diff --git a/patches/kernel/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch b/patches/kernel/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch index 93dba9f..2ba3815 100644 --- a/patches/kernel/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch +++ b/patches/kernel/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch @@ -21,7 +21,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/init/Makefile b/init/Makefile -index cbac576c57d6..479b1253fcbe 100644 +index 10b652d33e87..e4dabde27b90 100644 --- a/init/Makefile +++ b/init/Makefile @@ -29,7 +29,7 @@ preempt-flag-$(CONFIG_PREEMPT_DYNAMIC) := PREEMPT_DYNAMIC diff --git a/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch b/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch index 0ff2916..eac3c16 100644 --- a/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch +++ b/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch @@ -55,10 +55,10 @@ Signed-off-by: Thomas Lamprecht 2 files changed, 111 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt -index e58f3bbb7643..d574123d82bd 100644 +index 89f899cccf38..dfe0d1e400e2 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -4403,6 +4403,15 @@ +@@ -4422,6 +4422,15 @@ Also, it enforces the PCI Local Bus spec rule that those bits should be 0 in system reset events (useful for kexec/kdump cases). @@ -75,7 +75,7 @@ index e58f3bbb7643..d574123d82bd 100644 Safety option to keep boot IRQs enabled. This should never be necessary. diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c -index ce469d84ebae..4f163ef55e7b 100644 +index ba021ba458a7..bc35fd0e9b4b 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -287,6 +287,106 @@ static int __init pci_apply_final_quirks(void) diff --git a/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch b/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch index 8d590eb..0cca29c 100644 --- a/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch +++ b/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch @@ -13,10 +13,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 6a56de7ff82e..96bd40a73e0e 100644 +index cb2b78e92910..ebfb1def4662 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c -@@ -82,7 +82,7 @@ module_param(halt_poll_ns, uint, 0644); +@@ -80,7 +80,7 @@ module_param(halt_poll_ns, uint, 0644); EXPORT_SYMBOL_GPL(halt_poll_ns); /* Default doubles per-vcpu halt_poll_ns. */ diff --git a/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch b/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch index 50b02ce..958b999 100644 --- a/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch +++ b/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch @@ -14,10 +14,10 @@ Signed-off-by: Fabian Grünbichler 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/dev.c b/net/core/dev.c -index a32811aebde5..15078ab81ec8 100644 +index f66e61407883..07ffd47a2010 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -10471,7 +10471,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list) +@@ -10672,7 +10672,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list) if (time_after(jiffies, warning_time + READ_ONCE(netdev_unregister_timeout_secs) * HZ)) { list_for_each_entry(dev, list, todo_list) { diff --git a/patches/kernel/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch b/patches/kernel/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch index f6186d1..29c97d6 100644 --- a/patches/kernel/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch +++ b/patches/kernel/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch @@ -16,10 +16,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h -index e99dbc052575..9e9cdb198b82 100644 +index 0d99bf11d260..fe04f7f93575 100644 --- a/include/linux/fortify-string.h +++ b/include/linux/fortify-string.h -@@ -18,7 +18,7 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning(" +@@ -62,7 +62,7 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning(" #define __compiletime_strlen(p) \ ({ \ diff --git a/patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch b/patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch index 233c666..b14e6da 100644 --- a/patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch +++ b/patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch @@ -78,10 +78,10 @@ Signed-off-by: Thomas Lamprecht 3 files changed, 21 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c -index ce1499732cb8..d68c04bde5ed 100644 +index 2617be544480..b6892645c4cd 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c -@@ -262,6 +262,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent) +@@ -269,6 +269,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent) return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; } @@ -95,7 +95,7 @@ index ce1499732cb8..d68c04bde5ed 100644 int nent) { diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h -index 23dbb9eb277c..07da153802e4 100644 +index 41697cca354e..0e46c4555311 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -32,6 +32,8 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu, @@ -108,12 +108,12 @@ index 23dbb9eb277c..07da153802e4 100644 int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 3750a0c688b7..706348cbde7c 100644 +index c983c8e434b8..c7c3d04198c6 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -5580,6 +5580,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu, +@@ -5633,6 +5633,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu, if (fpstate_is_confidential(&vcpu->arch.guest_fpu)) - return 0; + return vcpu->kvm->arch.has_protected_state ? -EINVAL : 0; + if (!vcpu_supports_xsave_pkru(vcpu)) { + void *buf = guest_xsave->region; diff --git a/patches/kernel/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch b/patches/kernel/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch index bb8a4c9..eac42cd 100644 --- a/patches/kernel/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch +++ b/patches/kernel/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch @@ -11,18 +11,18 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c -index c4c6240d14f9..5e037a9ea6a6 100644 +index 555301f45bec..34c8b02ca787 100644 --- a/drivers/iommu/intel/iommu.c +++ b/drivers/iommu/intel/iommu.c -@@ -234,6 +234,7 @@ static int dmar_map_gfx = 1; +@@ -228,6 +228,7 @@ EXPORT_SYMBOL_GPL(intel_iommu_enabled); static int dmar_map_ipu = 1; static int intel_iommu_superpage = 1; static int iommu_identity_mapping; +static int intel_relaxable_rmrr = 0; static int iommu_skip_te_disable; + static int disable_igfx_iommu; - #define IDENTMAP_GFX 2 -@@ -296,6 +297,9 @@ static int __init intel_iommu_setup(char *str) +@@ -290,6 +291,9 @@ static int __init intel_iommu_setup(char *str) } else if (!strncmp(str, "tboot_noforce", 13)) { pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n"); intel_iommu_tboot_noforce = 1; @@ -32,7 +32,7 @@ index c4c6240d14f9..5e037a9ea6a6 100644 } else { pr_notice("Unknown option - '%s'\n", str); } -@@ -2470,7 +2474,7 @@ static bool device_rmrr_is_relaxable(struct device *dev) +@@ -2153,7 +2157,7 @@ static bool device_rmrr_is_relaxable(struct device *dev) return false; pdev = to_pci_dev(dev); diff --git a/patches/kernel/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch b/patches/kernel/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch index f248acc..9596220 100644 --- a/patches/kernel/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch +++ b/patches/kernel/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch @@ -24,10 +24,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c -index cf86607bc696..e2c080780d9a 100644 +index 5ab2c92c7331..1cd03c985fdc 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c -@@ -5102,6 +5102,7 @@ static __init void svm_set_cpu_caps(void) +@@ -5174,6 +5174,7 @@ static __init void svm_set_cpu_caps(void) if (nested) { kvm_cpu_cap_set(X86_FEATURE_SVM); kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN); diff --git a/patches/kernel/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch b/patches/kernel/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch index 5df98ce..4adca03 100644 --- a/patches/kernel/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch +++ b/patches/kernel/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch @@ -30,10 +30,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/memfd.c b/mm/memfd.c -index d3a1ba4208c9..6a9de5d9105e 100644 +index e7b7c5294d59..3a1b073ad22c 100644 --- a/mm/memfd.c +++ b/mm/memfd.c -@@ -282,7 +282,7 @@ static int check_sysctl_memfd_noexec(unsigned int *flags) +@@ -316,7 +316,7 @@ static int check_sysctl_memfd_noexec(unsigned int *flags) } if (!(*flags & MFD_NOEXEC_SEAL) && sysctl >= MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED) { diff --git a/patches/kernel/0021-io_uring-rw-treat-EOPNOTSUPP-for-IOCB_NOWAIT-like-EA.patch b/patches/kernel/0013-io_uring-rw-treat-EOPNOTSUPP-for-IOCB_NOWAIT-like-EA.patch similarity index 89% rename from patches/kernel/0021-io_uring-rw-treat-EOPNOTSUPP-for-IOCB_NOWAIT-like-EA.patch rename to patches/kernel/0013-io_uring-rw-treat-EOPNOTSUPP-for-IOCB_NOWAIT-like-EA.patch index 7187c94..e0027ba 100644 --- a/patches/kernel/0021-io_uring-rw-treat-EOPNOTSUPP-for-IOCB_NOWAIT-like-EA.patch +++ b/patches/kernel/0013-io_uring-rw-treat-EOPNOTSUPP-for-IOCB_NOWAIT-like-EA.patch @@ -25,12 +25,12 @@ Signed-off-by: Daniel Kral 1 file changed, 8 insertions(+) diff --git a/io_uring/rw.c b/io_uring/rw.c -index c3c154790e45..ed7f67097572 100644 +index c004d21e2f12..d85e2d41a992 100644 --- a/io_uring/rw.c +++ b/io_uring/rw.c -@@ -825,6 +825,14 @@ static int __io_read(struct io_kiocb *req, unsigned int issue_flags) +@@ -855,6 +855,14 @@ static int __io_read(struct io_kiocb *req, unsigned int issue_flags) - ret = io_iter_do_read(rw, &s->iter); + ret = io_iter_do_read(rw, &io->iter); + /* + * Some file systems like to return -EOPNOTSUPP for an IOCB_NOWAIT @@ -42,4 +42,4 @@ index c3c154790e45..ed7f67097572 100644 + if (ret == -EAGAIN || (req->flags & REQ_F_REISSUE)) { req->flags &= ~REQ_F_REISSUE; - /* + /* If we can poll, just do that. */ diff --git a/patches/kernel/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch b/patches/kernel/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch deleted file mode 100644 index e3e7018..0000000 --- a/patches/kernel/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: "Borislav Petkov (AMD)" -Date: Sun, 24 Mar 2024 20:51:35 +0100 -Subject: [PATCH] x86/CPU/AMD: Improve the erratum 1386 workaround - -Disable XSAVES only on machines which haven't loaded the microcode -revision containing the erratum fix. - -This will come in handy when running archaic OSes as guests. OSes whose -brilliant programmers thought that CPUID is overrated and one should not -query it but use features directly, ala shoot first, ask questions -later... but only if you're alive after the shooting. - -Signed-off-by: Borislav Petkov (AMD) -Tested-by: "Maciej S. Szmigiero" -Cc: Boris Ostrovsky -Link: https://lore.kernel.org/r/20240324200525.GBZgCHhYFsBj12PrKv@fat_crate.local ---- - arch/x86/include/asm/cpu_device_id.h | 8 ++++++++ - arch/x86/kernel/cpu/amd.c | 12 ++++++++++++ - 2 files changed, 20 insertions(+) - -diff --git a/arch/x86/include/asm/cpu_device_id.h b/arch/x86/include/asm/cpu_device_id.h -index e8e3dbe7f173..b6325ee30871 100644 ---- a/arch/x86/include/asm/cpu_device_id.h -+++ b/arch/x86/include/asm/cpu_device_id.h -@@ -288,6 +288,14 @@ struct x86_cpu_desc { - .x86_microcode_rev = (revision), \ - } - -+#define AMD_CPU_DESC(fam, model, stepping, revision) { \ -+ .x86_family = (fam), \ -+ .x86_vendor = X86_VENDOR_AMD, \ -+ .x86_model = (model), \ -+ .x86_stepping = (stepping), \ -+ .x86_microcode_rev = (revision), \ -+} -+ - extern const struct x86_cpu_id *x86_match_cpu(const struct x86_cpu_id *match); - extern bool x86_cpu_has_min_microcode_rev(const struct x86_cpu_desc *table); - -diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index 0838ea579eb0..ca6096dcc5c6 100644 ---- a/arch/x86/kernel/cpu/amd.c -+++ b/arch/x86/kernel/cpu/amd.c -@@ -13,6 +13,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -925,6 +926,11 @@ static void init_amd_bd(struct cpuinfo_x86 *c) - clear_rdrand_cpuid_bit(c); - } - -+static const struct x86_cpu_desc erratum_1386_microcode[] = { -+ AMD_CPU_DESC(0x17, 0x1, 0x2, 0x0800126e), -+ AMD_CPU_DESC(0x17, 0x31, 0x0, 0x08301052), -+}; -+ - static void fix_erratum_1386(struct cpuinfo_x86 *c) - { - /* -@@ -934,7 +940,13 @@ static void fix_erratum_1386(struct cpuinfo_x86 *c) - * - * Affected parts all have no supervisor XSAVE states, meaning that - * the XSAVEC instruction (which works fine) is equivalent. -+ * -+ * Clear the feature flag only on microcode revisions which -+ * don't have the fix. - */ -+ if (x86_cpu_has_min_microcode_rev(erratum_1386_microcode)) -+ return; -+ - clear_cpu_cap(c, X86_FEATURE_XSAVES); - } - diff --git a/patches/kernel/0014-cifs-fix-pagecache-leak-when-do-writepages.patch b/patches/kernel/0014-cifs-fix-pagecache-leak-when-do-writepages.patch deleted file mode 100644 index 495dd71..0000000 --- a/patches/kernel/0014-cifs-fix-pagecache-leak-when-do-writepages.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Yang Erkun -Date: Tue, 25 Jun 2024 11:43:32 +0800 -Subject: [PATCH] cifs: fix pagecache leak when do writepages - -After commit f3dc1bdb6b0b("cifs: Fix writeback data corruption"), the -writepages for cifs will find all folio needed writepage with two phase. -The first folio will be found in cifs_writepages_begin, and the latter -various folios will be found in cifs_extend_writeback. - -All those will first get folio, and for normal case, once we set page -writeback and after do really write, we should put the reference, folio -found in cifs_extend_writeback do this with folio_batch_release. But the -folio found in cifs_writepages_begin never get the chance do it. And -every writepages call, we will leak a folio(found this problem while do -xfstests over cifs, the latter show that we will leak about 600M+ every -we run generic/074). - -echo 3 > /proc/sys/vm/drop_caches ; cat /proc/meminfo | grep file -Active(file): 34092 kB -Inactive(file): 176192 kB -./check generic/074 (smb v1) -... -generic/074 50s ... 53s -Ran: generic/074 -Passed all 1 tests - -echo 3 > /proc/sys/vm/drop_caches ; cat /proc/meminfo | grep file -Active(file): 35036 kB -Inactive(file): 854708 kB - -Besides, the exist path seem never handle this folio correctly, fix it too -with this patch. - -The problem does not exist in mainline since writepages path for cifs -has changed to netfs(3ee1a1fc3981 ("cifs: Cut over to using netfslib")). -It's had to backport all related change, so try fix this problem with this -single patch. - -Fixes: f3dc1bdb6b0b ("cifs: Fix writeback data corruption") -Cc: stable@kernel.org # v6.6+ -Signed-off-by: Yang Erkun -(picked from https://lore.kernel.org/linux-cifs/20240625034332.750312-1-yangerkun@huawei.com/) -Signed-off-by: Fiona Ebner ---- - fs/smb/client/file.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c -index af5c476db6e6..8aee0f520300 100644 ---- a/fs/smb/client/file.c -+++ b/fs/smb/client/file.c -@@ -2845,17 +2845,21 @@ static ssize_t cifs_write_back_from_locked_folio(struct address_space *mapping, - rc = cifs_get_writable_file(CIFS_I(inode), FIND_WR_ANY, &cfile); - if (rc) { - cifs_dbg(VFS, "No writable handle in writepages rc=%d\n", rc); -+ folio_unlock(folio); - goto err_xid; - } - - rc = server->ops->wait_mtu_credits(server, cifs_sb->ctx->wsize, - &wsize, credits); -- if (rc != 0) -+ if (rc != 0) { -+ folio_unlock(folio); - goto err_close; -+ } - - wdata = cifs_writedata_alloc(cifs_writev_complete); - if (!wdata) { - rc = -ENOMEM; -+ folio_unlock(folio); - goto err_uncredit; - } - -@@ -3002,17 +3006,22 @@ static ssize_t cifs_writepages_begin(struct address_space *mapping, - lock_again: - if (wbc->sync_mode != WB_SYNC_NONE) { - ret = folio_lock_killable(folio); -- if (ret < 0) -+ if (ret < 0) { -+ folio_put(folio); - return ret; -+ } - } else { -- if (!folio_trylock(folio)) -+ if (!folio_trylock(folio)) { -+ folio_put(folio); - goto search_again; -+ } - } - - if (folio->mapping != mapping || - !folio_test_dirty(folio)) { - start += folio_size(folio); - folio_unlock(folio); -+ folio_put(folio); - goto search_again; - } - -@@ -3042,6 +3051,7 @@ static ssize_t cifs_writepages_begin(struct address_space *mapping, - out: - if (ret > 0) - *_start = start + ret; -+ folio_put(folio); - return ret; - } - diff --git a/patches/kernel/0021-netfs-reset-subreq-iov-iter-before-tail-clean.patch b/patches/kernel/0014-netfs-reset-subreq-iov-iter-before-tail-clean.patch similarity index 92% rename from patches/kernel/0021-netfs-reset-subreq-iov-iter-before-tail-clean.patch rename to patches/kernel/0014-netfs-reset-subreq-iov-iter-before-tail-clean.patch index a87e722..e8ac17d 100644 --- a/patches/kernel/0021-netfs-reset-subreq-iov-iter-before-tail-clean.patch +++ b/patches/kernel/0014-netfs-reset-subreq-iov-iter-before-tail-clean.patch @@ -1,4 +1,4 @@ -From cd27abf0c555f39b12c05f9f6a8cb59ff25dfe45 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Christian Ebner Date: Wed, 2 Oct 2024 15:24:31 +0200 Subject: [PATCH] netfs: reset subreq iov iter before tail clean @@ -26,6 +26,3 @@ index d6ada4eba744..500119285346 100644 netfs_clear_unread(subreq); subreq->transferred = subreq->len; goto complete; --- -2.39.5 - diff --git a/patches/kernel/0015-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch b/patches/kernel/0015-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch deleted file mode 100644 index cd88e43..0000000 --- a/patches/kernel/0015-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Ma Jun -Date: Tue, 19 Mar 2024 11:02:29 +0800 -Subject: [PATCH] drm/amdgpu/pm: Don't use OD table on Arcturus - -OD is not supported on Arcturus, so the OD table -should not be used. - -Signed-off-by: Ma Jun -Acked-by: Alex Deucher -Signed-off-by: Alex Deucher -(cherry picked from commit bc55c344b06f7e6f99eb92d393ff0a84c1532514) -Signed-off-by: Fiona Ebner ---- - .../gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 33 +++---------------- - 1 file changed, 5 insertions(+), 28 deletions(-) - -diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c -index 40ba7227cca5..0c2d04f978ac 100644 ---- a/drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c -+++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c -@@ -1283,11 +1283,8 @@ static int arcturus_get_power_limit(struct smu_context *smu, - uint32_t *max_power_limit, - uint32_t *min_power_limit) - { -- struct smu_11_0_powerplay_table *powerplay_table = -- (struct smu_11_0_powerplay_table *)smu->smu_table.power_play_table; -- struct smu_11_0_overdrive_table *od_settings = smu->od_settings; - PPTable_t *pptable = smu->smu_table.driver_pptable; -- uint32_t power_limit, od_percent_upper = 0, od_percent_lower = 0; -+ uint32_t power_limit; - - if (smu_v11_0_get_current_power_limit(smu, &power_limit)) { - /* the last hope to figure out the ppt limit */ -@@ -1303,30 +1300,10 @@ static int arcturus_get_power_limit(struct smu_context *smu, - *current_power_limit = power_limit; - if (default_power_limit) - *default_power_limit = power_limit; -- -- if (powerplay_table) { -- if (smu->od_enabled && -- od_settings->cap[SMU_11_0_ODCAP_POWER_LIMIT]) { -- od_percent_upper = le32_to_cpu(powerplay_table->overdrive_table.max[SMU_11_0_ODSETTING_POWERPERCENTAGE]); -- od_percent_lower = le32_to_cpu(powerplay_table->overdrive_table.min[SMU_11_0_ODSETTING_POWERPERCENTAGE]); -- } else if (od_settings->cap[SMU_11_0_ODCAP_POWER_LIMIT]) { -- od_percent_upper = 0; -- od_percent_lower = le32_to_cpu(powerplay_table->overdrive_table.min[SMU_11_0_ODSETTING_POWERPERCENTAGE]); -- } -- } -- -- dev_dbg(smu->adev->dev, "od percent upper:%d, od percent lower:%d (default power: %d)\n", -- od_percent_upper, od_percent_lower, power_limit); -- -- if (max_power_limit) { -- *max_power_limit = power_limit * (100 + od_percent_upper); -- *max_power_limit /= 100; -- } -- -- if (min_power_limit) { -- *min_power_limit = power_limit * (100 - od_percent_lower); -- *min_power_limit /= 100; -- } -+ if (max_power_limit) -+ *max_power_limit = power_limit; -+ if (min_power_limit) -+ *min_power_limit = power_limit; - - return 0; - } diff --git a/patches/kernel/0016-SUNRPC-Fix-backchannel-reply-again.patch b/patches/kernel/0016-SUNRPC-Fix-backchannel-reply-again.patch deleted file mode 100644 index 8b3242e..0000000 --- a/patches/kernel/0016-SUNRPC-Fix-backchannel-reply-again.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chuck Lever -Date: Wed, 19 Jun 2024 09:51:08 -0400 -Subject: [PATCH] SUNRPC: Fix backchannel reply, again -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -[ Upstream commit 6ddc9deacc1312762c2edd9de00ce76b00f69f7c ] - -I still see "RPC: Could not send backchannel reply error: -110" -quite often, along with slow-running tests. Debugging shows that the -backchannel is still stumbling when it has to queue a callback reply -on a busy transport. - -Note that every one of these timeouts causes a connection loss by -virtue of the xprt_conditional_disconnect() call in that arm of -call_cb_transmit_status(). - -I found that setting to_maxval is necessary to get the RPC timeout -logic to behave whenever to_exponential is not set. - -Fixes: 57331a59ac0d ("NFSv4.1: Use the nfs_client's rpc timeouts for backchannel") -Signed-off-by: Chuck Lever -Reviewed-by: Benjamin Coddington -Signed-off-by: Trond Myklebust -Signed-off-by: Sasha Levin -(cherry picked from commit bd1e42e0f2567c911d3df761cf7a33b021fdceeb) -Signed-off-by: Fabian Grünbichler ---- - net/sunrpc/svc.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c -index bd61e257cda6..bac1886f07da 100644 ---- a/net/sunrpc/svc.c -+++ b/net/sunrpc/svc.c -@@ -1546,9 +1546,11 @@ void svc_process(struct svc_rqst *rqstp) - */ - void svc_process_bc(struct rpc_rqst *req, struct svc_rqst *rqstp) - { -+ struct rpc_timeout timeout = { -+ .to_increment = 0, -+ }; - struct rpc_task *task; - int proc_error; -- struct rpc_timeout timeout; - - /* Build the svc_rqst used by the common processing routine */ - rqstp->rq_xid = req->rq_xid; -@@ -1601,6 +1603,7 @@ void svc_process_bc(struct rpc_rqst *req, struct svc_rqst *rqstp) - timeout.to_initval = req->rq_xprt->timeout->to_initval; - timeout.to_retries = req->rq_xprt->timeout->to_retries; - } -+ timeout.to_maxval = timeout.to_initval; - memcpy(&req->rq_snd_buf, &rqstp->rq_res, sizeof(req->rq_snd_buf)); - task = rpc_run_bc_task(req, &timeout); - diff --git a/patches/kernel/0017-tap-add-missing-verification-for-short-frame.patch b/patches/kernel/0017-tap-add-missing-verification-for-short-frame.patch deleted file mode 100644 index 7607163..0000000 --- a/patches/kernel/0017-tap-add-missing-verification-for-short-frame.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Si-Wei Liu -Date: Wed, 24 Jul 2024 10:04:51 -0700 -Subject: [PATCH] tap: add missing verification for short frame - -The cited commit missed to check against the validity of the frame length -in the tap_get_user_xdp() path, which could cause a corrupted skb to be -sent downstack. Even before the skb is transmitted, the -tap_get_user_xdp()-->skb_set_network_header() may assume the size is more -than ETH_HLEN. Once transmitted, this could either cause out-of-bound -access beyond the actual length, or confuse the underlayer with incorrect -or inconsistent header length in the skb metadata. - -In the alternative path, tap_get_user() already prohibits short frame which -has the length less than Ethernet header size from being transmitted. - -This is to drop any frame shorter than the Ethernet header size just like -how tap_get_user() does. - -CVE: CVE-2024-41090 -Link: https://lore.kernel.org/netdev/1717026141-25716-1-git-send-email-si-wei.liu@oracle.com/ -Fixes: 0efac27791ee ("tap: accept an array of XDP buffs through sendmsg()") -Cc: stable@vger.kernel.org -Signed-off-by: Si-Wei Liu -Signed-off-by: Dongli Zhang -Reviewed-by: Willem de Bruijn -Reviewed-by: Paolo Abeni -Reviewed-by: Jason Wang -Link: https://patch.msgid.link/20240724170452.16837-2-dongli.zhang@oracle.com -Signed-off-by: Jakub Kicinski -(cherry picked from commit ed7f2afdd0e043a397677e597ced0830b83ba0b3) -Signed-off-by: Fiona Ebner ---- - drivers/net/tap.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/drivers/net/tap.c b/drivers/net/tap.c -index 9f0495e8df4d..feeeac715c18 100644 ---- a/drivers/net/tap.c -+++ b/drivers/net/tap.c -@@ -1177,6 +1177,11 @@ static int tap_get_user_xdp(struct tap_queue *q, struct xdp_buff *xdp) - struct sk_buff *skb; - int err, depth; - -+ if (unlikely(xdp->data_end - xdp->data < ETH_HLEN)) { -+ err = -EINVAL; -+ goto err; -+ } -+ - if (q->flags & IFF_VNET_HDR) - vnet_hdr_len = READ_ONCE(q->vnet_hdr_sz); - diff --git a/patches/kernel/0018-tun-add-missing-verification-for-short-frame.patch b/patches/kernel/0018-tun-add-missing-verification-for-short-frame.patch deleted file mode 100644 index 4b07b09..0000000 --- a/patches/kernel/0018-tun-add-missing-verification-for-short-frame.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Dongli Zhang -Date: Wed, 24 Jul 2024 10:04:52 -0700 -Subject: [PATCH] tun: add missing verification for short frame - -The cited commit missed to check against the validity of the frame length -in the tun_xdp_one() path, which could cause a corrupted skb to be sent -downstack. Even before the skb is transmitted, the -tun_xdp_one-->eth_type_trans() may access the Ethernet header although it -can be less than ETH_HLEN. Once transmitted, this could either cause -out-of-bound access beyond the actual length, or confuse the underlayer -with incorrect or inconsistent header length in the skb metadata. - -In the alternative path, tun_get_user() already prohibits short frame which -has the length less than Ethernet header size from being transmitted for -IFF_TAP. - -This is to drop any frame shorter than the Ethernet header size just like -how tun_get_user() does. - -CVE: CVE-2024-41091 -Inspired-by: https://lore.kernel.org/netdev/1717026141-25716-1-git-send-email-si-wei.liu@oracle.com/ -Fixes: 043d222f93ab ("tuntap: accept an array of XDP buffs through sendmsg()") -Cc: stable@vger.kernel.org -Signed-off-by: Dongli Zhang -Reviewed-by: Si-Wei Liu -Reviewed-by: Willem de Bruijn -Reviewed-by: Paolo Abeni -Reviewed-by: Jason Wang -Link: https://patch.msgid.link/20240724170452.16837-3-dongli.zhang@oracle.com -Signed-off-by: Jakub Kicinski -(cherry picked from commit 049584807f1d797fc3078b68035450a9769eb5c3) -Signed-off-by: Fiona Ebner ---- - drivers/net/tun.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index 86515f0c2b6c..e9cd3b810e2c 100644 ---- a/drivers/net/tun.c -+++ b/drivers/net/tun.c -@@ -2459,6 +2459,9 @@ static int tun_xdp_one(struct tun_struct *tun, - bool skb_xdp = false; - struct page *page; - -+ if (unlikely(datasize < ETH_HLEN)) -+ return -EINVAL; -+ - xdp_prog = rcu_dereference(tun->xdp_prog); - if (xdp_prog) { - if (gso->gso_type) { diff --git a/patches/kernel/0019-apparmor-fix-possible-NULL-pointer-dereference.patch b/patches/kernel/0019-apparmor-fix-possible-NULL-pointer-dereference.patch deleted file mode 100644 index 36d4297..0000000 --- a/patches/kernel/0019-apparmor-fix-possible-NULL-pointer-dereference.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Leesoo Ahn -Date: Wed, 8 May 2024 01:12:29 +0900 -Subject: [PATCH] apparmor: fix possible NULL pointer dereference - -profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made -from __create_missing_ancestors(..) and 'ent->old' is NULL in -aa_replace_profiles(..). -In that case, it must return an error code and the code, -ENOENT represents -its state that the path of its parent is not existed yet. - -BUG: kernel NULL pointer dereference, address: 0000000000000030 -PGD 0 P4D 0 -PREEMPT SMP PTI -CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24 -Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 -RIP: 0010:aafs_create.constprop.0+0x7f/0x130 -Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae -RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 -RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 -RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 -RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 -R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 -R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 -FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 -CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 -CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 -Call Trace: - - ? show_regs+0x6d/0x80 - ? __die+0x24/0x80 - ? page_fault_oops+0x99/0x1b0 - ? kernelmode_fixup_or_oops+0xb2/0x140 - ? __bad_area_nosemaphore+0x1a5/0x2c0 - ? find_vma+0x34/0x60 - ? bad_area_nosemaphore+0x16/0x30 - ? do_user_addr_fault+0x2a2/0x6b0 - ? exc_page_fault+0x83/0x1b0 - ? asm_exc_page_fault+0x27/0x30 - ? aafs_create.constprop.0+0x7f/0x130 - ? aafs_create.constprop.0+0x51/0x130 - __aafs_profile_mkdir+0x3d6/0x480 - aa_replace_profiles+0x83f/0x1270 - policy_update+0xe3/0x180 - profile_load+0xbc/0x150 - ? rw_verify_area+0x47/0x140 - vfs_write+0x100/0x480 - ? __x64_sys_openat+0x55/0xa0 - ? syscall_exit_to_user_mode+0x86/0x260 - ksys_write+0x73/0x100 - __x64_sys_write+0x19/0x30 - x64_sys_call+0x7e/0x25c0 - do_syscall_64+0x7f/0x180 - entry_SYSCALL_64_after_hwframe+0x78/0x80 -RIP: 0033:0x7be9f211c574 -Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 -RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 -RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 -RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 -RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 -R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 -R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 - -Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas -CR2: 0000000000000030 ----[ end trace 0000000000000000 ]--- -RIP: 0010:aafs_create.constprop.0+0x7f/0x130 -Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae -RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 -RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 -RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 -RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 -R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 -R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 -FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 -CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 -CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 - -Signed-off-by: Leesoo Ahn -Signed-off-by: John Johansen -(cherry picked from commit 3dd384108d53834002be5630132ad5c3f32166ad) -Signed-off-by: Fiona Ebner ---- - security/apparmor/apparmorfs.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c -index be6c3293c9e0..822f2e6a96a7 100644 ---- a/security/apparmor/apparmorfs.c -+++ b/security/apparmor/apparmorfs.c -@@ -1921,6 +1921,10 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) - struct aa_profile *p; - p = aa_deref_parent(profile); - dent = prof_dir(p); -+ if (!dent) { -+ error = -ENOENT; -+ goto fail2; -+ } - /* adding to parent that previously didn't have children */ - dent = aafs_create_dir("profiles", dent); - if (IS_ERR(dent)) diff --git a/patches/kernel/0020-PCI-pciehp-Retain-Power-Indicator-bits-for-userspace.patch b/patches/kernel/0020-PCI-pciehp-Retain-Power-Indicator-bits-for-userspace.patch deleted file mode 100644 index 7f29e5c..0000000 --- a/patches/kernel/0020-PCI-pciehp-Retain-Power-Indicator-bits-for-userspace.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Blazej Kucman -Date: Mon, 22 Jul 2024 16:14:40 +0200 -Subject: [PATCH] PCI: pciehp: Retain Power Indicator bits for userspace - indicators - -The sysfs "attention" file normally controls the Slot Control Attention -Indicator with 0 (off), 1 (on), 2 (blink) settings. - -576243b3f9ea ("PCI: pciehp: Allow exclusive userspace control of -indicators") added pciehp_set_raw_indicator_status() to allow userspace to -directly control all four bits in both the Attention Indicator and the -Power Indicator fields via the "attention" file. - -This is used on Intel VMD bridges so utilities like "ledmon" can use sysfs -"attention" to control up to 16 indicators for NVMe device RAID status. - -abaaac4845a0 ("PCI: hotplug: Use FIELD_GET/PREP()") broke this by masking -the sysfs data with PCI_EXP_SLTCTL_AIC, which discards the upper two bits -intended for the Power Indicator Control field (PCI_EXP_SLTCTL_PIC). - -For NVMe devices behind an Intel VMD, ledmon settings that use the -PCI_EXP_SLTCTL_PIC bits, i.e., ATTENTION_REBUILD (0x5), ATTENTION_LOCATE -(0x7), ATTENTION_FAILURE (0xD), ATTENTION_OFF (0xF), no longer worked -correctly. - -Mask with PCI_EXP_SLTCTL_AIC | PCI_EXP_SLTCTL_PIC to retain both the -Attention Indicator and the Power Indicator bits. - -Fixes: abaaac4845a0 ("PCI: hotplug: Use FIELD_GET/PREP()") -Link: https://lore.kernel.org/r/20240722141440.7210-1-blazej.kucman@intel.com -Signed-off-by: Blazej Kucman -[bhelgaas: commit log] -Signed-off-by: Bjorn Helgaas -Cc: stable@vger.kernel.org # v6.7+ ---- - drivers/pci/hotplug/pciehp_hpc.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c -index b1d0a1b3917d..9d3c249207c4 100644 ---- a/drivers/pci/hotplug/pciehp_hpc.c -+++ b/drivers/pci/hotplug/pciehp_hpc.c -@@ -485,7 +485,9 @@ int pciehp_set_raw_indicator_status(struct hotplug_slot *hotplug_slot, - struct pci_dev *pdev = ctrl_dev(ctrl); - - pci_config_pm_runtime_get(pdev); -- pcie_write_cmd_nowait(ctrl, FIELD_PREP(PCI_EXP_SLTCTL_AIC, status), -+ -+ /* Attention and Power Indicator Control bits are supported */ -+ pcie_write_cmd_nowait(ctrl, FIELD_PREP(PCI_EXP_SLTCTL_AIC | PCI_EXP_SLTCTL_PIC, status), - PCI_EXP_SLTCTL_AIC | PCI_EXP_SLTCTL_PIC); - pci_config_pm_runtime_put(pdev); - return 0; diff --git a/submodules/ubuntu-kernel b/submodules/ubuntu-kernel index b31b11a..d7e5872 160000 --- a/submodules/ubuntu-kernel +++ b/submodules/ubuntu-kernel @@ -1 +1 @@ -Subproject commit b31b11ad980d9d8204d19f55640bc910e5292a5d +Subproject commit d7e587249d86f7e9162dc5df15554466af341467