53834002be5630132ad5c3f32166ad)
|
||||||
|
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
||||||
|
---
|
||||||
|
security/apparmor/apparmorfs.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
|
||||||
|
index be6c3293c9e0..822f2e6a96a7 100644
|
||||||
|
--- a/security/apparmor/apparmorfs.c
|
||||||
|
+++ b/security/apparmor/apparmorfs.c
|
||||||
|
@@ -1921,6 +1921,10 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
|
||||||
|
struct aa_profile *p;
|
||||||
|
p = aa_deref_parent(profile);
|
||||||
|
dent = prof_dir(p);
|
||||||
|
+ if (!dent) {
|
||||||
|
+ error = -ENOENT;
|
||||||
|
+ goto fail2;
|
||||||
|
+ }
|
||||||
|
/* adding to parent that previously didn't have children */
|
||||||
|
dent = aafs_create_dir("profiles", dent);
|
||||||
|
if (IS_ERR(dent))
|
54
debian/patches/pve/0020-PCI-pciehp-Retain-Power-Indicator-bits-for-userspace.patch
vendored
Normal file
54
debian/patches/pve/0020-PCI-pciehp-Retain-Power-Indicator-bits-for-userspace.patch
vendored
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Blazej Kucman <blazej.kucman@intel.com>
|
||||||
|
Date: Mon, 22 Jul 2024 16:14:40 +0200
|
||||||
|
Subject: [PATCH] PCI: pciehp: Retain Power Indicator bits for userspace
|
||||||
|
indicators
|
||||||
|
|
||||||
|
The sysfs "attention" file normally controls the Slot Control Attention
|
||||||
|
Indicator with 0 (off), 1 (on), 2 (blink) settings.
|
||||||
|
|
||||||
|
576243b3f9ea ("PCI: pciehp: Allow exclusive userspace control of
|
||||||
|
indicators") added pciehp_set_raw_indicator_status() to allow userspace to
|
||||||
|
directly control all four bits in both the Attention Indicator and the
|
||||||
|
Power Indicator fields via the "attention" file.
|
||||||
|
|
||||||
|
This is used on Intel VMD bridges so utilities like "ledmon" can use sysfs
|
||||||
|
"attention" to control up to 16 indicators for NVMe device RAID status.
|
||||||
|
|
||||||
|
abaaac4845a0 ("PCI: hotplug: Use FIELD_GET/PREP()") broke this by masking
|
||||||
|
the sysfs data with PCI_EXP_SLTCTL_AIC, which discards the upper two bits
|
||||||
|
intended for the Power Indicator Control field (PCI_EXP_SLTCTL_PIC).
|
||||||
|
|
||||||
|
For NVMe devices behind an Intel VMD, ledmon settings that use the
|
||||||
|
PCI_EXP_SLTCTL_PIC bits, i.e., ATTENTION_REBUILD (0x5), ATTENTION_LOCATE
|
||||||
|
(0x7), ATTENTION_FAILURE (0xD), ATTENTION_OFF (0xF), no longer worked
|
||||||
|
correctly.
|
||||||
|
|
||||||
|
Mask with PCI_EXP_SLTCTL_AIC | PCI_EXP_SLTCTL_PIC to retain both the
|
||||||
|
Attention Indicator and the Power Indicator bits.
|
||||||
|
|
||||||
|
Fixes: abaaac4845a0 ("PCI: hotplug: Use FIELD_GET/PREP()")
|
||||||
|
Link: https://lore.kernel.org/r/20240722141440.7210-1-blazej.kucman@intel.com
|
||||||
|
Signed-off-by: Blazej Kucman <blazej.kucman@intel.com>
|
||||||
|
[bhelgaas: commit log]
|
||||||
|
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
|
||||||
|
Cc: stable@vger.kernel.org # v6.7+
|
||||||
|
---
|
||||||
|
drivers/pci/hotplug/pciehp_hpc.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c
|
||||||
|
index b1d0a1b3917d..9d3c249207c4 100644
|
||||||
|
--- a/drivers/pci/hotplug/pciehp_hpc.c
|
||||||
|
+++ b/drivers/pci/hotplug/pciehp_hpc.c
|
||||||
|
@@ -485,7 +485,9 @@ int pciehp_set_raw_indicator_status(struct hotplug_slot *hotplug_slot,
|
||||||
|
struct pci_dev *pdev = ctrl_dev(ctrl);
|
||||||
|
|
||||||
|
pci_config_pm_runtime_get(pdev);
|
||||||
|
- pcie_write_cmd_nowait(ctrl, FIELD_PREP(PCI_EXP_SLTCTL_AIC, status),
|
||||||
|
+
|
||||||
|
+ /* Attention and Power Indicator Control bits are supported */
|
||||||
|
+ pcie_write_cmd_nowait(ctrl, FIELD_PREP(PCI_EXP_SLTCTL_AIC | PCI_EXP_SLTCTL_PIC, status),
|
||||||
|
PCI_EXP_SLTCTL_AIC | PCI_EXP_SLTCTL_PIC);
|
||||||
|
pci_config_pm_runtime_put(pdev);
|
||||||
|
return 0;
|
18
debian/patches/series.linux
vendored
18
debian/patches/series.linux
vendored
|
@ -7,10 +7,14 @@ pve/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch
|
||||||
pve/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch
|
pve/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch
|
||||||
pve/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch
|
pve/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch
|
||||||
pve/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch
|
pve/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch
|
||||||
pve/0010-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch
|
pve/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch
|
||||||
pve/0011-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch
|
pve/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch
|
||||||
pve/0012-revert-memfd-improve-userspace-warnings-for-missing-.patch
|
pve/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch
|
||||||
#pve/0013-Revert-UBUNTU-SAUCE-ceph-make-sure-all-the-files-suc.patch
|
pve/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch
|
||||||
pve/0014-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch
|
pve/0014-cifs-fix-pagecache-leak-when-do-writepages.patch
|
||||||
pve/0015-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch
|
pve/0015-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch
|
||||||
pve/0016-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Powe.patch
|
pve/0016-SUNRPC-Fix-backchannel-reply-again.patch
|
||||||
|
pve/0017-tap-add-missing-verification-for-short-frame.patch
|
||||||
|
pve/0018-tun-add-missing-verification-for-short-frame.patch
|
||||||
|
pve/0019-apparmor-fix-possible-NULL-pointer-dereference.patch
|
||||||
|
pve/0020-PCI-pciehp-Retain-Power-Indicator-bits-for-userspace.patch
|
||||||
|
|
Loading…
Reference in a new issue