krd/linux
1
0
Fork 0
Code Activity

release 6.14.3

Browse Source
This commit is contained in:
Konstantin Demin
2025-04-21 02:06:41 +03:00
parent 0a221c5ce2
commit f2e779751a
83 changed files with 1201 additions and 921 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
debian/patches/patchset-pf/amd-pstate/0001-cpufreq-amd-pstate-Remove-the-redundant-des_perf-cla.patch vendored
View File

@@ -1,4 +1,4 @@
From 769d2f0a23fcf67207d5e931610eab2ced40548a Mon Sep 17 00:00:00 2001
From cb40e98d75a75567cbd10f9fc69c2ec12c87a445 Mon Sep 17 00:00:00 2001
From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
Date: Wed, 5 Feb 2025 11:25:15 +0000
Subject: cpufreq/amd-pstate: Remove the redundant des_perf clamping in

2
debian/patches/patchset-pf/amd-pstate/0002-cpufreq-amd-pstate-Modularize-perf-freq-conversion.patch vendored
View File

@@ -1,4 +1,4 @@
From c2642290e7fbce1a301cd30fa3f78ef37defd52e Mon Sep 17 00:00:00 2001
From f58e440e56a6c8a2c04894e5d169d1a98a8ce74f Mon Sep 17 00:00:00 2001
From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
Date: Wed, 5 Feb 2025 11:25:18 +0000
Subject: cpufreq/amd-pstate: Modularize perf<->freq conversion

2
debian/patches/patchset-pf/amd-pstate/0003-cpufreq-amd-pstate-Remove-the-unnecessary-cpufreq_up.patch vendored
View File

@@ -1,4 +1,4 @@
From 9560891ef76a2badb9f2e9cb2778938086ac9a04 Mon Sep 17 00:00:00 2001
From 0a12d4a3ca1a996c1073d60c6775424972e8b7b9 Mon Sep 17 00:00:00 2001
From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
Date: Wed, 5 Feb 2025 11:25:19 +0000
Subject: cpufreq/amd-pstate: Remove the unnecessary cpufreq_update_policy call

2
debian/patches/patchset-pf/amd-pstate/0004-cpufreq-amd-pstate-Use-scope-based-cleanup-for-cpufr.patch vendored
View File

@@ -1,4 +1,4 @@
From 47e014be8e6a12cdfa6502bd9c93df9f83ba2b40 Mon Sep 17 00:00:00 2001
From ab0520499c83ff44d468f1b2b604c85e2f78d694 Mon Sep 17 00:00:00 2001
From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
Date: Wed, 5 Feb 2025 11:25:22 +0000
Subject: cpufreq/amd-pstate: Use scope based cleanup for cpufreq_policy refs

2
debian/patches/patchset-pf/amd-pstate/0005-cpufreq-amd-pstate-Remove-the-unncecessary-driver_lo.patch vendored
View File

@@ -1,4 +1,4 @@
From ca860ed821a42d909190ca3f33d9c8b2cae6fe52 Mon Sep 17 00:00:00 2001
From 658a4b7a41583e3b73477c0fbbee07aa6d6f7e0e Mon Sep 17 00:00:00 2001
From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
Date: Wed, 5 Feb 2025 11:25:23 +0000
Subject: cpufreq/amd-pstate: Remove the unncecessary driver_lock in

2
debian/patches/patchset-pf/amd-pstate/0006-cpufreq-amd-pstate-Fix-the-clamping-of-perf-values.patch vendored
View File

@@ -1,4 +1,4 @@
From cfa4817d112187bb3e2c16dfc0a70da23dff02fb Mon Sep 17 00:00:00 2001
From 20f8507de83bc844c6ff2329e61ffc37734364e9 Mon Sep 17 00:00:00 2001
From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
Date: Sat, 22 Feb 2025 03:32:22 +0000
Subject: cpufreq/amd-pstate: Fix the clamping of perf values

42
debian/patches/patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Invalidate-cppc_req_cached-during.patch vendored
View File

@@ -1,42 +0,0 @@
From 7f2dd53f1064ad9118a7346c154eb6b07535ccc1 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:16 -0600
Subject: cpufreq/amd-pstate: Invalidate cppc_req_cached during suspend
During resume it's possible the firmware didn't restore the CPPC request
MSR but the kernel thinks the values line up. This leads to incorrect
performance after resume from suspend.
To fix the issue invalidate the cached value at suspend. During resume use
the saved values programmed as cached limits.
Reviewed-by: Gautham R. Shenoy <gautham.shenoy@amd.com>
Reviewed-by: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
Reported-by: Miroslav Pavleski <miroslav@pavleski.net>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217931
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
---
drivers/cpufreq/amd-pstate.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/cpufreq/amd-pstate.c
+++ b/drivers/cpufreq/amd-pstate.c
@@ -1605,7 +1605,7 @@ static int amd_pstate_epp_reenable(struc
max_perf, policy->boost_enabled);
}
- return amd_pstate_update_perf(cpudata, 0, 0, max_perf, cpudata->epp_cached, false);
+ return amd_pstate_epp_update_limit(policy);
}
static int amd_pstate_epp_cpu_online(struct cpufreq_policy *policy)
@@ -1654,6 +1654,9 @@ static int amd_pstate_epp_suspend(struct
if (cppc_state != AMD_PSTATE_ACTIVE)
return 0;
+ /* invalidate to ensure it's rewritten during resume */
+ cpudata->cppc_req_cached = 0;
+
/* set this flag to avoid setting core offline*/
cpudata->suspended = true;

2
debian/patches/patchset-pf/amd-pstate/0008-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch → debian/patches/patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch vendored
View File

@@ -1,4 +1,4 @@
From c37ee0cb65bd828d36ebe05bd3fea883685f8da3 Mon Sep 17 00:00:00 2001
From 240a074b7f92278755df715be1ea5ea5d3d2f5ac Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:17 -0600
Subject: cpufreq/amd-pstate: Show a warning when a CPU fails to setup

2
debian/patches/patchset-pf/amd-pstate/0009-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch → debian/patches/patchset-pf/amd-pstate/0008-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch vendored
View File

@@ -1,4 +1,4 @@
From b4e1ebe4f5e836d9395383acc71f130846f925fb Mon Sep 17 00:00:00 2001
From 82520910e91d62f19c944ff17ba8f966553e79d6 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:18 -0600
Subject: cpufreq/amd-pstate: Drop min and max cached frequencies

2
debian/patches/patchset-pf/amd-pstate/0010-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch → debian/patches/patchset-pf/amd-pstate/0009-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch vendored
View File

@@ -1,4 +1,4 @@
From 719a773ca04ac885a29b292ef5b64dd4c25f39fe Mon Sep 17 00:00:00 2001
From 21109b42429e0d9f0ee1bfadddae38fb5b0b23c3 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:19 -0600
Subject: cpufreq/amd-pstate: Move perf values into a union

2
debian/patches/patchset-pf/amd-pstate/0011-cpufreq-amd-pstate-Overhaul-locking.patch → debian/patches/patchset-pf/amd-pstate/0010-cpufreq-amd-pstate-Overhaul-locking.patch vendored
View File

@@ -1,4 +1,4 @@
From 79ecccde4094c468608328a349c5fd16fbf2f43e Mon Sep 17 00:00:00 2001
From 0daee82069cfe4a322bed954a4a5f19226e49e95 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:20 -0600
Subject: cpufreq/amd-pstate: Overhaul locking

2
debian/patches/patchset-pf/amd-pstate/0012-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch → debian/patches/patchset-pf/amd-pstate/0011-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch vendored
View File

@@ -1,4 +1,4 @@
From 2b570ed010d10b0c2531642a7e0eba7b942ac6d4 Mon Sep 17 00:00:00 2001
From 7c820a91ffd02aa7e426e8801893575f218a7a80 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:21 -0600
Subject: cpufreq/amd-pstate: Drop `cppc_cap1_cached`

2
debian/patches/patchset-pf/amd-pstate/0013-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch → debian/patches/patchset-pf/amd-pstate/0012-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch vendored
View File

@@ -1,4 +1,4 @@
From 47fac320cc620c0df7597d28394279d87f94e9a4 Mon Sep 17 00:00:00 2001
From 5d0c340db98de378a11abfbaf587b6e601e7291c Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:22 -0600
Subject: cpufreq/amd-pstate-ut: Use _free macro to free put policy

2
debian/patches/patchset-pf/amd-pstate/0014-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch → debian/patches/patchset-pf/amd-pstate/0013-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch vendored
View File

@@ -1,4 +1,4 @@
From 70f7a9af7ff80b58393e62168523c0a27f12da22 Mon Sep 17 00:00:00 2001
From 8937b7068ca30072c4c4cf4c22000112afbd6839 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:23 -0600
Subject: cpufreq/amd-pstate-ut: Allow lowest nonlinear and lowest to be the

2
debian/patches/patchset-pf/amd-pstate/0015-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch → debian/patches/patchset-pf/amd-pstate/0014-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch vendored
View File

@@ -1,4 +1,4 @@
From fc2391caced7c17d7228faf7fdff83fe01240888 Mon Sep 17 00:00:00 2001
From 8cb701e059fa08dcb9ab74e3c84abc224ff72714 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:24 -0600
Subject: cpufreq/amd-pstate-ut: Drop SUCCESS and FAIL enums

2
debian/patches/patchset-pf/amd-pstate/0016-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch → debian/patches/patchset-pf/amd-pstate/0015-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch vendored
View File

@@ -1,4 +1,4 @@
From c4b9333baaa421f7930f2c9f776dac1ba71999d0 Mon Sep 17 00:00:00 2001
From c553e0165997349a3f831fa04bdd7f61913a3442 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:25 -0600
Subject: cpufreq/amd-pstate-ut: Run on all of the correct CPUs

2
debian/patches/patchset-pf/amd-pstate/0017-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch → debian/patches/patchset-pf/amd-pstate/0016-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch vendored
View File

@@ -1,4 +1,4 @@
From 84e96fb98ef86f82afc0ab00c17bf263163ea5df Mon Sep 17 00:00:00 2001
From c4197fd693cb98a8a71557187a7cf592d6b68b3c Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:26 -0600
Subject: cpufreq/amd-pstate-ut: Adjust variable scope

2
debian/patches/patchset-pf/amd-pstate/0018-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch → debian/patches/patchset-pf/amd-pstate/0017-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch vendored
View File

@@ -1,4 +1,4 @@
From 0b5b3c1580120d99ab30a883086961138037a310 Mon Sep 17 00:00:00 2001
From 19c375251767f49b62894d3b4782f0b8b01313b8 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:27 -0600
Subject: cpufreq/amd-pstate: Replace all AMD_CPPC_* macros with masks

2
debian/patches/patchset-pf/amd-pstate/0019-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch → debian/patches/patchset-pf/amd-pstate/0018-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch vendored
View File

@@ -1,4 +1,4 @@
From 47cc0c90ca4166b134bf13b959ba85a74dd62e6f Mon Sep 17 00:00:00 2001
From bb7fadf4a86e19b52cbe850c9274bfa643d3ce52 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:28 -0600
Subject: cpufreq/amd-pstate: Cache CPPC request in shared mem case too

2
debian/patches/patchset-pf/amd-pstate/0020-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch → debian/patches/patchset-pf/amd-pstate/0019-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch vendored
View File

@@ -1,4 +1,4 @@
From f1030cf846b41bb466ca139da33d5cc743a8dca6 Mon Sep 17 00:00:00 2001
From e02f8a14d44223160d348d5841cc3dd916a14401 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:29 -0600
Subject: cpufreq/amd-pstate: Move all EPP tracing into *_update_perf and

2
debian/patches/patchset-pf/amd-pstate/0021-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch → debian/patches/patchset-pf/amd-pstate/0020-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch vendored
View File

@@ -1,4 +1,4 @@
From 0355adaaef43590373457b0a33195fa458cfecbc Mon Sep 17 00:00:00 2001
From 5f0b3bf5497422293576a0783e47d203c52ed863 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:30 -0600
Subject: cpufreq/amd-pstate: Update cppc_req_cached for shared mem EPP writes

2
debian/patches/patchset-pf/amd-pstate/0022-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch → debian/patches/patchset-pf/amd-pstate/0021-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch vendored
View File

@@ -1,4 +1,4 @@
From 65fa376d4387463f1b06248ef590898c1ad35b46 Mon Sep 17 00:00:00 2001
From 6c2201fe880d7d35fbde67d74ec1989f053cc0bd Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:31 -0600
Subject: cpufreq/amd-pstate: Drop debug statements for policy setting

2
debian/patches/patchset-pf/amd-pstate/0023-cpufreq-amd-pstate-Rework-CPPC-enabling.patch → debian/patches/patchset-pf/amd-pstate/0022-cpufreq-amd-pstate-Rework-CPPC-enabling.patch vendored
View File

@@ -1,4 +1,4 @@
From 394034d8e0bde7bd8bd482d4924f8883ff6f4cbe Mon Sep 17 00:00:00 2001
From 3c5030a27361deff20bec5d43339109901f3198c Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:32 -0600
Subject: cpufreq/amd-pstate: Rework CPPC enabling

2
debian/patches/patchset-pf/amd-pstate/0024-cpufreq-amd-pstate-Stop-caching-EPP.patch → debian/patches/patchset-pf/amd-pstate/0023-cpufreq-amd-pstate-Stop-caching-EPP.patch vendored
View File

@@ -1,4 +1,4 @@
From 50fccd9d8304b992bbea9088abe4ee33786d9805 Mon Sep 17 00:00:00 2001
From c06cca99a6d74e7a6d6f020dbf982b0b9bf704e6 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:33 -0600
Subject: cpufreq/amd-pstate: Stop caching EPP

2
debian/patches/patchset-pf/amd-pstate/0025-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch → debian/patches/patchset-pf/amd-pstate/0024-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch vendored
View File

@@ -1,4 +1,4 @@
From c940323e2d0e3f449f6a1c343c9d94f2e57c3eda Mon Sep 17 00:00:00 2001
From a82e4f4eb6e5e9806c66285cb3cefde644b8ea6b Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:34 -0600
Subject: cpufreq/amd-pstate: Drop actions in amd_pstate_epp_cpu_offline()

2
debian/patches/patchset-pf/amd-pstate/0026-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch → debian/patches/patchset-pf/amd-pstate/0025-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch vendored
View File

@@ -1,4 +1,4 @@
From 401a66269205902153f18f78963e53cb14f99b83 Mon Sep 17 00:00:00 2001
From de3dd387423b30565e846e0ff4424e2c99164030 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <superm1@kernel.org>
Date: Thu, 27 Feb 2025 14:09:08 -0600
Subject: cpufreq/amd-pstate: fix warning noticed by kernel test robot

2
debian/patches/patchset-pf/amd-pstate/0027-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch → debian/patches/patchset-pf/amd-pstate/0026-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch vendored
View File

@@ -1,4 +1,4 @@
From 6b89403370ff0c33e2491dd700b601c438c7f9b2 Mon Sep 17 00:00:00 2001
From 7e68278a4a90d52966b923404a2d280e3a83b66f Mon Sep 17 00:00:00 2001
From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
Date: Mon, 7 Apr 2025 08:19:26 +0000
Subject: cpufreq/amd-pstate: Fix min_limit perf and freq updation for

76
debian/patches/patchset-pf/btrfs/0001-btrfs-fix-non-empty-delayed-iputs-list-on-unmount-du.patch vendored
View File

@@ -1,76 +0,0 @@
From 361b73ca6606d8bace6fe78b63d508d747c6689a Mon Sep 17 00:00:00 2001
From: Filipe Manana <fdmanana@suse.com>
Date: Wed, 5 Mar 2025 16:52:26 +0000
Subject: btrfs: fix non-empty delayed iputs list on unmount due to compressed
write workers
At close_ctree() after we have ran delayed iputs either through explicitly
calling btrfs_run_delayed_iputs() or later during the call to
btrfs_commit_super() or btrfs_error_commit_super(), we assert that the
delayed iputs list is empty.
When we have compressed writes this assertion may fail because delayed
iputs may have been added to the list after we last ran delayed iputs.
This happens like this:
1) We have a compressed write bio executing;
2) We enter close_ctree() and flush the fs_info->endio_write_workers
queue which is the queue used for running ordered extent completion;
3) The compressed write bio finishes and enters
btrfs_finish_compressed_write_work(), where it calls
btrfs_finish_ordered_extent() which in turn calls
btrfs_queue_ordered_fn(), which queues a work item in the
fs_info->endio_write_workers queue that we have flushed before;
4) At close_ctree() we proceed, run all existing delayed iputs and
call btrfs_commit_super() (which also runs delayed iputs), but before
we run the following assertion below:
ASSERT(list_empty(&fs_info->delayed_iputs))
A delayed iput is added by the step below...
5) The ordered extent completion job queued in step 3 runs and results in
creating a delayed iput when dropping the last reference of the ordered
extent (a call to btrfs_put_ordered_extent() made from
btrfs_finish_one_ordered());
6) At this point the delayed iputs list is not empty, so the assertion at
close_ctree() fails.
Fix this by flushing the fs_info->compressed_write_workers queue at
close_ctree() before flushing the fs_info->endio_write_workers queue,
respecting the queue dependency as the later is responsible for the
execution of ordered extent completion.
CC: stable@vger.kernel.org # 5.15+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
---
fs/btrfs/disk-io.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -4349,6 +4349,18 @@ void __cold close_ctree(struct btrfs_fs_
btrfs_flush_workqueue(fs_info->delalloc_workers);
/*
+ * When finishing a compressed write bio we schedule a work queue item
+ * to finish an ordered extent - btrfs_finish_compressed_write_work()
+ * calls btrfs_finish_ordered_extent() which in turns does a call to
+ * btrfs_queue_ordered_fn(), and that queues the ordered extent
+ * completion either in the endio_write_workers work queue or in the
+ * fs_info->endio_freespace_worker work queue. We flush those queues
+ * below, so before we flush them we must flush this queue for the
+ * workers of compressed writes.
+ */
+ flush_workqueue(fs_info->compressed_write_workers);
+
+ /*
* After we parked the cleaner kthread, ordered extents may have
* completed and created new delayed iputs. If one of the async reclaim
* tasks is running and in the RUN_DELAYED_IPUTS flush state, then we

30
debian/patches/patchset-pf/btrfs/0002-btrfs-tests-fix-chunk-map-leak-after-failure-to-add-.patch vendored
View File

@@ -1,30 +0,0 @@
From 9ac804f2001675a05f01a2f74af0c85861801e59 Mon Sep 17 00:00:00 2001
From: Filipe Manana <fdmanana@suse.com>
Date: Tue, 11 Mar 2025 15:50:50 +0000
Subject: btrfs: tests: fix chunk map leak after failure to add it to the tree
If we fail to add the chunk map to the fs mapping tree we exit
test_rmap_block() without freeing the chunk map. Fix this by adding a
call to btrfs_free_chunk_map() before exiting the test function if the
call to btrfs_add_chunk_map() failed.
Fixes: 7dc66abb5a47 ("btrfs: use a dedicated data structure for chunk maps")
CC: stable@vger.kernel.org # 6.12+
Reviewed-by: Boris Burkov <boris@bur.io>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
---
fs/btrfs/tests/extent-map-tests.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/btrfs/tests/extent-map-tests.c
+++ b/fs/btrfs/tests/extent-map-tests.c
@@ -1045,6 +1045,7 @@ static int test_rmap_block(struct btrfs_
ret = btrfs_add_chunk_map(fs_info, map);
if (ret) {
test_err("error adding chunk map to mapping tree");
+ btrfs_free_chunk_map(map);
goto out_free;
}

36
debian/patches/patchset-pf/btrfs/0003-btrfs-zoned-fix-zone-activation-with-missing-devices.patch vendored
View File

@@ -1,36 +0,0 @@
From 2d168cd506ec0b7a7619433aa0299b0be05ce655 Mon Sep 17 00:00:00 2001
From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Date: Mon, 17 Mar 2025 12:24:58 +0100
Subject: btrfs: zoned: fix zone activation with missing devices
If btrfs_zone_activate() is called with a filesystem that has missing
devices (e.g. a RAID file system mounted in degraded mode) it is accessing
the btrfs_device::zone_info pointer, which will not be set if the device in
question is missing.
Check if the device is present (by checking if it has a valid block
device pointer associated) and if not, skip zone activation for it.
Fixes: f9a912a3c45f ("btrfs: zoned: make zone activation multi stripe capable")
CC: stable@vger.kernel.org # 6.1+
Reviewed-by: Naohiro Aota <naohiro.aota@wdc.com>
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
---
fs/btrfs/zoned.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/btrfs/zoned.c
+++ b/fs/btrfs/zoned.c
@@ -2111,6 +2111,9 @@ bool btrfs_zone_activate(struct btrfs_bl
physical = map->stripes[i].physical;
zinfo = device->zone_info;
+ if (!device->bdev)
+ continue;
+
if (zinfo->max_active_zones == 0)
continue;

36
debian/patches/patchset-pf/btrfs/0004-btrfs-zoned-fix-zone-finishing-with-missing-devices.patch vendored
View File

@@ -1,36 +0,0 @@
From 5d05bf549f00ac4b04476b749847a7fcb019a73f Mon Sep 17 00:00:00 2001
From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Date: Mon, 17 Mar 2025 12:24:59 +0100
Subject: btrfs: zoned: fix zone finishing with missing devices
If do_zone_finish() is called with a filesystem that has missing devices
(e.g. a RAID file system mounted in degraded mode) it is accessing the
btrfs_device::zone_info pointer, which will not be set if the device
in question is missing.
Check if the device is present (by checking if it has a valid block device
pointer associated) and if not, skip zone finishing for it.
Fixes: 4dcbb8ab31c1 ("btrfs: zoned: make zone finishing multi stripe capable")
CC: stable@vger.kernel.org # 6.1+
Reviewed-by: Naohiro Aota <naohiro.aota@wdc.com>
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
---
fs/btrfs/zoned.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/btrfs/zoned.c
+++ b/fs/btrfs/zoned.c
@@ -2275,6 +2275,9 @@ static int do_zone_finish(struct btrfs_b
struct btrfs_zoned_device_info *zinfo = device->zone_info;
unsigned int nofs_flags;
+ if (!device->bdev)
+ continue;
+
if (zinfo->max_active_zones == 0)
continue;

4
debian/patches/patchset-pf/fixes/0002-Kunit-to-check-the-longest-symbol-length.patch → debian/patches/patchset-pf/fixes/0001-Kunit-to-check-the-longest-symbol-length.patch vendored
View File

@@ -1,4 +1,4 @@
From 065753c4084d8ea0b55b8a5abbba3291eeaf5979 Mon Sep 17 00:00:00 2001
From a1eb9a3160dc9e3cee6abdeab8e41c2265a2d7a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sergio=20Gonz=C3=A1lez=20Collado?=
<sergio.collado@gmail.com>
Date: Sun, 2 Mar 2025 23:15:18 +0100
@@ -80,7 +80,7 @@ Cherry-picked-for: https://gitlab.archlinux.org/archlinux/packaging/packages/lin
depends on HAVE_HW_BREAKPOINT
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -393,6 +393,8 @@ obj-$(CONFIG_FORTIFY_KUNIT_TEST) += fort
@@ -398,6 +398,8 @@ obj-$(CONFIG_FORTIFY_KUNIT_TEST) += fort
obj-$(CONFIG_CRC_KUNIT_TEST) += crc_kunit.o
obj-$(CONFIG_SIPHASH_KUNIT_TEST) += siphash_kunit.o
obj-$(CONFIG_USERCOPY_KUNIT_TEST) += usercopy_kunit.o

94
debian/patches/patchset-pf/fixes/0001-tpm-do-not-start-chip-while-suspended.patch vendored
View File

@@ -1,94 +0,0 @@
From 04eeb2f53dc530f0f724687b9ed2efdb86c59aed Mon Sep 17 00:00:00 2001
From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Date: Fri, 7 Feb 2025 15:07:46 -0300
Subject: tpm: do not start chip while suspended
Checking TPM_CHIP_FLAG_SUSPENDED after the call to tpm_find_get_ops() can
lead to a spurious tpm_chip_start() call:
[35985.503771] i2c i2c-1: Transfer while suspended
[35985.503796] WARNING: CPU: 0 PID: 74 at drivers/i2c/i2c-core.h:56 __i2c_transfer+0xbe/0x810
[35985.503802] Modules linked in:
[35985.503808] CPU: 0 UID: 0 PID: 74 Comm: hwrng Tainted: G W 6.13.0-next-20250203-00005-gfa0cb5642941 #19 9c3d7f78192f2d38e32010ac9c90fdc71109ef6f
[35985.503814] Tainted: [W]=WARN
[35985.503817] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023
[35985.503819] RIP: 0010:__i2c_transfer+0xbe/0x810
[35985.503825] Code: 30 01 00 00 4c 89 f7 e8 40 fe d8 ff 48 8b 93 80 01 00 00 48 85 d2 75 03 49 8b 16 48 c7 c7 0a fb 7c a7 48 89 c6 e8 32 ad b0 fe <0f> 0b b8 94 ff ff ff e9 33 04 00 00 be 02 00 00 00 83 fd 02 0f 5
[35985.503828] RSP: 0018:ffffa106c0333d30 EFLAGS: 00010246
[35985.503833] RAX: 074ba64aa20f7000 RBX: ffff8aa4c1167120 RCX: 0000000000000000
[35985.503836] RDX: 0000000000000000 RSI: ffffffffa77ab0e4 RDI: 0000000000000001
[35985.503838] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[35985.503841] R10: 0000000000000004 R11: 00000001000313d5 R12: ffff8aa4c10f1820
[35985.503843] R13: ffff8aa4c0e243c0 R14: ffff8aa4c1167250 R15: ffff8aa4c1167120
[35985.503846] FS: 0000000000000000(0000) GS:ffff8aa4eae00000(0000) knlGS:0000000000000000
[35985.503849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[35985.503852] CR2: 00007fab0aaf1000 CR3: 0000000105328000 CR4: 00000000003506f0
[35985.503855] Call Trace:
[35985.503859] <TASK>
[35985.503863] ? __warn+0xd4/0x260
[35985.503868] ? __i2c_transfer+0xbe/0x810
[35985.503874] ? report_bug+0xf3/0x210
[35985.503882] ? handle_bug+0x63/0xb0
[35985.503887] ? exc_invalid_op+0x16/0x50
[35985.503892] ? asm_exc_invalid_op+0x16/0x20
[35985.503904] ? __i2c_transfer+0xbe/0x810
[35985.503913] tpm_cr50_i2c_transfer_message+0x24/0xf0
[35985.503920] tpm_cr50_i2c_read+0x8e/0x120
[35985.503928] tpm_cr50_request_locality+0x75/0x170
[35985.503935] tpm_chip_start+0x116/0x160
[35985.503942] tpm_try_get_ops+0x57/0x90
[35985.503948] tpm_find_get_ops+0x26/0xd0
[35985.503955] tpm_get_random+0x2d/0x80
Don't move forward with tpm_chip_start() inside tpm_try_get_ops(), unless
TPM_CHIP_FLAG_SUSPENDED is not set. tpm_find_get_ops() will return NULL in
such a failure case.
Fixes: 9265fed6db60 ("tpm: Lock TPM chip in tpm_pm_suspend() first")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Cc: stable@vger.kernel.org
Cc: Jerry Snitselaar <jsnitsel@redhat.com>
Cc: Mike Seo <mikeseohyungjin@gmail.com>
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
---
drivers/char/tpm/tpm-chip.c | 5 +++++
drivers/char/tpm/tpm-interface.c | 7 -------
2 files changed, 5 insertions(+), 7 deletions(-)
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -168,6 +168,11 @@ int tpm_try_get_ops(struct tpm_chip *chi
goto out_ops;
mutex_lock(&chip->tpm_mutex);
+
+ /* tmp_chip_start may issue IO that is denied while suspended */
+ if (chip->flags & TPM_CHIP_FLAG_SUSPENDED)
+ goto out_lock;
+
rc = tpm_chip_start(chip);
if (rc)
goto out_lock;
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -445,18 +445,11 @@ int tpm_get_random(struct tpm_chip *chip
if (!chip)
return -ENODEV;
- /* Give back zero bytes, as TPM chip has not yet fully resumed: */
- if (chip->flags & TPM_CHIP_FLAG_SUSPENDED) {
- rc = 0;
- goto out;
- }
-
if (chip->flags & TPM_CHIP_FLAG_TPM2)
rc = tpm2_get_random(chip, out, max);
else
rc = tpm1_get_random(chip, out, max);
-out:
tpm_put_ops(chip);
return rc;
}

2
debian/patches/patchset-pf/fixes/0003-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch → debian/patches/patchset-pf/fixes/0002-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch vendored
View File

@@ -1,4 +1,4 @@
From 7f3eaa6a64048a0259d2daae8a91e64fbd749641 Mon Sep 17 00:00:00 2001
From 1ff7499aaa4cec11be79e97c118978fd781073a6 Mon Sep 17 00:00:00 2001
From: Nathan Chancellor <nathan@kernel.org>
Date: Tue, 18 Mar 2025 15:32:30 -0700
Subject: x86/tools: Drop duplicate unlikely() definition in

2
debian/patches/patchset-pf/fixes/0007-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch → debian/patches/patchset-pf/fixes/0003-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch vendored
View File

@@ -1,4 +1,4 @@
From 3cfeab379362feb285fdb631ebc65539c1559034 Mon Sep 17 00:00:00 2001
From 72096487bfe8ebc52731c264536418c51854d999 Mon Sep 17 00:00:00 2001
From: Alex Deucher <alexander.deucher@amd.com>
Date: Thu, 27 Mar 2025 17:33:49 -0400
Subject: drm/amdgpu/mes11: optimize MES pipe FW version fetching

2
debian/patches/patchset-pf/fixes/0008-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch → debian/patches/patchset-pf/fixes/0004-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch vendored
View File

@@ -1,4 +1,4 @@
From 1ad7c482a722a7c918609390e479c9dd4f717539 Mon Sep 17 00:00:00 2001
From a1dfb99dca82ff97b00ce76f8f987ade471875d1 Mon Sep 17 00:00:00 2001
From: Jarkko Sakkinen <jarkko@kernel.org>
Date: Mon, 7 Apr 2025 15:28:05 +0300
Subject: tpm: Mask TPM RC in tpm2_start_auth_session()

44
debian/patches/patchset-pf/fixes/0004-tpm-tpm_tis-Fix-timeout-handling-when-waiting-for-TP.patch vendored
View File

@@ -1,44 +0,0 @@
From cda754004cc36746f5197ed203d013dccf2f5146 Mon Sep 17 00:00:00 2001
From: Jonathan McDowell <noodles@meta.com>
Date: Wed, 12 Mar 2025 07:31:57 +0200
Subject: tpm, tpm_tis: Fix timeout handling when waiting for TPM status
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The change to only use interrupts to handle supported status changes
introduced an issue when it is necessary to poll for the status. Rather
than checking for the status after sleeping the code now sleeps after
the check. This means a correct, but slower, status change on the part
of the TPM can be missed, resulting in a spurious timeout error,
especially on a more loaded system. Switch back to sleeping *then*
checking. An up front check of the status has been done at the start of
the function, so this does not cause an additional delay when the status
is already what we're looking for.
Cc: stable@vger.kernel.org # v6.4+
Fixes: e87fcf0dc2b4 ("tpm, tpm_tis: Only handle supported interrupts")
Signed-off-by: Jonathan McDowell <noodles@meta.com>
Reviewed-by: Michal Suchánek <msuchanek@suse.de>
Reviewed-by: Lino Sanfilippo <l.sanfilippo@kunbus.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
drivers/char/tpm/tpm_tis_core.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -114,11 +114,10 @@ again:
return 0;
/* process status changes without irq support */
do {
+ usleep_range(priv->timeout_min, priv->timeout_max);
status = chip->ops->status(chip);
if ((status & mask) == mask)
return 0;
- usleep_range(priv->timeout_min,
- priv->timeout_max);
} while (time_before(jiffies, stop));
return -ETIME;
}

32
debian/patches/patchset-pf/fixes/0005-block-make-sure-nr_integrity_segments-is-cloned-in-b.patch vendored
View File

@@ -1,32 +0,0 @@
From 32df198f302abc95f532b55c7612c156d3febcd9 Mon Sep 17 00:00:00 2001
From: Ming Lei <ming.lei@redhat.com>
Date: Mon, 10 Mar 2025 19:54:53 +0800
Subject: block: make sure ->nr_integrity_segments is cloned in
blk_rq_prep_clone
Make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone(),
otherwise requests cloned by device-mapper multipath will not have the
proper nr_integrity_segments values set, then BUG() is hit from
sg_alloc_table_chained().
Fixes: b0fd271d5fba ("block: add request clone interface (v2)")
Cc: stable@vger.kernel.org
Cc: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20250310115453.2271109-1-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
---
block/blk-mq.c | 1 +
1 file changed, 1 insertion(+)
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -3314,6 +3314,7 @@ int blk_rq_prep_clone(struct request *rq
rq->special_vec = rq_src->special_vec;
}
rq->nr_phys_segments = rq_src->nr_phys_segments;
+ rq->nr_integrity_segments = rq_src->nr_integrity_segments;
if (rq->bio && blk_crypto_rq_bio_prep(rq, rq->bio, gfp_mask) < 0)
goto free_and_out;

2
debian/patches/patchset-pf/fixes/0009-ice-mark-ice_write_prof_mask_reg-as-noinline.patch → debian/patches/patchset-pf/fixes/0005-ice-mark-ice_write_prof_mask_reg-as-noinline.patch vendored
View File

@@ -1,4 +1,4 @@
From d3d3441d32966234778ab2e4a127ccccbc6ab092 Mon Sep 17 00:00:00 2001
From 7b594a3c7b41db58884da466607417ca27c08a1d Mon Sep 17 00:00:00 2001
From: Oleksandr Natalenko <oleksandr@natalenko.name>
Date: Tue, 8 Apr 2025 12:02:36 +0200
Subject: ice: mark ice_write_prof_mask_reg() as noinline

40
debian/patches/patchset-pf/fixes/0006-PCI-Fix-wrong-length-of-devres-array.patch vendored
View File

@@ -1,40 +0,0 @@
From 0c116e263170e1e5b7325af51659074c977b8a91 Mon Sep 17 00:00:00 2001
From: Philipp Stanner <phasta@kernel.org>
Date: Wed, 12 Mar 2025 09:06:34 +0100
Subject: PCI: Fix wrong length of devres array
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The array for the iomapping cookie addresses has a length of
PCI_STD_NUM_BARS. This constant, however, only describes standard BARs;
while PCI can allow for additional, special BARs.
The total number of PCI resources is described by constant
PCI_NUM_RESOURCES, which is also used in, e.g., pci_select_bars().
Thus, the devres array has so far been too small.
Change the length of the devres array to PCI_NUM_RESOURCES.
Link: https://lore.kernel.org/r/20250312080634.13731-3-phasta@kernel.org
Fixes: bbaff68bf4a4 ("PCI: Add managed partial-BAR request and map infrastructure")
Signed-off-by: Philipp Stanner <phasta@kernel.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
Cc: stable@vger.kernel.org # v6.11+
---
drivers/pci/devres.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/pci/devres.c
+++ b/drivers/pci/devres.c
@@ -40,7 +40,7 @@
* Legacy struct storing addresses to whole mapped BARs.
*/
struct pcim_iomap_devres {
- void __iomem *table[PCI_STD_NUM_BARS];
+ void __iomem *table[PCI_NUM_RESOURCES];
};
/* Used to restore the old INTx state on driver detach. */

4
debian/patches/patchset-pf/fixes/0010-fixes-6.14-update-tpm2_start_auth_session-fix.patch → debian/patches/patchset-pf/fixes/0006-fixes-6.14-update-tpm2_start_auth_session-fix.patch vendored
View File

@@ -1,4 +1,4 @@
From d8c360e932feed8798adf37ffad5d93e47ab032f Mon Sep 17 00:00:00 2001
From 42a4f494db975d62916c73f5d637aef9be343d70 Mon Sep 17 00:00:00 2001
From: Oleksandr Natalenko <oleksandr@natalenko.name>
Date: Tue, 8 Apr 2025 19:51:44 +0200
Subject: fixes-6.14: update tpm2_start_auth_session() fix
@@ -49,7 +49,7 @@ Signed-off-by: Oleksandr Natalenko <oleksandr@natalenko.name>
enum tpm2_command_codes {
TPM2_CC_FIRST = 0x011F,
TPM2_CC_HIERARCHY_CONTROL = 0x0121,
@@ -457,6 +437,24 @@ static inline u32 tpm2_rc_value(u32 rc)
@@ -458,6 +438,24 @@ static inline u32 tpm2_rc_value(u32 rc)
return (rc & BIT(7)) ? rc & 0xbf : rc;
}

2
debian/patches/patchset-pf/fixes/0011-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch → debian/patches/patchset-pf/fixes/0007-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch vendored
View File

@@ -1,4 +1,4 @@
From feadcb68955511723dbc2cad800e0524625d62c5 Mon Sep 17 00:00:00 2001
From f1e8e30bef3757904d9e963f02ef297cd0c33240 Mon Sep 17 00:00:00 2001
From: Alex Deucher <alexander.deucher@amd.com>
Date: Fri, 28 Mar 2025 09:08:57 -0400
Subject: drm/amdgpu/mes12: optimize MES pipe FW version fetching

50
debian/patches/patchset-pf/fixes/0008-wifi-iwlwifi-pcie-set-state-to-no-FW-before-reset-ha.patch vendored Normal file
View File

@@ -0,0 +1,50 @@
From 81c23adad48324b73fe0993f332407c5be050bb5 Mon Sep 17 00:00:00 2001
From: Johannes Berg <johannes.berg@intel.com>
Date: Thu, 3 Apr 2025 11:04:37 +0000
Subject: wifi: iwlwifi: pcie: set state to no-FW before reset handshake
The reset handshake attempts to kill the firmware, and it'll go
into a pretty much dead state once we do that. However, if it
times out, then we'll attempt to dump the firmware to be able
to see why it didn't respond. During this dump, we cannot treat
it as if it was still running, since we just tried to kill it,
otherwise dumping will attempt to send a DBGC stop command. As
this command will time out, we'll go into a reset loop.
For now, fix this by setting the trans->state to say firmware
isn't running before doing the reset handshake. In the longer
term, we should clean up the way this state is handled.
It's not entirely clear but it seems likely that this issue was
introduced by my rework of the error handling, prior to that it
would've been synchronous at that point and (I think) not have
attempted to reset since it was already doing down.
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219967
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219968
Closes: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/128
Fixes: 7391b2a4f7db ("wifi: iwlwifi: rework firmware error handling")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Oleksandr Natalenko <oleksandr@natalenko.name>
---
drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c
@@ -147,8 +147,14 @@ static void _iwl_trans_pcie_gen2_stop_de
return;
if (trans->state >= IWL_TRANS_FW_STARTED &&
- trans_pcie->fw_reset_handshake)
+ trans_pcie->fw_reset_handshake) {
+ /*
+ * Reset handshake can dump firmware on timeout, but that
+ * should assume that the firmware is already dead.
+ */
+ trans->state = IWL_TRANS_NO_FW;
iwl_trans_pcie_fw_reset_handshake(trans);
+ }
trans_pcie->is_down = true;

40
debian/patches/patchset-pf/fixes/0009-wifi-ath12k-Abort-scan-before-removing-link-interfac.patch vendored Normal file
View File

@@ -0,0 +1,40 @@
From d3140c22ed2bc3c98dcf251659d78572e154a993 Mon Sep 17 00:00:00 2001
From: Lingbo Kong <quic_lingbok@quicinc.com>
Date: Wed, 26 Feb 2025 19:31:18 +0800
Subject: wifi: ath12k: Abort scan before removing link interface to prevent
duplicate deletion
Currently, when ath12k performs the remove link interface operation, if
there is an ongoing scan operation on the arvif, ath12k may execute the
remove link interface operation multiple times on the same arvif. This
occurs because, during the remove link operation, if a scan operation is
present on the arvif, ath12k may receive a WMI_SCAN_EVENT_COMPLETED event
from the firmware. Upon receiving this event, ath12k will continue to
execute the ath12k_scan_vdev_clean_work() function, performing the remove
link interface operation on the same arvif again.
To address this issue, before executing the remove link interface
operation, ath12k needs to check if there is an ongoing scan operation on
the current arvif. If such an operation exists, it should be aborted.
Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
Signed-off-by: Lingbo Kong <quic_lingbok@quicinc.com>
---
drivers/net/wireless/ath/ath12k/mac.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/net/wireless/ath/ath12k/mac.c
+++ b/drivers/net/wireless/ath/ath12k/mac.c
@@ -9330,6 +9330,11 @@ ath12k_mac_op_unassign_vif_chanctx(struc
ar->num_started_vdevs == 1 && ar->monitor_vdev_created)
ath12k_mac_monitor_stop(ar);
+ if (ar->scan.arvif == arvif && ar->scan.state == ATH12K_SCAN_RUNNING) {
+ ath12k_scan_abort(ar);
+ ar->scan.arvif = NULL;
+ }
+
ath12k_mac_remove_link_interface(hw, arvif);
ath12k_mac_unassign_link_vif(arvif);
}

49
debian/patches/patchset-pf/fixes/0010-Kconfig-switch-CONFIG_SYSFS_SYCALL-default-to-n.patch vendored Normal file
View File

@@ -0,0 +1,49 @@
From fa165a32074fba27286cc9d2464a647642ad6bc7 Mon Sep 17 00:00:00 2001
From: Christian Brauner <brauner@kernel.org>
Date: Tue, 15 Apr 2025 10:22:04 +0200
Subject: Kconfig: switch CONFIG_SYSFS_SYCALL default to n
This odd system call will be removed in the future. Let's decouple it
from CONFIG_EXPERT and switch the default to n as a first step.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
init/Kconfig | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1600,6 +1600,16 @@ config SYSCTL_ARCH_UNALIGN_ALLOW
the unaligned access emulation.
see arch/parisc/kernel/unaligned.c for reference
+config SYSFS_SYSCALL
+ bool "Sysfs syscall support"
+ default n
+ help
+ sys_sysfs is an obsolete system call no longer supported in libc.
+ Note that disabling this option is more secure but might break
+ compatibility with some systems.
+
+ If unsure say N here.
+
config HAVE_PCSPKR_PLATFORM
bool
@@ -1644,16 +1654,6 @@ config SGETMASK_SYSCALL
If unsure, leave the default option here.
-config SYSFS_SYSCALL
- bool "Sysfs syscall support" if EXPERT
- default y
- help
- sys_sysfs is an obsolete system call no longer supported in libc.
- Note that disabling this option is more secure but might break
- compatibility with some systems.
-
- If unsure say Y here.
-
config FHANDLE
bool "open by fhandle syscalls" if EXPERT
select EXPORTFS

207
debian/patches/patchset-pf/fuse/0001-fuse-io-uring-Fix-a-possible-req-cancellation-race.patch vendored
View File

@@ -1,207 +0,0 @@
From 6e7ac63c4c4a8fe7c66f856f4091d9b20899f167 Mon Sep 17 00:00:00 2001
From: Bernd Schubert <bschubert@ddn.com>
Date: Tue, 25 Mar 2025 18:29:31 +0100
Subject: fuse: {io-uring} Fix a possible req cancellation race
task-A (application) might be in request_wait_answer and
try to remove the request when it has FR_PENDING set.
task-B (a fuse-server io-uring task) might handle this
request with FUSE_IO_URING_CMD_COMMIT_AND_FETCH, when
fetching the next request and accessed the req from
the pending list in fuse_uring_ent_assign_req().
That code path was not protected by fiq->lock and so
might race with task-A.
For scaling reasons we better don't use fiq->lock, but
add a handler to remove canceled requests from the queue.
This also removes usage of fiq->lock from
fuse_uring_add_req_to_ring_ent() altogether, as it was
there just to protect against this race and incomplete.
Also added is a comment why FR_PENDING is not cleared.
Fixes: c090c8abae4b ("fuse: Add io-uring sqe commit and fetch support")
Cc: <stable@vger.kernel.org> # v6.14
Reported-by: Joanne Koong <joannelkoong@gmail.com>
Closes: https://lore.kernel.org/all/CAJnrk1ZgHNb78dz-yfNTpxmW7wtT88A=m-zF0ZoLXKLUHRjNTw@mail.gmail.com/
Signed-off-by: Bernd Schubert <bschubert@ddn.com>
Reviewed-by: Joanne Koong <joannelkoong@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
---
fs/fuse/dev.c | 34 +++++++++++++++++++++++++---------
fs/fuse/dev_uring.c | 15 +++++++++++----
fs/fuse/dev_uring_i.h | 6 ++++++
fs/fuse/fuse_dev_i.h | 1 +
fs/fuse/fuse_i.h | 3 +++
5 files changed, 46 insertions(+), 13 deletions(-)
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -407,6 +407,24 @@ static int queue_interrupt(struct fuse_r
return 0;
}
+bool fuse_remove_pending_req(struct fuse_req *req, spinlock_t *lock)
+{
+ spin_lock(lock);
+ if (test_bit(FR_PENDING, &req->flags)) {
+ /*
+ * FR_PENDING does not get cleared as the request will end
+ * up in destruction anyway.
+ */
+ list_del(&req->list);
+ spin_unlock(lock);
+ __fuse_put_request(req);
+ req->out.h.error = -EINTR;
+ return true;
+ }
+ spin_unlock(lock);
+ return false;
+}
+
static void request_wait_answer(struct fuse_req *req)
{
struct fuse_conn *fc = req->fm->fc;
@@ -428,22 +446,20 @@ static void request_wait_answer(struct f
}
if (!test_bit(FR_FORCE, &req->flags)) {
+ bool removed;
+
/* Only fatal signals may interrupt this */
err = wait_event_killable(req->waitq,
test_bit(FR_FINISHED, &req->flags));
if (!err)
return;
- spin_lock(&fiq->lock);
- /* Request is not yet in userspace, bail out */
- if (test_bit(FR_PENDING, &req->flags)) {
- list_del(&req->list);
- spin_unlock(&fiq->lock);
- __fuse_put_request(req);
- req->out.h.error = -EINTR;
+ if (test_bit(FR_URING, &req->flags))
+ removed = fuse_uring_remove_pending_req(req);
+ else
+ removed = fuse_remove_pending_req(req, &fiq->lock);
+ if (removed)
return;
- }
- spin_unlock(&fiq->lock);
}
/*
--- a/fs/fuse/dev_uring.c
+++ b/fs/fuse/dev_uring.c
@@ -726,8 +726,6 @@ static void fuse_uring_add_req_to_ring_e
struct fuse_req *req)
{
struct fuse_ring_queue *queue = ent->queue;
- struct fuse_conn *fc = req->fm->fc;
- struct fuse_iqueue *fiq = &fc->iq;
lockdep_assert_held(&queue->lock);
@@ -737,9 +735,7 @@ static void fuse_uring_add_req_to_ring_e
ent->state);
}
- spin_lock(&fiq->lock);
clear_bit(FR_PENDING, &req->flags);
- spin_unlock(&fiq->lock);
ent->fuse_req = req;
ent->state = FRRS_FUSE_REQ;
list_move(&ent->list, &queue->ent_w_req_queue);
@@ -1238,6 +1234,8 @@ void fuse_uring_queue_fuse_req(struct fu
if (unlikely(queue->stopped))
goto err_unlock;
+ set_bit(FR_URING, &req->flags);
+ req->ring_queue = queue;
ent = list_first_entry_or_null(&queue->ent_avail_queue,
struct fuse_ring_ent, list);
if (ent)
@@ -1276,6 +1274,8 @@ bool fuse_uring_queue_bq_req(struct fuse
return false;
}
+ set_bit(FR_URING, &req->flags);
+ req->ring_queue = queue;
list_add_tail(&req->list, &queue->fuse_req_bg_queue);
ent = list_first_entry_or_null(&queue->ent_avail_queue,
@@ -1306,6 +1306,13 @@ bool fuse_uring_queue_bq_req(struct fuse
return true;
}
+bool fuse_uring_remove_pending_req(struct fuse_req *req)
+{
+ struct fuse_ring_queue *queue = req->ring_queue;
+
+ return fuse_remove_pending_req(req, &queue->lock);
+}
+
static const struct fuse_iqueue_ops fuse_io_uring_ops = {
/* should be send over io-uring as enhancement */
.send_forget = fuse_dev_queue_forget,
--- a/fs/fuse/dev_uring_i.h
+++ b/fs/fuse/dev_uring_i.h
@@ -142,6 +142,7 @@ void fuse_uring_abort_end_requests(struc
int fuse_uring_cmd(struct io_uring_cmd *cmd, unsigned int issue_flags);
void fuse_uring_queue_fuse_req(struct fuse_iqueue *fiq, struct fuse_req *req);
bool fuse_uring_queue_bq_req(struct fuse_req *req);
+bool fuse_uring_remove_pending_req(struct fuse_req *req);
static inline void fuse_uring_abort(struct fuse_conn *fc)
{
@@ -199,6 +200,11 @@ static inline bool fuse_uring_ready(stru
{
return false;
}
+
+static inline bool fuse_uring_remove_pending_req(struct fuse_req *req)
+{
+ return false;
+}
#endif /* CONFIG_FUSE_IO_URING */
--- a/fs/fuse/fuse_dev_i.h
+++ b/fs/fuse/fuse_dev_i.h
@@ -61,6 +61,7 @@ int fuse_copy_out_args(struct fuse_copy_
void fuse_dev_queue_forget(struct fuse_iqueue *fiq,
struct fuse_forget_link *forget);
void fuse_dev_queue_interrupt(struct fuse_iqueue *fiq, struct fuse_req *req);
+bool fuse_remove_pending_req(struct fuse_req *req, spinlock_t *lock);
#endif
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -378,6 +378,7 @@ struct fuse_io_priv {
* FR_FINISHED: request is finished
* FR_PRIVATE: request is on private list
* FR_ASYNC: request is asynchronous
+ * FR_URING: request is handled through fuse-io-uring
*/
enum fuse_req_flag {
FR_ISREPLY,
@@ -392,6 +393,7 @@ enum fuse_req_flag {
FR_FINISHED,
FR_PRIVATE,
FR_ASYNC,
+ FR_URING,
};
/**
@@ -441,6 +443,7 @@ struct fuse_req {
#ifdef CONFIG_FUSE_IO_URING
void *ring_entry;
+ void *ring_queue;
#endif
};

30
debian/patches/patchset-pf/fuse/0001-virtiofs-add-filesystem-context-source-name-check.patch vendored Normal file
View File

@@ -0,0 +1,30 @@
From bd6633c0e527dbcf6b52d3b34b49a980b125c866 Mon Sep 17 00:00:00 2001
From: Xiangsheng Hou <xiangsheng.hou@mediatek.com>
Date: Mon, 7 Apr 2025 19:50:49 +0800
Subject: virtiofs: add filesystem context source name check
In certain scenarios, for example, during fuzz testing, the source
name may be NULL, which could lead to a kernel panic. Therefore, an
extra check for the source name should be added.
Fixes: a62a8ef9d97d ("virtio-fs: add virtiofs filesystem")
Cc: <stable@vger.kernel.org> # all LTS kernels
Signed-off-by: Xiangsheng Hou <xiangsheng.hou@mediatek.com>
Link: https://lore.kernel.org/20250407115111.25535-1-xiangsheng.hou@mediatek.com
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
fs/fuse/virtio_fs.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/fuse/virtio_fs.c
+++ b/fs/fuse/virtio_fs.c
@@ -1670,6 +1670,9 @@ static int virtio_fs_get_tree(struct fs_
unsigned int virtqueue_size;
int err = -EIO;
+ if (!fsc->source)
+ return invalf(fsc, "No source specified");
+
/* This gets a reference on virtio_fs object. This ptr gets installed
* in fc->iq->priv. Once fuse_conn is going away, it calls ->put()
* to drop the reference to this object.

37
debian/patches/patchset-pf/smb/0001-cifs-avoid-NULL-pointer-dereference-in-dbg-call.patch vendored
View File

@@ -1,37 +0,0 @@
From c78ab32399be35eed11e986293804eab75bfbe21 Mon Sep 17 00:00:00 2001
From: Alexandra Diupina <adiupina@astralinux.ru>
Date: Wed, 19 Mar 2025 17:28:58 +0300
Subject: cifs: avoid NULL pointer dereference in dbg call
cifs_server_dbg() implies server to be non-NULL so
move call under condition to avoid NULL pointer dereference.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: e79b0332ae06 ("cifs: ignore cached share root handle closing errors")
Cc: stable@vger.kernel.org
Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
fs/smb/client/smb2misc.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/fs/smb/client/smb2misc.c
+++ b/fs/smb/client/smb2misc.c
@@ -816,11 +816,12 @@ smb2_handle_cancelled_close(struct cifs_
WARN_ONCE(tcon->tc_count < 0, "tcon refcount is negative");
spin_unlock(&cifs_tcp_ses_lock);
- if (tcon->ses)
+ if (tcon->ses) {
server = tcon->ses->server;
-
- cifs_server_dbg(FYI, "tid=0x%x: tcon is closing, skipping async close retry of fid %llu %llu\n",
- tcon->tid, persistent_fid, volatile_fid);
+ cifs_server_dbg(FYI,
+ "tid=0x%x: tcon is closing, skipping async close retry of fid %llu %llu\n",
+ tcon->tid, persistent_fid, volatile_fid);
+ }
return 0;
}

33
debian/patches/patchset-pf/smb/0001-ksmbd-Fix-dangling-pointer-in-krb_authenticate.patch vendored Normal file
View File

@@ -0,0 +1,33 @@
From c3eedd3e0d50a748c6c520ba00377aba8150c713 Mon Sep 17 00:00:00 2001
From: Sean Heelan <seanheelan@gmail.com>
Date: Mon, 7 Apr 2025 11:26:50 +0000
Subject: ksmbd: Fix dangling pointer in krb_authenticate
krb_authenticate frees sess->user and does not set the pointer
to NULL. It calls ksmbd_krb5_authenticate to reinitialise
sess->user but that function may return without doing so. If
that happens then smb2_sess_setup, which calls krb_authenticate,
will be accessing free'd memory when it later uses sess->user.
Cc: stable@vger.kernel.org
Signed-off-by: Sean Heelan <seanheelan@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
fs/smb/server/smb2pdu.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -1602,8 +1602,10 @@ static int krb5_authenticate(struct ksmb
if (prev_sess_id && prev_sess_id != sess->id)
destroy_previous_session(conn, sess->user, prev_sess_id);
- if (sess->state == SMB2_SESSION_VALID)
+ if (sess->state == SMB2_SESSION_VALID) {
ksmbd_free_user(sess->user);
+ sess->user = NULL;
+ }
retval = ksmbd_krb5_authenticate(sess, in_blob, in_len,
out_blob, &out_len);

59
debian/patches/patchset-pf/smb/0002-CIFS-Propagate-min-offload-along-with-other-paramete.patch vendored
View File

@@ -1,59 +0,0 @@
From 53f2beb3fafc1395f502390f04ad876a0dd2102d Mon Sep 17 00:00:00 2001
From: Aman <aman1@microsoft.com>
Date: Thu, 6 Mar 2025 17:46:43 +0000
Subject: CIFS: Propagate min offload along with other parameters from primary
to secondary channels.
In a multichannel setup, it was observed that a few fields were not being
copied over to the secondary channels, which impacted performance in cases
where these options were relevant but not properly synchronized. To address
this, this patch introduces copying the following parameters from the
primary channel to the secondary channels:
- min_offload
- compression.requested
- dfs_conn
- ignore_signature
- leaf_fullpath
- noblockcnt
- retrans
- sign
By copying these parameters, we ensure consistency across channels and
prevent performance degradation due to missing or outdated settings.
Cc: stable@vger.kernel.org
Signed-off-by: Aman <aman1@microsoft.com>
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
fs/smb/client/connect.c | 1 +
fs/smb/client/sess.c | 7 +++++++
2 files changed, 8 insertions(+)
--- a/fs/smb/client/connect.c
+++ b/fs/smb/client/connect.c
@@ -1677,6 +1677,7 @@ cifs_get_tcp_session(struct smb3_fs_cont
/* Grab netns reference for this server. */
cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns));
+ tcp_ses->sign = ctx->sign;
tcp_ses->conn_id = atomic_inc_return(&tcpSesNextId);
tcp_ses->noblockcnt = ctx->rootfs;
tcp_ses->noblocksnd = ctx->noblocksnd || ctx->rootfs;
--- a/fs/smb/client/sess.c
+++ b/fs/smb/client/sess.c
@@ -522,6 +522,13 @@ cifs_ses_add_channel(struct cifs_ses *se
ctx->sockopt_tcp_nodelay = ses->server->tcp_nodelay;
ctx->echo_interval = ses->server->echo_interval / HZ;
ctx->max_credits = ses->server->max_credits;
+ ctx->min_offload = ses->server->min_offload;
+ ctx->compress = ses->server->compression.requested;
+ ctx->dfs_conn = ses->server->dfs_conn;
+ ctx->ignore_signature = ses->server->ignore_signature;
+ ctx->leaf_fullpath = ses->server->leaf_fullpath;
+ ctx->rootfs = ses->server->noblockcnt;
+ ctx->retrans = ses->server->retrans;
/*
* This will be used for encoding/decoding user/domain/pw

76
debian/patches/patchset-pf/smb/0002-ksmbd-fix-use-after-free-in-__smb2_lease_break_noti.patch vendored Normal file
View File

@@ -0,0 +1,76 @@
From 1932e1bb8624ec520da5f61e3f5bbdd16b9f320d Mon Sep 17 00:00:00 2001
From: Namjae Jeon <linkinjeon@kernel.org>
Date: Fri, 11 Apr 2025 15:19:46 +0900
Subject: ksmbd: fix use-after-free in __smb2_lease_break_noti()
Move tcp_transport free to ksmbd_conn_free. If ksmbd connection is
referenced when ksmbd server thread terminates, It will not be freed,
but conn->tcp_transport is freed. __smb2_lease_break_noti can be performed
asynchronously when the connection is disconnected. __smb2_lease_break_noti
calls ksmbd_conn_write, which can cause use-after-free
when conn->ksmbd_transport is already freed.
Cc: stable@vger.kernel.org
Reported-by: Norbert Szetei <norbert@doyensec.com>
Tested-by: Norbert Szetei <norbert@doyensec.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
fs/smb/server/connection.c | 4 +++-
fs/smb/server/transport_tcp.c | 14 +++++++++-----
fs/smb/server/transport_tcp.h | 1 +
3 files changed, 13 insertions(+), 6 deletions(-)
--- a/fs/smb/server/connection.c
+++ b/fs/smb/server/connection.c
@@ -39,8 +39,10 @@ void ksmbd_conn_free(struct ksmbd_conn *
xa_destroy(&conn->sessions);
kvfree(conn->request_buf);
kfree(conn->preauth_info);
- if (atomic_dec_and_test(&conn->refcnt))
+ if (atomic_dec_and_test(&conn->refcnt)) {
+ ksmbd_free_transport(conn->transport);
kfree(conn);
+ }
}
/**
--- a/fs/smb/server/transport_tcp.c
+++ b/fs/smb/server/transport_tcp.c
@@ -93,17 +93,21 @@ static struct tcp_transport *alloc_trans
return t;
}
-static void free_transport(struct tcp_transport *t)
+void ksmbd_free_transport(struct ksmbd_transport *kt)
{
- kernel_sock_shutdown(t->sock, SHUT_RDWR);
- sock_release(t->sock);
- t->sock = NULL;
+ struct tcp_transport *t = TCP_TRANS(kt);
- ksmbd_conn_free(KSMBD_TRANS(t)->conn);
+ sock_release(t->sock);
kfree(t->iov);
kfree(t);
}
+static void free_transport(struct tcp_transport *t)
+{
+ kernel_sock_shutdown(t->sock, SHUT_RDWR);
+ ksmbd_conn_free(KSMBD_TRANS(t)->conn);
+}
+
/**
* kvec_array_init() - initialize a IO vector segment
* @new: IO vector to be initialized
--- a/fs/smb/server/transport_tcp.h
+++ b/fs/smb/server/transport_tcp.h
@@ -8,6 +8,7 @@
int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz);
struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name);
+void ksmbd_free_transport(struct ksmbd_transport *kt);
int ksmbd_tcp_init(void);
void ksmbd_tcp_destroy(void);

36
debian/patches/patchset-pf/smb/0003-cifs-fix-integer-overflow-in-match_server.patch vendored
View File

@@ -1,36 +0,0 @@
From 6b8b436fbb92dff7d6bc8d6c977b01814a541ec0 Mon Sep 17 00:00:00 2001
From: Roman Smirnov <r.smirnov@omp.ru>
Date: Mon, 31 Mar 2025 11:22:49 +0300
Subject: cifs: fix integer overflow in match_server()
The echo_interval is not limited in any way during mounting,
which makes it possible to write a large number to it. This can
cause an overflow when multiplying ctx->echo_interval by HZ in
match_server().
Add constraints for echo_interval to smb3_fs_context_parse_param().
Found by Linux Verification Center (linuxtesting.org) with Svace.
Fixes: adfeb3e00e8e1 ("cifs: Make echo interval tunable")
Cc: stable@vger.kernel.org
Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
fs/smb/client/fs_context.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/fs/smb/client/fs_context.c
+++ b/fs/smb/client/fs_context.c
@@ -1377,6 +1377,11 @@ static int smb3_fs_context_parse_param(s
ctx->closetimeo = HZ * result.uint_32;
break;
case Opt_echo_interval:
+ if (result.uint_32 < SMB_ECHO_INTERVAL_MIN ||
+ result.uint_32 > SMB_ECHO_INTERVAL_MAX) {
+ cifs_errorf(fc, "echo interval is out of bounds\n");
+ goto cifs_parse_mount_err;
+ }
ctx->echo_interval = result.uint_32;
break;
case Opt_snapshot:

124
debian/patches/patchset-pf/smb/0003-ksmbd-fix-use-after-free-in-smb_break_all_levII_oplo.patch vendored Normal file
View File

@@ -0,0 +1,124 @@
From 67437a4c66847a82ab538705b932144d4af28f4b Mon Sep 17 00:00:00 2001
From: Namjae Jeon <linkinjeon@kernel.org>
Date: Tue, 15 Apr 2025 09:30:21 +0900
Subject: ksmbd: fix use-after-free in smb_break_all_levII_oplock()
There is a room in smb_break_all_levII_oplock that can cause racy issues
when unlocking in the middle of the loop. This patch use read lock
to protect whole loop.
Cc: stable@vger.kernel.org
Reported-by: Norbert Szetei <norbert@doyensec.com>
Tested-by: Norbert Szetei <norbert@doyensec.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
fs/smb/server/oplock.c | 29 +++++++++--------------------
fs/smb/server/oplock.h | 1 -
2 files changed, 9 insertions(+), 21 deletions(-)
--- a/fs/smb/server/oplock.c
+++ b/fs/smb/server/oplock.c
@@ -129,14 +129,6 @@ static void free_opinfo(struct oplock_in
kfree(opinfo);
}
-static inline void opinfo_free_rcu(struct rcu_head *rcu_head)
-{
- struct oplock_info *opinfo;
-
- opinfo = container_of(rcu_head, struct oplock_info, rcu_head);
- free_opinfo(opinfo);
-}
-
struct oplock_info *opinfo_get(struct ksmbd_file *fp)
{
struct oplock_info *opinfo;
@@ -157,8 +149,8 @@ static struct oplock_info *opinfo_get_li
if (list_empty(&ci->m_op_list))
return NULL;
- rcu_read_lock();
- opinfo = list_first_or_null_rcu(&ci->m_op_list, struct oplock_info,
+ down_read(&ci->m_lock);
+ opinfo = list_first_entry(&ci->m_op_list, struct oplock_info,
op_entry);
if (opinfo) {
if (opinfo->conn == NULL ||
@@ -171,8 +163,7 @@ static struct oplock_info *opinfo_get_li
}
}
}
-
- rcu_read_unlock();
+ up_read(&ci->m_lock);
return opinfo;
}
@@ -185,7 +176,7 @@ void opinfo_put(struct oplock_info *opin
if (!atomic_dec_and_test(&opinfo->refcount))
return;
- call_rcu(&opinfo->rcu_head, opinfo_free_rcu);
+ free_opinfo(opinfo);
}
static void opinfo_add(struct oplock_info *opinfo)
@@ -193,7 +184,7 @@ static void opinfo_add(struct oplock_inf
struct ksmbd_inode *ci = opinfo->o_fp->f_ci;
down_write(&ci->m_lock);
- list_add_rcu(&opinfo->op_entry, &ci->m_op_list);
+ list_add(&opinfo->op_entry, &ci->m_op_list);
up_write(&ci->m_lock);
}
@@ -207,7 +198,7 @@ static void opinfo_del(struct oplock_inf
write_unlock(&lease_list_lock);
}
down_write(&ci->m_lock);
- list_del_rcu(&opinfo->op_entry);
+ list_del(&opinfo->op_entry);
up_write(&ci->m_lock);
}
@@ -1347,8 +1338,8 @@ void smb_break_all_levII_oplock(struct k
ci = fp->f_ci;
op = opinfo_get(fp);
- rcu_read_lock();
- list_for_each_entry_rcu(brk_op, &ci->m_op_list, op_entry) {
+ down_read(&ci->m_lock);
+ list_for_each_entry(brk_op, &ci->m_op_list, op_entry) {
if (brk_op->conn == NULL)
continue;
@@ -1358,7 +1349,6 @@ void smb_break_all_levII_oplock(struct k
if (ksmbd_conn_releasing(brk_op->conn))
continue;
- rcu_read_unlock();
if (brk_op->is_lease && (brk_op->o_lease->state &
(~(SMB2_LEASE_READ_CACHING_LE |
SMB2_LEASE_HANDLE_CACHING_LE)))) {
@@ -1388,9 +1378,8 @@ void smb_break_all_levII_oplock(struct k
oplock_break(brk_op, SMB2_OPLOCK_LEVEL_NONE, NULL);
next:
opinfo_put(brk_op);
- rcu_read_lock();
}
- rcu_read_unlock();
+ up_read(&ci->m_lock);
if (op)
opinfo_put(op);
--- a/fs/smb/server/oplock.h
+++ b/fs/smb/server/oplock.h
@@ -71,7 +71,6 @@ struct oplock_info {
struct list_head lease_entry;
wait_queue_head_t oplock_q; /* Other server threads */
wait_queue_head_t oplock_brk; /* oplock breaking wait */
- struct rcu_head rcu_head;
};
struct lease_break_info {

31
debian/patches/patchset-pf/smb/0004-ksmbd-fix-the-warning-from-__kernel_write_iter.patch vendored Normal file
View File

@@ -0,0 +1,31 @@
From d9f3fc321672406f959334509a88296187994c5a Mon Sep 17 00:00:00 2001
From: Namjae Jeon <linkinjeon@kernel.org>
Date: Tue, 15 Apr 2025 09:31:08 +0900
Subject: ksmbd: fix the warning from __kernel_write_iter
[ 2110.972290] ------------[ cut here ]------------
[ 2110.972301] WARNING: CPU: 3 PID: 735 at fs/read_write.c:599 __kernel_write_iter+0x21b/0x280
This patch doesn't allow writing to directory.
Cc: stable@vger.kernel.org
Reported-by: Norbert Szetei <norbert@doyensec.com>
Tested-by: Norbert Szetei <norbert@doyensec.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
fs/smb/server/vfs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/smb/server/vfs.c
+++ b/fs/smb/server/vfs.c
@@ -496,7 +496,8 @@ int ksmbd_vfs_write(struct ksmbd_work *w
int err = 0;
if (work->conn->connection_type) {
- if (!(fp->daccess & (FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE))) {
+ if (!(fp->daccess & (FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE)) ||
+ S_ISDIR(file_inode(fp->filp)->i_mode)) {
pr_err("no right to write(%pD)\n", fp->filp);
err = -EACCES;
goto out;

43
debian/patches/patchset-pf/smb/0005-ksmbd-Prevent-integer-overflow-in-calculation-of-dea.patch vendored Normal file
View File

@@ -0,0 +1,43 @@
From adbf65091f5ac103ae5339bd49549b147906a0c0 Mon Sep 17 00:00:00 2001
From: Denis Arefev <arefev@swemel.ru>
Date: Wed, 9 Apr 2025 12:04:49 +0300
Subject: ksmbd: Prevent integer overflow in calculation of deadtime
The user can set any value for 'deadtime'. This affects the arithmetic
expression 'req->deadtime * SMB_ECHO_INTERVAL', which is subject to
overflow. The added check makes the server behavior more predictable.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers")
Cc: stable@vger.kernel.org
Signed-off-by: Denis Arefev <arefev@swemel.ru>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
fs/smb/server/transport_ipc.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/fs/smb/server/transport_ipc.c
+++ b/fs/smb/server/transport_ipc.c
@@ -310,7 +310,11 @@ static int ipc_server_config_on_startup(
server_conf.signing = req->signing;
server_conf.tcp_port = req->tcp_port;
server_conf.ipc_timeout = req->ipc_timeout * HZ;
- server_conf.deadtime = req->deadtime * SMB_ECHO_INTERVAL;
+ if (check_mul_overflow(req->deadtime, SMB_ECHO_INTERVAL,
+ &server_conf.deadtime)) {
+ ret = -EINVAL;
+ goto out;
+ }
server_conf.share_fake_fscaps = req->share_fake_fscaps;
ksmbd_init_domain(req->sub_auth);
@@ -337,6 +341,7 @@ static int ipc_server_config_on_startup(
server_conf.bind_interfaces_only = req->bind_interfaces_only;
ret |= ksmbd_tcp_set_interfaces(KSMBD_STARTUP_CONFIG_INTERFACES(req),
req->ifc_list_sz);
+out:
if (ret) {
pr_err("Server configuration error: %s %s %s\n",
req->netbios_name, req->server_string,

2
debian/patches/patchset-pf/zstd/0001-zstd-import-upstream-v1.5.7.patch vendored
View File

@@ -4262,7 +4262,7 @@ Signed-off-by: Oleksandr Natalenko <oleksandr@natalenko.name>
- #if ((defined(__clang__) && __has_attribute(__target__)) \
+# if ((defined(__clang__) && __has_attribute(__target__)) \
|| (defined(__GNUC__) \
&& (__GNUC__ >= 5 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 8)))) \
&& (__GNUC__ >= 11))) \
- && (defined(__x86_64__) || defined(_M_X64)) \
+ && (defined(__i386__) || defined(__x86_64__) || defined(_M_IX86) || defined(_M_X64)) \
&& !defined(__BMI2__)