From d17df467e1338b79f3c29186dfebe1c4c49781ef Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Mon, 5 Aug 2024 18:16:10 +0200 Subject: [PATCH] rebase patches on top of Ubuntu-6.8.0-43.43 (generated with debian/scripts/import-upstream-tag) Signed-off-by: Thomas Lamprecht --- ...ides-for-missing-ACS-capabilities-4..patch | 4 +- ...-default-dynamic-halt-polling-growth.patch | 2 +- ...de-unregister_netdevice-refcount-lea.patch | 4 +- ...fortify-Do-not-cast-to-unsigned-char.patch | 2 +- ...sk-out-PKRU-bit-in-xfeatures-if-vCPU.patch | 4 +- ...-Advertise-support-for-flush-by-ASID.patch | 4 +- ...-Improve-the-erratum-1386-workaround.patch | 10 +- ...fix-request.queuelist-usage-in-flush.patch | 64 --------- ...x-pagecache-leak-when-do-writepages.patch} | 0 ...u-pm-Don-t-use-OD-table-on-Arcturus.patch} | 0 ...-devices-which-return-an-unusually-l.patch | 49 ------- ...-SUNRPC-Fix-backchannel-reply-again.patch} | 6 +- ...leep_range-to-udelay-in-PHY-mdic-acc.patch | 73 ----------- ...issing-verification-for-short-frame.patch} | 0 ...7-virtio-pci-Check-if-is_avq-is-NULL.patch | 48 ------- ...issing-verification-for-short-frame.patch} | 0 ...x-possible-NULL-pointer-dereference.patch} | 0 ...ift-undefined-behavior-in-bnxt_qplib.patch | 124 ------------------ 18 files changed, 18 insertions(+), 376 deletions(-) delete mode 100644 patches/kernel/0014-block-fix-request.queuelist-usage-in-flush.patch rename patches/kernel/{0018-cifs-fix-pagecache-leak-when-do-writepages.patch => 0014-cifs-fix-pagecache-leak-when-do-writepages.patch} (100%) rename patches/kernel/{0019-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch => 0015-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch} (100%) delete mode 100644 patches/kernel/0015-scsi-core-Handle-devices-which-return-an-unusually-l.patch rename patches/kernel/{0020-SUNRPC-Fix-backchannel-reply-again.patch => 0016-SUNRPC-Fix-backchannel-reply-again.patch} (92%) delete mode 100644 patches/kernel/0016-e1000e-change-usleep_range-to-udelay-in-PHY-mdic-acc.patch rename patches/kernel/{0021-tap-add-missing-verification-for-short-frame.patch => 0017-tap-add-missing-verification-for-short-frame.patch} (100%) delete mode 100644 patches/kernel/0017-virtio-pci-Check-if-is_avq-is-NULL.patch rename patches/kernel/{0022-tun-add-missing-verification-for-short-frame.patch => 0018-tun-add-missing-verification-for-short-frame.patch} (100%) rename patches/kernel/{0023-apparmor-fix-possible-NULL-pointer-dereference.patch => 0019-apparmor-fix-possible-NULL-pointer-dereference.patch} (100%) delete mode 100644 patches/kernel/0024-bnxt_re-avoid-shift-undefined-behavior-in-bnxt_qplib.patch diff --git a/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch b/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch index 41fca48..0ff2916 100644 --- a/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch +++ b/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch @@ -55,10 +55,10 @@ Signed-off-by: Thomas Lamprecht 2 files changed, 111 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt -index 4272acb3d047..d18cc2c1f9c3 100644 +index e58f3bbb7643..d574123d82bd 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -4400,6 +4400,15 @@ +@@ -4403,6 +4403,15 @@ Also, it enforces the PCI Local Bus spec rule that those bits should be 0 in system reset events (useful for kexec/kdump cases). diff --git a/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch b/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch index 2a69480..8d590eb 100644 --- a/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch +++ b/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch @@ -13,7 +13,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 0f50960b0e3a..37f840f57f32 100644 +index 6a56de7ff82e..96bd40a73e0e 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -82,7 +82,7 @@ module_param(halt_poll_ns, uint, 0644); diff --git a/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch b/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch index a74d5b6..50b02ce 100644 --- a/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch +++ b/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch @@ -14,10 +14,10 @@ Signed-off-by: Fabian Grünbichler 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/dev.c b/net/core/dev.c -index c365aa06f886..c9066a7aa4c5 100644 +index a32811aebde5..15078ab81ec8 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -10470,7 +10470,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list) +@@ -10471,7 +10471,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list) if (time_after(jiffies, warning_time + READ_ONCE(netdev_unregister_timeout_secs) * HZ)) { list_for_each_entry(dev, list, todo_list) { diff --git a/patches/kernel/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch b/patches/kernel/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch index 2b81114..f6186d1 100644 --- a/patches/kernel/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch +++ b/patches/kernel/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch @@ -16,7 +16,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h -index 89a6888f2f9e..66e0b60dcabb 100644 +index e99dbc052575..9e9cdb198b82 100644 --- a/include/linux/fortify-string.h +++ b/include/linux/fortify-string.h @@ -18,7 +18,7 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning(" diff --git a/patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch b/patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch index cc5fe8b..233c666 100644 --- a/patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch +++ b/patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch @@ -78,7 +78,7 @@ Signed-off-by: Thomas Lamprecht 3 files changed, 21 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c -index 3a02276899db..e07a6089ba4b 100644 +index ce1499732cb8..d68c04bde5ed 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -262,6 +262,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent) @@ -108,7 +108,7 @@ index 23dbb9eb277c..07da153802e4 100644 int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index c84927216fad..880e2b87777e 100644 +index 3750a0c688b7..706348cbde7c 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5580,6 +5580,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu, diff --git a/patches/kernel/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch b/patches/kernel/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch index f10b59f..f248acc 100644 --- a/patches/kernel/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch +++ b/patches/kernel/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch @@ -24,10 +24,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c -index e90b429c84f1..5c7faf7c447f 100644 +index cf86607bc696..e2c080780d9a 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c -@@ -5085,6 +5085,7 @@ static __init void svm_set_cpu_caps(void) +@@ -5102,6 +5102,7 @@ static __init void svm_set_cpu_caps(void) if (nested) { kvm_cpu_cap_set(X86_FEATURE_SVM); kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN); diff --git a/patches/kernel/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch b/patches/kernel/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch index ea28a95..e3e7018 100644 --- a/patches/kernel/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch +++ b/patches/kernel/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch @@ -21,10 +21,10 @@ Link: https://lore.kernel.org/r/20240324200525.GBZgCHhYFsBj12PrKv@fat_crate.loca 2 files changed, 20 insertions(+) diff --git a/arch/x86/include/asm/cpu_device_id.h b/arch/x86/include/asm/cpu_device_id.h -index eb8fcede9e3b..bf4e065cf1e2 100644 +index e8e3dbe7f173..b6325ee30871 100644 --- a/arch/x86/include/asm/cpu_device_id.h +++ b/arch/x86/include/asm/cpu_device_id.h -@@ -190,6 +190,14 @@ struct x86_cpu_desc { +@@ -288,6 +288,14 @@ struct x86_cpu_desc { .x86_microcode_rev = (revision), \ } @@ -40,7 +40,7 @@ index eb8fcede9e3b..bf4e065cf1e2 100644 extern bool x86_cpu_has_min_microcode_rev(const struct x86_cpu_desc *table); diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index dfa8d0cf5e18..22a263b1a884 100644 +index 0838ea579eb0..ca6096dcc5c6 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -13,6 +13,7 @@ @@ -51,7 +51,7 @@ index dfa8d0cf5e18..22a263b1a884 100644 #include #include #include -@@ -926,6 +927,11 @@ static void init_amd_bd(struct cpuinfo_x86 *c) +@@ -925,6 +926,11 @@ static void init_amd_bd(struct cpuinfo_x86 *c) clear_rdrand_cpuid_bit(c); } @@ -63,7 +63,7 @@ index dfa8d0cf5e18..22a263b1a884 100644 static void fix_erratum_1386(struct cpuinfo_x86 *c) { /* -@@ -935,7 +941,13 @@ static void fix_erratum_1386(struct cpuinfo_x86 *c) +@@ -934,7 +940,13 @@ static void fix_erratum_1386(struct cpuinfo_x86 *c) * * Affected parts all have no supervisor XSAVE states, meaning that * the XSAVEC instruction (which works fine) is equivalent. diff --git a/patches/kernel/0014-block-fix-request.queuelist-usage-in-flush.patch b/patches/kernel/0014-block-fix-request.queuelist-usage-in-flush.patch deleted file mode 100644 index 71c7d3e..0000000 --- a/patches/kernel/0014-block-fix-request.queuelist-usage-in-flush.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chengming Zhou -Date: Sat, 8 Jun 2024 22:31:15 +0800 -Subject: [PATCH] block: fix request.queuelist usage in flush - -Friedrich Weber reported a kernel crash problem and bisected to commit -81ada09cc25e ("blk-flush: reuse rq queuelist in flush state machine"). - -The root cause is that we use "list_move_tail(&rq->queuelist, pending)" -in the PREFLUSH/POSTFLUSH sequences. But rq->queuelist.next == xxx since -it's popped out from plug->cached_rq in __blk_mq_alloc_requests_batch(). -We don't initialize its queuelist just for this first request, although -the queuelist of all later popped requests will be initialized. - -Fix it by changing to use "list_add_tail(&rq->queuelist, pending)" so -rq->queuelist doesn't need to be initialized. It should be ok since rq -can't be on any list when PREFLUSH or POSTFLUSH, has no move actually. - -Please note the commit 81ada09cc25e ("blk-flush: reuse rq queuelist in -flush state machine") also has another requirement that no drivers would -touch rq->queuelist after blk_mq_end_request() since we will reuse it to -add rq to the post-flush pending list in POSTFLUSH. If this is not true, -we will have to revert that commit IMHO. - -This updated version adds "list_del_init(&rq->queuelist)" in flush rq -callback since the dm layer may submit request of a weird invalid format -(REQ_FSEQ_PREFLUSH | REQ_FSEQ_POSTFLUSH), which causes double list_add -if without this "list_del_init(&rq->queuelist)". The weird invalid format -problem should be fixed in dm layer. - -Reported-by: Friedrich Weber -Closes: https://lore.kernel.org/lkml/14b89dfb-505c-49f7-aebb-01c54451db40@proxmox.com/ -Closes: https://lore.kernel.org/lkml/c9d03ff7-27c5-4ebd-b3f6-5a90d96f35ba@proxmox.com/ -Fixes: 81ada09cc25e ("blk-flush: reuse rq queuelist in flush state machine") -Cc: Christoph Hellwig -Cc: ming.lei@redhat.com -Cc: bvanassche@acm.org -Tested-by: Friedrich Weber -Signed-off-by: Chengming Zhou ---- - block/blk-flush.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/block/blk-flush.c b/block/blk-flush.c -index 3f4d41952ef2..d72b57898b23 100644 ---- a/block/blk-flush.c -+++ b/block/blk-flush.c -@@ -183,7 +183,7 @@ static void blk_flush_complete_seq(struct request *rq, - /* queue for flush */ - if (list_empty(pending)) - fq->flush_pending_since = jiffies; -- list_move_tail(&rq->queuelist, pending); -+ list_add_tail(&rq->queuelist, pending); - break; - - case REQ_FSEQ_DATA: -@@ -261,6 +261,7 @@ static enum rq_end_io_ret flush_end_io(struct request *flush_rq, - unsigned int seq = blk_flush_cur_seq(rq); - - BUG_ON(seq != REQ_FSEQ_PREFLUSH && seq != REQ_FSEQ_POSTFLUSH); -+ list_del_init(&rq->queuelist); - blk_flush_complete_seq(rq, fq, seq, error); - } - diff --git a/patches/kernel/0018-cifs-fix-pagecache-leak-when-do-writepages.patch b/patches/kernel/0014-cifs-fix-pagecache-leak-when-do-writepages.patch similarity index 100% rename from patches/kernel/0018-cifs-fix-pagecache-leak-when-do-writepages.patch rename to patches/kernel/0014-cifs-fix-pagecache-leak-when-do-writepages.patch diff --git a/patches/kernel/0019-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch b/patches/kernel/0015-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch similarity index 100% rename from patches/kernel/0019-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch rename to patches/kernel/0015-drm-amdgpu-pm-Don-t-use-OD-table-on-Arcturus.patch diff --git a/patches/kernel/0015-scsi-core-Handle-devices-which-return-an-unusually-l.patch b/patches/kernel/0015-scsi-core-Handle-devices-which-return-an-unusually-l.patch deleted file mode 100644 index 7c15a45..0000000 --- a/patches/kernel/0015-scsi-core-Handle-devices-which-return-an-unusually-l.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: "Martin K. Petersen" -Date: Mon, 20 May 2024 22:30:40 -0400 -Subject: [PATCH] scsi: core: Handle devices which return an unusually large - VPD page count - -Peter Schneider reported that a system would no longer boot after -updating to 6.8.4. Peter bisected the issue and identified commit -b5fc07a5fb56 ("scsi: core: Consult supported VPD page list prior to -fetching page") as being the culprit. - -Turns out the enclosure device in Peter's system reports a byteswapped -page length for VPD page 0. It reports "02 00" as page length instead -of "00 02". This causes us to attempt to access 516 bytes (page length -+ header) of information despite only 2 pages being present. - -Limit the page search scope to the size of our VPD buffer to guard -against devices returning a larger page count than requested. - -Link: https://lore.kernel.org/r/20240521023040.2703884-1-martin.petersen@oracle.com -Fixes: b5fc07a5fb56 ("scsi: core: Consult supported VPD page list prior to fetching page") -Cc: stable@vger.kernel.org -Reported-by: Peter Schneider -Closes: https://lore.kernel.org/all/eec6ebbf-061b-4a7b-96dc-ea748aa4d035@googlemail.com/ -Tested-by: Peter Schneider -Reviewed-by: Bart Van Assche -Signed-off-by: Martin K. Petersen ---- - drivers/scsi/scsi.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c -index 8cad9792a562..b3ff3a633a1e 100644 ---- a/drivers/scsi/scsi.c -+++ b/drivers/scsi/scsi.c -@@ -350,6 +350,13 @@ static int scsi_get_vpd_size(struct scsi_device *sdev, u8 page) - if (result < SCSI_VPD_HEADER_SIZE) - return 0; - -+ if (result > sizeof(vpd)) { -+ dev_warn_once(&sdev->sdev_gendev, -+ "%s: long VPD page 0 length: %d bytes\n", -+ __func__, result); -+ result = sizeof(vpd); -+ } -+ - result -= SCSI_VPD_HEADER_SIZE; - if (!memchr(&vpd[SCSI_VPD_HEADER_SIZE], page, result)) - return 0; diff --git a/patches/kernel/0020-SUNRPC-Fix-backchannel-reply-again.patch b/patches/kernel/0016-SUNRPC-Fix-backchannel-reply-again.patch similarity index 92% rename from patches/kernel/0020-SUNRPC-Fix-backchannel-reply-again.patch rename to patches/kernel/0016-SUNRPC-Fix-backchannel-reply-again.patch index 7fe2703..8b3242e 100644 --- a/patches/kernel/0020-SUNRPC-Fix-backchannel-reply-again.patch +++ b/patches/kernel/0016-SUNRPC-Fix-backchannel-reply-again.patch @@ -32,10 +32,10 @@ Signed-off-by: Fabian Grünbichler 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c -index b969e505c7b7..5fc974dda811 100644 +index bd61e257cda6..bac1886f07da 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c -@@ -1548,9 +1548,11 @@ void svc_process(struct svc_rqst *rqstp) +@@ -1546,9 +1546,11 @@ void svc_process(struct svc_rqst *rqstp) */ void svc_process_bc(struct rpc_rqst *req, struct svc_rqst *rqstp) { @@ -48,7 +48,7 @@ index b969e505c7b7..5fc974dda811 100644 /* Build the svc_rqst used by the common processing routine */ rqstp->rq_xid = req->rq_xid; -@@ -1603,6 +1605,7 @@ void svc_process_bc(struct rpc_rqst *req, struct svc_rqst *rqstp) +@@ -1601,6 +1603,7 @@ void svc_process_bc(struct rpc_rqst *req, struct svc_rqst *rqstp) timeout.to_initval = req->rq_xprt->timeout->to_initval; timeout.to_retries = req->rq_xprt->timeout->to_retries; } diff --git a/patches/kernel/0016-e1000e-change-usleep_range-to-udelay-in-PHY-mdic-acc.patch b/patches/kernel/0016-e1000e-change-usleep_range-to-udelay-in-PHY-mdic-acc.patch deleted file mode 100644 index dae35b0..0000000 --- a/patches/kernel/0016-e1000e-change-usleep_range-to-udelay-in-PHY-mdic-acc.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Vitaly Lifshits -Date: Mon, 29 Apr 2024 10:10:40 -0700 -Subject: [PATCH] e1000e: change usleep_range to udelay in PHY mdic access -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is a partial revert of commit 6dbdd4de0362 ("e1000e: Workaround -for sporadic MDI error on Meteor Lake systems"). The referenced commit -used usleep_range inside the PHY access routines, which are sometimes -called from an atomic context. This can lead to a kernel panic in some -scenarios, such as cable disconnection and reconnection on vPro systems. - -Solve this by changing the usleep_range calls back to udelay. - -Fixes: 6dbdd4de0362 ("e1000e: Workaround for sporadic MDI error on Meteor Lake systems") -Cc: stable@vger.kernel.org -Reported-by: Jérôme Carretero -Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218740 -Closes: https://lore.kernel.org/lkml/a7eb665c74b5efb5140e6979759ed243072cb24a.camel@zougloub.eu/ -Co-developed-by: Sasha Neftin -Signed-off-by: Sasha Neftin -Signed-off-by: Vitaly Lifshits -Tested-by: Dima Ruinskiy -Signed-off-by: Tony Nguyen -Reviewed-by: Simon Horman -Link: https://lore.kernel.org/r/20240429171040.1152516-1-anthony.l.nguyen@intel.com -Signed-off-by: Jakub Kicinski ---- - drivers/net/ethernet/intel/e1000e/phy.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/drivers/net/ethernet/intel/e1000e/phy.c b/drivers/net/ethernet/intel/e1000e/phy.c -index 93544f1cc2a5..f7ae0e0aa4a4 100644 ---- a/drivers/net/ethernet/intel/e1000e/phy.c -+++ b/drivers/net/ethernet/intel/e1000e/phy.c -@@ -157,7 +157,7 @@ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data) - * the lower time out - */ - for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { -- usleep_range(50, 60); -+ udelay(50); - mdic = er32(MDIC); - if (mdic & E1000_MDIC_READY) - break; -@@ -181,7 +181,7 @@ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data) - * reading duplicate data in the next MDIC transaction. - */ - if (hw->mac.type == e1000_pch2lan) -- usleep_range(100, 150); -+ udelay(100); - - if (success) { - *data = (u16)mdic; -@@ -237,7 +237,7 @@ s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data) - * the lower time out - */ - for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { -- usleep_range(50, 60); -+ udelay(50); - mdic = er32(MDIC); - if (mdic & E1000_MDIC_READY) - break; -@@ -261,7 +261,7 @@ s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data) - * reading duplicate data in the next MDIC transaction. - */ - if (hw->mac.type == e1000_pch2lan) -- usleep_range(100, 150); -+ udelay(100); - - if (success) - return 0; diff --git a/patches/kernel/0021-tap-add-missing-verification-for-short-frame.patch b/patches/kernel/0017-tap-add-missing-verification-for-short-frame.patch similarity index 100% rename from patches/kernel/0021-tap-add-missing-verification-for-short-frame.patch rename to patches/kernel/0017-tap-add-missing-verification-for-short-frame.patch diff --git a/patches/kernel/0017-virtio-pci-Check-if-is_avq-is-NULL.patch b/patches/kernel/0017-virtio-pci-Check-if-is_avq-is-NULL.patch deleted file mode 100644 index a886e4c..0000000 --- a/patches/kernel/0017-virtio-pci-Check-if-is_avq-is-NULL.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Li Zhang -Date: Tue, 18 Jun 2024 07:28:00 +0200 -Subject: [PATCH] virtio-pci: Check if is_avq is NULL - -BugLink: https://bugs.launchpad.net/bugs/2067862 - -[bug] -In the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved -to determine whether it is admin virtqueue, but this function vp_dev->is_avq - may be empty. For installations, virtio_pci_legacy does not assign a value - to vp_dev->is_avq. - -[fix] -Check whether it is vp_dev->is_avq before use. - -[test] -Test with virsh Attach device -Before this patch, the following command would crash the guest system - -After applying the patch, everything seems to be working fine. - -Signed-off-by: Li Zhang -Message-Id: <1710566754-3532-1-git-send-email-zhanglikernel@gmail.com> -Signed-off-by: Michael S. Tsirkin - -(cherry picked from commit c8fae27d141a32a1624d0d0d5419d94252824498) -Signed-off-by: Matthew Ruffell -Acked-by: Paolo Pisati -Acked-by: Manuel Diewald -Signed-off-by: Stefan Bader ---- - drivers/virtio/virtio_pci_common.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/virtio/virtio_pci_common.c b/drivers/virtio/virtio_pci_common.c -index b655fccaf773..3c18fc14cd66 100644 ---- a/drivers/virtio/virtio_pci_common.c -+++ b/drivers/virtio/virtio_pci_common.c -@@ -236,7 +236,7 @@ void vp_del_vqs(struct virtio_device *vdev) - int i; - - list_for_each_entry_safe(vq, n, &vdev->vqs, list) { -- if (vp_dev->is_avq(vdev, vq->index)) -+ if (vp_dev->is_avq && vp_dev->is_avq(vdev, vq->index)) - continue; - - if (vp_dev->per_vq_vectors) { diff --git a/patches/kernel/0022-tun-add-missing-verification-for-short-frame.patch b/patches/kernel/0018-tun-add-missing-verification-for-short-frame.patch similarity index 100% rename from patches/kernel/0022-tun-add-missing-verification-for-short-frame.patch rename to patches/kernel/0018-tun-add-missing-verification-for-short-frame.patch diff --git a/patches/kernel/0023-apparmor-fix-possible-NULL-pointer-dereference.patch b/patches/kernel/0019-apparmor-fix-possible-NULL-pointer-dereference.patch similarity index 100% rename from patches/kernel/0023-apparmor-fix-possible-NULL-pointer-dereference.patch rename to patches/kernel/0019-apparmor-fix-possible-NULL-pointer-dereference.patch diff --git a/patches/kernel/0024-bnxt_re-avoid-shift-undefined-behavior-in-bnxt_qplib.patch b/patches/kernel/0024-bnxt_re-avoid-shift-undefined-behavior-in-bnxt_qplib.patch deleted file mode 100644 index 75bc01a..0000000 --- a/patches/kernel/0024-bnxt_re-avoid-shift-undefined-behavior-in-bnxt_qplib.patch +++ /dev/null @@ -1,124 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Michal Schmidt -Date: Tue, 7 May 2024 12:39:28 +0200 -Subject: [PATCH] bnxt_re: avoid shift undefined behavior in - bnxt_qplib_alloc_init_hwq - -BugLink: https://bugs.launchpad.net/bugs/2071621 - -[ Upstream commit 78cfd17142ef70599d6409cbd709d94b3da58659 ] - -Undefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called -with hwq_attr->aux_depth != 0 and hwq_attr->aux_stride == 0. -In that case, "roundup_pow_of_two(hwq_attr->aux_stride)" gets called. -roundup_pow_of_two is documented as undefined for 0. - -Fix it in the one caller that had this combination. - -The undefined behavior was detected by UBSAN: - UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13 - shift exponent 64 is too large for 64-bit type 'long unsigned int' - CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4 - Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023 - Call Trace: - - dump_stack_lvl+0x5d/0x80 - ubsan_epilogue+0x5/0x30 - __ubsan_handle_shift_out_of_bounds.cold+0x61/0xec - __roundup_pow_of_two+0x25/0x35 [bnxt_re] - bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re] - bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re] - bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re] - ? srso_alias_return_thunk+0x5/0xfbef5 - ? srso_alias_return_thunk+0x5/0xfbef5 - ? __kmalloc+0x1b6/0x4f0 - ? create_qp.part.0+0x128/0x1c0 [ib_core] - ? __pfx_bnxt_re_create_qp+0x10/0x10 [bnxt_re] - create_qp.part.0+0x128/0x1c0 [ib_core] - ib_create_qp_kernel+0x50/0xd0 [ib_core] - create_mad_qp+0x8e/0xe0 [ib_core] - ? __pfx_qp_event_handler+0x10/0x10 [ib_core] - ib_mad_init_device+0x2be/0x680 [ib_core] - add_client_context+0x10d/0x1a0 [ib_core] - enable_device_and_get+0xe0/0x1d0 [ib_core] - ib_register_device+0x53c/0x630 [ib_core] - ? srso_alias_return_thunk+0x5/0xfbef5 - bnxt_re_probe+0xbd8/0xe50 [bnxt_re] - ? __pfx_bnxt_re_probe+0x10/0x10 [bnxt_re] - auxiliary_bus_probe+0x49/0x80 - ? driver_sysfs_add+0x57/0xc0 - really_probe+0xde/0x340 - ? pm_runtime_barrier+0x54/0x90 - ? __pfx___driver_attach+0x10/0x10 - __driver_probe_device+0x78/0x110 - driver_probe_device+0x1f/0xa0 - __driver_attach+0xba/0x1c0 - bus_for_each_dev+0x8f/0xe0 - bus_add_driver+0x146/0x220 - driver_register+0x72/0xd0 - __auxiliary_driver_register+0x6e/0xd0 - ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re] - bnxt_re_mod_init+0x3e/0xff0 [bnxt_re] - ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re] - do_one_initcall+0x5b/0x310 - do_init_module+0x90/0x250 - init_module_from_file+0x86/0xc0 - idempotent_init_module+0x121/0x2b0 - __x64_sys_finit_module+0x5e/0xb0 - do_syscall_64+0x82/0x160 - ? srso_alias_return_thunk+0x5/0xfbef5 - ? syscall_exit_to_user_mode_prepare+0x149/0x170 - ? srso_alias_return_thunk+0x5/0xfbef5 - ? syscall_exit_to_user_mode+0x75/0x230 - ? srso_alias_return_thunk+0x5/0xfbef5 - ? do_syscall_64+0x8e/0x160 - ? srso_alias_return_thunk+0x5/0xfbef5 - ? __count_memcg_events+0x69/0x100 - ? srso_alias_return_thunk+0x5/0xfbef5 - ? count_memcg_events.constprop.0+0x1a/0x30 - ? srso_alias_return_thunk+0x5/0xfbef5 - ? handle_mm_fault+0x1f0/0x300 - ? srso_alias_return_thunk+0x5/0xfbef5 - ? do_user_addr_fault+0x34e/0x640 - ? srso_alias_return_thunk+0x5/0xfbef5 - ? srso_alias_return_thunk+0x5/0xfbef5 - entry_SYSCALL_64_after_hwframe+0x76/0x7e - RIP: 0033:0x7f4e5132821d - Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 db 0c 00 f7 d8 64 89 01 48 - RSP: 002b:00007ffca9c906a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 - RAX: ffffffffffffffda RBX: 0000563ec8a8f130 RCX: 00007f4e5132821d - RDX: 0000000000000000 RSI: 00007f4e518fa07d RDI: 000000000000003b - RBP: 00007ffca9c90760 R08: 00007f4e513f6b20 R09: 00007ffca9c906f0 - R10: 0000563ec8a8faa0 R11: 0000000000000246 R12: 00007f4e518fa07d - R13: 0000000000020000 R14: 0000563ec8409e90 R15: 0000563ec8a8fa60 - - ---[ end trace ]--- - -Fixes: 0c4dcd602817 ("RDMA/bnxt_re: Refactor hardware queue memory allocation") -Signed-off-by: Michal Schmidt -Link: https://lore.kernel.org/r/20240507103929.30003-1-mschmidt@redhat.com -Acked-by: Selvin Xavier -Signed-off-by: Leon Romanovsky -Signed-off-by: Sasha Levin -Signed-off-by: Manuel Diewald -Signed-off-by: Stefan Bader -(cherry picked from commit 949beca2d9ddb69c2ccd39e5fd5d062c81fe0db0) -Signed-off-by: Fiona Ebner ---- - drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/drivers/infiniband/hw/bnxt_re/qplib_fp.c b/drivers/infiniband/hw/bnxt_re/qplib_fp.c -index 439d0c7c5d0c..04258676d072 100644 ---- a/drivers/infiniband/hw/bnxt_re/qplib_fp.c -+++ b/drivers/infiniband/hw/bnxt_re/qplib_fp.c -@@ -1013,7 +1013,8 @@ int bnxt_qplib_create_qp(struct bnxt_qplib_res *res, struct bnxt_qplib_qp *qp) - hwq_attr.stride = sizeof(struct sq_sge); - hwq_attr.depth = bnxt_qplib_get_depth(sq); - hwq_attr.aux_stride = psn_sz; -- hwq_attr.aux_depth = bnxt_qplib_set_sq_size(sq, qp->wqe_mode); -+ hwq_attr.aux_depth = psn_sz ? bnxt_qplib_set_sq_size(sq, qp->wqe_mode) -+ : 0; - /* Update msn tbl size */ - if (BNXT_RE_HW_RETX(qp->dev_cap_flags) && psn_sz) { - hwq_attr.aux_depth = roundup_pow_of_two(bnxt_qplib_set_sq_size(sq, qp->wqe_mode));